2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1999 Eivind Eklund <eivind@FreeBSD.org>
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of the University nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 #ifndef _SYS_KASSERT_H_
32 #define _SYS_KASSERT_H_
34 #include <sys/cdefs.h>
37 extern const char *panicstr; /* panic message */
39 #define KERNEL_PANICKED() __predict_false(panicked)
42 * Trap accesses going through a pointer. Moreover if kasan is available trap
43 * reading the pointer itself.
45 * Sample usage: you have a struct with numerous fields and by API contract
46 * only some of them get populated, even if the implementation temporary writes
47 * to them. You can use DEBUG_POISON_POINTER so that the consumer which should
48 * no be looking at the field gets caught.
50 * DEBUG_POISON_POINTER(obj->ptr);
52 * if (obj->ptr != NULL) // traps with kasan, does not trap otherwise
54 * if (obj->ptr->field) // traps with and without kasan
60 extern caddr_t poisoned_buf;
61 #define DEBUG_POISON_POINTER_VALUE poisoned_buf
63 #define DEBUG_POISON_POINTER(x) ({ \
64 x = (void *)(DEBUG_POISON_POINTER_VALUE); \
65 kasan_mark(&x, 0, sizeof(x), KASAN_GENERIC_REDZONE); \
69 #define DEBUG_POISON_POINTER(x)
72 #ifdef INVARIANTS /* The option is always available */
73 #define VNASSERT(exp, vp, msg) do { \
74 if (__predict_false(!(exp))) { \
75 vn_printf(vp, "VNASSERT failed: %s not true at %s:%d (%s)\n",\
76 #exp, __FILE__, __LINE__, __func__); \
80 #define MPASSERT(exp, mp, msg) do { \
81 if (__predict_false(!(exp))) { \
82 printf("MPASSERT mp %p failed: %s not true at %s:%d (%s)\n",\
83 (mp), #exp, __FILE__, __LINE__, __func__); \
87 #define VNPASS(exp, vp) do { \
88 const char *_exp = #exp; \
89 VNASSERT(exp, vp, ("condition %s not met at %s:%d (%s)", \
90 _exp, __FILE__, __LINE__, __func__)); \
92 #define MPPASS(exp, mp) do { \
93 const char *_exp = #exp; \
94 MPASSERT(exp, mp, ("condition %s not met at %s:%d (%s)", \
95 _exp, __FILE__, __LINE__, __func__)); \
97 #define __assert_unreachable() \
98 panic("executing segment marked as unreachable at %s:%d (%s)\n", \
99 __FILE__, __LINE__, __func__)
100 #else /* INVARIANTS */
101 #define VNASSERT(exp, vp, msg) do { \
103 #define MPASSERT(exp, mp, msg) do { \
105 #define VNPASS(exp, vp) do { \
107 #define MPPASS(exp, mp) do { \
109 #define __assert_unreachable() __unreachable()
110 #endif /* INVARIANTS */
112 #ifndef CTASSERT /* Allow lint to override */
113 #define CTASSERT(x) _Static_assert(x, "compile-time assertion failed")
117 * These functions need to be declared before the KASSERT macro is invoked in
118 * !KASSERT_PANIC_OPTIONAL builds, so their declarations are sort of out of
119 * place compared to other function definitions in this header. On the other
120 * hand, this header is a bit disorganized anyway.
122 void panic(const char *, ...) __dead2 __printflike(1, 2);
123 void vpanic(const char *, __va_list) __dead2 __printflike(1, 0);
126 #if defined(_STANDALONE)
128 * Until we have more experience with KASSERTS that are called
129 * from the boot loader, they are off. The bootloader does this
130 * a little differently than the kernel (we just call printf atm).
131 * we avoid most of the common functions in the boot loader, so
132 * declare printf() here too.
134 int printf(const char *, ...) __printflike(1, 2);
135 # define kassert_panic printf
136 #else /* !_STANDALONE */
137 # if defined(WITNESS) || defined(INVARIANT_SUPPORT)
138 # ifdef KASSERT_PANIC_OPTIONAL
139 void kassert_panic(const char *fmt, ...) __printflike(1, 2);
141 # define kassert_panic panic
142 # endif /* KASSERT_PANIC_OPTIONAL */
143 # endif /* defined(WITNESS) || defined(INVARIANT_SUPPORT) */
144 #endif /* _STANDALONE */
146 #if (defined(_KERNEL) && defined(INVARIANTS)) || defined(_STANDALONE)
147 #define KASSERT(exp,msg) do { \
148 if (__predict_false(!(exp))) \
151 #else /* !(KERNEL && INVARIANTS) && !_STANDALONE */
152 #define KASSERT(exp,msg) do { \
154 #endif /* (_KERNEL && INVARIANTS) || _STANDALONE */
158 * Helpful macros for quickly coming up with assertions with informative
161 #define MPASS(ex) MPASS4(ex, #ex, __FILE__, __LINE__)
162 #define MPASS2(ex, what) MPASS4(ex, what, __FILE__, __LINE__)
163 #define MPASS3(ex, file, line) MPASS4(ex, #ex, file, line)
164 #define MPASS4(ex, what, file, line) \
165 KASSERT((ex), ("Assertion %s failed at %s:%d", what, file, line))
168 * Assert that a pointer can be loaded from memory atomically.
170 * This assertion enforces stronger alignment than necessary. For example,
171 * on some architectures, atomicity for unaligned loads will depend on
172 * whether or not the load spans multiple cache lines.
174 #define ASSERT_ATOMIC_LOAD_PTR(var, msg) \
175 KASSERT(sizeof(var) == sizeof(void *) && \
176 ((uintptr_t)&(var) & (sizeof(void *) - 1)) == 0, msg)
178 * Assert that a thread is in critical(9) section.
180 #define CRITICAL_ASSERT(td) \
181 KASSERT((td)->td_critnest >= 1, ("Not in critical section"))
184 * If we have already panic'd and this is the thread that called
185 * panic(), then don't block on any mutexes but silently succeed.
186 * Otherwise, the kernel will deadlock since the scheduler isn't
187 * going to run the thread that holds any lock we need.
189 #define SCHEDULER_STOPPED_TD(td) ({ \
190 MPASS((td) == curthread); \
191 __predict_false((td)->td_stopsched); \
193 #define SCHEDULER_STOPPED() SCHEDULER_STOPPED_TD(curthread)
196 #endif /* _SYS_KASSERT_H_ */