[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] misra: tailor the definition of Rule 12.2 to C standard types

On Wed, 16 Jul 2025, Dmytro Prokopchuk1 wrote:
> From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
> 
> The definition of MISRA C Rule 12.2 ("The right hand operand of a shift
> operator shall lie in the range zero to one less than the width in bits
> of the essential type of the left hand operand") is concerned with the
> essential type of an expression, while the C Undefined Behaviour is
> related to C standard types, which may be wider but not narrower than
> the MISRA C essential type. For this reason, it is safe to consider the
> C standard type, rather than the essential type when checking the rule.
> 
> To avoid regressions, tag the rule as clean and add it to the
> monitored set.
> 
> Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>

Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>


> ---
>  automation/eclair_analysis/ECLAIR/deviations.ecl | 8 ++++++++
>  automation/eclair_analysis/ECLAIR/monitored.ecl  | 1 +
>  automation/eclair_analysis/ECLAIR/tagging.ecl    | 1 +
>  docs/misra/deviations.rst                        | 8 ++++++++
>  4 files changed, 18 insertions(+)
> 
> diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl 
> b/automation/eclair_analysis/ECLAIR/deviations.ecl
> index 8504e850c1..483507e7b9 100644
> --- a/automation/eclair_analysis/ECLAIR/deviations.ecl
> +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
> @@ -413,6 +413,14 @@ write or not"
>  }
>  -doc_end
>  
> +#
> +# Series 12
> +#
> +
> +-doc_begin="Consider the C standard type instead of the essential type for 
> the purposes of determining the width in bits of the operand."
> +-config=MC3A2.R12.2,out_of_bounds=negative_or_too_big_for_type
> +-doc_end
> +
>  #
>  # Series 13
>  #
> diff --git a/automation/eclair_analysis/ECLAIR/monitored.ecl 
> b/automation/eclair_analysis/ECLAIR/monitored.ecl
> index e2ad224d79..00bff9edbe 100644
> --- a/automation/eclair_analysis/ECLAIR/monitored.ecl
> +++ b/automation/eclair_analysis/ECLAIR/monitored.ecl
> @@ -48,6 +48,7 @@
>  -enable=MC3A2.R11.7
>  -enable=MC3A2.R11.8
>  -enable=MC3A2.R11.9
> +-enable=MC3A2.R12.2
>  -enable=MC3A2.R12.5
>  -enable=MC3A2.R13.1
>  -enable=MC3A2.R13.2
> diff --git a/automation/eclair_analysis/ECLAIR/tagging.ecl 
> b/automation/eclair_analysis/ECLAIR/tagging.ecl
> index f39beced9b..879485b680 100644
> --- a/automation/eclair_analysis/ECLAIR/tagging.ecl
> +++ b/automation/eclair_analysis/ECLAIR/tagging.ecl
> @@ -63,6 +63,7 @@ MC3A2.R11.2||
>  MC3A2.R11.6||
>  MC3A2.R11.7||
>  MC3A2.R11.9||
> +MC3A2.R12.2||
>  MC3A2.R12.5||
>  MC3A2.R13.2||
>  MC3A2.R13.6||
> diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
> index 620e97f0bd..e78179fcb8 100644
> --- a/docs/misra/deviations.rst
> +++ b/docs/misra/deviations.rst
> @@ -386,6 +386,14 @@ Deviations related to MISRA C:2012 Rules:
>         integers for this purpose is allowed.
>       - Tagged as `deliberate` for ECLAIR.
>  
> +   * - R12.2
> +     - The width in bits of the C standard type is considered instead of
> +       the width of the essential type of the left-hand operand of a shift
> +       operator. This is safe because the occurrence of Undefined Behavior
> +       only relates to the width of the C standard type, which is possibly
> +       wider than its essential type.
> +     - Project-wide deviation.
> +
>     * - R13.5
>       - All developers and reviewers can be safely assumed to be well aware of
>         the short-circuit evaluation strategy for logical operators.
> -- 
> 2.43.0
>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.