Re: [Qemu-devel] [PATCH] oslib: make error handling more reasonable

[Markus Armbruster]

Stefan Weil <address@hidden> writes:

> Am 10.02.2012 16:13, schrieb Zhi Yong Wu:
>> On Fri, Feb 10, 2012 at 10:41 PM, Daniel P. Berrange
>> <address@hidden> wrote:
>>> On Fri, Feb 10, 2012 at 10:34:13PM +0800, Zhi Yong Wu wrote:
>>>> From: Zhi Yong Wu <address@hidden>
>>>>
>>>> Signed-off-by: Zhi Yong Wu <address@hidden>
>>>> ---
>>>>  oslib-posix.c |    4 ++--
>>>>  oslib-win32.c |    4 ++--
>>>>  2 files changed, 4 insertions(+), 4 deletions(-)
>>>>
>>>> diff --git a/oslib-posix.c b/oslib-posix.c
>>>> index b6a3c7f..f978d56 100644
>>>> --- a/oslib-posix.c
>>>> +++ b/oslib-posix.c
>>>> @@ -80,7 +80,7 @@ void *qemu_oom_check(void *ptr)
>>>>  {
>>>>      if (ptr == NULL) {
>>>>          fprintf(stderr, "Failed to allocate memory: %s\n",
>>>> strerror(errno));
>>>> -        abort();
>>>> +        exit(EXIT_FAILURE);
>>>
>>> exit() will call any atexit()/on_exit() handlers, as well as trying
>>> to flush I/O streams. Any of these actions may require further
>>> memory allocations, which will likely fail, or worse cause this
>>> code to re-enter itself if an atexit() handler calls qemu_malloc
>> Nice, very reasonable.
>>>
>>> The only option other than abort(), is to use  _Exit() which
>>> doesn't try to run cleanup handlers.
>> I will try to send out v2
>
> Could you please explain why calling exit, _Exit or _exit is more
> reasonable than calling abort?
>
> abort can create core dumps or start a debugger which is
> useful for me and maybe other developers, too.

I consider abort() on OOM somewhat eccentric.  abort() is for
programming errors.  Resource shortage is an environmental error that is
sometimes (but not always) caused by a programming error.

I'd rather inconvenience programmers (by making it a little bit harder
to debug programming errors that cause OOM) than confuse users with
inappropriate scary "crashes".