[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SPAM] Re: [PATCH 14/15] spapr: Simplify error handling in spapr_mem

From: David Gibson
Subject: Re: [SPAM] Re: [PATCH 14/15] spapr: Simplify error handling in spapr_memory_plug()
Date: Thu, 17 Sep 2020 11:15:25 +1000

On Tue, Sep 15, 2020 at 01:43:40PM +0200, Greg Kurz wrote:
> On Tue, 15 Sep 2020 13:58:53 +0300
> Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> wrote:
> > 14.09.2020 15:35, Greg Kurz wrote:
> > > As recommended in "qapi/error.h", add a bool return value to
> > > spapr_add_lmbs() and spapr_add_nvdimm(), and use them instead
> > > of local_err in spapr_memory_plug().
> > > 
> > > Since object_property_get_uint() only returns 0 on failure, use
> > > that as well.
> > 
> > Why are you sure? Can't the property be 0 itself?
> > 
> Hmmm... I've based this assumption on the header:
>  * Returns: the value of the property, converted to an unsigned integer, or 0
>  * an error occurs (including when the property value is not an integer).
> but looking at the implementation, I don't see any check that
> a property cannot be 0 indeed...

Yeah, indeed I'm pretty sure it can.

> It's a bit misleading to mention this in the header though. I
> understand that the function should return something, which
> should have a some explicitly assigned value to avoid compilers
> or static analyzers to yell, but the written contract should be
> that the value is _undefined_ IMHO.

Hrm... I think the description could be clearer, but returning 0
explicitly on the failure case has some benefits too.  If 0 is a
reasonable default for when the property isn't present (which is a
plausibly common case) then it means you can just get a value and
ignore errors.

> In its present form, the only way to know if the property is
> valid is to pass a non-NULL errp actually. I'd rather even see
> that in the contract, and an assert() in the code.

Maybe... see above.

> An alternative would be to convert it to have a bool return
> value and get the actual uint result with a pointer argument.

I don't think this is a good idea.  Returning success/failure as the
return value is a good rule of thumb because it reduces the amount of
checking of out-of-band information you need to do.  If you move to
returning the actual value you're trying to get out of band in this
sense, it kind of defeats that purpose.

I think this one is a case where it is reasonable to make it required
to explicitly check the error value.

> > > Also call ERRP_GUARD() to be able to check the status of void
> > > function pc_dimm_plug() with *errp.
> I'm now hesitating to either check *errp for object_property_get_uint()
> too or simply drop this patch...

David Gibson                    | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
                                | _way_ _around_!

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]