[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] qom: abort on error in property setter if calle
From: |
Igor Mammedov |
Subject: |
Re: [Qemu-devel] [PATCH] qom: abort on error in property setter if caller passed errp == NULL |
Date: |
Thu, 28 Nov 2013 14:48:22 +0100 |
On Thu, 28 Nov 2013 14:42:38 +0100
Andreas Färber <address@hidden> wrote:
> Am 28.11.2013 02:24, schrieb Igor Mammedov:
> > in case if caller setting property doesn't care about error and
> > passes in NULL as errp argument but error occurs in property setter,
> > it is silently discarded leaving object in undefined state.
> >
> > As result it leads to hard to find bugs, so if caller doesn't
> > care about error it must be sure that property exists and
> > accepts provided value, otherwise it's better to abort early
> > since error case couldn't be handled gracefully and find
> > invalid usecase early.
> >
> > In addition multitude of property setters will be always
> > guarantied to have error object present and won't be required
> > to handle this condition individually.
> >
> > Signed-off-by: Igor Mammedov <address@hidden>
> > ---
> > qom/object.c | 19 ++++++++++++++-----
> > 1 file changed, 14 insertions(+), 5 deletions(-)
> >
> > diff --git a/qom/object.c b/qom/object.c
> > index fc19cf6..2c0bb64 100644
> > --- a/qom/object.c
> > +++ b/qom/object.c
> > @@ -792,16 +792,25 @@ void object_property_get(Object *obj, Visitor *v,
> > const char *name,
> > void object_property_set(Object *obj, Visitor *v, const char *name,
> > Error **errp)
> > {
> > - ObjectProperty *prop = object_property_find(obj, name, errp);
> > - if (prop == NULL) {
> > - return;
> > + Error *local_error = NULL;
> > + ObjectProperty *prop = object_property_find(obj, name, &local_error);
> > + if (local_error) {
> > + goto out;
> > }
> >
> > if (!prop->set) {
> > - error_set(errp, QERR_PERMISSION_DENIED);
> > + error_set(&local_error, QERR_PERMISSION_DENIED);
> > } else {
> > - prop->set(obj, v, prop->opaque, name, errp);
> > + prop->set(obj, v, prop->opaque, name, &local_error);
> > }
> > +out:
> > + if (local_error) {
> > + if (!errp) {
> > + assert_no_error(local_error);
> > + }
> > + error_propagate(errp, local_error);
> > + }
> > +
> > }
> >
> > void object_property_set_str(Object *obj, const char *value,
>
> Aborting on NULL errp considered dangerous by me.
>
> This function seems to work just fine with NULL errp, so your focus
> seems to be on the callers.
>
> Promoting *not* to abort has been one appeal of the new QOM-style APIs
> to me, so making this implicitly assert feels like a step backwards.
> The old qdev_prop_set_*() API, which most users are still using, does
> assert, as discussed with PMM recently.
>
> Also, why only for setting properties? Either all or none should behave
> like this - and I guess none is going to be easier to achieve.
> For instance, adding dynamic properties is a use case where in
> instance_init I've seen NULL errp passed in (because instance_init API
> cannot fail).
>
> I will be more than happy to review and apply your patch (or contribute
> further ones) going through (mis)uses of error_is_set().
I've sent such one for target-i386/cpu.c see last patch in x86-properties.v10,
I've posted today.
>
> Regards,
> Andreas
>