Re: [Qemu-devel] Error handling in realize() methods

[Dr. David Alan Gilbert]

* Paolo Bonzini (address@hidden) wrote:
> 
> 
> On 09/12/2015 10:30, Markus Armbruster wrote:
> > My current working assumption is that passing &error_fatal to
> > memory_region_init_ram() & friends is okay even in realize() methods and
> > their supporting code, except when the allocation can be large.
> 
> I suspect a lot of memory_region_init_ram()s could be considered
> potentially large (at least in the 16-64 megabytes range).  Propagation
> of memory_region_init_ram() failures is easy enough, thanks to Error**,
> that we should just do it.
> 
> Even if we don't, we should use &error_abort, not &error_fatal
> (programmer error---due to laziness---rather than user error).
> &error_fatal should really be restricted to code that is running very
> close to main().

No, we used to have error_abort and changed them out for error_fatal because
we were getting flooded with crash reports due to the aborts of people trying
to run VMs too big for their machine.

Dave

> 
> Paolo
> 
> > Even
> > then, &error_fatal is better than buggy recovery code (which I can see
> > all over the place, but that's a separate topic).
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK