Hello,
Background & Justification: MISRA C:2012 Rule 11.1 forbids the conversion from a function pointer to any other type. However, in the context of TF-A, we encounter scenarios where this conversion is necessary and performed with full knowledge of the target architecture and toolchain behavior. A prominent example is in low-level platform code, such as transferring control between bootloader stages or passing function entry points for CPU/core bring-up, where the conversion is unavoidable and well-understood.
One such example is the K3 PSCI driver [1] where we pass the k3_sec_entrypoint which is of type uintptr_t, to the ti_sci_proc_set_boot_cfg function where the parameter is of type uint64_t. Another place that triggered the discussions behind this MISRA C issue was the TI AM62L PSCI driver [2] that needs a 16b aligned function pointer.
We don't have to go into specific case by case discussion of solving these issues, but just wanted to share example use cases of function pointer conversion.
Request: I propose we formally document a project-wide MISRA C:2012 Rule 11.1 deviation, reflecting current and future usage throughout the TF-A codebase. This deviation allows us to balance MISRA objectives with the practical and architectural necessities of TF-A development.
Rationale: * Conversions between function pointers and other types are essential in several parts of the TF-A codebase, not limited to one module or file. * Platform-specific code (e.g., power management, bootloader hand-offs) relies on this pattern for correct operation.
References: [1] https://github.com/ARM-software/arm-trusted-firmware/blob/master/plat/ti/k3/... [2] https://github.com/ARM-software/arm-trusted-firmware/blob/master/plat/ti/k3l...