MISRA C Rule 2.1 states: "A project shall not contain unreachable code."
The function 'PrintErrMesg()' is implemented to never return control to its caller. At the end of its execution, it calls 'blexit()', which, in turn, invokes '__builtin_unreachable()'. This makes the 'return false;' statement in 'read_file()' function unreachable. Configure Eclair to do not report this violation. Signed-off-by: Dmytro Prokopchuk <dmytro_prokopch...@epam.com> --- Test CI pipeline: https://gitlab.com/xen-project/people/dimaprkp4k/xen/-/pipelines/1991518214 --- automation/eclair_analysis/ECLAIR/deviations.ecl | 4 ++++ docs/misra/deviations.rst | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index 7f3fd35a33..5c262aa5ad 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -41,6 +41,10 @@ not executable, and therefore it is safe for them to be unreachable." -call_properties+={"name(__builtin_unreachable)&&stmt(begin(any_exp(macro(name(ASSERT_UNREACHABLE)))))", {"noreturn(false)"}} -doc_end +-doc_begin="Unreachability caused by the call to the 'PrintErrMesg()' function is deliberate, as it terminates execution, ensuring no control flow continues past this point." +-config=MC3A2.R2.1,reports+={deliberate, "any_area(^.*PrintErrMesg.*$ && any_loc(file(^xen/common/efi/boot\\.c$)))"} +-doc_end + -doc_begin="Proving compliance with respect to Rule 2.2 is generally impossible: see https://arxiv.org/abs/2212.13933 for details. Moreover, peer review gives us confidence that no evidence of errors in the program's logic has been missed due diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index 2119066531..8df3c207ff 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -97,6 +97,13 @@ Deviations related to MISRA C:2012 Rules: Xen expects developers to ensure code remains safe and reliable in builds, even when debug-only assertions like `ASSERT_UNREACHABLE() are removed. + * - R2.1 + - Function `PrintErrMesg()` terminates execution (at the end it calls + `blexit()`, which, in turn, invokes `__builtin_unreachable()`), ensuring + no code beyond this point is ever reached. This guarantees that execution + won't incorrectly proceed or introduce unwanted behavior. + - Tagged as `deliberate` for ECLAIR. + * - R2.2 - Proving compliance with respect to Rule 2.2 is generally impossible: see `<https://arxiv.org/abs/2212.13933>`_ for details. Moreover, peer -- 2.43.0
