[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: [PATCH] shrink last_char_is function even more
From: Didier Kryn <kryn () in2p3 ! fr>
Date: 2020-07-21 6:27:53
Message-ID: 875d26c9-68f4-d5a5-2960-f4edf6200484 () in2p3 ! fr
[Download RAW message or body]
Le 20/07/2020 à 09:22, Laurent Bercot a écrit :
> When writing and using a function that takes pointers, a C programmer
> should always be very aware of the kind of pointer the function expects.
> It is a programming error to pass NULL to a function expecting a pointer
> that cannot be NULL, and that error should be caught as early as
> possible. The nonnull attribute helps detect it at compile time. And
> at run time, if the function gets NULL, it should crash, as loudly as
> possible, in order for the bug to be fixed.
>
> Checking for NULL "just in case" is defensive programming, which is
> very bad. It means the programmer does not know exactly what the
> function contracts are: it would be better named "sloppy programming".
> Please don't do this.
There are two moments the error can be caught: at compile time, if
the compiler can determine wether the pointer is null or not, or at run
time if the previous is impossible. In the second case, the compiler
should insert the defensive code by itself into the caller. It is always
safer and more readable to establish this kind of contract and let the
compiler take care of the defense.
This kind of contract exists in other languages but I can't remember
it in C. Is a non-null pointer a novelty of the C language or a gcc
extension?
Didier
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic