ECLAIR reports a non-compliant cast due to the presence of the 'noreturn' attribute in the callee function. The issue occurs when casting a function pointer with the 'noreturn' attribute (void noreturn (*)(void *)) to a general function pointer type (void (*)(void *)).
Configure ECLAIR to treat 'noreturn' attributes as safe in this conversion. Signed-off-by: Dmytro Prokopchuk <dmytro_prokopch...@epam.com> --- Previous discussion thread: https://patchew.org/Xen/181a03d5c7625d42c06cf9fa0cf48a9bc6825361.1753647875.git.dmytro._5fprokopch...@epam.com/ Test CI pipeline: https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/1953370442 --- automation/eclair_analysis/ECLAIR/deviations.ecl | 7 +++++++ docs/misra/deviations.rst | 6 ++++++ docs/misra/rules.rst | 3 ++- 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index 483507e7b9..0e04681c4c 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -367,6 +367,13 @@ constant expressions are required.\"" } -doc_end +-doc_begin="The conversion from 'void noreturn (*)(void *)' to 'void (*)(void *)' is safe +because the semantics of the 'noreturn' attribute do not alter the calling convention or behavior of the resulting code." +-config=MC3A2.R11.1,casts+={safe, + "kind(bitcast)&&to(type(pointer(inner(return(builtin(void))&&all_param(1, pointer(builtin(void)))))))&&from(expr(skip(!syntactic(), + ref(property(noreturn)))))"} +-doc_end + -doc_begin="The conversion from a pointer to an incomplete type to unsigned long does not lose any information, provided that the target type has enough bits to store it." -config=MC3A2.R11.2,casts+={safe, "from(type(any())) diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index e78179fcb8..4e430bb17e 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -342,6 +342,12 @@ Deviations related to MISRA C:2012 Rules: semantics that do not lead to unexpected behaviour. - Tagged as `safe` for ECLAIR. + * - R11.1 + - The conversion from 'void noreturn (*)(void *)' to 'void (*)(void *)' + is safe because the semantics of the 'noreturn' attribute do not alter + the calling convention or behavior of the resulting code. + - Tagged as `safe` for ECLAIR. + * - R11.2 - The conversion from a pointer to an incomplete type to unsigned long does not lose any information, provided that the target type has enough diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst index 3e014a6298..82a26162a9 100644 --- a/docs/misra/rules.rst +++ b/docs/misra/rules.rst @@ -404,7 +404,8 @@ maintainers if you want to suggest a change. function and any other type - All conversions to integer types are permitted if the destination type has enough bits to hold the entire value. Conversions to - bool and void* are permitted. + bool and void* are permitted. Conversions from 'void noreturn (*)(void *)' + to 'void (*)(void *)' are permitted. * - `Rule 11.2 <https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite/-/blob/master/R_11_02.c>`_ - Required -- 2.43.0
