From: David Turner <digit@google.com>
To: Julian Seward <jseward@acm.org>
Cc: Kevin Wolf <kwolf@redhat.com>, Paul Brook <paul@codesourcery.com>,
Gerd Hoffmann <kraxel@redhat.com>,
qemu-devel@nongnu.org,
Jean-Christophe Dubois <jcd@tribudubois.net>
Subject: Re: [Qemu-devel] [PATCH] use qemu_malloc and friends consistently
Date: Fri, 29 May 2009 23:12:32 +0200 [thread overview]
Message-ID: <60cad3f0905291412m670c7a6cw45f9b51f3122ddfb@mail.gmail.com> (raw)
In-Reply-To: <200905291917.10535.jseward@acm.org>
[-- Attachment #1: Type: text/plain, Size: 1789 bytes --]
On Fri, May 29, 2009 at 7:17 PM, Julian Seward <jseward@acm.org> wrote:
>
> +1 for that. Code that relies on malloc(0) doing any specific thing
> is basically bad news when it comes to portability, robustness
> and understandability. Better to have qemu_malloc(0) abort, put up with
> a couple of days of the trunk aborting, until these uses are fixed.
> I'd be surprised if there were many cases anyway.
>
I think there are two conflicting goals here:
- On one hand, people are suggesting to abort on malloc(0) because it is the
sign of buggy code,
and would help spot it as soon as possible, before any damage is done.
- On the other hand, some people object that this assumption is sometimes
wrong (e.g. with
arrays), where having malloc(0) returning NULL or anything else is totally
appropriate.
Would it make sense to separate the two issues with something like the
following:
- qemu_malloc(0) aborts and print a panic message
- qemu_calloc(count, itemsize) would return NULL for 'itemsize == 0', but
would abort for 'count == 0'
- array-allocating/parsing code MUST use qemu_calloc() exclusively. And
calloc() can also perform trivial
integer multiplication overflow checks too.
I would even suggest providing helper macros to make the programmer's intent
even more clear
and less error-prone, as in:
#define QEMU_NEW(ptr) (ptr) = qemu_alloc(sizeof(*(ptr)))
#define QEMU_NEW_ARRAY(ptr,cnt) (ptr) = qemu_calloc((cnt),sizeof(*(ptr)))
#define QEMU_RENEW_ARRAY(ptr,cnt) (ptr) =
qemu_realloc((ptr),(cnt),sizeof(*(ptr)))
#define QEMU_FREE_ARRAY(ptr) qemu_free(ptr)
(yes, qemu_realloc() would take 3 parameters).
Any direct use of malloc()/qemu_malloc() in source code would be suspicious
and could
easily spotted to check it.
>
> J
>
>
>
[-- Attachment #2: Type: text/html, Size: 2428 bytes --]
next prev parent reply other threads:[~2009-05-29 21:14 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-29 5:58 [Qemu-devel] [PATCH] use qemu_malloc and friends consistently Jean-Christophe Dubois
2009-05-29 8:42 ` Kevin Wolf
2009-05-29 9:05 ` Anthony Liguori
2009-05-29 9:51 ` malc
2009-05-29 10:05 ` Kevin Wolf
2009-05-29 10:23 ` malc
2009-05-29 10:34 ` Kevin Wolf
2009-05-29 10:40 ` malc
2009-05-29 10:49 ` Kevin Wolf
2009-05-29 10:56 ` Anthony Liguori
2009-05-29 11:06 ` malc
2009-05-29 11:14 ` Kevin Wolf
2009-05-29 10:53 ` Anthony Liguori
2009-05-29 11:24 ` malc
2009-05-29 12:36 ` Gerd Hoffmann
2009-05-29 13:07 ` Paul Brook
2009-05-29 13:46 ` Gerd Hoffmann
2009-05-29 13:59 ` Glauber Costa
2009-05-29 14:34 ` Anthony Liguori
2009-05-29 15:06 ` malc
2009-05-29 17:17 ` Julian Seward
2009-05-29 18:41 ` Gerd Hoffmann
2009-05-29 21:12 ` David Turner [this message]
2009-05-29 21:13 ` David Turner
2009-06-02 7:26 ` Gerd Hoffmann
2009-06-02 7:47 ` Anthony Liguori
2009-06-02 8:58 ` Daniel P. Berrange
2009-06-02 18:03 ` David Turner
2009-06-02 8:48 ` Avi Kivity
2009-06-02 18:02 ` David Turner
2009-06-02 18:13 ` Paul Brook
2009-06-02 19:49 ` David Turner
2009-06-02 20:04 ` Paul Brook
2009-06-02 20:42 ` David Turner
2009-06-02 20:45 ` Gerd Hoffmann
2009-06-02 20:48 ` Gerd Hoffmann
2009-06-02 20:58 ` Paul Brook
2009-06-02 21:19 ` David Turner
2009-06-02 19:03 ` Avi Kivity
2009-05-29 12:51 ` Markus Armbruster
2009-05-29 10:57 ` Gerd Hoffmann
2009-05-29 11:28 ` malc
2009-05-29 9:28 ` jcd
2009-05-29 9:38 ` Kevin Wolf
2009-06-01 11:59 ` Jamie Lokier
[not found] <18212122.68761243590277678.JavaMail.root@srv-05.w4a.fr>
2009-05-29 10:00 ` jcd
2009-05-29 10:10 ` Kevin Wolf
[not found] <2171027.69001243598252547.JavaMail.root@srv-05.w4a.fr>
2009-05-29 12:00 ` jcd
2009-05-29 12:05 ` Kevin Wolf
2009-05-29 12:13 ` jcd
2009-05-29 12:32 ` Markus Armbruster
2009-05-29 12:38 ` jcd
[not found] <28932640.69341243603994530.JavaMail.root@srv-05.w4a.fr>
2009-05-29 13:35 ` jcd
[not found] <28912134.69441243608238156.JavaMail.root@srv-05.w4a.fr>
2009-05-29 14:46 ` jcd
[not found] <33383337.69831243610071896.JavaMail.root@srv-05.w4a.fr>
2009-05-29 15:15 ` jcd
[not found] <1758936.71791243858884274.JavaMail.root@srv-05.w4a.fr>
2009-06-01 12:24 ` jcd
2009-06-01 23:46 ` Jamie Lokier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=60cad3f0905291412m670c7a6cw45f9b51f3122ddfb@mail.gmail.com \
--to=digit@google.com \
--cc=jcd@tribudubois.net \
--cc=jseward@acm.org \
--cc=kraxel@redhat.com \
--cc=kwolf@redhat.com \
--cc=paul@codesourcery.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).