On Tue, Sep 15, 2020 at 01:43:40PM +0200, Greg Kurz wrote: > On Tue, 15 Sep 2020 13:58:53 +0300 > Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com> wrote: > > > 14.09.2020 15:35, Greg Kurz wrote: > > > As recommended in "qapi/error.h", add a bool return value to > > > spapr_add_lmbs() and spapr_add_nvdimm(), and use them instead > > > of local_err in spapr_memory_plug(). > > > > > > Since object_property_get_uint() only returns 0 on failure, use > > > that as well. > > > > Why are you sure? Can't the property be 0 itself? > > > > Hmmm... I've based this assumption on the header: > > * Returns: the value of the property, converted to an unsigned integer, or 0 > * an error occurs (including when the property value is not an integer). > > but looking at the implementation, I don't see any check that > a property cannot be 0 indeed...
Yeah, indeed I'm pretty sure it can. > It's a bit misleading to mention this in the header though. I > understand that the function should return something, which > should have a some explicitly assigned value to avoid compilers > or static analyzers to yell, but the written contract should be > that the value is _undefined_ IMHO. Hrm... I think the description could be clearer, but returning 0 explicitly on the failure case has some benefits too. If 0 is a reasonable default for when the property isn't present (which is a plausibly common case) then it means you can just get a value and ignore errors. > In its present form, the only way to know if the property is > valid is to pass a non-NULL errp actually. I'd rather even see > that in the contract, and an assert() in the code. Maybe... see above. > An alternative would be to convert it to have a bool return > value and get the actual uint result with a pointer argument. I don't think this is a good idea. Returning success/failure as the return value is a good rule of thumb because it reduces the amount of checking of out-of-band information you need to do. If you move to returning the actual value you're trying to get out of band in this sense, it kind of defeats that purpose. I think this one is a case where it is reasonable to make it required to explicitly check the error value. > > > Also call ERRP_GUARD() to be able to check the status of void > > > function pc_dimm_plug() with *errp. > > I'm now hesitating to either check *errp for object_property_get_uint() > too or simply drop this patch... -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature