Re: p = kmalloc(sizeof(*p), )

From: Willy Tarreau
Date: Sun Sep 18 2005 - 11:52:54 EST

Next message: Bernd Petrovitsch: "Re: [Patch] Support UTF-8 scripts"
Previous message: Marc Perkel: "Wanted - Recommendation of good motherboard for AMD Athlon 64 X2"
In reply to: Robert Love: "Re: p = kmalloc(sizeof(*p), )"
Next in thread: Al Viro: "Re: p = kmalloc(sizeof(*p), )"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Sep 18, 2005 at 12:32:26PM -0400, Robert Love wrote:
> On Sun, 2005-09-18 at 11:06 +0100, Russell King wrote:
>
> > +The preferred form for passing a size of a struct is the following:
> > +
> > + p = kmalloc(sizeof(*p), ...);
> > +
> > +The alternative form where struct name is spelled out hurts readability and
> > +introduces an opportunity for a bug when the pointer variable type is changed
> > +but the corresponding sizeof that is passed to a memory allocator is not.
>
> Agreed.
>
> Also, after Alan's #4:
>
> 5. Contrary to the above statement, such coding style does not help,
> but in fact hurts, readability. How on Earth is sizeof(*p) more
> readable and information-rich than sizeof(struct foo)? It looks
> like the remains of a 5,000 year old wolverine's spleen and
> conveys no information about the type of the object that is being
> created.
>
> Robert Love

To be honnest, before reading this thread, I would have voted for the
sizeof(*p). However, I completely agree that there is a high risk of
messing up the initialization, and that structures don't change often.
The situations where I think that sizeof(*p) is better than
sizeof(struct foo) is more on functions such as memset() than {,k}malloc() :
forgetting to initialize a struct member is always a high risk, but if the
object is not a struct (eg, a scalar), then it could be tolerated. I don't
know anybody who does kmalloc(sizeof(int)) nor kmalloc(sizeof(char)), but
with memset, it's different. Doing memset(p, 0, sizeof(*p)) seems better
to me than memset(p, 0, sizeof(short)), and represents a smaller risk
when 'p' will silently evolve to a long int.

Last, there's little probability that a scalar will evolve into a struct
without code modifications, while it has happened often that a __u8 or
__u16 was changed to __u32. So perhaps we could accept use of sizeof(*p)
when (*p) is a scalar to protect against silent type changes, and reject
it when (*p) is a structure to avoid incomplete initialization ?

Alan, I like your proposal BTW ;-)

Regards,
Willy

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bernd Petrovitsch: "Re: [Patch] Support UTF-8 scripts"
Previous message: Marc Perkel: "Wanted - Recommendation of good motherboard for AMD Athlon 64 X2"
In reply to: Robert Love: "Re: p = kmalloc(sizeof(*p), )"
Next in thread: Al Viro: "Re: p = kmalloc(sizeof(*p), )"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]