From patchwork Fri Jan 26 10:05:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Federico Serafini X-Patchwork-Id: 13532370 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 24C20C4828A for ; Fri, 26 Jan 2024 10:08:58 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.671913.1045450 (Exim 4.92) (envelope-from ) id 1rTJ8h-00086S-Td; Fri, 26 Jan 2024 10:08:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 671913.1045450; Fri, 26 Jan 2024 10:08:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rTJ8h-00086L-Qm; Fri, 26 Jan 2024 10:08:47 +0000 Received: by outflank-mailman (input) for mailman id 671913; Fri, 26 Jan 2024 10:08:46 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rTJ8g-0007rs-Ah for xen-devel@lists.xenproject.org; Fri, 26 Jan 2024 10:08:46 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id e32ebed6-bc32-11ee-98f5-efadbce2ee36; Fri, 26 Jan 2024 11:08:44 +0100 (CET) Received: from Dell.homenet.telecomitalia.it (host-87-16-84-78.retail.telecomitalia.it [87.16.84.78]) by support.bugseng.com (Postfix) with ESMTPSA id 888294EE0749; Fri, 26 Jan 2024 11:08:43 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e32ebed6-bc32-11ee-98f5-efadbce2ee36 From: Federico Serafini To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Federico Serafini , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu Subject: [XEN PATCH v2 1/3] xen: introduce STATIC_ASSERT_UNREACHABLE() Date: Fri, 26 Jan 2024 11:05:41 +0100 Message-Id: <42fc6ae8d3eb802429d29c774502ff232340dc84.1706259490.git.federico.serafini@bugseng.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Introduce macro STATIC_ASSERT_UNREACHABLE() to check that a program point is considered unreachable by the static analysis performed by the compiler. The use of such macro will lead to one of the following outcomes: - the program point identified by the macro is considered unreachable, then the compiler removes the macro; - the program point identified by the macro is not considered unreachable, then the compiler does not remove the macro, which will lead to a failure in the build process caused by an assembler error. Signed-off-by: Federico Serafini Acked-by: Jan Beulich --- Changes in v2: - removed constraint about optimization level -O0; - use capital letters for macro name; - add missing blanks; - remove stray semicolon; - cite the assertion failure in the error message. --- xen/include/xen/compiler.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h index 16d554f2a5..062f54449c 100644 --- a/xen/include/xen/compiler.h +++ b/xen/include/xen/compiler.h @@ -64,6 +64,13 @@ # define fallthrough do {} while (0) /* fallthrough */ #endif +/* + * Add the following macro to check that a program point is considered + * unreachable by the static analysis performed by the compiler. + */ +#define STATIC_ASSERT_UNREACHABLE() \ + asm ( ".error \"static assertion failed: unreachable\"" ) + #ifdef __clang__ /* Clang can replace some vars with new automatic ones that go in .data; * mark all explicit-segment vars 'used' to prevent that. */ From patchwork Fri Jan 26 10:05:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Federico Serafini X-Patchwork-Id: 13532368 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F0C93C48260 for ; Fri, 26 Jan 2024 10:08:56 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.671914.1045454 (Exim 4.92) (envelope-from ) id 1rTJ8i-00089l-5o; Fri, 26 Jan 2024 10:08:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 671914.1045454; Fri, 26 Jan 2024 10:08:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rTJ8i-00088b-1G; Fri, 26 Jan 2024 10:08:48 +0000 Received: by outflank-mailman (input) for mailman id 671914; Fri, 26 Jan 2024 10:08:46 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rTJ8g-0007rm-EO for xen-devel@lists.xenproject.org; Fri, 26 Jan 2024 10:08:46 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id e359c6eb-bc32-11ee-8a43-1f161083a0e0; Fri, 26 Jan 2024 11:08:44 +0100 (CET) Received: from Dell.homenet.telecomitalia.it (host-87-16-84-78.retail.telecomitalia.it [87.16.84.78]) by support.bugseng.com (Postfix) with ESMTPSA id 030DB4EE074B; Fri, 26 Jan 2024 11:08:43 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e359c6eb-bc32-11ee-8a43-1f161083a0e0 From: Federico Serafini To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Federico Serafini , Jan Beulich , Andrew Cooper , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [XEN PATCH v2 2/3] x86/uaccess: replace __{get,put}_user_bad() with STATIC_ASSERT_UNREACHABLE() Date: Fri, 26 Jan 2024 11:05:42 +0100 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Use STATIC_ASSERT_UNREACHABLE() to improve readability and anticipate the build failure (from a linker error to an assembler error) in case of wrong size. Signed-off-by: Federico Serafini --- xen/arch/x86/include/asm/uaccess.h | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/include/asm/uaccess.h b/xen/arch/x86/include/asm/uaccess.h index 7443519d5b..52faf1d919 100644 --- a/xen/arch/x86/include/asm/uaccess.h +++ b/xen/arch/x86/include/asm/uaccess.h @@ -21,9 +21,6 @@ unsigned int copy_from_guest_ll(void *to, const void __user *from, unsigned int unsigned int copy_to_unsafe_ll(void *to, const void *from, unsigned int n); unsigned int copy_from_unsafe_ll(void *to, const void *from, unsigned int n); -extern long __get_user_bad(void); -extern void __put_user_bad(void); - #define UA_KEEP(args...) args #define UA_DROP(args...) @@ -208,7 +205,7 @@ do { \ case 8: \ put_unsafe_asm(x, ptr, grd, retval, "q", "", "ir", errret); \ break; \ - default: __put_user_bad(); \ + default: STATIC_ASSERT_UNREACHABLE(); \ } \ clac(); \ } while ( false ) @@ -227,7 +224,7 @@ do { \ case 2: get_unsafe_asm(x, ptr, grd, retval, "w", "=r", errret); break; \ case 4: get_unsafe_asm(x, ptr, grd, retval, "k", "=r", errret); break; \ case 8: get_unsafe_asm(x, ptr, grd, retval, "", "=r", errret); break; \ - default: __get_user_bad(); \ + default: STATIC_ASSERT_UNREACHABLE(); \ } \ clac(); \ } while ( false ) From patchwork Fri Jan 26 10:05:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Federico Serafini X-Patchwork-Id: 13532369 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D6D5DC48285 for ; Fri, 26 Jan 2024 10:08:57 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.671915.1045470 (Exim 4.92) (envelope-from ) id 1rTJ8j-00008c-DV; Fri, 26 Jan 2024 10:08:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 671915.1045470; Fri, 26 Jan 2024 10:08:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rTJ8j-00008E-A4; Fri, 26 Jan 2024 10:08:49 +0000 Received: by outflank-mailman (input) for mailman id 671915; Fri, 26 Jan 2024 10:08:47 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rTJ8h-0007rm-EP for xen-devel@lists.xenproject.org; Fri, 26 Jan 2024 10:08:47 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id e3a8a3eb-bc32-11ee-8a43-1f161083a0e0; Fri, 26 Jan 2024 11:08:45 +0100 (CET) Received: from Dell.homenet.telecomitalia.it (host-87-16-84-78.retail.telecomitalia.it [87.16.84.78]) by support.bugseng.com (Postfix) with ESMTPSA id 613824EE074C; Fri, 26 Jan 2024 11:08:44 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e3a8a3eb-bc32-11ee-8a43-1f161083a0e0 From: Federico Serafini To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Federico Serafini , Simone Ballarin , Doug Goldstein , Stefano Stabellini , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Wei Liu Subject: [XEN PATCH v2 3/3] automation/eclair: add deviation for MISRA C:2012 Rule 16.3 Date: Fri, 26 Jan 2024 11:05:43 +0100 Message-Id: <5a9ac027852dc661faac65de2caee6a7260c204c.1706259490.git.federico.serafini@bugseng.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Update ECLAIR configuration to consider safe switch clauses ending with STATIC_ASSERT_UNREACHABLE(). Update docs/misra/deviations.rst accordingly. Signed-off-by: Federico Serafini Reviewed-by: Stefano Stabellini --- automation/eclair_analysis/ECLAIR/deviations.ecl | 4 ++++ docs/misra/deviations.rst | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index fd32ff8a9c..539efd7b30 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -368,6 +368,10 @@ safe." -config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"} -doc_end +-doc_begin="Switch clauses ending with unreachability assertion \"STATIC_ASSERT_UNREACHABLE()\" are safe." +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/STATIC_ASSERT_UNREACHABLE\\(\\);/))))"} +-doc_end + -doc_begin="Switch clauses not ending with the break statement are safe if an explicit comment indicating the fallthrough intention is present." -config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index 123c78e20a..c96efdd292 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -307,6 +307,11 @@ Deviations related to MISRA C:2012 Rules: - Switch clauses ending with failure method \"BUG()\" are safe. - Tagged as `safe` for ECLAIR. + * - R16.3 + - Switch clauses ending with unreachability assertion + \"STATIC_ASSERT_UNREACHABLE()\" are safe. + - Tagged as `safe` for ECLAIR. + * - R16.3 - Existing switch clauses not ending with the break statement are safe if an explicit comment indicating the fallthrough intention is present.