From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NGyQD-0004xS-Fv
	for qemu-devel@nongnu.org; Sat, 05 Dec 2009 12:27:53 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NGyQ8-0004uS-R2
	for qemu-devel@nongnu.org; Sat, 05 Dec 2009 12:27:52 -0500
Received: from [199.232.76.173] (port=33997 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NGyQ8-0004uL-Ft
	for qemu-devel@nongnu.org; Sat, 05 Dec 2009 12:27:48 -0500
Received: from mail-yw0-f183.google.com ([209.85.211.183]:36557)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <anthony@codemonkey.ws>) id 1NGyQ8-0008Ls-DJ
	for qemu-devel@nongnu.org; Sat, 05 Dec 2009 12:27:48 -0500
Received: by ywh13 with SMTP id 13so3548960ywh.29
	for <qemu-devel@nongnu.org>; Sat, 05 Dec 2009 09:27:47 -0800 (PST)
Message-ID: <4B1A9811.8020108@codemonkey.ws>
Date: Sat, 05 Dec 2009 11:27:45 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH] Permit zero-sized qemu_malloc() & friends
References: <m3skbwxgkp.fsf@crossbow.pond.sub.org>
	<4B193DA5.6040507@codemonkey.ws> <4B1A9359.8080305@redhat.com>
In-Reply-To: <4B1A9359.8080305@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Avi Kivity <avi@redhat.com>
Cc: Paul Brook <paul@codesourcery.com>, Markus Armbruster <armbru@redhat.com>, qemu-devel@nongnu.org

Avi Kivity wrote:
> On 12/04/2009 06:49 PM, Anthony Liguori wrote:
>>
>> I still believe that it is poor practice to pass size==0 to 
>> *malloc().  I think actively discouraging this in qemu is a good 
>> thing because it's a broken idiom.
>
> Why?  Unless we have a separate array allocator (like C++'s new and 
> new[]), we need to support zero-element arrays without pushing the 
> burden to callers (in the same way that for () supports zero iteration 
> loops without a separate if ()).

If you call malloc(size=0), then it's impossible to differentiate 
between a failed malloc return and a valid result on certain platform 
(like AIX).

So the only correct way would be to write:

array = malloc(size);
if (array == NULL && size != 0) {
    return -ENOMEM;
}

If you were writing portable code.  But that's not what people write.  
You can argue that qemu_malloc() can have any semantics we want and 
while that's true, it doesn't change my above statement.  I think the 
main argument for this behavior in qemu is that people are used to using 
this idiom with malloc() but it's a non-portable practice.

If qemu_malloc() didn't carry the name "malloc()" then semantics with 
size=0 would be a different discussion.  But so far, all qemu_* 
functions tend to behave almost exactly like their C counterparts.  
Relying on the result of size=0 with malloc() is broken.

Regards,

Anthony Liguori