[Qemu-devel] [PATCH 3/4] docs: document use of automatic cleanup functions in glib

From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Alex Bennée" <alex.bennee@linaro.org>,
	"Daniel P. Berrangé" <berrange@redhat.com>
Subject: [Qemu-devel] [PATCH 3/4] docs: document use of automatic cleanup functions in glib
Date: Fri, 23 Aug 2019 17:39:30 +0100	[thread overview]
Message-ID: <20190823163931.7442-4-berrange@redhat.com> (raw)
In-Reply-To: <20190823163931.7442-1-berrange@redhat.com>

Document the use of g_autofree and g_autoptr in glib for automatic
freeing of memory, or other resource cleanup (eg mutex unlocking).

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 CODING_STYLE.md | 101 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 101 insertions(+)

diff --git a/CODING_STYLE.md b/CODING_STYLE.md
index 9f4fc9dc77..f37b6c2d01 100644
--- a/CODING_STYLE.md
+++ b/CODING_STYLE.md
@@ -479,3 +479,104 @@ terminate QEMU.
 
 Note that &error_fatal is just another way to exit(1), and &error_abort
 is just another way to abort().
+
+
+## Automatic memory deallocation
+
+QEMU has a mandatory dependency either the GCC or CLang compiler. As
+such it has the freedom to make use of a C language extension for
+automatically running a cleanup function when a stack variable goes
+out of scope. This can be used to simplify function cleanup paths,
+often allowing many goto jumps to be eliminated, through automatic
+free'ing of memory.
+
+The GLib2 library provides a number of functions/macros for enabling
+automatic cleanup:
+
+ https://developer.gnome.org/glib/stable/glib-Miscellaneous-Macros.html
+
+Most notably:
+
+ - g_autofree - will invoke g_free() on the variable going out of scope
+
+ - g_autoptr - for structs / objects, will invoke the cleanup func created
+               by a previous use of G_DEFINE_AUTOPTR_CLEANUP_FUNC. This is
+               supported for most GLib data types and GObjects
+
+For example, instead of
+
+    int somefunc(void) {
+        int ret = -1;
+        char *foo = g_strdup_printf("foo%", "wibble");
+        GList *bar = .....
+
+        if (eek) {
+           goto cleanup;
+        }
+
+        ret = 0;
+
+      cleanup:
+        g_free(foo);
+        g_list_free(bar);
+        return ret;
+    }
+
+Using g_autofree/g_autoptr enables the code to be written as:
+
+    int somefunc(void) {
+        g_autofree char *foo = g_strdup_printf("foo%", "wibble");
+        g_autoptr (GList) bar = .....
+
+        if (eek) {
+           return -1;
+        }
+
+        return 0;
+    }
+
+While this generally results in simpler, less leak-prone code, there
+are still some caveats to beware of
+
+ * Variables declared with g_auto* MUST always be initialized,
+   otherwise the cleanup function will use uninitialized stack memory
+
+ * If a variable declared with g_auto* holds a value which must
+   live beyond the life of the function, that value must be saved
+   and the original variable NULL'd out. This can be simpler using
+   g_steal_pointer
+
+
+    char *somefunc(void) {
+        g_autofree char *foo = g_strdup_printf("foo%", "wibble");
+        g_autoptr (GList) bar = .....
+
+        if (eek) {
+           return NULL;
+        }
+
+        return g_steal_pointer(&foo);
+    }
+
+The cleanup functions are not restricted to simply free'ing memory. The
+GMutexLocker class is a variant of GMutex that has automatic locking and
+unlocking at start and end of the enclosing scope
+
+In the following example, the `lock` in `MyObj` will be held for the
+precise duration of the `somefunc` function
+
+    typedef struct {
+        GMutex lock;
+    } MyObj;
+
+    char *somefunc(MyObj *obj) {
+        g_autofree GMutexLocker *locker = g_mutex_locker_new(&obj->lock)
+        g_autofree char *foo = g_strdup_printf("foo%", "wibble");
+        g_autoptr (GList) bar = .....
+
+        if (eek) {
+           return NULL;
+        }
+
+        return g_steal_pointer(&foo);
+    }
-- 
2.21.0


