[libvirt] [GSoC] Code design for scalar and external types

Daniel P. Berrangé berrange at redhat.com
Wed Jun 13 11:08:24 UTC 2018 

On Wed, Jun 13, 2018 at 12:54:54PM +0200, Andrea Bolognani wrote:
> On Mon, 2018-06-11 at 12:12 +0200, Pavel Hrdina wrote:
> > Another issue that we need to take into account is that the external
> > free functions might not be 'NULL' safe which we need to somehow ensure
> > if they will be used with attribute cleanup.
> > 
> > The original design is probably wrong and was heavily counting on the
> > existing libvirt implementation.  We might need to update the design
> > to make it the similar as GLib:
> > 
> > #define VIR_AUTOPTR_FUNC_NAME(type) virAutoPtr##type
> > #define VIR_AUTOPTR_TYPE_NAME(type) ##typeAutoPtr
> > 
> > #define VIR_AUTOPTR(type) \
> >     __attribute__((cleanup(VIR_AUTOPTR_FUNC_NAME(type)))) VIR_AUTOPTR_TYPE_NAME(type)
> > 
> > #define VIR_DEFINE_AUTOPTR_FUNC(type, func) \
> >     typedef type *VIR_AUTOPTR_TYPE_NAME(type); \
> >     static inline void VIR_AUTOPTR_FUNC_NAME(type)(type **_ptr) \
> >     { \
> >         if (*_ptr) \
> >             (func)(*_ptr); \
> >     }
> > 
> > The usage would like this:
> > 
> > VIR_DEFINE_AUTOPTR_FUNC(virAuthConfig, virAuthConfigFree)
> > 
> > VIR_AUTOPTR(virAuthConfig) authConfig = NULL;
> > 
> > 
> > That way we can use any existing free function regardless whether it
> > checks if the variable is NULL or not and without the need to manually
> > define new type.
> > 
> > The only exception would be the virStringList where we would have to use
> > the different type.
> 
> As danpb (CC'd) mentioned in [1], having the vir*Free() function
> take a double pointer is good because it allows it to also set it
> to NULL. I will add that any vir*Free() function that doesn't deal
> gracefully with being passed a NULL pointer is already buggy and
> should be fixed.

Where we have vir*Free() functions that do not take a double
pointer, I think we should definitely update them. Double
free is one of the more common C memory allocation mistakes,
hence why we designed our free() replacement to avoid it.

All this refactoring to use auto-pointers, while beneficial
in the long term, definitely has a short term risk of introducing
memory allocation bugs, either by double-frees, or mistakenly
auto-free'ing a pointer we intended to keep hold of. Anything
we can do to reduce these two risks is very beneficial.

> 
> [1] https://www.redhat.com/archives/libvir-list/2018-June/msg00033.html

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list