From: "Laszlo Ersek" <lersek@redhat.com>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"rsingh@ventanamicro.com" <rsingh@ventanamicro.com>,
"Andrew Fish (afish@apple.com)" <afish@apple.com>,
"quic_llindhol@quicinc.com" <quic_llindhol@quicinc.com>,
Michael Kubacki <mikuback@linux.microsoft.com>
Cc: "Ni, Ray" <ray.ni@intel.com>,
Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Subject: Re: [edk2-devel] [PATCH v2 4/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix NULL_RETURNS Coverity issue
Date: Wed, 15 Nov 2023 10:50:27 +0100 [thread overview]
Message-ID: <5443d245-0631-a33f-220f-81e39e33af4a@redhat.com> (raw)
In-Reply-To: <CO1PR11MB4929DF722DED984ADCEB5170D2B2A@CO1PR11MB4929.namprd11.prod.outlook.com>
On 11/14/23 17:21, Kinney, Michael D wrote:
> Hi Ranbir,
>
>
>
> First I want to recognize your efforts to collect Coverity issues and
> propose changes to address
> them.
>
> I still disagree with adding CpuDealLoop() for any static analysis issues.
>
> There have been previous discussions about adding a PANIC() or FATAL()
> macro that would
> perform platform specific actions if a condition is detected where the
> boot of the platform
> can not continue. A platform get to make the choice to log or reboot or
> hang, etc. Not the
> code that detected the condition.
>
> https://edk2.groups.io/g/devel/message/86597
> <https://edk2.groups.io/g/devel/message/86597>
This is indeed a great idea.
I didn't know about that discussion. Perhaps a new DebugLib API would
handle this (i.e., "panic").
I've been certainly proposing CpuDeadLoop() as a means to panic.
Did the thread conclude anything tangible?
> Unfortunately, in order to fix some of these static analysis issues
> correctly, we are going
> to have to identify the use of ASSERT() that really is a fatal condition
> that can not continue
Absolutely.
> and introduce an implementation approach that provides a platform
> handler and
> satisfies the static analysis tools.
The "platform handler" is the difficult part. If the above-noted
discussion from 2022 didn't produce an agreement, should we really block
the static analyzer fixes on an agreed-upon panic API? I'm concerned
that would just cause these fixes to get stuck. And I don't consider
CpuDeadLoop()s added for this purpose serious technical debt. They are
easy to find and update later, assuming we also add comments.
> We also have to evaluate if a return error status with a DEBUG_ERROR
> message would be a better
> choice than an ASSERT() that can be filtered out by build options.
I agree 100% that this would be better for the codebase, but the work
needed for this is (IMO) impossible to contain. ASSERT() has been abused
for a long time *because* it seemed to allow the programmer to ignore
any related error paths. If we now want to implement those error paths
retroactively (which would be absolutely the right thing to do from a
software engineering perspective), then immense amounts of work are
going to be needed (patch review and regression testing), and I think
it's just not practical to dump all that on someone that wants to
improve the status quo. Replacing an invalid ASSERT() with a panic is
honest about the current situation, is safer regarding RELEASE builds,
and its work demand (regression testing, patch review) is tolerable.
I do agree that, if the error path mostly exists already, then returning
errors for data/environment-based error conditions (i.e., not for
algorithmic invariant failures) is best.
Where we need to be extremely vigilant is new patches. We must
uncompromisingly reject *new* abuses of ASSERT(), in new patches.
Anyway, it seems that we've been trying to steer Ranbir in opposite
directions. I'll let you take the lead on this; for one, I've not been
aware of the panic api discussion for 2022!
(I don't feel especially pushy about fixing coverity issues, it's just
that Ranbir has been contributing such patches, which I've found very
welcome, and I wanted to help out with reviews.)
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111247): https://edk2.groups.io/g/devel/message/111247
Mute This Topic: https://groups.io/mt/102438320/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-11-15 9:50 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-07 6:19 [edk2-devel] [PATCH v2 0/5] BZ 4239: Fix MdeModulePkg/Bus/Pci/PciBusDxe issues pointed by Coverity Ranbir Singh
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 1/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix DEADCODE Coverity issue Ranbir Singh
2023-11-07 16:21 ` Laszlo Ersek
2023-11-10 6:14 ` Ranbir Singh
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 2/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix MISSING_BREAK Coverity issues Ranbir Singh
2023-11-07 8:15 ` Ni, Ray
2023-11-07 16:23 ` Laszlo Ersek
2023-11-07 17:59 ` Michael D Kinney
2023-11-08 3:51 ` Ranbir Singh
2023-11-08 4:05 ` Michael D Kinney
2023-11-08 4:29 ` Ranbir Singh
2023-11-13 11:24 ` Laszlo Ersek
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 3/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix ARRAY_VS_SINGLETON " Ranbir Singh
2023-11-07 16:41 ` Laszlo Ersek
2023-11-10 5:59 ` Ranbir Singh
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 4/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix NULL_RETURNS Coverity issue Ranbir Singh
2023-11-07 16:48 ` Laszlo Ersek
2023-11-10 6:11 ` Ranbir Singh
2023-11-13 11:28 ` Laszlo Ersek
2023-11-14 15:08 ` Ranbir Singh
2023-11-14 16:21 ` Michael D Kinney
2023-11-14 16:53 ` Ranbir Singh
2023-11-15 10:02 ` Laszlo Ersek
2023-11-14 19:37 ` Michael Kubacki
2023-11-15 10:10 ` Laszlo Ersek
2023-11-20 14:05 ` Michael Kubacki
2023-11-15 9:50 ` Laszlo Ersek [this message]
2023-11-20 3:57 ` Ranbir Singh
2023-11-21 17:07 ` Laszlo Ersek
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 5/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix UNUSED_VALUE Coverity issues Ranbir Singh
2023-11-07 17:20 ` Laszlo Ersek
2023-11-10 6:31 ` Ranbir Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5443d245-0631-a33f-220f-81e39e33af4a@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox