[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: xen-analysis ECLAIR support

  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Luca Fancellu <Luca.Fancellu@xxxxxxx>
  • Date: Mon, 4 Sep 2023 12:16:36 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fT1+/3FFo8sr+A3+bTatit0MNOKNX3/wCVSxe1aBOn0=; b=aAoMVC6BzLYBVHCLkvhR2vbOGWX8G/p0ZIam0YQDRGMOP1vAJAZ5bywmdgWr7QI1FxcPrEZWKFB+OPkgcjaGkRfzauooEMsVRx2xJydc2KLhcHgfrNc+x4etwOvH/G7C84j4MMBmnPcnk2QyoequDGek+56nWlAvYdtz4CwlK3WZ3EwdApAMcPPyEYYJ9tfB1edtHJKsbx9dEyuP3BJpHVvCcoIh/gxhFjKSNLm+TCbUUrSxoxgKpbJ0iMJUDokzLXjckyly2HcHcaR1Q/oUs+MJhH1YVIyB1Tn0Vj2I3fsZcPgTW4ASxrOPDTy2ZBw9H61gAITjd00V++SmqzRxLg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fVNPOrBjCAVDr/UajzXHSoXZJIHmrHJoF1tSbRtDR0pbmWmUmEXPS4OKywLvX3pBBUa5eGL7vtjVqcWEwxYyIN9yKmhq78g9Y9aB2mZn+u9pMQU/LlZMJHv9+TfiTgBAPilYpNIzMfIWGfEs4ApAD0brf72rGcYH0iSaxTlVpfTpJ4tEc1GUFVwTk5WlWYuBy0dWq6RQYJsfQ4qth3tSfcjgrQCrg6gwe2NSMaLQoS47fRYfAdwCD5EVkMytW4utKincFlsV7Yz3s44WJtONPZwBD1GVoU6hz0Wv0s7v93uPViE+yaZhElE3YbyjQEgnDFe1KYnfCOvrL3rqd0g38A==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Delivery-date: Mon, 04 Sep 2023 12:17:34 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHZ1tnZvpm8hZMDREGKKcjBarux3K/6qaOAgADmnoCADxVLAA==
  • Thread-topic: xen-analysis ECLAIR support

> On 25 Aug 2023, at 22:56, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote:
> 
> On Fri, 25 Aug 2023, Nicola Vetrini wrote:
>> On 25/08/2023 00:24, Stefano Stabellini wrote:
>>> Hi Luca,
>>> 
>>> We are looking into adding ECLAIR support for xen-analysis so that we
>>> can use the SAF-n-safe tags also with ECLAIR.
>>> 
>>> One question that came up is about multi-line statements. For instance,
>>> in a case like the following:
>>> 
>>> diff --git a/xen/common/inflate.c b/xen/common/inflate.c
>>> index 8fa4b96d12..8bdc9208da 100644
>>> --- a/xen/common/inflate.c
>>> +++ b/xen/common/inflate.c
>>> @@ -1201,6 +1201,7 @@ static int __init gunzip(void)
>>>     magic[1] = NEXTBYTE();
>>>     method   = NEXTBYTE();
>>> 
>>> +    /* SAF-1-safe */
>>>     if (magic[0] != 037 ||
>>>         ((magic[1] != 0213) && (magic[1] != 0236))) {
>>>         error("bad gzip magic numbers");
>>> 
>>> 
>>> Would SAF-1-safe cover both 037, and also 0213 and 0213?
>>> Or would it cover only 037?
>>> 
>>> We haven't use SAFE-n-safe extensively through the codebase yet but
>>> my understanding is that SAFE-n-safe would cover the entire statement of
>>> the following line, even if it is multi-line. Is that also your
>>> understanding? Does it work like that with cppcheck?
>>> 
>>> 
>>> It looks like ECLAIR requires a written-down number of lines of code to
>>> deviate if it is more than 1 line. In this example it would be 2 lines:
>>> 
>>>     /* SAF-1-safe 2 */
>>>     if (magic[0] != 037 ||
>>>         ((magic[1] != 0213) && (magic[1] != 0236))) {
>>> 
>>> One option that I was thinking about is whether we can add the number of
>>> lines automatically in xen-analysis based on the number of lines of the
>>> next statement. What do you think?
>>> 
>>> It seems fragile to actually keep the number of lines inside the SAF
>>> comment in the code. I am afraid it could get out of sync due to code
>>> style refactoring or other mechanical changes.
>>> 
>> 
>> Having the number of lines automatically inferred from the code following the
>> comment
>> does not seem that robust either, given the minimal information in the SAF
>> comments
>> (e.g., what if the whole if statement needs to be deviated, rather
>> than the controlling expression?).
>> 
>> An alternative proposal could be the following:
>>      /* SAF-n-safe begin */
>>      if (magic[0] != 037 ||
>>          ((magic[1] != 0213) && (magic[1] != 0236))) {
>>      /* SAF-n-safe end */
>> 
>> which is translated, for ECLAIR, into:
>> 
>>    /* -E> safe <Rule ID> 2 <free text> */
>>    if (magic[0] != 037 ||
>>          ((magic[1] != 0213) && (magic[1] != 0236))) {
>> 
>> this will deviate however many lines are between the begin and end markers.
> 
> I think this could be a good way to solve the problem when multi-line
> deviation support is required. In this case, like Jan suggested, it
> is easier to put everything on a single line, but in other cases it
> might not be possible.

Yes, in that case however we are tied to what the underlying tool are 
supporting,
for example eclair is pretty nice and support an in-code comment with advanced
Syntax, but for example cppcheck and also coverity don’t, so in the end we used
the common denominator where the comment suppress the next line (containing 
code).

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.