On 03/06/2015 10:02 AM, Ján Tomko wrote:
> Most of the callers use the pattern:
> bool b;
> ignore_value(virBitmapGetBit(.., &b));
> if (b) {
> ...
> }
>
> And the rest treats the failure (which can only happen
> when the requested bit is out of bitmap bounds) the same
> as they treat a 'false' bit.
Blindly returning false for out of bounds may work for some (most?)
callers, but I still wonder if we should expose the full bounds-checking
version under a different name, and/or expose a variant that lets the
caller specify the default value to return for an out-of-bounds
reference. That is, while you've made the common case short, I wonder
if we need the extra control for correctness elsewhere.
I'm not outright rejecting this patch, but I'm also not sure if it is
the right move to take - is our attempt at bounds-checking in order to
prevent programming bugs helping us avoid bugs (then this patch is
losing that safety), or is it just causing needless noise of boilerplate
(most callers using ignore_value, in which case this patch is the right
thing). Anyone else with an opinion?
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list