qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2 1/3] error: don't rely on pointer comparisons

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH v2 1/3] error: don't rely on pointer comparisons
Date: Wed, 17 Jun 2015 09:21:00 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 
On 06/17/2015 01:24 AM, Michael S. Tsirkin wrote:
> makes it possible to copy error_abort pointers,
> not just pass them on directly.
> 
> This is needed because follow-up patches add support for
>     Error *local_err = ...;
> as a way to set an abort-on-error pointer, which requires that we have
> more than just a global error_abort abort-on-error pointer, but that any
> number of pointers all resolve to something specific.
> 
> Add an assert statement when class is retrieved, to make sure we still
> get a core-dump if we (somehow) attempt to output the abort errp by
> mistake.
> 
> Signed-off-by: Michael S. Tsirkin <address@hidden>
> Reviewed-by: Eric Blake <address@hidden>

I think you made enough changes from v1 (functional change of an added
assertion, but also better justification via improved commit message)
that I would have dropped R-b if I were the one submitting it.

Your argument of aiding gdb debugging of error objects by making the
pointer point somewhere valid makes sense, when compared to my hack of
an invalid pointer that would segfault even when trying to view it
through gdb.  The added assertion in this version definitely helps avoid
code making the mistake of dereferencing the magic error pointer.

> ---
>  util/error.c | 17 ++++++++++++-----
>  1 file changed, 12 insertions(+), 5 deletions(-)
> 
> diff --git a/util/error.c b/util/error.c
> index 14f4351..e10cb34 100644
> --- a/util/error.c
> +++ b/util/error.c
> @@ -20,7 +20,13 @@ struct Error
>      ErrorClass err_class;
>  };
>  
> -Error *error_abort;
> +static Error error_abort_st = { .err_class = ERROR_CLASS_MAX };
> +Error *error_abort = &error_abort_st;
> +
> +static bool error_is_abort(Error **errp)
> +{
> +    return errp && *errp == error_abort;

However, now I don't like the subject line.  This is still a pointer
comparison (just a different pointer than before).  So while I'm now
happy with the state of the code, I think a better commit message would be:

error: don't rely on address of global variable

The old implementation used the address of a global pointer variable
(&error_abort, type Error**) as a sentinel.  This patch changes to using
the value of the global pointer variable itself (error_abort, type
Error*), so that the sentinel value can be easily copied to other Error*
pointers, regardless of their address.  The new sentinel points to an
actual object, in case it is inspected through a debugger, although
working code should never dereference it.

This is needed because...[snipped]

> @@ -144,6 +150,7 @@ Error *error_copy(const Error *err)
>  
>  ErrorClass error_get_class(const Error *err)
>  {
> +    assert(err->err_class < ERROR_CLASS_MAX);

I also think you should add this assert in error_copy() a few lines
above, as well as in error_get_pretty() and error_free() a few lines below.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]