Note
IMPORTANT All MISRA C rules, text, and examples are copyrighted by the MISRA Consortium Limited and used with permission.
Please refer to https://www.misra.org.uk/ to obtain a copy of MISRA C, or for licensing options for other use of the rules.
The following is the list of MISRA C rules that apply to the Xen hypervisor.
It is possible that in specific circumstances it is best not to follow a rule because it is not possible or because the alternative leads to better code quality. Those cases are called "deviations". They are permissible as long as they are documented. For details, please refer to docs/misra/documenting-violations.rst and docs/misra/deviations.rst
Other documentation mechanisms are work-in-progress.
The existing codebase is not 100% compliant with the rules. Some of the violations are meant to be documented as deviations, while some others should be fixed. Both compliance and documenting deviations on the existing codebase are work-in-progress.
The list below might need to be updated over time. Reach out to THE REST maintainers if you want to suggest a change.
| Dir number | Severity | Summary | Notes |
|---|---|---|---|
| Dir 1.1 | Required | Any implementation-defined behaviour on which the output of the program depends shall be documented and understood | |
| Dir 2.1 | Required | All source files shall compile without any compilation errors | |
| Dir 4.1 | Required | Run-time failures shall be minimized | The strategies adopted by Xen to prevent certain classes of runtime failures is documented by C-runtime-failures.rst |
| Dir 4.7 | Required | If a function returns error information then that error information shall be tested | |
| Dir 4.10 | Required | Precautions shall be taken in order to prevent the contents of a header file being included more than once | Files that are intended to be included more than once do not need to conform to the directive |
| Dir 4.11 | Required | The validity of values passed to library functions shall be checked | We do not have libraries in Xen (libfdt and others are not considered libraries from MISRA C point of view as they are imported in source form) |
| Dir 4.14 | Required | The validity of values received from external sources shall be checked |
A switch clause can be defined as: "the non-empty list of statements which follows a non-empty list of case/default labels". A formal definition is available within the amplification of MISRA C:2012 Rule 16.1.
Footnotes