On 06/17/2015 01:24 AM, Michael S. Tsirkin wrote: > makes it possible to copy error_abort pointers, > not just pass them on directly. > > This is needed because follow-up patches add support for > Error *local_err = ...; > as a way to set an abort-on-error pointer, which requires that we have > more than just a global error_abort abort-on-error pointer, but that any > number of pointers all resolve to something specific. > > Add an assert statement when class is retrieved, to make sure we still > get a core-dump if we (somehow) attempt to output the abort errp by > mistake. > > Signed-off-by: Michael S. Tsirkin > Reviewed-by: Eric Blake I think you made enough changes from v1 (functional change of an added assertion, but also better justification via improved commit message) that I would have dropped R-b if I were the one submitting it. Your argument of aiding gdb debugging of error objects by making the pointer point somewhere valid makes sense, when compared to my hack of an invalid pointer that would segfault even when trying to view it through gdb. The added assertion in this version definitely helps avoid code making the mistake of dereferencing the magic error pointer. > --- > util/error.c | 17 ++++++++++++----- > 1 file changed, 12 insertions(+), 5 deletions(-) > > diff --git a/util/error.c b/util/error.c > index 14f4351..e10cb34 100644 > --- a/util/error.c > +++ b/util/error.c > @@ -20,7 +20,13 @@ struct Error > ErrorClass err_class; > }; > > -Error *error_abort; > +static Error error_abort_st = { .err_class = ERROR_CLASS_MAX }; > +Error *error_abort = &error_abort_st; > + > +static bool error_is_abort(Error **errp) > +{ > + return errp && *errp == error_abort; However, now I don't like the subject line. This is still a pointer comparison (just a different pointer than before). So while I'm now happy with the state of the code, I think a better commit message would be: error: don't rely on address of global variable The old implementation used the address of a global pointer variable (&error_abort, type Error**) as a sentinel. This patch changes to using the value of the global pointer variable itself (error_abort, type Error*), so that the sentinel value can be easily copied to other Error* pointers, regardless of their address. The new sentinel points to an actual object, in case it is inspected through a debugger, although working code should never dereference it. This is needed because...[snipped] > @@ -144,6 +150,7 @@ Error *error_copy(const Error *err) > > ErrorClass error_get_class(const Error *err) > { > + assert(err->err_class < ERROR_CLASS_MAX); I also think you should add this assert in error_copy() a few lines above, as well as in error_get_pretty() and error_free() a few lines below. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org