[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH v2] domain: add ASSERT to help static analysis tools

To: nicola.vetrini@xxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
Date: Fri, 24 Nov 2023 14:43:13 +0100
Cc: sstabellini@xxxxxxxxxx, michal.orzel@xxxxxxx, xenia.ragiadakou@xxxxxxx, ayan.kumar.halder@xxxxxxx, consulting@xxxxxxxxxxx, jbeulich@xxxxxxxx, andrew.cooper3@xxxxxxxxxx, roger.pau@xxxxxxxxxx, bertrand.marquis@xxxxxxx, julien@xxxxxxx, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
Delivery-date: Fri, 24 Nov 2023 13:43:18 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2023-11-17 10:21, Nicola Vetrini wrote:

Static analysis tools may detect a possible null pointer
dereference of 'config'. This ASSERT helps them in detecting
that such a condition is not possible given that only
real domains can enter this branch, which are guaranteeed to have
a non-NULL config at this point, but this information is not
inferred by the tool.

Checking that the condition given in the assertion holds via
testing is the means to protect release builds, where the assertion
expands to effectively nothing.

Suggested-by: Julien Grall <julien@xxxxxxx>
Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
Acked-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
---
Changes in v2:
- Clarified the context in which the assertion is useful.

The check may be later improved by proper error checking
instead of relying on the semantics explained here:
https://lore.kernel.org/xen-devel/61f04d4b-34d9-4fd1-a989-56b042b4f3d8@xxxxxxxxxx/
---
 xen/common/domain.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/xen/common/domain.c b/xen/common/domain.c
index 8f9ab01c0cb7..924099db1098 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -700,6 +700,13 @@ struct domain *domain_create(domid_t domid,

     if ( !is_idle_domain(d) )
     {
+        /*

+ * The assertion helps static analysis tools infer that configcannot+ * be NULL in this branch, which in turn means that it can besafely

+         * dereferenced. Therefore, this assertion is not redundant.
+         */
+        ASSERT(config);
+
         watchdog_domain_init(d);
         init_status |= INIT_watchdog;

This patch has been revised according to the comments received on v1 toclarify that the assertion seems redundant, but it's useful for otherpurposes.


--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)

References:
- [XEN PATCH v2] domain: add ASSERT to help static analysis tools
  - From: Nicola Vetrini

Prev by Date: Re: [XEN PATCH v5 0/2] use the documentation for MISRA C:2012 Dir 4.1
Next by Date: Re: [PATCH v2 05/15] x86: amend cpu_has_xen_[ibt,shstk}
Previous by thread: [XEN PATCH v2] domain: add ASSERT to help static analysis tools
Next by thread: Re: [XEN PATCH v2] automation/eclair: add deviations for MISRA C:2012 Rule 8.3
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.