Am 28.11.2013 02:24, schrieb Igor Mammedov: > in case if caller setting property doesn't care about error and > passes in NULL as errp argument but error occurs in property setter, > it is silently discarded leaving object in undefined state. > > As result it leads to hard to find bugs, so if caller doesn't > care about error it must be sure that property exists and > accepts provided value, otherwise it's better to abort early > since error case couldn't be handled gracefully and find > invalid usecase early. > > In addition multitude of property setters will be always > guarantied to have error object present and won't be required > to handle this condition individually. > > Signed-off-by: Igor Mammedov <imamm...@redhat.com> > --- > qom/object.c | 19 ++++++++++++++----- > 1 file changed, 14 insertions(+), 5 deletions(-) > > diff --git a/qom/object.c b/qom/object.c > index fc19cf6..2c0bb64 100644 > --- a/qom/object.c > +++ b/qom/object.c > @@ -792,16 +792,25 @@ void object_property_get(Object *obj, Visitor *v, const > char *name, > void object_property_set(Object *obj, Visitor *v, const char *name, > Error **errp) > { > - ObjectProperty *prop = object_property_find(obj, name, errp); > - if (prop == NULL) { > - return; > + Error *local_error = NULL; > + ObjectProperty *prop = object_property_find(obj, name, &local_error); > + if (local_error) { > + goto out; > } > > if (!prop->set) { > - error_set(errp, QERR_PERMISSION_DENIED); > + error_set(&local_error, QERR_PERMISSION_DENIED); > } else { > - prop->set(obj, v, prop->opaque, name, errp); > + prop->set(obj, v, prop->opaque, name, &local_error); > } > +out: > + if (local_error) { > + if (!errp) { > + assert_no_error(local_error); > + } > + error_propagate(errp, local_error); > + } > + > } > > void object_property_set_str(Object *obj, const char *value,
Aborting on NULL errp considered dangerous by me. This function seems to work just fine with NULL errp, so your focus seems to be on the callers. Promoting *not* to abort has been one appeal of the new QOM-style APIs to me, so making this implicitly assert feels like a step backwards. The old qdev_prop_set_*() API, which most users are still using, does assert, as discussed with PMM recently. Also, why only for setting properties? Either all or none should behave like this - and I guess none is going to be easier to achieve. For instance, adding dynamic properties is a use case where in instance_init I've seen NULL errp passed in (because instance_init API cannot fail). I will be more than happy to review and apply your patch (or contribute further ones) going through (mis)uses of error_is_set(). Regards, Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg