[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC v5 024/126] error: auto propagated local_err

To: Vladimir Sementsov-Ogievskiy <vsementsov@xxxxxxxxxxxxx>
From: Markus Armbruster <armbru@xxxxxxxxxx>
Date: Fri, 06 Dec 2019 09:13:57 +0100
Cc: Stefan Hajnoczi <stefanha@xxxxxxxxxx>, Jeff Cody <codyprime@xxxxxxxxx>, Jan Kiszka <jan.kiszka@xxxxxxxxxxx>, Alberto Garcia <berto@xxxxxxxxxx>, Hailiang Zhang <zhang.zhanghailiang@xxxxxxxxxx>, "qemu-block@xxxxxxxxxx" <qemu-block@xxxxxxxxxx>, Aleksandar Rikalo <arikalo@xxxxxxxxxxxx>, Halil Pasic <pasic@xxxxxxxxxxxxx>, Hervé Poussineau <hpoussin@xxxxxxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Philippe Mathieu-Daudé <philmd@xxxxxxxxxx>, Anthony Green <green@xxxxxxxxxxxxxx>, Laurent Vivier <lvivier@xxxxxxxxxx>, Eduardo Habkost <ehabkost@xxxxxxxxxx>, Xie Changlong <xiechanglong.d@xxxxxxxxx>, Peter Lieven <pl@xxxxxxx>, "Dr. David Alan Gilbert" <dgilbert@xxxxxxxxxx>, Beniamino Galvani <b.galvani@xxxxxxxxx>, Eric Auger <eric.auger@xxxxxxxxxx>, Alex Williamson <alex.williamson@xxxxxxxxxx>, Ronnie Sahlberg <ronniesahlberg@xxxxxxxxx>, John Snow <jsnow@xxxxxxxxxx>, Richard Henderson <rth@xxxxxxxxxxx>, Kevin Wolf <kwolf@xxxxxxxxxx>, Andrew Jeffery <andrew@xxxxxxxx>, Chris Wulff <crwulff@xxxxxxxxx>, Subbaraya Sundeep <sundeep.lkml@xxxxxxxxx>, Michael Walle <michael@xxxxxxxx>, "qemu-ppc@xxxxxxxxxx" <qemu-ppc@xxxxxxxxxx>, Bastian Koppelmann <kbastian@xxxxxxxxxxxxxxxxxxxxx>, Igor Mammedov <imammedo@xxxxxxxxxx>, Fam Zheng <fam@xxxxxxxxxx>, Peter Maydell <peter.maydell@xxxxxxxxxx>, "sheepdog@xxxxxxxxxxxxxx" <sheepdog@xxxxxxxxxxxxxx>, Matthew Rosato <mjrosato@xxxxxxxxxxxxx>, David Hildenbrand <david@xxxxxxxxxx>, Palmer Dabbelt <palmer@xxxxxxxxxx>, Eric Farman <farman@xxxxxxxxxxxxx>, Max Filippov <jcmvbkbc@xxxxxxxxx>, Hannes Reinecke <hare@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "Gonglei \(Arei\)" <arei.gonglei@xxxxxxxxxx>, Liu Yuan <namei.unix@xxxxxxxxx>, Artyom Tarasenko <atar4qemu@xxxxxxxxx>, Thomas Huth <thuth@xxxxxxxxxx>, Amit Shah <amit@xxxxxxxxxx>, Stefan Weil <sw@xxxxxxxxxxx>, Greg Kurz <groug@xxxxxxxx>, Yuval Shaia <yuval.shaia@xxxxxxxxxx>, "qemu-s390x@xxxxxxxxxx" <qemu-s390x@xxxxxxxxxx>, "qemu-arm@xxxxxxxxxx" <qemu-arm@xxxxxxxxxx>, Peter Chubb <peter.chubb@xxxxxxxxxxxx>, Cédric Le Goater <clg@xxxxxxxx>, Stafford Horne <shorne@xxxxxxxxx>, "qemu-riscv@xxxxxxxxxx" <qemu-riscv@xxxxxxxxxx>, Cornelia Huck <cohuck@xxxxxxxxxx>, Aleksandar Markovic <amarkovic@xxxxxxxxxxxx>, Aurelien Jarno <aurelien@xxxxxxxxxxx>, Paul Burton <pburton@xxxxxxxxxxxx>, Sagar Karandikar <sagark@xxxxxxxxxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Jason Wang <jasowang@xxxxxxxxxx>, Gerd Hoffmann <kraxel@xxxxxxxxxx>, "Edgar E. Iglesias" <edgar.iglesias@xxxxxxxxx>, Guan Xuetao <gxt@xxxxxxxxxxxxxxx>, Ari Sundholm <ari@xxxxxxxxxx>, Juan Quintela <quintela@xxxxxxxxxx>, Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>, Christian Borntraeger <borntraeger@xxxxxxxxxx>, Joel Stanley <joel@xxxxxxxxx>, Jason Dillaman <dillaman@xxxxxxxxxx>, Antony Pavlov <antonynpavlov@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "integration@xxxxxxxxxxx" <integration@xxxxxxxxxxx>, Laszlo Ersek <lersek@xxxxxxxxxx>, "Richard W.M. Jones" <rjones@xxxxxxxxxx>, Andrew Baumann <Andrew.Baumann@xxxxxxxxxxxxx>, Max Reitz <mreitz@xxxxxxxxxx>, Denis Lunev <den@xxxxxxxxxxxxx>, "Michael S. Tsirkin" <mst@xxxxxxxxxx>, Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>, "qemu-devel@xxxxxxxxxx" <qemu-devel@xxxxxxxxxx>, Vincenzo Maffione <v.maffione@xxxxxxxxx>, Marek Vasut <marex@xxxxxxx>, Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>, Alistair Francis <alistair@xxxxxxxxxxxxx>, Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>, Giuseppe Lettieri <g.lettieri@xxxxxxxxxxxx>, Luigi Rizzo <rizzo@xxxxxxxxxxxx>, David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>, Tony Krowiak <akrowiak@xxxxxxxxxxxxx>, "Daniel P. Berrangé" <berrange@xxxxxxxxxx>, Xiao Guangrong <xiaoguangrong.eric@xxxxxxxxx>, Pierre Morel <pmorel@xxxxxxxxxxxxx>, Wen Congyang <wencongyang2@xxxxxxxxxx>, Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Stefan Berger <stefanb@xxxxxxxxxxxxx>
Delivery-date: Fri, 06 Dec 2019 10:19:50 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Vladimir Sementsov-Ogievskiy <vsementsov@xxxxxxxxxxxxx> writes:

> 05.12.2019 17:58, Vladimir Sementsov-Ogievskiy wrote:
>> 05.12.2019 15:36, Markus Armbruster wrote:
>>> Vladimir Sementsov-Ogievskiy <vsementsov@xxxxxxxxxxxxx> writes:
>>>
>>>> 04.12.2019 17:59, Markus Armbruster wrote:
>>>>> Vladimir Sementsov-Ogievskiy <vsementsov@xxxxxxxxxxxxx> writes:
>>>>>
>>>>>> Here is introduced ERRP_AUTO_PROPAGATE macro, to be used at start of
>>>>>> functions with errp OUT parameter.
>>>>>>
>>>>>> It has three goals:
>>>>>>
>>>>>> 1. Fix issue with error_fatal & error_prepend/error_append_hint: user
>>>>>> can't see this additional information, because exit() happens in
>>>>>> error_setg earlier than information is added. [Reported by Greg Kurz]
>>>>>>
>>>>>> 2. Fix issue with error_abort & error_propagate: when we wrap
>>>>>> error_abort by local_err+error_propagate, resulting coredump will
>>>>>> refer to error_propagate and not to the place where error happened.
>>>>>
>>>>> I get what you mean, but I have plenty of context.
>>>>>
>>>>>> (the macro itself doesn't fix the issue, but it allows to [3.] drop all
>>>>>> local_err+error_propagate pattern, which will definitely fix the issue)
>>>>>
>>>>> The parenthesis is not part of the goal.
>>>>>
>>>>>> [Reported by Kevin Wolf]
>>>>>>
>>>>>> 3. Drop local_err+error_propagate pattern, which is used to workaround
>>>>>> void functions with errp parameter, when caller wants to know resulting
>>>>>> status. (Note: actually these functions could be merely updated to
>>>>>> return int error code).
>>>>>>
>>>>>> To achieve these goals, we need to add invocation of the macro at start
>>>>>> of functions, which needs error_prepend/error_append_hint (1.); add
>>>>>> invocation of the macro at start of functions which do
>>>>>> local_err+error_propagate scenario the check errors, drop local errors
>>>>>> from them and just use *errp instead (2., 3.).
>>>>>
>>>>> The paragraph talks about two cases: 1. and 2.+3.
>>>>
>>>> Hmm, I don't think so.. 1. and 2. are issues. 3. is a refactoring.. We just
>>>> fix achieve 2 and 3 by one action.
>>>>
>>>>> Makes me think we
>>>>> want two paragraphs, each illustrated with an example.
>>>>>
>>>>> What about you provide the examples, and then I try to polish the prose?
>>>>
>>>> 1: error_fatal problem
>>>>
>>>> Assume the following code flow:
>>>>
>>>> int f1(errp) {
>>>>       ...
>>>>       ret = f2(errp);
>>>>       if (ret < 0) {
>>>>          error_append_hint(errp, "very useful hint");
>>>>          return ret;
>>>>       }
>>>>       ...
>>>> }
>>>>
>>>> Now, if we call f1 with &error_fatal argument and f2 fails, the program
>>>> will exit immediately inside f2, when setting the errp. User will not
>>>> see the hint.
>>>>
>>>> So, in this case we should use local_err.
>>>
>>> How does this example look after the transformation?
>> 
>> Good point.
>> 
>> int f1(errp) {
>>      ERRP_AUTO_PROPAGATE();
>>      ...
>>      ret = f2(errp);
>>      if (ret < 0) {
>>         error_append_hint(errp, "very useful hint");
>>         return ret;
>>      }
>>      ...
>> }
>> 
>> - nothing changed, only add macro at start. But now errp is safe, if it was
>> error_fatal it is wrapped by local error, and will only call exit on 
>> automatic
>> propagation on f1 finish.
>> 
>>>
>>>> 2: error_abort problem
>>>>
>>>> Now, consider functions without return value. We normally use local_err
>>>> variable to catch failures:
>>>>
>>>> void f1(errp) {
>>>>       Error *local_err = NULL;
>>>>       ...
>>>>       f2(&local_err);
>>>>       if (local_err) {
>>>>           error_propagate(errp, local_err);
>>>>           return;
>>>>       }
>>>>       ...
>>>> }
>>>>
>>>> Now, if we call f2 with &error_abort and f2 fails, the stack in resulting
>>>> crash dump will point to error_propagate, not to the failure point in f2,
>>>> which complicates debugging.
>>>>
>>>> So, we should never wrap error_abort by local_err.
>>>
>>> Likewise.
>> 
>> And here:
>> 
>> void f1(errp) {
>>       ERRP_AUTO_PROPAGATE();
>>       ...
>>       f2(errp);
>>       if (*errp) {
>>           return;
>>       }
>>       ...
>> 
>> - if errp was NULL, it is wrapped, so dereferencing errp is safe. On return,
>>     local error is automatically propagated to original one.
>
> and if it was error_abort, it is not wrapped, so will crash where failed.

We still need to avoid passing on unwrapped @errp when we want to ignore
some errors, as in fit_load_fdt(), but that should be quite rare.
Doesn't invalidate your approach.

[...]


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- Re: [Xen-devel] [RFC v5 024/126] error: auto propagated local_err
  - From: Markus Armbruster
- Re: [Xen-devel] [RFC v5 024/126] error: auto propagated local_err
  - From: Vladimir Sementsov-Ogievskiy
- Re: [Xen-devel] [RFC v5 024/126] error: auto propagated local_err
  - From: Markus Armbruster
- Re: [Xen-devel] [RFC v5 024/126] error: auto propagated local_err
  - From: Vladimir Sementsov-Ogievskiy
- Re: [Xen-devel] [RFC v5 024/126] error: auto propagated local_err
  - From: Vladimir Sementsov-Ogievskiy

Prev by Date: Re: [Xen-devel] [PATCH 0/6] xen: Support continuations from tasklets
Next by Date: Re: [Xen-devel] [PATCH 0/6] xen: Support continuations from tasklets
Previous by thread: Re: [Xen-devel] [RFC v5 024/126] error: auto propagated local_err
Next by thread: Re: [Xen-devel] [PATCH v2 10/22] golang/xenlight: define CpuidPolicyList builtin type
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.