[Date Prev][Date Next][Thread Prev][Thread Next][Author Index][Date Index][Thread Index]

Re: easy to miss bug (even in structured debug)

> From tribble Mon Nov 20 14:11:16 1989
> I occasionally worry about bugs resulting from passing NULL pointers
> rather than pointers to objects.  The 'fetch' operations make this
> especially easy.  I check these by considering the types {Foo *|NULL}
> different from {Foo*} when I walk through the code in my mind.
> Is there an anolgous scheme for structured debug?  Can we add this
> stronger type-checking in xlint?

That's what one does in structured debug, as well.

If an argument can be either NULL or foo*, you must exercise the
routine with both to pass that argument's declaration.  (This can
cause combinitorial explosions if you have a lot of arguments and
tangled flow.  We don't write tangled flow, do we?  B-) )

If NULL is not allowed, this must be explained in the block of
comments at the start of the routine, which means one of the
criteria for passing a calling statement is that it can't pass in
a NULL (unless ITs routine's contract is violated by ITs caller).

Note that NULL pointers as arguments to a routine are just a special
cases of argument-value-out-of-bounds / argument-value-at-a-boundary,
and are handled like any other variable-value boundary condition.