From nobody Tue Mar 19 17:51:15 2024 X-Original-To: hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TzfR90hTqz5F0x3 for ; Tue, 19 Mar 2024 17:51:17 +0000 (UTC) (envelope-from mhorne@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TzfR86l4kz4dtd; Tue, 19 Mar 2024 17:51:16 +0000 (UTC) (envelope-from mhorne@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1710870676; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=fo/WqqxK2IpWlDLDR1LtdJSXC4evbG8W6uajwJ8Z4xY=; b=d8VqRQ4VpgDl7snftZMJiHG9qAZiklTxwx2AoM9saoPwZzCZgS5unhN4oYgLDnR20IPOlF y9/E120LF0qzmJz4CpIpCrS+1Yq0WHeo6nUCId6ls1+pKmD5otwHumAqznff6VX/68fP7K cofIA2XSpeHB5Bfnd4CeFMvnNFTKQVWuhbjDAOb8RDPwPNyL2lC5pvbPIpyeo322Abp6Ck VY2CyljatuMoyoX48SmTq149gA0CSMtO9D7zgdqPpJoFsgy7YaAG6k+si3wFdRCdWfgGcN eBRFJHlmzzXMYQBH8vRypbrlHVrNj3H2P9d20kcsGyZ16FJjeLi8A8xqbfv44g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1710870676; a=rsa-sha256; cv=none; b=gwrlSlrF59rEElQEd+jdapz/8+Jdg8/seOidc3gAh1y9Dw5mLsUyITbqCcdtKoPGfbWqLV lLRPEmgnF7ZBodwMEtxBscFCLDYijgc7DGqFznYisk1X5/07Mfz6kl/xDNmXYboQfPaEpv u4JV4QfsT2H7Bk/MZjClcP1UpULxJWLZRlboFsQPsZ8ADN/YZAtxEhs8CqHAYmqcl64dao RqX6eIw6+/SZnBmEK2t0dhmPjgtwgrMBHLzssIZbC9vu3Kq9zeWJK0cGf0sQF73rGzRnaE Zg36gYAbxESSp1sBC1riWh8QARvLqjoeX9gRwbzuCTqvjb07w+9zw5LboScVRw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1710870676; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=fo/WqqxK2IpWlDLDR1LtdJSXC4evbG8W6uajwJ8Z4xY=; b=A4HaRhxCN1jIBt8K+wEMTguI2UpzZm/92vigFCCiqwh4miSKvH/A8CQEIT7o1hXgJejVuA wXgTncUHd7YfcVnIVUmbdAAj4TWNtCPyzx5/DicU4aSM4MptXUrM+hjkopMokc/3Fhn8Vg n3FxT1birZX+FhvsEsTn9jfOjX3X17ox/1zY/yXNXGvNjFSHbKsC3irK+hn6pUC1R5EqV1 C7qxwrdbB0PFmQDY/rU4Vh1lttTyAua5yGMm9rS0EitcJuscxTmTt3JrsJI2CvaJ57VycQ AfTjaN2w78HxaYSv9CKc+K1p4L1GfUzKNIeIgtZoHeMoHh9cF8gGE/BjU4fb9g== Received: from [192.168.1.151] (host-173-212-76-127.public.eastlink.ca [173.212.76.127]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: mhorne) by smtp.freebsd.org (Postfix) with ESMTPSA id 4TzfR8587Sz16fy; Tue, 19 Mar 2024 17:51:16 +0000 (UTC) (envelope-from mhorne@freebsd.org) Message-ID: Date: Tue, 19 Mar 2024 14:51:15 -0300 List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Why I dislike MPASS... Content-Language: en-CA To: "Bjoern A. Zeeb" , hackers@freebsd.org References: <57o4rnnq-013s-3nsn-59n5-4ssn1pq81s94@yvfgf.mnoonqbm.arg> <261pq217-nqq5-9snn-r407-oo895s6843ss@yvfgf.mnoonqbm.arg> From: Mitchell Horne Autocrypt: addr=mhorne@freebsd.org; keydata= xsBNBFyS2dQBCADdiXBG8hBVLmYbxu7aSzbwLwUf3HkGFz3rooS1kwyy+SfmjZ4UKNnl9WMx WKrJ7OAZpiNH6bLQ5nsqfx09OnpWL8c/QuPbhNdUywQoqqYpRI0K8GEn//nS9Gs0KTYwVpWb XlrzP+jf3Uh/9L5mcQmStLIH4zaaqMYHW+pMuPrvBmLIHTvLj2QjOkxslrcUdord9uvxe5Ht LU8RuTpQpHOKz705Z9/v7twFdi2HtKzpLwO6SzVyu351di1J+GihsVpcT5josQV5cHbIP3Un x+kmtKBEEc/jl/zBglF7ruWUtwgbryID+2ZPEaO1Mj+RResX4LFVMusq3uUpWRb5WJXxABEB AAHNI01pdGNoZWxsIEhvcm5lIDxtaG9ybmVARnJlZUJTRC5vcmc+wsCUBBMBCgA+AhsDBQsJ CAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEkp/cYPcfabAiQvACi/gnTOdUid8FAmIyDpUFCQtC z0EACgkQi/gnTOdUid8IsQf+N8IptrrCgifT5Z0/WUVFfnHThFOKf4zBjaGswsIM8+VKsKnF 15jCWHODUHP6s+dcQ4nQi81PHPsnMfBSkGPvN/X3ess2/1KUVkH+6tAJbqXDjXhD8HT+i0NM QEFIXlLnotpgIKW3yOHjKv3ZvKw9LCvUjyNY9vOJmLk/6AbbkFh+INo65nXtQWb/hM5FVEHW S+zUoU8AqZRJoVAQfj9wmIfg/HdsxeDGKL0zkv5AwKpccvb8VJNGJbCVMgoy5uQYcUeXxcie cg0VlbFLshNQTfyhVQ85vyuHahARrUWs/k8KiYODoBnW1ChtyF8yM6VZTzSYx7pINqPq2YZy i/Htd87ATQRcktnUAQgA3zt4M4ecoQqfxpjliNLujt9klDqvmkJvWmzMuMXdzlPgGRJ0doio 9YIeEdkOt6xN0pPTK/ReCZ8WqFQ8zo23u1pwGuo0CnR58XF19wyxyUuKu/PHbt+56mC8tNHm AXsMyXQmlDqWvn/WzLY7euNRtNS4QQIwtxfM5EC4GGa5KQwxn0kM7dkUSOE/cxr+/kNbHHzb gagZR4cnNUqtPPr3dYXcibCTzgz96Lyt3/qMLXX9RTBRzu+O6E+byxWOe8ar/ZlwY2b4wTQG mhgNttkSxKtxMpZnd8+DGV/bI1P5Ct/K2GeCwNyupQGON5ymn6o7jTch+qmFX0ItkBWO4zn4 9QARAQABwsB8BBgBCgAmAhsMFiEEkp/cYPcfabAiQvACi/gnTOdUid8FAmIyDtwFCQtCz4gA CgkQi/gnTOdUid/i5gf/aQ75pJR4TJFM2vVVr6PDIwTdl0b5EchB4w4s4g/zE84XNbMOQanb BginLYEhAacLQVAvM3XdvUEhwrhaMQdjdSEB1krResL3/mbxrtKwdHSMbHA3IS3XdvxFWTB7 P5JjUSPsW6hqgoidbn4w3OxaNHhs45H2b0Nx5QiKcSyepmCZuB52gCEHnEnrdaz8TFQMXOLq 94WbTmZeIjChW3FB61m1gTf0UEFjoZAfTAUB+pbwoCa4AykIeZnDC19vjsruVU9Gy5rLglwd bjsZNfXIJGOZNEvdF8FOBwM7DlXx7SYvTJcUNoNJjOKtQ0bYGVgGqYOB/y2mTjVuKeU0eOkN Uw== In-Reply-To: <261pq217-nqq5-9snn-r407-oo895s6843ss@yvfgf.mnoonqbm.arg> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 3/19/24 10:43, Bjoern A. Zeeb wrote: > On Tue, 19 Mar 2024, Kristof Provost wrote: > >> On 19 Mar 2024, at 8:46, Bjoern A. Zeeb wrote: >>> Hi, >>> >>> needless to say, this needed a 2nd kernel, a reproducer (when no gdb and >>> no crash dump was avail). >>> >>> XXX-BZ KABOOM 45000 > 0 && 45000 <= 360 && 45000 < 1536 >>> panic: Assertion (key.to) > 0 && (key.to) <= w_max_used_index && >>> (key.to) < witness_count failed at /usr/src/sys/kern/subr_witness.c:3118 >>> >>> This is why I dislike MPASS; if it hits you are often no wiser as to >>> why, especially if people added more than a single condition. >>> >>> Why do we make our life harder ourselves by not having informative >>> messages (I mean that is what the comment above MPASS claims)? >>> >>> I still have no idea how I get to that assertion but at least key.to >>> looks dodgy enough so that I can go look where-as before I really didn't >>> know if I had hit a limit or which one... >>> >> Presumably you’d prefer something that’d log the actual compared values? > > Yes, because without them you still don't know what's wrong. > > >> E.g. something like `ASSERT_GT(key.to, 0); ASSERT_LTE(key.to, >> w_max_used_index); ASSERT_LT(key.to, witness_count);`? >> I vaguely recall seeing discussion of similar constructs in the ZFS code. >> >> I’d enthusiastically support adding, and encouraging the use of, >> macros like that. >> >> I’d object to removing or discouraging MPASS(), because I fear that >> will reduce the number of assertions developers add to the code, and >> we’d be objectively worse off in a world where the assertion was ` ` >> rather than `MPASS((key.to) > 0 && (key.to) <= w_max_used_index && >> (key.to) < witness_count);`. >> >> We should probably encourage people to avoid complex expressions in >> MPASS(), but I’d still much rather have the complex expression than >> nothing at all. > > Yes, MPASS should probably only be used for a single simple expression > the most. > > And I am all for assertions as they are great documentation of assumption > in code as well.  It's the first stage of writing test code as well ;-) > > But using KASSERT with a proper message which isn't a teapot is too hard > and > too time consuming? > > Always think of when you get a PR from a user (not a machine you sit in > front of) what can you do with this information and what's the first > things you'd love to know. > > I often find that the latter changes as code changes or one has a > better understanding of a problem (depending on the complexity of the > problem).  But I also always find that if I didn't have the initial > extra information I would have to ask for it often by guessing the best > three things...  or if ddb is avail at least can have something looked > up  "type show ifnet and send that output along". > > /bz > > Hi, I am in total agreement about the limitations of certain assertion messages. In order to begin to understand _why_ an assertion failed, there can be no ambiguity in _how_ it failed. I won't fight for deprecating MPASS, but the small action we can take today is to improve the documentation of these macros, for those who might read it. Here's an attempt at some guidelines and examples: https://reviews.freebsd.org/D44434 Suggested improvements are welcome, fully formed text preferred. Cheers, Mitchell