[PATCH] shrink last_char_is function even more

Laurent Bercot ska-dietlibc at skarnet.org
Mon Jul 20 07:22:12 UTC 2020

>The param should be marked with the nonnull attribute, just like the
>libc string functions. Then the compiler will warn you if you try to
>pass NULL (may need higher optimization, warning levels, or the
>analyzer mode in complex cases).


  A function that takes a pointer that *cannot* be NULL, and a function
that takes a pointer that *may* be NULL, are not the same thing at all.
  This is one of the main reasons while a lot of people find C pointers
difficult: a pointer can be used for two very different things, namely
unconditionally representing an object (passing it by address), or
representing the *possibility* of an object. In ocaml, the former would
would be typed "'a ref", and the latter "'a ref option", and those are
*not the same type*.

  When writing and using a function that takes pointers, a C programmer
should always be very aware of the kind of pointer the function expects.
It is a programming error to pass NULL to a function expecting a pointer
that cannot be NULL, and that error should be caught as early as
possible. The nonnull attribute helps detect it at compile time. And
at run time, if the function gets NULL, it should crash, as loudly as
possible, in order for the bug to be fixed.

  Checking for NULL "just in case" is defensive programming, which is
very bad. It means the programmer does not know exactly what the
function contracts are: it would be better named "sloppy programming".
Please don't do this.


More information about the busybox mailing list