On Tue, Sep 15, 2020 at 01:43:40PM +0200, Greg Kurz wrote: > On Tue, 15 Sep 2020 13:58:53 +0300 > Vladimir Sementsov-Ogievskiy <[email protected]> wrote: > > > 14.09.2020 15:35, Greg Kurz wrote: > > > As recommended in "qapi/error.h", add a bool return value to > > > spapr_add_lmbs() and spapr_add_nvdimm(), and use them instead > > > of local_err in spapr_memory_plug(). > > > > > > Since object_property_get_uint() only returns 0 on failure, use > > > that as well. > > > > Why are you sure? Can't the property be 0 itself? > > > > Hmmm... I've based this assumption on the header: > > * Returns: the value of the property, converted to an unsigned integer, or 0 > * an error occurs (including when the property value is not an integer). > > but looking at the implementation, I don't see any check that > a property cannot be 0 indeed...
Yeah, indeed I'm pretty sure it can.
> It's a bit misleading to mention this in the header though. I
> understand that the function should return something, which
> should have a some explicitly assigned value to avoid compilers
> or static analyzers to yell, but the written contract should be
> that the value is _undefined_ IMHO.
Hrm... I think the description could be clearer, but returning 0
explicitly on the failure case has some benefits too. If 0 is a
reasonable default for when the property isn't present (which is a
plausibly common case) then it means you can just get a value and
ignore errors.
> In its present form, the only way to know if the property is
> valid is to pass a non-NULL errp actually. I'd rather even see
> that in the contract, and an assert() in the code.
Maybe... see above.
> An alternative would be to convert it to have a bool return
> value and get the actual uint result with a pointer argument.
I don't think this is a good idea. Returning success/failure as the
return value is a good rule of thumb because it reduces the amount of
checking of out-of-band information you need to do. If you move to
returning the actual value you're trying to get out of band in this
sense, it kind of defeats that purpose.
I think this one is a case where it is reasonable to make it required
to explicitly check the error value.
> > > Also call ERRP_GUARD() to be able to check the status of void
> > > function pc_dimm_plug() with *errp.
>
> I'm now hesitating to either check *errp for object_property_get_uint()
> too or simply drop this patch...
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
