linux qualification coding style type issues in iec 61508
play

Linux Qualification - Coding Style / Type issues in IEC 61508 - PowerPoint PPT Presentation

Apr 06, 2023 •543 likes •746 views

Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.org > December 1, 2016 Outline Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.o

  1. Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.org > December 1, 2016

  2. Outline Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.o SIL2LinuxMP Context Coding style/coding standard ? Outline Context Short glimpse in the horror cabinet of Linux kernel code Coding Style Type inconsistencies - the first real challenge The Type Crisis Conclusion Conclusion

  3. Context: system components Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.o Outline Context Coding Style The Type Crisis Conclusion SIL2: kernel+glibc+busybox+safety application

  4. Coding Style Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.o Mandated but not defined Outline Coding style and coding standards Context Coding Style What is resonable ? The Type Crisis Conclusion

  5. How does Linux kernel do it ? Linux Qualification - Coding Style / Type issues in CodingStyle - simple and relatively short (40+ rules) IEC 61508 Nicholas Mc checkpatch.pl - exhaustive and fussy (400+ rules) Guire < safety@osadl.o amendment by tooling (sparse/coccinelle/checkpatch –strict) to cover some aspects that are not sufficiently Outline Context addressable by coding style Coding Style amendment by procedures The Type (SubmittingPatches,SubmitChecklist) Crisis Conclusion patch review procedure multi-layer integration process So how good do we do in the kernel ?

  6. reasonable conditions Linux Qualification - Coding Style / drivers/media/dvb-frontends/dib7000m.c:926 bad conditional Type issues in IEC 61508 Nicholas Mc /* P_dintl_native, P_dintlv_inv, P_hrch, P_code_rate, P_select_hp Guire < safety@osadl.o value = 0; if (1 != 0) Outline value |= (1 << 6); Context if (ch->hierarchy == 1) Coding Style value |= (1 << 4); The Type Crisis if (1 == 1) Conclusion value |= 1; switch ((ch->hierarchy == 0 || 1 == 1) ? ch->code_rate_HP : ch->code_rate_LP) {

  7. ...and reasonable control flow Linux Qualification - drivers/staging/rtl8723au/hal/rtl8723a bt-coexist.c:7264 else Coding Style / Type issues in duplicates if IEC 61508 Nicholas Mc ... Guire < safety@osadl.o } else if (maxInterval == 2) { btdm_2AntPsTdma(padapter, true, 15); Outline pBtdm8723->psTdmaDuAdjType = 15; Context Coding Style } else if (maxInterval == 3) { The Type btdm_2AntPsTdma(padapter, true, 15); Crisis pBtdm8723->psTdmaDuAdjType = 15; Conclusion } else { btdm_2AntPsTdma(padapter, true, 15); pBtdm8723->psTdmaDuAdjType = 15; }

  8. ...no conditions with side-effects Linux Qualification - Coding Style / Type issues in IEC 61508 drivers/ide/cmd640.c:680 redundant logic expression with Nicholas Mc side-effect Guire < safety@osadl.o if (inb(0xCF8) == 0x00 && inb(0xCF8) == 0x00) { Outline spin_unlock_irqrestore(&cmd640_lock, flags); Context return 1; Coding Style } The Type Crisis This has been in here since kernel 2.3.X (predates git) The Conclusion earlier 2.2.X kernels do not have this construct How did this get into the kernel ?

  9. ..and resonable number of parameters Linux Qualification - Coding Style / Type issues in fs/ceph/caps.c:send cap msg,line 968 out of control parameter IEC 61508 list Nicholas Mc Guire static int send_cap_msg(struct ceph_mds_session *session, < safety@osadl.o u64 ino, u64 cid, int op, int caps, int wanted, int dirty, Outline u32 seq, u64 flush_tid, u32 issue_seq, u32 mseq, u64 size, u64 max_size, Context struct timespec *mtime, struct timespec *atime, u64 time_warp_seq, Coding Style kuid_t uid, kgid_t gid, umode_t mode, u64 xattr_version, The Type struct ceph_buffer *xattrs_buf, Crisis u64 follows, bool inline_data) Conclusion { Plain ugly - no excuse for this one - simply exclude ceph from the list of suitable fs.

  10. Linux total parameter distribution Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.o Outline Context Coding Style The Type Crisis Conclusion

  11. Core subset parameter distribution Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.o Outline Context Coding Style The Type Crisis Conclusion

  12. identifying problem cases Linux Qualification - Coding Style / both ”bad” functions are in lockdep: Type issues in IEC 61508 Nicholas Mc <function(name=’__lock_acquire’, Guire < safety@osadl.o source_file=’kernel/locking/lockdep.c’, line=’3068’, Outline column=’12’, Context parameter_number=’9’)> Coding Style <function(name=’print_bad_irq_dependency’, The Type Crisis source_file=’kernel/locking/lockdep.c’, Conclusion line=’1492’, column=’1’, parameter_number=’10’)>

  13. Type issues in C Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire C is not type safe < safety@osadl.o mismatch of types can lead to hard to locate problems Outline Automatic type conversion in C hides the problem Context Coding Style IEC 61508 Ed 2 B.1-8 ”Design and coding standards”: The Type No automatic type conversion - highly recomended for Crisis SIL2 Conclusion

  14. API compliance - completion Linux Qualification - Coding Style / Type issues in IEC 61508 semantic patch findings files confirmed Nicholas Mc duplicate init completion.cocci 2 2 2 Guire < safety@osadl.o check for signal ignored.cocci 6 4 6 false declare completion.cocci 6 5 6 Outline false init compltion.cocci 9 6 9 Context Coding Style check unhandled return.cocci 10 8 4 The Type check for negativ ret.cocci 11 9 3 Crisis check for return unused.cocci 62 42 2 Conclusion check for signed return.cocci 126 81 36 check wrong context2.cocci 0 (!) 0 -

  15. Type consistency - system components Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.o Component Nr Functions Inconsistent % kernel 374600 10727 2.85 Outline Context glibc 9184 268 2.92 Coding Style busybox 3645 43 1.18 The Type Crisis versions: kernel 4.1-rc2, glibc-2.9, busybox-1.2.2.1 Conclusion

  16. Type consistency - kernel core Linux Qualification - Coding Style / kern mm ipc init net lib total % Type issues in IEC 61508 wrong 1 1 0 0 1 1 4 0.5 Nicholas Mc sign 97 65 4 1 218 21 406 47.4 Guire < safety@osadl.o down 4 5 0 0 21 5 35 4.0 Outline sized Context up 66 34 8 0 123 3 234 27.3 Coding Style sized The Type declar 8 0 0 0 15 2 25 2.9 Crisis ation Conclusion false 31 17 4 0 89 12 153 17.9 pos 207 122 16 1 467 44 857

  17. Type consistency - get user() Linux arch/alpha/include/asm/uaccess.h:65,get_user() - returns long Qualification - arch/arm/include/asm/uaccess.h:199,get_user() - returns int Coding Style / arch/arm/include/asm/uaccess.h:267,get_user() - returns long Type issues in arch/arm64/include/asm/uaccess.h:288,get_user() - returns int IEC 61508 arch/avr32/include/asm/uaccess.h:131,get_user() - returns int arch/blackfin/include/asm/uaccess.h:129,get_user() - returns int Nicholas Mc arch/cris/include/asm/uaccess.h:95,get_user() - returns long Guire arch/frv/include/asm/uaccess.h:319,get_user() - returns int < safety@osadl.o arch/ia64/include/asm/uaccess.h:402,get_user() - returns long arch/m32r/include/asm/uaccess.h:693,get_user() - returns long arch/m68k/include/asm/uaccess_mm.h:393,get_user() - returns long Outline arch/m68k/include/asm/uaccess_no.h:181,get_user() - returns int arch/metag/include/asm/uaccess.h:246,get_user() - returns long Context arch/microblaze/include/asm/uaccess.h:426,get_user() - returns int Coding Style arch/mips/include/asm/uaccess.h:1445,get_user() - returns int arch/mn10300/include/asm/uaccess.h:495,get_user() - returns int The Type arch/nios2/include/asm/uaccess.h:231,get_user() - returns long Crisis arch/openrisc/include/asm/uaccess.h:324,get_user() - returns long arch/parisc/include/asm/uaccess.h;260,get_user() - returns long Conclusion arch/powerpc/include/asm/uaccess.h:454,get_user() - returns long arch/s390/include/asm/uaccess.h:377,get_user() - returns int arch/score/include/asm/uaccess.h:424,get_user() - returns long arch/sh/include/asm/uaccess.h:211,get_user() - returns long arch/sparc/include/asm/uaccess_32.h:377,get_user() - returns int arch/sparc/include/asm/uaccess_64.h:289,get_user() - returns int arch/tile/include/asm/uaccess.h:559,get_user() - returns int arch/um/include/asm/uaccess.h:178,get_user() - returns int arch/x86/include/asm/uaccess.h:744,get_user() - returns int arch/xtensa/include/asm/uaccess.h:510,get_user() - returns long include/asm-generic/uaccess.h:346,get_user() - returns int tools/virtio/linux/uaccess.h:50,get_user() - returns int

  18. Handling of ”bad”-code Linux Qualification - Coding Style / Type issues in Can we handle this ? IEC 61508 Nicholas Mc careful selection - review based configuration. Guire < safety@osadl.o tools - automate it - formal methods. Outline fix those issues in the core code SIL2LinuxMP needs Context (aprox. 1k patches) Coding Style build up interface to the community - ”fix once” is the The Type Crisis goal Conclusion push the tools out to the developers (once they are clean) build awareness in the community - notably of types

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Pythonic Coding Style C-START Python PD Workshop C-START Python PD Workshop Pythonic Coding

Pythonic Coding Style C-START Python PD Workshop C-START Python PD Workshop Pythonic Coding

Pythonic Coding Style C-START Python PD Workshop C-START Python PD Workshop Pythonic Coding Style A Foolish Consistency is the Hobgoblin of Little Minds Guido van Rossum (creator of Python) makes a point: code is read more often than it is

797 views • 20 slides
Human vs. Automated Coding Style Grading in Computing Education James Perretta, Westley Weimer,

Human vs. Automated Coding Style Grading in Computing Education James Perretta, Westley Weimer,

Human vs. Automated Coding Style Grading in Computing Education James Perretta, Westley Weimer, and Andrew DeOrio, University of Michigan ASEE Annual Conference and Exposition, June 2019 Motivation Code review and good coding style are

452 views • 19 slides
GNU/Linux Qualification - Kernel DLC Metrics Nicholas Mc Guire &lt; safety@osadl.org &gt;

GNU/Linux Qualification - Kernel DLC Metrics Nicholas Mc Guire &lt; safety@osadl.org &gt;

GNU/Linux Qualification - Kernel DLC Metrics Nicholas Mc Guire &lt; safety@osadl.org &gt; February 3, 2017 Outline GNU/Linux Qualification - Kernel DLC Metrics Nicholas Mc Guire &lt; safety@osadl.o Context Outline Qualification Context

429 views • 32 slides
Orchestrated Android-Style System Upgrades for Embedded Linux Diego Rondini Embedded Linux

Orchestrated Android-Style System Upgrades for Embedded Linux Diego Rondini Embedded Linux

Orchestrated Android-Style System Upgrades for Embedded Linux Diego Rondini Embedded Linux Conference Europe 2017, Prague Diego Rondini, www.kynetics.com What this session is about Manage and rollout software updates on Embedded Linux devices

664 views • 45 slides
SIL2LinuxMP Linux Qualification - Process Overview Nicholas Mc Guire &lt; safety@osadl.org &gt;

SIL2LinuxMP Linux Qualification - Process Overview Nicholas Mc Guire &lt; safety@osadl.org &gt;

SIL2LinuxMP Linux Qualification - Process Overview Nicholas Mc Guire &lt; safety@osadl.org &gt; January 25, 2016 Outline SIL2LinuxMP Linux Qualification - Process Overview Nicholas Mc Guire &lt; safety@osadl.o Context Outline Process

642 views • 10 slides
TOP 5 ICD-10 PCS RADIOLOGY ISSUES Preparing for the Transition to ICD-10 New Coding Elem ents

TOP 5 ICD-10 PCS RADIOLOGY ISSUES Preparing for the Transition to ICD-10 New Coding Elem ents

TOP 5 ICD-10 PCS RADIOLOGY ISSUES Preparing for the Transition to ICD-10 New Coding Elem ents ICD-10 PCS coding will require several additional elements 1) Modality (CT, MRI, US, NM, RAD) 2) High or Low Contrast is a required element of

410 views • 11 slides
style#1 grace style#2 freya style#3 iona style#4 skye style#5 cora style#6 maisie style#7 isla

style#1 grace style#2 freya style#3 iona style#4 skye style#5 cora style#6 maisie style#7 isla

style#1 grace style#2 freya style#3 iona style#4 skye style#5 cora style#6 maisie style#7 isla style#8 flora Add-on products Cashmere bed socks 3 colours Lace bralette 3 colours Necklaces 2 styles Labelling Packaging Website HOME

829 views • 13 slides
Pythonic Coding Style A Foolish Consistency is the Hobgoblin of Little Minds Guido van Rossum

Pythonic Coding Style A Foolish Consistency is the Hobgoblin of Little Minds Guido van Rossum

Pythonic Coding Style A Foolish Consistency is the Hobgoblin of Little Minds Guido van Rossum (creator of Python) makes a point: code is read more often than it is written , so readability counts . Python is one of the few languages with an

555 views • 20 slides
Report - BY CA M A H E N D R A SA N G H V I 2 Few samples of observation which one can

Report - BY CA M A H E N D R A SA N G H V I 2 Few samples of observation which one can

Clauses of Tax Audit Report - BY CA M A H E N D R A SA N G H V I 2 Few samples of observation which one can consider to clarify in Form 3CB are: Sr Qualification Type Observation/Qualification No. 1. Records produced for verification of

1.15k views • 89 slides
gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly

gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly

Gerard Holzmann Nimble Research gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly recommended DO 178C: required as opposed to testing only expected behavior, or randomly poking the code with

635 views • 18 slides
Continuation-Passing Style Transforms Type Theory and Coq Vincent Koppen 15-05-2018 Paper

Continuation-Passing Style Transforms Type Theory and Coq Vincent Koppen 15-05-2018 Paper

Continuation-Passing Style Transforms Type Theory and Coq Vincent Koppen 15-05-2018 Paper Title: Polymorphic Type Assignment and CPS Conversion Authors: Robert Harpery and Mark Lillibridge Year: 1993 Journal: lisp and symbolic computation : An

911 views • 52 slides
Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999: 2.2 Linux Kernel (patch) 2000: 2001: 2.4 Linux Kernel (patch) 2002: LSM 2003:

764 views • 43 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
Basic Project H ygiene Change control, coding style, and other observations on avoiding messes

Basic Project H ygiene Change control, coding style, and other observations on avoiding messes

Basic Project H ygiene Change control, coding style, and other observations on avoiding messes CIS 422 S98 / M Young 1/21/99 1 Change Control Typically three builds are current: Frozen: The demo version (shared) W

595 views • 10 slides
Software control issues of high bitrate data streams Christoph Lameter, Ph.D. cl@linux.com

Software control issues of high bitrate data streams Christoph Lameter, Ph.D. cl@linux.com

Software control issues of high bitrate data streams Christoph Lameter, Ph.D. cl@linux.com Linux Core Kernel Maintainer for slab allocators and per cpu operations R&amp;D Architect Algorithmic Trading Photonics for throughput and latency

572 views • 8 slides
Australian Learning &amp; Qualification Program Agenda 1. New Leadership Qualification 2.

Australian Learning &amp; Qualification Program Agenda 1. New Leadership Qualification 2.

Australian Learning &amp; Qualification Program Agenda 1. New Leadership Qualification 2. Implementation and next steps Leadership Qualification (LQ) ALQP replaces AALP New name is Australian Learning &amp; Qualification Program

773 views • 54 slides
Coccinelle: A program matching and transformation tool Himangi Saraogi, Linux kernel intern,

Coccinelle: A program matching and transformation tool Himangi Saraogi, Linux kernel intern,

Coccinelle: A program matching and transformation tool Himangi Saraogi, Linux kernel intern, FOSS Outreach Program for Women Round 8, Mentor: Julia Lawall Linux.conf.au Literally A Coccinelle (ladybug) is a bug that eats smaller bugs. My

490 views • 31 slides
INTRODUCTION TO COCCINELLE AND SMPL Linuxcon Japan, 2016 Vaishali Thakkar

INTRODUCTION TO COCCINELLE AND SMPL Linuxcon Japan, 2016 Vaishali Thakkar

INTRODUCTION TO COCCINELLE AND SMPL Linuxcon Japan, 2016 Vaishali Thakkar (vaishali.thakkar@oracle.com) 1 Prerequisites Source code of the Linux kernel version 4.6 Latest version of the Coccinelle Either installl it from the package manager

1.35k views • 76 slides
Introduction to Coccinelle Julia Lawall University of Copenhagen/INRIA-Regal November 25, 2009

Introduction to Coccinelle Julia Lawall University of Copenhagen/INRIA-Regal November 25, 2009

Introduction to Coccinelle Julia Lawall University of Copenhagen/INRIA-Regal November 25, 2009 1 Overview The structure of a semantic patch. Isomorphisms. Depends on. Dots. Nests. Positions. Python. 2 The !&amp;

818 views • 30 slides
Introduction to Coccinelle Julia Lawall (Inria/LIP6) http://coccinelle.lip6.fr March 27, 2014

Introduction to Coccinelle Julia Lawall (Inria/LIP6) http://coccinelle.lip6.fr March 27, 2014

Introduction to Coccinelle Julia Lawall (Inria/LIP6) http://coccinelle.lip6.fr March 27, 2014 Common programming problems Programmers dont really understand how C works. !e1 &amp; e2 does a bit-and with 0 or 1. A simpler API

485 views • 45 slides
Restructuring Scientific Software using Semantic Patching with Coccinelle Michele MARTONE

Restructuring Scientific Software using Semantic Patching with Coccinelle Michele MARTONE

Restructuring Scientific Software using Semantic Patching with Coccinelle Michele MARTONE Leibniz Supercomputing Centre Garching bei M unchen, Germany Potsdam, de-RSE Conference June 4, 2019 (@LRZ.de) 1 / 57 Description de-RSE@Potsdam,

854 views • 64 slides
Part II: Applications in Database Systems Some slides courtesy of Amol Deshpande Outline

Part II: Applications in Database Systems Some slides courtesy of Amol Deshpande Outline

Application of Graphical Models Part II: Applications in Database Systems Some slides courtesy of Amol Deshpande Outline Selectivity Estimation and Query Optimization Probabilistic Relational Models Probabilistic Databases

849 views • 25 slides
Prex: Finding Guidance for Forward and Backward Porting of Linux Device Drivers Julia Lawall,

Prex: Finding Guidance for Forward and Backward Porting of Linux Device Drivers Julia Lawall,

Prex: Finding Guidance for Forward and Backward Porting of Linux Device Drivers Julia Lawall, Derek Palinski, Lukas Gnirke, Gilles Muller (Inria/LIP6) January 12, 2017 (Unpublished work) 1 The porting problem driver 4.4 2 The porting

707 views • 56 slides
Day 1 &quot; Last lecture: ! RNA Search and ! many biologically interesting roles for RNA &quot;

Day 1 &quot; Last lecture: ! RNA Search and ! many biologically interesting roles for RNA &quot;

Day 1 &quot; Last lecture: ! RNA Search and ! many biologically interesting roles for RNA &quot; Motif Discovery &quot; Today: &quot; Covariance Models (CMs) represent CSE 527 ! conserved RNA sequence/structure motifs &quot; Computational Biology

1.04k views • 38 slides

More recommend