[RFC] Making talloc_reference() safer.

Rusty Russell rusty at rustcorp.com.au
Mon Oct 24 19:03:47 MDT 2011 

On Mon, 24 Oct 2011 17:50:38 +1100, ronnie sahlberg <ronniesahlberg at gmail.com> wrote:
> > Also add a warning for talloc_parent() and talloc_parent_name().
> 
> Why just a warning and not a run time error?
> I think it is almost always a mistake when mixing single-parent
> hierarical allocations with a multi-parent graph allocation.
> But this is a step in the right direction.

Indeed.  I have an implementation (ccan/talloc_link), entirely outside
talloc.  You explicitly bless a NULL-parented object with
"talloc_linked(ctx, newobj)", then you can "talloc_link(ctx, obj)" and
"talloc_delink(ctx, linked)".

But it's sub-optimal because talloc knows nothing about it:
1) talloc_parent() and talloc_steal() still "work".  Oops.
2) talloc_report et. al don't show the references.

And I agree on aborting for new projects, but not for SAMBA.  Another
global flag I think...

> The name of this "talloc_may_reference()" could be changed to
> something more explicit, but I dont know exactly what it would be
> called.
> Maybe rename it to "talloc_make_referenced_ptr()"  to indicate that
> what it does is not really
> just changing it so that you can, if you want, create references,
> but instead indiate more clearly that you MAKE some change to this
> object  that hcanges the semantics of it from hereon and forward.

talloc_referencable()?

> Even better I think would be if you had a new set of creator functions
>  where you could set the "no longer hierarical, now its multi-parent
> referenced" already from the initial creation. That would be even
> better imho  to force the choice of api at object creation time and
> not create it as ahierarical object and then later "upgrade" it to a
> different model.

I actually like this, though there are 6 variants we'd have to code
(single, array, size, then zeroing variants of each).

If we're going to rip apart the API, I'd like to separate it into
talloc_ref.h, too.

talloc_ref(), talloc_array_ref(), etc?  Then talloc_add_ref(),
talloc_del_ref()?

Too much?
Rusty.

More information about the samba-technical mailing list