Use after talloc_free...

[Rusty Russell]

On Thu, 12 Nov 2009 02:08:10 pm simo wrote:
> On Thu, 2009-11-12 at 12:28 +1030, Rusty Russell wrote:
> > See previous mail detailing my reservations about NULL-ing and implicit
> > arg modifying tho...
> 
> What's wrong with "implicit" arg modifying ?

In C, fn(x) can't modify x.  If it does, it's a hell of a surprise to the
reader.  That's why TALLOC_FREE has to shout that it's a macro, but it's
still a poor warning that magic is happening.

> I mean that's the only reason to use TALLOC_FREE(), it's not like you
> are going to be confused about that, or are you ?

*I* know it, but what about everyone else reading talloc-using code?
(Hopefully, that will be most hackers in the universe RSN ;)

And I think *everyone* should be using the safer variant of free (whatever
it's called) for it to be effective.  It should be clear that it's preferred,
and TALLOC_FREE is ugly.

If we were doing talloc from scratch, we should make talloc_free() destroy
its arg and have some lesser variant for where that's not possible.

We could be daring and call the new variant tfree()?
Rusty.