ansaurus

Question

Answer 1

+7 A:

Using goto to go to a common error handler/cleanup/exit sequence is absolutely fine.

GSerg 2009-03-31 08:59:25

I would leave out the macros, however. Your programmer eyes are trained for if()s. Those macros appear comparatively rarely, and are therefore so much harder to read.

Carl Seleborg 2009-03-31 14:07:52

Answer 2

+7 A:

This code:

void func()
{
   char* p1 = malloc(16);
   if( !p1 )
      goto cleanup;

   char* p2 = malloc(16);
   if( !p2 )
      goto cleanup;

 cleanup:

   if( p1 )
      free(p1);

   if( p2 )
      free(p2);
}

can be legally written as:

void func()
{
   char* p1 = malloc(16);
   char* p2 = malloc(16);

    free(p1);
    free(p2);
}

whether or not the memory allocations succeed.

This works because free() does nothing if passed a NULL pointer. You can use the same idiom when designing your own APIs to allocate and free other resources:

// return handle to new Foo resource, or 0 if allocation failed
FOO_HANDLE AllocFoo();

// release Foo indicated by handle, - do nothing if handle is 0
void ReleaseFoo( FOO_HANDLE h );

Designing APIs like this can considerably simplify resource management.

anon 2009-03-31 09:01:50

Yes, sorry, I forgot some code. Updated the question.

sharkin 2009-03-31 09:08:29

It is malloc specific however, what about calling other resource allocating functions ? I did not knew it however, thanks

shodanex 2009-03-31 09:09:51

Wrong, that code is C99 specific.

sharkin 2009-03-31 12:37:57

Only because of variable placement, by that metric so was the original code... Its just an example anyways.

Greg Rogers 2009-03-31 13:36:55

@Neil: Interesting point, but I'm with shodanex -- in general, you need a strategy for handling other types of resource deallocation.

j_random_hacker 2009-03-31 13:56:05

@RA If my code is C99 specific, so is yours - what's your point?

anon 2009-03-31 13:58:08

anon 2009-03-31 13:59:34

@Neil: free(0) is only ok in C99.

sharkin 2009-04-01 09:04:05

RA - wrong, it is part of C89

anon 2009-04-01 09:12:30

@Neil: Fair enough, it looks to be quite a handy pattern. Could you suggest this in the main post? Thanks. +1.

j_random_hacker 2009-04-01 09:47:17

@Neil: After some reading I find that you are right. Sorry for that, usually I know better than relying on unsourced information.

sharkin 2009-04-01 11:53:06

Answer 3

+1 A:

The first example looks much more readable to me than the macroised version. And mouviciel said it much better than I did

shodanex 2009-03-31 09:02:48

Answer 4

+3 A:

Cleanup with goto is a common C idiom and is used in Linux kernel*.

*Perhaps Linus' opinion is not the best example of a good argument, but it does show goto being used in a relatively large scale project.

Alex B 2009-03-31 09:08:52

Answer 5

+8 A:

Error handling is one of the rare situations when goto is not so bad.

But if I had to maintain that code I would be very upset that goto are hidden by macros.

So in this case goto is OK for me but not macros.

mouviciel 2009-03-31 09:11:18

error handling shouldn't be a rare situation :P

quinmars 2009-03-31 12:49:03

the rare situation is not "error handling", it is "goto usage".

mouviciel 2009-03-31 13:03:59

I do not mind using goto within a macro and do so from time to time, BUT hiding the label jumped to inside the macro is an absolute no-no. I.e. not ok: "#define CHECK_RESULT(res) if (res == 0) goto cleanup;", ok: "#define CHECK_RESULT(res, label) if (res == 0) goto label;". This way the you can understand that the macro jumps (e.g. "res = something(); CHECK_RESULT(res, cleanup); ... cleanup: ...").

hlovdal 2009-05-30 22:10:39

Answer 6

+3 A:

If the first malloc fails you then cleanup both p1 and p2. Due to the goto, p2 is not initialised and may point to anything. I ran this quickly with gcc to check and attempting to free(p2) would indeed cause a seg fault.

In your last example the variables are scoped inside the braces (i.e. they only exist in the FAIL_SECTION_BEGIN block).

Assuming the code works without the braces you'd still have to initialise all the pointers to NULL before FAIL_SECTION_BEGIN to avoid seg faulting.

I have nothing against goto and macros but I prefer Neil Butterworth's idea..

void func(void)
{
    void *p1 = malloc(16);
    void *p2 = malloc(16);
    void *p3 = malloc(16);

    if (!p1 || !p2 || !p3) goto cleanup;

    /* ... */

cleanup:
    if (p1) free(p1);
    if (p2) free(p2);
    if (p3) free(p3);
}

Or if it's more appropriate..

void func(void)
{
    void *p1 = NULL;
    void *p2 = NULL;
    void *p3 = NULL;

    p1 = malloc(16);
    if (!p1) goto cleanup;

    p2 = malloc(16);
    if (!p2) goto cleanup;

    p3 = malloc(16);
    if (!p3) goto cleanup;

    /* ... */

cleanup:
    if (p1) free(p1);
    if (p2) free(p2);
    if (p3) free(p3);
}

Martin Fido 2009-03-31 13:21:41

+1. Good point about playing with variables that "don't exist yet" in the cleanup section.

j_random_hacker 2009-03-31 13:58:15

Naturally that is a typo, and obviously I haven't tried to compile it (pointers would be unusable in the exit section). Obviously such details are really really not the essence of the question at hand.

sharkin 2009-04-01 09:08:41

@R.A: No they aren't the essence, but they obfuscate the point you're trying to make. When you post code snippets, it's simple courtesy to make sure they compile and work as intended.

j_random_hacker 2009-04-01 09:44:13

Answer 7

+2 A:

The original code would benefit from using multiple return statements - there is no need to hop around the error return clean up code. Plus, you normally need the allocated space released on an ordinary return too - otherwise you are leaking memory. And you can rewrite the example without goto if you are careful. This is a case where you can usefully declare variables before otherwise necessary:

void func()
{
    char *p1 = 0;
    char *p2 = 0;
    char *p3 = 0;

    if ((p1 = malloc(16)) != 0 &&
        (p2 = malloc(16)) != 0 &&
        (p3 = malloc(16)) != 0)
    {
        // Use p1, p2, p3 ...
    }
    free(p1);
    free(p2);
    free(p3);
}

When there are non-trivial amounts of work after each allocation operation, then you can use a label before the first of the free() operations, and a goto is OK - error handling is the main reason for using goto these days, and anything much else is somewhat dubious.

I look after some code which does have macros with embedded goto statements. It is confusing on first encounter to see a label that is 'unreferenced' by the visible code, yet that cannot be removed. I prefer to avoid such practices. Macros are OK when I don't need to know what they do - they just do it. Macros are not so OK when you have to know what they expand to to use them accurately. If they don't hide information from me, they are more of a nuisance than a help.

Illustration - names disguised to protect the guilty:

#define rerrcheck if (currval != &localval && globvar->currtub &&          \
                    globvar->currtub->te_flags & TE_ABORT)                 \
                    { if (globvar->currtub->te_state)                      \
                         globvar->currtub->te_state->ts_flags |= TS_FAILED;\
                      else                                                 \
                         delete_tub_name(globvar->currtub->te_name);       \
                      goto failure;                                        \
                    }


#define rgetunsigned(b) {if (_iincnt>=2)  \
                           {_iinptr+=2;_iincnt-=2;b = ldunsigned(_iinptr-2);} \
                         else {b = _igetunsigned(); rerrcheck}}

There are several dozen variants on rgetunsigned() that are somewhat similar - different sizes and different loader functions.

One place where these are used contains this loop - in a larger block of code in a single case of a large switch with some small and some big blocks of code (not particularly well structured):

        for (i = 0 ; i < no_of_rows; i++)
            {
            row_t *tmprow = &val->v_coll.cl_typeinfo->clt_rows[i];

            rgetint(tmprow->seqno);
            rgetint(tmprow->level_no);
            rgetint(tmprow->parent_no);
            rgetint(tmprow->fieldnmlen);
            rgetpbuf(tmprow->fieldname, IDENTSIZE);
            rgetint(tmprow->field_no);
            rgetint(tmprow->type);
            rgetint(tmprow->length);
            rgetlong(tmprow->xid);
            rgetint(tmprow->flags);
            rgetint(tmprow->xtype_nm_len);
            rgetpbuf(tmprow->xtype_name, IDENTSIZE);
            rgetint(tmprow->xtype_owner_len);
            rgetpbuf(tmprow->xtype_owner_name, IDENTSIZE);
            rgetpbuf(tmprow->xtype_owner_name,
                     tmprow->xtype_owner_len);
            rgetint(tmprow->alignment);
            rgetlong(tmprow->sourcetype);
            }

It isn't obvious that the code there is laced with goto statements! And clearly, a full exegesis of the sins of the code it comes from would take all day - they are many and varied.

Jonathan Leffler 2009-03-31 13:31:07

Answer 8

A:

#define malloc_or_die(size) if(malloc(size) == NULL) exit(1)

It's not like you can really recover from failed malloc's unless you have software worth writing a transaction system for, if you do, add roll back code to malloc_or_die.

For a real example of good use of goto, check out parsing dispatch code that use computed goto.

nelix 2009-04-23 03:31:34

I wish you could post a link to some more info about "computed goto". Sounds interesting. -1 for your opinion about memory allocation failure.

sharkin 2009-04-23 06:58:50

From the pulseaudio maintainer: "On modern systems it has become pretty clear that for normal userspace software only an aborting malloc() makes sense [...]" http://article.gmane.org/gmane.comp.audio.jackit/19998

CesarB 2009-11-24 13:00:06

ansaurus

tags:

views:

answers:

Flow controlling macros with 'goto'

related questions