/* * QEMU Error Objects * * Copyright IBM, Corp. 2011 * Copyright (C) 2011-2015 Red Hat, Inc. * * Authors: * Anthony Liguori * Markus Armbruster * * This work is licensed under the terms of the GNU LGPL, version 2. See * the COPYING.LIB file in the top-level directory. */ /* * Error reporting system loosely patterned after Glib's GError. * * = Rules = * * - Functions that use Error to report errors have an Error **errp * parameter. It should be the last parameter, except for functions * taking variable arguments. * * - You may pass NULL to not receive the error, &error_abort to abort * on error, &error_fatal to exit(1) on error, or a pointer to a * variable containing NULL to receive the error. * * - Separation of concerns: the function is responsible for detecting * errors and failing cleanly; handling the error is its caller's * job. Since the value of @errp is about handling the error, the * function should not examine it. * * - The function may pass @errp to functions it calls to pass on * their errors to its caller. If it dereferences @errp to check * for errors, it must use ERRP_GUARD(). * * - On success, the function should not touch *errp. On failure, it * should set a new error, e.g. with error_setg(errp, ...), or * propagate an existing one, e.g. with error_propagate(errp, ...). * * - Whenever practical, also return a value that indicates success / * failure. This can make the error checking more concise, and can * avoid useless error object creation and destruction. Note that * we still have many functions returning void. We recommend * • bool-valued functions return true on success / false on failure, * • pointer-valued functions return non-null / null pointer, and * • integer-valued functions return non-negative / negative. * * = Creating errors = * * Create an error: * error_setg(errp, "situation normal, all fouled up"); * where @errp points to the location to receive the error. * * Create an error and add additional explanation: * error_setg(errp, "invalid quark"); * error_append_hint(errp, "Valid quarks are up, down, strange, " * "charm, top, bottom.\n"); * This may require use of ERRP_GUARD(); more on that below. * * Do *not* contract this to * error_setg(errp, "invalid quark\n" // WRONG! * "Valid quarks are up, down, strange, charm, top, bottom."); * * = Reporting and destroying errors = * * Report an error to the current monitor if we have one, else stderr: * error_report_err(err); * This frees the error object. * * Likewise, but with additional text prepended: * error_reportf_err(err, "Could not frobnicate '%s': ", name); * * Report an error somewhere else: * const char *msg = error_get_pretty(err); * do with msg what needs to be done... * error_free(err); * Note that this loses hints added with error_append_hint(). * * Call a function ignoring errors: * foo(arg, NULL); * This is more concise than * Error *err = NULL; * foo(arg, &err); * error_free(err); // don't do this * * Call a function aborting on errors: * foo(arg, &error_abort); * This is more concise and fails more nicely than * Error *err = NULL; * foo(arg, &err); * assert(!err); // don't do this * * Call a function treating errors as fatal: * foo(arg, &error_fatal); * This is more concise than * Error *err = NULL; * foo(arg, &err); * if (err) { // don't do this * error_report_err(err); * exit(1); * } * * Handle an error without reporting it (just for completeness): * error_free(err); * * Assert that an expected error occurred, but clean it up without * reporting it (primarily useful in testsuites): * error_free_or_abort(&err); * * = Passing errors around = * * Errors get passed to the caller through the conventional @errp * parameter. * * Create a new error and pass it to the caller: * error_setg(errp, "situation normal, all fouled up"); * * Call a function, receive an error from it, and pass it to the caller * - when the function returns a value that indicates failure, say * false: * if (!foo(arg, errp)) { * handle the error... * } * - when it does not, say because it is a void function: * ERRP_GUARD(); * foo(arg, errp); * if (*errp) { * handle the error... * } * More on ERRP_GUARD() below. * * Code predating ERRP_GUARD() still exists, and looks like this: * Error *err = NULL; * foo(arg, &err); * if (err) { * handle the error... * error_propagate(errp, err); // deprecated * } * Avoid in new code. Do *not* "optimize" it to * foo(arg, errp); * if (*errp) { // WRONG! * handle the error... * } * because errp may be NULL without the ERRP_GUARD() guard. * * But when all you do with the error is pass it on, please use * foo(arg, errp); * for readability. * * Receive an error, and handle it locally * - when the function returns a value that indicates failure, say * false: * Error *err = NULL; * if (!foo(arg, &err)) { * handle the error... * } * - when it does not, say because it is a void function: * Error *err = NULL; * foo(arg, &err); * if (err) { * handle the error... * } * * Pass an existing error to the caller: * error_propagate(errp, err); * This is rarely needed. When @err is a local variable, use of * ERRP_GUARD() commonly results in more readable code. * * Pass an existing error to the caller with the message modified: * error_propagate_prepend(errp, err, * "Could not frobnicate '%s': ", name); * This is more concise than * error_propagate(errp, err); // don't do this * error_prepend(errp, "Could not frobnicate '%s': ", name); * and works even when @errp is &error_fatal. * * Receive and accumulate multiple errors (first one wins): * Error *err = NULL, *local_err = NULL; * foo(arg, &err); * bar(arg, &local_err); * error_propagate(&err, local_err); * if (err) { * handle the error... * } * * Do *not* "optimize" this to * Error *err = NULL; * foo(arg, &err); * bar(arg, &err); // WRONG! * if (err) { * handle the error... * } * because this may pass a non-null err to bar(). * * Likewise, do *not* * Error *err = NULL; * if (cond1) { * error_setg(&err, ...); * } * if (cond2) { * error_setg(&err, ...); // WRONG! * } * because this may pass a non-null err to error_setg(). * * = Why, when and how to use ERRP_GUARD() = * * Without ERRP_GUARD(), use of the @errp parameter is restricted: * - It must not be dereferenced, because it may be null. * - It should not be passed to error_prepend() or * error_append_hint(), because that doesn't work with &error_fatal. * ERRP_GUARD() lifts these restrictions. * * To use ERRP_GUARD(), add it right at the beginning of the function. * @errp can then be used without worrying about the argument being * NULL or &error_fatal. * * Using it when it's not needed is safe, but please avoid cluttering * the source with useless code. * * = Converting to ERRP_GUARD() = * * To convert a function to use ERRP_GUARD(): * * 0. If the Error ** parameter is not named @errp, rename it to * @errp. * * 1. Add an ERRP_GUARD() invocation, by convention right at the * beginning of the function. This makes @errp safe to use. * * 2. Replace &err by errp, and err by *errp. Delete local variable * @err. * * 3. Delete error_propagate(errp, *errp), replace * error_propagate_prepend(errp, *errp, ...) by error_prepend(errp, ...) * * 4. Ensure @errp is valid at return: when you destroy *errp, set * errp = NULL. * * Example: * * bool fn(..., Error **errp) * { * Error *err = NULL; * * foo(arg, &err); * if (err) { * handle the error... * error_propagate(errp, err); * return false; * } * ... * } * * becomes * * bool fn(..., Error **errp) * { * ERRP_GUARD(); * * foo(arg, errp); * if (*errp) { * handle the error... * return false; * } * ... * } * * For mass-conversion, use scripts/coccinelle/errp-guard.cocci. */ #ifndef ERROR_H #define ERROR_H #include "qapi/qapi-types-error.h" /* * Overall category of an error. * Based on the qapi type QapiErrorClass, but reproduced here for nicer * enum names. */ typedef enum ErrorClass { ERROR_CLASS_GENERIC_ERROR = QAPI_ERROR_CLASS_GENERICERROR, ERROR_CLASS_COMMAND_NOT_FOUND = QAPI_ERROR_CLASS_COMMANDNOTFOUND, ERROR_CLASS_DEVICE_NOT_ACTIVE = QAPI_ERROR_CLASS_DEVICENOTACTIVE, ERROR_CLASS_DEVICE_NOT_FOUND = QAPI_ERROR_CLASS_DEVICENOTFOUND, ERROR_CLASS_KVM_MISSING_CAP = QAPI_ERROR_CLASS_KVMMISSINGCAP, } ErrorClass; /* * Get @err's human-readable error message. */ const char *error_get_pretty(const Error *err); /* * Get @err's error class. * Note: use of error classes other than ERROR_CLASS_GENERIC_ERROR is * strongly discouraged. */ ErrorClass error_get_class(const Error *err); /* * Create a new error object and assign it to *@errp. * If @errp is NULL, the error is ignored. Don't bother creating one * then. * If @errp is &error_abort, print a suitable message and abort(). * If @errp is &error_fatal, print a suitable message and exit(1). * If @errp is anything else, *@errp must be NULL. * The new error's class is ERROR_CLASS_GENERIC_ERROR, and its * human-readable error message is made from printf-style @fmt, ... * The resulting message should be a single phrase, with no newline or * trailing punctuation. * Please don't error_setg(&error_fatal, ...), use error_report() and * exit(), because that's more obvious. * Likewise, don't error_setg(&error_abort, ...), use assert(). */ #define error_setg(errp, fmt, ...) \ error_setg_internal((errp), __FILE__, __LINE__, __func__, \ (fmt), ## __VA_ARGS__) void error_setg_internal(Error **errp, const char *src, int line, const char *func, const char *fmt, ...) GCC_FMT_ATTR(5, 6); /* * Just like error_setg(), with @os_error info added to the message. * If @os_error is non-zero, ": " + strerror(os_error) is appended to * the human-readable error message. * * The value of errno (which usually can get clobbered by almost any * function call) will be preserved. */ #define error_setg_errno(errp, os_error, fmt, ...) \ error_setg_errno_internal((errp), __FILE__, __LINE__, __func__, \ (os_error), (fmt), ## __VA_ARGS__) void error_setg_errno_internal(Error **errp, const char *fname, int line, const char *func, int os_error, const char *fmt, ...) GCC_FMT_ATTR(6, 7); #ifdef _WIN32 /* * Just like error_setg(), with @win32_error info added to the message. * If @win32_error is non-zero, ": " + g_win32_error_message(win32_err) * is appended to the human-readable error message. */ #define error_setg_win32(errp, win32_err, fmt, ...) \ error_setg_win32_internal((errp), __FILE__, __LINE__, __func__, \ (win32_err), (fmt), ## __VA_ARGS__) void error_setg_win32_internal(Error **errp, const char *src, int line, const char *func, int win32_err, const char *fmt, ...) GCC_FMT_ATTR(6, 7); #endif /* * Propagate error object (if any) from @local_err to @dst_errp. * If @local_err is NULL, do nothing (because there's nothing to * propagate). * Else, if @dst_errp is NULL, errors are being ignored. Free the * error object. * Else, if @dst_errp is &error_abort, print a suitable message and * abort(). * Else, if @dst_errp is &error_fatal, print a suitable message and * exit(1). * Else, if @dst_errp already contains an error, ignore this one: free * the error object. * Else, move the error object from @local_err to *@dst_errp. * On return, @local_err is invalid. * Please use ERRP_GUARD() instead when possible. * Please don't error_propagate(&error_fatal, ...), use * error_report_err() and exit(), because that's more obvious. */ void error_propagate(Error **dst_errp, Error *local_err); /* * Propagate error object (if any) with some text prepended. * Behaves like * error_prepend(&local_err, fmt, ...); * error_propagate(dst_errp, local_err); * Please use ERRP_GUARD() and error_prepend() instead when possible. */ void error_propagate_prepend(Error **dst_errp, Error *local_err, const char *fmt, ...) GCC_FMT_ATTR(3, 4); /* * Prepend some text to @errp's human-readable error message. * The text is made by formatting @fmt, @ap like vprintf(). */ void error_vprepend(Error *const *errp, const char *fmt, va_list ap) GCC_FMT_ATTR(2, 0); /* * Prepend some text to @errp's human-readable error message. * The text is made by formatting @fmt, ... like printf(). */ void error_prepend(Error *const *errp, const char *fmt, ...) GCC_FMT_ATTR(2, 3); /* * Append a printf-style human-readable explanation to an existing error. * If the error is later reported to a human user with * error_report_err() or warn_report_err(), the hints will be shown, * too. If it's reported via QMP, the hints will be ignored. * Intended use is adding helpful hints on the human user interface, * e.g. a list of valid values. It's not for clarifying a confusing * error message. * @errp may be NULL, but not &error_fatal or &error_abort. * Trivially the case if you call it only after error_setg() or * error_propagate(). * May be called multiple times. The resulting hint should end with a * newline. */ void error_append_hint(Error *const *errp, const char *fmt, ...) GCC_FMT_ATTR(2, 3); /* * Convenience function to report open() failure. */ #define error_setg_file_open(errp, os_errno, filename) \ error_setg_file_open_internal((errp), __FILE__, __LINE__, __func__, \ (os_errno), (filename)) void error_setg_file_open_internal(Error **errp, const char *src, int line, const char *func, int os_errno, const char *filename); /* * Return an exact copy of @err. */ Error *error_copy(const Error *err); /* * Free @err. * @err may be NULL. */ void error_free(Error *err); /* * Convenience function to assert that *@errp is set, then silently free it. */ void error_free_or_abort(Error **errp); /* * Convenience function to warn_report() and free @err. * The report includes hints added with error_append_hint(). */ void warn_report_err(Error *err); /* * Convenience function to error_report() and free @err. * The report includes hints added with error_append_hint(). */ void error_report_err(Error *err); /* * Convenience function to error_prepend(), warn_report() and free @err. */ void warn_reportf_err(Error *err, const char *fmt, ...) GCC_FMT_ATTR(2, 3); /* * Convenience function to error_prepend(), error_report() and free @err. */ void error_reportf_err(Error *err, const char *fmt, ...) GCC_FMT_ATTR(2, 3); /* * Just like error_setg(), except you get to specify the error class. * Note: use of error classes other than ERROR_CLASS_GENERIC_ERROR is * strongly discouraged. */ #define error_set(errp, err_class, fmt, ...) \ error_set_internal((errp), __FILE__, __LINE__, __func__, \ (err_class), (fmt), ## __VA_ARGS__) void error_set_internal(Error **errp, const char *src, int line, const char *func, ErrorClass err_class, const char *fmt, ...) GCC_FMT_ATTR(6, 7); /* * Make @errp parameter easier to use regardless of argument value * * This macro is for use right at the beginning of a function that * takes an Error **errp parameter to pass errors to its caller. The * parameter must be named @errp. * * It must be used when the function dereferences @errp or passes * @errp to error_prepend(), error_vprepend(), or error_append_hint(). * It is safe to use even when it's not needed, but please avoid * cluttering the source with useless code. * * If @errp is NULL or &error_fatal, rewrite it to point to a local * Error variable, which will be automatically propagated to the * original @errp on function exit. * * Note: &error_abort is not rewritten, because that would move the * abort from the place where the error is created to the place where * it's propagated. */ #define ERRP_GUARD() \ g_auto(ErrorPropagator) _auto_errp_prop = {.errp = errp}; \ do { \ if (!errp || errp == &error_fatal) { \ errp = &_auto_errp_prop.local_err; \ } \ } while (0) typedef struct ErrorPropagator { Error *local_err; Error **errp; } ErrorPropagator; static inline void error_propagator_cleanup(ErrorPropagator *prop) { error_propagate(prop->errp, prop->local_err); } G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(ErrorPropagator, error_propagator_cleanup); /* * Special error destination to abort on error. * See error_setg() and error_propagate() for details. */ extern Error *error_abort; /* * Special error destination to exit(1) on error. * See error_setg() and error_propagate() for details. */ extern Error *error_fatal; #endif