This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/trunk/docs/
-
trunk/
-
docs/
-
CodingStandards.rst
-
ProgrammersManual.rst

Differential D36826

Give guidance on report_fatal_error in CodingStandards.rst and ProgrammersManual.rst
ClosedPublic

Authored by asb on Aug 17 2017, 5:37 AM.

Download Raw Diff

Details

Reviewers

lhames

Commits

rG7182440fbd11: Give guidance on report_fatal_error in CodingStandards.rst and…
rL311146: Give guidance on report_fatal_error in CodingStandards.rst and…

Summary

The current ProgrammersManual.rst document has a lot of well-written documentation on error handling thanks to @lhames. It suggests errors can be split cleanly into "programmatic" and "recoverable" errors. However, the reality in current LLVM seems to be there are a number of cases where a non-programmatic error is not easily recoverable. Therefore, add a note to indicate the existence of report_fatal_error for these cases. I've also added a reminder to CodingStandards.rst in the section on assertions, to indicate that llvm_unreachable and assertions should not be relied upon to report errors triggered by user input.

Thanks to @majnemer for pointing out out my llvm_unreachable abuse in a number of my RISC-V patches.

The ProgrammersManual is also silent on the use of LLVMContext::diagnose, which is used in BPF+WebAssembly+AMDGPU to report some errors during instruction selection. I don't address that in this patch, as it's not quite clear how to fit in to the current error handling story.

Diff Detail

Repository: rL LLVM

Event Timeline

asb created this revision.Aug 17 2017, 5:37 AM

Herald added subscribers: aheejin, tpr, dschuff, jfb. · View Herald TranscriptAug 17 2017, 5:37 AM

asb edited the summary of this revision. (Show Details)Aug 17 2017, 5:38 AM

Looks good to me. Thanks very much Alex!

This revision is now accepted and ready to land.Aug 17 2017, 8:56 PM

Closed by commit rL311146: Give guidance on report_fatal_error in CodingStandards.rst and… (authored by asb). · Explain WhyAug 17 2017, 10:30 PM

This revision was automatically updated to reflect the committed changes.

hubert.reinterpretcast mentioned this in D59233: libclang/CIndexer.cpp: Use loadquery() on AIX for path to library.Mar 15 2019, 3:28 PM

Revision Contents

Path

Size

llvm/

trunk/

docs/

CodingStandards.rst

5 lines

ProgrammersManual.rst

8 lines

Diff 111618

llvm/trunk/docs/CodingStandards.rst

Show First 20 Lines • Show All 1,226 Lines • ▼ Show 20 Lines	.. code-block:: c++
llvm_unreachable("Invalid radix for integer literal");		llvm_unreachable("Invalid radix for integer literal");

When assertions are enabled, this will print the message if it's ever reached		When assertions are enabled, this will print the message if it's ever reached
and then exit the program. When assertions are disabled (i.e. in release		and then exit the program. When assertions are disabled (i.e. in release
builds), ``llvm_unreachable`` becomes a hint to compilers to skip generating		builds), ``llvm_unreachable`` becomes a hint to compilers to skip generating
code for this branch. If the compiler does not support this, it will fall back		code for this branch. If the compiler does not support this, it will fall back
to the "abort" implementation.		to the "abort" implementation.

		Neither assertions or ``llvm_unreachable`` will abort the program on a release
		build. If the error condition can be triggered by user input, then the
		recoverable error mechanism described in :doc:`ProgrammersManual` or
		``report_fatal_error`` should be used instead.

Another issue is that values used only by assertions will produce an "unused		Another issue is that values used only by assertions will produce an "unused
value" warning when assertions are disabled. For example, this code will warn:		value" warning when assertions are disabled. For example, this code will warn:

.. code-block:: c++		.. code-block:: c++

unsigned Size = V.size();		unsigned Size = V.size();
assert(Size > 42 && "Vector smaller than it should be");		assert(Size > 42 && "Vector smaller than it should be");

▲ Show 20 Lines • Show All 396 Lines • Show Last 20 Lines

llvm/trunk/docs/ProgrammersManual.rst

	Show First 20 Lines • Show All 435 Lines • ▼ Show 20 Lines

	Recoverable errors represent an error in the program's environment, for example			Recoverable errors represent an error in the program's environment, for example
	a resource failure (a missing file, a dropped network connection, etc.), or			a resource failure (a missing file, a dropped network connection, etc.), or
	malformed input. These errors should be detected and communicated to a level of			malformed input. These errors should be detected and communicated to a level of
	the program where they can be handled appropriately. Handling the error may be			the program where they can be handled appropriately. Handling the error may be
	as simple as reporting the issue to the user, or it may involve attempts at			as simple as reporting the issue to the user, or it may involve attempts at
	recovery.			recovery.

				.. note::

				Ideally, the error handling approach described in this section would be
				used throughout LLVM. However, this is not yet the case. For
				non-programmatic errors where the ``Error`` scheme cannot easily be
				applied, ``report_fatal_error`` should be used to call any installed error
				handler and then terminate the program.

	Recoverable errors are modeled using LLVM's ``Error`` scheme. This scheme			Recoverable errors are modeled using LLVM's ``Error`` scheme. This scheme
	represents errors using function return values, similar to classic C integer			represents errors using function return values, similar to classic C integer
	error codes, or C++'s ``std::error_code``. However, the ``Error`` class is			error codes, or C++'s ``std::error_code``. However, the ``Error`` class is
	actually a lightweight wrapper for user-defined error types, allowing arbitrary			actually a lightweight wrapper for user-defined error types, allowing arbitrary
	information to be attached to describe the error. This is similar to the way C++			information to be attached to describe the error. This is similar to the way C++
	exceptions allow throwing of user-defined types.			exceptions allow throwing of user-defined types.

	Success values are created by calling ``Error::success()``, E.g.:			Success values are created by calling ``Error::success()``, E.g.:
	▲ Show 20 Lines • Show All 3,666 Lines • Show Last 20 Lines