OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
qemu-e2k/include/qemu
History
Eric Blake 262a69f428 osdep.h: Prohibit disabling assert() in supported builds 
We already have several files that knowingly require assert()
to work, sometimes because refactoring the code for proper
error handling has not been tackled yet; there are probably
other files that have a similar situation but with no comments
documenting the same.  In fact, we have places in migration
that handle untrusted input with assertions, where disabling
the assertions risks a worse security hole than the current
behavior of losing the guest to SIGABRT when migration fails
because of the assertion.  Promote our current per-file
safety-valve to instead be project-wide, and expand it to also
cover glib's g_assert().

Note that we do NOT want to encourage 'assert(side-effects);'
(that is a bad practice that prevents copy-and-paste of code to
other projects that CAN disable assertions; plus it costs
unnecessary reviewer mental cycles to remember whether a project
special-cases the crippling of asserts); and we would LIKE to
fix migration to not rely on asserts (but that takes a big code
audit).  But in the meantime, we DO want to send a message
that anyone that disables assertions has to tweak code in order
to compile, making it obvious that they are taking on additional
risk that we are not going to support.  At the same time, leave
comments mentioning NDEBUG in files that we know still need to
be scrubbed, so there is at least something to grep for.

It would be possible to come up with some other mechanism for
doing runtime checking by default, but which does not abort
the program on failure, while leaving side effects in place
(unlike how crippling assert() avoids even the side effects),
perhaps under the name q_verify(); but it was not deemed worth
the effort (developers should not have to learn a replacement
when the standard C macro works just fine, and it would be a lot
of churn for little gain).  The patch specifically uses #error
rather than #warn so that a user is forced to tweak the header
to acknowledge the issue, even when not using a -Werror
compilation.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>

Message-Id: <20170911211320.25385-1-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 		2017-09-19 16:20:49 +02:00
..
acl.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
atomic.h docs: fix broken paths to docs/devel/atomics.txt 2017-07-31 13:12:47 +03:00
base64.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
bcd.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
bitmap.h bitmap: add bitmap_copy_and_clear_atomic 2017-04-24 10:12:28 +02:00
bitops.h vnc: replace hweight_long() with ctpopl() 2017-05-12 12:36:02 +02:00
bswap.h bswap.h: Document cpu_to_* and *_to_cpu conversion functions 2016-07-12 15:08:53 +01:00
buffer.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
compiler.h use _Static_assert in QEMU_BUILD_BUG_ON 2017-05-05 12:09:59 +02:00
config-file.h arch_init: Remove unnecessary default_config_files table 2017-01-23 21:25:36 -02:00
coroutine.h coroutine-lock: add qemu_co_rwlock_downgrade and qemu_co_rwlock_upgrade 2017-07-17 11:28:15 +08:00
coroutine_int.h aio: introduce aio_co_schedule and aio_co_wake 2017-02-21 11:14:07 +00:00
cpuid.h util: Introduce include/qemu/cpuid.h 2017-07-24 12:42:55 +01:00
crc32c.h
cutils.h util/cutils: Change qemu_strtosz*() from int64_t to uint64_t 2017-02-23 20:35:36 +01:00
envlist.h
error-report.h error: Functions to report warnings and informational messages 2017-07-13 13:49:54 +02:00
event_notifier.h event_notifier: cleanups around event_notifier_set_handler 2017-01-16 17:52:35 +01:00
fifo8.h Clean up header guards that don't match their file name 2016-07-12 16:19:16 +02:00
fifo32.h hw: Clean up includes 2016-06-07 18:19:23 +03:00
fprintf-fn.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
futex.h qemu-thread: optimize QemuLockCnt with futexes on Linux 2017-01-16 13:25:18 +00:00
hbitmap.h qmp: add x-debug-block-dirty-bitmap-sha256 2017-07-11 17:44:59 +02:00
help_option.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
host-utils.h host-utils: Simplify pow2ceil() 2017-09-06 14:38:03 +01:00
id.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
int128.h tcg: Add atomic128 helpers 2016-10-26 08:29:01 -07:00
iov.h tests: Use real size for iov tests 2017-09-05 22:34:40 +02:00
jhash.h Jhash: add linux kernel jhashtable in qemu 2016-09-27 17:54:21 +08:00
log.h log: Add locking to large logging blocks 2016-11-01 10:29:03 -06:00
main-loop.h main_loop: Make main_loop_wait() return void 2017-07-04 14:39:28 +02:00
memfd.h include: Clean up includes 2016-02-23 12:43:05 +00:00
mmap-alloc.h exec, kvm, target-ppc: Move getrampagesize() to common code 2017-03-03 11:30:59 +11:00
module.h qmp: Dumb down how we run QMP command registration 2017-03-05 09:02:10 +01:00
notify.h
option.h keyval: New keyval_parse() 2017-03-07 16:07:46 +01:00
option_int.h Clean up header guards that don't match their file name 2016-07-12 16:19:16 +02:00
osdep.h osdep.h: Prohibit disabling assert() in supported builds 2017-09-19 16:20:49 +02:00
path.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
processor.h include/processor.h: define cpu_relax() 2016-06-11 23:10:17 +00:00
qdist.h clean-includes: run it once more 2016-06-16 18:39:03 +02:00
qht.h include: Fix typos found by codespell 2017-01-24 23:26:52 +03:00
queue.h migration: migrate QTAILQ 2017-01-24 17:54:47 +00:00
range.h range: Replace internal representation of Range 2016-07-04 16:49:33 +03:00
ratelimit.h blockjob: Track job ratelimits via bytes, not sectors 2017-07-10 13:18:06 +02:00
rcu.h Revert "rcu: do not create thread in pthread_atfork callback" 2017-08-08 10:40:19 +02:00
rcu_queue.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
readline.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
seqlock.h seqlock: use atomic writes for the sequence 2016-10-04 10:00:26 +02:00
sockets.h net/net: Convert parse_host_port() to Error 2017-09-08 08:17:37 +08:00
stats64.h util: add stats64 module 2017-06-16 07:55:00 +08:00
systemd.h qemu-ga: obey LISTEN_PID when using systemd socket activation 2017-03-19 11:12:12 +01:00
thread-posix.h qemu-thread: Assert locks are initialized before using 2017-07-04 14:39:28 +02:00
thread-win32.h qemu-thread: Assert locks are initialized before using 2017-07-04 14:39:28 +02:00
thread.h qemu-thread: optimize QemuLockCnt with futexes on Linux 2017-01-16 13:25:18 +00:00
throttle-options.h block: add throttle block filter driver 2017-09-06 10:12:02 +02:00
throttle.h block: convert ThrottleGroup to object with QOM 2017-09-05 18:12:21 +02:00
timed-average.h include: Clean up includes 2016-02-23 12:43:05 +00:00
timer.h timer.h: Provide better monotonic time 2017-06-13 14:56:59 +01:00
typedefs.h hmp: extend "info numa" with hotplugged memory information 2017-09-14 15:52:10 +01:00
unicode.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
uri.h Remove unused function declarations 2016-09-15 15:32:22 +03:00
uuid.h vl: Switch qemu_uuid to QemuUUID 2016-09-23 11:42:52 +08:00
xattr.h include: Fix typos found by codespell 2017-01-24 23:26:52 +03:00