From patchwork Tue Apr 22 19:26:00 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Mike Holmes X-Patchwork-Id: 28829 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-pa0-f69.google.com (mail-pa0-f69.google.com [209.85.220.69]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 083C9203AC for ; Tue, 22 Apr 2014 19:26:36 +0000 (UTC) Received: by mail-pa0-f69.google.com with SMTP id fb1sf25668539pad.4 for ; Tue, 22 Apr 2014 12:26:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:mime-version:subject:precedence:list-id:list-unsubscribe :list-archive:list-post:list-help:list-subscribe:errors-to:sender :x-original-sender:x-original-authentication-results:mailing-list :content-type:content-transfer-encoding; bh=qU/BDYpEQpee+gDNo6xhbQCvSgAB9ZN08bE2lUKqAbI=; b=X8kPOd+8rySqhD7vxhMUqF8LgcTp4Urwy5OZMs3XLnzQMswj7Uvitf4kcgQ4WRDLNP FMSOa6vaeLv0JthiMZByD7M57WnlDvk9zTRQ/pmzVL0Q9r4JKeNSHPAdkYQJon3ledeH BOcJDugVnVfwrUVsWpkVnwEWof7O2Z/5bdI4ggBUYdAVKcvmQuGjXnvr1csMC0JcGM73 V06CBWErc+wmEAoVGGYHo+yDgqowxystFv68QDwM8LbeqKysGYTi12nN4A+CZ45Lemx4 h2tk5eL15NII/U41xzFExT1dO2c9oOrX3vPp9UjKxB8EWTw5/FezXh+HFVkJ8PBxjUsm 5vvA== X-Gm-Message-State: ALoCoQnUoIqmqZmnEDO09G2ZZz45+2Qgw20fGmNZZf59cYQeNJedIT1XguGxytW61k1frkErTtEu X-Received: by 10.68.197.73 with SMTP id is9mr23244792pbc.0.1398194795976; Tue, 22 Apr 2014 12:26:35 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.40.209 with SMTP id x75ls250773qgx.46.gmail; Tue, 22 Apr 2014 12:26:35 -0700 (PDT) X-Received: by 10.52.65.165 with SMTP id y5mr1206066vds.51.1398194795801; Tue, 22 Apr 2014 12:26:35 -0700 (PDT) Received: from mail-ve0-f177.google.com (mail-ve0-f177.google.com [209.85.128.177]) by mx.google.com with ESMTPS id ui2si7057072vdc.82.2014.04.22.12.26.35 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 22 Apr 2014 12:26:35 -0700 (PDT) Received-SPF: neutral (google.com: 209.85.128.177 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.128.177; Received: by mail-ve0-f177.google.com with SMTP id sa20so9995101veb.36 for ; Tue, 22 Apr 2014 12:26:35 -0700 (PDT) X-Received: by 10.58.122.164 with SMTP id lt4mr41391221veb.2.1398194795708; Tue, 22 Apr 2014 12:26:35 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.220.221.72 with SMTP id ib8csp49309vcb; Tue, 22 Apr 2014 12:26:35 -0700 (PDT) X-Received: by 10.140.91.228 with SMTP id z91mr54275842qgd.38.1398194794034; Tue, 22 Apr 2014 12:26:34 -0700 (PDT) Received: from ip-10-141-164-156.ec2.internal (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTPS id j6si6916757qan.32.2014.04.22.12.26.33 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 22 Apr 2014 12:26:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Received: from localhost ([127.0.0.1] helo=ip-10-141-164-156.ec2.internal) by ip-10-141-164-156.ec2.internal with esmtp (Exim 4.76) (envelope-from ) id 1WcgKb-00008h-DJ; Tue, 22 Apr 2014 19:26:13 +0000 Received: from mail-qc0-f177.google.com ([209.85.216.177]) by ip-10-141-164-156.ec2.internal with esmtp (Exim 4.76) (envelope-from ) id 1WcgKO-00008E-NP for lng-odp@lists.linaro.org; Tue, 22 Apr 2014 19:26:00 +0000 Received: by mail-qc0-f177.google.com with SMTP id w7so5861182qcr.22 for ; Tue, 22 Apr 2014 12:26:15 -0700 (PDT) X-Received: by 10.224.166.210 with SMTP id n18mr52581443qay.6.1398194775114; Tue, 22 Apr 2014 12:26:15 -0700 (PDT) Received: from fedora1.holmesfamily.ws (c-98-221-136-245.hsd1.nj.comcast.net. [98.221.136.245]) by mx.google.com with ESMTPSA id n3sm66122308qaf.36.2014.04.22.12.26.14 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 22 Apr 2014 12:26:14 -0700 (PDT) From: Mike Holmes To: lng-odp@lists.linaro.org Date: Tue, 22 Apr 2014 15:26:00 -0400 Message-Id: <1398194761-31344-2-git-send-email-mike.holmes@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1398194761-31344-1-git-send-email-mike.holmes@linaro.org> References: <1398194761-31344-1-git-send-email-mike.holmes@linaro.org> MIME-Version: 1.0 Subject: [lng-odp] [PATCH v5 1/2] exception handling X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: lng-odp-bounces@lists.linaro.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: mike.holmes@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.128.177 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 Signed-off-by: Mike Holmes --- exception_handling.dox | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 exception_handling.dox diff --git a/exception_handling.dox b/exception_handling.dox new file mode 100644 index 0000000..fac5110 --- /dev/null +++ b/exception_handling.dox @@ -0,0 +1,91 @@ +/* Copyright (c) 2013, Linaro Limited + * All rights reserved + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/** +@page exception_handling Exception handling in the ODP API +@tableofcontents + +For the implimentation of the exception handling please see @ref odp_debug.h + +@section requirements Requirements +- Minimal overhead in a finished running system. +- Minimizing the propagation of an error from its point of origin +- Identifying what is a programming error +- Identifying a legitimate infield exception +- We only specify what happens inside the ODP library, not in a calling application + +There are two kinds of exceptional behaviour, +-# Run time exceptions, those that are unusual but foreseeable cases in a running system (out of memory) +-# Programming exceptions, those introduced as bugs (null pointers, out of bounds). + +@section run_time Run time exceptions +These are characterized by the following rules in order of importance +-# These must gracefully leave the system in a known stable state. +-# These checks must remain unconditionally in the code base. +-# These should return the error state to the caller. +-# They may emit an error message via \ref ODP_ERR which can be redefined or disabled. + +@subsection run_time_examples Examples +- Being "too late" to cancel a timer that's already popped, or exceeding some implementation-defined limit +- Backpressure due to resource limits (corner case that is error-prone) +- Checks for any condition that could arise in the field, e.g. running out of buffers or failure to allocate memory +@code + +if (unrecoverable_out_of_foos == 1) +{ + ODP_ERR("Completely unable to proceed, no foos available"); + tidy_up_for_exit(); + ... +} + +@endcode +@note ODP does not trap segfaults, it may not be checking for NULL pointers etc to improve the execution speed. The application should trap segfaults. + +@section programming_exceptions Programming exceptions +There are two classes of programming error +-# Compile time, these can be caught by compile time assertions in the preprocessor +-# Run Time, these are run time assertions + +@section compile_time Compile time programming exceptions +These have the following rules +-# Zero overhead at run time, they never need to be turned off (undefined) +-# Use @#error which will break the build, or @#warning which may not break the build unless -Werror is defined. +-# Can be done for any static evaluation case. + +@subsection compile_time_examples Examples +Checking size and alignment of a struct with offsetof + +@code +typedef struct timer timer; +struct timer +{ + uint8_t MODE; + uint32_t DATA; + uint32_t COUNT; +}; + +ODP_STATIC_ASSERT (ODP_OFFSETOF(timer, DATA) != 4, "DATA must be at offset 4 in timer"); + +@section compile_run_time Run time programming exceptions +There are two rules +-# These must be capable of being turned off by defining -DODP_NO_DEBUG +-# They must use ODP_ASSERT so that the output may be redirected on systems without stderr. +-# ODP_ASSERT will call abort() as its final operation. + +@note ODP_ASSERT is defined to make it easier to redirect output from stderr. For example +an in memory text buffer may be in use if stderr has no meaning on a bare metal implimentation + +@subsection compile_run_time_examples Examples +Checks that the API function arguments are within the permitted value range (e.g. handle validation + +@code +void odp_foo(char *pointer) +{ + ODP_ASSERT(pointer != NULL); + … +} +@endcode +*/