Paolo Bonzini <pbonz...@redhat.com> writes: > On 27/05/20 17:05, Peter Maydell wrote: >> I disagree with these. We're in a realize function, the API >> says "on errors, report them via the Error* you got passed", >> so we should do that, not blow up. &error_abort only makes >> sense if (a) we have no better way to report errors than >> to abort (which isn't the case here) or (b) if we can guarantee >> that in fact the thing we're doing won't ever fail >> (which we can't here without knowing more about the internal >> implementation details of the MOS6522 device than we >> really ought to). > > Note however that before replacing &error_abort with error propagation > you need to make sure that you are "un-realizing" yourself properly. So > it may be better to have inferior (but clearly visible) error > propagation behavior, than untested (and perhaps untestable) buggy code > that looks great on the surface.
This is exactly why I have to stop at &error_abort in this series. It's 24 patches of fixes to enable 50+ patches of refactoring, with more in the pipeline. If I stray even deeper into the weeds, my pipeline is going to explode %-}
