feat: ✨ Update panics, exit QEMU on exceptions

machine/src/arch/aarch64/traps.rs

@@ -117,7 +117,10 @@ pub struct ExceptionContext {
 unsafe extern "C" fn default_exception_handler() -> ! {
     println!("Unexpected exception. Halting CPU.");
 
-    endless_sleep()
+    #[cfg(not(qemu))]
+    endless_sleep();
+    #[cfg(qemu)]
+    qemu::semihosting::exit_failure()
 }
 
 // To implement an exception handler, override it by defining the respective
@@ -141,7 +144,7 @@ unsafe extern "C" fn current_el0_synchronous(e: &mut ExceptionContext) {
 #[no_mangle]
 unsafe extern "C" fn current_elx_synchronous(e: &mut ExceptionContext) {
     println!("[!] KERNEL synchronous exception happened.");
-    synchronous_common(e);
+    synchronous_common(e)
 }
 
 // unsafe extern "C" fn current_elx_irq(e: &mut ExceptionContext);
@@ -152,7 +155,11 @@ unsafe extern "C" fn current_elx_synchronous(e: &mut ExceptionContext) {
 unsafe extern "C" fn current_elx_serror(e: &mut ExceptionContext) {
     println!("[!] KERNEL serror exception happened.");
     synchronous_common(e);
-    endless_sleep()
+
+    #[cfg(not(qemu))]
+    endless_sleep();
+    #[cfg(qemu)]
+    qemu::semihosting::exit_failure()
 }
 
 fn cause_to_string(cause: u64) -> &'static str {

machine/src/lib.rs

@@ -7,6 +7,7 @@
 #![feature(strict_provenance)]
 #![feature(stmt_expr_attributes)]
 #![feature(slice_ptr_get)]
+#![feature(panic_info_message)]
 #![feature(nonnull_slice_from_raw_parts)]
 #![feature(custom_test_frameworks)]
 #![test_runner(crate::tests::test_runner)]

machine/src/panic.rs

@@ -1,12 +1,57 @@
-pub fn handler(info: &core::panic::PanicInfo) -> ! {
+//! A panic handler for hardware and for QEMU.
+use core::panic::PanicInfo;
+
+pub fn handler(info: &PanicInfo) -> ! {
+    // Protect against panic infinite loops if any of the following code panics itself.
+    panic_prevent_reenter();
     // @todo This may fail to print if the panic message is too long for local print buffer.
-    crate::println!("{}", info);
+    crate::println!("\nPanic: {}\n", info);
     crate::endless_sleep()
 }
 
+/// We have two separate handlers because other crates may use machine crate as a dependency for
+/// running their tests, and this means machine could be compiled with different features.
 pub fn handler_for_tests(info: &core::panic::PanicInfo) -> ! {
     crate::println!("\n[failed]\n");
+    // Protect against panic infinite loops if any of the following code panics itself.
+    panic_prevent_reenter();
     // @todo This may fail to print if the panic message is too long for local print buffer.
-    crate::println!("\nError: {}\n", info);
+    crate::println!("\nPanic: {}\n", info);
     crate::qemu::semihosting::exit_failure()
 }
+
+//--------------------------------------------------------------------------------------------------
+// Private Code
+//--------------------------------------------------------------------------------------------------
+
+/// Stop immediately if called a second time.
+///
+/// # Note
+///
+/// Using atomics here relieves us from needing to use `unsafe` for the static variable.
+///
+/// On `AArch64`, which is the only implemented architecture at the time of writing this,
+/// [`AtomicBool::load`] and [`AtomicBool::store`] are lowered to ordinary load and store
+/// instructions. They are therefore safe to use even with MMU + caching deactivated.
+///
+/// [`AtomicBool::load`]: core::sync::atomic::AtomicBool::load
+/// [`AtomicBool::store`]: core::sync::atomic::AtomicBool::store
+fn panic_prevent_reenter() {
+    use core::sync::atomic::{AtomicBool, Ordering};
+
+    #[cfg(not(target_arch = "aarch64"))]
+    compile_error!("Add the target_arch to above check if the following code is safe to use");
+
+    static PANIC_IN_PROGRESS: AtomicBool = AtomicBool::new(false);
+
+    if !PANIC_IN_PROGRESS.load(Ordering::Relaxed) {
+        PANIC_IN_PROGRESS.store(true, Ordering::Relaxed);
+
+        return;
+    }
+
+    #[cfg(qemu)]
+    crate::qemu::semihosting::exit_failure();
+    #[cfg(not(qemu))]
+    crate::endless_sleep()
+}