The madness of ad hoc special IDs (was: [PATCH] machine: do not crash if default RAM backend name has been stollen)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Markus Armbruster <armbru@redhat.com>
To: Igor Mammedov <imammedo@redhat.com>
Cc: qemu-devel@nongnu.org, philmd@linaro.org, wangyanan55@huawei.com,
	pbonzini@redhat.com, thuth@redhat.com,
	"Peter Maydell" <peter.maydell@linaro.org>,
	"Daniel P. Berrangé" <berrange@redhat.com>
Subject: The madness of ad hoc special IDs (was: [PATCH] machine: do not crash if default RAM backend name has been stollen)
Date: Tue, 23 May 2023 14:31:30 +0200	[thread overview]
Message-ID: <877csz6xgd.fsf@pond.sub.org> (raw)
In-Reply-To: <20230522131717.3780533-1-imammedo@redhat.com> (Igor Mammedov's message of "Mon, 22 May 2023 15:17:17 +0200")

Igor Mammedov <imammedo@redhat.com> writes:

> QEMU aborts when default RAM backend should be used (i.e. no
> explicit '-machine memory-backend=' specified) but user
> has created an object which 'id' equals to default RAM backend
> name used by board.
>
>  $QEMU -machine pc \
>        -object memory-backend-ram,id=pc.ram,size=4294967296
>
>  Actual results:
>  QEMU 7.2.0 monitor - type 'help' for more information
>  (qemu) Unexpected error in object_property_try_add() at ../qom/object.c:1239:
>  qemu-kvm: attempt to add duplicate property 'pc.ram' to object (type 'container')
>  Aborted (core dumped)
>
> Instead of abort, check for the conflicting 'id' and exit with
> an error, suggesting how to remedy the issue.

This is an instance of an (unfortunately common) anti-pattern.

The point of an ID is to *identify*.  To do that, IDs of the same kind
must be unique.  "Of the same kind" because we let different kinds of
objects have the same ID[*].

IDs are arbitrary strings.  The user may pick any ID, as long as it's
unique.  Unique not only among the user's IDs, but the system's, too.

Every time we add code that picks an ID, we break backward
compatibility: user configurations that use this ID no longer work.
Thus, system-picked IDs are part of the external interface.

We don't treat them as such.  They are pretty much undocumented, and
when we add new ones, we break the external interface silently.

How exactly things go wrong on a clash is detail from an interface
design point of view.  This patch changes one instance from "crash" to
"fatal error".  No objections, just pointing out we're playing whack a
mole there.

The fundamental mistake we made was not reserving IDs for the system's
own use.

The excuse I heard back then was that IDs are for the user, and the
system isn't supposed to pick any.  Well, it does.

To stop creating more moles, we need to reserve IDs for the system's
use, and let the system pick only reserved IDs going forward.

There would be two kinds of reserved IDs: 1. an easily documented,
easily checked ID pattern, e.g. "starts with <prefix>", to be used by
the system going forward, and 2. the messy zoo of system IDs we have
accumulated so far.

Thoughts?

[...]

[*] Questionable idea if you ask me, but tangential to the point I'm
trying to make in this memo.

next prev parent reply	other threads:[~2023-05-23 12:32 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-22 13:17 [PATCH] machine: do not crash if default RAM backend name has been stollen Igor Mammedov
2023-05-22 13:33 ` Philippe Mathieu-Daudé
2023-05-23  9:10 ` Shaoqin Huang
2023-05-23 12:31 ` Markus Armbruster [this message]
2023-05-23 12:56   ` The madness of ad hoc special IDs (was: [PATCH] machine: do not crash if default RAM backend name has been stollen) Igor Mammedov
2023-05-27  7:45     ` The madness of ad hoc special IDs Markus Armbruster
2023-05-23 13:06   ` The madness of ad hoc special IDs (was: [PATCH] machine: do not crash if default RAM backend name has been stollen) Thomas Huth
2023-05-27  7:22     ` The madness of ad hoc special IDs Markus Armbruster
2023-05-27  7:59       ` Markus Armbruster
2023-05-23 13:16 ` [PATCH] machine: do not crash if default RAM backend name has been stollen Thomas Huth
2023-06-09 14:06 ` Igor Mammedov
2023-06-10 20:47   ` Thomas Huth

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=877csz6xgd.fsf@pond.sub.org \
    --to=armbru@redhat.com \
    --cc=berrange@redhat.com \
    --cc=imammedo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=philmd@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=thuth@redhat.com \
    --cc=wangyanan55@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.