From f0f8e9e743c77e0a85ed2f1895fda180519f6f77 Mon Sep 17 00:00:00 2001 From: kar-rahul-aws Date: Thu, 27 Feb 2025 15:29:20 +0530 Subject: [PATCH] Fix MISRA violations for Kernel release V11.2.0 --- MISRA.md | 4 +- examples/coverity/coverity_misra.config | 4 + queue.c | 5 +- tasks.c | 10 +- timers.c | 215 ++++++++++++------------ 5 files changed, 126 insertions(+), 112 deletions(-) diff --git a/MISRA.md b/MISRA.md index b5941037f..87ff4cbcd 100644 --- a/MISRA.md +++ b/MISRA.md @@ -120,8 +120,8 @@ _Ref 11.5.5_ MISRA C-2012 Rule 14.3: Controlling expressions shall not be invariant. _Ref 14.3_ - - The `configMAX_TASK_NAME_LEN` and `taskRESERVED_TASK_NAME_LENGTH` are - evaluated to constants at compile time and may vary based on the build + - The `configMAX_TASK_NAME_LEN` , `taskRESERVED_TASK_NAME_LENGTH` and `SIZE_MAX` + are evaluated to constants at compile time and may vary based on the build configuration. #### Rule 18.1 diff --git a/examples/coverity/coverity_misra.config b/examples/coverity/coverity_misra.config index d80ddb553..631142806 100644 --- a/examples/coverity/coverity_misra.config +++ b/examples/coverity/coverity_misra.config @@ -3,6 +3,10 @@ "standard" : "c2012", "title": "Coverity MISRA Configuration", "deviations" : [ + { + "deviation": "Rule 1.2", + "reason": "Allow use of __attribute__ for necessary functions placement in specific memory regions." + }, { "deviation": "Rule 3.1", "reason": "We post HTTP links in code comments which contain // inside comments blocks." diff --git a/queue.c b/queue.c index 688fb3113..e91d9e39b 100644 --- a/queue.c +++ b/queue.c @@ -513,7 +513,10 @@ BaseType_t xQueueGenericReset( QueueHandle_t xQueue, /* Check for multiplication overflow. */ ( ( SIZE_MAX / uxQueueLength ) >= uxItemSize ) && /* Check for addition overflow. */ - ( ( SIZE_MAX - sizeof( Queue_t ) ) >= ( size_t ) ( uxQueueLength * uxItemSize ) ) ) + /* MISRA Ref 14.3.1 [Configuration dependent invariant] */ + /* More details at: https://github.com/FreeRTOS/FreeRTOS-Kernel/blob/main/MISRA.md#rule-143. */ + /* coverity[misra_c_2012_rule_14_3_violation] */ + ( ( SIZE_MAX - sizeof( Queue_t ) ) >= ( size_t ) ( ( size_t ) uxQueueLength * ( size_t ) uxItemSize ) ) ) { /* Allocate enough space to hold the maximum number of items that * can be in the queue at any time. It is valid for uxItemSize to be diff --git a/tasks.c b/tasks.c index def843fe6..24cfb2620 100644 --- a/tasks.c +++ b/tasks.c @@ -2016,7 +2016,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, pxNewTCB->xTaskRunState = taskTASK_NOT_RUNNING; /* Is this an idle task? */ - if( ( ( TaskFunction_t ) pxTaskCode == ( TaskFunction_t ) prvIdleTask ) || ( ( TaskFunction_t ) pxTaskCode == ( TaskFunction_t ) prvPassiveIdleTask ) ) + if( ( ( TaskFunction_t ) pxTaskCode == ( TaskFunction_t ) ( &prvIdleTask ) ) || ( ( TaskFunction_t ) pxTaskCode == ( TaskFunction_t ) ( &prvPassiveIdleTask ) ) ) { pxNewTCB->uxTaskAttributes |= taskATTRIBUTE_IS_IDLE; } @@ -3573,7 +3573,7 @@ static BaseType_t prvCreateIdleTasks( void ) { #if ( configNUMBER_OF_CORES == 1 ) { - pxIdleTaskFunction = prvIdleTask; + pxIdleTaskFunction = &prvIdleTask; } #else /* #if ( configNUMBER_OF_CORES == 1 ) */ { @@ -3582,11 +3582,11 @@ static BaseType_t prvCreateIdleTasks( void ) * run when no other task is available to run. */ if( xCoreID == 0 ) { - pxIdleTaskFunction = prvIdleTask; + pxIdleTaskFunction = &prvIdleTask; } else { - pxIdleTaskFunction = prvPassiveIdleTask; + pxIdleTaskFunction = &prvPassiveIdleTask; } } #endif /* #if ( configNUMBER_OF_CORES == 1 ) */ @@ -3603,7 +3603,7 @@ static BaseType_t prvCreateIdleTasks( void ) * name will contain an incorrect ASCII character. This is * acceptable as the task name is used mainly for debugging. */ cIdleName[ xIdleTaskNameIndex ] = ( char ) ( xCoreID + '0' ); - cIdleName[ xIdleTaskNameIndex + 1 ] = '\0'; + cIdleName[ xIdleTaskNameIndex + 1U ] = '\0'; } #endif /* if ( configNUMBER_OF_CORES > 1 ) */ diff --git a/timers.c b/timers.c index 03765fe7b..0eca674cf 100644 --- a/timers.c +++ b/timers.c @@ -257,7 +257,7 @@ configSTACK_DEPTH_TYPE uxTimerTaskStackSize; vApplicationGetTimerTaskMemory( &pxTimerTaskTCBBuffer, &pxTimerTaskStackBuffer, &uxTimerTaskStackSize ); - xTimerTaskHandle = xTaskCreateStaticAffinitySet( prvTimerTask, + xTimerTaskHandle = xTaskCreateStaticAffinitySet( &prvTimerTask, configTIMER_SERVICE_TASK_NAME, uxTimerTaskStackSize, NULL, @@ -273,7 +273,7 @@ } #else /* if ( configSUPPORT_STATIC_ALLOCATION == 1 ) */ { - xReturn = xTaskCreateAffinitySet( prvTimerTask, + xReturn = xTaskCreateAffinitySet( &prvTimerTask, configTIMER_SERVICE_TASK_NAME, configTIMER_TASK_STACK_DEPTH, NULL, @@ -292,7 +292,7 @@ configSTACK_DEPTH_TYPE uxTimerTaskStackSize; vApplicationGetTimerTaskMemory( &pxTimerTaskTCBBuffer, &pxTimerTaskStackBuffer, &uxTimerTaskStackSize ); - xTimerTaskHandle = xTaskCreateStatic( prvTimerTask, + xTimerTaskHandle = xTaskCreateStatic( &prvTimerTask, configTIMER_SERVICE_TASK_NAME, uxTimerTaskStackSize, NULL, @@ -307,7 +307,7 @@ } #else /* if ( configSUPPORT_STATIC_ALLOCATION == 1 ) */ { - xReturn = xTaskCreate( prvTimerTask, + xReturn = xTaskCreate( &prvTimerTask, configTIMER_SERVICE_TASK_NAME, configTIMER_TASK_STACK_DEPTH, NULL, @@ -462,7 +462,7 @@ /* Send a message to the timer service task to perform a particular action * on a particular timer definition. */ - if( xTimerQueue != NULL ) + if( ( xTimerQueue != NULL ) && ( xTimer != NULL ) ) { /* Send a command to the timer service task to start the xTimer timer. */ xMessage.xMessageID = xCommandID; @@ -513,7 +513,7 @@ /* Send a message to the timer service task to perform a particular action * on a particular timer definition. */ - if( xTimerQueue != NULL ) + if( ( xTimerQueue != NULL ) && ( xTimer != NULL ) ) { /* Send a command to the timer service task to start the xTimer timer. */ xMessage.xMessageID = xCommandID; @@ -974,110 +974,117 @@ * software timer. */ pxTimer = xMessage.u.xTimerParameters.pxTimer; - if( listIS_CONTAINED_WITHIN( NULL, &( pxTimer->xTimerListItem ) ) == pdFALSE ) + if( pxTimer != NULL ) { - /* The timer is in a list, remove it. */ - ( void ) uxListRemove( &( pxTimer->xTimerListItem ) ); + if( listIS_CONTAINED_WITHIN( NULL, &( pxTimer->xTimerListItem ) ) == pdFALSE ) + { + /* The timer is in a list, remove it. */ + ( void ) uxListRemove( &( pxTimer->xTimerListItem ) ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + traceTIMER_COMMAND_RECEIVED( pxTimer, xMessage.xMessageID, xMessage.u.xTimerParameters.xMessageValue ); + + /* In this case the xTimerListsWereSwitched parameter is not used, but + * it must be present in the function call. prvSampleTimeNow() must be + * called after the message is received from xTimerQueue so there is no + * possibility of a higher priority task adding a message to the message + * queue with a time that is ahead of the timer daemon task (because it + * pre-empted the timer daemon task after the xTimeNow value was set). */ + xTimeNow = prvSampleTimeNow( &xTimerListsWereSwitched ); + + switch( xMessage.xMessageID ) + { + case tmrCOMMAND_START: + case tmrCOMMAND_START_FROM_ISR: + case tmrCOMMAND_RESET: + case tmrCOMMAND_RESET_FROM_ISR: + /* Start or restart a timer. */ + pxTimer->ucStatus |= ( uint8_t ) tmrSTATUS_IS_ACTIVE; + + if( prvInsertTimerInActiveList( pxTimer, xMessage.u.xTimerParameters.xMessageValue + pxTimer->xTimerPeriodInTicks, xTimeNow, xMessage.u.xTimerParameters.xMessageValue ) != pdFALSE ) + { + /* The timer expired before it was added to the active + * timer list. Process it now. */ + if( ( pxTimer->ucStatus & tmrSTATUS_IS_AUTORELOAD ) != 0U ) + { + prvReloadTimer( pxTimer, xMessage.u.xTimerParameters.xMessageValue + pxTimer->xTimerPeriodInTicks, xTimeNow ); + } + else + { + pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE ); + } + + /* Call the timer callback. */ + traceTIMER_EXPIRED( pxTimer ); + pxTimer->pxCallbackFunction( ( TimerHandle_t ) pxTimer ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + break; + + case tmrCOMMAND_STOP: + case tmrCOMMAND_STOP_FROM_ISR: + /* The timer has already been removed from the active list. */ + pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE ); + break; + + case tmrCOMMAND_CHANGE_PERIOD: + case tmrCOMMAND_CHANGE_PERIOD_FROM_ISR: + pxTimer->ucStatus |= ( uint8_t ) tmrSTATUS_IS_ACTIVE; + pxTimer->xTimerPeriodInTicks = xMessage.u.xTimerParameters.xMessageValue; + configASSERT( ( pxTimer->xTimerPeriodInTicks > 0 ) ); + + /* The new period does not really have a reference, and can + * be longer or shorter than the old one. The command time is + * therefore set to the current time, and as the period cannot + * be zero the next expiry time can only be in the future, + * meaning (unlike for the xTimerStart() case above) there is + * no fail case that needs to be handled here. */ + ( void ) prvInsertTimerInActiveList( pxTimer, ( xTimeNow + pxTimer->xTimerPeriodInTicks ), xTimeNow, xTimeNow ); + break; + + case tmrCOMMAND_DELETE: + #if ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) + { + /* The timer has already been removed from the active list, + * just free up the memory if the memory was dynamically + * allocated. */ + if( ( pxTimer->ucStatus & tmrSTATUS_IS_STATICALLY_ALLOCATED ) == ( uint8_t ) 0 ) + { + vPortFree( pxTimer ); + } + else + { + pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE ); + } + } + #else /* if ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) */ + { + /* If dynamic allocation is not enabled, the memory + * could not have been dynamically allocated. So there is + * no need to free the memory - just mark the timer as + * "not active". */ + pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE ); + } + #endif /* configSUPPORT_DYNAMIC_ALLOCATION */ + break; + + default: + /* Don't expect to get here. */ + break; + } } else { mtCOVERAGE_TEST_MARKER(); } - - traceTIMER_COMMAND_RECEIVED( pxTimer, xMessage.xMessageID, xMessage.u.xTimerParameters.xMessageValue ); - - /* In this case the xTimerListsWereSwitched parameter is not used, but - * it must be present in the function call. prvSampleTimeNow() must be - * called after the message is received from xTimerQueue so there is no - * possibility of a higher priority task adding a message to the message - * queue with a time that is ahead of the timer daemon task (because it - * pre-empted the timer daemon task after the xTimeNow value was set). */ - xTimeNow = prvSampleTimeNow( &xTimerListsWereSwitched ); - - switch( xMessage.xMessageID ) - { - case tmrCOMMAND_START: - case tmrCOMMAND_START_FROM_ISR: - case tmrCOMMAND_RESET: - case tmrCOMMAND_RESET_FROM_ISR: - /* Start or restart a timer. */ - pxTimer->ucStatus |= ( uint8_t ) tmrSTATUS_IS_ACTIVE; - - if( prvInsertTimerInActiveList( pxTimer, xMessage.u.xTimerParameters.xMessageValue + pxTimer->xTimerPeriodInTicks, xTimeNow, xMessage.u.xTimerParameters.xMessageValue ) != pdFALSE ) - { - /* The timer expired before it was added to the active - * timer list. Process it now. */ - if( ( pxTimer->ucStatus & tmrSTATUS_IS_AUTORELOAD ) != 0U ) - { - prvReloadTimer( pxTimer, xMessage.u.xTimerParameters.xMessageValue + pxTimer->xTimerPeriodInTicks, xTimeNow ); - } - else - { - pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE ); - } - - /* Call the timer callback. */ - traceTIMER_EXPIRED( pxTimer ); - pxTimer->pxCallbackFunction( ( TimerHandle_t ) pxTimer ); - } - else - { - mtCOVERAGE_TEST_MARKER(); - } - - break; - - case tmrCOMMAND_STOP: - case tmrCOMMAND_STOP_FROM_ISR: - /* The timer has already been removed from the active list. */ - pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE ); - break; - - case tmrCOMMAND_CHANGE_PERIOD: - case tmrCOMMAND_CHANGE_PERIOD_FROM_ISR: - pxTimer->ucStatus |= ( uint8_t ) tmrSTATUS_IS_ACTIVE; - pxTimer->xTimerPeriodInTicks = xMessage.u.xTimerParameters.xMessageValue; - configASSERT( ( pxTimer->xTimerPeriodInTicks > 0 ) ); - - /* The new period does not really have a reference, and can - * be longer or shorter than the old one. The command time is - * therefore set to the current time, and as the period cannot - * be zero the next expiry time can only be in the future, - * meaning (unlike for the xTimerStart() case above) there is - * no fail case that needs to be handled here. */ - ( void ) prvInsertTimerInActiveList( pxTimer, ( xTimeNow + pxTimer->xTimerPeriodInTicks ), xTimeNow, xTimeNow ); - break; - - case tmrCOMMAND_DELETE: - #if ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) - { - /* The timer has already been removed from the active list, - * just free up the memory if the memory was dynamically - * allocated. */ - if( ( pxTimer->ucStatus & tmrSTATUS_IS_STATICALLY_ALLOCATED ) == ( uint8_t ) 0 ) - { - vPortFree( pxTimer ); - } - else - { - pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE ); - } - } - #else /* if ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) */ - { - /* If dynamic allocation is not enabled, the memory - * could not have been dynamically allocated. So there is - * no need to free the memory - just mark the timer as - * "not active". */ - pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE ); - } - #endif /* configSUPPORT_DYNAMIC_ALLOCATION */ - break; - - default: - /* Don't expect to get here. */ - break; - } } } }