On Tue, 22 Mar 2022 at 14:21, Zongyuan Li <zongyuan...@smartx.com> wrote: > > I recently read the following code in hw/openrisc/openrisc_sim.c: > > > if (num_cpus > 1) { > > DeviceState *splitter = qdev_new(TYPE_SPLIT_IRQ); > > qdev_prop_set_uint32(splitter, "num-lines", num_cpus); > > qdev_realize_and_unref(splitter, NULL, &error_fatal); > > for (i = 0; i < num_cpus; i++) { > > qdev_connect_gpio_out(splitter, i, get_cpu_irq(cpus, i, > > irq_pin)); > > } > > serial_irq = qdev_get_gpio_in(splitter, 0); > > } else { > > serial_irq = get_cpu_irq(cpus, 0, irq_pin); > > } > > 'splitter' will be used after 'qdev_realize_and_unref', which will > drop the only reference it takes. > But since the memory will be freed, it seems illegal to use > 'splitter'. Can anyone explain if I am missing something?
qdev_realize() and qdev_realize_and_unref() plug the object into the QOM hierarchy, which means that the object's QOM parent will hold a reference to it. (If the object is also being plugged into a bus, then the bus will also take a reference, but that's not the case here). See the comments documenting these functions in qdev-core.h. thanks -- PMM