kernel: provide panicky version of __unreachable

__builtin_unreachable doesn't raise any compile-time warnings/errors on its
own, so problems with its usage can't be easily detected. While it would be
nice for this situation to change and compilers to at least add a warning
for trivial cases where local state means the instruction can't be reached,
this isn't the case at the moment and likely will not happen.

This commit adds an __assert_unreachable, whose intent is incredibly clear:
it asserts that this instruction is unreachable. On INVARIANTS builds, it's
a panic(), and on non-INVARIANTS it expands to  __unreachable().

Existing users of __unreachable() are converted to __assert_unreachable,
to improve debuggability if this assumption is violated.

Reviewed by:	mjg
Differential Revision:	https://reviews.freebsd.org/D23793
This commit is contained in:
kevans 2020-05-13 18:07:37 +00:00
parent 61a651cd86
commit a185748c6d
7 changed files with 14 additions and 8 deletions

View File

@ -34,6 +34,7 @@
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/systm.h>
#include <ddb/ddb.h>
#include <ddb/db_lex.h>
@ -229,7 +230,7 @@ db_add_expr(db_expr_t *valuep)
lhs |= rhs;
break;
default:
__unreachable();
__assert_unreachable();
}
t = db_read_token();
}
@ -313,7 +314,7 @@ db_logical_relation_expr(
lhs = (lhs <= rhs);
break;
default:
__unreachable();
__assert_unreachable();
}
t = db_read_token();
}

View File

@ -666,7 +666,7 @@ amdtemp_gettemp0f(device_t dev, amdsensor_t sensor)
temp |= AMDTEMP_TTSR_SELCORE;
break;
default:
__unreachable();
__assert_unreachable();
}
pci_write_config(dev, AMDTEMP_THERMTP_STAT, temp, 1);
@ -766,7 +766,7 @@ amdtemp_gettemp17h(device_t dev, amdsensor_t sensor)
("sensor %d: not valid", (int)sensor));
return (amdtemp_decode_fam10h_to_17h(sc->sc_offset, val, true));
default:
__unreachable();
__assert_unreachable();
}
}

View File

@ -35,6 +35,7 @@ __FBSDID("$FreeBSD$");
#include "opt_ddb.h"
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/bio.h>
#include <sys/bitstring.h>
#include <sys/bus.h>
@ -236,7 +237,7 @@ read_label(struct nvdimm_dev *nv, int num)
return (0);
}
}
__unreachable();
__assert_unreachable();
}
static int

View File

@ -507,7 +507,7 @@ ow_enumerate(device_t dev, ow_enum_fn *enumfp, ow_found_fn *foundfp)
return (EIO);
goto again;
default: /* NOTREACHED */
__unreachable();
__assert_unreachable();
}
if (dir) {
OWLL_WRITE_ONE(lldev, &timing_regular);

View File

@ -232,7 +232,7 @@ int MPPC_Compress(u_char **src, u_char **dst, u_long *srcCnt, u_long *dstCnt, ch
} else if (off < 8192) { /* 16-bit offset; 320 <= offset < 8192 */
putbits16(*dst, 0xc000|(off-320), 16, &olen, &l);
} else { /* NOTREACHED */
__unreachable();
__assert_unreachable();
rtn &= ~MPPC_OK;
return (rtn);
}

View File

@ -117,6 +117,9 @@ void kassert_panic(const char *fmt, ...) __printflike(1, 2);
VNASSERT(exp, vp, ("condition %s not met at %s:%d (%s)", \
_exp, __FILE__, __LINE__, __func__)); \
} while (0)
#define __assert_unreachable() \
panic("executing segment marked as unreachable at %s:%d (%s)\n", \
__FILE__, __LINE__, __func__)
#else
#define KASSERT(exp,msg) do { \
} while (0)
@ -125,6 +128,7 @@ void kassert_panic(const char *fmt, ...) __printflike(1, 2);
} while (0)
#define VNPASS(exp, vp) do { \
} while (0)
#define __assert_unreachable() __unreachable()
#endif
#ifndef CTASSERT /* Allow lint to override */

View File

@ -209,7 +209,7 @@ vm_radix_node_load(smrnode_t *p, enum vm_radix_access access)
case SMR:
return (smr_entered_load(p, vm_radix_smr));
}
__unreachable();
__assert_unreachable();
}
static __inline void