diff options
| author | Kevin Pulo <kevin.pulo@mongodb.com> | 2020-10-26 17:11:18 +1100 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-11-02 09:58:44 +0000 |
| commit | 7d8e64df2d2d56a821f638ef88aa619403d03d31 (patch) | |
| tree | 6ada2d481c56b9754ec7848caf146cd94149148f /docs | |
| parent | 4d2dea00415bf02d2b32d0474c93d251ce6568cc (diff) | |
| download | mongo-7d8e64df2d2d56a821f638ef88aa619403d03d31.tar.gz | |
SERVER-44570 Add tripwire assertions (tassert)
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/exception_architecture.md | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/docs/exception_architecture.md b/docs/exception_architecture.md index 09f89e16837..105319774f3 100644 --- a/docs/exception_architecture.md +++ b/docs/exception_architecture.md @@ -3,6 +3,8 @@ MongoDB code uses the following types of assertions that are available for use: - `uassert` and `internalAssert` - Checks for per-operation user errors. Operation-fatal. +- `tassert` + - Like uassert, but inhibits clean shutdown. - `massert` - Checks per-operation invariants. Operation-fatal. - `fassert` @@ -18,9 +20,9 @@ The following types of assertions are deprecated: - `verify` - Checks per-operation invariants. A synonym for massert but doesn't require an error code. - Do not use for new code; use invariant or fassert instead. + Process fatal in debug mode. Do not use for new code; use invariant or fassert instead. - `dassert` - - Calls `verify` but only in debug mode. Do not use! + - Calls `invariant` but only in debug mode. Do not use! MongoDB uses a series of `ErrorCodes` (defined in [mongo/base/error_codes.yml][error_codes_yml]) to identify and categorize error conditions. `ErrorCodes` are defined in a YAML file and converted to @@ -41,6 +43,12 @@ mistakenly using these assertions midway through mutating process state. Example `fassert` failures will terminate the entire process; this is used for low-level checks where continuing might lead to corrupt data or loss of data on disk. +`tassert` is a hybrid - it will fail the operation like `uassert`, but also triggers a +"deferred-fatality tripwire flag". If this flag is set during clean shutdown, the process will +invoke the tripwire fatal assertion. This is useful for ensuring that operation failures will cause +a test suite to fail, without resorting to different behavior during testing, and without allowing +user operations to potentially disrupt production deployments by terminating the server. + Both `massert` and `uassert` take error codes, so that all assertions have codes associated with them. Currently, programmers are free to provide the error code by either using a unique location number or choose from existing `ErrorCodes`. Unique location numbers are assigned incrementally and |