Re: [PATCH v6] error: rename errp to errp_in where it is IN-argument

[Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>]

28.11.2019 17:23, Markus Armbruster wrote:
> Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> writes:
> 
>> Error **errp is almost always OUT-argument: it's assumed to be NULL, or
>> pointer to NULL-initialized pointer, or pointer to error_abort or
>> error_fatal, for callee to report error.
>>
>> But very few functions instead get Error **errp as IN-argument:
>> it's assumed to be set (or, maybe, NULL), and callee should clean it,
>> or add some information.
>>
>> In such cases, rename errp to errp_in.
> 
> Missing: why is the rename useful?

The main reason is to prepare for coccinelle part.

> 
> It's useful if it helps readers recognize unusual Error ** parameters,
> and recognizing unusual Error ** parameters is actually a problem.  I'm
> not sure it is, but my familiarity with the Error interface may blind
> me.
> 
> How many functions have unusual Error **parameters?  How are they used?
> Any calls that could easily be mistaken as the usual case?  See [*]
> below.
> 
> You effectively propose a naming convention.  error.h should spell it
> out.  Let me try:
> 
>      Any Error ** parameter meant for passing an error to the caller must
>      be named @errp.  No other Error ** parameter may be named @errp.

Good

> 
> Observe:
> 
> * I refrain from stipulating how other Error ** parameters are to be
>    named.  You use @errp_in, because the ones you rename are actually
>    "IN-arguments".  However, different uses are conceivable, where
>    @errp_in would be misleading.
> 
> * If I understand your ERRP_AUTO_PROPAGATE() idea correctly, many
>    functions that take an Error ** to pass an error to the caller will
>    also use ERRP_AUTO_PROPAGATE, but not all.  Thus, presence of
>    ERRP_AUTO_PROPAGATE() won't be a reliable indicator of "the Error **
>    parameter is for passing an error to the caller".
> 
> * I can't see machinery to help us catch violations of the convention.
> 
>> This patch updates only error API functions. There still a few
>> functions with errp-in semantics, they will be updated in further
>> commits.
> 
> Splitting the series into individual patches was a bad idea :)
> 
> First, it really needs review as a whole.  I'll do that, but now I have
> to hunt down the parts.  Found so far:
> 
>      [PATCH v6] error: rename errp to errp_in where it is IN-argument
>      [PATCH v6] hmp: drop Error pointer indirection in hmp_handle_error
>      [PATCH v6] vnc: drop Error pointer indirection in vnc_client_io_error
>      [PATCH v6] qdev-monitor: well form error hint helpers
>      [PATCH v6] nbd: well form nbd_iter_channel_error errp handler
>      [PATCH v6] ppc: well form kvmppc_hint_smt_possible error hint helper
>      [PATCH v6] 9pfs: well form error hint helpers
>      [PATCH v6] hw/core/qdev: cleanup Error ** variables
>      [PATCH v6] block/snapshot: rename Error ** parameter to more common errp
>      [PATCH v6] hw/i386/amd_iommu: rename Error ** parameter to more common errp
>      [PATCH v6] qga: rename Error ** parameter to more common errp
>      [PATCH v6] monitor/qmp-cmds: rename Error ** parameter to more common errp
>      [PATCH v6] hw/s390x: rename Error ** parameter to more common errp
>      [PATCH v6] hw/sd: drop extra whitespace in sdhci_sysbus_realize() header
>      [PATCH v6] hw/tpm: rename Error ** parameter to more common errp
>      [PATCH v6] hw/usb: rename Error ** parameter to more common errp
>      [PATCH v6] include/qom/object.h: rename Error ** parameter to more common errp
>      [PATCH v6] backends/cryptodev: drop local_err from cryptodev_backend_complete()
>      [PATCH v6] hw/vfio/ap: drop local_err from vfio_ap_realize

.. 19 patches.. should be 21.

It's really simple for me to resend them all in one v7 series. Should I?

> 
> [*] The information I asked for above is buried in these patches.  I'll
> try to dig it up as I go reviewing them.
> 
> Second, it risks some of these "further patches" overtake this one, and
> then its commit message will be misleading.  Moreover, the other commits
> will lack context.
> 
>> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
>> Reviewed-by: Eric Blake <eblake@redhat.com>
>> ---
>>
>> v6: fix s/errp/errp_in/ in comments corresponding to changed functions
>>      [Eric]
>>      add Eric's r-b
>>
>>   include/qapi/error.h | 16 ++++++++--------
>>   util/error.c         | 30 +++++++++++++++---------------
>>   2 files changed, 23 insertions(+), 23 deletions(-)
>>
>> diff --git a/include/qapi/error.h b/include/qapi/error.h
>> index 3f95141a01..df518644fc 100644
>> --- a/include/qapi/error.h
>> +++ b/include/qapi/error.h
>> @@ -230,16 +230,16 @@ void error_propagate_prepend(Error **dst_errp, Error *local_err,
>>                                const char *fmt, ...);
>>   
>>   /*
>> - * Prepend some text to @errp's human-readable error message.
>> + * Prepend some text to @errp_in's human-readable error message.
>>    * The text is made by formatting @fmt, @ap like vprintf().
>>    */
>> -void error_vprepend(Error **errp, const char *fmt, va_list ap);
>> +void error_vprepend(Error **errp_in, const char *fmt, va_list ap);
>>   
>>   /*
>> - * Prepend some text to @errp's human-readable error message.
>> + * Prepend some text to @errp_in's human-readable error message.
>>    * The text is made by formatting @fmt, ... like printf().
>>    */
>> -void error_prepend(Error **errp, const char *fmt, ...)
>> +void error_prepend(Error **errp_in, const char *fmt, ...)
>>       GCC_FMT_ATTR(2, 3);
>>   
>>   /*
>> @@ -250,13 +250,13 @@ void error_prepend(Error **errp, const char *fmt, ...)
>>    * Intended use is adding helpful hints on the human user interface,
>>    * e.g. a list of valid values.  It's not for clarifying a confusing
>>    * error message.
>> - * @errp may be NULL, but not &error_fatal or &error_abort.
>> + * @errp_in may be NULL, but not &error_fatal or &error_abort.
> 
> That's because the function modifies the error object.
> 
> Hmm, so do error_prepend() and error_vprepend().  I figure we better
> update their contract accordingly, and copy the "not &error_fatal or
> &error_abort" assertion.  Not in this patch.  Maybe not even in this
> series.
> 
>>    * Trivially the case if you call it only after error_setg() or
>>    * error_propagate().
>>    * May be called multiple times.  The resulting hint should end with a
>>    * newline.
>>    */
>> -void error_append_hint(Error **errp, const char *fmt, ...)
>> +void error_append_hint(Error **errp_in, const char *fmt, ...)
>>       GCC_FMT_ATTR(2, 3);
>>   
>>   /*
>> @@ -281,9 +281,9 @@ Error *error_copy(const Error *err);
>>   void error_free(Error *err);
>>   
>>   /*
>> - * Convenience function to assert that *@errp is set, then silently free it.
>> + * Convenience function to assert that *@errp_in is set, then silently free it.
> Long line.  Suggest:
> 
>      * Assert that *@errp_in is set, then silently free it.
>      * This is a convenience function for use in tests.
> 
>>    */
>> -void error_free_or_abort(Error **errp);
>> +void error_free_or_abort(Error **errp_in);
>>   
>>   /*
>>    * Convenience function to warn_report() and free @err.
>> diff --git a/util/error.c b/util/error.c
>> index d4532ce318..275586faa8 100644
>> --- a/util/error.c
>> +++ b/util/error.c
>> @@ -121,41 +121,41 @@ void error_setg_file_open_internal(Error **errp,
>>                                 "Could not open '%s'", filename);
>>   }
>>   
>> -void error_vprepend(Error **errp, const char *fmt, va_list ap)
>> +void error_vprepend(Error **errp_in, const char *fmt, va_list ap)
>>   {
>>       GString *newmsg;
>>   
>> -    if (!errp) {
>> +    if (!errp_in) {
>>           return;
>>   
>>       newmsg = g_string_new(NULL);
>>       g_string_vprintf(newmsg, fmt, ap);
>> -    g_string_append(newmsg, (*errp)->msg);
>> -    g_free((*errp)->msg);
>> -    (*errp)->msg = g_string_free(newmsg, 0);
>> +    g_string_append(newmsg, (*errp_in)->msg);
>> +    g_free((*errp_in)->msg);
>> +    (*errp_in)->msg = g_string_free(newmsg, 0);
>>   }
>>   
>> -void error_prepend(Error **errp, const char *fmt, ...)
>> +void error_prepend(Error **errp_in, const char *fmt, ...)
>>   {
>>       va_list ap;
>>   
>>       va_start(ap, fmt);
>> -    error_vprepend(errp, fmt, ap);
>> +    error_vprepend(errp_in, fmt, ap);
>>       va_end(ap);
>>   }
>>   
>> -void error_append_hint(Error **errp, const char *fmt, ...)
>> +void error_append_hint(Error **errp_in, const char *fmt, ...)
>>   {
>>       va_list ap;
>>       int saved_errno = errno;
>>       Error *err;
>>   
>> -    if (!errp) {
>> +    if (!errp_in) {
>>           return;
>>       }
>> -    err = *errp;
>> -    assert(err && errp != &error_abort && errp != &error_fatal);
>> +    err = *errp_in;
>> +    assert(err && errp_in != &error_abort && errp_in != &error_fatal);
>>   
>>       if (!err->hint) {
>>           err->hint = g_string_new(NULL);
>> @@ -271,11 +271,11 @@ void error_free(Error *err)
>>       }
>>   }
>>   
>> -void error_free_or_abort(Error **errp)
>> +void error_free_or_abort(Error **errp_in)
>>   {
>> -    assert(errp && *errp);
>> -    error_free(*errp);
>> -    *errp = NULL;
>> +    assert(errp_in && *errp_in);
>> +    error_free(*errp_in);
>> +    *errp_in = NULL;
>>   }
>>   
>>   void error_propagate(Error **dst_errp, Error *local_err)
> 


-- 
Best regards,
Vladimir