Deutsch English Français Italiano |
<vb77tn$3bu07$3@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!2.eu.feeder.erje.net!feeder.erje.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: David Brown <david.brown@hesbynett.no> Newsgroups: comp.lang.c Subject: Re: Code guidelines Date: Tue, 3 Sep 2024 16:53:43 +0200 Organization: A noiseless patient Spider Lines: 59 Message-ID: <vb77tn$3bu07$3@dont-email.me> References: <vb6v1t$3b5mb$1@dont-email.me> <vb726n$3b4rq$1@dont-email.me> <vb736j$3b5mb$2@dont-email.me> <vb75g9$3bntp$1@dont-email.me> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Tue, 03 Sep 2024 16:53:43 +0200 (CEST) Injection-Info: dont-email.me; posting-host="93d7d6b8e3b40fe75b60c4526d162769"; logging-data="3536903"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18YbhVXItqik/9g7MYRfxrhrH9VyxpxoPA=" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Cancel-Lock: sha1:pMCFQfi8/SOvpQtuNlLCrGAKkJY= Content-Language: en-GB In-Reply-To: <vb75g9$3bntp$1@dont-email.me> Bytes: 2954 On 03/09/2024 16:12, Thiago Adams wrote: > On 03/09/2024 10:33, Thiago Adams wrote: > ... >> For instance: >> >> The first sample my create confusion (is name optional?) >> >> void f(struct user* user) >> { >> if (user->name && strcmp(user->name, "john") == 0) >> { >> //... >> } >> } >> >> But : >> void f(struct user* user) >> { >> assert(user->name); >> if (user->name && strcmp(user->name, "john") == 0) >> { >> //... >> } >> } >> >> would show redundancy but making clear the contract still "name should >> not be null" > > Redundant code can either indicate a programmer's mental confusion Yes. > or > serve as a way to address potential contract violations. No. If specification violations are realistic (from untrusted code, or code under development), then a /single/ check looks for violations. /Redundant/ checks are pointless at best, and (as I have explained) often worse than useless. Computers are not humans that might miss something on the first glance, then see it on the second time. Do the same check twice in the code and you will get the same answer each time - the second check gives no benefits. > > I believe the objective is to ensure that runtime checks are not > questioning the contract but rather functioning as redundant safeguards. > > In other words, the programmer must demonstrate that they understand the > contract and are not messing it. > > A safeguards for a very low risk situation also may indicate a mental > confusion about the risks involved. For instance, assert(2 + 2 == 4); > A redundant check is, by definition, a very low risk situation.