RE: [Xen-devel] [PATCH] Pointer should be checked before use

[Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>]

Yang, Xiaowei writes ("RE: [Xen-devel] [PATCH] Pointer should be checked before 
use"):
> That may be better for debug tracking to let the caller process
> segfault:). However, IMO as a function it's almost always a good
> practice to check the parameters' validation before using it. Returning
> an error if the caller passes invalid arguments is a more normal
> behavior than directly letting the process be killed due to no argument
> check. It may be too strict.

I disagree most strongly.  In C, anyone calling a function must
conform to its interface to avoid programs crashing (or even doing
worse things).

Turning null pointers on input, where they are not permitted, to null
pointers on output or to error codes, just postpones the problem -
after all the caller is probably expecting a null pointer back.  So
the program is going to crash or malfunction anyway.

Even disregarding the fact that debugging the problem is much easier
if the crash happens right away, it is far better to kill it sooner
before it does any damage.

(Typically people who write code which checks for error returns also
avoid passing bogus arguments in the first place.)

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel