From patchwork Mon Jan 22 13:48:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Federico Serafini X-Patchwork-Id: 13525500 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 25FCBC47DDF for ; Mon, 22 Jan 2024 13:48:35 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.669905.1042419 (Exim 4.92) (envelope-from ) id 1rRuf2-0007dy-2U; Mon, 22 Jan 2024 13:48:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 669905.1042419; Mon, 22 Jan 2024 13:48:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rRuf1-0007dm-SH; Mon, 22 Jan 2024 13:48:23 +0000 Received: by outflank-mailman (input) for mailman id 669905; Mon, 22 Jan 2024 13:48:23 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rRuf0-0007Ly-VY for xen-devel@lists.xenproject.org; Mon, 22 Jan 2024 13:48:22 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id e7c82d78-b92c-11ee-98f2-6d05b1d4d9a1; Mon, 22 Jan 2024 14:48:21 +0100 (CET) Received: from Dell.homenet.telecomitalia.it (host-87-16-84-78.retail.telecomitalia.it [87.16.84.78]) by support.bugseng.com (Postfix) with ESMTPSA id DE0684EE073C; Mon, 22 Jan 2024 14:48:20 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e7c82d78-b92c-11ee-98f2-6d05b1d4d9a1 From: Federico Serafini To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Federico Serafini , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu Subject: [XEN PATCH 1/3] xen: introduce static_assert_unreachable() Date: Mon, 22 Jan 2024 14:48:06 +0100 Message-Id: <01c57c7e5131d699cf622be96fea7cd8e03c23f9.1705930767.git.federico.serafini@bugseng.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Introduce macro static_asser_unreachable() to check that a program point is considered unreachable by the static analysis performed by the compiler, even at optimization level -O0. The use of such macro will lead to one of the following outcomes: - the program point identified by the macro is considered unreachable, then the compiler removes the macro; - the program point identified by the macro is not considered unreachable, then the compiler does not remove the macro, which will lead to a failure in the build process caused by an assembler error. Signed-off-by: Federico Serafini --- xen/include/xen/compiler.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h index 16d554f2a5..ad0520f5d4 100644 --- a/xen/include/xen/compiler.h +++ b/xen/include/xen/compiler.h @@ -64,6 +64,14 @@ # define fallthrough do {} while (0) /* fallthrough */ #endif +/* + * Add the following macro to check that a program point is considered + * unreachable by the static analysis performed by the compiler, + * even at optimization level -O0. + */ +#define static_assert_unreachable() \ + asm(".error \"unreachable program point reached\""); + #ifdef __clang__ /* Clang can replace some vars with new automatic ones that go in .data; * mark all explicit-segment vars 'used' to prevent that. */ From patchwork Mon Jan 22 13:48:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Federico Serafini X-Patchwork-Id: 13525496 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1F40CC47DAF for ; Mon, 22 Jan 2024 13:48:33 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.669906.1042433 (Exim 4.92) (envelope-from ) id 1rRuf3-00082s-8N; Mon, 22 Jan 2024 13:48:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 669906.1042433; Mon, 22 Jan 2024 13:48:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rRuf3-00082c-3q; Mon, 22 Jan 2024 13:48:25 +0000 Received: by outflank-mailman (input) for mailman id 669906; Mon, 22 Jan 2024 13:48:24 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rRuf1-0007Ly-Vq for xen-devel@lists.xenproject.org; Mon, 22 Jan 2024 13:48:23 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id e803ea05-b92c-11ee-98f2-6d05b1d4d9a1; Mon, 22 Jan 2024 14:48:21 +0100 (CET) Received: from Dell.homenet.telecomitalia.it (host-87-16-84-78.retail.telecomitalia.it [87.16.84.78]) by support.bugseng.com (Postfix) with ESMTPSA id 583D04EE0742; Mon, 22 Jan 2024 14:48:21 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e803ea05-b92c-11ee-98f2-6d05b1d4d9a1 From: Federico Serafini To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Federico Serafini , Jan Beulich , Andrew Cooper , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [XEN PATCH 2/3] x86/uaccess: replace __{get,put}_user_bad() with static_assert_unreachable() Date: Mon, 22 Jan 2024 14:48:07 +0100 Message-Id: <971693bc9c68e86dce793c9e613688f527db0e31.1705930767.git.federico.serafini@bugseng.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Use static_assert_unreachable() to improve readability and anticipate the build failure (from a linker error to an assembler error) in case of wrong size. Signed-off-by: Federico Serafini --- xen/arch/x86/include/asm/uaccess.h | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/include/asm/uaccess.h b/xen/arch/x86/include/asm/uaccess.h index 7443519d5b..ce608fc2b5 100644 --- a/xen/arch/x86/include/asm/uaccess.h +++ b/xen/arch/x86/include/asm/uaccess.h @@ -21,9 +21,6 @@ unsigned int copy_from_guest_ll(void *to, const void __user *from, unsigned int unsigned int copy_to_unsafe_ll(void *to, const void *from, unsigned int n); unsigned int copy_from_unsafe_ll(void *to, const void *from, unsigned int n); -extern long __get_user_bad(void); -extern void __put_user_bad(void); - #define UA_KEEP(args...) args #define UA_DROP(args...) @@ -208,7 +205,7 @@ do { \ case 8: \ put_unsafe_asm(x, ptr, grd, retval, "q", "", "ir", errret); \ break; \ - default: __put_user_bad(); \ + default: static_assert_unreachable(); \ } \ clac(); \ } while ( false ) @@ -227,7 +224,7 @@ do { \ case 2: get_unsafe_asm(x, ptr, grd, retval, "w", "=r", errret); break; \ case 4: get_unsafe_asm(x, ptr, grd, retval, "k", "=r", errret); break; \ case 8: get_unsafe_asm(x, ptr, grd, retval, "", "=r", errret); break; \ - default: __get_user_bad(); \ + default: static_assert_unreachable(); \ } \ clac(); \ } while ( false ) From patchwork Mon Jan 22 13:48:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Federico Serafini X-Patchwork-Id: 13525499 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 17EC2C47DDE for ; Mon, 22 Jan 2024 13:48:35 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.669907.1042443 (Exim 4.92) (envelope-from ) id 1rRuf4-0008Lu-Hp; Mon, 22 Jan 2024 13:48:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 669907.1042443; Mon, 22 Jan 2024 13:48:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rRuf4-0008LS-D9; Mon, 22 Jan 2024 13:48:26 +0000 Received: by outflank-mailman (input) for mailman id 669907; Mon, 22 Jan 2024 13:48:25 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rRuf2-0007Ly-WB for xen-devel@lists.xenproject.org; Mon, 22 Jan 2024 13:48:24 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id e853965e-b92c-11ee-98f2-6d05b1d4d9a1; Mon, 22 Jan 2024 14:48:22 +0100 (CET) Received: from Dell.homenet.telecomitalia.it (host-87-16-84-78.retail.telecomitalia.it [87.16.84.78]) by support.bugseng.com (Postfix) with ESMTPSA id BA2244EE0743; Mon, 22 Jan 2024 14:48:21 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: e853965e-b92c-11ee-98f2-6d05b1d4d9a1 From: Federico Serafini To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Federico Serafini , Simone Ballarin , Doug Goldstein , Stefano Stabellini , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Wei Liu Subject: [XEN PATCH 3/3] automation/eclair: add deviation for MISRA C:2012 Rule 16.3 Date: Mon, 22 Jan 2024 14:48:08 +0100 Message-Id: <740a78c81a92842871156d9cc18242a4e8367764.1705930767.git.federico.serafini@bugseng.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Update ECLAIR configuration to consider safe switch clauses ending with static_assert_unreachable(). Update docs/misra/deviations.rst accordingly. Signed-off-by: Federico Serafini --- automation/eclair_analysis/ECLAIR/deviations.ecl | 4 ++++ docs/misra/deviations.rst | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index fd32ff8a9c..b0cd904d2d 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -368,6 +368,10 @@ safe." -config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"} -doc_end +-doc_begin="Switch clauses ending with failure method \"static_assert_unreachable()\" are safe." +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/static_assert_unreachable\\(\\);/))))"} +-doc_end + -doc_begin="Switch clauses not ending with the break statement are safe if an explicit comment indicating the fallthrough intention is present." -config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index 123c78e20a..875f0d9160 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -307,6 +307,10 @@ Deviations related to MISRA C:2012 Rules: - Switch clauses ending with failure method \"BUG()\" are safe. - Tagged as `safe` for ECLAIR. + * - R16.3 + - Switch clauses ending with macro static_assert_unreachable() are safe. + - Tagged as `safe` for ECLAIR. + * - R16.3 - Existing switch clauses not ending with the break statement are safe if an explicit comment indicating the fallthrough intention is present.