Xen project Mailing List

[PATCH] misra: add ASSERT_UNREACHABLE() in default clauses

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>

Date: Mon, 11 Aug 2025 20:30:37 +0000

Accept-language: en-US, uk-UA, ru-RU

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ydHtDDK2/6QzpFnO38JKm8UgV+eHTHOoPYYCb7Oj8qQ=; b=L8DK40UFJwnPueQInSE1sHttByzghXwiaRMoBmV+vnuS2bCCPYNAI0uW8g8mBtzexqLkSWPq7e6ZR2xgwecpyylgtGcFBtfDXdhi/cGC5t19zhq6DNWIxRgRNsBr2MuttJ5uDdq6Q8T/85APaGXQMUe73bw4FMczPwoUhh+vZ1NH+8P2uiqVp+/rDxMOXfE91RgNBQIVuEJFgRJsLlTLcO0VItvE0ItrqfFgL5TDTK+14YbWKhyamPKeCE/4cq0ajLtAqXSkaZfuUcCv68ehaz7//ReLmtB0KTuUFi6HbA0B2/44frUQdIzFGzp+3Zl0uj+3Y114tbSeXUswsUvjLw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BANJcxz5aAfGEXgfBCAqTbXRzD7M8OQCut5nv6zqvNxL50Zm7uQg+Uha4zAcUYO4XF842T6dSdtgQgp+lO71FlAYosskq0nB7yAEfPb0UEsCiwEf2JxnQtwQngbn2mpD6mBW/rlpaVyRwPDSRnqOW93HwiQ/vNtusnsSlL9XP2D2mypzgQMR5a3KtGz//ik1YDPXDrNVlmDUCxf+3z0tMQvcv9SdVwSShNDPhlvpMrY0qQG9lLn54D1CwSjUG/VIvosrdBdlLsYd/WucviPR6pLoC3A2k+S2801h5shtlU/OG+fcPujRG/yxBm3CKI6g5F9cRhdZ+wdyp7ucAeNPgg==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;

Cc: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Mon, 11 Aug 2025 20:30:58 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHcCv7M4bE5kwDncUeSEAS4rjYqyA==

Thread-topic: [PATCH] misra: add ASSERT_UNREACHABLE() in default clauses

MISRA Rule 16.4: Every switch statement shall have a default label. The default clause must contain either a statement or a comment prior to its terminating break statement. However, there is a documented rule that apply to the Xen in 'docs/misra/rules.rst': Switch statements with integer types as controlling expression should have a default label: - if the switch is expected to handle all possible cases explicitly, then a default label shall be added to handle unexpected error conditions, using BUG(), ASSERT(), WARN(), domain_crash(), or other appropriate methods; These changes add `ASSERT_UNREACHABLE()` macro to the default clause of switch statements that already explicitly handle all possible cases. This ensures compliance with MISRA, avoids undefined behavior in unreachable paths, and helps detect errors during development. Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@xxxxxxxx> --- xen/arch/arm/decode.c | 3 +++ xen/arch/arm/guest_walk.c | 4 ++++ xen/common/grant_table.c | 10 ++++++++-- xen/drivers/char/console.c | 3 +++ 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/decode.c b/xen/arch/arm/decode.c index 2537dbebc1..cb64137b3b 100644 --- a/xen/arch/arm/decode.c +++ b/xen/arch/arm/decode.c @@ -178,6 +178,9 @@ static int decode_thumb(register_t pc, struct hsr_dabt *dabt) case 3: /* Signed byte */ update_dabt(dabt, reg, 0, true); break; + default: + ASSERT_UNREACHABLE(); + break; } break; diff --git a/xen/arch/arm/guest_walk.c b/xen/arch/arm/guest_walk.c index 09fe486598..9199a29602 100644 --- a/xen/arch/arm/guest_walk.c +++ b/xen/arch/arm/guest_walk.c @@ -167,6 +167,10 @@ static bool guest_walk_sd(const struct vcpu *v, *perms |= GV2M_EXEC; break; + + default: + ASSERT_UNREACHABLE(); + break; } return true; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index cf131c43a1..60fc47f0c8 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -330,9 +330,12 @@ shared_entry_header(struct grant_table *t, grant_ref_t ref) /* Returned values should be independent of speculative execution */ block_speculation(); return &shared_entry_v2(t, ref).hdr; + + default: + ASSERT_UNREACHABLE(); + break; } - ASSERT_UNREACHABLE(); block_speculation(); return NULL; @@ -727,10 +730,13 @@ static unsigned int nr_grant_entries(struct grant_table *gt) /* Make sure we return a value independently of speculative execution */ block_speculation(); return f2e(nr_grant_frames(gt), 2); + + default: + ASSERT_UNREACHABLE(); + break; #undef f2e } - ASSERT_UNREACHABLE(); block_speculation(); return 0; diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index 9bd5b4825d..608616f2af 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -889,6 +889,9 @@ static int cf_check parse_console_timestamps(const char *s) opt_con_timestamp_mode = TSM_DATE; con_timestamp_mode_upd(param_2_parfs(parse_console_timestamps)); return 0; + default: + ASSERT_UNREACHABLE(); + break; } if ( *s == '\0' || /* Compat for old booleanparam() */ !strcmp(s, "date") ) -- 2.43.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.