1. 07 6月, 2016 1 次提交
  2. 12 5月, 2016 4 次提交
    • E
      qapi: Change visit_type_FOO() to no longer return partial objects · 68ab47e4
      Eric Blake 提交于
      Returning a partial object on error is an invitation for a careless
      caller to leak memory.  We already fixed things in an earlier
      patch to guarantee NULL if visit_start fails ("qapi: Guarantee
      NULL obj on input visitor callback error"), but that does not
      help the case where visit_start succeeds but some other failure
      happens before visit_end, such that we leak a partially constructed
      object outside visit_type_FOO(). As no one outside the testsuite
      was actually relying on these semantics, it is cleaner to just
      document and guarantee that ALL pointer-based visit_type_FOO()
      functions always leave a safe value in *obj during an input visitor
      (either the new object on success, or NULL if an error is
      encountered), so callers can now unconditionally use
      qapi_free_FOO() to clean up regardless of whether an error occurred.
      
      The decision is done by adding visit_is_input(), then updating the
      generated code to check if additional cleanup is needed based on
      the type of visitor in use.
      
      Note that we still leave *obj unchanged after a scalar-based
      visit_type_FOO(); I did not feel like auditing all uses of
      visit_type_Enum() to see if the callers would tolerate a specific
      sentinel value (not to mention having to decide whether it would
      be better to use 0 or ENUM__MAX as that sentinel).
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1461879932-9020-25-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      68ab47e4
    • E
      qapi: Split visit_end_struct() into pieces · 15c2f669
      Eric Blake 提交于
      As mentioned in previous patches, we want to call visit_end_struct()
      functions unconditionally, so that visitors can release resources
      tied up since the matching visit_start_struct() without also having
      to worry about error priority if more than one error occurs.
      
      Even though error_propagate() can be safely used to ignore a second
      error during cleanup caused by a first error, it is simpler if the
      cleanup cannot set an error.  So, split out the error checking
      portion (basically, input visitors checking for unvisited keys) into
      a new function visit_check_struct(), which can be safely skipped if
      any earlier errors are encountered, and leave the cleanup portion
      (which never fails, but must be called unconditionally if
      visit_start_struct() succeeded) in visit_end_struct().
      
      Generated code in qapi-visit.c has diffs resembling:
      
      |@@ -59,10 +59,12 @@ void visit_type_ACPIOSTInfo(Visitor *v,
      |         goto out_obj;
      |     }
      |     visit_type_ACPIOSTInfo_members(v, obj, &err);
      |-    error_propagate(errp, err);
      |-    err = NULL;
      |+    if (err) {
      |+        goto out_obj;
      |+    }
      |+    visit_check_struct(v, &err);
      | out_obj:
      |-    visit_end_struct(v, &err);
      |+    visit_end_struct(v);
      | out:
      
      and in qapi-event.c:
      
      @@ -47,7 +47,10 @@ void qapi_event_send_acpi_device_ost(ACP
      |         goto out;
      |     }
      |     visit_type_q_obj_ACPI_DEVICE_OST_arg_members(v, &param, &err);
      |-    visit_end_struct(v, err ? NULL : &err);
      |+    if (!err) {
      |+        visit_check_struct(v, &err);
      |+    }
      |+    visit_end_struct(v);
      |     if (err) {
      |         goto out;
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1461879932-9020-20-git-send-email-eblake@redhat.com>
      [Conflict with a doc fixup resolved]
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      15c2f669
    • E
      qmp: Support explicit null during visits · 3df016f1
      Eric Blake 提交于
      Implement the new type_null() callback for the qmp input and
      output visitors. While we don't yet have a use for this in QAPI
      input (the generator will need some tweaks first), some
      potential usages have already been discussed on the list.
      Meanwhile, the output visitor could already output explicit null
      via type_any, but this gives us finer control.
      
      At any rate, it's easy to test that we can round-trip an explicit
      null through manual use of visit_type_null() wrapped by a virtual
      visit_start_struct() walk, even if we can't do the visit in a
      QAPI type.  Repurpose the test_visitor_out_empty test,
      particularly since a future patch will tighten semantics to
      forbid use of qmp_output_get_qobject() without at least one
      intervening visit_type_*.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1461879932-9020-16-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      3df016f1
    • E
      qapi: Consolidate QMP input visitor creation · fc471c18
      Eric Blake 提交于
      Rather than having two separate ways to create a QMP input
      visitor, where the safer approach has the more verbose name,
      it is better to consolidate things into a single function
      where the caller must explicitly choose whether to be strict
      or to ignore excess input.  This patch is the strictly
      mechanical conversion; the next patch will then audit which
      uses can be made stricter.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1461879932-9020-6-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      fc471c18
  3. 23 3月, 2016 1 次提交
    • M
      include/qemu/osdep.h: Don't include qapi/error.h · da34e65c
      Markus Armbruster 提交于
      Commit 57cb38b3 included qapi/error.h into qemu/osdep.h to get the
      Error typedef.  Since then, we've moved to include qemu/osdep.h
      everywhere.  Its file comment explains: "To avoid getting into
      possible circular include dependencies, this file should not include
      any other QEMU headers, with the exceptions of config-host.h,
      compiler.h, os-posix.h and os-win32.h, all of which are doing a
      similar job to this file and are under similar constraints."
      qapi/error.h doesn't do a similar job, and it doesn't adhere to
      similar constraints: it includes qapi-types.h.  That's in excess of
      100KiB of crap most .c files don't actually need.
      
      Add the typedef to qemu/typedefs.h, and include that instead of
      qapi/error.h.  Include qapi/error.h in .c files that need it and don't
      get it now.  Include qapi-types.h in qom/object.h for uint16List.
      
      Update scripts/clean-includes accordingly.  Update it further to match
      reality: replace config.h by config-target.h, add sysemu/os-posix.h,
      sysemu/os-win32.h.  Update the list of includes in the qemu/osdep.h
      comment quoted above similarly.
      
      This reduces the number of objects depending on qapi/error.h from "all
      of them" to less than a third.  Unfortunately, the number depending on
      qapi-types.h shrinks only a little.  More work is needed for that one.
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      [Fix compilation without the spice devel packages. - Paolo]
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      da34e65c
  4. 18 3月, 2016 1 次提交
    • E
      qapi: Don't special-case simple union wrappers · 32bafa8f
      Eric Blake 提交于
      Simple unions were carrying a special case that hid their 'data'
      QMP member from the resulting C struct, via the hack method
      QAPISchemaObjectTypeVariant.simple_union_type().  But by using
      the work we started by unboxing flat union and alternate
      branches, coupled with the ability to visit the members of an
      implicit type, we can now expose the simple union's implicit
      type in qapi-types.h:
      
      | struct q_obj_ImageInfoSpecificQCow2_wrapper {
      |     ImageInfoSpecificQCow2 *data;
      | };
      |
      | struct q_obj_ImageInfoSpecificVmdk_wrapper {
      |     ImageInfoSpecificVmdk *data;
      | };
      ...
      | struct ImageInfoSpecific {
      |     ImageInfoSpecificKind type;
      |     union { /* union tag is @type */
      |         void *data;
      |-        ImageInfoSpecificQCow2 *qcow2;
      |-        ImageInfoSpecificVmdk *vmdk;
      |+        q_obj_ImageInfoSpecificQCow2_wrapper qcow2;
      |+        q_obj_ImageInfoSpecificVmdk_wrapper vmdk;
      |     } u;
      | };
      
      Doing this removes asymmetry between QAPI's QMP side and its
      C side (both sides now expose 'data'), and means that the
      treatment of a simple union as sugar for a flat union is now
      equivalent in both languages (previously the two approaches used
      a different layer of dereferencing, where the simple union could
      be converted to a flat union with equivalent C layout but
      different {} on the wire, or to an equivalent QMP wire form
      but with different C representation).  Using the implicit type
      also lets us get rid of the simple_union_type() hack.
      
      Of course, now all clients of simple unions have to adjust from
      using su->u.member to using su->u.member.data; while this touches
      a number of files in the tree, some earlier cleanup patches
      helped minimize the change to the initialization of a temporary
      variable rather than every single member access.  The generated
      qapi-visit.c code is also affected by the layout change:
      
      |@@ -7393,10 +7393,10 @@ void visit_type_ImageInfoSpecific_member
      |     }
      |     switch (obj->type) {
      |     case IMAGE_INFO_SPECIFIC_KIND_QCOW2:
      |-        visit_type_ImageInfoSpecificQCow2(v, "data", &obj->u.qcow2, &err);
      |+        visit_type_q_obj_ImageInfoSpecificQCow2_wrapper_members(v, &obj->u.qcow2, &err);
      |         break;
      |     case IMAGE_INFO_SPECIFIC_KIND_VMDK:
      |-        visit_type_ImageInfoSpecificVmdk(v, "data", &obj->u.vmdk, &err);
      |+        visit_type_q_obj_ImageInfoSpecificVmdk_wrapper_members(v, &obj->u.vmdk, &err);
      |         break;
      |     default:
      |         abort();
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1458254921-17042-13-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      32bafa8f
  5. 19 2月, 2016 3 次提交
    • E
      qapi: Don't box branches of flat unions · 544a3731
      Eric Blake 提交于
      There's no reason to do two malloc's for a flat union; let's just
      inline the branch struct directly into the C union branch of the
      flat union.
      
      Surprisingly, fewer clients were actually using explicit references
      to the branch types in comparison to the number of flat unions
      thus modified.
      
      This lets us reduce the hack in qapi-types:gen_variants() added in
      the previous patch; we no longer need to distinguish between
      alternates and flat unions.
      
      The change to unboxed structs means that u.data (added in commit
      cee2dedb) is now coincident with random fields of each branch of
      the flat union, whereas beforehand it was only coincident with
      pointers (since all branches of a flat union have to be objects).
      Note that this was already the case for simple unions - but there
      we got lucky.  Remember, visit_start_union() blindly returns true
      for all visitors except for the dealloc visitor, where it returns
      the value !!obj->u.data, and that this result then controls
      whether to proceed with the visit to the variant.  Pre-patch,
      this meant that flat unions were testing whether the boxed pointer
      was still NULL, and thereby skipping visit_end_implicit_struct()
      and avoiding a NULL dereference if the pointer had not been
      allocated.  The same was true for simple unions where the current
      branch had pointer type, except there we bypassed visit_type_FOO().
      But for simple unions where the current branch had scalar type, the
      contents of that scalar meant that the decision to call
      visit_type_FOO() was data-dependent - the reason we got lucky there
      is that visit_type_FOO() for all scalar types in the dealloc visitor
      is a no-op (only the pointer variants had anything to free), so it
      did not matter whether the dealloc visit was skipped.  But with this
      patch, we would risk leaking memory if we could skip a call to
      visit_type_FOO_fields() based solely on a data-dependent decision.
      
      But notice: in the dealloc visitor, visit_type_FOO() already handles
      a NULL obj - it was only the visit_type_implicit_FOO() that was
      failing to check for NULL. And now that we have refactored things to
      have the branch be part of the parent struct, we no longer have a
      separate pointer that can be NULL in the first place.  So we can just
      delete the call to visit_start_union() altogether, and blindly visit
      the branch type; there is no change in behavior except to the dealloc
      visitor, where we now unconditionally visit the branch, but where that
      visit is now always safe (for a flat union, we can no longer
      dereference NULL, and for a simple union, visit_type_FOO() was already
      safely handling NULL on pointer types).
      
      Unfortunately, simple unions are not as easy to switch to unboxed
      layout; because we are special-casing the hidden implicit type with
      a single 'data' member, we really DO need to keep calling another
      layer of visit_start_struct(), with a second malloc; although there
      are some cleanups planned for simple unions in later patches.
      
      visit_start_union() and gen_visit_implicit_struct() are now unused.
      Drop them.
      
      Note that after this patch, the only remaining use of
      visit_start_implicit_struct() is for alternate types; the next patch
      will do further cleanup based on that fact.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1455778109-6278-14-git-send-email-eblake@redhat.com>
      [Dead code deletion squashed in, commit message updated accordingly]
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      544a3731
    • E
      qapi: Don't box struct branch of alternate · becceedc
      Eric Blake 提交于
      There's no reason to do two malloc's for an alternate type visiting
      a QAPI struct; let's just inline the struct directly as the C union
      branch of the struct.
      
      Surprisingly, no clients were actually using the struct member prior
      to this patch outside of the testsuite; an earlier patch in the series
      added some testsuite coverage to make the effect of this patch more
      obvious.
      
      In qapi.py, c_type() gains a new is_unboxed flag to control when we
      are emitting a C struct unboxed within the context of an outer
      struct (different from our other two modes of usage with no flags
      for normal local variable declarations, and with is_param for adding
      'const' in a parameter list).  I don't know if there is any more
      pythonic way of collapsing the two flags into a single parameter,
      as we never have a caller setting both flags at once.
      
      Ultimately, we want to also unbox branches for QAPI unions, but as
      that touches a lot more client code, it is better as separate
      patches.  But since unions and alternates share gen_variants(), I
      had to hack in a way to test if we are visiting an alternate type
      for setting the is_unboxed flag: look for a non-object branch.
      This works because alternates have at least two branches, with at
      most one object branch, while unions have only object branches.
      The hack will go away in a later patch.
      
      The generated code difference to qapi-types.h is relatively small:
      
      | struct BlockdevRef {
      |     QType type;
      |     union { /* union tag is @type */
      |         void *data;
      |-        BlockdevOptions *definition;
      |+        BlockdevOptions definition;
      |         char *reference;
      |     } u;
      | };
      
      The corresponding spot in qapi-visit.c calls visit_type_FOO(), which
      first calls visit_start_struct() to allocate or deallocate the member
      and handle a layer of {} from the JSON stream, then visits the
      members.  To peel off the indirection and the memory management that
      comes with it, we inline this call, then suppress allocation /
      deallocation by passing NULL to visit_start_struct(), and adjust the
      member visit:
      
      |     switch ((*obj)->type) {
      |     case QTYPE_QDICT:
      |-        visit_type_BlockdevOptions(v, name, &(*obj)->u.definition, &err);
      |+        visit_start_struct(v, name, NULL, 0, &err);
      |+        if (err) {
      |+            break;
      |+        }
      |+        visit_type_BlockdevOptions_fields(v, &(*obj)->u.definition, &err);
      |+        error_propagate(errp, err);
      |+        err = NULL;
      |+        visit_end_struct(v, &err);
      |         break;
      |     case QTYPE_QSTRING:
      |         visit_type_str(v, name, &(*obj)->u.reference, &err);
      
      The visit of non-object fields is unchanged.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1455778109-6278-13-git-send-email-eblake@redhat.com>
      [Commit message tweaked]
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      becceedc
    • E
      qapi: Add tests of complex objects within alternate · 68d07839
      Eric Blake 提交于
      Upcoming patches will adjust how we visit an object branch of an
      alternate; but we were completely lacking testsuite coverage.
      Rectify this, so that the future patches will be able to highlight
      the changes and still prove that we avoided regressions.
      
      In particular, the use of a flat union UserDefFlatUnion rather
      than a simple struct UserDefA as the branch will give us coverage
      of an object with variants.  And visiting an alternate as both
      the top level and as a nested member gives confidence in correct
      memory allocation handling, especially if the test is run under
      valgrind.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1455778109-6278-5-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      68d07839
  6. 16 2月, 2016 1 次提交
  7. 09 2月, 2016 1 次提交
    • E
      qapi: Swap visit_* arguments for consistent 'name' placement · 51e72bc1
      Eric Blake 提交于
      JSON uses "name":value, but many of our visitor interfaces were
      called with visit_type_FOO(v, &value, name, errp).  This can be
      a bit confusing to have to mentally swap the parameter order to
      match JSON order.  It's particularly bad for visit_start_struct(),
      where the 'name' parameter is smack in the middle of the
      otherwise-related group of 'obj, kind, size' parameters! It's
      time to do a global swap of the parameter ordering, so that the
      'name' parameter is always immediately after the Visitor argument.
      
      Additional reason in favor of the swap: the existing include/qjson.h
      prefers listing 'name' first in json_prop_*(), and I have plans to
      unify that file with the qapi visitors; listing 'name' first in
      qapi will minimize churn to the (admittedly few) qjson.h clients.
      
      Later patches will then fix docs, object.h, visitor-impl.h, and
      those clients to match.
      
      Done by first patching scripts/qapi*.py by hand to make generated
      files do what I want, then by running the following Coccinelle
      script to affect the rest of the code base:
       $ spatch --sp-file script `git grep -l '\bvisit_' -- '**/*.[ch]'`
      I then had to apply some touchups (Coccinelle insisted on TAB
      indentation in visitor.h, and botched the signature of
      visit_type_enum() by rewriting 'const char *const strings[]' to
      the syntactically invalid 'const char*const[] strings').  The
      movement of parameters is sufficient to provoke compiler errors
      if any callers were missed.
      
          // Part 1: Swap declaration order
          @@
          type TV, TErr, TObj, T1, T2;
          identifier OBJ, ARG1, ARG2;
          @@
           void visit_start_struct
          -(TV v, TObj OBJ, T1 ARG1, const char *name, T2 ARG2, TErr errp)
          +(TV v, const char *name, TObj OBJ, T1 ARG1, T2 ARG2, TErr errp)
           { ... }
      
          @@
          type bool, TV, T1;
          identifier ARG1;
          @@
           bool visit_optional
          -(TV v, T1 ARG1, const char *name)
          +(TV v, const char *name, T1 ARG1)
           { ... }
      
          @@
          type TV, TErr, TObj, T1;
          identifier OBJ, ARG1;
          @@
           void visit_get_next_type
          -(TV v, TObj OBJ, T1 ARG1, const char *name, TErr errp)
          +(TV v, const char *name, TObj OBJ, T1 ARG1, TErr errp)
           { ... }
      
          @@
          type TV, TErr, TObj, T1, T2;
          identifier OBJ, ARG1, ARG2;
          @@
           void visit_type_enum
          -(TV v, TObj OBJ, T1 ARG1, T2 ARG2, const char *name, TErr errp)
          +(TV v, const char *name, TObj OBJ, T1 ARG1, T2 ARG2, TErr errp)
           { ... }
      
          @@
          type TV, TErr, TObj;
          identifier OBJ;
          identifier VISIT_TYPE =~ "^visit_type_";
          @@
           void VISIT_TYPE
          -(TV v, TObj OBJ, const char *name, TErr errp)
          +(TV v, const char *name, TObj OBJ, TErr errp)
           { ... }
      
          // Part 2: swap caller order
          @@
          expression V, NAME, OBJ, ARG1, ARG2, ERR;
          identifier VISIT_TYPE =~ "^visit_type_";
          @@
          (
          -visit_start_struct(V, OBJ, ARG1, NAME, ARG2, ERR)
          +visit_start_struct(V, NAME, OBJ, ARG1, ARG2, ERR)
          |
          -visit_optional(V, ARG1, NAME)
          +visit_optional(V, NAME, ARG1)
          |
          -visit_get_next_type(V, OBJ, ARG1, NAME, ERR)
          +visit_get_next_type(V, NAME, OBJ, ARG1, ERR)
          |
          -visit_type_enum(V, OBJ, ARG1, ARG2, NAME, ERR)
          +visit_type_enum(V, NAME, OBJ, ARG1, ARG2, ERR)
          |
          -VISIT_TYPE(V, OBJ, NAME, ERR)
          +VISIT_TYPE(V, NAME, OBJ, ERR)
          )
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
      Message-Id: <1454075341-13658-19-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      51e72bc1
  8. 17 12月, 2015 2 次提交
    • E
      qapi: Fix alternates that accept 'number' but not 'int' · d00341af
      Eric Blake 提交于
      The QMP input visitor allows integral values to be assigned by
      promotion to a QTYPE_QFLOAT.  However, when parsing an alternate,
      we did not take this into account, such that an alternate that
      accepts 'number' and some other type, but not 'int', would reject
      integral values.
      
      With this patch, we now have the following desirable table:
      
          alternate has      case selected for
          'int'  'number'    QTYPE_QINT  QTYPE_QFLOAT
            no        no     error       error
            no       yes     'number'    'number'
           yes        no     'int'       error
           yes       yes     'int'       'number'
      
      While it is unlikely that we will ever use 'number' in an
      alternate other than in the testsuite, it never hurts to be
      more precise in what we allow.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1449033659-25497-8-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      d00341af
    • E
      qapi: Simplify visiting of alternate types · 0426d53c
      Eric Blake 提交于
      Previously, working with alternates required two lookup arrays
      and some indirection: for type Foo, we created Foo_qtypes[]
      which maps each qtype to a value of the generated FooKind enum,
      then look up that value in FooKind_lookup[] like we do for other
      union types.
      
      This has a couple of subtle bugs.  First, the generator was
      creating a call with a parameter '(int *) &(*obj)->type' where
      type is an enum type; this is unsafe if the compiler chooses
      to store the enum type in a different size than int, where
      assigning through the wrong size pointer can corrupt data or
      cause a SIGBUS.
      
      Related bug, not not fixed in this patch: qapi-visit.py's
      gen_visit_enum() generates a cast of its enum * argument to
      int *. Marked FIXME.
      
      Second, since the values of the FooKind enum start at zero, all
      entries of the Foo_qtypes[] array that were not explicitly
      initialized will map to the same branch of the union as the
      first member of the alternate, rather than triggering a desired
      failure in visit_get_next_type().  Fortunately, the bug seldom
      bites; the very next thing the input visitor does is try to
      parse the incoming JSON with the wrong parser, which normally
      fails; the output visitor is not used with a C struct in that
      state, and the dealloc visitor has nothing to clean up (so
      there is no leak).
      
      However, the second bug IS observable in one case: parsing an
      integer causes unusual behavior in an alternate that contains
      at least a 'number' member but no 'int' member, because the
      'number' parser accepts QTYPE_QINT in addition to the expected
      QTYPE_QFLOAT (that is, since 'int' is not a member, the type
      QTYPE_QINT accidentally maps to FooKind 0; if this enum value
      is the 'number' branch the integer parses successfully, but if
      the 'number' branch is not first, some other branch tries to
      parse the integer and rejects it).  A later patch will worry
      about fixing alternates to always parse all inputs that a
      non-alternate 'number' would accept, for now this is still
      marked FIXME in the updated test-qmp-input-visitor.c, to
      merely point out that new undesired behavior of 'ans' matches
      the existing undesired behavior of 'asn'.
      
      This patch fixes the default-initialization bug by deleting the
      indirection, and modifying get_next_type() to directly assign a
      QTypeCode parameter.  This in turn fixes the type-casting bug,
      as we are no longer casting a pointer to enum to a questionable
      size. There is no longer a need to generate an implicit FooKind
      enum associated with the alternate type (since the QMP wire
      format never uses the stringized counterparts of the C union
      member names).  Since the updated visit_get_next_type() does not
      know which qtypes are expected, the generated visitor is
      modified to generate an error statement if an unexpected type is
      encountered.
      
      Callers now have to know the QTYPE_* mapping when looking at the
      discriminator; but so far, only the testsuite was even using the
      C struct of an alternate types.  I considered the possibility of
      keeping the internal enum FooKind, but initialized differently
      than most generated arrays, as in:
        typedef enum FooKind {
            FOO_KIND_A = QTYPE_QDICT,
            FOO_KIND_B = QTYPE_QINT,
        } FooKind;
      to create nicer aliases for knowing when to use foo->a or foo->b
      when inspecting foo->type; but it turned out to add too much
      complexity, especially without a client.
      
      There is a user-visible side effect to this change, but I
      consider it to be an improvement. Previously,
      the invalid QMP command:
        {"execute":"blockdev-add", "arguments":{"options":
          {"driver":"raw", "id":"a", "file":true}}}
      failed with:
        {"error": {"class": "GenericError",
          "desc": "Invalid parameter type for 'file', expected: QDict"}}
      (visit_get_next_type() succeeded, and the error comes from the
      visit_type_BlockdevOptions() expecting {}; there is no mention of
      the fact that a string would also work).  Now it fails with:
        {"error": {"class": "GenericError",
          "desc": "Invalid parameter type for 'file', expected: BlockdevRef"}}
      (the error when the next type doesn't match any expected types for
      the overall alternate).
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1449033659-25497-5-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      0426d53c
  9. 10 11月, 2015 3 次提交
    • E
      qapi: More tests of input arrays · 2533377c
      Eric Blake 提交于
      Our testsuite had no coverage of empty arrays, nor of what
      happens when the input does not match the expected type.
      Useful to have, especially if we start changing the visitor
      contracts.
      
      I did not think it worth duplicating these additions to
      test-qmp-input-strict; since all strict mode does is add
      the ability to reject JSON input that has more keys than
      what the visitor expects, yet the additions in this patch
      error out earlier than that point regardless of whether
      strict mode was requested.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1446791754-23823-11-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      2533377c
    • E
      qapi: Test failure in middle of array parse · dd5ee2c2
      Eric Blake 提交于
      Our generated list visitors have the same problem as has been
      mentioned elsewhere (see commit 2f52e205): they allocate data
      even on failure. An upcoming patch will correct things to
      provide saner guarantees, but first we need to expose the
      behavior in the testsuite to ensure we aren't introducing any
      memory usage bugs.
      
      There are more test cases throughout the test-qmp-input-* tests
      that already deal with partial allocation; a later commit will
      clean up all visit_type_FOO(), without marking all of the tests
      with FIXME at this time.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1446791754-23823-10-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      dd5ee2c2
    • E
      qapi: Simplify error cleanup in test-qmp-* · a12a5a1a
      Eric Blake 提交于
      We have several tests that perform multiple sub-actions that are
      expected to fail.  Asserting that an error occurred, then clearing
      it up to prepare for the next action, turned into enough
      boilerplate that it was sometimes forgotten (for example, a number
      of tests added to test-qmp-input-visitor.c in d88f5fd1 leaked err).
      Worse, if an error is not reset to NULL, we risk invalidating
      later use of that error (passing a non-NULL err into a function
      is generally a bad idea).  Encapsulate the boilerplate into a
      single helper function error_free_or_abort(), and consistently
      use it.
      
      The new function is added into error.c for use everywhere,
      although it is anticipated that testsuites will be the main
      client.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      a12a5a1a
  10. 09 11月, 2015 4 次提交
    • E
      qapi: Simplify non-error testing in test-qmp-* · 3f66f764
      Eric Blake 提交于
      By using &error_abort, we can avoid a local err variable in
      situations where we expect success.  It also has the nice
      effect that if the test breaks, the error message from
      error_abort tends to be nicer than that of g_assert().
      
      This patch has an additional bonus of fixing several call sites that
      were passing &err to two different functions without checking it in
      between.  In general that is unsafe practice; because if the first
      function sets an error, the second function could abort() if it tries to
      set a different error. We got away with it because we were asserting
      that err was NULL through the entire chain, but switching to
      &error_abort avoids the questionable practice up front.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1446791754-23823-7-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      3f66f764
    • E
      qapi: Plug leaks in test-qmp-* · b18f1141
      Eric Blake 提交于
      Make valgrind happy with the current state of the tests, so that
      it is easier to see if future patches introduce new memory problems
      without being drowned in noise.  Many of the leaks were due to
      calling a second init without tearing down the data from an earlier
      visit.  But since teardown is already idempotent, and we already
      register teardown as part of input_visitor_test_add(), it is nicer
      to just make init() safe to call multiple times than it is to have
      to make all tests call teardown.
      
      Another common leak was forgetting to clean up an error object,
      after testing that an error was raised.
      
      Another leak was in test_visitor_in_struct_nested(), failing to
      clean the base member of UserDefTwo.  Cleaning that up left
      check_and_free_str() as dead code (since using the qapi_free_*
      takes care of recursion, and we don't want double frees).
      
      A final leak was in test_visitor_out_any(), which was reassigning
      the qobj local variable to a subset of the overall structure
      needing freeing; it did not result in a use-after-free, but
      was not cleaning up all the qdict.
      
      test-qmp-event and test-qmp-commands were already clean.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1446791754-23823-6-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      b18f1141
    • E
      qapi: Share test_init code in test-qmp-input* · 0920a171
      Eric Blake 提交于
      Rather than duplicate the body of two functions just to
      decide between qobject_from_jsonv() and qobject_from_json(),
      exploit the fact that qobject_from_jsonv() intentionally
      takes 'va_list *' instead of the more common 'va_list', and
      that qobject_from_json() just calls qobject_from_jsonv(,NULL).
      For each file, our two existing init functions then become
      thin wrappers around a new internal function, and future
      updates to initialization don't have to be duplicated.
      Suggested-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1446791754-23823-5-git-send-email-eblake@redhat.com>
      [Two old comment typos fixed]
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      0920a171
    • E
      qapi: Use generated TestStruct machinery in tests · 748053c9
      Eric Blake 提交于
      Commit d88f5fd1 and friends first introduced the various test-qmp-*
      tests in 2011, with duplicated hand-rolled TestStruct machinery,
      to make sure the qapi visitor interface was tested.  Later, commit
      4f193e34 in 2013 added a .json file for further testing use by the
      files, but without consolidating any of the existing hand-rolled
      visitors.  And with four copies, subtle differences have crept in,
      between the tests themselves (mainly whitespace differences, but
      also a question of whether to use NULL or "TestStruct" when
      calling visit_start_struct()) and from what the generator produces
      (the hand-rolled versions did not cater to partially-allocated
      objects, because they did not have a deallocation usage).
      
      Of course, just because the visitor interface is tested does not
      mean it is a sane interface; and future patches will be changing
      some of the visitor contracts.  Rather than having to duplicate
      the cleanup work in each copy of the TestStruct visitor, and keep
      each hand-rolled copy in sync with what the generator supplies, we
      might as well just test what the generator should give us in the
      first place.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1446791754-23823-2-git-send-email-eblake@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      748053c9
  11. 02 11月, 2015 3 次提交
    • E
      tests: Convert to new qapi union layout · c363acef
      Eric Blake 提交于
      We have two issues with our qapi union layout:
      1) Even though the QMP wire format spells the tag 'type', the
      C code spells it 'kind', requiring some hacks in the generator.
      2) The C struct uses an anonymous union, which places all tag
      values in the same namespace as all non-variant members. This
      leads to spurious collisions if a tag value matches a non-variant
      member's name.
      
      Make the conversion to the new layout for testsuite code.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1445898903-12082-15-git-send-email-eblake@redhat.com>
      [Commit message tweaked slightly]
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      c363acef
    • E
      qapi: Unbox base members · ddf21908
      Eric Blake 提交于
      Rather than storing a base class as a pointer to a box, just
      store the fields of that base class in the same order, so that
      a child struct can be directly cast to its parent.  This gives
      less malloc overhead, less pointer dereferencing, and even less
      generated code.  Compare to the earlier commit 1e6c1616 "qapi:
      Generate a nicer struct for flat unions" (although that patch
      had fewer places to change, as less of qemu was directly using
      qapi structs for flat unions).  It also allows us to turn on
      automatic type-safe wrappers for upcasting to the base class
      of a struct.
      
      Changes to the generated code look like this in qapi-types.h:
      
      | struct SpiceChannel {
      |-    SpiceBasicInfo *base;
      |+    /* Members inherited from SpiceBasicInfo: */
      |+    char *host;
      |+    char *port;
      |+    NetworkAddressFamily family;
      |+    /* Own members: */
      |     int64_t connection_id;
      
      as well as additional upcast functions like qapi_SpiceChannel_base().
      Meanwhile, changes to qapi-visit.c look like:
      
      | static void visit_type_SpiceChannel_fields(Visitor *v, SpiceChannel **obj, Error **errp)
      | {
      |     Error *err = NULL;
      |
      |-    visit_type_implicit_SpiceBasicInfo(v, &(*obj)->base, &err);
      |+    visit_type_SpiceBasicInfo_fields(v, (SpiceBasicInfo **)obj, &err);
      |     if (err) {
      
      (the cast is necessary, since our upcast wrappers only deal with a
      single pointer, not pointer-to-pointer); plus the wholesale
      elimination of some now-unused visit_type_implicit_FOO() functions.
      
      Without boxing, the corner case of one empty struct having
      another empty struct as its base type now requires inserting a
      dummy member (previously, the 'Base *base' member sufficed).
      
      And now that we no longer consume a 'base' member in the generated
      C struct, we can delete the former negative struct-base-clash-base
      test.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1445898903-12082-11-git-send-email-eblake@redhat.com>
      [Commit message tweaked slightly]
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      ddf21908
    • E
      qapi: Prefer typesafe upcasts to qapi base classes · 30594fe1
      Eric Blake 提交于
      A previous patch (commit 1e6c1616) made it possible to
      directly cast from a qapi flat union type to its base type.
      However, it requires the use of a C cast, which turns off
      compiler type-safety checks.  Fortunately, no such casts
      exist, just yet.
      
      Regardless, add inline type-safe wrappers named
      qapi_FOO_base() for any union type FOO that has a base,
      which can be used for a safer upcast, and enhance the
      testsuite to cover the new functionality.
      
      A future patch will extend the upcast support to structs,
      where such conversions do exist already.
      
      Note that C makes const-correct upcasts annoying because
      it lacks overloads; these functions cast away const so that
      they can accept user pointers whether const or not, and the
      result in turn can be assigned to normal or const pointers.
      Alternatively, this could have been done with macros, but
      type-safe macros are hairy, and not worthwhile here.
      
      This patch just adds upcasts.  None of our code needed to
      downcast from a base qapi class to a child.  Also, in the
      case of grandchildren (such as BlockdevOptionsQcow2), the
      caller will need to call two functions to get to the inner
      base (although it wouldn't be too hard to generate a
      qapi_FOO_base_base() if desired).  If a user changes qapi
      to alter the base class hierarchy, such as going from
      'A -> C' to 'A -> B -> C', it will change the type of
      'qapi_C_base()', and the compiler will point out the places
      that are affected by the new base.
      
      One alternative was proposed, but was deemed too ugly to use
      in practice: the generators could output redundant
      information using anonymous types:
      | struct Child {
      |     union {
      |         struct {
      |             Type1 parent_member1;
      |             Type2 parent_member2;
      |         };
      |         Parent base;
      |     };
      | };
      With that ugly proposal, for a given qapi type, obj->member
      and obj->base.member would refer to the same storage; allowing
      convenience in working with members without needing 'base.'
      allowing typesafe upcast without needing a C cast by accessing
      '&obj->base', and allowing downcasts from the parent back to
      the child possible through container_of(obj, Child, base).
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1445898903-12082-10-git-send-email-eblake@redhat.com>
      [Commit message tweaked]
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      30594fe1
  12. 13 10月, 2015 1 次提交
    • E
      qapi: Test use of 'number' within alternates · 9c51b441
      Eric Blake 提交于
      Add some testsuite exposure for use of a 'number' as part of
      an alternate.  The current state of the tree has a few bugs
      exposed by this: our input parser depends on the ordering of
      how the qapi schema declared the alternate, and the parser
      does not accept integers for a 'number' in an alternate even
      though it does for numbers outside of an alternate.
      
      Mixing 'int' and 'number' in the same alternate is unusual,
      since both are supplied by json-numbers, but there does not
      seem to be a technical reason to forbid it given that our
      json lexer distinguishes between json-numbers that can be
      represented as an int vs. those that cannot.
      
      Improve the existing test_visitor_in_alternate() to match the
      style of the new test_visitor_in_alternate_number(), and to
      ensure full coverage of all possible qtype parsing.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Message-Id: <1443565276-4535-9-git-send-email-eblake@redhat.com>
      [Eric's follow-up fixes squashed in]
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      9c51b441
  13. 21 9月, 2015 2 次提交
  14. 04 9月, 2015 2 次提交
  15. 06 5月, 2015 5 次提交
    • E
      qapi: Drop tests for inline nested structs · 6446a592
      Eric Blake 提交于
      A future patch will be using a 'name':{dictionary} entry in the
      QAPI schema to specify a default value for an optional argument;
      but existing use of inline nested structs conflicts with that goal.
      
      More precisely, a definition in the QAPI schema associates a name
      with a set of properties:
      
      Example 1: { 'struct': 'Foo', 'data': { MEMBERS... } }
      associates the global name 'Foo' with properties (meta-type struct)
      and MEMBERS...
      
      Example 2: 'mumble': TYPE
      within MEMBERS... above associates 'mumble' with properties (type
      TYPE) and (optional false) within type Foo
      
      The syntax of example 1 is extensible; if we need another property,
      we add another name/value pair to the dictionary (such as
      'base':TYPE).  The syntax of example 2 is not extensible, because
      the right hand side can only be a type.
      
      We have used name encoding to add a property: "'*mumble': 'int'"
      associates 'mumble' with (type int) and (optional true).  Nice,
      but doesn't scale.  So the solution is to change our existing uses
      to be syntactic sugar to an extensible form:
      
         NAME: TYPE   --> NAME:  { 'type': TYPE, 'optional': false }
         *ONAME: TYPE --> ONAME: { 'type': TYPE, 'optional': true }
      
      This patch fixes the testsuite to avoid inline nested types, by
      breaking the nesting into explicit types; it means that the type
      is now boxed instead of unboxed in C code, but makes no difference
      on the wire (and if desired, a later patch could change the
      generator to not do so much boxing in C).  When touching code to
      add new allocations, also convert existing allocations to
      consistently prefer typesafe g_new0 over g_malloc0 when a type
      name is involved.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      6446a592
    • E
      qapi: Merge UserDefTwo and UserDefNested in tests · b6fcf32d
      Eric Blake 提交于
      In the testsuite, UserDefTwo and UserDefNested were identical
      structs other than the member names.  Reduce code duplication by
      having just one type, and choose names that also favor reuse.
      This will also make it easier for a later patch to get rid of
      inline nested types in QAPI.  When touching code related to
      allocations, convert g_malloc0(sizeof(Type)) to the more typesafe
      g_new0(Type, 1).
      
      Ensure that 'make check-qapi-schema check-unit' still passes.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      b6fcf32d
    • E
      qapi: Rename anonymous union type in test · ab045267
      Eric Blake 提交于
      Reduce churn in the future patch that replaces anonymous unions
      with a new metatype 'alternate' by changing 'AnonUnion' to
      'Alternate'.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      ab045267
    • E
      qapi: Forbid base without discriminator in unions · a8d4a2e4
      Eric Blake 提交于
      None of the existing QMP or QGA interfaces uses a union with a
      base type but no discriminator; it is easier to avoid this in the
      generator to save room for other future extensions more likely to
      be useful.  An earlier commit added a union-base-no-discriminator
      test to ensure that we eventually give a decent error message;
      likewise, removing UserDefUnion outright is okay, because we moved
      all the tests we wish to keep into the tests of the simple union
      UserDefNativeListUnion in the previous commit.  Now is the time to
      actually forbid simple union with base, and remove the last
      vestiges from the testsuite.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      a8d4a2e4
    • E
      qapi: Clean up test coverage of simple unions · 805017b7
      Eric Blake 提交于
      The tests of UserDefNativeListUnion serve to validate code
      generation of simple unions without a base type, except that it
      did not have full coverage in the strict test.  The next commits
      will remove tests and support for simple unions with a base type,
      so there is no real loss at repurposing that test here as
      opposed to churn of adding a new test then deleting the old one.
      
      Fix some indentation and long lines while at it.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      805017b7
  16. 16 5月, 2014 1 次提交
    • M
      qapi: Replace uncommon use of the error API by the common one · 297a3646
      Markus Armbruster 提交于
      We commonly use the error API like this:
      
          err = NULL;
          foo(..., &err);
          if (err) {
              goto out;
          }
          bar(..., &err);
      
      Every error source is checked separately.  The second function is only
      called when the first one succeeds.  Both functions are free to pass
      their argument to error_set().  Because error_set() asserts no error
      has been set, this effectively means they must not be called with an
      error set.
      
      The qapi-generated code uses the error API differently:
      
          // *errp was initialized to NULL somewhere up the call chain
          frob(..., errp);
          gnat(..., errp);
      
      Errors accumulate in *errp: first error wins, subsequent errors get
      dropped.  To make this work, the second function does nothing when
      called with an error set.  Requires non-null errp, or else the second
      function can't see the first one fail.
      
      This usage has also bled into visitor tests, and two device model
      object property getters rtc_get_date() and balloon_stats_get_all().
      
      With the "accumulate" technique, you need fewer error checks in
      callers, and buy that with an error check in every callee.  Can be
      nice.
      
      However, mixing the two techniques is confusing.  You can't use the
      "accumulate" technique with functions designed for the "check
      separately" technique.  You can use the "check separately" technique
      with functions designed for the "accumulate" technique, but then
      error_set() can't catch you setting an error more than once.
      
      Standardize on the "check separately" technique for now, because it's
      overwhelmingly prevalent.
      Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
      Reviewed-by: NEric Blake <eblake@redhat.com>
      Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
      297a3646
  17. 09 5月, 2014 2 次提交
  18. 11 3月, 2014 1 次提交
  19. 04 3月, 2014 2 次提交