eclair/: ECLAIR configs and scripts
Mostly copied from the TF-A implementation, but with some changes for TF-M
already.
Includes external_sources.ecl, a dedicated file for external
sources specification.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Change-Id: Ia092024205f0bc2d350318afdc2aed855dedf091
diff --git a/eclair/MISRA_C_2012_selection.ecl b/eclair/MISRA_C_2012_selection.ecl
new file mode 100644
index 0000000..047dafc
--- /dev/null
+++ b/eclair/MISRA_C_2012_selection.ecl
@@ -0,0 +1,201 @@
+-project_name=getenv("ECLAIR_PROJECT_NAME")
+-project_root=getenv("ECLAIR_PROJECT_ROOT")
+
+-setq=data_dir,getenv("ECLAIR_DATA_DIR")
+
+-enable=B.REPORT.ECB
+-config=B.REPORT.ECB,output=join_paths(data_dir,"FRAME.@FRAME@.ecb")
+-config=B.REPORT.ECB,preprocessed=show
+-config=B.REPORT.ECB,macros=10
+-config=B.REPORT.ECB,tags=show
+
+-enable=B.EXPLAIN
+
+-doc_begin="See https://developer.trustedfirmware.org/w/tf_a/tf-a-misra-analysis/"
+# "Any implementation-defined behaviour on which the output of the program depends shall be documented and understood."
+# This requires configuring gazillion of generic parameters, where relation is mostly
+# not configured == warning, configured == no warning. Return to this later.
+#-enable=MC3R1.D1.1
+-enable=MC3R1.D2.1
+-enable=MC3R1.D4.1
+-enable=MC3R1.D4.2
+-enable=MC3R1.D4.3
+-enable=MC3R1.D4.4
+-doc="'Information' reports apply to #ifdef'ed code, don't show real problems, just add noise."
+-config=MC3R1.D4.4,reports+={hide,"kind(information)"}
+-enable=MC3R1.D4.5
+-enable=MC3R1.D4.7
+-enable=MC3R1.D4.10
+-enable=MC3R1.D4.11
+-enable=MC3R1.D4.12
+-enable=MC3R1.D4.13
+-enable=MC3R1.D4.14
+-enable=MC3R1.R1.1
+
+-enable=MC3R1.R1.2
+-doc_begin="TODO: Contains bare instances of __builtin_offsetof, should be wrapped in macro"
+-config=MC3R1.R1.2,reports+={todo,"all_area(all_loc(^include/drivers/console_assertions.h$))"}
+-config=MC3R1.R1.2,reports+={todo,"all_area(all_loc(^include/common/ep_info.h$))"}
+-doc_end
+
+-enable=MC3R1.R1.3
+
+-enable=MC3R1.R2.1
+-doc="When logging is disabled, no_tf_log() is expected to contain special unreachable code pattern."
+-config=MC3R1.R2.1,reports+={safe,"any_area(all_loc(macro(^no_tf_log$)))"}
+-doc="Silence warning about unreachable null statement. TODO: Better wrap macro in do {...} while (0) pattern."
+-config=MC3R1.R2.1,reports+={safe,"any_area(kind(culprit)&&^null statement is unreachable$)"}
+
+-enable=MC3R1.R2.2
+-enable=MC3R1.R2.3
+-enable=MC3R1.R2.6
+-enable=MC3R1.R3.1
+-enable=MC3R1.R3.2
+-enable=MC3R1.R4.1
+-enable=MC3R1.R4.2
+-enable=MC3R1.R5.2
+-enable=MC3R1.R5.3
+-enable=MC3R1.R5.4
+-enable=MC3R1.R5.5
+-enable=MC3R1.R5.6
+-enable=MC3R1.R5.7
+-enable=MC3R1.R5.9
+-enable=MC3R1.R6.1
+-enable=MC3R1.R6.2
+-enable=MC3R1.R7.1
+-enable=MC3R1.R7.2
+-enable=MC3R1.R7.3
+-enable=MC3R1.R7.4
+-enable=MC3R1.R8.1
+-enable=MC3R1.R8.2
+-enable=MC3R1.R8.3
+-enable=MC3R1.R8.4
+-enable=MC3R1.R8.5
+-enable=MC3R1.R8.8
+-enable=MC3R1.R8.9
+-enable=MC3R1.R8.10
+
+-enable=MC3R1.R8.11
+-doc="This macro intended to deal with special linker-defined symbols like __TEXT_START__"
+-config=MC3R1.R8.11,reports+={safe,"all_area(all_loc(macro(^IMPORT_SYM$)))"}
+
+-enable=MC3R1.R8.12
+-enable=MC3R1.R8.13
+-enable=MC3R1.R8.14
+-enable=MC3R1.R9.1
+-enable=MC3R1.R9.2
+-enable=MC3R1.R9.3
+-enable=MC3R1.R9.4
+-enable=MC3R1.R9.5
+-enable=MC3R1.R10.1
+-enable=MC3R1.R10.2
+-enable=MC3R1.R10.3
+-enable=MC3R1.R10.4
+-enable=MC3R1.R10.5
+-enable=MC3R1.R10.6
+-enable=MC3R1.R10.7
+-enable=MC3R1.R10.8
+-enable=MC3R1.R11.1
+-enable=MC3R1.R11.2
+-enable=MC3R1.R11.3
+-enable=MC3R1.R11.6
+-enable=MC3R1.R11.7
+-enable=MC3R1.R11.8
+-enable=MC3R1.R11.9
+-enable=MC3R1.R12.1
+-enable=MC3R1.R12.2
+-enable=MC3R1.R12.3
+-enable=MC3R1.R12.4
+-enable=MC3R1.R12.5
+-enable=MC3R1.R13.1
+-enable=MC3R1.R13.2
+-enable=MC3R1.R13.3
+-enable=MC3R1.R13.4
+-enable=MC3R1.R13.5
+-enable=MC3R1.R13.6
+-enable=MC3R1.R14.1
+-enable=MC3R1.R14.2
+
+-enable=MC3R1.R14.3
+-doc="When logging is disabled, no_tf_log() is expected to contain special unreachable code pattern."
+-config=MC3R1.R14.3,reports+={safe,"any_area(all_loc(macro(^no_tf_log$)))"}
+
+-enable=MC3R1.R14.4
+-enable=MC3R1.R15.2
+-enable=MC3R1.R15.3
+-enable=MC3R1.R15.4
+-enable=MC3R1.R15.7
+-enable=MC3R1.R16.2
+-enable=MC3R1.R16.4
+-enable=MC3R1.R16.5
+-enable=MC3R1.R16.6
+-enable=MC3R1.R16.7
+-enable=MC3R1.R17.2
+-enable=MC3R1.R17.3
+-enable=MC3R1.R17.4
+-enable=MC3R1.R17.5
+-enable=MC3R1.R17.6
+-enable=MC3R1.R17.7
+-enable=MC3R1.R17.8
+-enable=MC3R1.R18.1
+-enable=MC3R1.R18.2
+-enable=MC3R1.R18.3
+-enable=MC3R1.R18.4
+-enable=MC3R1.R18.5
+-enable=MC3R1.R18.6
+-enable=MC3R1.R18.7
+-enable=MC3R1.R18.8
+-enable=MC3R1.R19.1
+-enable=MC3R1.R19.2
+-enable=MC3R1.R20.1
+-enable=MC3R1.R20.2
+-enable=MC3R1.R20.3
+-enable=MC3R1.R20.4
+-enable=MC3R1.R20.5
+-enable=MC3R1.R20.6
+-enable=MC3R1.R20.7
+-enable=MC3R1.R20.8
+-enable=MC3R1.R20.9
+-enable=MC3R1.R20.10
+-enable=MC3R1.R20.11
+-enable=MC3R1.R20.12
+-enable=MC3R1.R20.13
+-enable=MC3R1.R20.14
+-enable=MC3R1.R21.1
+
+-enable=MC3R1.R21.2
+-doc="This macro intended to deal with special linker-defined symbols like __TEXT_START__"
+-config=MC3R1.R21.2,reports+={safe,"all_area(all_loc(macro(^IMPORT_SYM$)))"}
+
+-enable=MC3R1.R21.3
+-enable=MC3R1.R21.4
+-enable=MC3R1.R21.5
+-enable=MC3R1.R21.7
+-enable=MC3R1.R21.8
+-enable=MC3R1.R21.9
+-enable=MC3R1.R21.10
+-enable=MC3R1.R21.11
+-enable=MC3R1.R21.12
+-enable=MC3R1.R21.13
+-enable=MC3R1.R21.14
+-enable=MC3R1.R21.15
+-enable=MC3R1.R21.16
+-enable=MC3R1.R21.17
+-enable=MC3R1.R21.18
+-enable=MC3R1.R21.19
+-enable=MC3R1.R21.20
+-enable=MC3R1.R22.1
+-enable=MC3R1.R22.2
+-enable=MC3R1.R22.3
+-enable=MC3R1.R22.4
+-enable=MC3R1.R22.5
+-enable=MC3R1.R22.6
+-enable=MC3R1.R22.7
+-enable=MC3R1.R22.8
+-enable=MC3R1.R22.9
+-enable=MC3R1.R22.10
+-doc_end
+
+-eval_file=common_config.ecl
+
+-reports={hide,all_exp_external}
diff --git a/eclair/common_config.ecl b/eclair/common_config.ecl
new file mode 100644
index 0000000..e2e7737
--- /dev/null
+++ b/eclair/common_config.ecl
@@ -0,0 +1,33 @@
+-eval_file=toolchain.ecl
+
+-eval_file=public_APIs.ecl
+-public_files+=api:public
+
+-eval_file=external_sources.ecl
+
+-doc="Build version file is autogenerated and piped directly to compiler, captured by ECLAIR as /dev/pipe/XXX, changing from build to build, leading to spurious diffs."
+#-file_tag+={external, "^_ROOT/dev/pipe/.*$"}
+#-file_tag+={external, "^/dev/pipe/.*$"}
+-source_files={hide, "^/dev/pipe/.*$"}
+
+-doc="FIXME: cite the compiler manual section describing support for __asm__."
+-config=MC3R1.R1.2,reports+={hide,"category(^STD.tokenext/__asm__$)"}
+
+-doc="FIXME: cite the compiler manual section describing support for __attribute__."
+-config=MC3R1.R1.2,reports+={hide,"category(^STD.tokenext/__attribute__$)"}
+
+-doc="FIXME: cite the compiler manual section describing support for __typeof__."
+-config=MC3R1.R1.2,reports+={hide,"category(^STD.tokenext/__typeof__$)"}
+
+-doc_begin="Unless specified otherwise, a function with a non-const pointer argument is assumed not to read the pointee before writing it and it is assumed to write something to it before returning."
+-default_call_properties+="pointee_read(1..=never)"
+-default_call_properties+="pointee_write(1..=always)"
+-doc_end
+
+
+-doc="Unless specified otherwise, a function is assumed to not save/preserve the pointers received as arguments."
+-default_call_properties+="taken()"
+
+-remap_rtag={safe, hide}
+# Hide known TODOs for now
+-remap_rtag={todo, hide}
diff --git a/eclair/external_sources.ecl b/eclair/external_sources.ecl
new file mode 100644
index 0000000..f82582a
--- /dev/null
+++ b/eclair/external_sources.ecl
@@ -0,0 +1,13 @@
+#
+# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+# External aka 3rd-party sources included in a project.
+# These are intended to be filtered from MISRA reports (as we don't have
+# control over them, can't easily fix issues in them, and generally that's
+# normally out of scope of the project).
+
+-file_tag+={external, "^trusted-firmware-m/platform/ext/cmsis/.*$"}
+-file_tag+={external, "^trusted-firmware-m/lib/ext/mbedcrypto/.*$"}
+
diff --git a/eclair/public_APIs.ecl b/eclair/public_APIs.ecl
new file mode 100644
index 0000000..ec38426
--- /dev/null
+++ b/eclair/public_APIs.ecl
@@ -0,0 +1,5 @@
+# Definition of the public APIs.
+
+
+-doc="FIXME: add proper documentation."
+-file_tag+={api:public,"^interface/include/psa\\.h$"}
diff --git a/eclair/report.ecl b/eclair/report.ecl
new file mode 100644
index 0000000..c41aad1
--- /dev/null
+++ b/eclair/report.ecl
@@ -0,0 +1,22 @@
+# eclair_report
+
+#defun(sel_violations(s),
+# create_sel(s,
+# [["clear_all",s],
+# ["add_kind",s,"violation"],
+# ["add_kind",s,"error"],
+# ["select_kind","",s],
+# ["reset",s],
+# ["add_service_glob",s,"B.EXPLAIN"],
+# ["select_service","",s]]),
+# sel(s))
+#
+#defun(sel_samples(s,count,domain1,domain2),
+# untag("sample","true"),
+# tag_samples("sample","true",count,domain1,domain2),
+# sel_tag_glob(s,"sample","true"),
+# sel(s))
+#
+#sel_violations("violations_selection")
+#sel_samples("samples_selection",20,"first_file","service")
+#save_sel()
diff --git a/eclair/toolchain.ecl b/eclair/toolchain.ecl
new file mode 100644
index 0000000..6f00a4f
--- /dev/null
+++ b/eclair/toolchain.ecl
@@ -0,0 +1,14 @@
+# Compilers.
+-file_tag+={GCC,"^.*aarch64-none-elf-gcc$"}
+-file_tag+={GCC,"^.*arm-none-eabi-gcc$"}
+
+-config=STD.tokenext,+behavior={c99, GCC, "^(__asm|__asm__|__attribute__|__restrict|__typeof__|__builtin_types_compatible_p|__builtin_offsetof|__volatile__|__alignof|_Static_assert)$"}
+-config=STD.inclnest,+behavior={c99, GCC, 24}
+-config=STD.ppifnest,+behavior={c99, GCC, 32}
+-config=STD.macident,+behavior={c99, GCC, 4096}
+-config=STD.stdtypes,+behavior={c99, GCC, "unsigned long long||long long"}
+
+-config=STD.charsmem,+behavior={c99, GCC, utf8}
+-config=STD.bytebits,+behavior={c99, GCC, 8}
+-config=STD.freesten,+behavior={c99, GCC, specified}
+-config=STD.freestnd,+behavior={c99, GCC, specified}