[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] qom: abort on error in property setter if calle
|
From: |
Markus Armbruster |
|
Subject: |
Re: [Qemu-devel] [PATCH] qom: abort on error in property setter if caller passed errp == NULL |
|
Date: |
Thu, 28 Nov 2013 08:53:18 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.2 (gnu/linux) |
Peter Crosthwaite <address@hidden> writes:
> Hi,
>
> On Thu, Nov 28, 2013 at 11:24 AM, Igor Mammedov <address@hidden> wrote:
>> in case if caller setting property doesn't care about error and
>> passes in NULL as errp argument but error occurs in property setter,
>> it is silently discarded leaving object in undefined state.
>>
>> As result it leads to hard to find bugs, so if caller doesn't
>> care about error it must be sure that property exists and
>> accepts provided value, otherwise it's better to abort early
>> since error case couldn't be handled gracefully and find
>> invalid usecase early.
>>
>> In addition multitude of property setters will be always
>> guarantied to have error object present and won't be required
>> to handle this condition individually.
>>
>
> So there seems to be contention between different APIs and use cases
> on what to do in the NULL case. Personally, I'm of the opinion that
> NULL should be a silent don't care policy. But you are right in that
> checking every API call at call site is cumbersome, and its better to
> have some sort of collective mechanism to implement different policys.
> I think this can be done caller side efficiently by having a special
> Error * that can be passed in that tells the error API to assert or
> error raise.
>
> extern error *abort_on_err;
>
> And update your call sites to do this:
>
> object_property_set(Foo, bar, "baz", &abort_on_err);
>
> Error_set and friends are then taught to recognise abort_on_err and
> abort accordingly and theres no need for this form of change pattern -
> its all solved in the error API.
The existing practice is to have a pair of functions, like this one:
Foo *foo(int arg, Error **errp)
{
...
}
Foo *foo_nofail(int arg)
{
Error *local_err = NULL;
Foo *f = foo(arg, &local_err);
assert_no_error(local_err);
return f;
}
The asserting function's name is intentionally longer.
Passing NULL is still temptingly short. Code review has to catch abuse
of it.
Your proposal is more flexible. If we adopt it, we may want to retire
the _nofail idiom.
> You can also implement a range of automatic error handling policies e.g:
>
> extern Error *report_err; /* report any errors to monitor/stdout */
>
> To report an error without the assertion.
monitor/stderr, you mean.
Re: [Qemu-devel] [PATCH] qom: abort on error in property setter if caller passed errp == NULL, Andreas Färber, 2013/11/28