Re: Proposal: kmem_valloc [was: Re: raspberry pi panic 7.0_BETA after install fs resize]

[Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>]

Maxime Villard <max%M00nBSD.net@localhost> wrote:
> Hi,
> there's something terribly sad with the kmem API: kmem_free takes
> a size argument. It has I think two major drawbacks:
> 
> <...>
> 
> Here is a patch which implements kmem_valloc.
> 
> Comments?

I object to such addition; others already explained various aspects of
this (it is not the first time we debate kmem(9) either), but one thing
which might be worth to add: the underlying problem is also a lack of
testing or at least double checking the error paths; they have a known
attraction to bugs.  You can have a missing mutex_exit() there and it
is not something you can solve with a different API.  However, we have
sufficient means to detects these kind of bugs (DIAGNOSTIC, LOCKDEBUG).

Another point: while defensive programming has certain merits, it also
has very important drawback - it breaks the assumptions and decreases
code clarity.  Supporting malloc(NULL) or free(NULL) is an example of
that since it introduces the ambiguity about the life cycle or validity
of your pointer/object/whatever.  It may also hide such bugs as double
free if the pointer gets set to NULL after the first destruction (or it
may free the wrong object and/or lead to memory corruptions).

-- 
Mindaugas