[Libvir] RFC: safer memory allocation APIs with compile time checking
Mark McLoughlin
markmc at redhat.com
Mon Apr 28 09:41:46 UTC 2008
On Mon, 2008-04-28 at 03:39 -0400, Daniel Veillard wrote:
> > #define VIR_REALLOC(ptr) virRealloc(&(ptr), sizeof(*(ptr)))
>
> That i really don't understand. How do you expect to use that realloc
> without passing a new size.
>
> > #define VIR_REALLOC_N(ptr, count) virReallocN(&(ptr), sizeof(*(ptr)), (count))
>
> That I can understand , but the previous one i can't.
>
> > #define VIR_FREE(ptr) virFree(&(ptr))
> [...]
> > Much less ugly:
> >
> > if (VIR_ALLOC_N(guest->arch.defaultInfo.machines, nmachines) < 0)
> > return -1;
> >
> > if (VIR_REALLOC(migrateTrans, caps->host.nmigrateTrans+1) < 0)
> > return -1;
>
> how does sizeof(*(caps->host.nmigrateTrans+1)) increases the size ?
> Doesn't make sense to me, you take a pointer, increment it, so basically just
> pointing to the next element in the array, but the size of the pointed object
> would be identical and realloc() becomes a noop.
>
> The proposal may help clean a lot of things, but VIR_REALLOC I don't
> understand, what did i missed ?
Looks to me like VIR_REALLOC() would be a rarely used API and Dan just
had a typo in the above example - it should have used VIR_REALLOC_N()
I'm having difficulty thinking of how VIR_REALLOC() might be interesting
- e.g. the highly contrived example below.
Cheers,
Mark.
struct foo
{
int i;
};
struct bar
{
struct foo foo;
int j;
}
struct foo *get_foo(int i)
{
struct foo *foo;
if (!VIR_ALLOC(foo))
return NULL;
foo->i = i;
return foo;
}
struct bar *get_bar(int i, int j)
{
struct bar *bar;
struct foo *foo;
if (!(foo = get_foo(i)))
return NULL;
bar = (struct bar *) foo;
if (!VIR_REALLOC(bar)) {
VIR_FREE(foo);
return NULL;
}
bar->j = j;
return bar;
}
More information about the libvir-list
mailing list