On 2024-09-10 08:26, Jan Beulich wrote:
On 10.09.2024 06:46, Stefano Stabellini wrote:
On Mon, 9 Sep 2024, Jan Beulich wrote:
On 07.09.2024 15:03, Nicola Vetrini wrote:
+ * - R18.2
+ - Subtraction between pointers encapsulated by macro
page_to_mfn
+ are safe.
+ - Tagged as `safe` for ECLAIR.
This one is a result of using frame_table[], aiui. Alternative
approaches
were discussed before. Did that not lead anywhere, requiring a purely
textual / configurational deviation?
During the last MISRA discussion we agree that this was an acceptable
approach. What else did you have in mind?
One was to have the linker scripts provide the symbol. I think there
were
one or two more, yet I - perhaps wrongly - haven't been taking notes
...
One thing I'm fairly sure has been suggested for symbols that were not
linker-defined is the following mitigation:
gcc -fsanitize=address,pointer-subtract
ASAN_OPTIONS=detect_invalid_pointer_pairs=2 ./a.out
See GCC manual Section "3.12 Program Instrumentation Options"
https://gcc.gnu.org/onlinedocs/gcc-12.1.0/gcc.pdf
In any case, keep in mind that
exploring options is a task in itself and we could use our efforts on
reducing the numbers of violations instead which I think is more
useful.
Sure. Otoh quickest is not always best.
--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)
