| Index: sandbox/linux/bpf_dsl/policy_compiler.cc
|
| diff --git a/sandbox/linux/bpf_dsl/policy_compiler.cc b/sandbox/linux/bpf_dsl/policy_compiler.cc
|
| index 7ce517a5d5c6289d5b8a93e0be3c53d288672249..e2ffa47a154e187f52cb981e32dfdcb129bf00bd 100644
|
| --- a/sandbox/linux/bpf_dsl/policy_compiler.cc
|
| +++ b/sandbox/linux/bpf_dsl/policy_compiler.cc
|
| @@ -101,21 +101,22 @@ PolicyCompiler::~PolicyCompiler() {
|
| }
|
|
|
| CodeGen::Program PolicyCompiler::Compile() {
|
| - CHECK(policy_->InvalidSyscall()->IsDeny())
|
| - << "Policies should deny invalid system calls";
|
| + // Policies should deny invalid system calls
|
| + CHECK(policy_->InvalidSyscall()->IsDeny());
|
|
|
| // If our BPF program has unsafe traps, enable support for them.
|
| if (has_unsafe_traps_) {
|
| - CHECK_NE(0U, escapepc_) << "UnsafeTrap() requires a valid escape PC";
|
| + // UnsafeTrap() requires a valid escape PC
|
| + CHECK_NE(0U, escapepc_);
|
|
|
| for (int sysnum : kSyscallsRequiredForUnsafeTraps) {
|
| - CHECK(policy_->EvaluateSyscall(sysnum)->IsAllow())
|
| - << "Policies that use UnsafeTrap() must unconditionally allow all "
|
| - "required system calls";
|
| + // Policies that use UnsafeTrap() must unconditionally allow all required
|
| + // system calls
|
| + CHECK(policy_->EvaluateSyscall(sysnum)->IsAllow());
|
| }
|
|
|
| - CHECK(registry_->EnableUnsafeTraps())
|
| - << "We'd rather die than enable unsafe traps";
|
| + // We'd rather die than enable unsafe traps
|
| + CHECK(registry_->EnableUnsafeTraps());
|
| }
|
|
|
| // Assemble the BPF filter program.
|
| @@ -254,7 +255,8 @@ CodeGen::Node PolicyCompiler::AssembleJumpTable(Ranges::const_iterator start,
|
| // a binary search over the ranges.
|
| // As a sanity check, we need to have at least one distinct ranges for us
|
| // to be able to build a jump table.
|
| - CHECK(start < stop) << "Invalid iterator range";
|
| + // Invalid iterator range
|
| + CHECK(start < stop);
|
| const auto n = stop - start;
|
| if (n == 1) {
|
| // If we have narrowed things down to a single range object, we can
|
| @@ -285,16 +287,23 @@ CodeGen::Node PolicyCompiler::MaskedEqual(int argno,
|
| CodeGen::Node passed,
|
| CodeGen::Node failed) {
|
| // Sanity check that arguments make sense.
|
| - CHECK(argno >= 0 && argno < 6) << "Invalid argument number " << argno;
|
| - CHECK(width == 4 || width == 8) << "Invalid argument width " << width;
|
| - CHECK_NE(0U, mask) << "Zero mask is invalid";
|
| - CHECK_EQ(value, value & mask) << "Value contains masked out bits";
|
| + // Invalid argument number |argno|
|
| + CHECK(argno >= 0 && argno < 6);
|
| + // Invalid argument width |width|
|
| + CHECK(width == 4 || width == 8);
|
| + // Zero mask is invalid
|
| + CHECK_NE(0U, mask);
|
| + // Value contains masked out bits
|
| + CHECK_EQ(value, value & mask);
|
| if (sizeof(void*) == 4) {
|
| - CHECK_EQ(4U, width) << "Invalid width on 32-bit platform";
|
| + // Invalid width on 32-bit platform
|
| + CHECK_EQ(4U, width);
|
| }
|
| if (width == 4) {
|
| - CHECK_EQ(0U, mask >> 32) << "Mask exceeds argument size";
|
| - CHECK_EQ(0U, value >> 32) << "Value exceeds argument size";
|
| + // Mask exceeds argument size
|
| + CHECK_EQ(0U, mask >> 32);
|
| + // Value exceeds argument size
|
| + CHECK_EQ(0U, value >> 32);
|
| }
|
|
|
| // We want to emit code to check "(arg & mask) == value" where arg, mask, and
|
|
|
Chromium Code Reviews
Issue 2561963002:
base: Remove the string logging from CHECK(). (Closed)
