userspace assert?

["Matias N." <ma...@imap.cc>]

I was using assert in an app (testing on sim) and realized the sim exited upon hitting the assert. From the code I see it calls into up_assert() (which would also be a violation of OS/Userspace separation AFAIK).
What about writing a similar simple function that only sends the message to syslog and does exit() so the app exists?
This would only be for lowercase assert() of course.

Best,
Matias

Re: userspace assert?

[Gregory Nutt <sp...@gmail.com>]

> Yes, it seems that is the issue.
> I will make a PR to remove those lines (I tried removing them and works as expected).

It still should return to __assert() under the conditions where an 
application assertion occurs.  __assert will exit.  The normal normal 
conditions are not in an interrupt handler and and not in the IDLE thread.

Re: userspace assert?

["Matias N." <ma...@imap.cc>]

Yes, it seems that is the issue.
I will make a PR to remove those lines (I tried removing them and works as expected).

Best,
Matias

On Sat, Mar 27, 2021, at 16:44, Gregory Nutt wrote:
> 
> > Or maybe is sim's up_assert() wrong to exit simulation? Thinking about it, doing up_assert() (which would just print the error) and exit() would indeed exit the app only.
> 
> What do you mean by exit the simulation.  It should exit the task that 
> caused the assertion but the simulation should continue to run.
> 
> Hmm.. so yes, you are right.  the up_assert() implementation is wrong.  
> Compare to arch/arm/src/armv-7m/arm_assert.c.  For crash occurs only if:
> 
>     342 static void _up_assert(void)
>     343 {
>     344   /* Flush any buffered SYSLOG data */
>     345
>     346   syslog_flush();
>     347
>     348   /* Are we in an interrupt handler or the idle task? */
>     349
>     350   if (CURRENT_REGS || (running_task())->flink == NULL)
>     351     {
> 
> Otherwise, it just returns (eventually) to __assert which calls exit().  
> That is the correct behavior.
> 
> 

Re: userspace assert?

[Gregory Nutt <sp...@gmail.com>]

> Or maybe is sim's up_assert() wrong to exit simulation? Thinking about it, doing up_assert() (which would just print the error) and exit() would indeed exit the app only.

What do you mean by exit the simulation.  It should exit the task that 
caused the assertion but the simulation should continue to run.

Hmm.. so yes, you are right.  the up_assert() implementation is wrong.  
Compare to arch/arm/src/armv-7m/arm_assert.c.  For crash occurs only if:

    342 static void _up_assert(void)
    343 {
    344   /* Flush any buffered SYSLOG data */
    345
    346   syslog_flush();
    347
    348   /* Are we in an interrupt handler or the idle task? */
    349
    350   if (CURRENT_REGS || (running_task())->flink == NULL)
    351     {

Otherwise, it just returns (eventually) to __assert which calls exit().  
That is the correct behavior.

Re: userspace assert?

["Matias N." <ma...@imap.cc>]

Or maybe is sim's up_assert() wrong to exit simulation? Thinking about it, doing up_assert() (which would just print the error) and exit() would indeed exit the app only.

On Sat, Mar 27, 2021, at 16:30, Matias N. wrote:
> I was using assert in an app (testing on sim) and realized the sim exited upon hitting the assert. From the code I see it calls into up_assert() (which would also be a violation of OS/Userspace separation AFAIK).
> What about writing a similar simple function that only sends the message to syslog and does exit() so the app exists?
> This would only be for lowercase assert() of course.
> 
> Best,
> Matias

Re: userspace assert?

[Gregory Nutt <sp...@gmail.com>]

Isn't what you describe basically the same as Linux behavior.  assert() 
is like exit() and should cause the task to end, should it not?

Per OpenGroup:

https://pubs.opengroup.org/onlinepubs/009695399/functions/assert.html: 
When it is executed, if /expression/ (which shall have a *scalar* type) 
is false (that is, compares equal to 0), /assert/() shall write 
information about the particular call that failed on /stderr/ and shall 
call /abort/() 
<https://pubs.opengroup.org/onlinepubs/009695399/functions/abort.html>.

https://pubs.opengroup.org/onlinepubs/009695399/functions/abort.html: he 
/abort/() function shall cause abnormal process termination to occur, 
unless the signal SIGABRT is being caught and the signal handler does 
not return.

The only non-compliance that I see is that NuttX does not send the 
SIGABRT signal.

On 3/27/2021 1:30 PM, Matias N. wrote:
> I was using assert in an app (testing on sim) and realized the sim exited upon hitting the assert. From the code I see it calls into up_assert() (which would also be a violation of OS/Userspace separation AFAIK).
> What about writing a similar simple function that only sends the message to syslog and does exit() so the app exists?
> This would only be for lowercase assert() of course.
>
> Best,
> Matias