Commit graph

1501 commits

Author SHA1 Message Date
Eric Blake 74da8f0eea
qapi: Forbid 'any' inside an alternate
The whole point of an alternate is to allow some type-safety while
still accepting more than one JSON type. Meanwhile, the 'any'
type exists to bypass type-safety altogether. The two are
incompatible: you can't accept every type, and still tell which
branch of the alternate to use for the parse; fix this to give a
sane error instead of a Python stack trace.

Note that other types that can't be alternate members are caught
earlier, by check_type().

Backports commit 46534309e667fd860720f983c2c9aefe0354340d from qemu
2018-02-20 15:47:16 -05:00
Eric Blake 907771516e
qapi: Forbid empty unions and useless alternates
Empty unions serve no purpose, and while we compile with gcc
which permits them, strict C99 forbids them. We happen to inject
a dummy 'void *data' member into the C unions that represent QAPI
unions and alternates, but we want to get rid of that member (it
pollutes the namespace for no good reason), which would leave us
with an empty union if the user didn't provide any branches. While
empty structs make sense in QAPI, empty unions don't add any
expressiveness to the QMP language. So prohibit them at parse
time. Update the documentation and testsuite to match.

Note that the documentation already mentioned that alternates
should have "two or more JSON data types"; so this also fixes
the code to enforce that. However, we have existing uses of a
union type with only one branch, so the 2-or-more strictness
is intentionally limited to alternates.

Backports commit 02a57ae32b08e8981b59979b80e682c9a153e94d from qemu
2018-02-20 15:46:08 -05:00
Eric Blake fa6af0733a
qapi-visit: Honor prefix of discriminator enum
When we added support for a user-specified prefix for an enum
type (commit 351d36e), we forgot to teach the qapi-visit code
to honor that prefix in the case of using a prefixed enum as
the discriminator for a flat union. While there is still some
on-list debate on whether we want to keep prefixes, we should
at least make it work as long as it is still part of the code
base.

Backports commit 9d3524b39e1fe5f3bb7a990ad7841e469e954a3b from qemu
2018-02-20 15:38:44 -05:00
Alistair Francis a8807cd3b9
target-arm: Add PMUSERENR_EL0 register
The Linux kernel accesses this register early in its setup.

Backports commit 8a83ffc2dafad3499b87a736b17ab1b203fdb00b from qemu
2018-02-20 15:36:31 -05:00
Lioncash b29e024f56
target-arm: Correct bad VBAR patch merge 2018-02-20 15:34:32 -05:00
Alistair Francis 2945893f40
target-arm: Add the pmovsclr_el0 and pmintenclr_el1 registers
Backports commit 978364f12adebb4b8d90fdeb71242cb3c1405740 from qemu
2018-02-20 15:27:50 -05:00
Alistair Francis c31856e34e
target-arm: Add the pmceid0 and pmceid1 registers
Backports commit 4054bfa9e7986c9b7d2bf70f9e10af9647e376fc from qemu
2018-02-20 15:22:41 -05:00
Peter Maydell 57a9474cc7
target-arm: UNDEF in the UNPREDICTABLE SRS-from-System case
Make get_r13_banked() raise an exception at runtime for the
corner case of SRS from System mode, so that we can UNDEF it;
this brings us in to line with the ARM ARM's set of permitted
CONSTRAINED UNPREDICTABLE choices.

Backports commit f01377f591fe15c652f947646c4a69a7d4a71ad9 from qemu
2018-02-20 15:12:25 -05:00
Peter Maydell 88d21504e4
target-arm: Combine user-only and softmmu get/set_r13_banked()
The user-mode versions of get/set_r13_banked() exist just to assert
if they're ever called -- the translate time code should never
emit calls to them because SRS from user mode always UNDEF.
There's no code in the softmmu versions that can't compile in
CONFIG_USER_ONLY, and the assertion is not particularly useful,
so combine the two functions rather than having completely split
versions under ifdefs.

Backports commit d86d57d4fe683c99823f625f941eff26c07c72c3 from qemu
2018-02-20 15:09:58 -05:00
Peter Maydell 3d4f8b2d8f
target-arm: Move get/set_r13_banked() to op_helper.c
Move get/set_r13_banked() from helper.c to op_helper.c. This will
let us add exception-raising code to them, and also puts them
in the same file as get/set_user_reg(), which makes some conceptual
sense.

(The original reason for the helper.c/op_helper.c split was that
only op_helper.c had access to the CPU env pointer; this distinction
has not been true for a long time, though, and so the split is
now rather arbitrary.)

Backports commit 72309cee482868d6c4711931c3f7e02ab9dec229 from qemu

target-arm: Move bank_number() into internals.h

Move bank_number()'s implementation into internals.h, so
it's available in the user-mode-only compile as well.

Backports commit c766568d3604082c6fd45cbabe42c48e4861a13f from qemu
2018-02-20 15:09:07 -05:00
Peter Maydell a6aac0dbb4
target-arm: Clean up trap/undef handling of SRS
The SRS instruction is:
* UNDEFINED in Hyp mode
* UNPREDICTABLE in User or System mode
* UNPREDICTABLE if the specified mode isn't accessible
* trapped to EL3 if EL3 is AArch64 and we are at Secure EL1

Clean up the code to handle all these cases cleanly, including
picking UNDEF as our choice of UNPREDICTABLE behaviour rather
blindly trusting the mode field passed in the instruction.
As part of this, move the check for IS_USER into gen_srs()
itself rather than having it done by the caller.

The exception is that we don't UNDEF for calls from System
mode, which need a runtime check. This will be dealt with in
the following commits.

Backports commit cbc0326b6fb905f80b7cef85b24571f7ebb62077 from qemu
2018-02-20 15:02:45 -05:00
Peter Maydell 56a88557db
target-arm: Report correct syndrome for FPEXC32_EL2 traps
If access to FPEXC32_EL2 is trapped by CPTR_EL2.TFP or CPTR_EL3.TFP,
this should be reported with a syndrome register indicating an
FP access trap, not one indicating a system register access trap.

Backports commit f2cae6092767aaf418778eada15be444c23883be from qemu
2018-02-20 15:00:32 -05:00
Peter Maydell 425db8c149
target-arm: Implement MDCR_EL3.TDA and MDCR_EL2.TDA traps
Implement the debug register traps controlled by MDCR_EL2.TDA
and MDCR_EL3.TDA.

Backports commit d6c8cf815171e35e0b1ef4e0cff602ab3d575747 from qemu
2018-02-20 14:58:52 -05:00
Peter Maydell 7295676caf
target-arm: Implement MDCR_EL2.TDRA traps
Implement trapping of the "debug ROM" registers, which are controlled
by MDCR_EL2.TDRA for EL2 but by the more general MDCR_EL3.TDA for EL3.

Backports commit 91b0a23865558e2ce9c2e7042d404e8bf2e4b817 from qemu
2018-02-20 14:54:53 -05:00
Peter Maydell 537ff96e34
target-arm: Implement MDCR_EL3.TDOSA and MDCR_EL2.TDOSA traps
Implement the traps to EL2 and EL3 controlled by the bits
MDCR_EL2.TDOSA MDCR_EL3.TDOSA. These can configurably trap
accesses to the "powerdown debug" registers.

Backports commit 187f678d5c28251dba2b44127e59966b14518ef7 from qemu
2018-02-20 14:52:47 -05:00
Peter Maydell 871dee4908
target-arm: Fix handling of SCR.SMD
We weren't quite implementing the handling of SCR.SMD correctly.
The condition governing whether the SMD bit should apply only
for NS state is "is EL3 is AArch32", not "is the current EL AArch32".
Fix the condition, and clarify the comment both to reflect this and
to expand slightly on what's going on for the v7-no-Virtualization case.

Backports commit f096e92b6385fd87e8ea948ad3af70faf752c13a from qemu
2018-02-20 14:50:33 -05:00
Peter Maydell 7b503db3c6
target-arm: correct CNTFRQ access rights
Correct some corner cases we were getting wrong for
CNTFRQ access rights:
* should UNDEF from 32-bit Secure EL1
* only writable from the highest implemented exception level,
which might not be EL1 now

To clarify the code, provide a new utility function
arm_highest_el() which returns the highest implemented
exception level.

Backports commit 755026728abb19fba70e6b4396a27fa2e7550d74 from qemu
2018-02-20 14:49:28 -05:00
Richard Henderson 22d4f95912
target-i386: Implement FSGSBASE
Backports commit 07929f2ab2ab9c9e01d4ae79f48f2b2476b715c8 from qemu
2018-02-20 14:45:58 -05:00
Richard Henderson 6ca787fb48
target-i386: Enable CR4/XCR0 features for user-mode
Backports commit a114d25d5b42600871d75929604c0b9fcc448ec0 from qemu
2018-02-20 14:37:33 -05:00
Richard Henderson 86cc5862a1
target-i386: Clear bndregs during legacy near jumps
Backports commit 7d117ce81ef6258cdcc0d24c774d045fa4b5fd26 from qemu
2018-02-20 14:36:11 -05:00
Richard Henderson 8ca89461b5
target-i386: Implement BNDLDX, BNDSTX
Backports commit bdd87b3b591add6e4d7c6b6125fcf0d706cc8bc4 from qemu
2018-02-20 14:32:48 -05:00
Richard Henderson f30c3efd0e
target-i386: Implement BNDLDX, BNDSTX
Backports commit bdd87b3b591add6e4d7c6b6125fcf0d706cc8bc4 from qemu
2018-02-20 14:26:18 -05:00
Richard Henderson a02626afe7
target-i386: Update BNDSTATUS for exceptions raised by BOUND
Backports commit 75d14edcf5fd9d5bb614554539799abaaeab3166 from qemu
2018-02-20 14:24:07 -05:00
Richard Henderson 554c41f05f
target-i386: Implement BNDCL, BNDCU, BNDCN
Backports commit 523e28d7614571680d21641bd0bd9b9e84570cee from qemu
2018-02-20 14:22:46 -05:00
Richard Henderson c2f92123f4
target-i386: Implement BNDMOV
Backports commit 62b58ba58bfebdb8a1c447beaa1285cc21249d15 from qemu
2018-02-20 14:14:39 -05:00
Richard Henderson 8bc3037864
target-i386: Implement BNDMK
Backports commit 149b427b32de358c3bd5bc064c50acca6e9ff78f from qemu
2018-02-20 14:02:31 -05:00
Richard Henderson e11a7bcede
target-i386: Split up gen_lea_modrm
This is immediately usable by lea and multi-byte nop,
and will be required to implement parts of the mpx spec.

Backports commit a074ce42a3186bd9f96ef541bb2e01419181dae3 from qemu
2018-02-20 13:49:05 -05:00
Richard Henderson 159e837a6c
target-i386: Perform set/reset_inhibit_irq inline
With helpers that can be reused for other things.

Backports commit 7f0b7141b4c7deab51efd8ee1e83eab2d9b7a9ea from qemu
2018-02-20 13:34:47 -05:00
Richard Henderson cacb60b57b
target-i386: Enable control registers for MPX
Enable and disable at CPL changes, MSR changes, and XRSTOR changes.

Backports commit f4f1110e4b34797ddfa87bb28f9518b9256778be from qemu
2018-02-20 13:27:46 -05:00
Richard Henderson 7a7a72f49b
target-i386: Implement XSAVEOPT
Backports commit c9cfe8f9fb21f086e24b3a8f7ccd9c06e4d8d9d6 from qemu
2018-02-20 12:52:10 -05:00
Richard Henderson 6c5b6a0e7f
target-i386: Add XSAVE extension
This includes XSAVE, XRSTOR, XGETBV, XSETBV, which are all related,
as well as the associate cpuid bits.

Backports commit 19dc85dba23c0db1ca932c62e453c37e00761628 from qemu
2018-02-20 12:47:52 -05:00
Richard Henderson 6657c0c54a
target-i386: Rearrange processing of 0F AE
Rather than nesting tests of OP, MOD, and RM, decode them all at once
with a switch. Also, add some missing #UD checks for e.g. incorrect
LOCK prefix.

Backports commit 121f3157887f92268a3d6169e2d4601f9292020b from qemu
2018-02-20 12:36:54 -05:00
Richard Henderson cb536601cb
target-i386: Rearrange processing of 0F 01
Rather than nesting tests of OP, MOD, and RM, decode them
all at once with a switch. Fixes incorrect decoding of
AMD Pacifica extensions (aka vmrun et al) via op==2 path.

Backports commit 1906b2af7c2345037d9b2fdf484b457b5acd09d1 from qemu
2018-02-20 12:32:45 -05:00
Richard Henderson b490486028
target-i386: Split fxsave/fxrstor implementation
We will be able to reuse these pieces for XSAVE/XRSTOR.

Backports commit 64dbaff09bb768dbbb13142862554f18ab642866 from qemu
2018-02-20 11:58:00 -05:00
Alistair Francis a4bf026460
qom: Correct object_property_get_int() description
The description of object_property_get_int() stated that on an error
it returns NULL. This is not the case and the function will return -1
if an error occurs. Update the commented documentation accordingly.

Backports commit b29b47e9b35017428904e0e934700877dfaabe73 from qemu
2018-02-20 11:52:16 -05:00
Sergey Fedorov dfb78118ff
target-arm: Implement checking of fired watchpoint
ARM stops before access to a location covered by watchpoint. Also, QEMU
watchpoint fire is not necessarily an architectural watchpoint match.
Unfortunately, that is hardly possible to ignore a fired watchpoint in
debug exception handler. So move watchpoint check from debug exception
handler to the dedicated watchpoint checking callback.

Backports commit 3826121d9298cde1d29ead05910e1f40125ee9b0 from qemu
2018-02-20 11:50:29 -05:00
Sergey Fedorov 6a3038db7c
cpu: Add callback to check architectural watchpoint match
When QEMU watchpoint matches, that is not definitely an architectural
watchpoint match yet. If it is a stop-before-access watchpoint then that
is hardly possible to ignore it after throwing a TCG exception.

A special callback is introduced to check for architectural watchpoint
match before raising a TCG exception.

Backports commit 568496c0c0f1863a4bc18539962cd8d81baa4e30 from qemu
2018-02-20 11:43:56 -05:00
Peter Maydell 3d5b54cf4b
target-arm: Fix IL bit reported for Thumb VFP and Neon traps
All Thumb Neon and VFP instructions are 32 bits, so the IL
bit in the syndrome register should be set. Pass false to the
syn_* function's is_16bit argument rather than s->thumb
so we report the correct IL bit.

Backports commit 7d197d2db5e99e4c8b20f6771ddc7303acaa1c89 from qemu
2018-02-20 11:39:39 -05:00
Peter Maydell 5b8ad0e2fc
target-arm: Fix IL bit reported for Thumb coprocessor traps
All Thumb coprocessor instructions are 32 bits, so the IL
bit in the syndrome register should be set. Pass false to the
syn_* function's is_16bit argument rather than s->thumb
so we report the correct IL bit.

Backports commit 4df322593037d2700f72dfdfb967300b7ad2e696 from qemu
2018-02-20 11:38:27 -05:00
Peter Maydell 814bffc1ee
target-arm: Correct misleading 'is_thumb' syn_* parameter names
In syndrome register values, the IL bit indicates the instruction
length, and is 1 for 4-byte instructions and 0 for 2-byte
instructions. All A64 and A32 instructions are 4-byte, but
Thumb instructions may be either 2 or 4 bytes long. Unfortunately
we named the parameter to the syn_* functions for constructing
syndromes "is_thumb", which falsely implies that it should be
set for all Thumb instructions, rather than only the 16-bit ones.
Fix the functions to name the parameter 'is_16bit' instead.

Backports commit fc05f4a62c568b607ec3fe428a419bb38205b570 from qemu
2018-02-20 11:36:55 -05:00
Peter Maydell a3ff1c4a65
target-arm: Enable EL3 for Cortex-A53 and Cortex-A57
Enable EL3 support for our Cortex-A53 and Cortex-A57 CPU models.
We have enough implemented now to be able to run real world code
at least to some extent (I can boot ARM Trusted Firmware to the
point where it pulls in OP-TEE and then falls over because it
doesn't have a UEFI image it can chain to).

Backports commit 3ad901bc2b98f5539af9a7d4aef140a6d8fa6442 from qemu
2018-02-20 11:31:44 -05:00
Peter Maydell aecf7b05dc
target-arm: Implement NSACR trapping behaviour
Implement some corner cases of the behaviour of the NSACR
register on ARMv8:
* if EL3 is AArch64 then accessing the NSACR from Secure EL1
with AArch32 should trap to EL3
* if EL3 is not present or is AArch64 then reads from NS EL1 and
NS EL2 return constant 0xc00

It would in theory be possible to implement all these with
a single reginfo definition, but for clarity we use three
separate definitions for the three cases and install the
right one based on the CPU feature flags.

Backports commit 2f027fc52d4b444a47cb05a9c96697372a6b57d2 from qemu
2018-02-20 11:29:29 -05:00
Peter Maydell 6dbc781ce3
target-arm: Add isread parameter to CPAccessFns
System registers might have access requirements which need to
be described via a CPAccessFn and which differ for reads and
writes. For this to be possible we need to pass the access
function a parameter to tell it whether the access being checked
is a read or a write.

Backports commit 3f208fd76bcc91a8506681bb8472f2398fe6f487 from qemu
2018-02-20 11:24:17 -05:00
Peter Maydell 4838c1dfe9
target-arm: Update arm_generate_debug_exceptions() to handle EL2/EL3
The arm_generate_debug_exceptions() function as originally implemented
assumes no EL2 or EL3. Since we now have much more of an implementation
of those now, fix this assumption.

Backports commit 533e93f1cf12c570aab45f14663dab6fb8ea3ffc from qemu
2018-02-20 11:12:36 -05:00
Peter Maydell 4552444928
target-arm: Use access_trap_aa32s_el1() for SCR and MVBAR
The registers MVBAR and SCR should have the behaviour of trapping to
EL3 if accessed from Secure EL1, but we were incorrectly implementing
them to UNDEF (which would trap to EL1). Fix this by using the new
access_trap_aa32s_el1() access function.

Backports commit efe4a274083f61484a8f1478d93f229d43aa8095 from qemu
2018-02-20 11:10:38 -05:00
Peter Maydell c0411e5422
target-arm: Implement MDCR_EL3 and SDCR
Implement the MDCR_EL3 register (which is SDCR for AArch32).
For the moment we implement it as reads-as-written.

Backports commit 5513c3abed8e5fabe116830c63f0d3fe1f94bd21 from qemu
2018-02-20 11:08:15 -05:00
Peter Maydell a2fd906e8b
target-arm: Fix typo in comment in arm_is_secure_below_el3()
Fix a typo where "EL2" was written but "EL3" intended.

Backports commit 6b7f0b61f080b886c9b4bba8240379ce90e20b12 from qemu
2018-02-20 11:05:14 -05:00
Paolo Bonzini 98452daad6
target-i386: fix PSE36 mode
(pde & 0x1fe000) is a 32-bit integer; when shifting it
into bits 39-32 the result is zero. Fix it by making the
mask (and thus the result of the AND) a 64-bit integer.

Reported by Coverity.

Backports commit 388ee48a88e684e719660a2cae9c21897b94fa37 from qemu
2018-02-20 11:03:49 -05:00
Richard Henderson 65a78ebb26
target-i386: Deconstruct the cpu_T array
All references to cpu_T are done with a constant index. It aids
readability to decompose the array into two scalar variables.

Backports commit 1d1cc4d0f481b2939c7e9f6606e571b2fc81971a from qemu
2018-02-20 11:02:34 -05:00
Richard Henderson 5d45260df7
target-i386: Tidy gen_add_A0_im
Merge gen_op_addl_A0_im and gen_op_addq_A0_im into gen_add_A0_im
and clean up the ifdef.

Replace the one remaining user of gen_op_addl_A0_im with gen_add_A0_im.

Backports commit 4e85057b92d214decf10045d3d4faa2faf33d100 from qemu
2018-02-20 10:20:04 -05:00
Richard Henderson 0004dfcba3
target-i386: Rewrite leave
Unify the code across stack pointer widths. Fix the note about
not updating ESP before the potential exception.

Backports commit 2045f04c3ae030bda650f84035f114bbd84909a9 from qemu
2018-02-20 10:16:56 -05:00
Richard Henderson 7dd4fcc621
target-i386: Rewrite gen_enter inline
Use gen_lea_v_seg for centralized segment base knowledge. Unify
code across 32- and 64-bit. Fix note about "must save state"
before using the out-of-line helpers.

Backports commit 743e398e2fbf2f7183bf7a53c9d011fabcaa1770 from qemu
2018-02-20 10:13:43 -05:00
Richard Henderson 302752df8b
target-i386: Use gen_lea_v_seg in pusha/popa
More centralization of handling of segment bases.
Also fixes the note about 16-bit wrap around not fully handled.

Backports commit d37ea0c04723f3e15fde55fe97cff6278159929b from qemu
2018-02-20 10:07:46 -05:00
Richard Henderson 092c7bea97
target-i386: Access segs via TCG registers
Having segs[].base as a register significantly improves code
generation for real and protected modes, particularly for TBs
that have multiple memory references where the segment base
can be held in a hard register through the TB.

Backports commit 3558f8055f37a34762b7a2a0f02687e6eeab893d from qemu
2018-02-20 10:02:37 -05:00
Richard Henderson 969f8ab407
target-i386: Use gen_lea_v_seg in stack subroutines
I.e. gen_push_v, gen_pop_T0, gen_stack_A0.
More centralization of handling of segment bases.

Backports commit 77ebcad04f3659fa7eb799928fdd68280fac720d from qemu
2018-02-20 09:28:40 -05:00
Richard Henderson 0d1766a9f0
target-i386: Use gen_lea_v_seg in gen_lea_modrm
Centralize handling of segment bases.

Backports commit d6a2914984c89fa0a3125b9842e0cbf68de79a3d from qemu
2018-02-20 09:23:49 -05:00
Richard Henderson f3220dbb8c
target-i386: Introduce mo_stacksize
Centralize computation of a MO_SIZE for the stack pointer.

Backports commit 64ae256c2450262e27f07657c5734d3197458d95 from qemu
2018-02-20 09:18:48 -05:00
Richard Henderson 63c4e79870
target-i386: Create gen_lea_v_seg
Add forgotten zero-extension in the TARGET_X86_64, !CODE64, ss32 case;
use this new function to implement gen_string_movl_A0_EDI,
gen_string_movl_A0_ESI, gen_add_A0_ds_seg.

Backports commit ca2f29f555805d07fb0b9ebfbbfc4e3656530977 from qemu
2018-02-20 09:17:13 -05:00
Lioncash c658126845
include: Move RAMList to ramlist.h
Moves the struct back into qemu's headers
2018-02-20 08:47:51 -05:00
Lioncash cdd4003ce9
Move RAMBlock to ram_addr.h
Moves it back into qemu's includes.
2018-02-20 08:35:44 -05:00
Paolo Bonzini cbc56b3ceb
memory: add early bail out from cpu_physical_memory_set_dirty_range
This condition is true in the common case, so we can cut out the body of
the function. In addition, this makes it easier for the compiler to do
at least partial inlining, even if it decides that fully inlining the
function is unreasonable.

Backports commit 8bafcb21643a39a5b29109f8bd5ee5a6f0f6850b from qemu
2018-02-20 08:32:10 -05:00
Lioncash a268815478
include: Add stubbed xen function
Will allow us to not comment out code all the time for xen checks (ideally)
2018-02-20 08:29:58 -05:00
Markus Armbruster 91b4e76fef
error: New error_fatal
Similar to error_abort, but doesn't report where the error was
created, and terminates the process with exit(1) rather than abort().

Backports commit a29a37b994ca3c5a1d39fa0e8934f7e0f2cf57ef from qemu
2018-02-20 08:22:27 -05:00
Markus Armbruster c4a06e2d12
error: Improve documentation some more
Don't claim error_report_err() always reports to stderr. It actually
reports to the current monitor when we have one.

Clarify intended use of error_abort and error_fatal.

Backports commit 10303f04b98efa76e638b9ae4632688f56f088fc from qemu
2018-02-20 08:13:39 -05:00
Eric Blake 0c04f85d31
qapi: Fix compilation failure on MIPS and SPARC
Commit 86f4b687 broke compilation on MIPS and SPARC, which have a
preprocessor pollution of '#define mips 1' and '#define sparc 1',
respectively. Treat it the same way as we do for the pollution with
'unix', so that QMP remains backwards compatible and only the C code
needs to use the alternative 'q_mips', 'q_sparc' spelling.

Backports commit 86ae191163d48ff4ff9d9996868e6cfe92a82449 from qemu
2018-02-20 08:11:01 -05:00
Eric Blake 49b8891872
qmp: Don't abuse stack to track qmp-output root
The previous commit documented an inconsistency in how we are
using the stack of qmp-output-visitor. Normally, pushing a
single top-level object puts the object on the stack twice:
once as the root, and once as the current container being
appended to; but popping that struct only pops once. However,
qmp_ouput_add() was trying to either set up the added object
as the new root (works if you parse two top-level scalars in a
row: the second replaces the first as the root) or as a member
of the current container (works as long as you have an open
container on the stack; but if you have popped the first
top-level container, it then resolves to the root and still
tries to add into that existing container).

Fix the stupidity by not tracking two separate things in the
stack. Drop the now-useless qmp_output_first() and
qmp_output_last() while at it.

Saved for a later patch: we still are rather sloppy in that
qmp_output_get_object() can be called in the middle of a parse,
rather than requiring that a visit is complete.

Backports commit 455ba08afde784466420449d01c6458f88349d55 from qemu
2018-02-20 08:09:56 -05:00
Eric Blake 25dad6e8d5
qmp: Fix reference-counting of qnull on empty output visit
Commit 6c2f9a15 ensured that we would not return NULL when the
caller used an output visitor but had nothing to visit. But
in doing so, it added a FIXME about a reference count leak
that could abort qemu in the (unlikely) case of SIZE_MAX such
visits (more plausible on 32-bit). (Although that commit
suggested we might fix it in time for 2.5, we ran out of time;
fortunately, it is unlikely enough to bite that it was not
worth worrying about during the 2.5 release.)

This fixes things by documenting the internal contracts, and
explaining why the internal function can return NULL and only
the public facing interface needs to worry about qnull(),
thus avoiding over-referencing the qnull_ global object.

It does not, however, fix the stupidity of the stack mixing
up two separate pieces of information; add a FIXME to explain
that issue, which will be fixed shortly in a future patch.

Backports commit a86156401559cb4401cf9ecc704faeab6fc8bb19 from qemu
2018-02-20 08:07:31 -05:00
Eric Blake a2fc66a005
qapi: Tighten qmp_input_end_list()
The only way that qmp_input_pop() will set errp is if a dictionary
was the most recent thing pushed. Since we don't have any
push(struct)/pop(list) or push(list)/pop(struct) mismatches (such
a mismatch is a programming bug), we therefore cannot set errp
inside qmp_input_end_list(). Make this obvious by
using &error_abort. A later patch will then remove the errp
parameter of qmp_input_pop(), but that will first require the
larger task of splitting visit_end_struct().

Backports commit bdd8e6b5d8a9def83d491a3f41c10424fc366258 from qemu
2018-02-19 23:44:45 -05:00
Eric Blake 1f54314cbb
qapi: Drop unused 'kind' for struct/enum visit
visit_start_struct() and visit_type_enum() had a 'kind' argument
that was usually set to either the stringized version of the
corresponding qapi type name, or to NULL (although some clients
didn't even get that right). But nothing ever used the argument.
It's even hard to argue that it would be useful in a debugger,
as a stack backtrace also tells which type is being visited.

Therefore, drop the 'kind' argument as dead.

Backports commit 337283dffbb5ad5860ed00408a5fd0665c21be07 from qemu
2018-02-19 23:43:54 -05:00
Eric Blake 844c136945
qapi: Swap 'name' in visit_* callbacks to match public API
As explained in the previous patches, matching argument order of
'name, &value' to JSON's "name":value makes sense. However,
while the last two patches were easy with Coccinelle, I ended up
doing this one all by hand. Now all the visitor callbacks match
the main interface.

The compiler is able to enforce that all clients match the changed
interface in visitor-impl.h, even where two pointers are being
swapped, because only one of the two pointers is const (if that
were not the case, then C's looseness on treating 'char *' like
'void *' would have made review a bit harder).

Backports commit 0b2a0d6bb2446060944061e53e87d0c7addede79 from qemu
2018-02-19 23:36:52 -05:00
Eric Blake 4100f3b78a
qapi: Consolidate visitor small integer callbacks
Commit 4e27e819 introduced optional visitor callbacks for all
sorts of int types, but no visitor has supplied any of the
callbacks for sizes less than 64 bits. In other words, the
generic implementation based on using type_[u]int64() followed
by bounds-checking works just fine. In the interest of
simplicity, it's easier to make the visitor callback interface
not have to worry about the other sizes.

Adding some helper functions minimizes the boilerplate required
to correct FIXMEs added earlier with regards to questionable
reuse of errp, particularly now that we can guarantee from a
single file audit that value is unchanged if an error is set.

Backports commit 04e070d217b4414f1f91aa8ad25fc0ae7ca0be93 from qemu
2018-02-19 23:21:56 -05:00
Eric Blake 9ec25b4673
qom: Swap 'name' next to visitor in ObjectPropertyAccessor
Similar to the previous patch, it's nice to have all functions
in the tree that involve a visitor and a name for conversion to
or from QAPI to consistently stick the 'name' parameter next
to the Visitor parameter.

Done by manually changing include/qom/object.h and qom/object.c,
then running this Coccinelle script and touching up the fallout
(Coccinelle insisted on adding some trailing whitespace).

@ rule1 @
identifier fn;
typedef Object, Visitor, Error;
identifier obj, v, opaque, name, errp;
@@
void fn
- (Object *obj, Visitor *v, void *opaque, const char *name,
+ (Object *obj, Visitor *v, const char *name, void *opaque,
Error **errp) { ... }

@@
identifier rule1.fn;
expression obj, v, opaque, name, errp;
@@
fn(obj, v,
- opaque, name,
+ name, opaque,
errp)

Backports commit d7bce9999df85c56c8cb1fcffd944d51bff8ff48 from qemu
2018-02-19 23:14:37 -05:00
Eric Blake 5dd5646a9a
qapi: Swap visit_* arguments for consistent 'name' placement
JSON uses "name":value, but many of our visitor interfaces were
called with visit_type_FOO(v, &value, name, errp). This can be
a bit confusing to have to mentally swap the parameter order to
match JSON order. It's particularly bad for visit_start_struct(),
where the 'name' parameter is smack in the middle of the
otherwise-related group of 'obj, kind, size' parameters! It's
time to do a global swap of the parameter ordering, so that the
'name' parameter is always immediately after the Visitor argument.

Additional reason in favor of the swap: the existing include/qjson.h
prefers listing 'name' first in json_prop_*(), and I have plans to
unify that file with the qapi visitors; listing 'name' first in
qapi will minimize churn to the (admittedly few) qjson.h clients.

Later patches will then fix docs, object.h, visitor-impl.h, and
those clients to match.

Done by first patching scripts/qapi*.py by hand to make generated
files do what I want, then by running the following Coccinelle
script to affect the rest of the code base:
$ spatch --sp-file script `git grep -l '\bvisit_' -- '**/*.[ch]'`
I then had to apply some touchups (Coccinelle insisted on TAB
indentation in visitor.h, and botched the signature of
visit_type_enum() by rewriting 'const char *const strings[]' to
the syntactically invalid 'const char*const[] strings'). The
movement of parameters is sufficient to provoke compiler errors
if any callers were missed.

// Part 1: Swap declaration order
@@
type TV, TErr, TObj, T1, T2;
identifier OBJ, ARG1, ARG2;
@@
void visit_start_struct
-(TV v, TObj OBJ, T1 ARG1, const char *name, T2 ARG2, TErr errp)
+(TV v, const char *name, TObj OBJ, T1 ARG1, T2 ARG2, TErr errp)
{ ... }

@@
type bool, TV, T1;
identifier ARG1;
@@
bool visit_optional
-(TV v, T1 ARG1, const char *name)
+(TV v, const char *name, T1 ARG1)
{ ... }

@@
type TV, TErr, TObj, T1;
identifier OBJ, ARG1;
@@
void visit_get_next_type
-(TV v, TObj OBJ, T1 ARG1, const char *name, TErr errp)
+(TV v, const char *name, TObj OBJ, T1 ARG1, TErr errp)
{ ... }

@@
type TV, TErr, TObj, T1, T2;
identifier OBJ, ARG1, ARG2;
@@
void visit_type_enum
-(TV v, TObj OBJ, T1 ARG1, T2 ARG2, const char *name, TErr errp)
+(TV v, const char *name, TObj OBJ, T1 ARG1, T2 ARG2, TErr errp)
{ ... }

@@
type TV, TErr, TObj;
identifier OBJ;
identifier VISIT_TYPE =~ "^visit_type_";
@@
void VISIT_TYPE
-(TV v, TObj OBJ, const char *name, TErr errp)
+(TV v, const char *name, TObj OBJ, TErr errp)
{ ... }

// Part 2: swap caller order
@@
expression V, NAME, OBJ, ARG1, ARG2, ERR;
identifier VISIT_TYPE =~ "^visit_type_";
@@
(
-visit_start_struct(V, OBJ, ARG1, NAME, ARG2, ERR)
+visit_start_struct(V, NAME, OBJ, ARG1, ARG2, ERR)
|
-visit_optional(V, ARG1, NAME)
+visit_optional(V, NAME, ARG1)
|
-visit_get_next_type(V, OBJ, ARG1, NAME, ERR)
+visit_get_next_type(V, NAME, OBJ, ARG1, ERR)
|
-visit_type_enum(V, OBJ, ARG1, ARG2, NAME, ERR)
+visit_type_enum(V, NAME, OBJ, ARG1, ARG2, ERR)
|
-VISIT_TYPE(V, OBJ, NAME, ERR)
+VISIT_TYPE(V, NAME, OBJ, ERR)
)

Backports commit 51e72bc1dd6ace6e91d675f41a1f09bd00ab8043 from qemu
2018-02-19 22:45:07 -05:00
Eric Blake 5b6f0cbdb7
qom: Use typedef for Visitor
No need to repeat 'struct Visitor' when we already have it in
typedefs.h. Omitting the redundant 'struct' also makes a later
patch easier to search for all object property callbacks that
are associated with a Visitor.

Backports commit 4fa45492c3387c0fa51e8e81160ac9a7814f44a2 from qemu
2018-02-19 22:26:47 -05:00
Eric Blake b978871f20
qapi: Don't cast Enum* to int*
C compilers are allowed to represent enums as a smaller type
than int, if all enum values fit in the smaller type. There
are even compiler flags that force the use of this smaller
representation, although using them changes the ABI of a
binary. Therefore, our generated code for visit_type_ENUM()
(for all qapi enums) was wrong for casting Enum* to int* when
calling visit_type_enum().

It appears that no one has been using compiler ABI switches
for qemu, because if they had, we are potentially dereferencing
beyond bounds or even risking a SIGBUS on platforms where
unaligned pointer dereferencing is fatal. But it is still
better to avoid the practice entirely, and just use the correct
types.

This matches the fix for alternate qapi types, done earlier in
commit 0426d53 "qapi: Simplify visiting of alternate types",
with generated code changing as:

| void visit_type_QType(Visitor *v, QType *obj, const char *name, Error **errp)
| {
|- visit_type_enum(v, (int *)obj, QType_lookup, "QType", name, errp);
|+ int value = *obj;
|+ visit_type_enum(v, &value, QType_lookup, "QType", name, errp);
|+ *obj = value;
| }

Backports commit 395a233f7c089f23e3c0d43ce34c709dc5acd7de from qemu
2018-02-19 22:24:19 -05:00
Eric Blake 7e83274012
qapi-visit: Kill unused visit_end_union()
The generated code can call visit_end_union() without having called
visit_start_union(). Example:

if (!*obj) {
goto out_obj;
}
visit_type_CpuInfoBase_fields(v, (CpuInfoBase **)obj, &err);
if (err) {
goto out_obj; // if we go from here...
}
if (!visit_start_union(v, !!(*obj)->u.data, &err) || err) {
goto out_obj;
}
switch ((*obj)->arch) {
[...]
}
out_obj:
// ... then *obj is true, and ...
error_propagate(errp, err);
err = NULL;
if (*obj) {
// we end up here
visit_end_union(v, !!(*obj)->u.data, &err);
}
error_propagate(errp, err);

Harmless only because no visitor implements end_union(). Clean it up
anyway, by deleting the function as useless.

Messed up since we have visit_end_union (commit cee2ded).

Backports commit 7c91aabd8964cfdf637f302c579c95401f21ce92 from qemu
2018-02-19 22:22:24 -05:00
Eric Blake 264748ad06
qapi: Track all failures between visit_start/stop
Inside the generated code between visit_start_struct() and
visit_end_struct(), we were blindly setting the error into
the caller's errp parameter. But a future patch to split
visit_end_struct() will require that we take action based
on whether an error has occurred, which requires us to track
all actions through a local err. Rewrite the visits to be
more in line with the other generated calls.

Generated code changes look like:

| visit_start_struct(v, (void **)obj, "Abort", name, sizeof(Abort), &err);
|- if (!err) {
|- if (*obj) {
|- visit_type_Abort_fields(v, obj, errp);
|- }
|- visit_end_struct(v, &err);
|+ if (err) {
|+ goto out;
| }
|+ if (!*obj) {
|+ goto out_obj;
|+ }
|+ visit_type_Abort_fields(v, obj, &err);
|+ error_propagate(errp, err);
|+ err = NULL;
|+out_obj:
|+ visit_end_struct(v, &err);
|+out:
| error_propagate(errp, err);
| }

Backports commit 92b09babc11b60458c28cfe37eaa314de50e6241 from qemu
2018-02-19 22:19:40 -05:00
Eric Blake 4f513b2070
qapi: Improve generated event use of qapi visitor
All other successful clients of visit_start_struct() were paired
with an unconditional visit_end_struct(); but the generated
code for events was relying on qmp_output_visitor_cleanup() to
work on an incomplete visit. Alter the code to guarantee that
the struct is completed, which will make a future patch to
split visit_end_struct() easier to reason about. While at it,
drop some assertions and comments that are not present in other
uses of the qmp output visitor, and pass NULL rather than "" as
the 'kind' parameter (matching most other uses where obj is NULL).

The changes to the generated code look like:

| qmp = qmp_event_build_dict("DEVICE_TRAY_MOVED");
|
| qov = qmp_output_visitor_new();
|- g_assert(qov);
|-
| v = qmp_output_get_visitor(qov);
|- g_assert(v);
|
|- /* Fake visit, as if all members are under a structure */
|- visit_start_struct(v, NULL, "", "DEVICE_TRAY_MOVED", 0, &err);
|+ visit_start_struct(v, NULL, NULL, "DEVICE_TRAY_MOVED", 0, &err);
| if (err) {
| goto out;
| }
| visit_type_str(v, (char **)&device, "device", &err);
| if (err) {
|- goto out;
|+ goto out_obj;
| }
| visit_type_bool(v, &tray_open, "tray-open", &err);
| if (err) {
|- goto out;
|+ goto out_obj;
| }
|- visit_end_struct(v, &err);
|+out_obj:
|+ visit_end_struct(v, err ? NULL : &err);
| if (err) {
| goto out;
| }
|
| obj = qmp_output_get_qobject(qov);
|- g_assert(obj != NULL);
|+ g_assert(obj);
|
| qdict_put_obj(qmp, "data", obj);
| emit(QAPI_EVENT_DEVICE_TRAY_MOVED, qmp, &err);

Note that the 'goto out_obj' with no intervening code before the
label, as well as the construct of 'err ? NULL : &err', are both
a bit unusual but also temporary; they get fixed in a later patch
that splits visit_end_struct() to drop its errp parameter by moving
some checking before the label. But until that time, this was the
simplest way to avoid the appearance of passing a possibly-set
error to visit_end_struct(), even though actual code inspection
shows that visit_end_struct() for a QMP output visitor will never
set an error.

Backports commit a16e3e5c5825c90887a863513916f93eeec16c55 from qemu
2018-02-19 22:18:31 -05:00
Eric Blake b847298d08
qapi: Drop dead parameter in gen_params()
Commit 5cdc8831 reworked gen_params() to be simpler, but forgot
to clean up a now-unused errp named argument.

No change to generated code.

Backports commit e408311546b633b232312450d9017f4db21df0dc from qemu
2018-02-19 22:16:16 -05:00
Markus Armbruster b2c9386111
qapi: Use Python 2.6 "except E as ..." syntax
PEP 8 calls for it, because it's forward compatible with Python 3.
Supported since Python 2.6, which we require (commit fec2103).

Backports commit 291928a80f39670929fcce222acd5e21d1434692 from qemu
2018-02-19 22:14:39 -05:00
Eric Blake f7d5b1c833
qapi: Detect base class loops
It should be fairly obvious that qapi base classes need to
form an acyclic graph, since QMP cannot specify the same
key more than once, while base classes are included as flat
members alongside other members added by the child. But the
old check_member_clash() parser function was not prepared to
check for this, and entered an infinite recursion (at least
until Python gives up, complaining about nesting too deep).

Now that check_member_clash() has been recently removed,
attempts at self-inheritance trigger an assertion failure
introduced by commit ac88219a. The obvious fix is to turn
the assertion into a conditional.

This patch includes both the tests (base-cycle-direct and
base-cycle-indirect) and the fix, since the .err file output
for the unfixed case is not useful (particularly when it was
warning about unbounded recursion, as that limit may be
platform-specific).

We don't need to worry about cycles in flat unions (neither
the base type nor the type of a variant can be a union) nor
in alternates (alternate branches cannot themselves be an
alternate). But if we later allow a union type as a variant,
we will still be okay, as QAPISchemaObjectTypeVariants.check()
triggers the same QAPISchemaObjectType.check() that will
detect any loops.

Likewise, we need not worry about the case of diamond
inheritance where the same class is used for a flat union base
class and one of its variants; either both uses will introduce
a collision in trying to insert the same member name twice, or
the shared type is empty and changes nothing.

Backports commit bac5429ccb4f41d421ec641b11f1852c8420fdb7 from qemu
2018-02-19 22:12:19 -05:00
Eric Blake 63f288263a
qapi: Move duplicate collision checks to schema check()
With the recent commit 'qapi: Detect collisions in C member
names', we have two different locations for detecting clashes -
one at parse time, and another at QAPISchema*.check() time.
Remove all of the ad hoc parser checks, and delete associated
code (for example, the global check_member_clash() method is
no longer needed).

Testing this showed that the test union-bad-branch wasn't adding
much: union-clash-branches also exposes the error message when
branches collide, and we've recently fixed things to avoid an
implicit collision with max. Likewise, the error for
enum-clash-member changes to report our new detection of
upper case in a value name, unless we modify the test to use
all lower case.

The wording of several error messages has changed, but the
change is generally an improvement rather than a regression.

No change to generated code.

Backports commit 01cfbaa4c36ecd9f1c7bcbad50c92758e1d147c4 from qemu
2018-02-19 22:11:28 -05:00
Eric Blake 514226002a
qapi: Enforce (or whitelist) case conventions on qapi members
We document that members of enums and objects should be
'lower-case', although we were not enforcing it. We have to
whitelist a few pre-existing entities that violate the norms.
Add three new tests to expose the new error message, each of
which first uses the whitelisted name 'UuidInfo' to prove the
whitelist works, then triggers the failure (this is the same
pattern used in the existing returns-whitelist.json test).

Note that by adding this check, we have effectively forbidden
an entity with a case-insensitive clash of member names, for
any entity that is not on the whitelist (although there is
still the possibility to clash via '-' vs. '_').

Not done here: a future patch should also add naming convention
support and whitelist exceptions for command, event, and type
names.

The additions to QAPISchemaMember.check_clash() check whether
info['name'] is in the whitelist (the top-most entity name at
the point 'info' tracks), rather than self.owner (the type,
possibly implicit, that directly owns the member), because it
is easier to maintain the whitelist by the names actually in
the user's .json file, rather than worrying about the names
of implicit types.

Backports commit 893e1f2c5170d54316f1dcf3fefae679175622fc from qemu
2018-02-19 22:09:45 -05:00
Eric Blake 2e1e2c4d51
qapi: Track enum values by QAPISchemaMember, not string
Rather than using just an array of strings, make enum.values be
an array of the new QAPISchemaMember type, and add a helper
member_names() method to get back at the original list of names.
Likewise, creating an enum requires wrapping strings, via a new
QAPISchema._make_enum_members() method. The benefit of wrapping
enum members in a QAPISchemaMember Python object is that we now
share the existing code for C name clash detection (although the
code is not yet active until a later commit removes the earlier
ad hoc parser checks).

In a related change, the QAPISchemaMember._pretty_owner() method
needs to learn about one more implicit type name: the generated
enum associated with a simple union.

In the interest of keeping the changes of this patch local to one
file, the visitor interface still passes just a list of names
rather than the full list of QAPISchemaMember instances. We may
want to revisit this in the future, if the consistency with
visit_object_type() is worth it.

Backports commit 93bda4dd461358b4fc05dfd8e2d6419cdd574789 from qemu
2018-02-19 22:07:17 -05:00
Eric Blake ff43b7446a
qapi: Prepare new QAPISchemaMember base class
We want to share some clash detection code between enum values
and object type members. To assist with that, split off part
of QAPISchemaObjectTypeMember into a new base class
QAPISchemaMember that tracks name, owner, and common clash
detection code; while the former keeps the additional fields
for type and optional flag.

Backports commit d44f9ac80c43e34b1522cde8829f0ab371f086ca from qemu
2018-02-19 22:04:41 -05:00
Eric Blake 994490d197
qapi: Shorter visits of optional fields
For less code, reflect the determined boolean value of an optional
visit back to the caller instead of making the caller read the
boolean after the fact.

The resulting generated code has the following diff:

|- visit_optional(v, &has_fdset_id, "fdset-id");
|- if (has_fdset_id) {
|+ if (visit_optional(v, &has_fdset_id, "fdset-id")) {
| visit_type_int(v, &fdset_id, "fdset-id", &err);
| if (err) {
| goto out;
| }
| }

Backports commit 29637a6ee913df8fcdf371426ee48956b945b618 from qemu
2018-02-19 22:03:23 -05:00
Eric Blake f3d2380f6d
qapi: Simplify visits of optional fields
None of the visitor callbacks would set an error when testing
if an optional field was present; make this part of the interface
contract by eliminating the errp argument.

The resulting generated code has a nice diff:

|- visit_optional(v, &has_fdset_id, "fdset-id", &err);
|- if (err) {
|- goto out;
|- }
|+ visit_optional(v, &has_fdset_id, "fdset-id");
| if (has_fdset_id) {
| visit_type_int(v, &fdset_id, "fdset-id", &err);
| if (err) {
| goto out;
| }
| }

Backports commit 5cdc8831a795fb8452d7e34f644202fd724e122a from qemu
2018-02-19 22:01:27 -05:00
Eric Blake 65d58b543e
qapi: Fix alternates that accept 'number' but not 'int'
The QMP input visitor allows integral values to be assigned by
promotion to a QTYPE_QFLOAT. However, when parsing an alternate,
we did not take this into account, such that an alternate that
accepts 'number' and some other type, but not 'int', would reject
integral values.

With this patch, we now have the following desirable table:

alternate has case selected for
'int' 'number' QTYPE_QINT QTYPE_QFLOAT
no no error error
no yes 'number' 'number'
yes no 'int' error
yes yes 'int' 'number'

While it is unlikely that we will ever use 'number' in an
alternate other than in the testsuite, it never hurts to be
more precise in what we allow.

Backports commit d00341af384665d259af475b14c96bb8414df415 from qemu
2018-02-19 21:58:10 -05:00
Lioncash a6b494dcae
qapi: Inline _make_implicit_tag()
Now that alternates no longer use an implicit tag, we can
inline _make_implicit_tag() into its one caller,
_def_union_type().

No change to generated code.

Backports commit 9d3f3494c5b941774e2c3e7639332d53bbe6f8be from qemu
2018-02-19 21:54:43 -05:00
Eric Blake ff1c8774ff
qapi-types: Drop unnedeed ._fwdefn
Previously, the generated code in qapi-types.c initialized all
enum lookup tables first, prior to any other definitions. But
there are no topological sorting requirements that mandate this
layout, so we can drop the QAPISchemaGenTypeVisitor._fwdefn
field and just generate all definitions in visitation order.

The generated code shows some churn due to reordering, but it
is still fairly straightforward to follow (all the deletions
occur in one hunk, and all the deleted lines are re-inserted
in the same order later in the same files, just spread across
multiple insertion points).

Backports commit 0b2e84ba774651656771ed697dee8825759dffa9 from qemu
2018-02-19 21:53:45 -05:00
Eric Blake 2ee6c960ee
qapi: Simplify visiting of alternate types
Previously, working with alternates required two lookup arrays
and some indirection: for type Foo, we created Foo_qtypes[]
which maps each qtype to a value of the generated FooKind enum,
then look up that value in FooKind_lookup[] like we do for other
union types.

This has a couple of subtle bugs. First, the generator was
creating a call with a parameter '(int *) &(*obj)->type' where
type is an enum type; this is unsafe if the compiler chooses
to store the enum type in a different size than int, where
assigning through the wrong size pointer can corrupt data or
cause a SIGBUS.

Related bug, not not fixed in this patch: qapi-visit.py's
gen_visit_enum() generates a cast of its enum * argument to
int *. Marked FIXME.

Second, since the values of the FooKind enum start at zero, all
entries of the Foo_qtypes[] array that were not explicitly
initialized will map to the same branch of the union as the
first member of the alternate, rather than triggering a desired
failure in visit_get_next_type(). Fortunately, the bug seldom
bites; the very next thing the input visitor does is try to
parse the incoming JSON with the wrong parser, which normally
fails; the output visitor is not used with a C struct in that
state, and the dealloc visitor has nothing to clean up (so
there is no leak).

However, the second bug IS observable in one case: parsing an
integer causes unusual behavior in an alternate that contains
at least a 'number' member but no 'int' member, because the
'number' parser accepts QTYPE_QINT in addition to the expected
QTYPE_QFLOAT (that is, since 'int' is not a member, the type
QTYPE_QINT accidentally maps to FooKind 0; if this enum value
is the 'number' branch the integer parses successfully, but if
the 'number' branch is not first, some other branch tries to
parse the integer and rejects it). A later patch will worry
about fixing alternates to always parse all inputs that a
non-alternate 'number' would accept, for now this is still
marked FIXME in the updated test-qmp-input-visitor.c, to
merely point out that new undesired behavior of 'ans' matches
the existing undesired behavior of 'asn'.

This patch fixes the default-initialization bug by deleting the
indirection, and modifying get_next_type() to directly assign a
QTypeCode parameter. This in turn fixes the type-casting bug,
as we are no longer casting a pointer to enum to a questionable
size. There is no longer a need to generate an implicit FooKind
enum associated with the alternate type (since the QMP wire
format never uses the stringized counterparts of the C union
member names). Since the updated visit_get_next_type() does not
know which qtypes are expected, the generated visitor is
modified to generate an error statement if an unexpected type is
encountered.

Callers now have to know the QTYPE_* mapping when looking at the
discriminator; but so far, only the testsuite was even using the
C struct of an alternate types. I considered the possibility of
keeping the internal enum FooKind, but initialized differently
than most generated arrays, as in:
typedef enum FooKind {
FOO_KIND_A = QTYPE_QDICT,
FOO_KIND_B = QTYPE_QINT,
} FooKind;
to create nicer aliases for knowing when to use foo->a or foo->b
when inspecting foo->type; but it turned out to add too much
complexity, especially without a client.

There is a user-visible side effect to this change, but I
consider it to be an improvement. Previously,
the invalid QMP command:
{"execute":"blockdev-add", "arguments":{"options":
{"driver":"raw", "id":"a", "file":true}}}
failed with:
{"error": {"class": "GenericError",
"desc": "Invalid parameter type for 'file', expected: QDict"}}
(visit_get_next_type() succeeded, and the error comes from the
visit_type_BlockdevOptions() expecting {}; there is no mention of
the fact that a string would also work). Now it fails with:
{"error": {"class": "GenericError",
"desc": "Invalid parameter type for 'file', expected: BlockdevRef"}}
(the error when the next type doesn't match any expected types for
the overall alternate).

Backports commit 0426d53c6530606bf7641b83f2b755fe61c280ee from qemu
2018-02-19 21:52:39 -05:00
Eric Blake e9666e4455
qapi: Convert QType into QAPI built-in enum type
What's more meta than using qapi to define qapi? :)

Convert QType into a full-fledged[*] builtin qapi enum type, so
that a subsequent patch can then use it as the discriminator
type of qapi alternate types. Fortunately, the judicious use of
'prefix' in the qapi definition avoids churn to the spelling of
the enum constants.

To avoid circular definitions, we have to flip the order of
inclusion between "qobject.h" vs. "qapi-types.h". Back in commit
28770e0, we had the latter include the former, so that we could
use 'QObject *' for our implementation of 'any'. But that usage
also works with only a forward declaration, whereas the
definition of QObject requires QType to be a complete type.

[*] The type has to be builtin, rather than declared in
qapi/common.json, because we want to use it for alternates even
when common.json is not included. But since it is the first
builtin enum type, we have to add special cases to qapi-types
and qapi-visit to only emit definitions once, even when two
qapi files are being compiled into the same binary (the way we
already handled builtin list types like 'intList'). We may
need to revisit how multiple qapi files share common types,
but that's a project for another day.

Backports commit 7264f5c50cc1be0f1406e3ebb45aedcca02f603a from qemu
2018-02-19 21:47:05 -05:00
Eric Blake 805c803298
qobject: Rename qtype_code to QType
The name QType matches our CODING_STYLE conventions for type names
in CamelCase. It also matches the fact that we are already naming
all the enum members with a prefix of QTYPE, not QTYPE_CODE. And
doing the rename will also make it easier for the next patch to use
QAPI for providing the enum, which also wants CamelCase type names.

Backports commit 1310a3d3bd9301ff5a825287638cfab24c2c6689 from qemu
2018-02-19 21:41:52 -05:00
Eric Blake cc1d62568e
qobject: Simplify QObject
The QObject hierarchy is small enough, and unlikely to grow further
(since we only use it to map to JSON and already cover all JSON
types), that we can simplify things by not tracking a separate
vtable, but just inline the code element of the vtable QType
directly into QObject (renamed to type), and track a separate array
of destroy functions. We can drop qnull_destroy_obj() in the
process.

The remaining QObject subclasses must export their destructor.

This also has the nice benefit of moving the typename 'QType'
out of the way, so that the next patch can repurpose it for a
nicer name for 'qtype_code'.

The various objects are still the same size (so no change in cache
line pressure), but now have less indirection (although I didn't
bother benchmarking to see if there is a noticeable speedup, as
we don't have hard evidence that this was in a performance hotspot
in the first place).

A future patch could drop the refcnt size to 32 bits for a smaller
struct on 64-bit architectures, if desired (we have limits on the
largest JSON that we are willing to parse, and will probably never
need to take full advantage of a 64-bit refcnt).

Backports commit 55e1819c509b3d9c10a54678b9c585bbda13889e from qemu
2018-02-19 21:37:48 -05:00
Markus Armbruster 105a6be9b0
qobject: Add a special null QObject
I'm going to fix the JSON parser to recognize null. The obvious
representation of JSON null as (QObject *)NULL doesn't work, because
the parser already uses it as an error value. Perhaps we should
change it to free NULL for null, but that's more than I can do right
now. Create a special null QObject instead.

The existing QDict, QList, and QString all represent something that
is a pointer in C and could therefore be associated with NULL. But
right now, all three of these sub-types are always non-null once
created, so the new null sentinel object is intentionally unrelated
to them.

Backports commit 481b002cc81ed7fc7b06e32e9d4d495d81739d14 from qemu
2018-02-19 21:25:58 -05:00
Eric Blake 0ae71ac202
qapi: Change munging of CamelCase enum values
When munging enum values, the fact that we were passing the entire
prefix + value through camel_to_upper() meant that enum values
spelled with CamelCase could be turned into CAMEL_CASE. However,
this provides a potential collision (both OneTwo and One-Two would
munge into ONE_TWO) for enum types, when the same two names are
valid side-by-side as QAPI member names. By changing the generation
of enum constants to always be prefix + '_' + c_name(value,
False).upper(), and ensuring that there are no case collisions (in
the next patches), we no longer have to worry about names that
would be distinct as QAPI members but collide as variant tag names,
without having to think about what munging the heuristics in
camel_to_upper() will actually perform on an enum value.

Making the change will affect enums that did not follow coding
conventions, using 'CamelCase' rather than desired 'lower-case'.

Thankfully, there are only two culprits: InputButton and ErrorClass.
We already tweaked ErrorClass to make it an alias of QapiErrorClass,
where only the alias needs changing rather than the whole tree. So
the bulk of this change is modifying INPUT_BUTTON_WHEEL_UP to the
new INPUT_BUTTON_WHEELUP (and likewise for WHEELDOWN). That part
of this commit may later need reverting if we rename the enum
constants from 'WheelUp' to 'wheel-up' as part of moving
x-input-send-event to a stable interface; but at least we have
documentation bread crumbs in place to remind us (commit 513e7cd),
and it matches the fact that SDL constants are also spelled
SDL_BUTTON_WHEELUP.

Backports commit d20a580bc0eac9d489884f6d2ed28105880532b6 from qemu
2018-02-19 20:40:15 -05:00
Eric Blake 1bda2b186b
qapi: Add alias for ErrorClass
The qapi enum ErrorClass is unusual that it uses 'CamelCase' names,
contrary to our documented convention of preferring 'lower-case'.
However, this enum is entrenched in the API; we cannot change
what strings QMP outputs. Meanwhile, we want to simplify how
c_enum_const() is used to generate enum constants, by moving away
from the heuristics of camel_to_upper() to a more straightforward
c_name(N).upper() - but doing so will rename all of the ErrorClass
constants and cause churn to all client files, where the new names
are aesthetically less pleasing (ERROR_CLASS_DEVICENOTFOUND looks
like we can't make up our minds on whether to break between words).

So as always in computer science, solve the problem by some more
indirection: rename the qapi type to QapiErrorClass, and add a
new enum ErrorClass in error.h whose members are aliases of the
qapi type, but with the spelling expected elsewhere in the tree.
Then, when c_enum_const() changes the munging, we only have to
adjust the one alias spot.

Backports commit f22a28b898322c01b0463a8b7ec551d72bc61a5b from qemu
2018-02-19 20:38:51 -05:00
Eric Blake 9a2b48ebc3
qapi: Remove obsolete tests for MAX collision
Now that we no longer collide with an implicit _MAX enum member,
we no longer need to reject it in the ad hoc parser, and can
remove several tests that are no longer needed.

Backports commit 04e0639d4e77b6d55491d396c8aa13929ee8ed9a from qemu
2018-02-19 20:36:35 -05:00
Eric Blake 9ca55f4ba5
qapi: Don't let implicit enum MAX member collide
Now that we guarantee the user doesn't have any enum values
beginning with a single underscore, we can use that for our
own purposes. Renaming ENUM_MAX to ENUM__MAX makes it obvious
that the sentinel is generated.

This patch was mostly generated by applying a temporary patch:

|diff --git a/scripts/qapi.py b/scripts/qapi.py
|index e6d014b..b862ec9 100644
|--- a/scripts/qapi.py
|+++ b/scripts/qapi.py
|@@ -1570,6 +1570,7 @@ const char *const %(c_name)s_lookup[] = {
| max_index = c_enum_const(name, 'MAX', prefix)
| ret += mcgen('''
| [%(max_index)s] = NULL,
|+// %(max_index)s
| };
| ''',
| max_index=max_index)

then running:

$ cat qapi-{types,event}.c tests/test-qapi-types.c |
sed -n 's,^// \(.*\)MAX,s|\1MAX|\1_MAX|g,p' > list
$ git grep -l _MAX | xargs sed -i -f list

The only things not generated are the changes in scripts/qapi.py.

Rejecting enum members named 'MAX' is now useless, and will be dropped
in the next patch.

Backports commit 7fb1cf1606c78c9d5b538f29176fd5a101726a9d from qemu
2018-02-19 20:34:53 -05:00
Eric Blake 00e596aad2
qapi: Tighten the regex on valid names
We already documented that qapi names should match specific
patterns (such as starting with a letter unless it was an enum
value or a downstream extension). Tighten that from a suggestion
into a hard requirement, which frees up names beginning with a
single underscore for qapi internal usage.

The tighter regex doesn't forbid everything insane that a user
could provide (for example, a user could name a type 'Foo-lookup'
to collide with the generated 'Foo_lookup[]' for an enum 'Foo'),
but does a good job at protecting the most obvious uses, and
also happens to reserve single leading underscore for later use.

The handling of enum values starting with a digit is tricky:
commit 9fb081e introduced a subtle bug by using c_name() on
a munged value, which would allow an enum to include the
member 'q-int' in spite of our reservation. Furthermore,
munging with a leading '_' would fail our tighter regex. So
fix it by only munging for leading digits (which are never
ticklish in c_name()) and by using a different prefix (I
picked 'D', although any letter should do).

Add new tests, reserved-member-underscore and reserved-enum-q,
to demonstrate the tighter checking.

Backports commit 59a92feedc6927e0e1ff87fdaccfb4dd42ad4c84 from qemu
2018-02-19 20:33:18 -05:00