On 2025-07-31 09:15, Jan Beulich wrote:
On 30.07.2025 23:39, Dmytro Prokopchuk1 wrote:
MISRA C Rule 5.5 states that: "Identifiers shall
be distinct from macro names".
Update ECLAIR configuration to deviate clashes:
specify the macros that should be ignored.
Update deviations.rst and rules.rst accordingly.
Signed-off-by: Dmytro Prokopchuk <dmytro_prokopch...@epam.com>
Nit (along the lines of my comments on the other patch): Make better
use of line
capacity here.
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -117,6 +117,16 @@ it defines would (in the common case) be already
defined. Peer reviewed by the c
-config=MC3A2.R5.5,reports+={deliberate,
"any_area(decl(kind(function))||any_loc(macro(name(memcpy||memset||memmove))))&&any_area(any_loc(file(^xen/common/libelf/libelf-private\\.h$)))"}
-doc_end
+-doc_begin="Clashes between bitops function and macro names are
deliberate.
+These macros are needed for input validation and error handling."
+-config=MC3A2.R5.5,ignored_macros+="name(__test_and_set_bit||__test_and_clear_bit||__test_and_change_bit||test_bit||set_bit||clear_bit||change_bit||test_and_set_bit||test_and_clear_bit||test_and_change_bit)"
+-doc_end
I have no idea whether regular expressions could be used here. If so,
shortening
this at least some may be desirable.
It's possible, without using name(_): e.g.,
ignored_macros+="^(__)?test_and_(set|clear|change)?_bit$
+-doc_begin="Clashes between grant table functions and macros names
are deliberate.
+These macros address differences in argument count during
compile-time, effectively discarding unused parameters to avoid
warnings or errors related to them."
+-config=MC3A2.R5.5,ignored_macros+="name(update_gnttab_par||parse_gnttab_limit)"
+-doc_end
No restriction to common/grant_table.c?
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -142,6 +142,28 @@ Deviations related to MISRA C:2012 Rules:
memmove.
- Tagged as `deliberate` for ECLAIR.
+ * - R5.5
+ - Clashes between bitops ('__test_and_set_bit',
'__test_and_clear_bit',
+ '__test_and_change_bit', 'test_bit', 'set_bit', 'clear_bit',
'change_bit',
+ 'test_and_set_bit', 'test_and_clear_bit',
'test_and_change_bit')
+ functions and macros names are deliberate and are needed for
input
Nit: "macro names"
+ validation and error handling, ensures that the size of the
object being
s/ensures/to ensure/ ?
+ pointed to by 'addr' meets the minimum requirements for the
bit operation,
'addr' is pretty meaningless here.
+ preventing unsafe operations on improperly sized data types
that could
+ lead to undefined behavior or memory corruption.
+ The macros encapsulate this conditional logic into a single,
reusable form;
+ which simplifies the code, avoids redundant function call.
What's "redundant" referring to here?
+ Also this bitops API was inherited from Linux and should be
kept for familiarity.
At least this line is clearly beyond 80 chars.
Jan
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
