2020-04-14 21:36:28 +03:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2020 iXsystems, Inc.
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
|
|
|
* $FreeBSD$
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Available Solaris debug functions. All of the ASSERT() macros will be
|
|
|
|
* compiled out when NDEBUG is defined, this is the default behavior for
|
|
|
|
* the SPL. To enable assertions use the --enable-debug with configure.
|
|
|
|
* The VERIFY() functions are never compiled out and cannot be disabled.
|
|
|
|
*
|
|
|
|
* PANIC() - Panic the node and print message.
|
|
|
|
* ASSERT() - Assert X is true, if not panic.
|
|
|
|
* ASSERT3B() - Assert boolean X OP Y is true, if not panic.
|
|
|
|
* ASSERT3S() - Assert signed X OP Y is true, if not panic.
|
|
|
|
* ASSERT3U() - Assert unsigned X OP Y is true, if not panic.
|
|
|
|
* ASSERT3P() - Assert pointer X OP Y is true, if not panic.
|
|
|
|
* ASSERT0() - Assert value is zero, if not panic.
|
|
|
|
* VERIFY() - Verify X is true, if not panic.
|
|
|
|
* VERIFY3B() - Verify boolean X OP Y is true, if not panic.
|
|
|
|
* VERIFY3S() - Verify signed X OP Y is true, if not panic.
|
|
|
|
* VERIFY3U() - Verify unsigned X OP Y is true, if not panic.
|
|
|
|
* VERIFY3P() - Verify pointer X OP Y is true, if not panic.
|
|
|
|
* VERIFY0() - Verify value is zero, if not panic.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _SPL_DEBUG_H
|
|
|
|
#define _SPL_DEBUG_H
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Common DEBUG functionality.
|
|
|
|
*/
|
2022-10-27 00:57:37 +03:00
|
|
|
#if defined(__COVERITY__) || defined(__clang_analyzer__)
|
|
|
|
__attribute__((__noreturn__))
|
|
|
|
#endif
|
Reduce false positives from Static Analyzers
Both Clang's Static Analyzer and Synopsys' Coverity would ignore
assertions. Following Clang's advice, we annotate our assertions:
https://clang-analyzer.llvm.org/annotations.html#custom_assertions
This makes both Clang's Static Analyzer and Coverity properly identify
assertions. This change reduced Clang's reported defects from 246 to
180. It also reduced the false positives reported by Coverityi by 10,
while enabling Coverity to find 9 more defects that previously were
false negatives.
A couple examples of this would be CID-1524417 and CID-1524423. After
submitting a build to coverity with the modified assertions, CID-1524417
disappeared while the report for CID-1524423 no longer claimed that the
assertion tripped.
Coincidentally, it turns out that it is possible to more accurately
annotate our headers than the Coverity modelling file permits in the
case of format strings. Since we can do that and this patch annotates
headers whenever `__coverity_panic__()` would have been used in the
model file, we drop all models that use `__coverity_panic__()` from the
model file.
Upon seeing the success in eliminating false positives involving
assertions, it occurred to me that we could also modify our headers to
eliminate coverity's false positives involving byte swaps. We now have
coverity specific byteswap macros, that do nothing, to disable
Coverity's false positives when we do byte swaps. This allowed us to
also drop the byteswap definitions from the model file.
Lastly, a model file update has been done beyond the mentioned
deletions:
* The definitions of `umem_alloc_aligned()`, `umem_alloc()` andi
`umem_zalloc()` were originally implemented in a way that was
intended to inform coverity that when KM_SLEEP has been passed these
functions, they do not return NULL. A small error in how this was
done was found, so we correct it.
* Definitions for umem_cache_alloc() and umem_cache_free() have been
added.
In practice, no false positives were avoided by making these changes,
but in the interest of correctness from future coverity builds, we make
them anyway.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #13902
2022-10-01 01:30:12 +03:00
|
|
|
extern void spl_panic(const char *file, const char *func, int line,
|
|
|
|
const char *fmt, ...) __attribute__((__noreturn__));
|
|
|
|
extern void spl_dumpstack(void);
|
|
|
|
|
|
|
|
static inline int
|
|
|
|
spl_assert(const char *buf, const char *file, const char *func, int line)
|
|
|
|
{
|
|
|
|
spl_panic(file, func, line, "%s", buf);
|
|
|
|
return (0);
|
|
|
|
}
|
2020-04-14 21:36:28 +03:00
|
|
|
|
|
|
|
#ifndef expect
|
|
|
|
#define expect(expr, value) (__builtin_expect((expr), (value)))
|
|
|
|
#endif
|
|
|
|
#define likely(expr) expect((expr) != 0, 1)
|
|
|
|
#define unlikely(expr) expect((expr) != 0, 0)
|
|
|
|
|
|
|
|
#define PANIC(fmt, a...) \
|
|
|
|
spl_panic(__FILE__, __FUNCTION__, __LINE__, fmt, ## a)
|
|
|
|
|
2022-01-21 19:07:15 +03:00
|
|
|
#define VERIFY(cond) \
|
|
|
|
(void) (unlikely(!(cond)) && \
|
Reduce false positives from Static Analyzers
Both Clang's Static Analyzer and Synopsys' Coverity would ignore
assertions. Following Clang's advice, we annotate our assertions:
https://clang-analyzer.llvm.org/annotations.html#custom_assertions
This makes both Clang's Static Analyzer and Coverity properly identify
assertions. This change reduced Clang's reported defects from 246 to
180. It also reduced the false positives reported by Coverityi by 10,
while enabling Coverity to find 9 more defects that previously were
false negatives.
A couple examples of this would be CID-1524417 and CID-1524423. After
submitting a build to coverity with the modified assertions, CID-1524417
disappeared while the report for CID-1524423 no longer claimed that the
assertion tripped.
Coincidentally, it turns out that it is possible to more accurately
annotate our headers than the Coverity modelling file permits in the
case of format strings. Since we can do that and this patch annotates
headers whenever `__coverity_panic__()` would have been used in the
model file, we drop all models that use `__coverity_panic__()` from the
model file.
Upon seeing the success in eliminating false positives involving
assertions, it occurred to me that we could also modify our headers to
eliminate coverity's false positives involving byte swaps. We now have
coverity specific byteswap macros, that do nothing, to disable
Coverity's false positives when we do byte swaps. This allowed us to
also drop the byteswap definitions from the model file.
Lastly, a model file update has been done beyond the mentioned
deletions:
* The definitions of `umem_alloc_aligned()`, `umem_alloc()` andi
`umem_zalloc()` were originally implemented in a way that was
intended to inform coverity that when KM_SLEEP has been passed these
functions, they do not return NULL. A small error in how this was
done was found, so we correct it.
* Definitions for umem_cache_alloc() and umem_cache_free() have been
added.
In practice, no false positives were avoided by making these changes,
but in the interest of correctness from future coverity builds, we make
them anyway.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #13902
2022-10-01 01:30:12 +03:00
|
|
|
spl_assert("VERIFY(" #cond ") failed\n", \
|
|
|
|
__FILE__, __FUNCTION__, __LINE__))
|
2020-04-14 21:36:28 +03:00
|
|
|
|
2022-01-21 19:07:15 +03:00
|
|
|
#define VERIFY3B(LEFT, OP, RIGHT) do { \
|
2021-03-12 04:16:09 +03:00
|
|
|
const boolean_t _verify3_left = (boolean_t)(LEFT); \
|
2022-01-21 19:07:15 +03:00
|
|
|
const boolean_t _verify3_right = (boolean_t)(RIGHT); \
|
2021-03-12 04:16:09 +03:00
|
|
|
if (unlikely(!(_verify3_left OP _verify3_right))) \
|
2020-04-14 21:36:28 +03:00
|
|
|
spl_panic(__FILE__, __FUNCTION__, __LINE__, \
|
|
|
|
"VERIFY3(" #LEFT " " #OP " " #RIGHT ") " \
|
2022-01-21 19:07:15 +03:00
|
|
|
"failed (%d " #OP " %d)\n", \
|
|
|
|
(boolean_t)(_verify3_left), \
|
|
|
|
(boolean_t)(_verify3_right)); \
|
2020-04-14 21:36:28 +03:00
|
|
|
} while (0)
|
|
|
|
|
2022-01-21 19:07:15 +03:00
|
|
|
#define VERIFY3S(LEFT, OP, RIGHT) do { \
|
2021-03-12 04:16:09 +03:00
|
|
|
const int64_t _verify3_left = (int64_t)(LEFT); \
|
|
|
|
const int64_t _verify3_right = (int64_t)(RIGHT); \
|
|
|
|
if (unlikely(!(_verify3_left OP _verify3_right))) \
|
2020-04-14 21:36:28 +03:00
|
|
|
spl_panic(__FILE__, __FUNCTION__, __LINE__, \
|
|
|
|
"VERIFY3(" #LEFT " " #OP " " #RIGHT ") " \
|
2022-01-21 19:07:15 +03:00
|
|
|
"failed (%lld " #OP " %lld)\n", \
|
|
|
|
(long long) (_verify3_left), \
|
|
|
|
(long long) (_verify3_right)); \
|
2020-04-14 21:36:28 +03:00
|
|
|
} while (0)
|
|
|
|
|
2022-01-21 19:07:15 +03:00
|
|
|
#define VERIFY3U(LEFT, OP, RIGHT) do { \
|
2021-03-12 04:16:09 +03:00
|
|
|
const uint64_t _verify3_left = (uint64_t)(LEFT); \
|
|
|
|
const uint64_t _verify3_right = (uint64_t)(RIGHT); \
|
|
|
|
if (unlikely(!(_verify3_left OP _verify3_right))) \
|
2020-04-14 21:36:28 +03:00
|
|
|
spl_panic(__FILE__, __FUNCTION__, __LINE__, \
|
|
|
|
"VERIFY3(" #LEFT " " #OP " " #RIGHT ") " \
|
2022-01-21 19:07:15 +03:00
|
|
|
"failed (%llu " #OP " %llu)\n", \
|
|
|
|
(unsigned long long) (_verify3_left), \
|
|
|
|
(unsigned long long) (_verify3_right)); \
|
2020-04-14 21:36:28 +03:00
|
|
|
} while (0)
|
|
|
|
|
2022-01-21 19:07:15 +03:00
|
|
|
#define VERIFY3P(LEFT, OP, RIGHT) do { \
|
2021-03-12 04:16:09 +03:00
|
|
|
const uintptr_t _verify3_left = (uintptr_t)(LEFT); \
|
2022-01-21 19:07:15 +03:00
|
|
|
const uintptr_t _verify3_right = (uintptr_t)(RIGHT); \
|
2021-03-12 04:16:09 +03:00
|
|
|
if (unlikely(!(_verify3_left OP _verify3_right))) \
|
2020-04-14 21:36:28 +03:00
|
|
|
spl_panic(__FILE__, __FUNCTION__, __LINE__, \
|
|
|
|
"VERIFY3(" #LEFT " " #OP " " #RIGHT ") " \
|
2022-01-21 19:07:15 +03:00
|
|
|
"failed (%px " #OP " %px)\n", \
|
|
|
|
(void *) (_verify3_left), \
|
|
|
|
(void *) (_verify3_right)); \
|
2020-04-14 21:36:28 +03:00
|
|
|
} while (0)
|
|
|
|
|
2022-01-21 19:07:15 +03:00
|
|
|
#define VERIFY0(RIGHT) do { \
|
|
|
|
const int64_t _verify3_left = (int64_t)(0); \
|
2021-03-12 04:16:09 +03:00
|
|
|
const int64_t _verify3_right = (int64_t)(RIGHT); \
|
|
|
|
if (unlikely(!(_verify3_left == _verify3_right))) \
|
2020-04-14 21:36:28 +03:00
|
|
|
spl_panic(__FILE__, __FUNCTION__, __LINE__, \
|
2022-01-21 19:07:15 +03:00
|
|
|
"VERIFY3(0 == " #RIGHT ") " \
|
|
|
|
"failed (0 == %lld)\n", \
|
|
|
|
(long long) (_verify3_right)); \
|
2020-04-14 21:36:28 +03:00
|
|
|
} while (0)
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Debugging disabled (--disable-debug)
|
|
|
|
*/
|
|
|
|
#ifdef NDEBUG
|
|
|
|
|
libspl: cast to uintptr_t instead of !!ing
This led to these two warning types:
debug.h:139:67: warning: the address of ‘ARC_anon’
will always evaluate as ‘true’ [-Waddress]
139 | #define ASSERT3P(x, y, z)
((void) sizeof (!!(x)), (void) sizeof (!!(z)))
| ^
arc.c:1591:2: note: in expansion of macro ‘ASSERT3P’
1591 | ASSERT3P(hdr->b_l1hdr.b_state, ==, arc_anon);
| ^~~~~~~~
and
arc.h:66:44: warning: ‘<<’ in boolean context,
did you mean ‘<’? [-Wint-in-bool-context]
66 | #define HDR_GET_LSIZE(hdr)
((hdr)->b_lsize << SPA_MINBLOCKSHIFT)
debug.h:138:46: note: in definition of macro ‘ASSERT3U’
138 | #define ASSERT3U(x, y, z)
((void) sizeof (!!(x)), (void) sizeof (!!(z)))
| ^
arc.c:1760:12: note: in expansion of macro ‘HDR_GET_LSIZE’
1760 | ASSERT3U(HDR_GET_LSIZE(hdr), !=, 0);
| ^~~~~~~~~~~~~
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #13009
2022-01-25 04:05:42 +03:00
|
|
|
#define ASSERT(x) ((void) sizeof ((uintptr_t)(x)))
|
|
|
|
#define ASSERT3B(x, y, z) \
|
|
|
|
((void) sizeof ((uintptr_t)(x)), (void) sizeof ((uintptr_t)(z)))
|
|
|
|
#define ASSERT3S(x, y, z) \
|
|
|
|
((void) sizeof ((uintptr_t)(x)), (void) sizeof ((uintptr_t)(z)))
|
|
|
|
#define ASSERT3U(x, y, z) \
|
|
|
|
((void) sizeof ((uintptr_t)(x)), (void) sizeof ((uintptr_t)(z)))
|
|
|
|
#define ASSERT3P(x, y, z) \
|
|
|
|
((void) sizeof ((uintptr_t)(x)), (void) sizeof ((uintptr_t)(z)))
|
|
|
|
#define ASSERT0(x) ((void) sizeof ((uintptr_t)(x)))
|
|
|
|
#define IMPLY(A, B) \
|
|
|
|
((void) sizeof ((uintptr_t)(A)), (void) sizeof ((uintptr_t)(B)))
|
|
|
|
#define EQUIV(A, B) \
|
|
|
|
((void) sizeof ((uintptr_t)(A)), (void) sizeof ((uintptr_t)(B)))
|
2020-04-14 21:36:28 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Debugging enabled (--enable-debug)
|
|
|
|
*/
|
|
|
|
#else
|
|
|
|
|
|
|
|
#define ASSERT3B VERIFY3B
|
|
|
|
#define ASSERT3S VERIFY3S
|
|
|
|
#define ASSERT3U VERIFY3U
|
|
|
|
#define ASSERT3P VERIFY3P
|
|
|
|
#define ASSERT0 VERIFY0
|
|
|
|
#define ASSERT VERIFY
|
|
|
|
#define IMPLY(A, B) \
|
Reduce false positives from Static Analyzers
Both Clang's Static Analyzer and Synopsys' Coverity would ignore
assertions. Following Clang's advice, we annotate our assertions:
https://clang-analyzer.llvm.org/annotations.html#custom_assertions
This makes both Clang's Static Analyzer and Coverity properly identify
assertions. This change reduced Clang's reported defects from 246 to
180. It also reduced the false positives reported by Coverityi by 10,
while enabling Coverity to find 9 more defects that previously were
false negatives.
A couple examples of this would be CID-1524417 and CID-1524423. After
submitting a build to coverity with the modified assertions, CID-1524417
disappeared while the report for CID-1524423 no longer claimed that the
assertion tripped.
Coincidentally, it turns out that it is possible to more accurately
annotate our headers than the Coverity modelling file permits in the
case of format strings. Since we can do that and this patch annotates
headers whenever `__coverity_panic__()` would have been used in the
model file, we drop all models that use `__coverity_panic__()` from the
model file.
Upon seeing the success in eliminating false positives involving
assertions, it occurred to me that we could also modify our headers to
eliminate coverity's false positives involving byte swaps. We now have
coverity specific byteswap macros, that do nothing, to disable
Coverity's false positives when we do byte swaps. This allowed us to
also drop the byteswap definitions from the model file.
Lastly, a model file update has been done beyond the mentioned
deletions:
* The definitions of `umem_alloc_aligned()`, `umem_alloc()` andi
`umem_zalloc()` were originally implemented in a way that was
intended to inform coverity that when KM_SLEEP has been passed these
functions, they do not return NULL. A small error in how this was
done was found, so we correct it.
* Definitions for umem_cache_alloc() and umem_cache_free() have been
added.
In practice, no false positives were avoided by making these changes,
but in the interest of correctness from future coverity builds, we make
them anyway.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #13902
2022-10-01 01:30:12 +03:00
|
|
|
((void)(likely((!(A)) || (B)) || \
|
|
|
|
spl_assert("(" #A ") implies (" #B ")", \
|
|
|
|
__FILE__, __FUNCTION__, __LINE__)))
|
2020-04-14 21:36:28 +03:00
|
|
|
#define EQUIV(A, B) \
|
Reduce false positives from Static Analyzers
Both Clang's Static Analyzer and Synopsys' Coverity would ignore
assertions. Following Clang's advice, we annotate our assertions:
https://clang-analyzer.llvm.org/annotations.html#custom_assertions
This makes both Clang's Static Analyzer and Coverity properly identify
assertions. This change reduced Clang's reported defects from 246 to
180. It also reduced the false positives reported by Coverityi by 10,
while enabling Coverity to find 9 more defects that previously were
false negatives.
A couple examples of this would be CID-1524417 and CID-1524423. After
submitting a build to coverity with the modified assertions, CID-1524417
disappeared while the report for CID-1524423 no longer claimed that the
assertion tripped.
Coincidentally, it turns out that it is possible to more accurately
annotate our headers than the Coverity modelling file permits in the
case of format strings. Since we can do that and this patch annotates
headers whenever `__coverity_panic__()` would have been used in the
model file, we drop all models that use `__coverity_panic__()` from the
model file.
Upon seeing the success in eliminating false positives involving
assertions, it occurred to me that we could also modify our headers to
eliminate coverity's false positives involving byte swaps. We now have
coverity specific byteswap macros, that do nothing, to disable
Coverity's false positives when we do byte swaps. This allowed us to
also drop the byteswap definitions from the model file.
Lastly, a model file update has been done beyond the mentioned
deletions:
* The definitions of `umem_alloc_aligned()`, `umem_alloc()` andi
`umem_zalloc()` were originally implemented in a way that was
intended to inform coverity that when KM_SLEEP has been passed these
functions, they do not return NULL. A small error in how this was
done was found, so we correct it.
* Definitions for umem_cache_alloc() and umem_cache_free() have been
added.
In practice, no false positives were avoided by making these changes,
but in the interest of correctness from future coverity builds, we make
them anyway.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #13902
2022-10-01 01:30:12 +03:00
|
|
|
((void)(likely(!!(A) == !!(B)) || \
|
|
|
|
spl_assert("(" #A ") is equivalent to (" #B ")", \
|
|
|
|
__FILE__, __FUNCTION__, __LINE__)))
|
|
|
|
|
2020-04-14 21:36:28 +03:00
|
|
|
|
|
|
|
#endif /* NDEBUG */
|
|
|
|
|
|
|
|
#endif /* SPL_DEBUG_H */
|