Path: ...!3.eu.feeder.erje.net!feeder.erje.net!newsfeed.bofh.team!paganini.bofh.team!not-for-mail
From: antispam@fricas.org (Waldek Hebisch)
Newsgroups: comp.lang.c
Subject: Re: So You Think You Can Const?
Date: Sun, 12 Jan 2025 22:29:36 -0000 (UTC)
Organization: To protect and to server
Message-ID: <vm1foe$2s6l0$1@paganini.bofh.team>
References: <vljvh3$27msl$1@dont-email.me> <20250107130809.661@kylheku.com> <vlm0hf$2dkpd$1@dont-email.me> <87a5c15ob0.fsf@bsb.me.uk> <vlm7o4$2dkpd$4@dont-email.me> <vlm8r6$2dkpd$5@dont-email.me> <87ldvk4wu7.fsf@bsb.me.uk> <vlnrib$2dkpc$5@dont-email.me> <875xmn4lmy.fsf@bsb.me.uk>
Injection-Date: Sun, 12 Jan 2025 22:29:36 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="3021472"; posting-host="WwiNTD3IIceGeoS5hCc4+A.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: tin/2.6.2-20221225 ("Pittyvaich") (Linux/6.1.0-9-amd64 (x86_64))
X-Notice: Filtered by postfilter v. 0.9.3
Bytes: 3248
Lines: 68

Ben Bacarisse <ben@bsb.me.uk> wrote:
> Julio Di Egidio <julio@diegidio.name> writes:
> 
>> On 09/01/2025 02:09, Ben Bacarisse wrote:
>>> Julio Di Egidio <julio@diegidio.name> writes:
>>> 
>>>> static AvlTree_t const *AvlTree_node(
>>>>      void const *pk, AvlTree_t const *pL, AvlTree_t const *pR
>>>> ) {
>>>>      AvlTree_t *pT;
>>>>
>>>>      pT = malloc(sizeof(AvlTree_t));
>>>>
>>>>      if (!pT) {
>>>>          return NULL;
>>>>      }
>>>>
>>>>      pT->pk = pk;
>>>>      pT->pL = pL;
>>>>      pT->pR = pR;
>>>>
>>>>      return pT;
>>>> }
>>> Just on a side issue, I prefer to make tests like this positive so I'd
>>> write:
>>>   static AvlTree_t const *AvlTree_node(
>>>       void const *pk, AvlTree_t const *pL, AvlTree_t const *pR
>>>   ) {
>>>       AvlTree_t *pT = malloc(*pT);
>>>         if (pT) {
>>>           pT->pk = pk;
>>>           pT->pL = pL;
>>>           pT->pR = pR;
>>>       }
>>>       return pT;
>>>   }
>>> I'm not going to "make a case" for this (though I will if you want!) --
>>> I just think it helps to see lots of different styles.
>>
>> That is *more* error prone,
> 
> I would be happy for you to expand on why you say that.

Julio did not want to give his reasons, but I have reasons to
prefer "negative" version too.  Namely, significant trouble
with malloc is ensuring correct handling of failing case.
Since this code is not excercised by normal execution, this
should be done by robust coding pattern.  In particular,
it is easier to check correctness when handling code is
immediately after 'malloc' and the test.  So

    AvlTree_t *pT = malloc(*pT);
    if (!pT) {
        return pT;
    }
    ...

makes quite visible that handling is there and it is rather
minimal (in particular caller have to cope with null pointer
return).  That is easily lost in "posive" version, where
error handling may be far away from the allocation and test.

Basically, this is similar idea to "defer" discussed in
another thread, just in this case requires no language
extention and simply adopting appropriate coding style
gives the effect.

-- 
                              Waldek Hebisch