[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC PATCH v1 0/5] Add error_abort and associated clean
|
From: |
Eric Blake |
|
Subject: |
Re: [Qemu-devel] [RFC PATCH v1 0/5] Add error_abort and associated cleanups |
|
Date: |
Tue, 03 Dec 2013 13:43:02 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 |
On 12/03/2013 01:33 PM, Igor Mammedov wrote:
>>> Also, is it worth adding asserts and/or compiler annotations to require
>>> that the Error **err argument of functions be non-NULL, to ensure that
>>> callers are always passing either a valid destination or one of the
>>> special addresses? But doing so would probably require adding a special
>>> address for error_ignore for callers that intend to discard an error in
>>> cases where the return type of the function lets them know to proceed
>>> with a fallback implementation (that is, cases where ignoring an error
>>> makes sense).
>>
>> Right now, we use NULL as "ignore errors" argument.
>>
>> NULL gives us a chance to express "caller must not ignore errors" via
>> some non-null annotation that gets fed to a static analyzer.
>>
>> I doubt that would be possible with a special error_ignore object.
>>
>> Anyway, this series is about "abort on error". Let's keep "ignore
>> errors" issues separate.
> I'm sorry for hijacking thread, but that actually an issue that started an
> original discussion.
> Where void returning QOM API functions are used with NULL, without any chance
> to detect that error happened. So abusing NULL errp in this functions
> might lead to hard to find runtime errors.
> I think Eric's suggestion was to enforce passing non NULL errp and let caller
> to deal with error gracefully so that above mentioned misuse was impossible.
> Why is ignoring errors from "void foo(...)" like API considered acceptable?
Okay, so it sounds like consensus is that using NULL as the means to
ignore errors is okay when there is an alternative way to detect error,
but that for any function that returns void, adding an assert(errp)
would be appropriate because the caller cannot safely ignore the
failure. It's not worth inventing an error_ignore special address, but
for functions that have no way to report errors except via errp, then it
IS worth enforcing that the caller is either prepared to handle the
error or has passed &error_abort (or any other special addresses we add
later).
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- Re: [Qemu-devel] [RFC PATCH v1 4/5] qemu-option: Remove qemu_opts_create_nofail, (continued)
- [Qemu-devel] [RFC PATCH v1 5/5] qerror: Remove assert_no_error(), Peter Crosthwaite, 2013/12/03
- Re: [Qemu-devel] [RFC PATCH v1 0/5] Add error_abort and associated cleanups, Markus Armbruster, 2013/12/03
- Re: [Qemu-devel] [RFC PATCH v1 0/5] Add error_abort and associated cleanups, Paolo Bonzini, 2013/12/05
- Re: [Qemu-devel] [RFC PATCH v1 0/5] Add error_abort and associated cleanups, Igor Mammedov, 2013/12/05
- Re: [Qemu-devel] [RFC PATCH v1 0/5] Add error_abort and associated cleanups, Paolo Bonzini, 2013/12/05