From: Nicola Vetrini <nicola.vetrini@bugseng.com>
To: Dmytro Prokopchuk1 <dmytro_prokopchuk1@epam.com>
Cc: xen-devel@lists.xenproject.org,
"Doug Goldstein" <cardoe@cardoe.com>,
"Stefano Stabellini" <sstabellini@kernel.org>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"Anthony PERARD" <anthony.perard@vates.tech>,
"Michal Orzel" <michal.orzel@amd.com>,
"Jan Beulich" <jbeulich@suse.com>,
"Julien Grall" <julien@xen.org>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: Re: [PATCH] misra: add deviation for MISRA C Rule 18.3
Date: Wed, 20 Aug 2025 15:03:11 +0200 [thread overview]
Message-ID: <ff2543e8fe894fbbc1a0b015c80c6d75@bugseng.com> (raw)
In-Reply-To: <901917945f704643e95842a773be9e8676f76d10.1755690681.git.dmytro_prokopchuk1@epam.com>
On 2025-08-20 14:44, Dmytro Prokopchuk1 wrote:
> MISRA C Rule 18.3 states:"The relational operators >, >=, < and <=
> shall
> not be applied to objects of pointer type except where they point into
> the same object."
>
> Comparisons in the 'find_text_region()' function are safe because
> linker
> symbols '_stext' and '_etext' represent fixed virtual addresses within
> the same '.text' region, and the function 'addr' argument is explicitly
> compared to known valid memory bounds ('text_start' and 'text_end')
> derived from these linker symbols:
> if ( (void *)addr >= iter->text_start &&
> (void *)addr < iter->text_end )
>
> Configure Eclair to suppress violation reports occured in the function
> 'find_text_region()'. Update 'deviations.rst' file accordingly.
> No functional changes.
>
> Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@epam.com>
Reviewed-by: Nicola Vetrini <nicola.vetrini@bugseng.com>
with two NITs below:
> ---
> Test CI pipeline:
> https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/1993673043
> ---
> automation/eclair_analysis/ECLAIR/deviations.ecl | 6 ++++++
> docs/misra/deviations.rst | 8 ++++++++
> 2 files changed, 14 insertions(+)
>
> diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl
> b/automation/eclair_analysis/ECLAIR/deviations.ecl
> index 7f3fd35a33..32b596c9da 100644
> --- a/automation/eclair_analysis/ECLAIR/deviations.ecl
> +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
> @@ -590,6 +590,12 @@ C99 Undefined Behaviour 45: Pointers that do not
> point into, or just beyond, the
> -config=MC3A2.R18.2,reports+={safe,
> "any_area(any_loc(any_exp(macro(^page_to_mfn$))))"}
> -doc_end
>
> +-doc_begin="Comparisons in the 'find_text_region()' function are safe
> because linker symbols '_stext' and '_etext' represent fixed
> +virtual addresses within the same '.text' region, and the function
> 'addr' argument is explicitly compared to known valid memory
> +bounds ('text_start' and 'text_end') derived from these linker
> symbols."
Maybe ['text_start', 'text_end') here and below to emphasize that this
is a range?
> +-config=MC3A2.R18.3,reports+={safe,
> "any_area(any_loc(file(^xen/common/virtual_region\\.c$))&&context(name(find_text_region)))"}
> +-doc_end
> +
> -doc_begin="Flexible array members are deliberately used and XEN
> developers are aware of the dangers related to them:
> unexpected result when the structure is given as argument to a
> sizeof() operator and the truncation in assignment between structures."
> -config=MC3A2.R18.7,reports+={deliberate, "any()"}
> diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
> index 2119066531..a726fb22a8 100644
> --- a/docs/misra/deviations.rst
> +++ b/docs/misra/deviations.rst
> @@ -586,6 +586,14 @@ Deviations related to MISRA C:2012 Rules:
> are safe.
> - Tagged as `safe` for ECLAIR.
>
> + * - R18.3
> + - Comparisons in the 'find_text_region()' function are safe
> because
> + linker symbols '_stext' and '_etext' represent fixed virtual
> + addresses within the same '.text' region, and the function
> 'addr'
s/function 'addr' argument/function parameter 'addr'/
> + argument is explicitly compared to known valid memory bounds
> + ('text_start' and 'text_end') derived from these linker
> symbols.
> + - Tagged as `safe` for ECLAIR.
> +
> * - R20.4
> - The override of the keyword \"inline\" in xen/compiler.h is
> present so
> that section contents checks pass when the compiler chooses not
> to
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
next prev parent reply other threads:[~2025-08-20 13:03 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-20 12:44 [PATCH] misra: add deviation for MISRA C Rule 18.3 Dmytro Prokopchuk1
2025-08-20 13:03 ` Nicola Vetrini [this message]
2025-08-21 9:46 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ff2543e8fe894fbbc1a0b015c80c6d75@bugseng.com \
--to=nicola.vetrini@bugseng.com \
--cc=andrew.cooper3@citrix.com \
--cc=anthony.perard@vates.tech \
--cc=cardoe@cardoe.com \
--cc=dmytro_prokopchuk1@epam.com \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=michal.orzel@amd.com \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.