blob: 2ed27c72d037b6cdd93c78bac980ea4d6ea97f9e [file] [log] [blame]
/*
* include/haproxy/bug.h
* Assertions and instant crash macros needed everywhere.
*
* Copyright (C) 2000-2020 Willy Tarreau - w@1wt.eu
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef _HAPROXY_BUG_H
#define _HAPROXY_BUG_H
#include <haproxy/atomic.h>
#include <haproxy/compiler.h>
/* quick debugging hack, should really be removed ASAP */
#ifdef DEBUG_FULL
#define DPRINTF(x...) fprintf(x)
#else
#define DPRINTF(x...)
#endif
#define DUMP_TRACE() do { extern void ha_backtrace_to_stderr(void); ha_backtrace_to_stderr(); } while (0)
#ifdef DEBUG_USE_ABORT
/* abort() is better recognized by code analysis tools */
#define ABORT_NOW() do { DUMP_TRACE(); abort(); } while (0)
#else
/* More efficient than abort() because it does not mangle the
* stack and stops at the exact location we need.
*/
#define ABORT_NOW() do { DUMP_TRACE(); (*(volatile int*)1=0); my_unreachable(); } while (0)
#endif
/* This is the generic low-level macro dealing with conditional warnings and
* bugs. The caller decides whether to crash or not and what prefix and suffix
* to pass. The macro returns the boolean value of the condition as an int for
* the case where it wouldn't die. The <crash> flag is made of:
* - crash & 1: crash yes/no;
* - crash & 2: taint as bug instead of warn
*/
#define _BUG_ON(cond, file, line, crash, pfx, sfx) \
__BUG_ON(cond, file, line, crash, pfx, sfx)
#define __BUG_ON(cond, file, line, crash, pfx, sfx) \
({ \
int __bug_cond = !!(cond); \
if (unlikely(__bug_cond)) { \
const char msg[] = "\n" pfx "condition \"" #cond "\" matched at " file ":" #line "" sfx "\n"; \
DISGUISE(write(2, msg, __builtin_strlen(msg))); \
if (crash & 2) \
mark_tainted(TAINTED_BUG); \
else \
mark_tainted(TAINTED_WARN); \
if (crash & 1) \
ABORT_NOW(); \
else \
DUMP_TRACE(); \
} \
__bug_cond; /* let's return the condition */ \
})
/* This one is equivalent except that it only emits the message once by
* maintaining a static counter. This may be used with warnings to detect
* certain unexpected conditions in field. Later on, in cores it will be
* possible to verify these counters.
*/
#define _BUG_ON_ONCE(cond, file, line, crash, pfx, sfx) \
__BUG_ON_ONCE(cond, file, line, crash, pfx, sfx)
#define __BUG_ON_ONCE(cond, file, line, crash, pfx, sfx) \
({ \
static int __match_count_##line; \
int __bug_cond = !!(cond); \
if (unlikely(__bug_cond) && \
!_HA_ATOMIC_FETCH_ADD(&__match_count_##line, 1)) { \
const char msg[] = "\n" pfx "condition \"" #cond "\" matched at " file ":" #line "" sfx "\n"; \
DISGUISE(write(2, msg, __builtin_strlen(msg))); \
if (crash & 2) \
mark_tainted(TAINTED_BUG); \
else \
mark_tainted(TAINTED_WARN); \
if (crash & 1) \
ABORT_NOW(); \
else \
DUMP_TRACE(); \
} \
__bug_cond; /* let's return the condition */ \
})
/* DEBUG_STRICT enables/disables runtime checks on condition <cond>
* DEBUG_STRICT_ACTION indicates the level of verification on the rules when
* <cond> is true:
*
* macro BUG_ON() WARN_ON() CHECK_IF()
* value 0 warn warn warn
* 1 CRASH warn warn
* 2 CRASH CRASH warn
* 3 CRASH CRASH CRASH
*/
/* The macros below are for general use */
#if defined(DEBUG_STRICT)
# if defined(DEBUG_STRICT_ACTION) && (DEBUG_STRICT_ACTION < 1)
/* Lowest level: BUG_ON() warns, WARN_ON() warns, CHECK_IF() warns */
# define BUG_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 2, "WARNING: bug ", " (not crashing but process is untrusted now, please report to developers)")
# define WARN_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 0, "WARNING: warn ", " (please report to developers)")
# define CHECK_IF(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 0, "WARNING: check ", " (please report to developers)")
# elif !defined(DEBUG_STRICT_ACTION) || (DEBUG_STRICT_ACTION == 1)
/* default level: BUG_ON() crashes, WARN_ON() warns, CHECK_IF() warns */
# define BUG_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 3, "FATAL: bug ", "")
# define WARN_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 0, "WARNING: warn ", " (please report to developers)")
# define CHECK_IF(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 0, "WARNING: check ", " (please report to developers)")
# elif defined(DEBUG_STRICT_ACTION) && (DEBUG_STRICT_ACTION == 2)
/* Stricter level: BUG_ON() crashes, WARN_ON() crashes, CHECK_IF() warns */
# define BUG_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 3, "FATAL: bug ", "")
# define WARN_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 1, "FATAL: warn ", "")
# define CHECK_IF(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 0, "WARNING: check ", " (please report to developers)")
# elif defined(DEBUG_STRICT_ACTION) && (DEBUG_STRICT_ACTION >= 3)
/* Developer/CI level: BUG_ON() crashes, WARN_ON() crashes, CHECK_IF() crashes */
# define BUG_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 3, "FATAL: bug ", "")
# define WARN_ON(cond) _BUG_ON (cond, __FILE__, __LINE__, 1, "FATAL: warn ", "")
# define CHECK_IF(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 1, "FATAL: check ", "")
# endif
#else
# define BUG_ON(cond)
# define WARN_ON(cond)
# define CHECK_IF(cond)
#endif
/* These macros are only for hot paths and remain disabled unless DEBUG_STRICT is 2 or above.
* Only developers/CI should use these levels as they may significantly impact performance by
* enabling checks in sensitive areas.
*/
#if defined(DEBUG_STRICT) && (DEBUG_STRICT > 1)
# if defined(DEBUG_STRICT_ACTION) && (DEBUG_STRICT_ACTION < 1)
/* Lowest level: BUG_ON() warns, CHECK_IF() warns */
# define BUG_ON_HOT(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 2, "WARNING: bug ", " (not crashing but process is untrusted now, please report to developers)")
# define CHECK_IF_HOT(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 0, "WARNING: check ", " (please report to developers)")
# elif !defined(DEBUG_STRICT_ACTION) || (DEBUG_STRICT_ACTION < 3)
/* default level: BUG_ON() crashes, CHECK_IF() warns */
# define BUG_ON_HOT(cond) _BUG_ON (cond, __FILE__, __LINE__, 3, "FATAL: bug ", "")
# define CHECK_IF_HOT(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 0, "WARNING: check ", " (please report to developers)")
# elif defined(DEBUG_STRICT_ACTION) && (DEBUG_STRICT_ACTION >= 3)
/* Developer/CI level: BUG_ON() crashes, CHECK_IF() crashes */
# define BUG_ON_HOT(cond) _BUG_ON (cond, __FILE__, __LINE__, 3, "FATAL: bug ", "")
# define CHECK_IF_HOT(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 1, "FATAL: check ", "")
# endif
#else
# define BUG_ON_HOT(cond)
# define CHECK_IF_HOT(cond)
#endif
/* When not optimizing, clang won't remove that code, so only compile it in when optimizing */
#if defined(__GNUC__) && defined(__OPTIMIZE__)
#define HA_LINK_ERROR(what) \
do { \
/* provoke a build-time error */ \
extern volatile int what; \
what = 1; \
} while (0)
#else
#define HA_LINK_ERROR(what) \
do { \
} while (0)
#endif /* __OPTIMIZE__ */
/* more reliable free() that clears the pointer */
#define ha_free(x) do { \
typeof(x) __x = (x); \
if (__builtin_constant_p((x)) || __builtin_constant_p(*(x))) { \
HA_LINK_ERROR(call_to_ha_free_attempts_to_free_a_constant); \
} \
free(*__x); \
*__x = NULL; \
} while (0)
/* handle 'tainted' status */
enum tainted_flags {
TAINTED_CONFIG_EXP_KW_DECLARED = 0x00000001,
TAINTED_ACTION_EXP_EXECUTED = 0x00000002,
TAINTED_CLI_EXPERT_MODE = 0x00000004,
TAINTED_CLI_EXPERIMENTAL_MODE = 0x00000008,
TAINTED_WARN = 0x00000010, /* a WARN_ON triggered */
TAINTED_BUG = 0x00000020, /* a BUG_ON triggered */
};
/* this is a bit field made of TAINTED_*, and is declared in haproxy.c */
extern unsigned int tainted;
static inline void mark_tainted(const enum tainted_flags flag)
{
HA_ATOMIC_OR(&tainted, flag);
}
static inline unsigned int get_tainted()
{
return HA_ATOMIC_LOAD(&tainted);
}
#if defined(DEBUG_MEM_STATS)
#include <stdlib.h>
#include <string.h>
/* Memory allocation statistics are centralized into a global "mem_stats"
* section. This will not work with some linkers.
*/
enum {
MEM_STATS_TYPE_UNSET = 0,
MEM_STATS_TYPE_CALLOC,
MEM_STATS_TYPE_FREE,
MEM_STATS_TYPE_MALLOC,
MEM_STATS_TYPE_REALLOC,
MEM_STATS_TYPE_STRDUP,
};
struct mem_stats {
size_t calls;
size_t size;
const char *file;
int line;
int type;
};
#undef calloc
#define calloc(x,y) ({ \
size_t __x = (x); size_t __y = (y); \
static struct mem_stats _ __attribute__((used,__section__("mem_stats"))) = { \
.file = __FILE__, .line = __LINE__, \
.type = MEM_STATS_TYPE_CALLOC, \
}; \
__asm__(".globl __start_mem_stats"); \
__asm__(".globl __stop_mem_stats"); \
_HA_ATOMIC_INC(&_.calls); \
_HA_ATOMIC_ADD(&_.size, __x * __y); \
calloc(__x,__y); \
})
/* note: we can't redefine free() because we have a few variables and struct
* members called like this.
*/
#undef __free
#define __free(x) ({ \
void *__x = (x); \
static struct mem_stats _ __attribute__((used,__section__("mem_stats"))) = { \
.file = __FILE__, .line = __LINE__, \
.type = MEM_STATS_TYPE_FREE, \
}; \
__asm__(".globl __start_mem_stats"); \
__asm__(".globl __stop_mem_stats"); \
if (__x) \
_HA_ATOMIC_INC(&_.calls); \
free(__x); \
})
#undef ha_free
#define ha_free(x) ({ \
typeof(x) __x = (x); \
static struct mem_stats _ __attribute__((used,__section__("mem_stats"))) = { \
.file = __FILE__, .line = __LINE__, \
.type = MEM_STATS_TYPE_FREE, \
}; \
__asm__(".globl __start_mem_stats"); \
__asm__(".globl __stop_mem_stats"); \
if (__builtin_constant_p((x)) || __builtin_constant_p(*(x))) { \
HA_LINK_ERROR(call_to_ha_free_attempts_to_free_a_constant); \
} \
if (*__x) \
_HA_ATOMIC_INC(&_.calls); \
free(*__x); \
*__x = NULL; \
})
#undef malloc
#define malloc(x) ({ \
size_t __x = (x); \
static struct mem_stats _ __attribute__((used,__section__("mem_stats"))) = { \
.file = __FILE__, .line = __LINE__, \
.type = MEM_STATS_TYPE_MALLOC, \
}; \
__asm__(".globl __start_mem_stats"); \
__asm__(".globl __stop_mem_stats"); \
_HA_ATOMIC_INC(&_.calls); \
_HA_ATOMIC_ADD(&_.size, __x); \
malloc(__x); \
})
#undef realloc
#define realloc(x,y) ({ \
void *__x = (x); size_t __y = (y); \
static struct mem_stats _ __attribute__((used,__section__("mem_stats"))) = { \
.file = __FILE__, .line = __LINE__, \
.type = MEM_STATS_TYPE_REALLOC, \
}; \
__asm__(".globl __start_mem_stats"); \
__asm__(".globl __stop_mem_stats"); \
_HA_ATOMIC_INC(&_.calls); \
_HA_ATOMIC_ADD(&_.size, __y); \
realloc(__x,__y); \
})
#undef strdup
#define strdup(x) ({ \
const char *__x = (x); size_t __y = strlen(__x); \
static struct mem_stats _ __attribute__((used,__section__("mem_stats"))) = { \
.file = __FILE__, .line = __LINE__, \
.type = MEM_STATS_TYPE_STRDUP, \
}; \
__asm__(".globl __start_mem_stats"); \
__asm__(".globl __stop_mem_stats"); \
_HA_ATOMIC_INC(&_.calls); \
_HA_ATOMIC_ADD(&_.size, __y); \
strdup(__x); \
})
#endif /* DEBUG_MEM_STATS*/
#endif /* _HAPROXY_BUG_H */
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/