Stephan Wilms writes: >In detail: I would reqrite the first example like this: > /* Sensible comment about what get's allocated. */ > if ( to == NULL ) > { > to = malloc( sizeof *to); > if ( to == NULL ) return NULL; > } I would be rather unhappy at _any_ of these being common in my C code. One thing I would very much like to have in C is a '* __nonnull__' form. One thing I love about LC-Lint is that it distinguishes between sometype *p; /* p should not be null */ sometype */*@null@*/ q; /* q may or may not be null */ The reason that I dislike the C fragment above is that when you are forced to do manual memory management, you have to be absolutely clear about who `owns' a dynamically allocated object and who doesn't. This fragment muddies that up. If you could specify in the interface that to _couldn't_ be NULL on entry, then you wouldn't have to patch around the problem at run time. By the way, I regard this as a defect in Ada as well. Ada was supposed to allow for garbage collection, but with the exception of a couple of recent Ada->JVM compilers, this hasn't happened. Since you _do_ have to do manual memory management in practice, it is a pity that the language doesn't provide more compile-time help for getting it right. Perhaps Ada 2007 could borrow a few ideas from LC-Lint. -- John �neas Byron O'Keefe; 1921/02/04-1997/09/27; TLG,TLTA,BBTNOTL. Richard A. O'Keefe; RMIT Comp.Sci; http://www.cs.rmit.edu.au/%7Eok