diff mbox

HACKING: document preference for g_new instead of g_malloc

Message ID 20180515134950.3755-1-muriloo@linux.ibm.com (mailing list archive)
State New, archived
Headers show

Commit Message

Murilo Opsfelder Araújo May 15, 2018, 1:49 p.m. UTC
This patch documents the preference for g_new instead of g_malloc. The
reasons were adapted from commit b45c03f585ea9bb1af76c73e82195418c294919d.

Discussion in QEMU's mailing list:
  http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03238.html

Cc: qemu-devel@nongnu.org
Cc: David Hildenbrand <david@redhat.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
---
 HACKING | 9 +++++++++
 1 file changed, 9 insertions(+)

Comments

Eric Blake May 15, 2018, 2:14 p.m. UTC | #1
On 05/15/2018 08:49 AM, Murilo Opsfelder Araujo wrote:
> This patch documents the preference for g_new instead of g_malloc. The
> reasons were adapted from commit b45c03f585ea9bb1af76c73e82195418c294919d.
> 
> Discussion in QEMU's mailing list:
>    http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03238.html
> 
> Cc: qemu-devel@nongnu.org
> Cc: David Hildenbrand <david@redhat.com>
> Cc: Eduardo Habkost <ehabkost@redhat.com>
> Cc: Markus Armbruster <armbru@redhat.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
> ---
>   HACKING | 9 +++++++++
>   1 file changed, 9 insertions(+)

Reviewed-by: Eric Blake <eblake@redhat.com>
Alex Bennée May 15, 2018, 3:11 p.m. UTC | #2
Murilo Opsfelder Araujo <muriloo@linux.ibm.com> writes:

> This patch documents the preference for g_new instead of g_malloc. The
> reasons were adapted from commit b45c03f585ea9bb1af76c73e82195418c294919d.
>
> Discussion in QEMU's mailing list:
>   http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03238.html
>
> Cc: qemu-devel@nongnu.org
> Cc: David Hildenbrand <david@redhat.com>
> Cc: Eduardo Habkost <ehabkost@redhat.com>
> Cc: Markus Armbruster <armbru@redhat.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

> ---
>  HACKING | 9 +++++++++
>  1 file changed, 9 insertions(+)
>
> diff --git a/HACKING b/HACKING
> index 4125c97d8d..0fc3e0fc04 100644
> --- a/HACKING
> +++ b/HACKING
> @@ -118,6 +118,15 @@ Please note that g_malloc will exit on allocation failure, so there
>  is no need to test for failure (as you would have to with malloc).
>  Calling g_malloc with a zero size is valid and will return NULL.
>
> +Prefer g_new(T, n) instead of g_malloc(sizeof(T) * n) for the following
> +reasons:
> +
> +  a. It catches multiplication overflowing size_t;
> +  b. It returns T * instead of void *, letting compiler catch more type
> +     errors.
> +
> +Declarations like T *v = g_malloc(sizeof(*v)) are acceptable, though.
> +
>  Memory allocated by qemu_memalign or qemu_blockalign must be freed with
>  qemu_vfree, since breaking this will cause problems on Win32.


--
Alex Bennée
Eric Blake May 15, 2018, 6:11 p.m. UTC | #3
adding qemu-trivial as a potential tree for this to go through

On 05/15/2018 08:49 AM, Murilo Opsfelder Araujo wrote:
> This patch documents the preference for g_new instead of g_malloc. The
> reasons were adapted from commit b45c03f585ea9bb1af76c73e82195418c294919d.
> 
> Discussion in QEMU's mailing list:
>    http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03238.html
> 
> Cc: qemu-devel@nongnu.org
> Cc: David Hildenbrand <david@redhat.com>
> Cc: Eduardo Habkost <ehabkost@redhat.com>
> Cc: Markus Armbruster <armbru@redhat.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
> ---
>   HACKING | 9 +++++++++
>   1 file changed, 9 insertions(+)
> 
> diff --git a/HACKING b/HACKING
> index 4125c97d8d..0fc3e0fc04 100644
> --- a/HACKING
> +++ b/HACKING
> @@ -118,6 +118,15 @@ Please note that g_malloc will exit on allocation failure, so there
>   is no need to test for failure (as you would have to with malloc).
>   Calling g_malloc with a zero size is valid and will return NULL.
>   
> +Prefer g_new(T, n) instead of g_malloc(sizeof(T) * n) for the following
> +reasons:
> +
> +  a. It catches multiplication overflowing size_t;
> +  b. It returns T * instead of void *, letting compiler catch more type
> +     errors.
> +
> +Declarations like T *v = g_malloc(sizeof(*v)) are acceptable, though.
> +
>   Memory allocated by qemu_memalign or qemu_blockalign must be freed with
>   qemu_vfree, since breaking this will cause problems on Win32.
>   
>
David Hildenbrand May 16, 2018, 9:29 a.m. UTC | #4
On 15.05.2018 15:49, Murilo Opsfelder Araujo wrote:
> This patch documents the preference for g_new instead of g_malloc. The
> reasons were adapted from commit b45c03f585ea9bb1af76c73e82195418c294919d.
> 
> Discussion in QEMU's mailing list:
>   http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03238.html
> 
> Cc: qemu-devel@nongnu.org
> Cc: David Hildenbrand <david@redhat.com>
> Cc: Eduardo Habkost <ehabkost@redhat.com>
> Cc: Markus Armbruster <armbru@redhat.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
> ---
>  HACKING | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/HACKING b/HACKING
> index 4125c97d8d..0fc3e0fc04 100644
> --- a/HACKING
> +++ b/HACKING
> @@ -118,6 +118,15 @@ Please note that g_malloc will exit on allocation failure, so there
>  is no need to test for failure (as you would have to with malloc).
>  Calling g_malloc with a zero size is valid and will return NULL.
>  
> +Prefer g_new(T, n) instead of g_malloc(sizeof(T) * n) for the following
> +reasons:

Should we make this stronger? s/Prefer/Use/ ? Because I think that for
this use case we have an agreement (sizeof(T) vs. sizeof(*var)).

> +
> +  a. It catches multiplication overflowing size_t;
> +  b. It returns T * instead of void *, letting compiler catch more type
> +     errors.
> +
> +Declarations like T *v = g_malloc(sizeof(*v)) are acceptable, though.
> +
>  Memory allocated by qemu_memalign or qemu_blockalign must be freed with
>  qemu_vfree, since breaking this will cause problems on Win32.
>  
> 

This seems to be the right place to start documenting such stuff.

Reviewed-by: David Hildenbrand <david@redhat.com>
diff mbox

Patch

diff --git a/HACKING b/HACKING
index 4125c97d8d..0fc3e0fc04 100644
--- a/HACKING
+++ b/HACKING
@@ -118,6 +118,15 @@  Please note that g_malloc will exit on allocation failure, so there
 is no need to test for failure (as you would have to with malloc).
 Calling g_malloc with a zero size is valid and will return NULL.
 
+Prefer g_new(T, n) instead of g_malloc(sizeof(T) * n) for the following
+reasons:
+
+  a. It catches multiplication overflowing size_t;
+  b. It returns T * instead of void *, letting compiler catch more type
+     errors.
+
+Declarations like T *v = g_malloc(sizeof(*v)) are acceptable, though.
+
 Memory allocated by qemu_memalign or qemu_blockalign must be freed with
 qemu_vfree, since breaking this will cause problems on Win32.