On 2026-01-02 10:42, Andrew Cooper wrote:
On 31/12/2025 11:22 am, Nicola Vetrini wrote:
diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl
b/automation/eclair_analysis/ECLAIR/deviations.ecl
index 219ba6993b90..7dee4a488d45 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -570,13 +570,11 @@ safe."
# Series 17.
#
--doc_begin="printf()-like functions are allowed to use the variadic
features provided by stdarg.h."
--config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(^.*printk\\(.*\\)$)))"}
--config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(^.*printf\\(.*\\)$)))"}
--config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(panic)&&kind(function))))"}
--config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(elf_call_log_callback)&&kind(function))))"}
--config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(vprintk_common)&&kind(function))))"}
--config=MC3A2.R17.1,macros+={hide , "^va_(arg|start|copy|end)$"}
+-doc_begin="printf()-like or scanf()-like functions are allowed to
use the variadic features provided by stdarg.h,
+provided that they are declared using the `format' attribute."
+-decl_selector+={format_attr, "property(format)"}
+-config=MC3A2.R17.1,reports+={deliberate,
"any_area(^.*va_list.*$&&context(ancestor_or_self(format_attr)))"}
+-config=MC3A2.R17.1,macros+={deliberate ,
"^va_(arg|start|copy|end)$"}
-doc_end
-doc_begin="Not using the return value of a function does not
endanger safety if it coincides with an actual argument."
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index b3431ef24e26..584907b048ec 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -570,8 +570,8 @@ Deviations related to MISRA C:2012 Rules:
- Tagged as `deliberate` for ECLAIR.
* - R17.1
- - printf()-like functions are allowed to use the variadic
features provided
- by `stdarg.h`.
+ - printf()-like or scanf()-like functions are allowed to use the
variadic
+ features provided by `stdarg.h`.
- Tagged as `deliberate` for ECLAIR.
Much nicer. But don't we want to repeat the part about
__attribute__((format(...))) here? After all, that is the
justification
of why it's safer than nothing.
Ok, that would be more accurate for sure. I didn't do that to preserve
the original intention of the deviation, but they are practically
equivalent with the current codebase, so changing the text makes little
difference. I'll tweak that.
~Andrew
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
