From: Greg Kurz <groug@kaod.org>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: Laurent Vivier <lvivier@redhat.com>,
Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>,
qemu-ppc@nongnu.org, qemu-devel@nongnu.org,
Markus Armbruster <armbru@redhat.com>
Subject: Re: [PATCH v3 2/4] error: auto propagated local_err
Date: Mon, 15 Jun 2020 08:42:57 +0200 [thread overview]
Message-ID: <20200615084257.6711e3e8@bahia.lan> (raw)
In-Reply-To: <20200613071259.GD5861@umbus.fritz.box>
[-- Attachment #1: Type: text/plain, Size: 12137 bytes --]
On Sat, 13 Jun 2020 17:12:59 +1000
David Gibson <david@gibson.dropbear.id.au> wrote:
> On Thu, Jun 11, 2020 at 03:40:18PM +0200, Greg Kurz wrote:
> > From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> >
> > Introduce a new ERRP_AUTO_PROPAGATE macro, to be used at start of
> > functions with an errp OUT parameter.
> >
> > It has three goals:
> >
> > 1. Fix issue with error_fatal and error_prepend/error_append_hint: user
> > can't see this additional information, because exit() happens in
> > error_setg earlier than information is added. [Reported by Greg Kurz]
> >
> > 2. Fix issue with error_abort and error_propagate: when we wrap
> > error_abort by local_err+error_propagate, the resulting coredump will
> > refer to error_propagate and not to the place where error happened.
> > (the macro itself doesn't fix the issue, but it allows us to [3.] drop
> > the local_err+error_propagate pattern, which will definitely fix the
> > issue) [Reported by Kevin Wolf]
> >
> > 3. Drop local_err+error_propagate pattern, which is used to workaround
> > void functions with errp parameter, when caller wants to know resulting
> > status. (Note: actually these functions could be merely updated to
> > return int error code).
> >
> > To achieve these goals, later patches will add invocations
> > of this macro at the start of functions with either use
> > error_prepend/error_append_hint (solving 1) or which use
> > local_err+error_propagate to check errors, switching those
> > functions to use *errp instead (solving 2 and 3).
> >
> > Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> > Reviewed-by: Paul Durrant <paul@xen.org>
> > Reviewed-by: Greg Kurz <groug@kaod.org>
> > Reviewed-by: Eric Blake <eblake@redhat.com>
> > Signed-off-by: Greg Kurz <groug@kaod.org>
> > Reviewed-by: Laurent Vivier <lvivier@redhat.com>
>
> I don't feel terribly qualified to comment on this generic change to
> the errors mechanism. I can take it through my tree if necessary, but
> I'd want an ack from Markus.
>
Markus answered in another mail that there's still some more work to do
before we start using the ERRP_AUTO_PROPAGATE macro. A suivre...
> > ---
> > include/qapi/error.h | 205 ++++++++++++++++++++++++++++++++++++++++++--------
> > 1 file changed, 173 insertions(+), 32 deletions(-)
> >
> > diff --git a/include/qapi/error.h b/include/qapi/error.h
> > index ad5b6e896ded..30140d9bfea9 100644
> > --- a/include/qapi/error.h
> > +++ b/include/qapi/error.h
> > @@ -15,6 +15,8 @@
> > /*
> > * Error reporting system loosely patterned after Glib's GError.
> > *
> > + * = Deal with Error object =
> > + *
> > * Create an error:
> > * error_setg(&err, "situation normal, all fouled up");
> > *
> > @@ -47,28 +49,91 @@
> > * reporting it (primarily useful in testsuites):
> > * error_free_or_abort(&err);
> > *
> > - * Pass an existing error to the caller:
> > - * error_propagate(errp, err);
> > - * where Error **errp is a parameter, by convention the last one.
> > + * = Deal with Error ** function parameter =
> > *
> > - * Pass an existing error to the caller with the message modified:
> > - * error_propagate_prepend(errp, err);
> > + * A function may use the error system to return errors. In this case, the
> > + * function defines an Error **errp parameter, by convention the last one (with
> > + * exceptions for functions using ... or va_list).
> > *
> > - * Avoid
> > - * error_propagate(errp, err);
> > - * error_prepend(errp, "Could not frobnicate '%s': ", name);
> > - * because this fails to prepend when @errp is &error_fatal.
> > + * The caller may then pass in the following errp values:
> > *
> > - * Create a new error and pass it to the caller:
> > + * 1. &error_abort
> > + * Any error will result in abort().
> > + * 2. &error_fatal
> > + * Any error will result in exit() with a non-zero status.
> > + * 3. NULL
> > + * No error reporting through errp parameter.
> > + * 4. The address of a NULL-initialized Error *err
> > + * Any error will populate errp with an error object.
> > + *
> > + * The following rules then implement the correct semantics desired by the
> > + * caller.
> > + *
> > + * Create a new error to pass to the caller:
> > * error_setg(errp, "situation normal, all fouled up");
> > *
> > - * Call a function and receive an error from it:
> > + * Calling another errp-based function:
> > + * f(..., errp);
> > + *
> > + * == Checking success of subcall ==
> > + *
> > + * If a function returns a value indicating an error in addition to setting
> > + * errp (which is recommended), then you don't need any additional code, just
> > + * do:
> > + *
> > + * int ret = f(..., errp);
> > + * if (ret < 0) {
> > + * ... handle error ...
> > + * return ret;
> > + * }
> > + *
> > + * If a function returns nothing (not recommended for new code), the only way
> > + * to check success is by consulting errp; doing this safely requires the use
> > + * of the ERRP_AUTO_PROPAGATE macro, like this:
> > + *
> > + * int our_func(..., Error **errp) {
> > + * ERRP_AUTO_PROPAGATE();
> > + * ...
> > + * subcall(..., errp);
> > + * if (*errp) {
> > + * ...
> > + * return -EINVAL;
> > + * }
> > + * ...
> > + * }
> > + *
> > + * ERRP_AUTO_PROPAGATE takes care of wrapping the original errp as needed, so
> > + * that the rest of the function can directly use errp (including
> > + * dereferencing), where any errors will then be propagated on to the original
> > + * errp when leaving the function.
> > + *
> > + * In some cases, we need to check result of subcall, but do not want to
> > + * propagate the Error object to our caller. In such cases we don't need
> > + * ERRP_AUTO_PROPAGATE, but just a local Error object:
> > + *
> > + * Receive an error and not pass it:
> > * Error *err = NULL;
> > - * foo(arg, &err);
> > + * subcall(arg, &err);
> > * if (err) {
> > * handle the error...
> > + * error_free(err);
> > * }
> > *
> > + * Note that older code that did not use ERRP_AUTO_PROPAGATE would instead need
> > + * a local Error * variable and the use of error_propagate() to properly handle
> > + * all possible caller values of errp. Now this is DEPRECATED* (see below).
> > + *
> > + * Note that any function that wants to modify an error object, such as by
> > + * calling error_append_hint or error_prepend, must use ERRP_AUTO_PROPAGATE, in
> > + * order for a caller's use of &error_fatal to see the additional information.
> > + *
> > + * In rare cases, we need to pass existing Error object to the caller by hand:
> > + * error_propagate(errp, err);
> > + *
> > + * Pass an existing error to the caller with the message modified:
> > + * error_propagate_prepend(errp, err);
> > + *
> > + *
> > * Call a function ignoring errors:
> > * foo(arg, NULL);
> > *
> > @@ -78,26 +143,6 @@
> > * Call a function treating errors as fatal:
> > * foo(arg, &error_fatal);
> > *
> > - * Receive an error and pass it on to the caller:
> > - * Error *err = NULL;
> > - * foo(arg, &err);
> > - * if (err) {
> > - * handle the error...
> > - * error_propagate(errp, err);
> > - * }
> > - * where Error **errp is a parameter, by convention the last one.
> > - *
> > - * Do *not* "optimize" this to
> > - * foo(arg, errp);
> > - * if (*errp) { // WRONG!
> > - * handle the error...
> > - * }
> > - * because errp may be NULL!
> > - *
> > - * But when all you do with the error is pass it on, please use
> > - * foo(arg, errp);
> > - * for readability.
> > - *
> > * Receive and accumulate multiple errors (first one wins):
> > * Error *err = NULL, *local_err = NULL;
> > * foo(arg, &err);
> > @@ -114,6 +159,61 @@
> > * handle the error...
> > * }
> > * because this may pass a non-null err to bar().
> > + *
> > + * DEPRECATED*
> > + *
> > + * The following pattern of receiving, checking, and then forwarding an error
> > + * to the caller by hand is now deprecated:
> > + *
> > + * Error *err = NULL;
> > + * foo(arg, &err);
> > + * if (err) {
> > + * handle the error...
> > + * error_propagate(errp, err);
> > + * }
> > + *
> > + * Instead, use ERRP_AUTO_PROPAGATE macro.
> > + *
> > + * The old pattern is deprecated because of two things:
> > + *
> > + * 1. Issue with error_abort and error_propagate: when we wrap error_abort by
> > + * local_err+error_propagate, the resulting coredump will refer to
> > + * error_propagate and not to the place where error happened.
> > + *
> > + * 2. A lot of extra code of the same pattern
> > + *
> > + * How to update old code to use ERRP_AUTO_PROPAGATE?
> > + *
> > + * All you need is to add ERRP_AUTO_PROPAGATE() invocation at function start,
> > + * than you may safely dereference errp to check errors and do not need any
> > + * additional local Error variables or calls to error_propagate().
> > + *
> > + * Example:
> > + *
> > + * old code
> > + *
> > + * void fn(..., Error **errp) {
> > + * Error *err = NULL;
> > + * foo(arg, &err);
> > + * if (err) {
> > + * handle the error...
> > + * error_propagate(errp, err);
> > + * return;
> > + * }
> > + * ...
> > + * }
> > + *
> > + * updated code
> > + *
> > + * void fn(..., Error **errp) {
> > + * ERRP_AUTO_PROPAGATE();
> > + * foo(arg, errp);
> > + * if (*errp) {
> > + * handle the error...
> > + * return;
> > + * }
> > + * ...
> > + * }
> > */
> >
> > #ifndef ERROR_H
> > @@ -322,6 +422,47 @@ void error_set_internal(Error **errp,
> > ErrorClass err_class, const char *fmt, ...)
> > GCC_FMT_ATTR(6, 7);
> >
> > +typedef struct ErrorPropagator {
> > + Error *local_err;
> > + Error **errp;
> > +} ErrorPropagator;
> > +
> > +static inline void error_propagator_cleanup(ErrorPropagator *prop)
> > +{
> > + error_propagate(prop->errp, prop->local_err);
> > +}
> > +
> > +G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(ErrorPropagator, error_propagator_cleanup);
> > +
> > +/*
> > + * ERRP_AUTO_PROPAGATE
> > + *
> > + * This macro exists to assist with proper error handling in a function which
> > + * uses an Error **errp parameter. It must be used as the first line of a
> > + * function which modifies an error (with error_prepend, error_append_hint, or
> > + * similar) or which wants to dereference *errp. It is still safe (but
> > + * useless) to use in other functions.
> > + *
> > + * If errp is NULL or points to error_fatal, it is rewritten to point to a
> > + * local Error object, which will be automatically propagated to the original
> > + * errp on function exit (see error_propagator_cleanup).
> > + *
> > + * After invocation of this macro it is always safe to dereference errp
> > + * (as it's not NULL anymore) and to add information by error_prepend or
> > + * error_append_hint (as, if it was error_fatal, we swapped it with a
> > + * local_error to be propagated on cleanup).
> > + *
> > + * Note: we don't wrap the error_abort case, as we want resulting coredump
> > + * to point to the place where the error happened, not to error_propagate.
> > + */
> > +#define ERRP_AUTO_PROPAGATE() \
> > + g_auto(ErrorPropagator) _auto_errp_prop = {.errp = errp}; \
> > + do { \
> > + if (!errp || errp == &error_fatal) { \
> > + errp = &_auto_errp_prop.local_err; \
> > + } \
> > + } while (0)
> > +
> > /*
> > * Special error destination to abort on error.
> > * See error_setg() and error_propagate() for details.
> >
> >
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2020-06-15 6:44 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-11 13:40 [PATCH v3 0/4] spapr: Improve error reporting in spapr_caps.c Greg Kurz
2020-06-11 13:40 ` [PATCH v3 1/4] spapr: Simplify some warning printing paths " Greg Kurz
2020-06-11 14:37 ` Vladimir Sementsov-Ogievskiy
2020-06-11 15:33 ` Laurent Vivier
2020-06-12 9:46 ` David Gibson
2020-06-11 13:40 ` [PATCH v3 2/4] error: auto propagated local_err Greg Kurz
2020-06-13 7:12 ` David Gibson
2020-06-15 6:42 ` Greg Kurz [this message]
2020-06-11 13:40 ` [PATCH v3 3/4] spapr: Use error_append_hint() in spapr_caps.c Greg Kurz
2020-06-11 15:35 ` Laurent Vivier
2020-06-11 13:40 ` [PATCH v3 4/4] spapr: Forbid nested KVM-HV in pre-power9 compat mode Greg Kurz
2020-06-13 7:18 ` David Gibson
2020-06-15 9:20 ` Greg Kurz
2020-06-18 23:59 ` David Gibson
2020-07-03 14:19 ` Greg Kurz
2020-07-13 4:53 ` David Gibson
2020-07-15 11:14 ` Greg Kurz
2020-07-15 23:26 ` David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200615084257.6711e3e8@bahia.lan \
--to=groug@kaod.org \
--cc=armbru@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=lvivier@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=vsementsov@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).