1 /* 2 * QEMU Error Objects 3 * 4 * Copyright IBM, Corp. 2011 5 * Copyright (C) 2011-2015 Red Hat, Inc. 6 * 7 * Authors: 8 * Anthony Liguori <aliguori@us.ibm.com> 9 * Markus Armbruster <armbru@redhat.com> 10 * 11 * This work is licensed under the terms of the GNU LGPL, version 2. See 12 * the COPYING.LIB file in the top-level directory. 13 */ 14 15 /* 16 * Error reporting system loosely patterned after Glib's GError. 17 * 18 * = Rules = 19 * 20 * - Functions that use Error to report errors have an Error **errp 21 * parameter. It should be the last parameter, except for functions 22 * taking variable arguments. 23 * 24 * - You may pass NULL to not receive the error, &error_abort to abort 25 * on error, &error_fatal to exit(1) on error, or a pointer to a 26 * variable containing NULL to receive the error. 27 * 28 * - Separation of concerns: the function is responsible for detecting 29 * errors and failing cleanly; handling the error is its caller's 30 * job. Since the value of @errp is about handling the error, the 31 * function should not examine it. 32 * 33 * - The function may pass @errp to functions it calls to pass on 34 * their errors to its caller. If it dereferences @errp to check 35 * for errors, it must use ERRP_GUARD(). 36 * 37 * - On success, the function should not touch *errp. On failure, it 38 * should set a new error, e.g. with error_setg(errp, ...), or 39 * propagate an existing one, e.g. with error_propagate(errp, ...). 40 * 41 * - Whenever practical, also return a value that indicates success / 42 * failure. This can make the error checking more concise, and can 43 * avoid useless error object creation and destruction. Note that 44 * we still have many functions returning void. We recommend 45 * • bool-valued functions return true on success / false on failure, 46 * • pointer-valued functions return non-null / null pointer, and 47 * • integer-valued functions return non-negative / negative. 48 * 49 * = Creating errors = 50 * 51 * Create an error: 52 * error_setg(errp, "situation normal, all fouled up"); 53 * where @errp points to the location to receive the error. 54 * 55 * Create an error and add additional explanation: 56 * error_setg(errp, "invalid quark"); 57 * error_append_hint(errp, "Valid quarks are up, down, strange, " 58 * "charm, top, bottom.\n"); 59 * This may require use of ERRP_GUARD(); more on that below. 60 * 61 * Do *not* contract this to 62 * error_setg(errp, "invalid quark\n" // WRONG! 63 * "Valid quarks are up, down, strange, charm, top, bottom."); 64 * 65 * = Reporting and destroying errors = 66 * 67 * Report an error to the current monitor if we have one, else stderr: 68 * error_report_err(err); 69 * This frees the error object. 70 * 71 * Likewise, but with additional text prepended: 72 * error_reportf_err(err, "Could not frobnicate '%s': ", name); 73 * 74 * Report an error somewhere else: 75 * const char *msg = error_get_pretty(err); 76 * do with msg what needs to be done... 77 * error_free(err); 78 * Note that this loses hints added with error_append_hint(). 79 * 80 * Call a function ignoring errors: 81 * foo(arg, NULL); 82 * This is more concise than 83 * Error *err = NULL; 84 * foo(arg, &err); 85 * error_free(err); // don't do this 86 * 87 * Call a function aborting on errors: 88 * foo(arg, &error_abort); 89 * This is more concise and fails more nicely than 90 * Error *err = NULL; 91 * foo(arg, &err); 92 * assert(!err); // don't do this 93 * 94 * Call a function treating errors as fatal: 95 * foo(arg, &error_fatal); 96 * This is more concise than 97 * Error *err = NULL; 98 * foo(arg, &err); 99 * if (err) { // don't do this 100 * error_report_err(err); 101 * exit(1); 102 * } 103 * 104 * Handle an error without reporting it (just for completeness): 105 * error_free(err); 106 * 107 * Assert that an expected error occurred, but clean it up without 108 * reporting it (primarily useful in testsuites): 109 * error_free_or_abort(&err); 110 * 111 * = Passing errors around = 112 * 113 * Errors get passed to the caller through the conventional @errp 114 * parameter. 115 * 116 * Create a new error and pass it to the caller: 117 * error_setg(errp, "situation normal, all fouled up"); 118 * 119 * Call a function, receive an error from it, and pass it to the caller 120 * - when the function returns a value that indicates failure, say 121 * false: 122 * if (!foo(arg, errp)) { 123 * handle the error... 124 * } 125 * - when it does not, say because it is a void function: 126 * ERRP_GUARD(); 127 * foo(arg, errp); 128 * if (*errp) { 129 * handle the error... 130 * } 131 * More on ERRP_GUARD() below. 132 * 133 * Code predating ERRP_GUARD() still exists, and looks like this: 134 * Error *err = NULL; 135 * foo(arg, &err); 136 * if (err) { 137 * handle the error... 138 * error_propagate(errp, err); // deprecated 139 * } 140 * Avoid in new code. Do *not* "optimize" it to 141 * foo(arg, errp); 142 * if (*errp) { // WRONG! 143 * handle the error... 144 * } 145 * because errp may be NULL without the ERRP_GUARD() guard. 146 * 147 * But when all you do with the error is pass it on, please use 148 * foo(arg, errp); 149 * for readability. 150 * 151 * Receive an error, and handle it locally 152 * - when the function returns a value that indicates failure, say 153 * false: 154 * Error *err = NULL; 155 * if (!foo(arg, &err)) { 156 * handle the error... 157 * } 158 * - when it does not, say because it is a void function: 159 * Error *err = NULL; 160 * foo(arg, &err); 161 * if (err) { 162 * handle the error... 163 * } 164 * 165 * Pass an existing error to the caller: 166 * error_propagate(errp, err); 167 * This is rarely needed. When @err is a local variable, use of 168 * ERRP_GUARD() commonly results in more readable code. 169 * 170 * Pass an existing error to the caller with the message modified: 171 * error_propagate_prepend(errp, err, 172 * "Could not frobnicate '%s': ", name); 173 * This is more concise than 174 * error_propagate(errp, err); // don't do this 175 * error_prepend(errp, "Could not frobnicate '%s': ", name); 176 * and works even when @errp is &error_fatal. 177 * 178 * Receive and accumulate multiple errors (first one wins): 179 * Error *err = NULL, *local_err = NULL; 180 * foo(arg, &err); 181 * bar(arg, &local_err); 182 * error_propagate(&err, local_err); 183 * if (err) { 184 * handle the error... 185 * } 186 * 187 * Do *not* "optimize" this to 188 * Error *err = NULL; 189 * foo(arg, &err); 190 * bar(arg, &err); // WRONG! 191 * if (err) { 192 * handle the error... 193 * } 194 * because this may pass a non-null err to bar(). 195 * 196 * Likewise, do *not* 197 * Error *err = NULL; 198 * if (cond1) { 199 * error_setg(&err, ...); 200 * } 201 * if (cond2) { 202 * error_setg(&err, ...); // WRONG! 203 * } 204 * because this may pass a non-null err to error_setg(). 205 * 206 * = Why, when and how to use ERRP_GUARD() = 207 * 208 * Without ERRP_GUARD(), use of the @errp parameter is restricted: 209 * - It must not be dereferenced, because it may be null. 210 * - It should not be passed to error_prepend() or 211 * error_append_hint(), because that doesn't work with &error_fatal. 212 * ERRP_GUARD() lifts these restrictions. 213 * 214 * To use ERRP_GUARD(), add it right at the beginning of the function. 215 * @errp can then be used without worrying about the argument being 216 * NULL or &error_fatal. 217 * 218 * Using it when it's not needed is safe, but please avoid cluttering 219 * the source with useless code. 220 * 221 * = Converting to ERRP_GUARD() = 222 * 223 * To convert a function to use ERRP_GUARD(): 224 * 225 * 0. If the Error ** parameter is not named @errp, rename it to 226 * @errp. 227 * 228 * 1. Add an ERRP_GUARD() invocation, by convention right at the 229 * beginning of the function. This makes @errp safe to use. 230 * 231 * 2. Replace &err by errp, and err by *errp. Delete local variable 232 * @err. 233 * 234 * 3. Delete error_propagate(errp, *errp), replace 235 * error_propagate_prepend(errp, *errp, ...) by error_prepend(errp, ...) 236 * 237 * 4. Ensure @errp is valid at return: when you destroy *errp, set 238 * errp = NULL. 239 * 240 * Example: 241 * 242 * bool fn(..., Error **errp) 243 * { 244 * Error *err = NULL; 245 * 246 * foo(arg, &err); 247 * if (err) { 248 * handle the error... 249 * error_propagate(errp, err); 250 * return false; 251 * } 252 * ... 253 * } 254 * 255 * becomes 256 * 257 * bool fn(..., Error **errp) 258 * { 259 * ERRP_GUARD(); 260 * 261 * foo(arg, errp); 262 * if (*errp) { 263 * handle the error... 264 * return false; 265 * } 266 * ... 267 * } 268 * 269 * For mass-conversion, use scripts/coccinelle/errp-guard.cocci. 270 */ 271 272 #ifndef ERROR_H 273 #define ERROR_H 274 275 #include "qapi/qapi-types-error.h" 276 277 /* 278 * Overall category of an error. 279 * Based on the qapi type QapiErrorClass, but reproduced here for nicer 280 * enum names. 281 */ 282 typedef enum ErrorClass { 283 ERROR_CLASS_GENERIC_ERROR = QAPI_ERROR_CLASS_GENERICERROR, 284 ERROR_CLASS_COMMAND_NOT_FOUND = QAPI_ERROR_CLASS_COMMANDNOTFOUND, 285 ERROR_CLASS_DEVICE_NOT_ACTIVE = QAPI_ERROR_CLASS_DEVICENOTACTIVE, 286 ERROR_CLASS_DEVICE_NOT_FOUND = QAPI_ERROR_CLASS_DEVICENOTFOUND, 287 ERROR_CLASS_KVM_MISSING_CAP = QAPI_ERROR_CLASS_KVMMISSINGCAP, 288 } ErrorClass; 289 290 /* 291 * Get @err's human-readable error message. 292 */ 293 const char *error_get_pretty(const Error *err); 294 295 /* 296 * Get @err's error class. 297 * Note: use of error classes other than ERROR_CLASS_GENERIC_ERROR is 298 * strongly discouraged. 299 */ 300 ErrorClass error_get_class(const Error *err); 301 302 /* 303 * Create a new error object and assign it to *@errp. 304 * If @errp is NULL, the error is ignored. Don't bother creating one 305 * then. 306 * If @errp is &error_abort, print a suitable message and abort(). 307 * If @errp is &error_fatal, print a suitable message and exit(1). 308 * If @errp is anything else, *@errp must be NULL. 309 * The new error's class is ERROR_CLASS_GENERIC_ERROR, and its 310 * human-readable error message is made from printf-style @fmt, ... 311 * The resulting message should be a single phrase, with no newline or 312 * trailing punctuation. 313 * Please don't error_setg(&error_fatal, ...), use error_report() and 314 * exit(), because that's more obvious. 315 * Likewise, don't error_setg(&error_abort, ...), use assert(). 316 */ 317 #define error_setg(errp, fmt, ...) \ 318 error_setg_internal((errp), __FILE__, __LINE__, __func__, \ 319 (fmt), ## __VA_ARGS__) 320 void error_setg_internal(Error **errp, 321 const char *src, int line, const char *func, 322 const char *fmt, ...) 323 GCC_FMT_ATTR(5, 6); 324 325 /* 326 * Just like error_setg(), with @os_error info added to the message. 327 * If @os_error is non-zero, ": " + strerror(os_error) is appended to 328 * the human-readable error message. 329 * 330 * The value of errno (which usually can get clobbered by almost any 331 * function call) will be preserved. 332 */ 333 #define error_setg_errno(errp, os_error, fmt, ...) \ 334 error_setg_errno_internal((errp), __FILE__, __LINE__, __func__, \ 335 (os_error), (fmt), ## __VA_ARGS__) 336 void error_setg_errno_internal(Error **errp, 337 const char *fname, int line, const char *func, 338 int os_error, const char *fmt, ...) 339 GCC_FMT_ATTR(6, 7); 340 341 #ifdef _WIN32 342 /* 343 * Just like error_setg(), with @win32_error info added to the message. 344 * If @win32_error is non-zero, ": " + g_win32_error_message(win32_err) 345 * is appended to the human-readable error message. 346 */ 347 #define error_setg_win32(errp, win32_err, fmt, ...) \ 348 error_setg_win32_internal((errp), __FILE__, __LINE__, __func__, \ 349 (win32_err), (fmt), ## __VA_ARGS__) 350 void error_setg_win32_internal(Error **errp, 351 const char *src, int line, const char *func, 352 int win32_err, const char *fmt, ...) 353 GCC_FMT_ATTR(6, 7); 354 #endif 355 356 /* 357 * Propagate error object (if any) from @local_err to @dst_errp. 358 * If @local_err is NULL, do nothing (because there's nothing to 359 * propagate). 360 * Else, if @dst_errp is NULL, errors are being ignored. Free the 361 * error object. 362 * Else, if @dst_errp is &error_abort, print a suitable message and 363 * abort(). 364 * Else, if @dst_errp is &error_fatal, print a suitable message and 365 * exit(1). 366 * Else, if @dst_errp already contains an error, ignore this one: free 367 * the error object. 368 * Else, move the error object from @local_err to *@dst_errp. 369 * On return, @local_err is invalid. 370 * Please use ERRP_GUARD() instead when possible. 371 * Please don't error_propagate(&error_fatal, ...), use 372 * error_report_err() and exit(), because that's more obvious. 373 */ 374 void error_propagate(Error **dst_errp, Error *local_err); 375 376 377 /* 378 * Propagate error object (if any) with some text prepended. 379 * Behaves like 380 * error_prepend(&local_err, fmt, ...); 381 * error_propagate(dst_errp, local_err); 382 * Please use ERRP_GUARD() and error_prepend() instead when possible. 383 */ 384 void error_propagate_prepend(Error **dst_errp, Error *local_err, 385 const char *fmt, ...); 386 387 /* 388 * Prepend some text to @errp's human-readable error message. 389 * The text is made by formatting @fmt, @ap like vprintf(). 390 */ 391 void error_vprepend(Error *const *errp, const char *fmt, va_list ap); 392 393 /* 394 * Prepend some text to @errp's human-readable error message. 395 * The text is made by formatting @fmt, ... like printf(). 396 */ 397 void error_prepend(Error *const *errp, const char *fmt, ...) 398 GCC_FMT_ATTR(2, 3); 399 400 /* 401 * Append a printf-style human-readable explanation to an existing error. 402 * If the error is later reported to a human user with 403 * error_report_err() or warn_report_err(), the hints will be shown, 404 * too. If it's reported via QMP, the hints will be ignored. 405 * Intended use is adding helpful hints on the human user interface, 406 * e.g. a list of valid values. It's not for clarifying a confusing 407 * error message. 408 * @errp may be NULL, but not &error_fatal or &error_abort. 409 * Trivially the case if you call it only after error_setg() or 410 * error_propagate(). 411 * May be called multiple times. The resulting hint should end with a 412 * newline. 413 */ 414 void error_append_hint(Error *const *errp, const char *fmt, ...) 415 GCC_FMT_ATTR(2, 3); 416 417 /* 418 * Convenience function to report open() failure. 419 */ 420 #define error_setg_file_open(errp, os_errno, filename) \ 421 error_setg_file_open_internal((errp), __FILE__, __LINE__, __func__, \ 422 (os_errno), (filename)) 423 void error_setg_file_open_internal(Error **errp, 424 const char *src, int line, const char *func, 425 int os_errno, const char *filename); 426 427 /* 428 * Return an exact copy of @err. 429 */ 430 Error *error_copy(const Error *err); 431 432 /* 433 * Free @err. 434 * @err may be NULL. 435 */ 436 void error_free(Error *err); 437 438 /* 439 * Convenience function to assert that *@errp is set, then silently free it. 440 */ 441 void error_free_or_abort(Error **errp); 442 443 /* 444 * Convenience function to warn_report() and free @err. 445 * The report includes hints added with error_append_hint(). 446 */ 447 void warn_report_err(Error *err); 448 449 /* 450 * Convenience function to error_report() and free @err. 451 * The report includes hints added with error_append_hint(). 452 */ 453 void error_report_err(Error *err); 454 455 /* 456 * Convenience function to error_prepend(), warn_report() and free @err. 457 */ 458 void warn_reportf_err(Error *err, const char *fmt, ...) 459 GCC_FMT_ATTR(2, 3); 460 461 /* 462 * Convenience function to error_prepend(), error_report() and free @err. 463 */ 464 void error_reportf_err(Error *err, const char *fmt, ...) 465 GCC_FMT_ATTR(2, 3); 466 467 /* 468 * Just like error_setg(), except you get to specify the error class. 469 * Note: use of error classes other than ERROR_CLASS_GENERIC_ERROR is 470 * strongly discouraged. 471 */ 472 #define error_set(errp, err_class, fmt, ...) \ 473 error_set_internal((errp), __FILE__, __LINE__, __func__, \ 474 (err_class), (fmt), ## __VA_ARGS__) 475 void error_set_internal(Error **errp, 476 const char *src, int line, const char *func, 477 ErrorClass err_class, const char *fmt, ...) 478 GCC_FMT_ATTR(6, 7); 479 480 /* 481 * Make @errp parameter easier to use regardless of argument value 482 * 483 * This macro is for use right at the beginning of a function that 484 * takes an Error **errp parameter to pass errors to its caller. The 485 * parameter must be named @errp. 486 * 487 * It must be used when the function dereferences @errp or passes 488 * @errp to error_prepend(), error_vprepend(), or error_append_hint(). 489 * It is safe to use even when it's not needed, but please avoid 490 * cluttering the source with useless code. 491 * 492 * If @errp is NULL or &error_fatal, rewrite it to point to a local 493 * Error variable, which will be automatically propagated to the 494 * original @errp on function exit. 495 * 496 * Note: &error_abort is not rewritten, because that would move the 497 * abort from the place where the error is created to the place where 498 * it's propagated. 499 */ 500 #define ERRP_GUARD() \ 501 g_auto(ErrorPropagator) _auto_errp_prop = {.errp = errp}; \ 502 do { \ 503 if (!errp || errp == &error_fatal) { \ 504 errp = &_auto_errp_prop.local_err; \ 505 } \ 506 } while (0) 507 508 typedef struct ErrorPropagator { 509 Error *local_err; 510 Error **errp; 511 } ErrorPropagator; 512 513 static inline void error_propagator_cleanup(ErrorPropagator *prop) 514 { 515 error_propagate(prop->errp, prop->local_err); 516 } 517 518 G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(ErrorPropagator, error_propagator_cleanup); 519 520 /* 521 * Special error destination to abort on error. 522 * See error_setg() and error_propagate() for details. 523 */ 524 extern Error *error_abort; 525 526 /* 527 * Special error destination to exit(1) on error. 528 * See error_setg() and error_propagate() for details. 529 */ 530 extern Error *error_fatal; 531 532 #endif 533