From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [PATCH for-4.6 12/13] tools/ocaml: call
 libxl_dominfo_{init, dispose} in stub
Date: Thu, 23 Jul 2015 11:00:05 +0100
Message-ID: <55B0BB25.7030600@citrix.com>
References: <1437638354-14216-1-git-send-email-wei.liu2@citrix.com>
	<1437638354-14216-13-git-send-email-wei.liu2@citrix.com>
	<55B0A6AC.2000903@citrix.com> <1437645310.19412.87.camel@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <prvs=6398be52a=Andrew.Cooper3@citrix.com>)
	id 1ZIDXV-0004qZ-Lu
	for xen-devel@lists.xenproject.org; Thu, 23 Jul 2015 10:15:45 +0000
In-Reply-To: <1437645310.19412.87.camel@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Ian Campbell <ian.campbell@citrix.com>, Wei Liu <wei.liu2@citrix.com>, Xen-devel <xen-devel@lists.xenproject.org>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>, David Scott <dave.scott@eu.citrix.com>
List-Id: xen-devel@lists.xenproject.org

On 23/07/15 10:55, Ian Campbell wrote:
> On Thu, 2015-07-23 at 09:32 +0100, Andrew Cooper wrote:
>> On 23/07/2015 08:59, Wei Liu wrote:
>>> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
>>> ---
>>> Cc: David Scott <dave.scott@eu.citrix.com>
>>>
>>> As far as I can tell, all Val_$foo function does deep-copy, so we 
>>> can
>>> safely call dispose in said function.
>> Sadly this is insufficient.  failwith_xl() longjump()s back into the
>> ocaml runtime, which ends up leaking any allocations made for 
>> dominfo.
>>
>> This is a systemic problem with the Ocaml bindings and I have a 
>> proposed
>> solution but it involves rewriting quite a lot of this code and is
>> definitely not 4.6 material.
> Is it not sufficient to treat failwith_xl as a longjump statement (or
> any sort of "return-y" thing), which would simply necessitate doing the
> cleanup before calling it?
>
> Perhaps Coverity could model it as such and would therefore warn about
> the dead code being added here?
>

Part of my Ocaml series is to properly mark failwith_xl() as a Noreturn
function.  Currently as far as the compiler and Coverity can tell,
failwith_xl() may return normally.

While it is possible to rearrange this code to avoid leaking in the ret
!= 0 case, it is not possible to rearrange it to avoid leaking if
Val_dominfo() uses failwith_xl()/caml_out_of_memory() itself.

The solution I have in mind is to wrap all libxl IDL objects in Ocaml
Custom blocks, which allows the Ocaml runtime to garbage collect them.

~Andrew