[PATCH] shrink last_char_is function even more

Didier Kryn kryn at in2p3.fr
Tue Jul 21 06:27:53 UTC 2020


Le 20/07/2020 à 09:22, Laurent Bercot a écrit :
>  When writing and using a function that takes pointers, a C programmer
> should always be very aware of the kind of pointer the function expects.
> It is a programming error to pass NULL to a function expecting a pointer
> that cannot be NULL, and that error should be caught as early as
> possible. The nonnull attribute helps detect it at compile time. And
> at run time, if the function gets NULL, it should crash, as loudly as
> possible, in order for the bug to be fixed.
>
>  Checking for NULL "just in case" is defensive programming, which is
> very bad. It means the programmer does not know exactly what the
> function contracts are: it would be better named "sloppy programming".
> Please don't do this.

    There are two moments the error can be caught: at compile time, if
the compiler can determine wether the pointer is null or not, or at run
time if the previous is impossible. In the second case, the compiler
should insert the defensive code by itself into the caller. It is always
safer and more readable to establish this kind of contract and let the
compiler take care of the defense.

    This kind of contract exists in other languages but I can't remember
it in C. Is a non-null pointer a novelty of the C language or a gcc
extension?

    Didier




More information about the busybox mailing list