Page MenuHomeFreeBSD
Differential D16835

KASSERT: Make runtime optionality optional
ClosedPublic
Actions

Authored by cem on Aug 21 2018, 7:37 PM.
Tags
None
Referenced Files
Unknown Object (File)
Dec 22 2023, 10:27 PM
Unknown Object (File)
Dec 22 2023, 12:34 AM
Unknown Object (File)
Nov 19 2023, 8:09 AM
Unknown Object (File)
Nov 17 2023, 8:03 AM
Unknown Object (File)
Nov 10 2023, 11:33 PM
Unknown Object (File)
Nov 8 2023, 11:38 PM
Unknown Object (File)
Oct 15 2023, 7:01 AM
Unknown Object (File)
Oct 13 2023, 7:04 AM
View All 18 Files
Subscribers
imp

Details

Reviewers
jhb
np
vangyzen
bdrewery
jtl
Commits
rS338214: KASSERT: Make runtime optionality optional
Summary

Add an option, KASSERT_PANIC_OPTIONAL, that allows runtime KASSERT() behavior
changes. When this option is not enabled, code that allows KASSERTs to become
optional is not enabled, and all violated assertions cause termination.

The runtime KASSERT behavior was added in r243980.

One important distinction here is that panic has dead2, while kassert_panic
(!KASSERT_PANIC_OPTIONAL) does not. Static analyzers like Coverity understand
dead2 ("attribute((noreturn))"). Without it, KASSERTs went misunderstood,
resulting in many false positives that resulted from violation of program
invariants.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

cem created this revision.Aug 21 2018, 7:37 PM
Herald added a subscriber: imp. · View Herald TranscriptAug 21 2018, 7:37 PM
Harbormaster completed remote builds in B19018: Diff 47061.Aug 21 2018, 7:37 PM
jtl accepted this revision.Aug 21 2018, 8:31 PM
This revision is now accepted and ready to land.Aug 21 2018, 8:31 PM
np accepted this revision.Aug 21 2018, 8:56 PM
jhb accepted this revision.Aug 22 2018, 7:41 AM
jhb added inline comments.
sys/sys/systm.h
216 ↗(On Diff #47061)

I would perhaps leave panic/vpanic here since we usually group function prototypes in a single place. kassert_panic() is the odd one out, but I don't feel strongly enough to suggest moving kassert_panic() down to here.

cem added inline comments.Aug 22 2018, 4:16 PM
sys/sys/systm.h
216 ↗(On Diff #47061)

Unfortunately, leaving them in place produced compiler warnings -> Werrors, at least with GCC xtoolchain.

Placing the definition of KASSERT lower requires even more restructuring to the file — the include sys/kpilite.h on line 113/120 invokes KASSERT, for example.

We could move the entire prototype table up, if that seems preferable, but again it's a much bigger change. Or would use some linker magic to have panic define an alias for kassert_panic? But I'm less keen on that.

vangyzen accepted this revision.Aug 22 2018, 6:50 PM
Closed by commit rS338214: KASSERT: Make runtime optionality optional (authored by cem). · Explain WhyAug 22 2018, 10:19 PM
This revision was automatically updated to reflect the committed changes.
cem added a comment.Aug 22 2018, 10:20 PM

Thanks everyone for reviewing.

sys/sys/systm.h
216 ↗(On Diff #47061)

I added an explanatory comment here in the committed version.

Revision Contents
Changeset List

PathSize
head/
sys/
conf/
8 lines
1 line
kern/
29 lines
sys/
16 lines

Diff 47133

View Options

head/sys/conf/NOTES

Loading...
View Options

head/sys/conf/options

Loading...
View Options

head/sys/kern/kern_shutdown.c

Loading...
View Options

head/sys/sys/systm.h

Loading...