From: Nicola Vetrini <nicola.vetrini@bugseng.com>
To: Julien Grall <julien@xen.org>
Cc: xen-devel@lists.xenproject.org, consulting@bugseng.com,
Stefano Stabellini <sstabellini@kernel.org>,
Bertrand Marquis <bertrand.marquis@arm.com>,
Michal Orzel <michal.orzel@amd.com>,
Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Subject: Re: [XEN PATCH 5/7] xen/arm: traps: add ASSERT_UNREACHABLE() where needed
Date: Wed, 13 Dec 2023 15:02:29 +0100 [thread overview]
Message-ID: <5ad1c008182bc9f23e1b37b0d6e35e4c@bugseng.com> (raw)
In-Reply-To: <240c97ed-ce27-406d-84ad-68b72e999294@xen.org>
On 2023-12-12 16:49, Julien Grall wrote:
> Hi,
>
> On 11/12/2023 12:32, Julien Grall wrote:
>> Hi,
>>
>> On 11/12/2023 10:30, Nicola Vetrini wrote:
>>> The branches of the switch after a call to 'do_unexpected_trap'
>>> cannot return, but there is one path that may return, hence
>>> only some clauses are marked with ASSERT_UNREACHABLE().
>> I don't understand why this is necessary. The code should never be
>> reachable because do_unexpected_trap() is a noreturn().
>
> From the matrix discussion, it wasn't clear what was my position on
> this patch.
>
> I would much prefer if the breaks are kept. I could accept:
>
> ASSERT_UNREACHABLE();
> break;
>
> But this solution is a Nack because if you are concerned about
> functions like do_unexpected_trap() to return by mistaken, then it
> needs to also be safe in production.
>
> The current proposal is not safe.
>
> Cheers,
Ok. I wonder whether the should be applied here in vcpreg.c:
diff --git a/xen/arch/arm/vcpreg.c b/xen/arch/arm/vcpreg.c
index 39aeda9dab62..089d2f03eb5e 100644
--- a/xen/arch/arm/vcpreg.c
+++ b/xen/arch/arm/vcpreg.c
@@ -707,7 +707,8 @@ void do_cp10(struct cpu_user_regs *regs, const union
hsr hsr)
inject_undef_exception(regs, hsr);
return;
}
-
+
+ ASSERT_UNREACHABLE();
advance_pc(regs, hsr);
}
the rationale being that, should the switch somehow fail to return, the
advance_pc would be called, rather than doing nothing.
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
next prev parent reply other threads:[~2023-12-13 14:02 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-11 10:30 [XEN PATCH 0/7] address violations of MISRA C:2012 Rule 2.1 Nicola Vetrini
2023-12-11 10:30 ` [XEN PATCH 1/7] xen/shutdown: address " Nicola Vetrini
2023-12-12 1:39 ` Stefano Stabellini
2023-12-12 9:45 ` Jan Beulich
2023-12-12 9:53 ` Nicola Vetrini
2023-12-12 10:30 ` Jan Beulich
2023-12-11 10:30 ` [XEN PATCH 2/7] x86/mm: " Nicola Vetrini
2023-12-12 1:42 ` Stefano Stabellini
2023-12-12 9:12 ` Nicola Vetrini
2023-12-12 9:53 ` Jan Beulich
2023-12-13 14:44 ` Nicola Vetrini
2023-12-14 7:57 ` Jan Beulich
2023-12-14 8:52 ` Nicola Vetrini
2023-12-11 10:30 ` [XEN PATCH 3/7] xen/arm: " Nicola Vetrini
2023-12-11 12:29 ` Julien Grall
2023-12-11 13:06 ` Michal Orzel
2023-12-11 14:14 ` Julien Grall
2023-12-11 14:52 ` Nicola Vetrini
2023-12-11 10:30 ` [XEN PATCH 4/7] xen/sched: " Nicola Vetrini
2023-12-11 13:30 ` George Dunlap
2023-12-12 1:43 ` Stefano Stabellini
2023-12-11 10:30 ` [XEN PATCH 5/7] xen/arm: traps: add ASSERT_UNREACHABLE() where needed Nicola Vetrini
2023-12-11 12:32 ` Julien Grall
2023-12-11 14:54 ` Nicola Vetrini
2023-12-11 15:59 ` Julien Grall
2023-12-11 16:05 ` Julien Grall
2023-12-11 17:36 ` Nicola Vetrini
2023-12-12 1:36 ` Stefano Stabellini
2023-12-12 9:23 ` Julien Grall
2023-12-12 15:49 ` Julien Grall
2023-12-13 14:02 ` Nicola Vetrini [this message]
2023-12-14 9:42 ` Julien Grall
2023-12-14 22:32 ` Stefano Stabellini
2023-12-15 11:03 ` Nicola Vetrini
2023-12-15 14:08 ` Nicola Vetrini
2023-12-15 18:18 ` Julien Grall
2023-12-15 21:02 ` Stefano Stabellini
2023-12-11 10:30 ` [XEN PATCH 6/7] x86/platform: removed break to address MISRA C:2012 Rule 2.1 Nicola Vetrini
2023-12-12 1:44 ` Stefano Stabellini
2023-12-12 10:13 ` Jan Beulich
2023-12-12 22:38 ` Stefano Stabellini
2023-12-13 10:43 ` Nicola Vetrini
2023-12-11 10:30 ` [XEN PATCH 7/7] x86/xstate: move BUILD_BUG_ON " Nicola Vetrini
2023-12-12 1:46 ` Stefano Stabellini
2023-12-12 10:04 ` Jan Beulich
2023-12-12 10:07 ` Jan Beulich
2023-12-12 13:38 ` Nicola Vetrini
2023-12-12 14:01 ` Jan Beulich
2023-12-12 14:05 ` Nicola Vetrini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5ad1c008182bc9f23e1b37b0d6e35e4c@bugseng.com \
--to=nicola.vetrini@bugseng.com \
--cc=Volodymyr_Babchuk@epam.com \
--cc=bertrand.marquis@arm.com \
--cc=consulting@bugseng.com \
--cc=julien@xen.org \
--cc=michal.orzel@amd.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.