From nobody Thu May 16 05:26:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1705931323459109.09948597725963; Mon, 22 Jan 2024 05:48:43 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.669905.1042419 (Exim 4.92) (envelope-from ) id 1rRuf2-0007dy-2U; Mon, 22 Jan 2024 13:48:24 +0000 Received: by outflank-mailman (output) from mailman id 669905.1042419; Mon, 22 Jan 2024 13:48:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rRuf1-0007dm-SH; Mon, 22 Jan 2024 13:48:23 +0000 Received: by outflank-mailman (input) for mailman id 669905; Mon, 22 Jan 2024 13:48:23 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rRuf0-0007Ly-VY for xen-devel@lists.xenproject.org; Mon, 22 Jan 2024 13:48:22 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id e7c82d78-b92c-11ee-98f2-6d05b1d4d9a1; Mon, 22 Jan 2024 14:48:21 +0100 (CET) Received: from Dell.homenet.telecomitalia.it (host-87-16-84-78.retail.telecomitalia.it [87.16.84.78]) by support.bugseng.com (Postfix) with ESMTPSA id DE0684EE073C; Mon, 22 Jan 2024 14:48:20 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e7c82d78-b92c-11ee-98f2-6d05b1d4d9a1 From: Federico Serafini To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Federico Serafini , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu Subject: [XEN PATCH 1/3] xen: introduce static_assert_unreachable() Date: Mon, 22 Jan 2024 14:48:06 +0100 Message-Id: <01c57c7e5131d699cf622be96fea7cd8e03c23f9.1705930767.git.federico.serafini@bugseng.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1705931325299100001 Content-Type: text/plain; charset="utf-8" Introduce macro static_asser_unreachable() to check that a program point is considered unreachable by the static analysis performed by the compiler, even at optimization level -O0. The use of such macro will lead to one of the following outcomes: - the program point identified by the macro is considered unreachable, then the compiler removes the macro; - the program point identified by the macro is not considered unreachable, then the compiler does not remove the macro, which will lead to a failure in the build process caused by an assembler error. Signed-off-by: Federico Serafini --- xen/include/xen/compiler.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h index 16d554f2a5..ad0520f5d4 100644 --- a/xen/include/xen/compiler.h +++ b/xen/include/xen/compiler.h @@ -64,6 +64,14 @@ # define fallthrough do {} while (0) /* fallthrough */ #endif =20 +/* + * Add the following macro to check that a program point is considered + * unreachable by the static analysis performed by the compiler, + * even at optimization level -O0. + */ +#define static_assert_unreachable() \ + asm(".error \"unreachable program point reached\""); + #ifdef __clang__ /* Clang can replace some vars with new automatic ones that go in .data; * mark all explicit-segment vars 'used' to prevent that. */ --=20 2.34.1 From nobody Thu May 16 05:26:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1705931320080426.3016480094875; Mon, 22 Jan 2024 05:48:40 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.669906.1042433 (Exim 4.92) (envelope-from ) id 1rRuf3-00082s-8N; Mon, 22 Jan 2024 13:48:25 +0000 Received: by outflank-mailman (output) from mailman id 669906.1042433; Mon, 22 Jan 2024 13:48:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rRuf3-00082c-3q; Mon, 22 Jan 2024 13:48:25 +0000 Received: by outflank-mailman (input) for mailman id 669906; Mon, 22 Jan 2024 13:48:24 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rRuf1-0007Ly-Vq for xen-devel@lists.xenproject.org; Mon, 22 Jan 2024 13:48:23 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id e803ea05-b92c-11ee-98f2-6d05b1d4d9a1; Mon, 22 Jan 2024 14:48:21 +0100 (CET) Received: from Dell.homenet.telecomitalia.it (host-87-16-84-78.retail.telecomitalia.it [87.16.84.78]) by support.bugseng.com (Postfix) with ESMTPSA id 583D04EE0742; Mon, 22 Jan 2024 14:48:21 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e803ea05-b92c-11ee-98f2-6d05b1d4d9a1 From: Federico Serafini To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Federico Serafini , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [XEN PATCH 2/3] x86/uaccess: replace __{get,put}_user_bad() with static_assert_unreachable() Date: Mon, 22 Jan 2024 14:48:07 +0100 Message-Id: <971693bc9c68e86dce793c9e613688f527db0e31.1705930767.git.federico.serafini@bugseng.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1705931321269100001 Content-Type: text/plain; charset="utf-8" Use static_assert_unreachable() to improve readability and anticipate the build failure (from a linker error to an assembler error) in case of wrong size. Signed-off-by: Federico Serafini --- xen/arch/x86/include/asm/uaccess.h | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/include/asm/uaccess.h b/xen/arch/x86/include/asm/= uaccess.h index 7443519d5b..ce608fc2b5 100644 --- a/xen/arch/x86/include/asm/uaccess.h +++ b/xen/arch/x86/include/asm/uaccess.h @@ -21,9 +21,6 @@ unsigned int copy_from_guest_ll(void *to, const void __us= er *from, unsigned int unsigned int copy_to_unsafe_ll(void *to, const void *from, unsigned int n); unsigned int copy_from_unsafe_ll(void *to, const void *from, unsigned int = n); =20 -extern long __get_user_bad(void); -extern void __put_user_bad(void); - #define UA_KEEP(args...) args #define UA_DROP(args...) =20 @@ -208,7 +205,7 @@ do { = \ case 8: = \ put_unsafe_asm(x, ptr, grd, retval, "q", "", "ir", errret); = \ break; = \ - default: __put_user_bad(); = \ + default: static_assert_unreachable(); = \ } = \ clac(); = \ } while ( false ) @@ -227,7 +224,7 @@ do { = \ case 2: get_unsafe_asm(x, ptr, grd, retval, "w", "=3Dr", errret); brea= k; \ case 4: get_unsafe_asm(x, ptr, grd, retval, "k", "=3Dr", errret); brea= k; \ case 8: get_unsafe_asm(x, ptr, grd, retval, "", "=3Dr", errret); brea= k; \ - default: __get_user_bad(); = \ + default: static_assert_unreachable(); = \ } = \ clac(); = \ } while ( false ) --=20 2.34.1 From nobody Thu May 16 05:26:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1705931325343980.7504329015802; Mon, 22 Jan 2024 05:48:45 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.669907.1042443 (Exim 4.92) (envelope-from ) id 1rRuf4-0008Lu-Hp; Mon, 22 Jan 2024 13:48:26 +0000 Received: by outflank-mailman (output) from mailman id 669907.1042443; Mon, 22 Jan 2024 13:48:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rRuf4-0008LS-D9; Mon, 22 Jan 2024 13:48:26 +0000 Received: by outflank-mailman (input) for mailman id 669907; Mon, 22 Jan 2024 13:48:25 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rRuf2-0007Ly-WB for xen-devel@lists.xenproject.org; Mon, 22 Jan 2024 13:48:24 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id e853965e-b92c-11ee-98f2-6d05b1d4d9a1; Mon, 22 Jan 2024 14:48:22 +0100 (CET) Received: from Dell.homenet.telecomitalia.it (host-87-16-84-78.retail.telecomitalia.it [87.16.84.78]) by support.bugseng.com (Postfix) with ESMTPSA id BA2244EE0743; Mon, 22 Jan 2024 14:48:21 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e853965e-b92c-11ee-98f2-6d05b1d4d9a1 From: Federico Serafini To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Federico Serafini , Simone Ballarin , Doug Goldstein , Stefano Stabellini , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Wei Liu Subject: [XEN PATCH 3/3] automation/eclair: add deviation for MISRA C:2012 Rule 16.3 Date: Mon, 22 Jan 2024 14:48:08 +0100 Message-Id: <740a78c81a92842871156d9cc18242a4e8367764.1705930767.git.federico.serafini@bugseng.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1705931327328100005 Content-Type: text/plain; charset="utf-8" Update ECLAIR configuration to consider safe switch clauses ending with static_assert_unreachable(). Update docs/misra/deviations.rst accordingly. Signed-off-by: Federico Serafini --- automation/eclair_analysis/ECLAIR/deviations.ecl | 4 ++++ docs/misra/deviations.rst | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/= eclair_analysis/ECLAIR/deviations.ecl index fd32ff8a9c..b0cd904d2d 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -368,6 +368,10 @@ safe." -config=3DMC3R1.R16.3,reports+=3D{safe, "any_area(end_loc(any_exp(text(/BU= G\\(\\);/))))"} -doc_end =20 +-doc_begin=3D"Switch clauses ending with failure method \"static_assert_un= reachable()\" are safe." +-config=3DMC3R1.R16.3,reports+=3D{safe, "any_area(end_loc(any_exp(text(/st= atic_assert_unreachable\\(\\);/))))"} +-doc_end + -doc_begin=3D"Switch clauses not ending with the break statement are safe = if an explicit comment indicating the fallthrough intention is present." -config=3DMC3R1.R16.3,reports+=3D{safe, "any_area(end_loc(any_exp(text(^(?= s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index 123c78e20a..875f0d9160 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -307,6 +307,10 @@ Deviations related to MISRA C:2012 Rules: - Switch clauses ending with failure method \"BUG()\" are safe. - Tagged as `safe` for ECLAIR. =20 + * - R16.3 + - Switch clauses ending with macro static_assert_unreachable() are sa= fe. + - Tagged as `safe` for ECLAIR. + * - R16.3 - Existing switch clauses not ending with the break statement are saf= e if an explicit comment indicating the fallthrough intention is present. --=20 2.34.1