On 8/29/19 11:50 AM, Daniel P. Berrangé wrote: > Document the use of g_autofree and g_autoptr in glib for automatic > freeing of memory. > > Signed-off-by: Daniel P. Berrangé <[email protected]> > --- > CODING_STYLE.rst | 85 ++++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 85 insertions(+) > > diff --git a/CODING_STYLE.rst b/CODING_STYLE.rst > index 4501d87352..39397f0f6f 100644 > --- a/CODING_STYLE.rst > +++ b/CODING_STYLE.rst > @@ -441,6 +441,91 @@ In addition, QEMU assumes that the compiler does not use > the latitude > given in C99 and C11 to treat aspects of signed '<<' as undefined, as > documented in the GNU Compiler Collection manual starting at version 4.0. > > +Automatic memory deallocation > +============================= > + > +QEMU has a mandatory dependency either the GCC or CLang compiler. As
s/either/on either/
> +such it has the freedom to make use of a C language extension for
> +automatically running a cleanup function when a stack variable goes
> +out of scope. This can be used to simplify function cleanup paths,
> +often allowing many goto jumps to be eliminated, through automatic
> +free'ing of memory.
> +
> +
> +For example, instead of
> +
> +.. code-block:: c
> +
> + int somefunc(void) {
Should that { be on its own line to match our prevailing style?
> + int ret = -1;
> + char *foo = g_strdup_printf("foo%", "wibble");
> + GList *bar = .....
> +
> + if (eek) {
> + goto cleanup;
> + }
> +
> + ret = 0;
> +
> + cleanup:
> + g_free(foo);
> + g_list_free(bar);
> + return ret;
> + }
> +
> +Using g_autofree/g_autoptr enables the code to be written as:
> +
> +.. code-block:: c
> +
> + int somefunc(void) {
here too
> + g_autofree char *foo = g_strdup_printf("foo%", "wibble");
> + g_autoptr (GList) bar = .....
> +
> + if (eek) {
> + return -1;
> + }
> +
> + return 0;
> + }
> +
> +While this generally results in simpler, less leak-prone code, there
> +are still some caveats to beware of
> +
> +* Variables declared with g_auto* MUST always be initialized,
> + otherwise the cleanup function will use uninitialized stack memory
> +
> +* If a variable declared with g_auto* holds a value which must
> + live beyond the life of the function, that value must be saved
> + and the original variable NULL'd out. This can be simpler using
> + g_steal_pointer
> +
> +
> +.. code-block:: c
> +
> + char *somefunc(void) {
and again
> + g_autofree char *foo = g_strdup_printf("foo%", "wibble");
> + g_autoptr (GList) bar = .....
> +
> + if (eek) {
> + return NULL;
> + }
> +
> + return g_steal_pointer(&foo);
> + }
> +
> +
> Error handling and reporting
> ============================
>
>
With those fixes,
Reviewed-by: Eric Blake <[email protected]>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
