Am 05.12.22 um 19:54 schrieb Taylor Blau: > When zero-initializing a struct without the use of static initializers > like "{ 0 }", it is common to write one of: > > T *ptr = xcalloc(1, sizeof(T)); > T *ptr = xcalloc(1, sizeof(*ptr)); > > These correctly initialize "*ptr" to the all-zeros value, but have a > couple of drawbacks. Notably, both initializations are verbose, but the > former is a foot-gun. If "*ptr"'s type changes to something other than > "T", the programmer has to remember to update not only the type of the > variable, but the right-hand side of its initialization, too. > > In git.git, it is sometimes common to write something like: > > T *ptr; > CALLOC_ARRAY(ptr, 1); > > ...but that is confusing, since we're not initializing an array. Rather, > we're using the CALLOC_ARRAY() macro to pretend like we are. But since > the array length is 1, the effect is zero initializing a single element. An object and a single-element array of objects allocated on the heap are indistinguishable. In that sense there is no confusion -- we are indeed allocating a single-element array. But if the intent is to only get one thing then having to fill in 1 in the bulk order form is a bit tedious, especially since this is the most common kind of request. A shortcut for the frequent case makes sense. > Introduce a new variant, CALLOC(x), which initializes "x" to the > all-zeros value, without exposing the confusing use of CALLOC_ARRAY(), > or the foot-guns available when using xcalloc() directly. AFAIK the first "c" in "calloc" is for "continuous", not "zeroed". A single object is always contiguous, so the "C" in "CALLOC" is tautologic if read in that way. It fits our naming scheme for ALLOC_ARRAY and CALLOC_ARRAY, though, so that might not be much of a problem. And there are lots of occurrences of xmalloc(sizeof(T)) and xmalloc(sizeof(*ptr)) that would benefit from the automatic size inference of ALLOC_ARRAY -- an ALLOC macro would complement CALLOC nicely. > Write a Coccinelle patch which codifies these rules, but mark it as > "pending" since the resulting diff is too large to include in a single > patch: > > $ git apply .build/contrib/coccinelle/xcalloc.pending.cocci.patch > $ git diff --shortstat > 89 files changed, 221 insertions(+), 178 deletions(-) > > Signed-off-by: Taylor Blau <me@xxxxxxxxxxxx> > --- > This is a follow-up on [1], where introducing CALLOC(x) as the preferred > alternative to CALLOC_ARRAY(x, 1) was first suggested. > > The patch is straightforward, and I am pretty sure that the Coccinelle > rules are right, too ;-). But as a first-time Coccinelle user, any extra > scrutiny on those bits would be appreciated. > > The main point of discussion I think is whether we should consider > adopting this rule. I am biased, of course, but I think that we should. > > In any case, we should focus our efforts on polishing v2.39.0, but I > wanted to send this out to the list before I forgot about it. > > [1]: https://lore.kernel.org/git/Y1MrXoobkVKngYL1@xxxxxxxxxxxxxxxxxxxxxxx/ > > contrib/coccinelle/xcalloc.pending.cocci | 21 +++++++++++++++++++++ > git-compat-util.h | 8 ++++++++ > 2 files changed, 29 insertions(+) > create mode 100644 contrib/coccinelle/xcalloc.pending.cocci > > diff --git a/contrib/coccinelle/xcalloc.pending.cocci b/contrib/coccinelle/xcalloc.pending.cocci > new file mode 100644 > index 0000000000..83e4ca1a68 > --- /dev/null > +++ b/contrib/coccinelle/xcalloc.pending.cocci > @@ -0,0 +1,21 @@ > +@@ > +type T; > +T *ptr; > +@@ > +- ptr = xcalloc(1, \( sizeof(T) \| sizeof(*ptr) \) ) > ++ CALLOC(ptr) > + > +@@ > +type T; > +identifier ptr; > +@@ > +- T ptr = xcalloc(1, \( sizeof(T) \| sizeof(*ptr) \) ); > ++ T ptr; > ++ CALLOC(ptr); This rule would turn this code: struct foo *bar = xcalloc(1, sizeof(*bar)); int i; ... into: struct foo *bar; CALLOC(bar); int i; ... which violates the coding guideline to not mix declarations and statements (-Wdeclaration-after-statement). > + > +@@ > +type T; > +T *ptr; > +@@ > +- CALLOC_ARRAY(ptr, 1) > ++ CALLOC(ptr) > diff --git a/git-compat-util.h b/git-compat-util.h > index a76d0526f7..827e5be89c 100644 > --- a/git-compat-util.h > +++ b/git-compat-util.h > @@ -1107,6 +1107,14 @@ static inline void move_array(void *dst, const void *src, size_t n, size_t size) > memmove(dst, src, st_mult(size, n)); > } > > +/* > + * Like CALLOC_ARRAY, but the argument is treated as a pointer to a > + * single struct. > + * > + * Preferable over xcalloc(1, sizeof(...)), or CALLOC_ARRAY(..., 1). > + */ > +#define CALLOC(x) (x) = CALLOC_ARRAY((x), 1) > + > /* > * These functions help you allocate structs with flex arrays, and copy > * the data directly into the array. For example, if you had: > -- > 2.38.0.16.g393fd4c6db