[C-safe-secure-studygroup] MISRA and packed structures

Robert Seacord rcseacord at gmail.com
Wed Nov 28 15:33:16 GMT 2018


MISRA really requires strictly conforming programs?  I didn't think anyone
tried to write strictly conforming programs because they are unreasonable.

I've said this before, but I think confusing security and safety with
portability.

rCs

On Wed, Nov 28, 2018 at 10:12 AM Clive Pygott <clivepygott at gmail.com> wrote:

> I'd agree that  __packed  is like a pragma, but pragmas are explicitly
> implementation defined. Whether you want to call that a language extension
> or not, it clearly takes you outside the domain of strictly compliant
> programs
>
>          Clive
>
> On Wed, Nov 28, 2018 at 1:02 PM Wilson, Charles <
> Charles.Wilson at draeger.com> wrote:
>
>> I’m not sure I’d agree that this is an extension.
>>
>>
>>
>> I believe that it falls under the same category as pragmas, that is,
>> guidance to the compiler.
>>
>>
>>
>> MSVC https://docs.microsoft.com/en-us/cpp/preprocessor/pack?view=vs-2017
>>
>> gcc
>> https://gcc.gnu.org/onlinedocs/gcc-3.3/gcc/Variable-Attributes.html#Variable%20Attributes
>>
>> keil
>> http://www.keil.com/support/man/docs/armclang_ref/armclang_ref_chr1384946440202.htm
>>
>>
>>
>> The clang sources provide an interesting view:
>>
>>
>> https://github.com/llvm-mirror/clang/blob/master/test/Sema/struct-packed-align.c
>>
>>
>>
>> __packed is used in the keil ARM compiler
>>
>> http://www.keil.com/support/man/docs/armcc/armcc_chr1359124968737.htm
>>
>>
>>
>> as well as the gcc ARM compiler
>>
>>
>> http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0491e/CJAFJHJD.html
>>
>>
>>
>> An interesting side note is that all underscore prefixed things belong to
>> the compiler.
>>
>>
>>
>> *From:* C-safe-secure-studygroup [mailto:
>> c-safe-secure-studygroup-bounces at lists.trustable.io] *On Behalf Of *Clive
>> Pygott
>> *Sent:* Wednesday, November 28, 2018 4:58 AM
>> *To:* C Safety and Security Study Group Discussion <
>> c-safe-secure-studygroup at lists.trustable.io>
>> *Subject:* Re: [C-safe-secure-studygroup] MISRA and packed structures
>>
>>
>>
>> Hi Robert
>>
>>
>>
>> What compiler are you using, as  __packed  isn't defined in either C11
>> or C17.    If its a compiler extension then you've already broken rule 1.2
>> "language extensions should not be used".  Its only advisory, so easy to
>> deviate - but its a warning that you are now taking responsibility for the
>> behaviour of the program.
>>
>>
>>
>> As far as memcpy is concerned, MISRA C:2012 has a number of examples that
>> use memcpy, so its not totally banned. The examples all show array copying
>> (where the implied pointer arithmetic is explicitly allowed), but my belief
>> would be that copying a tMyStruct to another tMyStruct would be allowed
>> using memcpy. What wouldn't be allowed would be copying to/from something
>> of a different type, say an array of char.
>>
>>
>>
>>     Clive
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Nov 27, 2018 at 3:34 PM Robert Seacord <rcseacord at gmail.com>
>> wrote:
>>
>> Clive,
>>
>>
>>
>> In the following example:
>>
>>
>>
>> typedef __packed struct
>>
>> {
>>
>>               uint16 a;
>>
>>               uint8 b[ANNOYING_INCONVENIENT_LENGTH];
>>
>>               uint16 c;
>>
>> } tMyStruct;
>>
>>
>>
>> tMyStruct buf;
>>
>>
>>
>> Are you saying that 18.1 and 18.2 prohibit memcpy to &buf, ?
>>
>>
>>
>> Thanks,
>>
>> rCs
>>
>>
>>
>> On Tue, Nov 27, 2018 at 8:16 AM Clive Pygott <clivepygott at gmail.com>
>> wrote:
>>
>> What do you mean by a packed structure?  The term doesn't appear in the
>> C17 standard or MISRA C:2012
>>
>>
>>
>> If you mean using a structure with no or known padding as the target of a
>> block move or I/O, then that has to be done by a deviation as it breaks the
>> rules on pointer arithmetic (18.1/18.2) that only allow pointer arithmetic
>> within an array
>>
>>
>>
>>      Clive
>>
>>
>>
>> On Tue, Nov 27, 2018 at 12:05 PM Robert Seacord <rcseacord at gmail.com>
>> wrote:
>>
>> Is there any MISRA rules which disallow the use of packed structures?
>>
>>
>>
>> rCs
>>
>> _______________________________________________
>> C-safe-secure-studygroup mailing list
>> C-safe-secure-studygroup at lists.trustable.io
>>
>> https://lists.trustable.io/cgi-bin/mailman/listinfo/c-safe-secure-studygroup
>>
>> _______________________________________________
>> C-safe-secure-studygroup mailing list
>> C-safe-secure-studygroup at lists.trustable.io
>>
>> https://lists.trustable.io/cgi-bin/mailman/listinfo/c-safe-secure-studygroup
>>
>> _______________________________________________
>> C-safe-secure-studygroup mailing list
>> C-safe-secure-studygroup at lists.trustable.io
>>
>> https://lists.trustable.io/cgi-bin/mailman/listinfo/c-safe-secure-studygroup
>>
>> ---
>> This communication contains confidential information. If you are not the
>> intended recipient please return this email to the sender and delete it
>> from your records.
>>
>> Diese Nachricht enthaelt vertrauliche Informationen. Sollten Sie nicht
>> der beabsichtigte Empfaenger dieser E-mail sein, senden Sie bitte diese an
>> den Absender zurueck und loeschen Sie die E-mail aus Ihrem System.
>> _______________________________________________
>> C-safe-secure-studygroup mailing list
>> C-safe-secure-studygroup at lists.trustable.io
>>
>> https://lists.trustable.io/cgi-bin/mailman/listinfo/c-safe-secure-studygroup
>>
> _______________________________________________
> C-safe-secure-studygroup mailing list
> C-safe-secure-studygroup at lists.trustable.io
>
> https://lists.trustable.io/cgi-bin/mailman/listinfo/c-safe-secure-studygroup
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20181128/bbd8aa9d/attachment.html>


More information about the C-safe-secure-studygroup mailing list