[ovs-dev] [PATCH 1/4] util: Disallow zero-sized xmalloc_cacheline

YAMAMOTO Takashi yamamoto at valinux.co.jp
Mon May 5 23:42:05 UTC 2014 

> On Mon, May 05, 2014 at 08:32:34AM +0900, YAMAMOTO Takashi wrote:
>> > On Sat, May 03, 2014 at 09:01:01AM +0900, YAMAMOTO Takashi wrote:
>> >> xmalloc_cacheline API is relatively new.  It's better
>> >> not to inherit the kludge from xmalloc.  This kind of
>> >> kludge rather hurts these days.
>> >> 
>> >> Signed-off-by: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
>> > 
>> > I see basically three alternatives for xmalloc(0) and
>> > xmalloc_cacheline(0):
>> > 
>> >         1. Assert-fail.
>> > 
>> >         2. Return NULL.
>> > 
>> >         3. Return a unique 1-byte block.
>> > 
>> > I'm not a big fan of #1 because it can create corner cases where one
>> > must be extra careful, mainly when one is allocating a variable-length
>> > array that might occasionally have zero elements.
>> > 
>> > #2 and #3 have about the same effect most of the time.  Since
>> > dereferencing the pointer returned by #3 yields undefined behavior
>> > according to the C standard, there isn't much of an advantage to #3 over
>> > #2.  The only practical difference is that occasionally a nonnull
>> > pointer indicates that some data structure has been initialized.
>> > 
>> > I've always leaned toward #2, as a personal opinion, but I went with #3
>> > in Open vSwitch xmalloc() because of my GNU background, since GNU code
>> > has a bias toward malloc(0) acting like malloc(1).  (gnulib goes so far
>> > as to test for malloc(0) behavior and add a wrapper if it returns NULL.)
>> > 
>> > So my preference is #2 or #3, leaning toward #3 since it's the behavior
>> > we've had in OVS for a long time.  To me, #1 seems risky: it makes a
>> > rare corner case definitely deadly.
>> 
>> thanks for explaining your reasoning.
>> i can understand it, although i still prefer failing loudly rather
>> than silently.
> 
> I guess I don't see an allocator that returns a 0-byte block in response
> to a 0-byte request as "failing".

sure.
however, the calling code might fail with the 0-byte block
if it was not written carefully enough.

YAMAMOTO Takashi

> 
>> i will drop this patch for now as it seems at least controversial.
> 
> OK.

More information about the dev mailing list