commit 7bd7954535c9ea1ebc6719723102db3eaeeaefa7
author Willy Tarreau <w@1wt.eu> Mon Feb 28 15:25:58 2022 +0100
committer Willy Tarreau <w@1wt.eu> Mon Feb 28 15:32:24 2022 +0100
tree 78646cc22b5e853649b3d8c986cee1492d712d18
parent 86bcc53084fb06351353add8881ff4b789ca08cd

DEBUG: add two new macros to enable debugging in hot paths

Two new BUG_ON variants, BUG_ON_HOT() and CHECK_IF_HOT() are introduced
to debug hot paths (such as low-level API functions). These ones must
not be enabled by default as they would significantly affect performance
but they may be enabled by setting DEBUG_STRICT to a value above 1. In
this case, DEBUG_STRICT_ACTION is mostly respected with a small change,
which is that the no_crash variant of BUG_ON() isn't turned to a regular
warning but to a one-time warning so as not to spam with warnings in a
hot path. It is for this reason that there is no WARN_ON_HOT().

include/haproxy/bug.h

diff --git a/include/haproxy/bug.h b/include/haproxy/bug.h
index 6dcbbd6..2885360 100644
--- a/include/haproxy/bug.h
+++ b/include/haproxy/bug.h
@@ -117,6 +117,7 @@
  *        3    CRASH        CRASH        CRASH
  */
 
+/* The macros below are for general use */
 #if defined(DEBUG_STRICT)
 # if defined(DEBUG_STRICT_ACTION) && (DEBUG_STRICT_ACTION < 1)
 /* Lowest level: BUG_ON() warns, WARN_ON() warns, CHECK_IF() warns */
@@ -145,6 +146,30 @@
 #  define CHECK_IF(cond)
 #endif
 
+/* These macros are only for hot paths and remain disabled unless DEBUG_STRICT is 2 or above.
+ * Only developers/CI should use these levels as they may significantly impact performance by
+ * enabling checks in sensitive areas.
+ */
+#if defined(DEBUG_STRICT) && (DEBUG_STRICT > 1)
+# if defined(DEBUG_STRICT_ACTION) && (DEBUG_STRICT_ACTION < 1)
+/* Lowest level: BUG_ON() warns, CHECK_IF() warns */
+#  define BUG_ON_HOT(cond)   _BUG_ON_ONCE(cond, __FILE__, __LINE__, 2, "WARNING: bug ",   " (not crashing but process is untrusted now, please report to developers)")
+#  define CHECK_IF_HOT(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 0, "WARNING: check ", " (please report to developers)")
+# elif !defined(DEBUG_STRICT_ACTION) || (DEBUG_STRICT_ACTION < 3)
+/* default level: BUG_ON() crashes, CHECK_IF() warns */
+#  define BUG_ON_HOT(cond)   _BUG_ON     (cond, __FILE__, __LINE__, 3, "FATAL: bug ",     "")
+#  define CHECK_IF_HOT(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 0, "WARNING: check ", " (please report to developers)")
+# elif DEBUG_STRICT_ACTION >= 3
+/* Developer/CI level: BUG_ON() crashes, CHECK_IF() crashes */
+#  define BUG_ON_HOT(cond)   _BUG_ON     (cond, __FILE__, __LINE__, 3, "FATAL: bug ",     "")
+#  define CHECK_IF_HOT(cond) _BUG_ON_ONCE(cond, __FILE__, __LINE__, 1, "FATAL: check ",   "")
+# endif
+#else
+#  define BUG_ON_HOT(cond)
+#  define CHECK_IF_HOT(cond)
+#endif
+
+
 /* When not optimizing, clang won't remove that code, so only compile it in when optimizing */
 #if defined(__GNUC__) && defined(__OPTIMIZE__)
 #define HA_LINK_ERROR(what)                                                  \