From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_00,INVALID_MSGID, PP_MIME_FAKE_ASCII_TEXT autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII X-Google-Thread: 1014db,4c42ac518eba0bbe X-Google-Attributes: gid1014db,public X-Google-Thread: 103376,4c42ac518eba0bbe X-Google-Attributes: gid103376,public X-Google-Thread: 109fba,4c42ac518eba0bbe X-Google-Attributes: gid109fba,public From: ok@goanna.cs.rmit.edu.au (Richard A. O'Keefe) Subject: Re: Coding for Obscurity Date: 1997/11/24 Message-ID: <65b6ns$kok$1@goanna.cs.rmit.edu.au>#1/1 X-Deja-AN: 292064560 References: <343fbb5a.0@news.iprolink.ch> <34466EB4.3381@dynamite.com.au> <6275dt$agm$3@news.on> <344BCED0.2D51@dynamite.com.au> <62tpap$7gh$1@darla.visi.com> <3470EF6E.F74@lysator.liu.se> <64qsf0$ccc@dfw-ixnews11.ix.netcom.com> <3474BF28.2F9F@dynamite.com.au> <34741AAF.1C7@CWA.de> Organization: Comp Sci, RMIT University, Melbourne, Australia. NNTP-Posting-User: ok Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++ Date: 1997-11-24T00:00:00+00:00 List-Id: Stephan Wilms writes: >In detail: I would reqrite the first example like this: > /* Sensible comment about what get's allocated. */ > if ( to == NULL ) > { > to = malloc( sizeof *to); > if ( to == NULL ) return NULL; > } I would be rather unhappy at _any_ of these being common in my C code. One thing I would very much like to have in C is a '* __nonnull__' form. One thing I love about LC-Lint is that it distinguishes between sometype *p; /* p should not be null */ sometype */*@null@*/ q; /* q may or may not be null */ The reason that I dislike the C fragment above is that when you are forced to do manual memory management, you have to be absolutely clear about who `owns' a dynamically allocated object and who doesn't. This fragment muddies that up. If you could specify in the interface that to _couldn't_ be NULL on entry, then you wouldn't have to patch around the problem at run time. By the way, I regard this as a defect in Ada as well. Ada was supposed to allow for garbage collection, but with the exception of a couple of recent Ada->JVM compilers, this hasn't happened. Since you _do_ have to do manual memory management in practice, it is a pity that the language doesn't provide more compile-time help for getting it right. Perhaps Ada 2007 could borrow a few ideas from LC-Lint. -- John �neas Byron O'Keefe; 1921/02/04-1997/09/27; TLG,TLTA,BBTNOTL. Richard A. O'Keefe; RMIT Comp.Sci; http://www.cs.rmit.edu.au/%7Eok