The xen sources contain violations of MISRA C:2012 Rule 11.8 whose
headline states:
"A conversion shall not remove any const, volatile or _Atomic qualification
from the type pointed to by a pointer".
The macro 'container_of' violates the Rule because it casts away any
qualifier to do pointer arithmetic, but making the macro definition compliant
would add additional complexity, therefore a deviation is introduced.
Signed-off-by: Maria Celeste Cesario <maria.celeste.cesario@bugseng.com>
Signed-off-by: Simone Ballarin <simone.ballarin@bugseng.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
# Series 11
#
+-doc_begin="Violations caused by container_of are due to pointer arithmetic operations
+with the provided offset. The resulting pointer is then immediately cast back to its
+original type, which preserves the qualifier. This use is deemed safe.
+Fixing this violation would require to increase code complexity and lower readability."
+-config=MC3R1.R11.8,reports+={safe,"any_area(any_loc(any_exp(macro(^container_of$))))"}
+-doc_end
+
-doc_begin="This construct is used to check if the type is scalar, and for this purpose the use of 0 as a null pointer constant is deliberate."
-config=MC3R1.R11.9,reports+={deliberate, "any_area(any_loc(any_exp(macro(^__ACCESS_ONCE$))))"
}
If no bits are set, 0 is returned.
- Tagged as `safe` for ECLAIR.
+ * - R11.8
+ - Violations caused by container_of are due to pointer arithmetic operations
+ with the provided offset. The resulting pointer is then immediately cast back to its
+ original type, which preserves the qualifier. This use is deemed safe.
+ Fixing this violation would require to increase code complexity and lower readability.
+ - Tagged as `safe` for ECLAIR.
+
* - R11.9
- __ACCESS_ONCE uses an integer, which happens to be zero, as a
compile time check. The typecheck uses a cast. The usage of zero or other
projects / people / andrewcoop / xen.git / commitdiff