Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How defensive should you be? [duplicate]

Tags:

c++

defensive-programming

Possible Duplicate:
Defensive programming

We had a great discussion this morning about the subject of defensive programming. We had a code review where a pointer was passed in and was not checked if it was valid.

Some people felt that only a check for null pointer was needed. I questioned whether it could be checked at a higher level, rather than every method it is passed through, and that checking for null was a very limited check if the object at the other end of the point did not meet certain requirements.

I understand and agree that a check for null is better than nothing, but it feels to me that checking only for null provides a false sense of security since it is limited in scope. If you want to ensure that the pointer is usable, check for more than the null.

What are your experiences on the subject? How do you write defenses in to your code for parameters that are passed to subordinate methods?

like image 735
TERACytE Avatar asked Dec 16 '09 18:12

TERACytE

1 Answers

In Code Complete 2, in the chapter on error handling, I was introduced to the idea of barricades. In essence, a barricade is code which rigorously validates all input coming into it. Code inside the barricade can assume that any invalid input has already been dealt with, and that the inputs that are received are good. Inside the barricade, code only needs to worry about invalid data passed to it by other code within the barricade. Asserting conditions and judicious unit testing can increase your confidence in the barricaded code. In this way, you program very defensively at the barricade, but less so inside the barricade. Another way to think about it is that at the barricade, you always handle errors correctly, and inside the barricade you merely assert conditions in your debug build.

As far as using raw pointers goes, usually the best you can do is assert that the pointer is not null. If you know what is supposed to be in that memory then you could ensure that the contents are consistent in some way. This begs the question of why that memory is not wrapped up in an object which can verify it's consistency itself.

So, why are you using a raw pointer in this case? Would it be better to use a reference or a smart pointer? Does the pointer contain numeric data, and if so, would it be better to wrap it up in an object which managed the lifecycle of that pointer?

Answering these questions can help you find a way to be more defensive, in that you'll end up with a design that is easier to defend.

like image 165
mch Avatar answered Oct 31 '22 16:10

mch
Sign in to Comment

Related questions

Difference between while(i=0) and while(i==0)
Converting numbers into alphabets in c++
SDL 2 Undefined Reference to "WinMain@16" and several SDL functions
std::pow gives a wrong approximation for fractional exponents
Declaring a variable in an if-else block in C++
Why can't a function have a reference argument in C?
when memory will be released?
Which language/platform to develop desktop application based on following criteria [closed]
How to store and call a compiled function in C / C++?
Memory leaks in C++ (via new+delete)
Small is beautiful, but is it also fast?
Switching to Linux for Windows development, bad idea?
Unknown meta-character in C/C++ string literal?
Unsigned long with negative value
c++ and c# speed compared
Two-way "Hashing" of string
C program, that prints its executable file name
What does the "|" in "int style = SWT.APPLICATION_MODAL | SWT.OK;" do (and how to Google it)?
Why do I hear a beep on this program? [duplicate]
Segmentation fault in strcpy

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!