On 01/03/2018 02:59 PM, Michael Clark wrote: > I see exit(1) called in quite a few of the other ports too. I was wondering at > the time if there is a canonical error_abort API?
Yes, but they're wrong too. Lots of that is old code in less maintained targets. The only time errors should exit are when parsing options for startup. Even then new code should use qapi/error.h, propagating the error back to generic code. (This is where your canonical error_abort API is located.) Once running, guest errors should continue as best as we can. Either ignoring the action or raising an exception are usually the right thing. The guest -- and even more importantly a guest running without supervisor -- should not be able to force the hypervisor to shutdown. Asserting for logic errors that are fully within the hypervisor are permitted. It should be taken as written that any such assertion actually triggering is a bug to be fixed. We prefer g_assert_not_reached() over assert(false) or abort() for protecting code paths that should not be reachable. I do not use the other g_assert* functions myself, though other parts of qemu do. r~
