Avi Kivity wrote:
When we see a lengthy and error prone idiom we usually provide a
wrapper. That wrapper is qemu_malloc(). If you like, don't see it as
a fixed malloc(), but as qemu's way of allocating memory which is
totally independent from malloc().
We constantly get patches with qemu_malloc() with a NULL check. Then we
tell people to remove the NULL check. It feels very weird to ask people
to remove error handling.
I can understand the argument that getting OOM right is very difficult
but it's not impossible.
However, this is all personal preference and I'd rather focus my
energy on things that have true functional impact. Markus raised a
valid functional problem with the current implementation and I
proposed a solution that would address that functional problem. I'd
rather see the discussion focus on the merits of that solution than
revisiting whether ANSI got the semantics of malloc() correct in the
standards definition.
Unless ANSI has a say on qemu_malloc(), I think it's worthwhile to get
that right rather than wrapping every array caller with useless tests.
If you're concerned about array allocation, introduce an array
allocation function. Honestly, there's very little reason to open code
array allocation/manipulation at all. We should either be using a list
type or if we really need to, we should introduce a vector type.
Regards,
Anthony Liguori
