| Message ID | 20180515134950.3755-1-muriloo@linux.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 05/15/2018 08:49 AM, Murilo Opsfelder Araujo wrote: > This patch documents the preference for g_new instead of g_malloc. The > reasons were adapted from commit b45c03f585ea9bb1af76c73e82195418c294919d. > > Discussion in QEMU's mailing list: > http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03238.html > > Cc: qemu-devel@nongnu.org > Cc: David Hildenbrand <david@redhat.com> > Cc: Eduardo Habkost <ehabkost@redhat.com> > Cc: Markus Armbruster <armbru@redhat.com> > Cc: Paolo Bonzini <pbonzini@redhat.com> > Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com> > --- > HACKING | 9 +++++++++ > 1 file changed, 9 insertions(+) Reviewed-by: Eric Blake <eblake@redhat.com>
Murilo Opsfelder Araujo <muriloo@linux.ibm.com> writes: > This patch documents the preference for g_new instead of g_malloc. The > reasons were adapted from commit b45c03f585ea9bb1af76c73e82195418c294919d. > > Discussion in QEMU's mailing list: > http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03238.html > > Cc: qemu-devel@nongnu.org > Cc: David Hildenbrand <david@redhat.com> > Cc: Eduardo Habkost <ehabkost@redhat.com> > Cc: Markus Armbruster <armbru@redhat.com> > Cc: Paolo Bonzini <pbonzini@redhat.com> > Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> > --- > HACKING | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/HACKING b/HACKING > index 4125c97d8d..0fc3e0fc04 100644 > --- a/HACKING > +++ b/HACKING > @@ -118,6 +118,15 @@ Please note that g_malloc will exit on allocation failure, so there > is no need to test for failure (as you would have to with malloc). > Calling g_malloc with a zero size is valid and will return NULL. > > +Prefer g_new(T, n) instead of g_malloc(sizeof(T) * n) for the following > +reasons: > + > + a. It catches multiplication overflowing size_t; > + b. It returns T * instead of void *, letting compiler catch more type > + errors. > + > +Declarations like T *v = g_malloc(sizeof(*v)) are acceptable, though. > + > Memory allocated by qemu_memalign or qemu_blockalign must be freed with > qemu_vfree, since breaking this will cause problems on Win32. -- Alex Bennée
adding qemu-trivial as a potential tree for this to go through On 05/15/2018 08:49 AM, Murilo Opsfelder Araujo wrote: > This patch documents the preference for g_new instead of g_malloc. The > reasons were adapted from commit b45c03f585ea9bb1af76c73e82195418c294919d. > > Discussion in QEMU's mailing list: > http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03238.html > > Cc: qemu-devel@nongnu.org > Cc: David Hildenbrand <david@redhat.com> > Cc: Eduardo Habkost <ehabkost@redhat.com> > Cc: Markus Armbruster <armbru@redhat.com> > Cc: Paolo Bonzini <pbonzini@redhat.com> > Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com> > --- > HACKING | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/HACKING b/HACKING > index 4125c97d8d..0fc3e0fc04 100644 > --- a/HACKING > +++ b/HACKING > @@ -118,6 +118,15 @@ Please note that g_malloc will exit on allocation failure, so there > is no need to test for failure (as you would have to with malloc). > Calling g_malloc with a zero size is valid and will return NULL. > > +Prefer g_new(T, n) instead of g_malloc(sizeof(T) * n) for the following > +reasons: > + > + a. It catches multiplication overflowing size_t; > + b. It returns T * instead of void *, letting compiler catch more type > + errors. > + > +Declarations like T *v = g_malloc(sizeof(*v)) are acceptable, though. > + > Memory allocated by qemu_memalign or qemu_blockalign must be freed with > qemu_vfree, since breaking this will cause problems on Win32. > >
On 15.05.2018 15:49, Murilo Opsfelder Araujo wrote: > This patch documents the preference for g_new instead of g_malloc. The > reasons were adapted from commit b45c03f585ea9bb1af76c73e82195418c294919d. > > Discussion in QEMU's mailing list: > http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03238.html > > Cc: qemu-devel@nongnu.org > Cc: David Hildenbrand <david@redhat.com> > Cc: Eduardo Habkost <ehabkost@redhat.com> > Cc: Markus Armbruster <armbru@redhat.com> > Cc: Paolo Bonzini <pbonzini@redhat.com> > Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com> > --- > HACKING | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/HACKING b/HACKING > index 4125c97d8d..0fc3e0fc04 100644 > --- a/HACKING > +++ b/HACKING > @@ -118,6 +118,15 @@ Please note that g_malloc will exit on allocation failure, so there > is no need to test for failure (as you would have to with malloc). > Calling g_malloc with a zero size is valid and will return NULL. > > +Prefer g_new(T, n) instead of g_malloc(sizeof(T) * n) for the following > +reasons: Should we make this stronger? s/Prefer/Use/ ? Because I think that for this use case we have an agreement (sizeof(T) vs. sizeof(*var)). > + > + a. It catches multiplication overflowing size_t; > + b. It returns T * instead of void *, letting compiler catch more type > + errors. > + > +Declarations like T *v = g_malloc(sizeof(*v)) are acceptable, though. > + > Memory allocated by qemu_memalign or qemu_blockalign must be freed with > qemu_vfree, since breaking this will cause problems on Win32. > > This seems to be the right place to start documenting such stuff. Reviewed-by: David Hildenbrand <david@redhat.com>
diff --git a/HACKING b/HACKING index 4125c97d8d..0fc3e0fc04 100644 --- a/HACKING +++ b/HACKING @@ -118,6 +118,15 @@ Please note that g_malloc will exit on allocation failure, so there is no need to test for failure (as you would have to with malloc). Calling g_malloc with a zero size is valid and will return NULL. +Prefer g_new(T, n) instead of g_malloc(sizeof(T) * n) for the following +reasons: + + a. It catches multiplication overflowing size_t; + b. It returns T * instead of void *, letting compiler catch more type + errors. + +Declarations like T *v = g_malloc(sizeof(*v)) are acceptable, though. + Memory allocated by qemu_memalign or qemu_blockalign must be freed with qemu_vfree, since breaking this will cause problems on Win32.
This patch documents the preference for g_new instead of g_malloc. The reasons were adapted from commit b45c03f585ea9bb1af76c73e82195418c294919d. Discussion in QEMU's mailing list: http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03238.html Cc: qemu-devel@nongnu.org Cc: David Hildenbrand <david@redhat.com> Cc: Eduardo Habkost <ehabkost@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com> --- HACKING | 9 +++++++++ 1 file changed, 9 insertions(+)