linux qualification coding style type issues in iec 61508
play

Linux Qualification - Coding Style / Type issues in IEC 61508 - PowerPoint PPT Presentation

Apr 06, 2023 •543 likes •746 views

Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.org > December 1, 2016 Outline Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.o

  1. Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.org > December 1, 2016

  2. Outline Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.o SIL2LinuxMP Context Coding style/coding standard ? Outline Context Short glimpse in the horror cabinet of Linux kernel code Coding Style Type inconsistencies - the first real challenge The Type Crisis Conclusion Conclusion

  3. Context: system components Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.o Outline Context Coding Style The Type Crisis Conclusion SIL2: kernel+glibc+busybox+safety application

  4. Coding Style Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.o Mandated but not defined Outline Coding style and coding standards Context Coding Style What is resonable ? The Type Crisis Conclusion

  5. How does Linux kernel do it ? Linux Qualification - Coding Style / Type issues in CodingStyle - simple and relatively short (40+ rules) IEC 61508 Nicholas Mc checkpatch.pl - exhaustive and fussy (400+ rules) Guire < safety@osadl.o amendment by tooling (sparse/coccinelle/checkpatch –strict) to cover some aspects that are not sufficiently Outline Context addressable by coding style Coding Style amendment by procedures The Type (SubmittingPatches,SubmitChecklist) Crisis Conclusion patch review procedure multi-layer integration process So how good do we do in the kernel ?

  6. reasonable conditions Linux Qualification - Coding Style / drivers/media/dvb-frontends/dib7000m.c:926 bad conditional Type issues in IEC 61508 Nicholas Mc /* P_dintl_native, P_dintlv_inv, P_hrch, P_code_rate, P_select_hp Guire < safety@osadl.o value = 0; if (1 != 0) Outline value |= (1 << 6); Context if (ch->hierarchy == 1) Coding Style value |= (1 << 4); The Type Crisis if (1 == 1) Conclusion value |= 1; switch ((ch->hierarchy == 0 || 1 == 1) ? ch->code_rate_HP : ch->code_rate_LP) {

  7. ...and reasonable control flow Linux Qualification - drivers/staging/rtl8723au/hal/rtl8723a bt-coexist.c:7264 else Coding Style / Type issues in duplicates if IEC 61508 Nicholas Mc ... Guire < safety@osadl.o } else if (maxInterval == 2) { btdm_2AntPsTdma(padapter, true, 15); Outline pBtdm8723->psTdmaDuAdjType = 15; Context Coding Style } else if (maxInterval == 3) { The Type btdm_2AntPsTdma(padapter, true, 15); Crisis pBtdm8723->psTdmaDuAdjType = 15; Conclusion } else { btdm_2AntPsTdma(padapter, true, 15); pBtdm8723->psTdmaDuAdjType = 15; }

  8. ...no conditions with side-effects Linux Qualification - Coding Style / Type issues in IEC 61508 drivers/ide/cmd640.c:680 redundant logic expression with Nicholas Mc side-effect Guire < safety@osadl.o if (inb(0xCF8) == 0x00 && inb(0xCF8) == 0x00) { Outline spin_unlock_irqrestore(&cmd640_lock, flags); Context return 1; Coding Style } The Type Crisis This has been in here since kernel 2.3.X (predates git) The Conclusion earlier 2.2.X kernels do not have this construct How did this get into the kernel ?

  9. ..and resonable number of parameters Linux Qualification - Coding Style / Type issues in fs/ceph/caps.c:send cap msg,line 968 out of control parameter IEC 61508 list Nicholas Mc Guire static int send_cap_msg(struct ceph_mds_session *session, < safety@osadl.o u64 ino, u64 cid, int op, int caps, int wanted, int dirty, Outline u32 seq, u64 flush_tid, u32 issue_seq, u32 mseq, u64 size, u64 max_size, Context struct timespec *mtime, struct timespec *atime, u64 time_warp_seq, Coding Style kuid_t uid, kgid_t gid, umode_t mode, u64 xattr_version, The Type struct ceph_buffer *xattrs_buf, Crisis u64 follows, bool inline_data) Conclusion { Plain ugly - no excuse for this one - simply exclude ceph from the list of suitable fs.

  10. Linux total parameter distribution Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.o Outline Context Coding Style The Type Crisis Conclusion

  11. Core subset parameter distribution Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.o Outline Context Coding Style The Type Crisis Conclusion

  12. identifying problem cases Linux Qualification - Coding Style / both ”bad” functions are in lockdep: Type issues in IEC 61508 Nicholas Mc <function(name=’__lock_acquire’, Guire < safety@osadl.o source_file=’kernel/locking/lockdep.c’, line=’3068’, Outline column=’12’, Context parameter_number=’9’)> Coding Style <function(name=’print_bad_irq_dependency’, The Type Crisis source_file=’kernel/locking/lockdep.c’, Conclusion line=’1492’, column=’1’, parameter_number=’10’)>

  13. Type issues in C Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire C is not type safe < safety@osadl.o mismatch of types can lead to hard to locate problems Outline Automatic type conversion in C hides the problem Context Coding Style IEC 61508 Ed 2 B.1-8 ”Design and coding standards”: The Type No automatic type conversion - highly recomended for Crisis SIL2 Conclusion

  14. API compliance - completion Linux Qualification - Coding Style / Type issues in IEC 61508 semantic patch findings files confirmed Nicholas Mc duplicate init completion.cocci 2 2 2 Guire < safety@osadl.o check for signal ignored.cocci 6 4 6 false declare completion.cocci 6 5 6 Outline false init compltion.cocci 9 6 9 Context Coding Style check unhandled return.cocci 10 8 4 The Type check for negativ ret.cocci 11 9 3 Crisis check for return unused.cocci 62 42 2 Conclusion check for signed return.cocci 126 81 36 check wrong context2.cocci 0 (!) 0 -

  15. Type consistency - system components Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire < safety@osadl.o Component Nr Functions Inconsistent % kernel 374600 10727 2.85 Outline Context glibc 9184 268 2.92 Coding Style busybox 3645 43 1.18 The Type Crisis versions: kernel 4.1-rc2, glibc-2.9, busybox-1.2.2.1 Conclusion

  16. Type consistency - kernel core Linux Qualification - Coding Style / kern mm ipc init net lib total % Type issues in IEC 61508 wrong 1 1 0 0 1 1 4 0.5 Nicholas Mc sign 97 65 4 1 218 21 406 47.4 Guire < safety@osadl.o down 4 5 0 0 21 5 35 4.0 Outline sized Context up 66 34 8 0 123 3 234 27.3 Coding Style sized The Type declar 8 0 0 0 15 2 25 2.9 Crisis ation Conclusion false 31 17 4 0 89 12 153 17.9 pos 207 122 16 1 467 44 857

  17. Type consistency - get user() Linux arch/alpha/include/asm/uaccess.h:65,get_user() - returns long Qualification - arch/arm/include/asm/uaccess.h:199,get_user() - returns int Coding Style / arch/arm/include/asm/uaccess.h:267,get_user() - returns long Type issues in arch/arm64/include/asm/uaccess.h:288,get_user() - returns int IEC 61508 arch/avr32/include/asm/uaccess.h:131,get_user() - returns int arch/blackfin/include/asm/uaccess.h:129,get_user() - returns int Nicholas Mc arch/cris/include/asm/uaccess.h:95,get_user() - returns long Guire arch/frv/include/asm/uaccess.h:319,get_user() - returns int < safety@osadl.o arch/ia64/include/asm/uaccess.h:402,get_user() - returns long arch/m32r/include/asm/uaccess.h:693,get_user() - returns long arch/m68k/include/asm/uaccess_mm.h:393,get_user() - returns long Outline arch/m68k/include/asm/uaccess_no.h:181,get_user() - returns int arch/metag/include/asm/uaccess.h:246,get_user() - returns long Context arch/microblaze/include/asm/uaccess.h:426,get_user() - returns int Coding Style arch/mips/include/asm/uaccess.h:1445,get_user() - returns int arch/mn10300/include/asm/uaccess.h:495,get_user() - returns int The Type arch/nios2/include/asm/uaccess.h:231,get_user() - returns long Crisis arch/openrisc/include/asm/uaccess.h:324,get_user() - returns long arch/parisc/include/asm/uaccess.h;260,get_user() - returns long Conclusion arch/powerpc/include/asm/uaccess.h:454,get_user() - returns long arch/s390/include/asm/uaccess.h:377,get_user() - returns int arch/score/include/asm/uaccess.h:424,get_user() - returns long arch/sh/include/asm/uaccess.h:211,get_user() - returns long arch/sparc/include/asm/uaccess_32.h:377,get_user() - returns int arch/sparc/include/asm/uaccess_64.h:289,get_user() - returns int arch/tile/include/asm/uaccess.h:559,get_user() - returns int arch/um/include/asm/uaccess.h:178,get_user() - returns int arch/x86/include/asm/uaccess.h:744,get_user() - returns int arch/xtensa/include/asm/uaccess.h:510,get_user() - returns long include/asm-generic/uaccess.h:346,get_user() - returns int tools/virtio/linux/uaccess.h:50,get_user() - returns int

  18. Handling of ”bad”-code Linux Qualification - Coding Style / Type issues in Can we handle this ? IEC 61508 Nicholas Mc careful selection - review based configuration. Guire < safety@osadl.o tools - automate it - formal methods. Outline fix those issues in the core code SIL2LinuxMP needs Context (aprox. 1k patches) Coding Style build up interface to the community - ”fix once” is the The Type Crisis goal Conclusion push the tools out to the developers (once they are clean) build awareness in the community - notably of types

Recommend

Pythonic Coding Style C-START Python PD Workshop C-START Python PD Workshop Pythonic Coding

Pythonic Coding Style C-START Python PD Workshop C-START Python PD Workshop Pythonic Coding

Pythonic Coding Style C-START Python PD Workshop C-START Python PD Workshop Pythonic Coding Style A Foolish Consistency is the Hobgoblin of Little Minds Guido van Rossum (creator of Python) makes a point: code is read more often than it is

797 views • 20 slides
Human vs. Automated Coding Style Grading in Computing Education James Perretta, Westley Weimer,

Human vs. Automated Coding Style Grading in Computing Education James Perretta, Westley Weimer,

Human vs. Automated Coding Style Grading in Computing Education James Perretta, Westley Weimer, and Andrew DeOrio, University of Michigan ASEE Annual Conference and Exposition, June 2019 Motivation Code review and good coding style are

452 views • 19 slides
GNU/Linux Qualification - Kernel DLC Metrics Nicholas Mc Guire &lt; safety@osadl.org &gt;

GNU/Linux Qualification - Kernel DLC Metrics Nicholas Mc Guire &lt; safety@osadl.org &gt;

GNU/Linux Qualification - Kernel DLC Metrics Nicholas Mc Guire &lt; safety@osadl.org &gt; February 3, 2017 Outline GNU/Linux Qualification - Kernel DLC Metrics Nicholas Mc Guire &lt; safety@osadl.o Context Outline Qualification Context

429 views • 32 slides
Orchestrated Android-Style System Upgrades for Embedded Linux Diego Rondini Embedded Linux

Orchestrated Android-Style System Upgrades for Embedded Linux Diego Rondini Embedded Linux

Orchestrated Android-Style System Upgrades for Embedded Linux Diego Rondini Embedded Linux Conference Europe 2017, Prague Diego Rondini, www.kynetics.com What this session is about Manage and rollout software updates on Embedded Linux devices

664 views • 45 slides
SIL2LinuxMP Linux Qualification - Process Overview Nicholas Mc Guire &lt; safety@osadl.org &gt;

SIL2LinuxMP Linux Qualification - Process Overview Nicholas Mc Guire &lt; safety@osadl.org &gt;

SIL2LinuxMP Linux Qualification - Process Overview Nicholas Mc Guire &lt; safety@osadl.org &gt; January 25, 2016 Outline SIL2LinuxMP Linux Qualification - Process Overview Nicholas Mc Guire &lt; safety@osadl.o Context Outline Process

642 views • 10 slides
TOP 5 ICD-10 PCS RADIOLOGY ISSUES Preparing for the Transition to ICD-10 New Coding Elem ents

TOP 5 ICD-10 PCS RADIOLOGY ISSUES Preparing for the Transition to ICD-10 New Coding Elem ents

TOP 5 ICD-10 PCS RADIOLOGY ISSUES Preparing for the Transition to ICD-10 New Coding Elem ents ICD-10 PCS coding will require several additional elements 1) Modality (CT, MRI, US, NM, RAD) 2) High or Low Contrast is a required element of

410 views • 11 slides
style#1 grace style#2 freya style#3 iona style#4 skye style#5 cora style#6 maisie style#7 isla

style#1 grace style#2 freya style#3 iona style#4 skye style#5 cora style#6 maisie style#7 isla

style#1 grace style#2 freya style#3 iona style#4 skye style#5 cora style#6 maisie style#7 isla style#8 flora Add-on products Cashmere bed socks 3 colours Lace bralette 3 colours Necklaces 2 styles Labelling Packaging Website HOME

829 views • 13 slides
Pythonic Coding Style A Foolish Consistency is the Hobgoblin of Little Minds Guido van Rossum

Pythonic Coding Style A Foolish Consistency is the Hobgoblin of Little Minds Guido van Rossum

Pythonic Coding Style A Foolish Consistency is the Hobgoblin of Little Minds Guido van Rossum (creator of Python) makes a point: code is read more often than it is written , so readability counts . Python is one of the few languages with an

555 views • 20 slides
Report - BY CA M A H E N D R A SA N G H V I 2 Few samples of observation which one can

Report - BY CA M A H E N D R A SA N G H V I 2 Few samples of observation which one can

Clauses of Tax Audit Report - BY CA M A H E N D R A SA N G H V I 2 Few samples of observation which one can consider to clarify in Form 3CB are: Sr Qualification Type Observation/Qualification No. 1. Records produced for verification of

1.15k views • 89 slides
gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly

gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly

Gerard Holzmann Nimble Research gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly recommended DO 178C: required as opposed to testing only expected behavior, or randomly poking the code with

635 views • 18 slides
Continuation-Passing Style Transforms Type Theory and Coq Vincent Koppen 15-05-2018 Paper

Continuation-Passing Style Transforms Type Theory and Coq Vincent Koppen 15-05-2018 Paper

Continuation-Passing Style Transforms Type Theory and Coq Vincent Koppen 15-05-2018 Paper Title: Polymorphic Type Assignment and CPS Conversion Authors: Robert Harpery and Mark Lillibridge Year: 1993 Journal: lisp and symbolic computation : An

911 views • 52 slides
Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999: 2.2 Linux Kernel (patch) 2000: 2001: 2.4 Linux Kernel (patch) 2002: LSM 2003:

764 views • 43 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
Basic Project H ygiene Change control, coding style, and other observations on avoiding messes

Basic Project H ygiene Change control, coding style, and other observations on avoiding messes

Basic Project H ygiene Change control, coding style, and other observations on avoiding messes CIS 422 S98 / M Young 1/21/99 1 Change Control Typically three builds are current: Frozen: The demo version (shared) W

595 views • 10 slides
Software control issues of high bitrate data streams Christoph Lameter, Ph.D. cl@linux.com

Software control issues of high bitrate data streams Christoph Lameter, Ph.D. cl@linux.com

Software control issues of high bitrate data streams Christoph Lameter, Ph.D. cl@linux.com Linux Core Kernel Maintainer for slab allocators and per cpu operations R&amp;D Architect Algorithmic Trading Photonics for throughput and latency

572 views • 8 slides
Australian Learning &amp; Qualification Program Agenda 1. New Leadership Qualification 2.

Australian Learning &amp; Qualification Program Agenda 1. New Leadership Qualification 2.

Australian Learning &amp; Qualification Program Agenda 1. New Leadership Qualification 2. Implementation and next steps Leadership Qualification (LQ) ALQP replaces AALP New name is Australian Learning &amp; Qualification Program

773 views • 54 slides
Towards L T EX Coding Standards A Not L A T EX ones? What can we do? Layout Blanks Names

Towards L T EX Coding Standards A Not L A T EX ones? What can we do? Layout Blanks Names

L A T EX Style Didier Verna Introduction Coding Standards? Towards L T EX Coding Standards A Not L A T EX ones? What can we do? Layout Blanks Names Didier Verna Design Duplication Conditionals didier@lrde.epita.fr Modularity

719 views • 28 slides
CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA

CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA

7/22/2019 GREATER NY HEALTHCARE FACILITIES ASSOCIATION THE PROOF IS IN THE pudding CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA Vice President The CHARTS Group CMSs MESSAGE: If you do

836 views • 42 slides
Making the Linux Kernel better (without coding) Wolfram Sang Consultant 1.2.2014, FOSDEM14

Making the Linux Kernel better (without coding) Wolfram Sang Consultant 1.2.2014, FOSDEM14

. . Making the Linux Kernel better (without coding) Wolfram Sang Consultant 1.2.2014, FOSDEM14 Wolfram Sang (wsa@the-dreams.de) Making the Linux Kernel better 1.2.2014, FOSDEM14 1 / 20 About me Linux Kernel consultant &amp; hacker

591 views • 20 slides
Linux admin interview questions 1. How do you take a single line of input from the user in a shell

Linux admin interview questions 1. How do you take a single line of input from the user in a shell

Linux admin interview questions 1. How do you take a single line of input from the user in a shell script? 2. Write a script to convert all DOS style backslashes to UNIX style slashes in a list of files. 3. Write a regular expression (or sed script)

836 views • 40 slides
Linux Kernel Issues in End Host Systems Wenji Wu, Matt Crawford US-LHC End-to-End Networking

Linux Kernel Issues in End Host Systems Wenji Wu, Matt Crawford US-LHC End-to-End Networking

1 Linux Kernel Issues in End Host Systems Wenji Wu, Matt Crawford US-LHC End-to-End Networking Meeting Fermi National Accelerator Lab, 2006 wenji@fnal.gov; crawdad@fnal.gov 2 Topics Background Linux 2.6 Characteristics Kernel

619 views • 24 slides
IT350: Web &amp; Internet Programming Set 4: CSS No Style Style! How do we get from here to

IT350: Web &amp; Internet Programming Set 4: CSS No Style Style! How do we get from here to

IT350: Web &amp; Internet Programming Set 4: CSS No Style Style! How do we get from here to there? 1 Cascading Style Sheets (CSS) example Key Questions Where can we specify style? How to select what parts of a page the style

692 views • 9 slides
Image and Video Coding: Exam Preparation bitstream encoder decoder What Type of Exam? - When

Image and Video Coding: Exam Preparation bitstream encoder decoder What Type of Exam? - When

Image and Video Coding: Exam Preparation bitstream encoder decoder What Type of Exam? - When and Where? General Online exam via WebEx (or any other system) Possible dates: After August, 3 Write e-mail to heiko.schwarz@hhi.fraunhofer.de with

383 views • 13 slides
Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Outline Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the Technion) Huffman coding Arithmetic coding Lempel-Ziv coding 2 Entropy Definitions Alphabet : A finite set containing at least

402 views • 10 slides

More recommend