Re: [Qemu-devel] [RFC PATCH v1 0/5] Add error_abort and associated cleanups

[Markus Armbruster]

Eric Blake <address@hidden> writes:

> On 12/03/2013 02:44 AM, Markus Armbruster wrote:
>> Peter Crosthwaite <address@hidden> writes:
>> 
>>> Following our discussion RE self asserting API calls, here is a spin of
>>> my proposal. This series obsoletes the need for _nofail variants for
>>> Error ** accepting APIs. Is also greately reduces the verbosity of calls
>>> sites that are currently asserting against errors.
>>>
>>> Patch 1 is the main event - addition of error_abort. The following
>>> patches then cleanup uses of _nofail and assert_no_error().
>>>
>>> To give it a smoke test, I introduce a (critical) bug into QOM:
>> [...]
>>>  32 files changed, 100 insertions(+), 143 deletions(-)
>> 
>> I like it.  Nice diffstat, too.
>> 
>> There are some _nofail functions left, but none of them can use
>> error_abort.
>> 
>
> Also, is it worth adding asserts and/or compiler annotations to require
> that the Error **err argument of functions be non-NULL, to ensure that
> callers are always passing either a valid destination or one of the
> special addresses?  But doing so would probably require adding a special
> address for error_ignore for callers that intend to discard an error in
> cases where the return type of the function lets them know to proceed
> with a fallback implementation (that is, cases where ignoring an error
> makes sense).

Right now, we use NULL as "ignore errors" argument.

NULL gives us a chance to express "caller must not ignore errors" via
some non-null annotation that gets fed to a static analyzer.

I doubt that would be possible with a special error_ignore object.

Anyway, this series is about "abort on error".  Let's keep "ignore
errors" issues separate.