[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MISRA C:2012 D4.11 caution on staging

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
Date: Tue, 10 Oct 2023 11:31:01 +0200
Cc: consulting@xxxxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, roger.pau@xxxxxxxxxx, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
Delivery-date: Tue, 10 Oct 2023 09:31:13 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi,

as you can see from [1], there's a MISRA C guideline, D4.11, that issupposed to be clean

(i.e., have no reports), but has a caution on an argument to memcpy

(the second argument might be null according to the checker, given a setof assumptions onthe control flow). To access the report just click on the second link inthe log, which should take you to a webpage with a list ofMISRA guidelines. Click on D4.11 and you'll see the full report, which Ipasted below for convenience.

If the finding is genuine, then some countermeasure needs to be takenagainst thispossible bug, otherwise it needs to be motivated why the fieldconfig->handle can't

be null at that point.

The finding is likely the result of an improvement made to the checker,because the firstanalysis I can see that spots it happened when rc1 has been tagged, butthat commit does not

touch the involved files.

[1] https://gitlab.com/xen-project/xen/-/jobs/5251222578

 caution for MC3R1.D4.11 untagged
xen/common/domain.c:758.27-758.40:
[59] null pointer passed as 2nd argument to memory copy function
xen/common/domain.c:590.10-590.15:
[1] assuming 'config' is null
xen/common/domain.c:593.10-593.44:
[2] assuming the condition is false; taking false branch
<preprocessed xen/common/domain.c>:11332.10-11332.50:
preprocessed tokens
xen/include/xen/types.h:31.23:
expanded from macro `NULL'
xen/common/domain.c:603.12-603.27:
[3] '?' condition is true
<preprocessed xen/common/domain.c>:11336.37-11336.52:
preprocessed tokens
xen/include/xen/compiler.h:21.43:
expanded from macro `unlikely'
xen/include/xen/lib.h:26.15-26.28:
expanded from macro `ASSERT'
xen/include/xen/lib.h:26.26:
expanded from macro `ASSERT'
xen/common/domain.c:603.5-603.65:
[4] taking false branch
<preprocessed xen/common/domain.c>:11336.10-11336.11:
preprocessed tokens
xen/include/xen/lib.h:26.10-26.11:
expanded from macro `ASSERT'
xen/common/domain.c:603.5-603.65:
[5] loop condition is false:  exiting loop
<preprocessed xen/common/domain.c>:11336.5-11336.6:
preprocessed tokens
xen/include/xen/lib.h:26.5-26.6:
expanded from macro `ASSERT'
xen/common/domain.c:605.10-605.15:
[6] 'config' is null
xen/common/domain.c:605.5-605.6:
[7] taking false branch
xen/common/domain.c:615.10-615.14:
[8] 'domid' is not equal to 0
xen/common/domain.c:615.24-615.28:
[9] 'domid' is not equal to hardware_domid
xen/common/domain.c:615.5-615.6:
[10] taking false branch
xen/common/domain.c:624.5-624.44:
[11] taking false branch
<preprocessed xen/common/domain.c>:11356.10-11356.11:
preprocessed tokens
xen/include/xen/trace.h:86.9-86.10:
expanded from macro `TRACE_varD'
xen/include/xen/trace.h:94.5-94.22:
expanded from macro `TRACE_1D'
xen/common/domain.c:624.5-624.44:
[12] loop condition is false:  exiting loop
<preprocessed xen/common/domain.c>:11356.5-11356.6:
preprocessed tokens
xen/include/xen/trace.h:85.5-85.6:
expanded from macro `TRACE_varD'
xen/include/xen/trace.h:94.5-94.22:
expanded from macro `TRACE_1D'
xen/common/domain.c:630.5-630.39:
[13] assuming 'prof' is null; taking true branch
<preprocessed xen/common/domain.c>:11362.111-11362.115:
preprocessed tokens
xen/include/xen/spinlock.h:114.14-114.18:
expanded from macro `spin_lock_init_prof'
xen/common/domain.c:630.5-630.39:
[14]  execution continues on line 631
<preprocessed xen/common/domain.c>:11363.104-11363.108:
preprocessed tokens
xen/include/xen/spinlock.h:119.13-119.17:
expanded from macro `spin_lock_init_prof'
xen/common/domain.c:631.5-631.43:
[15] assuming 'prof' is null; taking true branch
<preprocessed xen/common/domain.c>:11367.115-11367.119:
preprocessed tokens
xen/include/xen/spinlock.h:114.14-114.18:
expanded from macro `spin_lock_init_prof'
xen/common/domain.c:631.5-631.43:
[16]  execution continues on line 632
<preprocessed xen/common/domain.c>:11368.112-11368.116:
preprocessed tokens
xen/include/xen/spinlock.h:119.13-119.17:
expanded from macro `spin_lock_init_prof'
xen/common/domain.c:642.24-642.36:
[17] '?' condition is true
<preprocessed xen/common/domain.c>:11377.92:
preprocessed tokens
xen/include/xen/bitmap.h:97.9:
expanded from macro `BITMAP_LAST_WORD_MASK'
xen/include/xen/nodemask.h:238.29-238.63:
expanded from macro `NODE_MASK_LAST_WORD'
xen/include/xen/nodemask.h:244.43-244.61:
expanded from macro `NODE_MASK_ALL'
xen/common/domain.c:662.5-662.6:
[18] taking false branch

--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)

Follow-Ups:
- Re: MISRA C:2012 D4.11 caution on staging
  - From: Andrew Cooper
- Re: MISRA C:2012 D4.11 caution on staging
  - From: Stefano Stabellini

Prev by Date: Re: [PATCH v8 0/4] Prevent attempting updates known to fail
Next by Date: Re: [PATCH v8 0/4] Prevent attempting updates known to fail
Previous by thread: Re: [PATCH v8 0/4] Prevent attempting updates known to fail
Next by thread: Re: MISRA C:2012 D4.11 caution on staging
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.