hmm.. Re: talloc issues

Sam Liddicott sam at
Tue Aug 4 07:46:20 MDT 2009

* Rusty Russell wrote, On 04/08/09 02:20:
> On Fri, 31 Jul 2009 05:44:13 pm Sam Liddicott wrote:
>> ..and talloc is the easiest way to reference count - you don't have to
>> change your structs for a start, and you don't have to port to C++ either.
> I disagree.  To repeat myself, everyone needs to know you're using references,
> even independent code, so they don't simply talloc_free() something.

for sure; but if "something" is going to talloc_free(), even independent
code, then it takes ownership.

The caller shouldn't call if it can't cope with the defined actions.

The same rule applies if independent code calls free(), it's nothing to
do with talloc.

Calling talloc_free() secretly/unpredictably without declaring to take
ownership causes trouble, but no more than doing so with free()

> Back to code.  Imagine a previous version of upcache which didn't cache:
> 	const char *get_upcase(const char *str)
> 	{
> 		char *ret = talloc_strdup(NULL, str);
> 		if (ret) {
> 			unsigned int i;
> 			for (i = 0; ret[i]; i++)
> 				ret[i] = toupper(ret[i]);
> 		}
> 		return ret;
> 	}
> When we added caching, we now need to make sure noone talloc_free()'s this.

It certainly illustrates the fundamental API change that took place and
the pain associated with it. (And likewise the pain of samba4).

> Tridge's "ban talloc_free" did this at runtime.  I think there's scope to
> argue that this code should be changed completely to break at compile time
> instead, (ie. return a "struct upcase" which is a real talloc object, and
> does the string refcounting internally in the destructor).

Or maybe to be generic with "struct smartptr" (except in C it would be a
dumb pointer).

I like that idea somewhat; accompanied by some friendly macros

struct type##_ptr { \
  type *ptr; \

#define TALLOC_DEREFERENCE(talloc_ptr) (talloc_ptr)->ptr

It certainly makes clear if you are dealing with a reference or the real
thing. And a reference could be promoted between weak and strong; weak
has the ptr member nulled out when the pointer goes away and strong
stops it going away.


More information about the samba-technical mailing list