Xen project Mailing List

Re: [Xen-devel] [RFC v5 024/126] error: auto propagated local_err

To: Markus Armbruster <armbru@xxxxxxxxxx>

From: Vladimir Sementsov-Ogievskiy <vsementsov@xxxxxxxxxxxxx>

Date: Thu, 5 Dec 2019 09:38:49 +0000

Accept-language: ru-RU, en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=virtuozzo.com; dmarc=pass action=none header.from=virtuozzo.com; dkim=pass header.d=virtuozzo.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ia1p69Vw40bANxIuoeSQaYjHJYbA1cGLl9V08AlorT0=; b=WloxzEqTOA/f84qsLhHHAWfUySOH3TbQFjj9G+L3uI1g/YScEiCurtcd0qSiw40nTE5gINNaJOF44xbQPY7tmpn0DDSUAlPLDb21I0yMG4A5DaChi+iFnMjmNK2dI50ihv6m8aA37nQjVqvQ4FrO5pViRsnt9QzQi/eIIkpdseIJjRJ3XwSGASTngdmiULfV84Y0oG4FSfXkTRN430N9xsIEdwX5N+SKgAShYu/7uTzcuuEEd8DF6vTE6S5jibEHCaVxn3TcBza9cb7TE8D0jWpWj6Idva/b9fUoSV7vOnmrCOL9lW31L1wHneXTzG1l9pI2oirOyMhuEsc+T1Y73Q==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lgbmmPUW15cSoetFA3ZWreoJdiz/el29JWIPI5TnrdMeYgIX+sd9bf/Z0pacAEOnB1Tv73bj/P97RyVIVJpfnCvXqXqzUzjFaJTvEUTw7ZrYka38MboYkwoTH+GmIGwqKUPNSna/tjXkEYcztZDGbr2P2JiXuWeKzcqXsz6HnQWwZB9ipAROkn1LX28j2a5P84z2ZNC7eIqsBd9HGKBN/E0tNmll6rNEn7KiqwdICyuZ3lidcgj+moP4HcsJ2S6TDyRPzVZ92IbocUS53ugSiMGCOgJxURTLNYH0hINNl9lcTAwI5i2/o23N1embqUJj6QbPoZ/GRlE/h09Si+PYNg==

Authentication-results: spf=none (sender IP is ) smtp.mailfrom=vsementsov@xxxxxxxxxxxxx;

Cc: Ronnie Sahlberg <ronniesahlberg@xxxxxxxxx>, Jeff Cody <codyprime@xxxxxxxxx>, Jan Kiszka <jan.kiszka@xxxxxxxxxxx>, Alberto Garcia <berto@xxxxxxxxxx>, Hailiang Zhang <zhang.zhanghailiang@xxxxxxxxxx>, "qemu-block@xxxxxxxxxx" <qemu-block@xxxxxxxxxx>, Aleksandar Rikalo <arikalo@xxxxxxxxxxxx>, Halil Pasic <pasic@xxxxxxxxxxxxx>, Hervé Poussineau <hpoussin@xxxxxxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Laszlo Ersek <lersek@xxxxxxxxxx>, Jason Wang <jasowang@xxxxxxxxxx>, Laurent Vivier <lvivier@xxxxxxxxxx>, Eduardo Habkost <ehabkost@xxxxxxxxxx>, Xie Changlong <xiechanglong.d@xxxxxxxxx>, Peter Lieven <pl@xxxxxxx>, "Dr. David Alan Gilbert" <dgilbert@xxxxxxxxxx>, Beniamino Galvani <b.galvani@xxxxxxxxx>, Eric Auger <eric.auger@xxxxxxxxxx>, Alex Williamson <alex.williamson@xxxxxxxxxx>, Stefan Hajnoczi <stefanha@xxxxxxxxxx>, John Snow <jsnow@xxxxxxxxxx>, Richard Henderson <rth@xxxxxxxxxxx>, Kevin Wolf <kwolf@xxxxxxxxxx>, Andrew Jeffery <andrew@xxxxxxxx>, Chris Wulff <crwulff@xxxxxxxxx>, Subbaraya Sundeep <sundeep.lkml@xxxxxxxxx>, Michael Walle <michael@xxxxxxxx>, "qemu-ppc@xxxxxxxxxx" <qemu-ppc@xxxxxxxxxx>, Bastian Koppelmann <kbastian@xxxxxxxxxxxxxxxxxxxxx>, Igor Mammedov <imammedo@xxxxxxxxxx>, Fam Zheng <fam@xxxxxxxxxx>, Peter Maydell <peter.maydell@xxxxxxxxxx>, "sheepdog@xxxxxxxxxxxxxx" <sheepdog@xxxxxxxxxxxxxx>, Matthew Rosato <mjrosato@xxxxxxxxxxxxx>, David Hildenbrand <david@xxxxxxxxxx>, Palmer Dabbelt <palmer@xxxxxxxxxx>, Eric Farman <farman@xxxxxxxxxxxxx>, Max Filippov <jcmvbkbc@xxxxxxxxx>, Hannes Reinecke <hare@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "Gonglei \(Arei\)" <arei.gonglei@xxxxxxxxxx>, Liu Yuan <namei.unix@xxxxxxxxx>, Artyom Tarasenko <atar4qemu@xxxxxxxxx>, Thomas Huth <thuth@xxxxxxxxxx>, Amit Shah <amit@xxxxxxxxxx>, Stefan Weil <sw@xxxxxxxxxxx>, Greg Kurz <groug@xxxxxxxx>, Yuval Shaia <yuval.shaia@xxxxxxxxxx>, "qemu-s390x@xxxxxxxxxx" <qemu-s390x@xxxxxxxxxx>, "qemu-arm@xxxxxxxxxx" <qemu-arm@xxxxxxxxxx>, Peter Chubb <peter.chubb@xxxxxxxxxxxx>, Cédric Le Goater <clg@xxxxxxxx>, Stafford Horne <shorne@xxxxxxxxx>, "qemu-riscv@xxxxxxxxxx" <qemu-riscv@xxxxxxxxxx>, Cornelia Huck <cohuck@xxxxxxxxxx>, Aleksandar Markovic <amarkovic@xxxxxxxxxxxx>, Aurelien Jarno <aurelien@xxxxxxxxxxx>, Paul Burton <pburton@xxxxxxxxxxxx>, Sagar Karandikar <sagark@xxxxxxxxxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Anthony Green <green@xxxxxxxxxxxxxx>, Gerd Hoffmann <kraxel@xxxxxxxxxx>, "Edgar E. Iglesias" <edgar.iglesias@xxxxxxxxx>, Guan Xuetao <gxt@xxxxxxxxxxxxxxx>, Ari Sundholm <ari@xxxxxxxxxx>, Juan Quintela <quintela@xxxxxxxxxx>, Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>, Christian Borntraeger <borntraeger@xxxxxxxxxx>, Joel Stanley <joel@xxxxxxxxx>, Jason Dillaman <dillaman@xxxxxxxxxx>, Antony Pavlov <antonynpavlov@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "integration@xxxxxxxxxxx" <integration@xxxxxxxxxxx>, Philippe Mathieu-Daudé <philmd@xxxxxxxxxx>, "Richard W.M. Jones" <rjones@xxxxxxxxxx>, Andrew Baumann <Andrew.Baumann@xxxxxxxxxxxxx>, Max Reitz <mreitz@xxxxxxxxxx>, Denis Lunev <den@xxxxxxxxxxxxx>, "Michael S. Tsirkin" <mst@xxxxxxxxxx>, Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>, "qemu-devel@xxxxxxxxxx" <qemu-devel@xxxxxxxxxx>, Vincenzo Maffione <v.maffione@xxxxxxxxx>, Marek Vasut <marex@xxxxxxx>, Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>, Alistair Francis <alistair@xxxxxxxxxxxxx>, Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>, Giuseppe Lettieri <g.lettieri@xxxxxxxxxxxx>, Luigi Rizzo <rizzo@xxxxxxxxxxxx>, David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>, Tony Krowiak <akrowiak@xxxxxxxxxxxxx>, Daniel P. Berrangé <berrange@xxxxxxxxxx>, Xiao Guangrong <xiaoguangrong.eric@xxxxxxxxx>, Pierre Morel <pmorel@xxxxxxxxxxxxx>, Wen Congyang <wencongyang2@xxxxxxxxxx>, Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Stefan Berger <stefanb@xxxxxxxxxxxxx>

Delivery-date: Thu, 05 Dec 2019 12:01:11 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHVgE3c5dwPNEl0z0OyUhbNfTU1EqeqZpzagAE4WYA=

Thread-topic: [RFC v5 024/126] error: auto propagated local_err

04.12.2019 17:59, Markus Armbruster wrote: > Vladimir Sementsov-Ogievskiy <vsementsov@xxxxxxxxxxxxx> writes: > >> Here is introduced ERRP_AUTO_PROPAGATE macro, to be used at start of >> functions with errp OUT parameter. >> >> It has three goals: >> >> 1. Fix issue with error_fatal & error_prepend/error_append_hint: user >> can't see this additional information, because exit() happens in >> error_setg earlier than information is added. [Reported by Greg Kurz] >> >> 2. Fix issue with error_abort & error_propagate: when we wrap >> error_abort by local_err+error_propagate, resulting coredump will >> refer to error_propagate and not to the place where error happened. > > I get what you mean, but I have plenty of context. > >> (the macro itself doesn't fix the issue, but it allows to [3.] drop all >> local_err+error_propagate pattern, which will definitely fix the issue) > > The parenthesis is not part of the goal. > >> [Reported by Kevin Wolf] >> >> 3. Drop local_err+error_propagate pattern, which is used to workaround >> void functions with errp parameter, when caller wants to know resulting >> status. (Note: actually these functions could be merely updated to >> return int error code). >> >> To achieve these goals, we need to add invocation of the macro at start >> of functions, which needs error_prepend/error_append_hint (1.); add >> invocation of the macro at start of functions which do >> local_err+error_propagate scenario the check errors, drop local errors >> from them and just use *errp instead (2., 3.). > > The paragraph talks about two cases: 1. and 2.+3. Hmm, I don't think so.. 1. and 2. are issues. 3. is a refactoring.. We just fix achieve 2 and 3 by one action. > Makes me think we > want two paragraphs, each illustrated with an example. > > What about you provide the examples, and then I try to polish the prose? 1: error_fatal problem Assume the following code flow: int f1(errp) { ... ret = f2(errp); if (ret < 0) { error_append_hint(errp, "very useful hint"); return ret; } ... } Now, if we call f1 with &error_fatal argument and f2 fails, the program will exit immediately inside f2, when setting the errp. User will not see the hint. So, in this case we should use local_err. 2: error_abort problem Now, consider functions without return value. We normally use local_err variable to catch failures: void f1(errp) { Error *local_err = NULL; ... f2(&local_err); if (local_err) { error_propagate(errp, local_err); return; } ... } Now, if we call f2 with &error_abort and f2 fails, the stack in resulting crash dump will point to error_propagate, not to the failure point in f2, which complicates debugging. So, we should never wrap error_abort by local_err. === Our solution: - Fixes [1.], adding invocation of new macro into functions with error_appen_hint/error_prepend, New macro will wrap error_fatal. - Fixes [2.], by switching from hand-written local_err to smart macro, which never wraps error_abort. - Handles [3.], by switching to macro, which is less code - Additionally, macro doesn't wrap normal non-zero errp, to avoid extra propagations (in fact, error_propagate is called, but returns immediately on first if (!local_err)) > >> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@xxxxxxxxxxxxx> >> Reviewed-by: Eric Blake <eblake@xxxxxxxxxx> >> --- >> >> CC: Gerd Hoffmann <kraxel@xxxxxxxxxx> >> CC: "Gonglei (Arei)" <arei.gonglei@xxxxxxxxxx> >> CC: Eduardo Habkost <ehabkost@xxxxxxxxxx> >> CC: Igor Mammedov <imammedo@xxxxxxxxxx> >> CC: Laurent Vivier <lvivier@xxxxxxxxxx> >> CC: Amit Shah <amit@xxxxxxxxxx> >> CC: Kevin Wolf <kwolf@xxxxxxxxxx> >> CC: Max Reitz <mreitz@xxxxxxxxxx> >> CC: John Snow <jsnow@xxxxxxxxxx> >> CC: Ari Sundholm <ari@xxxxxxxxxx> >> CC: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx> >> CC: Paolo Bonzini <pbonzini@xxxxxxxxxx> >> CC: Stefan Hajnoczi <stefanha@xxxxxxxxxx> >> CC: Fam Zheng <fam@xxxxxxxxxx> >> CC: Stefan Weil <sw@xxxxxxxxxxx> >> CC: Ronnie Sahlberg <ronniesahlberg@xxxxxxxxx> >> CC: Peter Lieven <pl@xxxxxxx> >> CC: Eric Blake <eblake@xxxxxxxxxx> >> CC: "Denis V. Lunev" <den@xxxxxxxxxx> >> CC: Markus Armbruster <armbru@xxxxxxxxxx> >> CC: Alberto Garcia <berto@xxxxxxxxxx> >> CC: Jason Dillaman <dillaman@xxxxxxxxxx> >> CC: Wen Congyang <wencongyang2@xxxxxxxxxx> >> CC: Xie Changlong <xiechanglong.d@xxxxxxxxx> >> CC: Liu Yuan <namei.unix@xxxxxxxxx> >> CC: "Richard W.M. Jones" <rjones@xxxxxxxxxx> >> CC: Jeff Cody <codyprime@xxxxxxxxx> >> CC: "Marc-André Lureau" <marcandre.lureau@xxxxxxxxxx> >> CC: "Daniel P. Berrangé" <berrange@xxxxxxxxxx> >> CC: Richard Henderson <rth@xxxxxxxxxxx> >> CC: Greg Kurz <groug@xxxxxxxx> >> CC: "Michael S. Tsirkin" <mst@xxxxxxxxxx> >> CC: Marcel Apfelbaum <marcel.apfelbaum@xxxxxxxxx> >> CC: Beniamino Galvani <b.galvani@xxxxxxxxx> >> CC: Peter Maydell <peter.maydell@xxxxxxxxxx> >> CC: "Cédric Le Goater" <clg@xxxxxxxx> >> CC: Andrew Jeffery <andrew@xxxxxxxx> >> CC: Joel Stanley <joel@xxxxxxxxx> >> CC: Andrew Baumann <Andrew.Baumann@xxxxxxxxxxxxx> >> CC: "Philippe Mathieu-Daudé" <philmd@xxxxxxxxxx> >> CC: Antony Pavlov <antonynpavlov@xxxxxxxxx> >> CC: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx> >> CC: Peter Chubb <peter.chubb@xxxxxxxxxxxx> >> CC: Subbaraya Sundeep <sundeep.lkml@xxxxxxxxx> >> CC: Eric Auger <eric.auger@xxxxxxxxxx> >> CC: Alistair Francis <alistair@xxxxxxxxxxxxx> >> CC: "Edgar E. Iglesias" <edgar.iglesias@xxxxxxxxx> >> CC: Stefano Stabellini <sstabellini@xxxxxxxxxx> >> CC: Anthony Perard <anthony.perard@xxxxxxxxxx> >> CC: Paul Durrant <paul@xxxxxxx> >> CC: Paul Burton <pburton@xxxxxxxxxxxx> >> CC: Aleksandar Rikalo <arikalo@xxxxxxxxxxxx> >> CC: Chris Wulff <crwulff@xxxxxxxxx> >> CC: Marek Vasut <marex@xxxxxxx> >> CC: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> >> CC: Cornelia Huck <cohuck@xxxxxxxxxx> >> CC: Halil Pasic <pasic@xxxxxxxxxxxxx> >> CC: Christian Borntraeger <borntraeger@xxxxxxxxxx> >> CC: "Hervé Poussineau" <hpoussin@xxxxxxxxxxx> >> CC: Xiao Guangrong <xiaoguangrong.eric@xxxxxxxxx> >> CC: Aurelien Jarno <aurelien@xxxxxxxxxxx> >> CC: Aleksandar Markovic <amarkovic@xxxxxxxxxxxx> >> CC: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx> >> CC: Jason Wang <jasowang@xxxxxxxxxx> >> CC: Laszlo Ersek <lersek@xxxxxxxxxx> >> CC: Yuval Shaia <yuval.shaia@xxxxxxxxxx> >> CC: Palmer Dabbelt <palmer@xxxxxxxxxx> >> CC: Sagar Karandikar <sagark@xxxxxxxxxxxxxxxxx> >> CC: Bastian Koppelmann <kbastian@xxxxxxxxxxxxxxxxxxxxx> >> CC: David Hildenbrand <david@xxxxxxxxxx> >> CC: Thomas Huth <thuth@xxxxxxxxxx> >> CC: Eric Farman <farman@xxxxxxxxxxxxx> >> CC: Matthew Rosato <mjrosato@xxxxxxxxxxxxx> >> CC: Hannes Reinecke <hare@xxxxxxxx> >> CC: Michael Walle <michael@xxxxxxxx> >> CC: Artyom Tarasenko <atar4qemu@xxxxxxxxx> >> CC: Stefan Berger <stefanb@xxxxxxxxxxxxx> >> CC: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx> >> CC: Alex Williamson <alex.williamson@xxxxxxxxxx> >> CC: Tony Krowiak <akrowiak@xxxxxxxxxxxxx> >> CC: Pierre Morel <pmorel@xxxxxxxxxxxxx> >> CC: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx> >> CC: Hailiang Zhang <zhang.zhanghailiang@xxxxxxxxxx> >> CC: Juan Quintela <quintela@xxxxxxxxxx> >> CC: "Dr. David Alan Gilbert" <dgilbert@xxxxxxxxxx> >> CC: Luigi Rizzo <rizzo@xxxxxxxxxxxx> >> CC: Giuseppe Lettieri <g.lettieri@xxxxxxxxxxxx> >> CC: Vincenzo Maffione <v.maffione@xxxxxxxxx> >> CC: Jan Kiszka <jan.kiszka@xxxxxxxxxxx> >> CC: Anthony Green <green@xxxxxxxxxxxxxx> >> CC: Stafford Horne <shorne@xxxxxxxxx> >> CC: Guan Xuetao <gxt@xxxxxxxxxxxxxxx> >> CC: Max Filippov <jcmvbkbc@xxxxxxxxx> >> CC: qemu-block@xxxxxxxxxx >> CC: integration@xxxxxxxxxxx >> CC: sheepdog@xxxxxxxxxxxxxx >> CC: qemu-arm@xxxxxxxxxx >> CC: xen-devel@xxxxxxxxxxxxxxxxxxxx >> CC: qemu-ppc@xxxxxxxxxx >> CC: qemu-s390x@xxxxxxxxxx >> CC: qemu-riscv@xxxxxxxxxx >> >> include/qapi/error.h | 38 ++++++++++++++++++++++++++++++++++++++ >> 1 file changed, 38 insertions(+) >> >> diff --git a/include/qapi/error.h b/include/qapi/error.h >> index d6898d833b..47238d9065 100644 >> --- a/include/qapi/error.h >> +++ b/include/qapi/error.h >> @@ -345,6 +345,44 @@ void error_set_internal(Error **errp, >> ErrorClass err_class, const char *fmt, ...) >> GCC_FMT_ATTR(6, 7); >> >> +typedef struct ErrorPropagator { >> + Error *local_err; >> + Error **errp; >> +} ErrorPropagator; >> + >> +static inline void error_propagator_cleanup(ErrorPropagator *prop) >> +{ >> + error_propagate(prop->errp, prop->local_err); >> +} >> + >> +G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(ErrorPropagator, error_propagator_cleanup); >> + >> +/* >> + * ERRP_AUTO_PROPAGATE >> + * >> + * This macro is created to be the first line of a function with Error >> **errp >> + * OUT parameter. It's needed only in cases where we want to use >> error_prepend, >> + * error_append_hint or dereference *errp. It's still safe (but useless) in >> + * other cases. >> + * >> + * If errp is NULL or points to error_fatal, it is rewritten to point to a >> + * local Error object, which will be automatically propagated to the >> original >> + * errp on function exit (see error_propagator_cleanup). >> + * >> + * After invocation of this macro it is always safe to dereference errp >> + * (as it's not NULL anymore) and to add information (by error_prepend or >> + * error_append_hint) >> + * (as, if it was error_fatal, we swapped it with a local_error to be >> + * propagated on cleanup). >> + * >> + * Note: we don't wrap the error_abort case, as we want resulting coredump >> + * to point to the place where the error happened, not to error_propagate. >> + */ >> +#define ERRP_AUTO_PROPAGATE() \ >> + g_auto(ErrorPropagator) _auto_errp_prop = {.errp = errp}; \ >> + errp = ((errp == NULL || *errp == error_fatal) \ >> + ? &_auto_errp_prop.local_err : errp) >> + >> /* >> * Special error destination to abort on error. >> * See error_setg() and error_propagate() for details. > > Missing: update of the big comment starting with "Error reporting system > loosely patterned after Glib's GError." > -- Best regards, Vladimir _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.