On Tue, 2006-02-14 at 10:14 -0800, Garrett Rooney wrote:
> On 2/14/06, Julian Foad <julianfoad@btopenworld.com> wrote:
>
> > > That obviously means we can't use assert to check function arguments,
> >
> > Not true. If one accepts that "assert" is allowed at all, it's perfectly valid
> > to check arguments of private functions because we know all the callers and
> > what they can do. As for public APIs, that's partly what the debate is about,> and the answer is far from obvious.
>
> That's not exactly true either. We've had (for as long as I can
> remember) a policy that we don't explicitly check for valid arguments
> to ANY API calls, if a caller passes us bogus data (i.e. a NULL
> pointer to a function defined to not take NULL pointers, etc) we
> crash, with the end result being that these sort of problems are
> usually found quickly and fixed. There's no real difference between
> enforcing such things via an assert and enforcing them via the fact
> that we dereference a NULL pointer a few lines later.
Dereferncing NULL doesn't crash on some platforms. It will just give
you back NULL.
AIX is one of them, for example.
Relying on this to crash is a bad idea.
(This is done for optimization purposes, it lets you move null checks
around without working that they will trap :P)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Feb 16 05:04:40 2006