On Mon, Apr 28, 2008 at 08:16:02PM +0100, Daniel P. Berrange wrote: > I agree with Havoc that it is not worth checking for OOM unless you > take the time to prove it is correctly handled. As mentioned earlier > in this thread one of the core problems making it impractical is > the API contract of malloc() which means you need manual code inspection > to verify you checked all mallocs(). We could actually verify this automatically with CIL. Needs me to be free of distractions for a week to code it up mind you ... > The API contract I proposed for > virAlloc at least addresses that 1/2 of the problem by letting the > compiler tell us whether any allocations have missing checks. That > leaves the second part of the problem - the cleanup paths. We need > to have the cleanup paths in the code regardless because arbitrary > syscalls (eg, write(), socket(), etc) we invoke may fail. If we are > making sure those cleanup paths are correct anyway, then handling OOM > in this codepaths is minor incremental code & thus a much more tractable > problem. And these too ... Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into Xen guests. http://et.redhat.com/~rjones/virt-p2v -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list