diff mbox

[v9,24/37] qmp: Tighten output visitor rules

Message ID 1453219845-30939-25-git-send-email-eblake@redhat.com (mailing list archive)
State New, archived
Headers show

Commit Message

Eric Blake Jan. 19, 2016, 4:10 p.m. UTC
Add a new qmp_output_visitor_reset(), which must be called before
reusing an exising QmpOutputVisitor on a new root object.  Tighten
assertions to require that qmp_output_get_qobject() can only be
called after pairing a visit_end_* for every visit_start_* (rather
than allowing it to return a partially built object), that it must
not be called unless at least one visit_type_* or visit_start/
visit_end pair has occurred since creation/reset (the accidental
return of NULL fixed by commit ab8bf1d7 would have been much
easier to diagnose), and that it may only be called once per visit.

Meanwhile, nothing was using the return value of qmp_output_pop().
Also, adding a parameter will let us diagnose any programming bugs
due to mismatched push(struct)/pop(list) or push(list)/pop(struct).

To keep the semantics of test_visitor_out_empty, we now have to
explicitly request a top-level visit of a NULL object, by
implementing the just-added visitor type_null() callback.

Signed-off-by: Eric Blake <eblake@redhat.com>

---
v9: rebase to added patch, squash in more sanity checks, drop
Marc-Andre's R-b
v8: rename qmp_output_reset to qmp_output_visitor_reset
v7: new patch, based on discussion about spapr_drc.c
---
 include/qapi/qmp-output-visitor.h |  1 +
 include/qapi/visitor-impl.h       |  4 ++--
 qapi/qmp-output-visitor.c         | 50 +++++++++++++++++++++++----------------
 tests/test-qmp-output-visitor.c   |  2 ++
 4 files changed, 35 insertions(+), 22 deletions(-)

Comments

Markus Armbruster Jan. 22, 2016, 7:11 p.m. UTC | #1
Eric Blake <eblake@redhat.com> writes:

> Add a new qmp_output_visitor_reset(), which must be called before
> reusing an exising QmpOutputVisitor on a new root object.  Tighten
> assertions to require that qmp_output_get_qobject() can only be
> called after pairing a visit_end_* for every visit_start_* (rather
> than allowing it to return a partially built object), that it must
> not be called unless at least one visit_type_* or visit_start/
> visit_end pair has occurred since creation/reset (the accidental
> return of NULL fixed by commit ab8bf1d7 would have been much
> easier to diagnose),

Makes sense.

>                      and that it may only be called once per visit.

Why?

Does it have a side effect?

> Meanwhile, nothing was using the return value of qmp_output_pop().

Well, pop returns the value popped, otherwise it's not a pop.

> Also, adding a parameter will let us diagnose any programming bugs
> due to mismatched push(struct)/pop(list) or push(list)/pop(struct).

Hmm.

> To keep the semantics of test_visitor_out_empty, we now have to
> explicitly request a top-level visit of a NULL object, by
> implementing the just-added visitor type_null() callback.

The fact that we implement type_null() in the QMP output visitor is
mentioned only in passing, and not clearly.

Could the previous patch implement it for both QMP input and output?

> Signed-off-by: Eric Blake <eblake@redhat.com>
>
> ---
> v9: rebase to added patch, squash in more sanity checks, drop
> Marc-Andre's R-b
> v8: rename qmp_output_reset to qmp_output_visitor_reset
> v7: new patch, based on discussion about spapr_drc.c
> ---
>  include/qapi/qmp-output-visitor.h |  1 +
>  include/qapi/visitor-impl.h       |  4 ++--
>  qapi/qmp-output-visitor.c         | 50 +++++++++++++++++++++++----------------
>  tests/test-qmp-output-visitor.c   |  2 ++
>  4 files changed, 35 insertions(+), 22 deletions(-)
>
> diff --git a/include/qapi/qmp-output-visitor.h b/include/qapi/qmp-output-visitor.h
> index 2266770..5093f0d 100644
> --- a/include/qapi/qmp-output-visitor.h
> +++ b/include/qapi/qmp-output-visitor.h
> @@ -21,6 +21,7 @@ typedef struct QmpOutputVisitor QmpOutputVisitor;
>
>  QmpOutputVisitor *qmp_output_visitor_new(void);
>  void qmp_output_visitor_cleanup(QmpOutputVisitor *v);
> +void qmp_output_visitor_reset(QmpOutputVisitor *v);
>
>  QObject *qmp_output_get_qobject(QmpOutputVisitor *v);
>  Visitor *qmp_output_get_visitor(QmpOutputVisitor *v);
> diff --git a/include/qapi/visitor-impl.h b/include/qapi/visitor-impl.h
> index 95408a5..913f1b0 100644
> --- a/include/qapi/visitor-impl.h
> +++ b/include/qapi/visitor-impl.h
> @@ -75,8 +75,8 @@ struct Visitor
>       * visitors do not currently visit arbitrary types).  */
>      void (*type_any)(Visitor *v, const char *name, QObject **obj,
>                       Error **errp);
> -    /* Must be provided to visit explicit null values (right now, only the
> -     * dealloc and qmp-input visitors support this).  */
> +    /* Must be provided to visit explicit null values (the opts and string
> +     * visitors do not currently visit an explicit null).  */

Will need updating.

>      void (*type_null)(Visitor *v, const char *name, Error **errp);
>
>      /* May be NULL; most useful for input visitors. */
> diff --git a/qapi/qmp-output-visitor.c b/qapi/qmp-output-visitor.c
> index df22999..2eb200d 100644
> --- a/qapi/qmp-output-visitor.c
> +++ b/qapi/qmp-output-visitor.c
> @@ -1,6 +1,7 @@
>  /*
>   * Core Definitions for QAPI/QMP Command Registry
>   *
> + * Copyright (C) 2015-2016 Red Hat, Inc.
>   * Copyright IBM, Corp. 2011
>   *
>   * Authors:
> @@ -56,17 +57,15 @@ static void qmp_output_push_obj(QmpOutputVisitor *qov, QObject *value)
>      QTAILQ_INSERT_HEAD(&qov->stack, e, node);
>  }
>
> -/* Grab and remove the most recent QObject from the stack */
> -static QObject *qmp_output_pop(QmpOutputVisitor *qov)
> +/* Remove the most recent QObject with given type from the stack */
> +static void qmp_output_pop(QmpOutputVisitor *qov, QType type)
>  {
>      QStackEntry *e = QTAILQ_FIRST(&qov->stack);
> -    QObject *value;
>
>      assert(e);
>      QTAILQ_REMOVE(&qov->stack, e, node);
> -    value = e->value;
> +    assert(qobject_type(e->value) == type);
>      g_free(e);
> -    return value;
>  }
>
>
>  /* Grab the most recent QObject from the stack, if any */
> @@ -88,9 +87,8 @@ static void qmp_output_add_obj(QmpOutputVisitor *qov, const char *name,
>      cur = qmp_output_last(qov);
>
>      if (!cur) {
> -        /* FIXME we should require the user to reset the visitor, rather
> -         * than throwing away the previous root */
> -        qobject_decref(qov->root);
> +        /* Don't allow reuse of visitor on more than one root */
> +        assert(!qov->root);
>          qov->root = value;
>      } else {
>          switch (qobject_type(cur)) {
> @@ -99,6 +97,7 @@ static void qmp_output_add_obj(QmpOutputVisitor *qov, const char *name,
>              qdict_put_obj(qobject_to_qdict(cur), name, value);
>              break;
>          case QTYPE_QLIST:
> +            assert(!name);

Okay if we put "name must be null when visiting list elements" in the
contract.

However, I believe decent error messages will require a non-null name.

I'd specify "may be null" instead of "must be null", and drop the
assertion, because one, it's what the code actually needs, and two,
it'll be slightly less churn when we fix the error messages.

>              qlist_append_obj(qobject_to_qlist(cur), value);
>              break;
>          default:
> @@ -120,7 +119,7 @@ static void qmp_output_start_struct(Visitor *v, const char *name, void **obj,
>  static void qmp_output_end_struct(Visitor *v, Error **errp)
>  {
>      QmpOutputVisitor *qov = to_qov(v);
> -    qmp_output_pop(qov);
> +    qmp_output_pop(qov, QTYPE_QDICT);

Leave qmp_output_pop() unchanged, and do

    value = qmp_output_pop(qov);
    assert(qobject_type(value) == QTYPE_QLIST);

Likewise for the second caller.

Just as simple, and the thing called pop actually pops.

>  }
>
>  static void qmp_output_start_list(Visitor *v, const char *name, Error **errp)
> @@ -151,7 +150,7 @@ static GenericList *qmp_output_next_list(Visitor *v, GenericList **listp,
>  static void qmp_output_end_list(Visitor *v)
>  {
>      QmpOutputVisitor *qov = to_qov(v);
> -    qmp_output_pop(qov);
> +    qmp_output_pop(qov, QTYPE_QLIST);
>  }
>
>  static void qmp_output_type_int64(Visitor *v, const char *name, int64_t *obj,
> @@ -202,18 +201,22 @@ static void qmp_output_type_any(Visitor *v, const char *name, QObject **obj,
>      qmp_output_add_obj(qov, name, *obj);
>  }
>
> +static void qmp_output_type_null(Visitor *v, const char *name, Error **errp)
> +{
> +    QmpOutputVisitor *qov = to_qov(v);
> +    qmp_output_add_obj(qov, name, qnull());
> +}
> +
>  /* Finish building, and return the root object. Will not be NULL. */
>  QObject *qmp_output_get_qobject(QmpOutputVisitor *qov)
>  {
> -    /* FIXME: we should require that a visit occurred, and that it is
> -     * complete (no starts without a matching end) */
> -    QObject *obj = qov->root;
> -    if (obj) {
> -        qobject_incref(obj);
> -    } else {
> -        obj = qnull();
> -    }
> -    return obj;
> +    QObject *root;
> +
> +    assert(qov->root);              /* A visit must have occurred...  */
> +    assert(!qmp_output_last(qov));  /* ...with each start paired with end.  */

I figure QTAILQ_EMPTY(&qov->stack) would be more obvious.

Apropos QTAILQ: where I learned my trade, you got laughed out of the lab
for implementing such a stack with a dynamically allocated linked list.

> +    root = qov->root;
> +    qov->root = NULL;

This line arbitrarily restricts us to a single get.  Replace it by
qobject_incref(root), and qobject_decref(qmp_output_get_qobject(qov)) is
idempotent.  Idempotent is lovely.

> +    return root;
>  }
>
>  Visitor *qmp_output_get_visitor(QmpOutputVisitor *v)
> @@ -221,7 +224,7 @@ Visitor *qmp_output_get_visitor(QmpOutputVisitor *v)
>      return &v->visitor;
>  }
>
> -void qmp_output_visitor_cleanup(QmpOutputVisitor *v)
> +void qmp_output_visitor_reset(QmpOutputVisitor *v)
>  {
>      QStackEntry *e, *tmp;
>
> @@ -231,6 +234,12 @@ void qmp_output_visitor_cleanup(QmpOutputVisitor *v)
>      }
>
>      qobject_decref(v->root);
> +    v->root = NULL;
> +}
> +
> +void qmp_output_visitor_cleanup(QmpOutputVisitor *v)
> +{
> +    qmp_output_visitor_reset(v);
>      g_free(v);
>  }
>
> @@ -252,6 +261,7 @@ QmpOutputVisitor *qmp_output_visitor_new(void)
>      v->visitor.type_str = qmp_output_type_str;
>      v->visitor.type_number = qmp_output_type_number;
>      v->visitor.type_any = qmp_output_type_any;
> +    v->visitor.type_null = qmp_output_type_null;
>
>      QTAILQ_INIT(&v->stack);
>
> diff --git a/tests/test-qmp-output-visitor.c b/tests/test-qmp-output-visitor.c
> index 26dc752..74d0ac4 100644
> --- a/tests/test-qmp-output-visitor.c
> +++ b/tests/test-qmp-output-visitor.c
> @@ -260,6 +260,7 @@ static void test_visitor_out_struct_errors(TestOutputVisitorData *data,
>          visit_type_UserDefOne(data->ov, "unused", &pu, &err);
>          g_assert(err);
>          error_free(err);
> +        qmp_output_visitor_reset(data->qov);
>      }
>  }
>

That's the only spot that uses visitors for multiple roots?  I expected
worse...

> @@ -459,6 +460,7 @@ static void test_visitor_out_empty(TestOutputVisitorData *data,
>  {
>      QObject *arg;
>
> +    visit_type_null(data->ov, NULL, &error_abort);
>      arg = qmp_output_get_qobject(data->qov);
>      g_assert(qobject_type(arg) == QTYPE_QNULL);
>      /* Check that qnull reference counting is sane */

This isn't testing "empty" anymore.  Suggest to s/empty/null/.
diff mbox

Patch

diff --git a/include/qapi/qmp-output-visitor.h b/include/qapi/qmp-output-visitor.h
index 2266770..5093f0d 100644
--- a/include/qapi/qmp-output-visitor.h
+++ b/include/qapi/qmp-output-visitor.h
@@ -21,6 +21,7 @@  typedef struct QmpOutputVisitor QmpOutputVisitor;

 QmpOutputVisitor *qmp_output_visitor_new(void);
 void qmp_output_visitor_cleanup(QmpOutputVisitor *v);
+void qmp_output_visitor_reset(QmpOutputVisitor *v);

 QObject *qmp_output_get_qobject(QmpOutputVisitor *v);
 Visitor *qmp_output_get_visitor(QmpOutputVisitor *v);
diff --git a/include/qapi/visitor-impl.h b/include/qapi/visitor-impl.h
index 95408a5..913f1b0 100644
--- a/include/qapi/visitor-impl.h
+++ b/include/qapi/visitor-impl.h
@@ -75,8 +75,8 @@  struct Visitor
      * visitors do not currently visit arbitrary types).  */
     void (*type_any)(Visitor *v, const char *name, QObject **obj,
                      Error **errp);
-    /* Must be provided to visit explicit null values (right now, only the
-     * dealloc and qmp-input visitors support this).  */
+    /* Must be provided to visit explicit null values (the opts and string
+     * visitors do not currently visit an explicit null).  */
     void (*type_null)(Visitor *v, const char *name, Error **errp);

     /* May be NULL; most useful for input visitors. */
diff --git a/qapi/qmp-output-visitor.c b/qapi/qmp-output-visitor.c
index df22999..2eb200d 100644
--- a/qapi/qmp-output-visitor.c
+++ b/qapi/qmp-output-visitor.c
@@ -1,6 +1,7 @@ 
 /*
  * Core Definitions for QAPI/QMP Command Registry
  *
+ * Copyright (C) 2015-2016 Red Hat, Inc.
  * Copyright IBM, Corp. 2011
  *
  * Authors:
@@ -56,17 +57,15 @@  static void qmp_output_push_obj(QmpOutputVisitor *qov, QObject *value)
     QTAILQ_INSERT_HEAD(&qov->stack, e, node);
 }

-/* Grab and remove the most recent QObject from the stack */
-static QObject *qmp_output_pop(QmpOutputVisitor *qov)
+/* Remove the most recent QObject with given type from the stack */
+static void qmp_output_pop(QmpOutputVisitor *qov, QType type)
 {
     QStackEntry *e = QTAILQ_FIRST(&qov->stack);
-    QObject *value;

     assert(e);
     QTAILQ_REMOVE(&qov->stack, e, node);
-    value = e->value;
+    assert(qobject_type(e->value) == type);
     g_free(e);
-    return value;
 }

 /* Grab the most recent QObject from the stack, if any */
@@ -88,9 +87,8 @@  static void qmp_output_add_obj(QmpOutputVisitor *qov, const char *name,
     cur = qmp_output_last(qov);

     if (!cur) {
-        /* FIXME we should require the user to reset the visitor, rather
-         * than throwing away the previous root */
-        qobject_decref(qov->root);
+        /* Don't allow reuse of visitor on more than one root */
+        assert(!qov->root);
         qov->root = value;
     } else {
         switch (qobject_type(cur)) {
@@ -99,6 +97,7 @@  static void qmp_output_add_obj(QmpOutputVisitor *qov, const char *name,
             qdict_put_obj(qobject_to_qdict(cur), name, value);
             break;
         case QTYPE_QLIST:
+            assert(!name);
             qlist_append_obj(qobject_to_qlist(cur), value);
             break;
         default:
@@ -120,7 +119,7 @@  static void qmp_output_start_struct(Visitor *v, const char *name, void **obj,
 static void qmp_output_end_struct(Visitor *v, Error **errp)
 {
     QmpOutputVisitor *qov = to_qov(v);
-    qmp_output_pop(qov);
+    qmp_output_pop(qov, QTYPE_QDICT);
 }

 static void qmp_output_start_list(Visitor *v, const char *name, Error **errp)
@@ -151,7 +150,7 @@  static GenericList *qmp_output_next_list(Visitor *v, GenericList **listp,
 static void qmp_output_end_list(Visitor *v)
 {
     QmpOutputVisitor *qov = to_qov(v);
-    qmp_output_pop(qov);
+    qmp_output_pop(qov, QTYPE_QLIST);
 }

 static void qmp_output_type_int64(Visitor *v, const char *name, int64_t *obj,
@@ -202,18 +201,22 @@  static void qmp_output_type_any(Visitor *v, const char *name, QObject **obj,
     qmp_output_add_obj(qov, name, *obj);
 }

+static void qmp_output_type_null(Visitor *v, const char *name, Error **errp)
+{
+    QmpOutputVisitor *qov = to_qov(v);
+    qmp_output_add_obj(qov, name, qnull());
+}
+
 /* Finish building, and return the root object. Will not be NULL. */
 QObject *qmp_output_get_qobject(QmpOutputVisitor *qov)
 {
-    /* FIXME: we should require that a visit occurred, and that it is
-     * complete (no starts without a matching end) */
-    QObject *obj = qov->root;
-    if (obj) {
-        qobject_incref(obj);
-    } else {
-        obj = qnull();
-    }
-    return obj;
+    QObject *root;
+
+    assert(qov->root);              /* A visit must have occurred...  */
+    assert(!qmp_output_last(qov));  /* ...with each start paired with end.  */
+    root = qov->root;
+    qov->root = NULL;
+    return root;
 }

 Visitor *qmp_output_get_visitor(QmpOutputVisitor *v)
@@ -221,7 +224,7 @@  Visitor *qmp_output_get_visitor(QmpOutputVisitor *v)
     return &v->visitor;
 }

-void qmp_output_visitor_cleanup(QmpOutputVisitor *v)
+void qmp_output_visitor_reset(QmpOutputVisitor *v)
 {
     QStackEntry *e, *tmp;

@@ -231,6 +234,12 @@  void qmp_output_visitor_cleanup(QmpOutputVisitor *v)
     }

     qobject_decref(v->root);
+    v->root = NULL;
+}
+
+void qmp_output_visitor_cleanup(QmpOutputVisitor *v)
+{
+    qmp_output_visitor_reset(v);
     g_free(v);
 }

@@ -252,6 +261,7 @@  QmpOutputVisitor *qmp_output_visitor_new(void)
     v->visitor.type_str = qmp_output_type_str;
     v->visitor.type_number = qmp_output_type_number;
     v->visitor.type_any = qmp_output_type_any;
+    v->visitor.type_null = qmp_output_type_null;

     QTAILQ_INIT(&v->stack);

diff --git a/tests/test-qmp-output-visitor.c b/tests/test-qmp-output-visitor.c
index 26dc752..74d0ac4 100644
--- a/tests/test-qmp-output-visitor.c
+++ b/tests/test-qmp-output-visitor.c
@@ -260,6 +260,7 @@  static void test_visitor_out_struct_errors(TestOutputVisitorData *data,
         visit_type_UserDefOne(data->ov, "unused", &pu, &err);
         g_assert(err);
         error_free(err);
+        qmp_output_visitor_reset(data->qov);
     }
 }

@@ -459,6 +460,7 @@  static void test_visitor_out_empty(TestOutputVisitorData *data,
 {
     QObject *arg;

+    visit_type_null(data->ov, NULL, &error_abort);
     arg = qmp_output_get_qobject(data->qov);
     g_assert(qobject_type(arg) == QTYPE_QNULL);
     /* Check that qnull reference counting is sane */