Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com> writes:
> 29.11.2019 17:35, Markus Armbruster wrote:
>> Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com> writes:
>>
>>> 28.11.2019 23:29, Markus Armbruster wrote:
>>>> Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com> writes:
>>>>
>>>>> 28.11.2019 17:23, Markus Armbruster wrote:
>>>>>> Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com> writes:
>>>>>>
>>>>>>> Error **errp is almost always OUT-argument: it's assumed to be NULL, or
>>>>>>> pointer to NULL-initialized pointer, or pointer to error_abort or
>>>>>>> error_fatal, for callee to report error.
>>>>>>>
>>>>>>> But very few functions instead get Error **errp as IN-argument:
>>>>>>> it's assumed to be set (or, maybe, NULL), and callee should clean it,
>>>>>>> or add some information.
>>>>>>>
>>>>>>> In such cases, rename errp to errp_in.
>>>>>>
>>>>>> Missing: why is the rename useful?
>>>>>
>>>>> The main reason is to prepare for coccinelle part.
>>>>
>>>> It's not a prerequisite for applying the patches Coccinelle produces,
>>>> only a prerequisite for running Coccinelle.
>>>>
>>>>>> It's useful if it helps readers recognize unusual Error ** parameters,
>>>>>> and recognizing unusual Error ** parameters is actually a problem. I'm
>>>>>> not sure it is, but my familiarity with the Error interface may blind
>>>>>> me.
>>>>>>
>>>>>> How many functions have unusual Error **parameters? How are they used?
>>>>>> Any calls that could easily be mistaken as the usual case? See [*]
>>>>>> below.
>> [...]
>>>>>> [*] The information I asked for above is buried in these patches. I'll
>>>>>> try to dig it up as I go reviewing them.
>>>>>>
>>>>>> Second, it risks some of these "further patches" overtake this one, and
>>>>>> then its commit message will be misleading. Moreover, the other commits
>>>>>> will lack context.
>> [...]
>>>>>>> diff --git a/util/error.c b/util/error.c
>>>>>>> index d4532ce318..275586faa8 100644
>>>>>>> --- a/util/error.c
>>>>>>> +++ b/util/error.c
>> [...]
>>>>>>> @@ -271,11 +271,11 @@ void error_free(Error *err)
>>>>>>> }
>>>>>>> }
>>>>>>>
>>>>>>> -void error_free_or_abort(Error **errp)
>>>>>>> +void error_free_or_abort(Error **errp_in)
>>>>>>> {
>>>>>>> - assert(errp && *errp);
>>>>>>> - error_free(*errp);
>>>>>>> - *errp = NULL;
>>>>>>> + assert(errp_in && *errp_in);
>>>>>>> + error_free(*errp_in);
>>>>>>> + *errp_in = NULL;
>>>>
>>>> This one is actually in/out.
>>>>
>>>> To make the compiler check errp_in is truly an in-argument, we can
>>>> declare it as Error *const *errp_in.
>>>>
>>>> But we can save ourselves the trouble of renaming it; the const should
>>>> suffice to tell both human readers and Coccinelle that this is not your
>>>> common out-argument. I think I like this better than relying on a
>>>> naming convention. What about you?
>>>
>>> I think it's good idea... But what to do with error_free_or_abort, and
>>> other functions
>>> which get filled errp, and want to set it to NULL? Patch 21 adds three such
>>> functions..
>>>
>>> Maybe, add assert(errp) at start of such functions, and catch it by
>>> coccinelle (not sure
>>> that it is possible)?
>>
>> I went through the git branch you provided.
>>
>> These get rid of unusual Error ** parameters:
>>
>> 01e10667d1 hmp: drop Error pointer indirection in hmp_handle_error
>> 606bfb7520 vnc: drop Error pointer indirection in vnc_client_io_error
>>
>> Get rid of them by peeling off an indirection.
>>
>> These try to make unusual Error ** parameters stand out:
>>
>> 51e73b3305 error: rename errp to errp_in where it is IN-argument
>>
>> Four renames.
>>
>> Three functions modify the error, name @errp_in is okay, my const
>> proposal works.
>>
>> error_free_or_abort() clears *errp_in, name @errp_in is misleading,
>> const doesn't work.
>>
>> f7bdfd42da qdev-monitor: well form error hint helpers
>>
>> Two renames. Both functions modify the error, rename is okay, const
>> works.
>>
>> 9d4aac7299 nbd: well form nbd_iter_channel_error errp handler
>>
>> One rename, from @local_err. nbd_iter_channel_error() clears *errp_in,
>> name @errp_in is misleading, const doesn't work.
>>
>> fb1bd83c40 ppc: well form kvmppc_hint_smt_possible error hint helper
>>
>> One rename. The function modify the error, rename is okay, const works.
>>
>> e024e89b10 9pfs: well form error hint helpers
>>
>> Two renames. Both functions modify the error, rename is okay, const
>> works.
>>
>> These make usual Error ** parameters look, well, more usual:
>>
>> c01649d999 hw/core/qdev: cleanup Error ** variables
>> a5f6424163 block/snapshot: rename Error ** parameter to more common errp
>> ae200ca21e hw/i386/amd_iommu: rename Error ** parameter to more common
>> errp
>> 561f73e681 qga: rename Error ** parameter to more common errp
>> 12589a96cd monitor/qmp-cmds: rename Error ** parameter to more common
>> errp
>> f608fc5999 hw/s390x: rename Error ** parameter to more common errp
>> 747a90d044 hw/tpm: rename Error ** parameter to more common errp
>> 3d19e66610 hw/usb: rename Error ** parameter to more common errp
>> 07366648ef include/qom/object.h: rename Error ** parameter to more
>> common errp
>>
>> These don't touch Error ** parameter declarations:
>>
>> f6e4fffc16 hw/core/loader-fit: fix freeing errp in fit_load_fdt
>> b5bba880ae net/net: Clean up variable shadowing in net_client_init()
>> 4a4462ce4c hw/sd: drop extra whitespace in sdhci_sysbus_realize() header
>> d52d44e822 backends/cryptodev: drop local_err from
>> cryptodev_backend_complete()
>> 7e95d30766 hw/vfio/ap: drop local_err from vfio_ap_realize
>>
>> Unusual Error ** parameters that can be made Error *const *errp should
>> not also need a rename, neither to avoid confusion about @errp's role,
>> nor to help Coccinelle.
>>
>> Unusual Error ** parameters that can't be made Error *const *errp:
>>
>> nbd_iter_channel_error(): parameter is called @local_err. Confusion
>> seems as unlikely without the rename as with it. Coccinelle should
>> not need the rename. No need to touch. I'm willing to accept your
>> assertion change.
>
> Hmm but you reverted it.. Will you keep an assertion?
You decide whether to change the assertion in v7.
>> error_free_or_abort(): parameter is called @errp. Confusion seems
>> as unlikely without the rename as with it. Coccinelle should not
>> need the rename. I'm willing to accept a rename to @local_err
>> regardless.
>
> So, either we rename it to local_err, or coccinelle should distinguish it
> by assertion at the top.
Yes.
I'm also willing to consider a rename to a name other than @local_err,
if you can come up with a good, non-misleading one.
>> I pushed my fixups to git://repo.or.cz/qemu/armbru.git branch error-prep
>> for your convenience. The commit messages of the fixed up commits need
>> rephrasing, of course.
>>
>
> Looked through fixups, looks OK for me, thanks! What next?
Let me finish my fixing incorrect dereferences of errp, and then we
figure out what to include in v7.
