From: Kevin Wolf <kwolf@redhat.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: qemu-devel@nongnu.org, dgilbert@redhat.com, armbru@redhat.com
Subject: Re: [Qemu-devel] [PATCH RFC 1/3] error: don't rely on pointer comparisons
Date: Wed, 17 Jun 2015 11:11:53 +0200 [thread overview]
Message-ID: <20150617091153.GC4202@noname.str.redhat.com> (raw)
In-Reply-To: <20150617085351-mutt-send-email-mst@redhat.com>
Am 17.06.2015 um 08:57 hat Michael S. Tsirkin geschrieben:
> On Tue, Jun 16, 2015 at 09:03:44AM -0600, Eric Blake wrote:
> > On 06/16/2015 06:53 AM, Michael S. Tsirkin wrote:
> > > makes it possible to copy error_abort pointers,
> > > not just pass them on directly.
> > >
> > > Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> > > ---
> > > util/error.c | 16 +++++++++++-----
> > > 1 file changed, 11 insertions(+), 5 deletions(-)
> > >
> > > diff --git a/util/error.c b/util/error.c
> > > index 14f4351..ccf29ea 100644
> > > --- a/util/error.c
> > > +++ b/util/error.c
> > > @@ -20,7 +20,13 @@ struct Error
> > > ErrorClass err_class;
> > > };
> > >
> > > -Error *error_abort;
> > > +static Error error_abort_st = { .err_class = ERROR_CLASS_MAX };
> > > +Error *error_abort = &error_abort_st;
> >
> > Looking at this a bit further, I still wonder if we can do a slightly
> > better job of coming up with something that will SIGSEGV (or SIGBUS) if
> > we (accidentally) try to dereference the pointer (similar to how SIG_IGN
> > is (sighandler_t)1) - because we know that the abort object should never
> > be dereferenced. Something like:
> >
> > Error *error_abort = (Error *)1;
> >
> > with no need for error_abort_st. (Might have to spell it as Error
> > *error_abort = (void*)(intptr_t)1;
> > to shut up compiler warnings)
> >
> > > +
> > > +static bool error_is_abort(Error **errp)
> > > +{
> > > + return errp && *errp && (*errp)->err_class == ERROR_CLASS_MAX;
> > > +}
> >
> > and this would be:
> >
> > return errp && *errp == error_abort;
> >
> > The rest of this patch is still good. Then in patch 2, you'd have:
> >
> > Error *error_init_local(Error **errp)
> > {
> > return error_is_abort(errp) ? error_abort : NULL;
> > }
> >
> > That is, you still use pointer equality, but at one less level of
> > indirection (equality at the Error* level, not the Error** level).
>
> It's a clever trick, it'd work. But why do tricks? This is never
> performance-critical, is it? E.g. debugging is easier if pointers
> actually point to things.
>
> Let's see what do others say.
This isn't about performance, but about failing for invalid use. If we
say that dereferencing error_abort is wrong, then letting it fail fast
(with a segfault) actually makes debugging easier than silently
accessing garbage and trying to figure out why some code misbehaves only
later.
Kevin
next prev parent reply other threads:[~2015-06-17 9:12 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-16 12:53 [Qemu-devel] [PATCH RFC 0/3] error: allow local errors to trigger abort Michael S. Tsirkin
2015-06-16 12:53 ` [Qemu-devel] [PATCH RFC 1/3] error: don't rely on pointer comparisons Michael S. Tsirkin
2015-06-16 14:45 ` Eric Blake
2015-06-16 14:49 ` Michael S. Tsirkin
2015-06-16 14:50 ` Eric Blake
2015-06-16 15:03 ` Eric Blake
2015-06-17 6:57 ` Michael S. Tsirkin
2015-06-17 9:11 ` Kevin Wolf [this message]
2015-06-16 12:53 ` [Qemu-devel] [PATCH RFC 2/3] error: allow local errors to trigger abort Michael S. Tsirkin
2015-06-16 15:06 ` Eric Blake
2015-06-16 12:53 ` [Qemu-devel] [PATCH RFC 3/3] block/nfs: switch to error_init_local Michael S. Tsirkin
2015-06-16 15:08 ` Eric Blake
2015-06-16 21:17 ` Michael S. Tsirkin
2015-06-17 14:26 ` [Qemu-devel] [PATCH RFC 0/3] error: allow local errors to trigger abort John Snow
2015-06-17 14:28 ` Michael S. Tsirkin
2015-06-17 14:29 ` Kevin Wolf
2015-06-17 14:30 ` John Snow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150617091153.GC4202@noname.str.redhat.com \
--to=kwolf@redhat.com \
--cc=armbru@redhat.com \
--cc=dgilbert@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).