Re: [libvirt] [PATCH 4/4] virFree: Check const correctness
On 07/15/2014 06:38 AM, Michal Privoznik wrote:
Up to now it's possible to do something like this:
const char *ptr;
ptr = strdup("my example string");
VIR_FREE(ptr);
The problem is, const char * pointers should not be modified (and
freeing them is kind of modification). We should avoid this. A little
trick is used: assigning a const pointer into 'void *' triggers
compiler warning about discarding 'const' qualifier from pointer. So
the virFree() function gains new dummy argument, that is not touched
anyhow, just fulfills the const correctness check duty.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/util/viralloc.c | 6 ++++--
src/util/viralloc.h | 20 ++++++++++++++++----
src/xenapi/xenapi_utils.c | 2 +-
3 files changed, 21 insertions(+), 7 deletions(-)
But if you take my suggestion in 2/4 about merely removing the
'cast-away-const' while still keeping type safety, then a
single-argument virFree() should still be noisy on attempts to VIR_FREE
a const pointer.
@@ -543,11 +543,23 @@ void virFree(void *ptrptr)
ATTRIBUTE_NONNULL(1);
* @ptr: pointer holding address to be freed
*
* Free the memory stored in 'ptr' and update to point
- * to NULL.
+ * to NULL. Moreover, this macro has a side effect in
+ * form of evaluating passed argument multiple times.
NACK. I think it is possible to use sizeof() to come up with a
construct that will only do side effects once, rather than having to
weaken the guarantee of VIR_FREE. Please give me some time to propose
an alternative.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 604 bytes)