On Fri, 8 Sep 2023, Jan Beulich wrote: > On 08.09.2023 02:20, Stefano Stabellini wrote: > > On Fri, 1 Sep 2023, Nicola Vetrini wrote: > >> +Documentation for MISRA C:2012 Dir 4.1: read from uninitialized allocated > >> object > >> +________________________________________________________________________________ > >> + > >> +To be written. > >> +Example: > >> +The code does not use dynamically allocated storage. > > > > We do use dynamically allocated storage with xzalloc but xzalloc > > initializes the object to zero > > Just at the example of this: I'm not sure in how far the examples given > were actually meant to (remotely) apply to our code base.
I thought they were generic examples as Nicola later confirmed. But surprisingly many of them apply to our code base. I tried to highlight the ones that are obviously wrong. > As to your reply - there's also xmalloc() which doesn't, and the page > allocator, and other more specialized ones. Yes my reply was wrong in this case: I vastly underestimated the amount of callers to xmalloc() that we have (and I grepped wrongly). I think we should say instead: The amount of dynamically allocated objects is limited at runtime in static configurations. We make sure to initialize dynamically allocated objects before reading them, and we utilize static analysis tools to help check for that.
