Re: [PATCH 8/9] qapi: Factor out compat_policy_input_ok()
Philippe Mathieu-Daudé writes:
> On 10/26/21 11:46, Markus Armbruster wrote:
>> Philippe Mathieu-Daudé writes:
>>
>>> On 10/25/21 07:25, Markus Armbruster wrote:
The code to check policy for handling deprecated input is triplicated.
Factor it out into compat_policy_input_ok() before I mess with it in
the next commit.
Signed-off-by: Markus Armbruster
---
include/qapi/compat-policy.h | 7 +
qapi/qapi-visit-core.c | 18 +
qapi/qmp-dispatch.c | 51 +++-
qapi/qobject-input-visitor.c | 19 +++---
4 files changed, 55 insertions(+), 40 deletions(-)
>>>
diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
index 8cca18c891..e29ade134c 100644
--- a/qapi/qmp-dispatch.c
+++ b/qapi/qmp-dispatch.c
@@ -28,6 +28,40 @@
CompatPolicy compat_policy;
+static bool compat_policy_input_ok1(const char *adjective,
+CompatPolicyInput policy,
+ErrorClass error_class,
+const char *kind, const char *name,
+Error **errp)
+{
+switch (policy) {
+case COMPAT_POLICY_INPUT_ACCEPT:
+return true;
+case COMPAT_POLICY_INPUT_REJECT:
+error_set(errp, error_class, "%s %s %s disabled by policy",
+ adjective, kind, name);
+return false;
+case COMPAT_POLICY_INPUT_CRASH:
+default:
+abort();
>>>
>>> g_assert_not_reached() provides a nicer user experience.
>>
>> I find it hard to care for making the experience of a crash that should
>> never ever happen nicer :)
>
> Well COMPAT_POLICY_INPUT_CRASH can happen... What about:
Point.
>case COMPAT_POLICY_INPUT_CRASH:
>error_printf("%s %s %s disabled by policy",
> adjective, kind, name);
>abort();
>default:
>g_assert_not_reached();
Separate patch. I'd prefer to delay it a bit, to avoid rocking the boat
so close to the soft freeze.
Re: [PATCH 8/9] qapi: Factor out compat_policy_input_ok()
On 10/26/21 11:46, Markus Armbruster wrote:
> Philippe Mathieu-Daudé writes:
>
>> On 10/25/21 07:25, Markus Armbruster wrote:
>>> The code to check policy for handling deprecated input is triplicated.
>>> Factor it out into compat_policy_input_ok() before I mess with it in
>>> the next commit.
>>>
>>> Signed-off-by: Markus Armbruster
>>> ---
>>> include/qapi/compat-policy.h | 7 +
>>> qapi/qapi-visit-core.c | 18 +
>>> qapi/qmp-dispatch.c | 51 +++-
>>> qapi/qobject-input-visitor.c | 19 +++---
>>> 4 files changed, 55 insertions(+), 40 deletions(-)
>>
>>> diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
>>> index 8cca18c891..e29ade134c 100644
>>> --- a/qapi/qmp-dispatch.c
>>> +++ b/qapi/qmp-dispatch.c
>>> @@ -28,6 +28,40 @@
>>>
>>> CompatPolicy compat_policy;
>>>
>>> +static bool compat_policy_input_ok1(const char *adjective,
>>> +CompatPolicyInput policy,
>>> +ErrorClass error_class,
>>> +const char *kind, const char *name,
>>> +Error **errp)
>>> +{
>>> +switch (policy) {
>>> +case COMPAT_POLICY_INPUT_ACCEPT:
>>> +return true;
>>> +case COMPAT_POLICY_INPUT_REJECT:
>>> +error_set(errp, error_class, "%s %s %s disabled by policy",
>>> + adjective, kind, name);
>>> +return false;
>>> +case COMPAT_POLICY_INPUT_CRASH:
>>> +default:
>>> +abort();
>>
>> g_assert_not_reached() provides a nicer user experience.
>
> I find it hard to care for making the experience of a crash that should
> never ever happen nicer :)
Well COMPAT_POLICY_INPUT_CRASH can happen... What about:
case COMPAT_POLICY_INPUT_CRASH:
error_printf("%s %s %s disabled by policy",
adjective, kind, name);
abort();
default:
g_assert_not_reached();
Re: [PATCH 8/9] qapi: Factor out compat_policy_input_ok()
Philippe Mathieu-Daudé writes:
> On 10/25/21 07:25, Markus Armbruster wrote:
>> The code to check policy for handling deprecated input is triplicated.
>> Factor it out into compat_policy_input_ok() before I mess with it in
>> the next commit.
>>
>> Signed-off-by: Markus Armbruster
>> ---
>> include/qapi/compat-policy.h | 7 +
>> qapi/qapi-visit-core.c | 18 +
>> qapi/qmp-dispatch.c | 51 +++-
>> qapi/qobject-input-visitor.c | 19 +++---
>> 4 files changed, 55 insertions(+), 40 deletions(-)
>
>> diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
>> index 8cca18c891..e29ade134c 100644
>> --- a/qapi/qmp-dispatch.c
>> +++ b/qapi/qmp-dispatch.c
>> @@ -28,6 +28,40 @@
>>
>> CompatPolicy compat_policy;
>>
>> +static bool compat_policy_input_ok1(const char *adjective,
>> +CompatPolicyInput policy,
>> +ErrorClass error_class,
>> +const char *kind, const char *name,
>> +Error **errp)
>> +{
>> +switch (policy) {
>> +case COMPAT_POLICY_INPUT_ACCEPT:
>> +return true;
>> +case COMPAT_POLICY_INPUT_REJECT:
>> +error_set(errp, error_class, "%s %s %s disabled by policy",
>> + adjective, kind, name);
>> +return false;
>> +case COMPAT_POLICY_INPUT_CRASH:
>> +default:
>> +abort();
>
> g_assert_not_reached() provides a nicer user experience.
I find it hard to care for making the experience of a crash that should
never ever happen nicer :)
>> +}
>> +}
>> +
>> +bool compat_policy_input_ok(unsigned special_features,
>> +const CompatPolicy *policy,
>> +ErrorClass error_class,
>> +const char *kind, const char *name,
>> +Error **errp)
>> +{
>> +if ((special_features & 1u << QAPI_DEPRECATED)
>
> Matter of taste, I find code using extract() easier to review:
>
> extract64(special_features, QAPI_DEPRECATED, 1)
I agree for width > 1.
>> +&& !compat_policy_input_ok1("Deprecated",
>> +policy->deprecated_input,
>> +error_class, kind, name, errp)) {
>> +return false;
>> +}
>> +return true;
>> +}
>
> Reviewed-by: Philippe Mathieu-Daudé
Thanks!
Re: [PATCH 8/9] qapi: Factor out compat_policy_input_ok()
On Mon, Oct 25, 2021 at 1:25 AM Markus Armbruster wrote: > The code to check policy for handling deprecated input is triplicated. > Factor it out into compat_policy_input_ok() before I mess with it in > the next commit. > > Signed-off-by: Markus Armbruster > (Skipping C-only patches for quick review. I'll trust you on these.) --js
Re: [PATCH 8/9] qapi: Factor out compat_policy_input_ok()
On 10/25/21 07:25, Markus Armbruster wrote:
> The code to check policy for handling deprecated input is triplicated.
> Factor it out into compat_policy_input_ok() before I mess with it in
> the next commit.
>
> Signed-off-by: Markus Armbruster
> ---
> include/qapi/compat-policy.h | 7 +
> qapi/qapi-visit-core.c | 18 +
> qapi/qmp-dispatch.c | 51 +++-
> qapi/qobject-input-visitor.c | 19 +++---
> 4 files changed, 55 insertions(+), 40 deletions(-)
> diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
> index 8cca18c891..e29ade134c 100644
> --- a/qapi/qmp-dispatch.c
> +++ b/qapi/qmp-dispatch.c
> @@ -28,6 +28,40 @@
>
> CompatPolicy compat_policy;
>
> +static bool compat_policy_input_ok1(const char *adjective,
> +CompatPolicyInput policy,
> +ErrorClass error_class,
> +const char *kind, const char *name,
> +Error **errp)
> +{
> +switch (policy) {
> +case COMPAT_POLICY_INPUT_ACCEPT:
> +return true;
> +case COMPAT_POLICY_INPUT_REJECT:
> +error_set(errp, error_class, "%s %s %s disabled by policy",
> + adjective, kind, name);
> +return false;
> +case COMPAT_POLICY_INPUT_CRASH:
> +default:
> +abort();
g_assert_not_reached() provides a nicer user experience.
> +}
> +}
> +
> +bool compat_policy_input_ok(unsigned special_features,
> +const CompatPolicy *policy,
> +ErrorClass error_class,
> +const char *kind, const char *name,
> +Error **errp)
> +{
> +if ((special_features & 1u << QAPI_DEPRECATED)
Matter of taste, I find code using extract() easier to review:
extract64(special_features, QAPI_DEPRECATED, 1)
> +&& !compat_policy_input_ok1("Deprecated",
> +policy->deprecated_input,
> +error_class, kind, name, errp)) {
> +return false;
> +}
> +return true;
> +}
Reviewed-by: Philippe Mathieu-Daudé
