From: "Ranbir Singh" <rsingh@ventanamicro.com>
To: Laszlo Ersek <lersek@redhat.com>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"Andrew Fish (afish@apple.com)" <afish@apple.com>,
"quic_llindhol@quicinc.com" <quic_llindhol@quicinc.com>,
Michael Kubacki <mikuback@linux.microsoft.com>,
"Ni, Ray" <ray.ni@intel.com>,
Veeresh Sangolli <veeresh.sangolli@dellteam.com>
Subject: Re: [edk2-devel] [PATCH v2 4/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix NULL_RETURNS Coverity issue
Date: Mon, 20 Nov 2023 09:27:28 +0530 [thread overview]
Message-ID: <CAA9DWXADiwV5vcYhHeJrOzepztROBG3QKSuunAWLapFvE5XMYw@mail.gmail.com> (raw)
In-Reply-To: <5443d245-0631-a33f-220f-81e39e33af4a@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 4405 bytes --]
On Wed, Nov 15, 2023 at 3:20 PM Laszlo Ersek <lersek@redhat.com> wrote:
> On 11/14/23 17:21, Kinney, Michael D wrote:
> > Hi Ranbir,
> >
> >
> >
> > First I want to recognize your efforts to collect Coverity issues and
> > propose changes to address
> > them.
> >
> > I still disagree with adding CpuDealLoop() for any static analysis
> issues.
> >
> > There have been previous discussions about adding a PANIC() or FATAL()
> > macro that would
> > perform platform specific actions if a condition is detected where the
> > boot of the platform
> > can not continue. A platform get to make the choice to log or reboot or
> > hang, etc. Not the
> > code that detected the condition.
> >
> > https://edk2.groups.io/g/devel/message/86597
> > <https://edk2.groups.io/g/devel/message/86597>
>
> This is indeed a great idea.
>
> I didn't know about that discussion. Perhaps a new DebugLib API would
> handle this (i.e., "panic").
>
> I've been certainly proposing CpuDeadLoop() as a means to panic.
>
> Did the thread conclude anything tangible?
>
> > Unfortunately, in order to fix some of these static analysis issues
> > correctly, we are going
> > to have to identify the use of ASSERT() that really is a fatal condition
> > that can not continue
>
> Absolutely.
>
> > and introduce an implementation approach that provides a platform
> > handler and
> > satisfies the static analysis tools.
>
> The "platform handler" is the difficult part. If the above-noted
> discussion from 2022 didn't produce an agreement, should we really block
> the static analyzer fixes on an agreed-upon panic API? I'm concerned
> that would just cause these fixes to get stuck. And I don't consider
> CpuDeadLoop()s added for this purpose serious technical debt. They are
> easy to find and update later, assuming we also add comments.
>
>
I agree with the approach to not gate current fixes adding CpuDeadLoop().
Later on, it can be updated with the desired panic API and I can contribute
for those required changes related to patches submitted by me.
I can update current patches to carry additional comment in suffix form to
ease later search like
CpuDeadLoop (); // TBD: replace with Panic API in future
Laszlo, Mike - Let me know if that works for now.
> > We also have to evaluate if a return error status with a DEBUG_ERROR
> > message would be a better
> > choice than an ASSERT() that can be filtered out by build options.
>
> I agree 100% that this would be better for the codebase, but the work
> needed for this is (IMO) impossible to contain. ASSERT() has been abused
> for a long time *because* it seemed to allow the programmer to ignore
> any related error paths. If we now want to implement those error paths
> retroactively (which would be absolutely the right thing to do from a
> software engineering perspective), then immense amounts of work are
> going to be needed (patch review and regression testing), and I think
> it's just not practical to dump all that on someone that wants to
> improve the status quo. Replacing an invalid ASSERT() with a panic is
> honest about the current situation, is safer regarding RELEASE builds,
> and its work demand (regression testing, patch review) is tolerable.
>
> I do agree that, if the error path mostly exists already, then returning
> errors for data/environment-based error conditions (i.e., not for
> algorithmic invariant failures) is best.
>
> Where we need to be extremely vigilant is new patches. We must
> uncompromisingly reject *new* abuses of ASSERT(), in new patches.
>
> Anyway, it seems that we've been trying to steer Ranbir in opposite
> directions. I'll let you take the lead on this; for one, I've not been
> aware of the panic api discussion for 2022!
>
> (I don't feel especially pushy about fixing coverity issues, it's just
> that Ranbir has been contributing such patches, which I've found very
> welcome, and I wanted to help out with reviews.)
>
> Laszlo
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111444): https://edk2.groups.io/g/devel/message/111444
Mute This Topic: https://groups.io/mt/102438320/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 5872 bytes --]
next prev parent reply other threads:[~2023-11-20 3:57 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-07 6:19 [edk2-devel] [PATCH v2 0/5] BZ 4239: Fix MdeModulePkg/Bus/Pci/PciBusDxe issues pointed by Coverity Ranbir Singh
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 1/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix DEADCODE Coverity issue Ranbir Singh
2023-11-07 16:21 ` Laszlo Ersek
2023-11-10 6:14 ` Ranbir Singh
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 2/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix MISSING_BREAK Coverity issues Ranbir Singh
2023-11-07 8:15 ` Ni, Ray
2023-11-07 16:23 ` Laszlo Ersek
2023-11-07 17:59 ` Michael D Kinney
2023-11-08 3:51 ` Ranbir Singh
2023-11-08 4:05 ` Michael D Kinney
2023-11-08 4:29 ` Ranbir Singh
2023-11-13 11:24 ` Laszlo Ersek
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 3/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix ARRAY_VS_SINGLETON " Ranbir Singh
2023-11-07 16:41 ` Laszlo Ersek
2023-11-10 5:59 ` Ranbir Singh
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 4/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix NULL_RETURNS Coverity issue Ranbir Singh
2023-11-07 16:48 ` Laszlo Ersek
2023-11-10 6:11 ` Ranbir Singh
2023-11-13 11:28 ` Laszlo Ersek
2023-11-14 15:08 ` Ranbir Singh
2023-11-14 16:21 ` Michael D Kinney
2023-11-14 16:53 ` Ranbir Singh
2023-11-15 10:02 ` Laszlo Ersek
2023-11-14 19:37 ` Michael Kubacki
2023-11-15 10:10 ` Laszlo Ersek
2023-11-20 14:05 ` Michael Kubacki
2023-11-15 9:50 ` Laszlo Ersek
2023-11-20 3:57 ` Ranbir Singh [this message]
2023-11-21 17:07 ` Laszlo Ersek
2023-11-07 6:19 ` [edk2-devel] [PATCH v2 5/5] MdeModulePkg/Bus/Pci/PciBusDxe: Fix UNUSED_VALUE Coverity issues Ranbir Singh
2023-11-07 17:20 ` Laszlo Ersek
2023-11-10 6:31 ` Ranbir Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAA9DWXADiwV5vcYhHeJrOzepztROBG3QKSuunAWLapFvE5XMYw@mail.gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox