From patchwork Tue Apr 15 20:17:10 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Mike Holmes X-Patchwork-Id: 28423 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-yk0-f200.google.com (mail-yk0-f200.google.com [209.85.160.200]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id F1C742036A for ; Tue, 15 Apr 2014 20:17:41 +0000 (UTC) Received: by mail-yk0-f200.google.com with SMTP id q9sf22264044ykb.7 for ; Tue, 15 Apr 2014 13:17:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:mime-version:subject:precedence:list-id:list-unsubscribe :list-archive:list-post:list-help:list-subscribe:errors-to:sender :x-original-sender:x-original-authentication-results:mailing-list :content-type:content-transfer-encoding; bh=ahxb3DI4njUUZtibffgA9lnIh1LG2VThCuferI4JoDE=; b=Vj7XkUcezUt4/cdgnn4V4v3cTEq+2L/0tAxzbUD4ZFiKATKFnG4HJEkcw10y/1G+rP 6doF/eul0Q5qbIrl2iXgRvug4RnHKM8KLg6m9gMGS1/MQct5GEdBu+2OR3ACks9+f/EY uZM5KGClOACnFr5jEXHwTN2d01g3pCmZp7YnCmaHhr4ifh3VNoleNf3utiiCiiyjfDgv zg4akqymWares8vqr5NGOtL03pPd037tjGc5tzm1gWyy8KZGl3T3sjqRQVUk7fe0IHi5 sVzTfnqDXmtaXmTLm1MDd3UJLTyAOiR8pBsEtOPOVotUJfchJvhtx4x59335zCbSnCuZ onog== X-Gm-Message-State: ALoCoQlh7A6LRxCewBQpSQxY2/TuODkkb+Bc4SFJmXM/bnyxNxVjil3XFZwNgQrB1rwgFMgetTQI X-Received: by 10.58.30.78 with SMTP id q14mr1734594veh.10.1397593061663; Tue, 15 Apr 2014 13:17:41 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.34.233 with SMTP id l96ls315669qgl.90.gmail; Tue, 15 Apr 2014 13:17:41 -0700 (PDT) X-Received: by 10.220.147.16 with SMTP id j16mr2912837vcv.14.1397593061557; Tue, 15 Apr 2014 13:17:41 -0700 (PDT) Received: from mail-vc0-f176.google.com (mail-vc0-f176.google.com [209.85.220.176]) by mx.google.com with ESMTPS id m3si3601484vcr.23.2014.04.15.13.17.41 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 15 Apr 2014 13:17:41 -0700 (PDT) Received-SPF: neutral (google.com: 209.85.220.176 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.220.176; Received: by mail-vc0-f176.google.com with SMTP id lc6so9778997vcb.35 for ; Tue, 15 Apr 2014 13:17:41 -0700 (PDT) X-Received: by 10.221.22.71 with SMTP id qv7mr1817800vcb.34.1397593061424; Tue, 15 Apr 2014 13:17:41 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.220.221.72 with SMTP id ib8csp259438vcb; Tue, 15 Apr 2014 13:17:40 -0700 (PDT) X-Received: by 10.140.106.195 with SMTP id e61mr5439834qgf.66.1397593060837; Tue, 15 Apr 2014 13:17:40 -0700 (PDT) Received: from ip-10-141-164-156.ec2.internal (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTPS id m6si8553210qay.172.2014.04.15.13.17.40 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 15 Apr 2014 13:17:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Received: from localhost ([127.0.0.1] helo=ip-10-141-164-156.ec2.internal) by ip-10-141-164-156.ec2.internal with esmtp (Exim 4.76) (envelope-from ) id 1Wa9nO-00023z-Fa; Tue, 15 Apr 2014 20:17:30 +0000 Received: from mail-qa0-f48.google.com ([209.85.216.48]) by ip-10-141-164-156.ec2.internal with esmtp (Exim 4.76) (envelope-from ) id 1Wa9nF-00023Z-4R for lng-odp@lists.linaro.org; Tue, 15 Apr 2014 20:17:21 +0000 Received: by mail-qa0-f48.google.com with SMTP id s7so9287275qap.35 for ; Tue, 15 Apr 2014 13:17:25 -0700 (PDT) X-Received: by 10.224.160.206 with SMTP id o14mr453962qax.44.1397593045284; Tue, 15 Apr 2014 13:17:25 -0700 (PDT) Received: from fedora1.holmesfamily.ws (c-98-221-136-245.hsd1.nj.comcast.net. [98.221.136.245]) by mx.google.com with ESMTPSA id r5sm39241093qaj.24.2014.04.15.13.17.23 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 Apr 2014 13:17:24 -0700 (PDT) From: Mike Holmes To: lng-odp@lists.linaro.org Date: Tue, 15 Apr 2014 16:17:10 -0400 Message-Id: <1397593031-38578-2-git-send-email-mike.holmes@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1397593031-38578-1-git-send-email-mike.holmes@linaro.org> References: <1397593031-38578-1-git-send-email-mike.holmes@linaro.org> MIME-Version: 1.0 Subject: [lng-odp] [PATCH 1/2] exception handling X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: lng-odp-bounces@lists.linaro.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: mike.holmes@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.220.176 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 Signed-off-by: Mike Holmes --- exception_handling.dox | 115 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 exception_handling.dox diff --git a/exception_handling.dox b/exception_handling.dox new file mode 100644 index 0000000..d03d87a --- /dev/null +++ b/exception_handling.dox @@ -0,0 +1,115 @@ +/* +Copyright (c) 2014, Linaro Limited +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright notice, this + list of conditions and the following disclaimer in the documentation and/or + other materials provided with the distribution. + + * Neither the name of Linaro Limited nor the names of its contributors may be + used to endorse or promote products derived from this software without specific + prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/** +@page exception_handling Exception handling in the ODP API +@tableofcontents + +For the implimentation of the exception handling please see @ref odp_debug.h + +@section requirements Requirements +- Minimal overhead in a finished running system. +- Minimizing the propagation of an error from its point of origin +- Identifying what is a programming error +- Identifying a legitimate infield exception +- We only specify what happens inside the ODP library, not in a calling application + +There are two kinds of exceptional behaviour, +-# Run time exceptions, those that are unusual but foreseeable cases in a running system (out of memory) +-# Programming exceptions, those introduced as bugs (null pointers, out of bounds). + +@section run_time Run time exceptions +These are characterized by the following rules in order of importance +-# These must gracefully leave the system in a known stable state. +-# These checks must remain unconditionally in the code base. +-# These should return the error state to the caller. +-# They may emit an error message via \ref ODP_ERR which can be redefined or disabled. + +@subsection run_time_examples Examples +- Being "too late" to cancel a timer that's already popped, or exceeding some implementation-defined limit +- Backpressure due to resource limits (corner case that is error-prone) +- Checks for any condition that could arise in the field, e.g. running out of buffers or failure to allocate memory +@code + +if (unrecoverable_out_of_foos == 1) +{ + ODP_ERR("Completely unable to proceed, no foos available"); + tidy_op_for_exit(); + ... +} + +@endcode +@note ODP does not trap segfaults, it may not be checking for NULL pointers etc to improve the execution speed. The application should trap segfaults. + +@section programming_exceptions Programming exceptions +There are two classes of programming error +-# Compile time, these can be caught by compile time assertions in the preprocessor +-# Run Time, these are run time assertions + +@section compile_time Compile time programming exceptions +These have the following rules +-# Zero overhead at run time, they never need to be turned off (undefined) +-# Use @#error which will break the build, or @#warning which may not break the build unless -Werror is defined. +-# Can be done for any static evaluation case. + +@subsection compile_time_examples Examples +Checking size and alignment of a struct with offsetof + +@code +typedef struct timer timer;} +struct timer +{ + uint8_t MODE; + uint32_t DATA; + uint32_t COUNT; +}; + + +#if (offsetof(timer, DATA) != 4)} +#error DATA must be at offset 4 in timer +#endif +@endcode + +@section compile_run_time Run time programming exceptions +There are two rules +-# These must be capable of being turned off with -DNDEBUG +-# They must use ODP_ASSERT so that the output may be redirected on systems without stderr. + +@subsection compile_run_time_examples Examples +Checks that the API function arguments are within the permitted value range (e.g. handle validation + +@code +void odp_foo(char *pointer) +{ + ODP_ASSERT(pointer != NULL); + … +} +@endcode +*/