On 09/12/2015 10:30, Markus Armbruster wrote: > My current working assumption is that passing &error_fatal to > memory_region_init_ram() & friends is okay even in realize() methods and > their supporting code, except when the allocation can be large.
I suspect a lot of memory_region_init_ram()s could be considered potentially large (at least in the 16-64 megabytes range). Propagation of memory_region_init_ram() failures is easy enough, thanks to Error**, that we should just do it. Even if we don't, we should use &error_abort, not &error_fatal (programmer error---due to laziness---rather than user error). &error_fatal should really be restricted to code that is running very close to main(). Paolo > Even > then, &error_fatal is better than buggy recovery code (which I can see > all over the place, but that's a separate topic).
