From a08a2014300a495381cdb8f6d59523bcd5d3b883 Mon Sep 17 00:00:00 2001 From: Daniel Boulby Date: Fri, 22 Jun 2018 14:16:03 +0100 Subject: [PATCH] Ensure the flow through switch statements is clear Ensure case clauses: * Terminate with an unconditional break, return or goto statement. * Use conditional break, return or goto statements as long as the end of the case clause is unreachable; such case clauses must terminate with assert(0) /* Unreachable */ or an unconditional __dead2 function call * Only fallthough when doing otherwise would result in less readable/maintainable code; such case clauses must terminate with a /* Fallthrough */ comment to make it clear this is the case and indicate that a fallthrough is intended. This reduces the chance of bugs appearing due to unintended flow through a switch statement Change-Id: I70fc2d1f4fd679042397dec12fd1982976646168 Signed-off-by: Daniel Boulby --- bl1/bl1_fwu.c | 6 ++---- lib/libc/printf.c | 1 + lib/libc/snprintf.c | 2 ++ plat/common/plat_gicv2.c | 4 ++-- plat/common/plat_gicv3.c | 4 +++- plat/rockchip/rk3399/drivers/dp/cdn_dp.c | 2 ++ plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c | 1 + services/spd/tlkd/tlkd_common.c | 4 ++-- services/spd/tspd/tspd_main.c | 1 + 9 files changed, 16 insertions(+), 9 deletions(-) diff --git a/bl1/bl1_fwu.c b/bl1/bl1_fwu.c index 25be57708..28b9eb907 100644 --- a/bl1/bl1_fwu.c +++ b/bl1/bl1_fwu.c @@ -86,11 +86,9 @@ register_t bl1_fwu_smc_handler(unsigned int smc_fid, case FWU_SMC_UPDATE_DONE: bl1_fwu_done((void *)x1, NULL); - /* We should never return from bl1_fwu_done() */ - break; default: - assert(0); + assert(0); /* Unreachable */ break; } @@ -747,7 +745,7 @@ static int bl1_fwu_image_reset(unsigned int image_id, unsigned int flags) case IMAGE_STATE_EXECUTED: default: - assert(0); + assert(0); /* Unreachable */ break; } diff --git a/lib/libc/printf.c b/lib/libc/printf.c index 4480e94db..d50876d75 100644 --- a/lib/libc/printf.c +++ b/lib/libc/printf.c @@ -166,6 +166,7 @@ loop: padn = (padn * 10) + (ch - '0'); fmt++; } + assert(0); /* Unreachable */ default: /* Exit on any other format specifier */ return -1; diff --git a/lib/libc/snprintf.c b/lib/libc/snprintf.c index 9bc07b2cb..66a2fa2f5 100644 --- a/lib/libc/snprintf.c +++ b/lib/libc/snprintf.c @@ -4,6 +4,7 @@ * SPDX-License-Identifier: BSD-3-Clause */ +#include #include #include #include @@ -117,6 +118,7 @@ int snprintf(char *s, size_t n, const char *fmt, ...) ERROR("snprintf: specifier with ASCII code '%d' not supported.", *fmt); plat_panic_handler(); + assert(0); /* Unreachable */ } fmt++; continue; diff --git a/plat/common/plat_gicv2.c b/plat/common/plat_gicv2.c index 2b61834b2..4b6687371 100644 --- a/plat/common/plat_gicv2.c +++ b/plat/common/plat_gicv2.c @@ -226,7 +226,7 @@ void plat_ic_set_interrupt_type(unsigned int id, unsigned int type) gicv2_type = GICV2_INTR_GROUP1; break; default: - assert(false); + assert(0); /* Unreachable */ break; } @@ -266,7 +266,7 @@ void plat_ic_set_spi_routing(unsigned int id, unsigned int routing_mode, proc_num = -1; break; default: - assert(false); + assert(0); /* Unreachable */ break; } diff --git a/plat/common/plat_gicv3.c b/plat/common/plat_gicv3.c index e43a35507..f8277fe54 100644 --- a/plat/common/plat_gicv3.c +++ b/plat/common/plat_gicv3.c @@ -157,6 +157,7 @@ uint32_t plat_interrupt_type_to_line(uint32_t type, return __builtin_ctz(SCR_IRQ_BIT); else return __builtin_ctz(SCR_FIQ_BIT); + assert(0); /* Unreachable */ case INTR_TYPE_NS: /* * The Non secure interrupts will be signaled as FIQ in S-EL0/1 @@ -166,6 +167,7 @@ uint32_t plat_interrupt_type_to_line(uint32_t type, return __builtin_ctz(SCR_FIQ_BIT); else return __builtin_ctz(SCR_IRQ_BIT); + assert(0); /* Unreachable */ case INTR_TYPE_EL3: /* * The EL3 interrupts are signaled as FIQ in both S-EL0/1 and @@ -255,7 +257,7 @@ void plat_ic_set_spi_routing(unsigned int id, unsigned int routing_mode, irm = GICV3_IRM_ANY; break; default: - assert(false); + assert(0); /* Unreachable */ break; } diff --git a/plat/rockchip/rk3399/drivers/dp/cdn_dp.c b/plat/rockchip/rk3399/drivers/dp/cdn_dp.c index 2adab8fbf..73a75bb7c 100644 --- a/plat/rockchip/rk3399/drivers/dp/cdn_dp.c +++ b/plat/rockchip/rk3399/drivers/dp/cdn_dp.c @@ -4,6 +4,7 @@ * SPDX-License-Identifier: BSD-3-Clause */ +#include #include #include #include @@ -38,6 +39,7 @@ uint64_t dp_hdcp_ctrl(uint64_t type) return hdcp_handler(&key); else return PSCI_E_INVALID_PARAMS; + assert(0); /* Unreachable */ default: return SMC_UNK; } diff --git a/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c b/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c index 32c73577a..16c08ae6d 100644 --- a/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c +++ b/plat/xilinx/zynqmp/pm_service/pm_api_ioctl.c @@ -253,6 +253,7 @@ static enum pm_ret_status pm_ioctl_sd_dll_reset(enum pm_node_id nid, if (type == PM_DLL_RESET_ASSERT) break; mdelay(1); + /* Fallthrough */ case PM_DLL_RESET_RELEASE: ret = pm_mmio_write(ZYNQMP_SD_DLL_CTRL, mask, 0); break; diff --git a/services/spd/tlkd/tlkd_common.c b/services/spd/tlkd/tlkd_common.c index d846269b9..6fec91bca 100644 --- a/services/spd/tlkd/tlkd_common.c +++ b/services/spd/tlkd/tlkd_common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -48,7 +48,7 @@ uint64_t tlkd_va_translate(uintptr_t va, int type) ats12e0w(va); break; default: - assert(0); + assert(0); /* Unreachable */ break; } diff --git a/services/spd/tspd/tspd_main.c b/services/spd/tspd/tspd_main.c index 3ec98d687..d2acda8d9 100644 --- a/services/spd/tspd/tspd_main.c +++ b/services/spd/tspd/tspd_main.c @@ -592,6 +592,7 @@ static uintptr_t tspd_smc_handler(uint32_t smc_fid, SMC_RET3(ns_cpu_context, x1, x2, x3); } + assert(0); /* Unreachable */ /* * Request from the non-secure world to abort a preempted Yielding SMC