Am 05.12.22 um 19:54 schrieb Taylor Blau:
> When zero-initializing a struct without the use of static initializers
> like "{ 0 }", it is common to write one of:
>
> T *ptr = xcalloc(1, sizeof(T));
> T *ptr = xcalloc(1, sizeof(*ptr));
>
> These correctly initialize "*ptr" to the all-zeros value, but have a
> couple of drawbacks. Notably, both initializations are verbose, but the
> former is a foot-gun. If "*ptr"'s type changes to something other than
> "T", the programmer has to remember to update not only the type of the
> variable, but the right-hand side of its initialization, too.
>
> In git.git, it is sometimes common to write something like:
>
> T *ptr;
> CALLOC_ARRAY(ptr, 1);
>
> ...but that is confusing, since we're not initializing an array. Rather,
> we're using the CALLOC_ARRAY() macro to pretend like we are. But since
> the array length is 1, the effect is zero initializing a single element.
An object and a single-element array of objects allocated on the heap are
indistinguishable. In that sense there is no confusion -- we are indeed
allocating a single-element array. But if the intent is to only get one
thing then having to fill in 1 in the bulk order form is a bit tedious,
especially since this is the most common kind of request. A shortcut for
the frequent case makes sense.
> Introduce a new variant, CALLOC(x), which initializes "x" to the
> all-zeros value, without exposing the confusing use of CALLOC_ARRAY(),
> or the foot-guns available when using xcalloc() directly.
AFAIK the first "c" in "calloc" is for "continuous", not "zeroed". A
single object is always contiguous, so the "C" in "CALLOC" is
tautologic if read in that way. It fits our naming scheme for
ALLOC_ARRAY and CALLOC_ARRAY, though, so that might not be much of a
problem.
And there are lots of occurrences of xmalloc(sizeof(T)) and
xmalloc(sizeof(*ptr)) that would benefit from the automatic size
inference of ALLOC_ARRAY -- an ALLOC macro would complement
CALLOC nicely.
> Write a Coccinelle patch which codifies these rules, but mark it as
> "pending" since the resulting diff is too large to include in a single
> patch:
>
> $ git apply .build/contrib/coccinelle/xcalloc.pending.cocci.patch
> $ git diff --shortstat
> 89 files changed, 221 insertions(+), 178 deletions(-)
>
> Signed-off-by: Taylor Blau <me@xxxxxxxxxxxx>
> ---
> This is a follow-up on [1], where introducing CALLOC(x) as the preferred
> alternative to CALLOC_ARRAY(x, 1) was first suggested.
>
> The patch is straightforward, and I am pretty sure that the Coccinelle
> rules are right, too ;-). But as a first-time Coccinelle user, any extra
> scrutiny on those bits would be appreciated.
>
> The main point of discussion I think is whether we should consider
> adopting this rule. I am biased, of course, but I think that we should.
>
> In any case, we should focus our efforts on polishing v2.39.0, but I
> wanted to send this out to the list before I forgot about it.
>
> [1]: https://lore.kernel.org/git/Y1MrXoobkVKngYL1@xxxxxxxxxxxxxxxxxxxxxxx/
>
> contrib/coccinelle/xcalloc.pending.cocci | 21 +++++++++++++++++++++
> git-compat-util.h | 8 ++++++++
> 2 files changed, 29 insertions(+)
> create mode 100644 contrib/coccinelle/xcalloc.pending.cocci
>
> diff --git a/contrib/coccinelle/xcalloc.pending.cocci b/contrib/coccinelle/xcalloc.pending.cocci
> new file mode 100644
> index 0000000000..83e4ca1a68
> --- /dev/null
> +++ b/contrib/coccinelle/xcalloc.pending.cocci
> @@ -0,0 +1,21 @@
> +@@
> +type T;
> +T *ptr;
> +@@
> +- ptr = xcalloc(1, \( sizeof(T) \| sizeof(*ptr) \) )
> ++ CALLOC(ptr)
> +
> +@@
> +type T;
> +identifier ptr;
> +@@
> +- T ptr = xcalloc(1, \( sizeof(T) \| sizeof(*ptr) \) );
> ++ T ptr;
> ++ CALLOC(ptr);
This rule would turn this code:
struct foo *bar = xcalloc(1, sizeof(*bar));
int i;
... into:
struct foo *bar;
CALLOC(bar);
int i;
... which violates the coding guideline to not mix declarations and
statements (-Wdeclaration-after-statement).
> +
> +@@
> +type T;
> +T *ptr;
> +@@
> +- CALLOC_ARRAY(ptr, 1)
> ++ CALLOC(ptr)
> diff --git a/git-compat-util.h b/git-compat-util.h
> index a76d0526f7..827e5be89c 100644
> --- a/git-compat-util.h
> +++ b/git-compat-util.h
> @@ -1107,6 +1107,14 @@ static inline void move_array(void *dst, const void *src, size_t n, size_t size)
> memmove(dst, src, st_mult(size, n));
> }
>
> +/*
> + * Like CALLOC_ARRAY, but the argument is treated as a pointer to a
> + * single struct.
> + *
> + * Preferable over xcalloc(1, sizeof(...)), or CALLOC_ARRAY(..., 1).
> + */
> +#define CALLOC(x) (x) = CALLOC_ARRAY((x), 1)
> +
> /*
> * These functions help you allocate structs with flex arrays, and copy
> * the data directly into the array. For example, if you had:
> --
> 2.38.0.16.g393fd4c6db
