Re: xen-analysis ECLAIR support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Nicola Vetrini <nicola.vetrini@bugseng.com>
To: Stefano Stabellini <sstabellini@kernel.org>
Cc: luca.fancellu@arm.com, xen-devel@lists.xenproject.org,
	bertrand.marquis@arm.com
Subject: Re: xen-analysis ECLAIR support
Date: Fri, 25 Aug 2023 10:10:55 +0200	[thread overview]
Message-ID: <da8dce5678814f7e0805522a5111b09e@bugseng.com> (raw)
In-Reply-To: <alpine.DEB.2.22.394.2308241453470.6458@ubuntu-linux-20-04-desktop>

On 25/08/2023 00:24, Stefano Stabellini wrote:
> Hi Luca,
> 
> We are looking into adding ECLAIR support for xen-analysis so that we
> can use the SAF-n-safe tags also with ECLAIR.
> 
> One question that came up is about multi-line statements. For instance,
> in a case like the following:
> 
> diff --git a/xen/common/inflate.c b/xen/common/inflate.c
> index 8fa4b96d12..8bdc9208da 100644
> --- a/xen/common/inflate.c
> +++ b/xen/common/inflate.c
> @@ -1201,6 +1201,7 @@ static int __init gunzip(void)
>      magic[1] = NEXTBYTE();
>      method   = NEXTBYTE();
> 
> +    /* SAF-1-safe */
>      if (magic[0] != 037 ||
>          ((magic[1] != 0213) && (magic[1] != 0236))) {
>          error("bad gzip magic numbers");
> 
> 
> Would SAF-1-safe cover both 037, and also 0213 and 0213?
> Or would it cover only 037?
> 
> We haven't use SAFE-n-safe extensively through the codebase yet but
> my understanding is that SAFE-n-safe would cover the entire statement 
> of
> the following line, even if it is multi-line. Is that also your
> understanding? Does it work like that with cppcheck?
> 
> 
> It looks like ECLAIR requires a written-down number of lines of code to
> deviate if it is more than 1 line. In this example it would be 2 lines:
> 
>      /* SAF-1-safe 2 */
>      if (magic[0] != 037 ||
>          ((magic[1] != 0213) && (magic[1] != 0236))) {
> 
> One option that I was thinking about is whether we can add the number 
> of
> lines automatically in xen-analysis based on the number of lines of the
> next statement. What do you think?
> 
> It seems fragile to actually keep the number of lines inside the SAF
> comment in the code. I am afraid it could get out of sync due to code
> style refactoring or other mechanical changes.
> 

Having the number of lines automatically inferred from the code 
following the comment
does not seem that robust either, given the minimal information in the 
SAF comments
(e.g., what if the whole if statement needs to be deviated, rather
than the controlling expression?).

An alternative proposal could be the following:
       /* SAF-n-safe begin */
       if (magic[0] != 037 ||
           ((magic[1] != 0213) && (magic[1] != 0236))) {
       /* SAF-n-safe end */

which is translated, for ECLAIR, into:

     /* -E> safe <Rule ID> 2 <free text> */
     if (magic[0] != 037 ||
           ((magic[1] != 0213) && (magic[1] != 0236))) {

this will deviate however many lines are between the begin and end 
markers.

-- 
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)

next prev parent reply	other threads:[~2023-08-25  8:11 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-24 22:24 xen-analysis ECLAIR support Stefano Stabellini
2023-08-25  8:10 ` Nicola Vetrini [this message]
2023-08-25 21:56   ` Stefano Stabellini
2023-09-04 12:16     ` Luca Fancellu
2023-08-25  8:18 ` Michal Orzel
2023-08-25  8:28   ` Jan Beulich
2023-09-04 12:14     ` Luca Fancellu
2023-08-25 21:52   ` Stefano Stabellini
2023-09-04 12:13   ` Luca Fancellu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=da8dce5678814f7e0805522a5111b09e@bugseng.com \
    --to=nicola.vetrini@bugseng.com \
    --cc=bertrand.marquis@arm.com \
    --cc=luca.fancellu@arm.com \
    --cc=sstabellini@kernel.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.