MPS issue job004026

TitleFailed shield assertions with DEEP checking
Assigned userGareth Rees

    make -f xci6ll.gmk VARIETY=cool CFLAGS=-DCHECKLEVEL=CheckLevelDEEP testrun

fails with various assertions in ShieldCheck:

    shield->unsynced == 0 || shield->suspended
    shield->depth == 0 || shield->suspended
    depth == shield->depth
    shield->limit >= shield->unsynced
AnalysisThe comment at impl.c.shield.trans.check says, "A number of shield functions cannot do normal argument checking with AVERT because (for example) SegCheck checks the shield invariants, and it is these functions that are enforcing them. Instead, we AVER(TESTT(Seg, seg)) to check the type signature but not the contents." Is that what's going on here?
How foundautomated_test
EvidenceNone as yet.
Created byGareth Rees
Created on2016-05-01 19:34:10
Last modified byGareth Rees
Last modified on2016-05-03 17:25:27
History2016-05-01 GDR Created.


Change Effect Date User Description
191812 closed 2016-05-03 17:25:27 Gareth Rees Make shield assertions robust against deep checking -- when ShieldCover is called from ShieldRaise there is one unsynced segment that has not yet been queued. Record this fact in a new queuePending flag in the shield structure.
Remove incorrect shield assertion "shield->depth == 0 || shield->suspended" -- depth may be increased without suspending the mutator if the segment did not need protecting.