[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] [PATCH] Pointer should be checked before use

Yang, Xiaowei writes ("RE: [Xen-devel] [PATCH] Pointer should be checked before 
> That may be better for debug tracking to let the caller process
> segfault:). However, IMO as a function it's almost always a good
> practice to check the parameters' validation before using it. Returning
> an error if the caller passes invalid arguments is a more normal
> behavior than directly letting the process be killed due to no argument
> check. It may be too strict.

I disagree most strongly.  In C, anyone calling a function must
conform to its interface to avoid programs crashing (or even doing
worse things).

Turning null pointers on input, where they are not permitted, to null
pointers on output or to error codes, just postpones the problem -
after all the caller is probably expecting a null pointer back.  So
the program is going to crash or malfunction anyway.

Even disregarding the fact that debugging the problem is much easier
if the crash happens right away, it is far better to kill it sooner
before it does any damage.

(Typically people who write code which checks for error returns also
avoid passing bogus arguments in the first place.)


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.