Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connectionsPath: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: David Brown Newsgroups: comp.lang.c Subject: Re: Code guidelines Date: Wed, 4 Sep 2024 12:47:30 +0200 Organization: A noiseless patient Spider Lines: 36 Message-ID: References: <87y147zxve.fsf@nosuchdomain.example.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Wed, 04 Sep 2024 12:47:31 +0200 (CEST) Injection-Info: dont-email.me; posting-host="0366692407b62e2f3ab0bc1ba1697c81"; logging-data="4007202"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX186FKVB4hNFg/zrOUB7NL8Y1DyktPkN/Fw=" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Cancel-Lock: sha1:eGOXHaLt7wgOkGCbB23jm8DncI4= Content-Language: en-GB In-Reply-To: <87y147zxve.fsf@nosuchdomain.example.com> Bytes: 2800 On 04/09/2024 09:22, Keith Thompson wrote: > David Brown writes: > [...] >> Before you put any check in code, think about the circumstances in >> which it could fail. If there are no circumstances, it is redundant >> and counter-productive. > [...] > > One thing to consider is that if a check can never actually fail the > recovery code *cannot be tested* (and you can't get 100% code coverage). > > p = NULL; // assume p is not volatile > if (p != NULL) { > do_something(); // can never execute this > } > > Of course not all such cases are so easily detectible ( > I wrote "in almost all cases, it is never tested" - but as you say, in some cases it /cannot/ ever be tested because the test conditions can never be triggered. I think, however, that "could be tested, but is not tested" is worse. I've seen cases of code that has been put in for extra checks "just to make sure" that had not been tested, and caused more trouble. One case I remember was some extra checks for timeouts in some communications. The new checks were unnecessary - a higher level timeout mechanism was already in place, tested, and working. The new checks were never tested, and never triggered during normal operation. But when a 32-bit millisecond counter rolled over, the check was wrong triggered - and the handling code was buggy and hung. Thus the unnecessary and untested extra check resulted in systems hanging every 49 days.