[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH] docs/devel: expand style section of memory management
From: |
Peter Maydell |
Subject: |
Re: [RFC PATCH] docs/devel: expand style section of memory management |
Date: |
Mon, 15 Mar 2021 16:57:40 +0000 |
On Mon, 15 Mar 2021 at 16:53, Alex Bennée <alex.bennee@linaro.org> wrote:
> -Prefer g_new(T, n) instead of g_malloc(sizeof(T) ``*`` n) for the following
> +Care should be taken to avoid introducing places where the guest could
> +trigger an exit. For example using ``g_malloc`` on start-up is fine
> +if the result of a failure is going to be a fatal exit anyway. There
> +may be some start-up cases where failing is unreasonable (for example
> +speculatively loading debug symbols).
> +
> +However if we are doing an allocation because of something the guest
> +has done we should never trigger an exit. The code may deal with this
> +by trying to allocate less memory and continue or re-designed to allocate
> +buffers on start-up.
I think this is overly strong. We want to avoid malloc-or-die for
cases where the guest gets to decide how big the allocation is;
but if we're doing a single small fixed-size allocation that happens
to be triggered by a guest action we should be OK to g_malloc() that
I think.
> +If the lifetime of the allocation is within the function and there are
> +multiple exist paths you can also improve the readability of the code
"exit"
> +by using ``g_autofree`` and related annotations. See :ref:`autofree-ref`
> +for more details.
thanks
-- PMM