| Title | Failed shield assertions with DEEP checking |
| Status | closed |
| Priority | essential |
| Assigned user | Gareth Rees |
| Organization | Ravenbrook |
| Description | Running: make -f xci6ll.gmk VARIETY=cool CFLAGS=-DCHECKLEVEL=CheckLevelDEEP testrun fails with various assertions in ShieldCheck: shield->unsynced == 0 || shield->suspended shield->depth == 0 || shield->suspended depth == shield->depth shield->limit >= shield->unsynced |
| Analysis | The comment at impl.c.shield.trans.check says, "A number of shield functions cannot do normal argument checking with AVERT because (for example) SegCheck checks the shield invariants, and it is these functions that are enforcing them. Instead, we AVER(TESTT(Seg, seg)) to check the type signature but not the contents." Is that what's going on here? |
| How found | automated_test |
| Evidence | None as yet. |
| Created by | Gareth Rees |
| Created on | 2016-05-01 19:34:10 |
| Last modified by | Gareth Rees |
| Last modified on | 2016-05-03 17:25:27 |
| History | 2016-05-01 GDR Created. |
| Change | Effect | Date | User | Description |
|---|---|---|---|---|
| 191812 | closed | 2016-05-03 17:25:27 | Gareth Rees | Make shield assertions robust against deep checking -- when ShieldCover is called from ShieldRaise there is one unsynced segment that has not yet been queued. Record this fact in a new queuePending flag in the shield structure. Remove incorrect shield assertion "shield->depth == 0 || shield->suspended" -- depth may be increased without suspending the mutator if the segment did not need protecting. |