From: Luiz Capitulino <lcapitulino@redhat.com>
To: "Lluís Vilanova" <vilanova@ac.upc.edu>
Cc: "kwolf@redhat.com" <kwolf@redhat.com>,
"aliguori@us.ibm.com" <aliguori@us.ibm.com>,
Jan Kiszka <jan.kiszka@siemens.com>,
"armbru@redhat.com" <armbru@redhat.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"amit.shah@redhat.com" <amit.shah@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 4/9] runstate_set(): Check for valid transitions
Date: Fri, 9 Sep 2011 09:58:45 -0300 [thread overview]
Message-ID: <20110909095845.0b1496f0@doriath> (raw)
In-Reply-To: <87r53td0ug.fsf@ginnungagap.bsc.es>
On Tue, 06 Sep 2011 19:42:15 +0200
Lluís Vilanova <vilanova@ac.upc.edu> wrote:
> Luiz Capitulino writes:
>
> > On Tue, 06 Sep 2011 17:55:12 +0200
> > Jan Kiszka <jan.kiszka@siemens.com> wrote:
>
> >> On 2011-09-06 15:14, Luiz Capitulino wrote:
> >> > This commit could have been folded with the previous one, however
> >> > doing it separately will allow for easy bisect and revert if needed.
> >> >
> >> > Checking and testing all valid transitions wasn't trivial, chances
> >> > are this will need broader testing to become more stable.
> >> >
> >> > Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
> >> > ---
> >> > vl.c | 149 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
> >> > 1 files changed, 148 insertions(+), 1 deletions(-)
> >> >
> >> > diff --git a/vl.c b/vl.c
> >> > index 9926d2a..fe3628a 100644
> >> > --- a/vl.c
> >> > +++ b/vl.c
> >> > @@ -332,9 +332,156 @@ bool runstate_check(RunState state)
> >> > return current_run_state == state;
> >> > }
> >> >
> >> > +/* This function will abort() on invalid state transitions */
> >> > void runstate_set(RunState new_state)
> >> > {
> >> > - assert(new_state < RSTATE_MAX);
> >> > + switch (current_run_state) {
> >> > + case RSTATE_NO_STATE:
> >> > + switch (new_state) {
> >> > + case RSTATE_RUNNING:
> >> > + case RSTATE_IN_MIGRATE:
> >> > + case RSTATE_PRE_LAUNCH:
> >> > + goto transition_ok;
> >> > + default:
> >> > + /* invalid transition */
> >> > + abort();
> >> > + }
> >> > + abort();
> >> > + case RSTATE_DEBUG:
> >> > + switch (new_state) {
> >> > + case RSTATE_RUNNING:
> >> > + goto transition_ok;
> >> > + default:
> >> > + /* invalid transition */
> >> > + abort();
> >> > + }
> >> > + abort();
> >> > + case RSTATE_IN_MIGRATE:
> >> > + switch (new_state) {
> >> > + case RSTATE_RUNNING:
> >> > + case RSTATE_PRE_LAUNCH:
> >> > + goto transition_ok;
> >> > + default:
> >> > + /* invalid transition */
> >> > + abort();
> >> > + }
> >> > + abort();
> >> > + case RSTATE_PANICKED:
> >> > + switch (new_state) {
> >> > + case RSTATE_PAUSED:
> >> > + goto transition_ok;
> >> > + default:
> >> > + /* invalid transition */
> >> > + abort();
> >> > + }
> >> > + abort();
> >> > + case RSTATE_IO_ERROR:
> >> > + switch (new_state) {
> >> > + case RSTATE_RUNNING:
> >> > + goto transition_ok;
> >> > + default:
> >> > + /* invalid transition */
> >> > + abort();
> >> > + }
> >> > + abort();
> >> > + case RSTATE_PAUSED:
> >> > + switch (new_state) {
> >> > + case RSTATE_RUNNING:
> >> > + goto transition_ok;
> >> > + default:
> >> > + /* invalid transition */
> >> > + abort();
> >> > + }
> >> > + abort();
> >> > + case RSTATE_POST_MIGRATE:
> >> > + switch (new_state) {
> >> > + case RSTATE_RUNNING:
> >> > + goto transition_ok;
> >> > + default:
> >> > + /* invalid transition */
> >> > + abort();
> >> > + }
> >> > + abort();
> >> > + case RSTATE_PRE_LAUNCH:
> >> > + switch (new_state) {
> >> > + case RSTATE_RUNNING:
> >> > + case RSTATE_POST_MIGRATE:
> >> > + goto transition_ok;
> >> > + default:
> >> > + /* invalid transition */
> >> > + abort();
> >> > + }
> >> > + abort();
> >> > + case RSTATE_PRE_MIGRATE:
> >> > + switch (new_state) {
> >> > + case RSTATE_RUNNING:
> >> > + case RSTATE_POST_MIGRATE:
> >> > + goto transition_ok;
> >> > + default:
> >> > + /* invalid transition */
> >> > + abort();
> >> > + }
> >> > + abort();
> >> > + case RSTATE_RESTORE:
> >> > + switch (new_state) {
> >> > + case RSTATE_RUNNING:
> >> > + goto transition_ok;
> >> > + default:
> >> > + /* invalid transition */
> >> > + abort();
> >> > + }
> >> > + abort();
> >> > + case RSTATE_RUNNING:
> >> > + switch (new_state) {
> >> > + case RSTATE_DEBUG:
> >> > + case RSTATE_PANICKED:
> >> > + case RSTATE_IO_ERROR:
> >> > + case RSTATE_PAUSED:
> >> > + case RSTATE_PRE_MIGRATE:
> >> > + case RSTATE_RESTORE:
> >> > + case RSTATE_SAVEVM:
> >> > + case RSTATE_SHUTDOWN:
> >> > + case RSTATE_WATCHDOG:
> >> > + goto transition_ok;
> >> > + default:
> >> > + /* invalid transition */
> >> > + abort();
> >> > + }
> >> > + abort();
> >> > + case RSTATE_SAVEVM:
> >> > + switch (new_state) {
> >> > + case RSTATE_RUNNING:
> >> > + goto transition_ok;
> >> > + default:
> >> > + /* invalid transition */
> >> > + abort();
> >> > + }
> >> > + abort();
> >> > + case RSTATE_SHUTDOWN:
> >> > + switch (new_state) {
> >> > + case RSTATE_PAUSED:
> >> > + goto transition_ok;
> >> > + default:
> >> > + /* invalid transition */
> >> > + abort();
> >> > + }
> >> > + abort();
> >> > + case RSTATE_WATCHDOG:
> >> > + switch (new_state) {
> >> > + case RSTATE_RUNNING:
> >> > + goto transition_ok;
> >> > + default:
> >> > + /* invalid transition */
> >> > + abort();
> >> > + }
> >> > + abort();
> >> > + default:
> >> > + fprintf(stderr, "current run state is invalid: %s\n",
> >> > + runstate_as_string());
> >> > + abort();
> >> > + }
> >> > +
> >> > +transition_ok:
> >> > current_run_state = new_state;
> >> > }
> >> >
> >>
> >> I haven't looked at the transitions yet, but just to make the function
> >> smaller: you could fold identical blocks together, e.g.
>
> > I thought about doing that but I fear it's error-prone: you extend
> > RSTATE_PAUSED and forget about RSTATE_IO_ERROR.
>
> > I think it's better to have different things separated, that's, each state
> > has its own switch statement.
>
> You could also use a state transition matrix instead:
Looks like a good idea.
>
> typedef enum {
> RSTATE_NO_STATE,
> RSTATE_RUNNING,
> RSTATE_IN_MIGRATE,
> ...
> RSTATE_COUNT
> } RunState;
>
> typedef struct
> {
> RunState from;
> RunState to;
> } RunStateTransition;
>
>
> // relevant transition definition here
> static RunStateTransition trans_def[] =
> {
> {RSTATE_NO_STATE, RSTATE_RUNNING},
> {RSTATE_NO_STATE, RSTATE_IN_MIGRATE},
> ...
> {RSTATE_COUNT, RSTATE_COUNT},
> };
>
> static bool trans_matrix[RSTATE_COUNT][RSTATE_COUNT];
>
> // call at system initialization
> void
> runstate_init(void)
> {
> bzero(trans_matrix, sizeof(trans_matrix));
>
> RunStateTransition *trans;
> for (trans = &trans_def[0]; trans->from != RSTATE_COUNT; trans++) {
> trans_matrix[trans->from][trans->to] = true;
> }
> }
I think I prefer a static init.
>
> void runstate_set(RunState new_state)
> {
> if (unlikely(current_run_state >= RSTATE_COUNT)) {
> fprintf(stderr, "current run state is invalid: %s\n",
> runstate_as_string());
> abort();
> }
> if (unlikely(!trans_matrix[current_run_state][new_state])) {
> fprintf(stderr, "invalid run state transition\n");
> abort();
> }
> current_run_state = new_state;
> }
>
> I think it's easier to read the state machine from 'trans_def', and it
> can be easily extended to include other fields in the future (like
> flags, callbacks or whatever).
>
>
> Lluis
>
next prev parent reply other threads:[~2011-09-09 12:58 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-06 13:14 [Qemu-devel] [PATCH v4 0/9]: Introduce the RunState type Luiz Capitulino
2011-09-06 13:14 ` [Qemu-devel] [PATCH 1/9] Move vm_state_notify() prototype from cpus.h to sysemu.h Luiz Capitulino
2011-09-06 13:14 ` [Qemu-devel] [PATCH 2/9] Replace the VMSTOP macros with a proper state type Luiz Capitulino
2011-09-06 13:14 ` [Qemu-devel] [PATCH 3/9] RunState: Add additional states Luiz Capitulino
2011-09-06 13:14 ` [Qemu-devel] [PATCH 4/9] runstate_set(): Check for valid transitions Luiz Capitulino
2011-09-06 15:55 ` Jan Kiszka
2011-09-06 16:47 ` Luiz Capitulino
2011-09-06 17:42 ` Lluís Vilanova
2011-09-09 12:58 ` Luiz Capitulino [this message]
2011-09-06 13:14 ` [Qemu-devel] [PATCH 5/9] Drop the incoming_expected global variable Luiz Capitulino
2011-09-06 13:14 ` [Qemu-devel] [PATCH 6/9] Drop the vm_running " Luiz Capitulino
2011-09-06 13:14 ` [Qemu-devel] [PATCH 7/9] Monitor/QMP: Don't allow cont on bad VM state Luiz Capitulino
2011-09-06 13:14 ` [Qemu-devel] [PATCH 8/9] QMP: query-status: Introduce 'status' key Luiz Capitulino
2011-09-06 13:14 ` [Qemu-devel] [PATCH 9/9] HMP: info status: Print the VM state Luiz Capitulino
-- strict thread matches above, loose matches on Subject: below --
2011-09-09 20:25 [Qemu-devel] [PATCH v5 0/9]: Introduce the RunState type Luiz Capitulino
2011-09-09 20:25 ` [Qemu-devel] [PATCH 4/9] runstate_set(): Check for valid transitions Luiz Capitulino
2011-09-14 3:06 ` Luiz Capitulino
2011-09-14 19:55 ` Blue Swirl
2011-09-14 20:23 ` Luiz Capitulino
2011-09-14 20:49 [Qemu-devel] [PULL 0/9]: QMP queue Luiz Capitulino
2011-09-14 20:49 ` [Qemu-devel] [PATCH 4/9] runstate_set(): Check for valid transitions Luiz Capitulino
2011-09-15 20:05 [Qemu-devel] [PULL 0/9]: QMP queue Luiz Capitulino
2011-09-15 20:05 ` [Qemu-devel] [PATCH 4/9] runstate_set(): Check for valid transitions Luiz Capitulino
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110909095845.0b1496f0@doriath \
--to=lcapitulino@redhat.com \
--cc=aliguori@us.ibm.com \
--cc=amit.shah@redhat.com \
--cc=armbru@redhat.com \
--cc=jan.kiszka@siemens.com \
--cc=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=vilanova@ac.upc.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).