From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MBZyz-0000pe-Rt for qemu-devel@nongnu.org; Tue, 02 Jun 2009 15:49:13 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MBZyu-0000j9-HI for qemu-devel@nongnu.org; Tue, 02 Jun 2009 15:49:13 -0400 Received: from [199.232.76.173] (port=57047 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MBZyu-0000ip-6N for qemu-devel@nongnu.org; Tue, 02 Jun 2009 15:49:08 -0400 Received: from smtp-out.google.com ([216.239.45.13]:25527) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MBZys-0002Gh-OE for qemu-devel@nongnu.org; Tue, 02 Jun 2009 15:49:07 -0400 Received: from spaceape13.eur.corp.google.com (spaceape13.eur.corp.google.com [172.28.16.147]) by smtp-out.google.com with ESMTP id n52Jn4N6010593 for ; Tue, 2 Jun 2009 12:49:04 -0700 Received: from gv-out-0910.google.com (gvfp33.prod.google.com [10.16.192.33]) by spaceape13.eur.corp.google.com with ESMTP id n52Jn2nN021113 for ; Tue, 2 Jun 2009 12:49:03 -0700 Received: by gv-out-0910.google.com with SMTP id p33so15872gvf.32 for ; Tue, 02 Jun 2009 12:49:02 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <200906021913.09517.paul@codesourcery.com> References: <200905290758.11551.jcd@tribudubois.net> <4A24D40E.2060704@redhat.com> <60cad3f0906021102o635b05f7m91593060683bb338@mail.gmail.com> <200906021913.09517.paul@codesourcery.com> Date: Tue, 2 Jun 2009 21:49:02 +0200 Message-ID: <60cad3f0906021249t435fc1a8w4f89027e0863ff52@mail.gmail.com> Subject: Re: [Qemu-devel] [PATCH] use qemu_malloc and friends consistently From: David Turner Content-Type: multipart/alternative; boundary=001485f20c42a7d1dc046b62d52b List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paul Brook Cc: Kevin Wolf , Jean-Christophe Dubois , qemu-devel@nongnu.org, Gerd Hoffmann --001485f20c42a7d1dc046b62d52b Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On Tue, Jun 2, 2009 at 8:13 PM, Paul Brook wrote: > > > QEMU_NEW_ARRAY(ptr, ...); > > > > > > instead of > > > > > > ptr = QEMU_NEW_ARRAY(...); > > > > > > then. I don't see another easy way to get the automagic sizeof(*ptr) > > > stuff done though. > > > > The first version will extract the item size automatically for you, > making > > it less likely that you screw things in the second version's parameter > > list. > > Not if you do it properly it won't. If you do it properly, then bugs do not exist, and this thread has no reason to exist. We're talking about it precisely because we're human and people tend to make mistakes. > Implicit casts are only silently allowed > between void* and arbitrary pointers. A cast between two arbitrary pointers > will generate a compiler diagnostic. > Ok, let's say that the first one should only be used when 'ptr' is a typed pointer so that sizeof(*(ptr)) has a sense. I think it catches 95% of uses here. Very frankly I don't see your point. Either you want to reduce the probability of programming errors, and find ways to achieve that, or you don't. I just don't think that introducing an abort() on qemu_malloc(0) makes sense because it goes against the principle of least surprise, especially for a lot of programmers that already do things properly. > > Paul > --001485f20c42a7d1dc046b62d52b Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

On Tue, Jun 2, 2009 at 8:13 PM, Paul Bro= ok <paul@code= sourcery.com> wrote:
> > =A0QEMU_NEW_ARRAY(ptr, ...);
> >
> > instead of
> >
> > =A0ptr =3D QEMU_NEW_ARRAY(...);
> >
> > then. =A0I don't see another easy way to get the automagic si= zeof(*ptr)
> > stuff done though.
>
> The first version will extract the item size automatically for you, ma= king
> it less likely that you screw things in the second version's param= eter
> list.

Not if you do it properly it won't.

If you d= o it properly, then bugs do not exist, and this thread has no reason to exi= st.
We're talking about it precisely because we're human and peo= ple tend to make mistakes.
=A0
Implici= t casts are only silently allowed
between void* and arbitrary pointers. A cast between two arbitrary pointers=
will generate a compiler diagnostic.

Ok, let's say that= the first one should only be used when 'ptr' is a typed pointer so= that
sizeof(*(ptr)) has a sense. I think it catches 95% of uses here.
Very frankly I don't see your point. Either you want to reduce the = probability of programming
errors, and find ways to achieve that, or you= don't. I just don't think that introducing an abort()
on qemu_m= alloc(0) makes sense because it goes against the principle of least surpris= e, especially
for a lot of programmers that already do things properly.

=A0
<= blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, 2= 04, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Paul

--001485f20c42a7d1dc046b62d52b--