[v1] x86: address violations of MISRA C Rule 16.3

[XEN PATCH 08/12] x86/emul: add defensive code

Posted by Federico Serafini 1 year, 4 months ago

Add defensive code after unreachable program points.
This also meets the requirements to deviate a violation of MISRA C:2012
Rule 16.3: "An unconditional `break' statement shall terminate every
switch-clause".

Signed-off-by: Federico Serafini <federico.serafini@bugseng.com>
---
 xen/arch/x86/x86_emulate/x86_emulate.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index e12fbe3100..2b03d65fce 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -6831,6 +6831,8 @@ x86_emulate(
             break;
         default:
             ASSERT_UNREACHABLE();
+            rc = X86EMUL_UNHANDLEABLE;
+            goto done;
         }
         break;
 #ifdef HAVE_AS_SSE4_2
@@ -6859,6 +6861,8 @@ x86_emulate(
 # endif
         default:
             ASSERT_UNREACHABLE();
+            rc = X86EMUL_UNHANDLEABLE;
+            goto done;
         }
         break;
 #endif
-- 
2.34.1

Re: [XEN PATCH 08/12] x86/emul: add defensive code

Posted by Jan Beulich 1 year, 4 months ago

On 10.09.2024 12:09, Federico Serafini wrote:
> --- a/xen/arch/x86/x86_emulate/x86_emulate.c
> +++ b/xen/arch/x86/x86_emulate/x86_emulate.c
> @@ -6831,6 +6831,8 @@ x86_emulate(
>              break;
>          default:
>              ASSERT_UNREACHABLE();
> +            rc = X86EMUL_UNHANDLEABLE;
> +            goto done;
>          }
>          break;
>  #ifdef HAVE_AS_SSE4_2
> @@ -6859,6 +6861,8 @@ x86_emulate(
>  # endif
>          default:
>              ASSERT_UNREACHABLE();
> +            rc = X86EMUL_UNHANDLEABLE;
> +            goto done;
>          }
>          break;
>  #endif

"goto unhandleable" please in both cases, if already further goto-s are needed.

Jan