From nobody Thu May 16 13:49:31 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1706263752213129.90947324018532; Fri, 26 Jan 2024 02:09:12 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.671913.1045450 (Exim 4.92) (envelope-from ) id 1rTJ8h-00086S-Td; Fri, 26 Jan 2024 10:08:47 +0000 Received: by outflank-mailman (output) from mailman id 671913.1045450; Fri, 26 Jan 2024 10:08:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rTJ8h-00086L-Qm; Fri, 26 Jan 2024 10:08:47 +0000 Received: by outflank-mailman (input) for mailman id 671913; Fri, 26 Jan 2024 10:08:46 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rTJ8g-0007rs-Ah for xen-devel@lists.xenproject.org; Fri, 26 Jan 2024 10:08:46 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id e32ebed6-bc32-11ee-98f5-efadbce2ee36; Fri, 26 Jan 2024 11:08:44 +0100 (CET) Received: from Dell.homenet.telecomitalia.it (host-87-16-84-78.retail.telecomitalia.it [87.16.84.78]) by support.bugseng.com (Postfix) with ESMTPSA id 888294EE0749; Fri, 26 Jan 2024 11:08:43 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e32ebed6-bc32-11ee-98f5-efadbce2ee36 From: Federico Serafini To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Federico Serafini , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu Subject: [XEN PATCH v2 1/3] xen: introduce STATIC_ASSERT_UNREACHABLE() Date: Fri, 26 Jan 2024 11:05:41 +0100 Message-Id: <42fc6ae8d3eb802429d29c774502ff232340dc84.1706259490.git.federico.serafini@bugseng.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1706263754138100001 Content-Type: text/plain; charset="utf-8" Introduce macro STATIC_ASSERT_UNREACHABLE() to check that a program point is considered unreachable by the static analysis performed by the compiler. The use of such macro will lead to one of the following outcomes: - the program point identified by the macro is considered unreachable, then the compiler removes the macro; - the program point identified by the macro is not considered unreachable, then the compiler does not remove the macro, which will lead to a failure in the build process caused by an assembler error. Signed-off-by: Federico Serafini Acked-by: Jan Beulich --- Changes in v2: - removed constraint about optimization level -O0; - use capital letters for macro name; - add missing blanks; - remove stray semicolon; - cite the assertion failure in the error message. --- xen/include/xen/compiler.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h index 16d554f2a5..062f54449c 100644 --- a/xen/include/xen/compiler.h +++ b/xen/include/xen/compiler.h @@ -64,6 +64,13 @@ # define fallthrough do {} while (0) /* fallthrough */ #endif =20 +/* + * Add the following macro to check that a program point is considered + * unreachable by the static analysis performed by the compiler. + */ +#define STATIC_ASSERT_UNREACHABLE() \ + asm ( ".error \"static assertion failed: unreachable\"" ) + #ifdef __clang__ /* Clang can replace some vars with new automatic ones that go in .data; * mark all explicit-segment vars 'used' to prevent that. */ --=20 2.34.1 From nobody Thu May 16 13:49:31 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1706263748400563.8788210271836; Fri, 26 Jan 2024 02:09:08 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.671914.1045454 (Exim 4.92) (envelope-from ) id 1rTJ8i-00089l-5o; Fri, 26 Jan 2024 10:08:48 +0000 Received: by outflank-mailman (output) from mailman id 671914.1045454; Fri, 26 Jan 2024 10:08:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rTJ8i-00088b-1G; Fri, 26 Jan 2024 10:08:48 +0000 Received: by outflank-mailman (input) for mailman id 671914; Fri, 26 Jan 2024 10:08:46 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rTJ8g-0007rm-EO for xen-devel@lists.xenproject.org; Fri, 26 Jan 2024 10:08:46 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id e359c6eb-bc32-11ee-8a43-1f161083a0e0; Fri, 26 Jan 2024 11:08:44 +0100 (CET) Received: from Dell.homenet.telecomitalia.it (host-87-16-84-78.retail.telecomitalia.it [87.16.84.78]) by support.bugseng.com (Postfix) with ESMTPSA id 030DB4EE074B; Fri, 26 Jan 2024 11:08:43 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e359c6eb-bc32-11ee-8a43-1f161083a0e0 From: Federico Serafini To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Federico Serafini , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [XEN PATCH v2 2/3] x86/uaccess: replace __{get,put}_user_bad() with STATIC_ASSERT_UNREACHABLE() Date: Fri, 26 Jan 2024 11:05:42 +0100 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1706263750309100001 Content-Type: text/plain; charset="utf-8" Use STATIC_ASSERT_UNREACHABLE() to improve readability and anticipate the build failure (from a linker error to an assembler error) in case of wrong size. Signed-off-by: Federico Serafini --- xen/arch/x86/include/asm/uaccess.h | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/include/asm/uaccess.h b/xen/arch/x86/include/asm/= uaccess.h index 7443519d5b..52faf1d919 100644 --- a/xen/arch/x86/include/asm/uaccess.h +++ b/xen/arch/x86/include/asm/uaccess.h @@ -21,9 +21,6 @@ unsigned int copy_from_guest_ll(void *to, const void __us= er *from, unsigned int unsigned int copy_to_unsafe_ll(void *to, const void *from, unsigned int n); unsigned int copy_from_unsafe_ll(void *to, const void *from, unsigned int = n); =20 -extern long __get_user_bad(void); -extern void __put_user_bad(void); - #define UA_KEEP(args...) args #define UA_DROP(args...) =20 @@ -208,7 +205,7 @@ do { = \ case 8: = \ put_unsafe_asm(x, ptr, grd, retval, "q", "", "ir", errret); = \ break; = \ - default: __put_user_bad(); = \ + default: STATIC_ASSERT_UNREACHABLE(); = \ } = \ clac(); = \ } while ( false ) @@ -227,7 +224,7 @@ do { = \ case 2: get_unsafe_asm(x, ptr, grd, retval, "w", "=3Dr", errret); brea= k; \ case 4: get_unsafe_asm(x, ptr, grd, retval, "k", "=3Dr", errret); brea= k; \ case 8: get_unsafe_asm(x, ptr, grd, retval, "", "=3Dr", errret); brea= k; \ - default: __get_user_bad(); = \ + default: STATIC_ASSERT_UNREACHABLE(); = \ } = \ clac(); = \ } while ( false ) --=20 2.34.1 From nobody Thu May 16 13:49:31 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1706263753643298.71821216219485; Fri, 26 Jan 2024 02:09:13 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.671915.1045470 (Exim 4.92) (envelope-from ) id 1rTJ8j-00008c-DV; Fri, 26 Jan 2024 10:08:49 +0000 Received: by outflank-mailman (output) from mailman id 671915.1045470; Fri, 26 Jan 2024 10:08:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rTJ8j-00008E-A4; Fri, 26 Jan 2024 10:08:49 +0000 Received: by outflank-mailman (input) for mailman id 671915; Fri, 26 Jan 2024 10:08:47 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rTJ8h-0007rm-EP for xen-devel@lists.xenproject.org; Fri, 26 Jan 2024 10:08:47 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id e3a8a3eb-bc32-11ee-8a43-1f161083a0e0; Fri, 26 Jan 2024 11:08:45 +0100 (CET) Received: from Dell.homenet.telecomitalia.it (host-87-16-84-78.retail.telecomitalia.it [87.16.84.78]) by support.bugseng.com (Postfix) with ESMTPSA id 613824EE074C; Fri, 26 Jan 2024 11:08:44 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e3a8a3eb-bc32-11ee-8a43-1f161083a0e0 From: Federico Serafini To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Federico Serafini , Simone Ballarin , Doug Goldstein , Stefano Stabellini , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Wei Liu Subject: [XEN PATCH v2 3/3] automation/eclair: add deviation for MISRA C:2012 Rule 16.3 Date: Fri, 26 Jan 2024 11:05:43 +0100 Message-Id: <5a9ac027852dc661faac65de2caee6a7260c204c.1706259490.git.federico.serafini@bugseng.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1706263754165100002 Content-Type: text/plain; charset="utf-8" Update ECLAIR configuration to consider safe switch clauses ending with STATIC_ASSERT_UNREACHABLE(). Update docs/misra/deviations.rst accordingly. Signed-off-by: Federico Serafini Reviewed-by: Stefano Stabellini --- automation/eclair_analysis/ECLAIR/deviations.ecl | 4 ++++ docs/misra/deviations.rst | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/= eclair_analysis/ECLAIR/deviations.ecl index fd32ff8a9c..539efd7b30 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -368,6 +368,10 @@ safe." -config=3DMC3R1.R16.3,reports+=3D{safe, "any_area(end_loc(any_exp(text(/BU= G\\(\\);/))))"} -doc_end =20 +-doc_begin=3D"Switch clauses ending with unreachability assertion \"STATIC= _ASSERT_UNREACHABLE()\" are safe." +-config=3DMC3R1.R16.3,reports+=3D{safe, "any_area(end_loc(any_exp(text(/ST= ATIC_ASSERT_UNREACHABLE\\(\\);/))))"} +-doc_end + -doc_begin=3D"Switch clauses not ending with the break statement are safe = if an explicit comment indicating the fallthrough intention is present." -config=3DMC3R1.R16.3,reports+=3D{safe, "any_area(end_loc(any_exp(text(^(?= s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index 123c78e20a..c96efdd292 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -307,6 +307,11 @@ Deviations related to MISRA C:2012 Rules: - Switch clauses ending with failure method \"BUG()\" are safe. - Tagged as `safe` for ECLAIR. =20 + * - R16.3 + - Switch clauses ending with unreachability assertion + \"STATIC_ASSERT_UNREACHABLE()\" are safe. + - Tagged as `safe` for ECLAIR. + * - R16.3 - Existing switch clauses not ending with the break statement are saf= e if an explicit comment indicating the fallthrough intention is present. --=20 2.34.1