Xen project Mailing List

Re: xen-analysis ECLAIR support

From: Stefano Stabellini <sstabellini@xxxxxxxxxx>

Date: Fri, 25 Aug 2023 14:52:38 -0700 (PDT)

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, luca.fancellu@xxxxxxx, nicola.vetrini@xxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, bertrand.marquis@xxxxxxx

Delivery-date: Fri, 25 Aug 2023 21:52:47 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, 25 Aug 2023, Michal Orzel wrote: > Hi Stefano, > > On 25/08/2023 00:24, Stefano Stabellini wrote: > > > > > > Hi Luca, > > > > We are looking into adding ECLAIR support for xen-analysis so that we > > can use the SAF-n-safe tags also with ECLAIR. > > > > One question that came up is about multi-line statements. For instance, > > in a case like the following: > > > > diff --git a/xen/common/inflate.c b/xen/common/inflate.c > > index 8fa4b96d12..8bdc9208da 100644 > > --- a/xen/common/inflate.c > > +++ b/xen/common/inflate.c > > @@ -1201,6 +1201,7 @@ static int __init gunzip(void) > > magic[1] = NEXTBYTE(); > > method = NEXTBYTE(); > > > > + /* SAF-1-safe */ > > if (magic[0] != 037 || > > ((magic[1] != 0213) && (magic[1] != 0236))) { > > error("bad gzip magic numbers"); > > > > > > Would SAF-1-safe cover both 037, and also 0213 and 0213? > > Or would it cover only 037? > > > > We haven't use SAFE-n-safe extensively through the codebase yet but > > my understanding is that SAFE-n-safe would cover the entire statement of > > the following line, even if it is multi-line. Is that also your > > understanding? Does it work like that with cppcheck? > Looking at the docs and the actual script, only the single line below SAF > comment is excluded. > So in your case you would require: > > /* SAF-1-safe */ > if (magic[0] != 037 || > /* SAF-1-safe */ > ((magic[1] != 0213) && (magic[1] != 0236))) { > error("bad gzip magic numbers"); > > I guess this was done so that it is clear that someone took all the parts of > the statements into account > and all of them fall into the same justification (which might not be the > case). Ops! In that case there is no difference between xen-analysis, cppcheck and ECLAIR behaviors. > BTW. I don't think we have also covered the case where there is more than one > violation in a single line > that we want to deviate (e.g. sth like /* SAF-1-safe, SAF-2-safe */ Good point. Yes we need to make sure that case is covered as well one way or the other.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.