xref: /openbmc/qemu/include/qapi/error.h (revision 587adaca)
1 /*
2  * QEMU Error Objects
3  *
4  * Copyright IBM, Corp. 2011
5  * Copyright (C) 2011-2015 Red Hat, Inc.
6  *
7  * Authors:
8  *  Anthony Liguori   <aliguori@us.ibm.com>
9  *  Markus Armbruster <armbru@redhat.com>
10  *
11  * This work is licensed under the terms of the GNU LGPL, version 2.  See
12  * the COPYING.LIB file in the top-level directory.
13  */
14 
15 /*
16  * Error reporting system loosely patterned after Glib's GError.
17  *
18  * = Rules =
19  *
20  * - Functions that use Error to report errors have an Error **errp
21  *   parameter.  It should be the last parameter, except for functions
22  *   taking variable arguments.
23  *
24  * - You may pass NULL to not receive the error, &error_abort to abort
25  *   on error, &error_fatal to exit(1) on error, or a pointer to a
26  *   variable containing NULL to receive the error.
27  *
28  * - Separation of concerns: the function is responsible for detecting
29  *   errors and failing cleanly; handling the error is its caller's
30  *   job.  Since the value of @errp is about handling the error, the
31  *   function should not examine it.
32  *
33  * - The function may pass @errp to functions it calls to pass on
34  *   their errors to its caller.  If it dereferences @errp to check
35  *   for errors, it must use ERRP_GUARD().
36  *
37  * - On success, the function should not touch *errp.  On failure, it
38  *   should set a new error, e.g. with error_setg(errp, ...), or
39  *   propagate an existing one, e.g. with error_propagate(errp, ...).
40  *
41  * - Whenever practical, also return a value that indicates success /
42  *   failure.  This can make the error checking more concise, and can
43  *   avoid useless error object creation and destruction.  Note that
44  *   we still have many functions returning void.  We recommend
45  *   • bool-valued functions return true on success / false on failure,
46  *   • pointer-valued functions return non-null / null pointer, and
47  *   • integer-valued functions return non-negative / negative.
48  *
49  * = Creating errors =
50  *
51  * Create an error:
52  *     error_setg(errp, "situation normal, all fouled up");
53  * where @errp points to the location to receive the error.
54  *
55  * Create an error and add additional explanation:
56  *     error_setg(errp, "invalid quark");
57  *     error_append_hint(errp, "Valid quarks are up, down, strange, "
58  *                       "charm, top, bottom.\n");
59  * This may require use of ERRP_GUARD(); more on that below.
60  *
61  * Do *not* contract this to
62  *     error_setg(errp, "invalid quark\n" // WRONG!
63  *                "Valid quarks are up, down, strange, charm, top, bottom.");
64  *
65  * = Reporting and destroying errors =
66  *
67  * Report an error to the current monitor if we have one, else stderr:
68  *     error_report_err(err);
69  * This frees the error object.
70  *
71  * Likewise, but with additional text prepended:
72  *     error_reportf_err(err, "Could not frobnicate '%s': ", name);
73  *
74  * Report an error somewhere else:
75  *     const char *msg = error_get_pretty(err);
76  *     do with msg what needs to be done...
77  *     error_free(err);
78  * Note that this loses hints added with error_append_hint().
79  *
80  * Call a function ignoring errors:
81  *     foo(arg, NULL);
82  * This is more concise than
83  *     Error *err = NULL;
84  *     foo(arg, &err);
85  *     error_free(err); // don't do this
86  *
87  * Call a function aborting on errors:
88  *     foo(arg, &error_abort);
89  * This is more concise and fails more nicely than
90  *     Error *err = NULL;
91  *     foo(arg, &err);
92  *     assert(!err); // don't do this
93  *
94  * Call a function treating errors as fatal:
95  *     foo(arg, &error_fatal);
96  * This is more concise than
97  *     Error *err = NULL;
98  *     foo(arg, &err);
99  *     if (err) { // don't do this
100  *         error_report_err(err);
101  *         exit(1);
102  *     }
103  *
104  * Handle an error without reporting it (just for completeness):
105  *     error_free(err);
106  *
107  * Assert that an expected error occurred, but clean it up without
108  * reporting it (primarily useful in testsuites):
109  *     error_free_or_abort(&err);
110  *
111  * = Passing errors around =
112  *
113  * Errors get passed to the caller through the conventional @errp
114  * parameter.
115  *
116  * Create a new error and pass it to the caller:
117  *     error_setg(errp, "situation normal, all fouled up");
118  *
119  * Call a function, receive an error from it, and pass it to the caller
120  * - when the function returns a value that indicates failure, say
121  *   false:
122  *     if (!foo(arg, errp)) {
123  *         handle the error...
124  *     }
125  * - when it does not, say because it is a void function:
126  *     ERRP_GUARD();
127  *     foo(arg, errp);
128  *     if (*errp) {
129  *         handle the error...
130  *     }
131  * More on ERRP_GUARD() below.
132  *
133  * Code predating ERRP_GUARD() still exists, and looks like this:
134  *     Error *err = NULL;
135  *     foo(arg, &err);
136  *     if (err) {
137  *         handle the error...
138  *         error_propagate(errp, err); // deprecated
139  *     }
140  * Avoid in new code.  Do *not* "optimize" it to
141  *     foo(arg, errp);
142  *     if (*errp) { // WRONG!
143  *         handle the error...
144  *     }
145  * because errp may be NULL without the ERRP_GUARD() guard.
146  *
147  * But when all you do with the error is pass it on, please use
148  *     foo(arg, errp);
149  * for readability.
150  *
151  * Receive an error, and handle it locally
152  * - when the function returns a value that indicates failure, say
153  *   false:
154  *     Error *err = NULL;
155  *     if (!foo(arg, &err)) {
156  *         handle the error...
157  *     }
158  * - when it does not, say because it is a void function:
159  *     Error *err = NULL;
160  *     foo(arg, &err);
161  *     if (err) {
162  *         handle the error...
163  *     }
164  *
165  * Pass an existing error to the caller:
166  *     error_propagate(errp, err);
167  * This is rarely needed.  When @err is a local variable, use of
168  * ERRP_GUARD() commonly results in more readable code.
169  *
170  * Pass an existing error to the caller with the message modified:
171  *     error_propagate_prepend(errp, err,
172  *                             "Could not frobnicate '%s': ", name);
173  * This is more concise than
174  *     error_propagate(errp, err); // don't do this
175  *     error_prepend(errp, "Could not frobnicate '%s': ", name);
176  * and works even when @errp is &error_fatal.
177  *
178  * Receive and accumulate multiple errors (first one wins):
179  *     Error *err = NULL, *local_err = NULL;
180  *     foo(arg, &err);
181  *     bar(arg, &local_err);
182  *     error_propagate(&err, local_err);
183  *     if (err) {
184  *         handle the error...
185  *     }
186  *
187  * Do *not* "optimize" this to
188  *     Error *err = NULL;
189  *     foo(arg, &err);
190  *     bar(arg, &err); // WRONG!
191  *     if (err) {
192  *         handle the error...
193  *     }
194  * because this may pass a non-null err to bar().
195  *
196  * Likewise, do *not*
197  *     Error *err = NULL;
198  *     if (cond1) {
199  *         error_setg(&err, ...);
200  *     }
201  *     if (cond2) {
202  *         error_setg(&err, ...); // WRONG!
203  *     }
204  * because this may pass a non-null err to error_setg().
205  *
206  * = Why, when and how to use ERRP_GUARD() =
207  *
208  * Without ERRP_GUARD(), use of the @errp parameter is restricted:
209  * - It must not be dereferenced, because it may be null.
210  * - It should not be passed to error_prepend() or
211  *   error_append_hint(), because that doesn't work with &error_fatal.
212  * ERRP_GUARD() lifts these restrictions.
213  *
214  * To use ERRP_GUARD(), add it right at the beginning of the function.
215  * @errp can then be used without worrying about the argument being
216  * NULL or &error_fatal.
217  *
218  * Using it when it's not needed is safe, but please avoid cluttering
219  * the source with useless code.
220  *
221  * = Converting to ERRP_GUARD() =
222  *
223  * To convert a function to use ERRP_GUARD():
224  *
225  * 0. If the Error ** parameter is not named @errp, rename it to
226  *    @errp.
227  *
228  * 1. Add an ERRP_GUARD() invocation, by convention right at the
229  *    beginning of the function.  This makes @errp safe to use.
230  *
231  * 2. Replace &err by errp, and err by *errp.  Delete local variable
232  *    @err.
233  *
234  * 3. Delete error_propagate(errp, *errp), replace
235  *    error_propagate_prepend(errp, *errp, ...) by error_prepend(errp, ...)
236  *
237  * 4. Ensure @errp is valid at return: when you destroy *errp, set
238  *    *errp = NULL.
239  *
240  * Example:
241  *
242  *     bool fn(..., Error **errp)
243  *     {
244  *         Error *err = NULL;
245  *
246  *         foo(arg, &err);
247  *         if (err) {
248  *             handle the error...
249  *             error_propagate(errp, err);
250  *             return false;
251  *         }
252  *         ...
253  *     }
254  *
255  * becomes
256  *
257  *     bool fn(..., Error **errp)
258  *     {
259  *         ERRP_GUARD();
260  *
261  *         foo(arg, errp);
262  *         if (*errp) {
263  *             handle the error...
264  *             return false;
265  *         }
266  *         ...
267  *     }
268  *
269  * For mass-conversion, use scripts/coccinelle/errp-guard.cocci.
270  */
271 
272 #ifndef ERROR_H
273 #define ERROR_H
274 
275 #include "qapi/qapi-types-error.h"
276 
277 /*
278  * Overall category of an error.
279  * Based on the qapi type QapiErrorClass, but reproduced here for nicer
280  * enum names.
281  */
282 typedef enum ErrorClass {
283     ERROR_CLASS_GENERIC_ERROR = QAPI_ERROR_CLASS_GENERICERROR,
284     ERROR_CLASS_COMMAND_NOT_FOUND = QAPI_ERROR_CLASS_COMMANDNOTFOUND,
285     ERROR_CLASS_DEVICE_NOT_ACTIVE = QAPI_ERROR_CLASS_DEVICENOTACTIVE,
286     ERROR_CLASS_DEVICE_NOT_FOUND = QAPI_ERROR_CLASS_DEVICENOTFOUND,
287     ERROR_CLASS_KVM_MISSING_CAP = QAPI_ERROR_CLASS_KVMMISSINGCAP,
288 } ErrorClass;
289 
290 /*
291  * Get @err's human-readable error message.
292  */
293 const char *error_get_pretty(const Error *err);
294 
295 /*
296  * Get @err's error class.
297  * Note: use of error classes other than ERROR_CLASS_GENERIC_ERROR is
298  * strongly discouraged.
299  */
300 ErrorClass error_get_class(const Error *err);
301 
302 /*
303  * Create a new error object and assign it to *@errp.
304  * If @errp is NULL, the error is ignored.  Don't bother creating one
305  * then.
306  * If @errp is &error_abort, print a suitable message and abort().
307  * If @errp is &error_fatal, print a suitable message and exit(1).
308  * If @errp is anything else, *@errp must be NULL.
309  * The new error's class is ERROR_CLASS_GENERIC_ERROR, and its
310  * human-readable error message is made from printf-style @fmt, ...
311  * The resulting message should be a single phrase, with no newline or
312  * trailing punctuation.
313  * Please don't error_setg(&error_fatal, ...), use error_report() and
314  * exit(), because that's more obvious.
315  * Likewise, don't error_setg(&error_abort, ...), use assert().
316  */
317 #define error_setg(errp, fmt, ...)                              \
318     error_setg_internal((errp), __FILE__, __LINE__, __func__,   \
319                         (fmt), ## __VA_ARGS__)
320 void error_setg_internal(Error **errp,
321                          const char *src, int line, const char *func,
322                          const char *fmt, ...)
323     GCC_FMT_ATTR(5, 6);
324 
325 /*
326  * Just like error_setg(), with @os_error info added to the message.
327  * If @os_error is non-zero, ": " + strerror(os_error) is appended to
328  * the human-readable error message.
329  *
330  * The value of errno (which usually can get clobbered by almost any
331  * function call) will be preserved.
332  */
333 #define error_setg_errno(errp, os_error, fmt, ...)                      \
334     error_setg_errno_internal((errp), __FILE__, __LINE__, __func__,     \
335                               (os_error), (fmt), ## __VA_ARGS__)
336 void error_setg_errno_internal(Error **errp,
337                                const char *fname, int line, const char *func,
338                                int os_error, const char *fmt, ...)
339     GCC_FMT_ATTR(6, 7);
340 
341 #ifdef _WIN32
342 /*
343  * Just like error_setg(), with @win32_error info added to the message.
344  * If @win32_error is non-zero, ": " + g_win32_error_message(win32_err)
345  * is appended to the human-readable error message.
346  */
347 #define error_setg_win32(errp, win32_err, fmt, ...)                     \
348     error_setg_win32_internal((errp), __FILE__, __LINE__, __func__,     \
349                               (win32_err), (fmt), ## __VA_ARGS__)
350 void error_setg_win32_internal(Error **errp,
351                                const char *src, int line, const char *func,
352                                int win32_err, const char *fmt, ...)
353     GCC_FMT_ATTR(6, 7);
354 #endif
355 
356 /*
357  * Propagate error object (if any) from @local_err to @dst_errp.
358  * If @local_err is NULL, do nothing (because there's nothing to
359  * propagate).
360  * Else, if @dst_errp is NULL, errors are being ignored.  Free the
361  * error object.
362  * Else, if @dst_errp is &error_abort, print a suitable message and
363  * abort().
364  * Else, if @dst_errp is &error_fatal, print a suitable message and
365  * exit(1).
366  * Else, if @dst_errp already contains an error, ignore this one: free
367  * the error object.
368  * Else, move the error object from @local_err to *@dst_errp.
369  * On return, @local_err is invalid.
370  * Please use ERRP_GUARD() instead when possible.
371  * Please don't error_propagate(&error_fatal, ...), use
372  * error_report_err() and exit(), because that's more obvious.
373  */
374 void error_propagate(Error **dst_errp, Error *local_err);
375 
376 
377 /*
378  * Propagate error object (if any) with some text prepended.
379  * Behaves like
380  *     error_prepend(&local_err, fmt, ...);
381  *     error_propagate(dst_errp, local_err);
382  * Please use ERRP_GUARD() and error_prepend() instead when possible.
383  */
384 void error_propagate_prepend(Error **dst_errp, Error *local_err,
385                              const char *fmt, ...)
386     GCC_FMT_ATTR(3, 4);
387 
388 /*
389  * Prepend some text to @errp's human-readable error message.
390  * The text is made by formatting @fmt, @ap like vprintf().
391  */
392 void error_vprepend(Error *const *errp, const char *fmt, va_list ap)
393     GCC_FMT_ATTR(2, 0);
394 
395 /*
396  * Prepend some text to @errp's human-readable error message.
397  * The text is made by formatting @fmt, ... like printf().
398  */
399 void error_prepend(Error *const *errp, const char *fmt, ...)
400     GCC_FMT_ATTR(2, 3);
401 
402 /*
403  * Append a printf-style human-readable explanation to an existing error.
404  * If the error is later reported to a human user with
405  * error_report_err() or warn_report_err(), the hints will be shown,
406  * too.  If it's reported via QMP, the hints will be ignored.
407  * Intended use is adding helpful hints on the human user interface,
408  * e.g. a list of valid values.  It's not for clarifying a confusing
409  * error message.
410  * @errp may be NULL, but not &error_fatal or &error_abort.
411  * Trivially the case if you call it only after error_setg() or
412  * error_propagate().
413  * May be called multiple times.  The resulting hint should end with a
414  * newline.
415  */
416 void error_append_hint(Error *const *errp, const char *fmt, ...)
417     GCC_FMT_ATTR(2, 3);
418 
419 /*
420  * Convenience function to report open() failure.
421  */
422 #define error_setg_file_open(errp, os_errno, filename)                  \
423     error_setg_file_open_internal((errp), __FILE__, __LINE__, __func__, \
424                                   (os_errno), (filename))
425 void error_setg_file_open_internal(Error **errp,
426                                    const char *src, int line, const char *func,
427                                    int os_errno, const char *filename);
428 
429 /*
430  * Return an exact copy of @err.
431  */
432 Error *error_copy(const Error *err);
433 
434 /*
435  * Free @err.
436  * @err may be NULL.
437  */
438 void error_free(Error *err);
439 
440 /*
441  * Convenience function to assert that *@errp is set, then silently free it.
442  */
443 void error_free_or_abort(Error **errp);
444 
445 /*
446  * Convenience function to warn_report() and free @err.
447  * The report includes hints added with error_append_hint().
448  */
449 void warn_report_err(Error *err);
450 
451 /*
452  * Convenience function to error_report() and free @err.
453  * The report includes hints added with error_append_hint().
454  */
455 void error_report_err(Error *err);
456 
457 /*
458  * Convenience function to error_prepend(), warn_report() and free @err.
459  */
460 void warn_reportf_err(Error *err, const char *fmt, ...)
461     GCC_FMT_ATTR(2, 3);
462 
463 /*
464  * Convenience function to error_prepend(), error_report() and free @err.
465  */
466 void error_reportf_err(Error *err, const char *fmt, ...)
467     GCC_FMT_ATTR(2, 3);
468 
469 /*
470  * Just like error_setg(), except you get to specify the error class.
471  * Note: use of error classes other than ERROR_CLASS_GENERIC_ERROR is
472  * strongly discouraged.
473  */
474 #define error_set(errp, err_class, fmt, ...)                    \
475     error_set_internal((errp), __FILE__, __LINE__, __func__,    \
476                        (err_class), (fmt), ## __VA_ARGS__)
477 void error_set_internal(Error **errp,
478                         const char *src, int line, const char *func,
479                         ErrorClass err_class, const char *fmt, ...)
480     GCC_FMT_ATTR(6, 7);
481 
482 /*
483  * Make @errp parameter easier to use regardless of argument value
484  *
485  * This macro is for use right at the beginning of a function that
486  * takes an Error **errp parameter to pass errors to its caller.  The
487  * parameter must be named @errp.
488  *
489  * It must be used when the function dereferences @errp or passes
490  * @errp to error_prepend(), error_vprepend(), or error_append_hint().
491  * It is safe to use even when it's not needed, but please avoid
492  * cluttering the source with useless code.
493  *
494  * If @errp is NULL or &error_fatal, rewrite it to point to a local
495  * Error variable, which will be automatically propagated to the
496  * original @errp on function exit.
497  *
498  * Note: &error_abort is not rewritten, because that would move the
499  * abort from the place where the error is created to the place where
500  * it's propagated.
501  */
502 #define ERRP_GUARD()                                            \
503     g_auto(ErrorPropagator) _auto_errp_prop = {.errp = errp};   \
504     do {                                                        \
505         if (!errp || errp == &error_fatal) {                    \
506             errp = &_auto_errp_prop.local_err;                  \
507         }                                                       \
508     } while (0)
509 
510 typedef struct ErrorPropagator {
511     Error *local_err;
512     Error **errp;
513 } ErrorPropagator;
514 
515 static inline void error_propagator_cleanup(ErrorPropagator *prop)
516 {
517     error_propagate(prop->errp, prop->local_err);
518 }
519 
520 G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(ErrorPropagator, error_propagator_cleanup);
521 
522 /*
523  * Special error destination to abort on error.
524  * See error_setg() and error_propagate() for details.
525  */
526 extern Error *error_abort;
527 
528 /*
529  * Special error destination to exit(1) on error.
530  * See error_setg() and error_propagate() for details.
531  */
532 extern Error *error_fatal;
533 
534 #endif
535