Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fail-simulator-on-error can exit with success #381

Open
nwf opened this issue Dec 18, 2024 · 1 comment
Open

fail-simulator-on-error can exit with success #381

nwf opened this issue Dec 18, 2024 · 1 comment

Comments

@nwf
Copy link
Member

nwf commented Dec 18, 2024

If the fail-simulator-on-error.h error handler itself crashes -- by, say, exhausting the stack during a ConditionalDebug::log call -- then the simulation can end with a successful result, because we don't reach the simulation_exit(1) call.

I'm not quite sure what to do about this, but it sure is sad. It'd have been nice if HTIF and friends had allowed separately setting the exit status and commanding the exit, but alas.
@rmn30
Copy link
Collaborator

rmn30 commented Dec 18, 2024

Yes, I've known this for a while. The Hello World example was exiting that way due to its small stack and returning from the entry point causing a trap on returning to null. Thankfully you fixed that by setting up the the thread entry point so it returns cleanly into the switcher and then thread exit.

One potential solution would be to add a stackless error handler and use CHERIOT_DURING etc. in the compartment_error_handler! This would require linking with unwind library.

rmn30 added a commit that referenced this issue Dec 18, 2024
@rmn30
Partial fix for #381: exit the simulator with failure even if the err…
f4a8c19 
…or handler causes a stack overflow.

This uses a stackless error handler to recover from stack overflow in the stack-hungry error printing path. The handler just continues to the simulator_exit call. This is not a very satisfactory solution as it requires a call to switcher_handler_invocation_count_reset which could result in an infinite loop if an error occurs in the handler that is not handled by compartment_error_handler instead of by the stackless error handler.

The stackless error handler will only be invoked if the compartment links with the unwind_error_handler library.
rmn30 added a commit that referenced this issue Dec 18, 2024
@rmn30
Partial fix for #381: exit the simulator with failure even if the err…
f128435 
…or handler causes a stack overflow.

This uses a stackless error handler to recover from stack overflow in
the stack-hungry error printing path. The handler just continues to
the simulator_exit call. This is not a very satisfactory solution as
it requires a call to switcher_handler_invocation_count_reset which
could result in an infinite loop if an error occurs in the handler
that is not handled by compartment_error_handler instead of by the
stackless error handler.

The stackless error handler will only be invoked if the compartment
links with the unwind_error_handler library.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nwf @rmn30