Hi,
I am not using C all the time. I have a general understanding of C
and nothing else. The recent reply to use strlcpy and strlcat showed
me that I am not aware of the best and safe techniques. Is there any
place where I could learn more about safer and better C (on FreeBSD)?
Thank you
Nov 14 '05
39 2382
John Bode wrote:
.... snip ... 1. Initialize all variables to a known value. 2. Check all return values from library functions. 3. Don't use gets(). 4. During development, set the warning level on the compiler to its highest setting. Review and eliminate each warning. 5. Don't cast an expression *just* to eliminate a warning. 6. When comparing against a constant expression for equality, put the constant on the LHS (i.e., if (SOME_CONSTANT == x)); this will catch any problems where you typed "=" when you meant "==". 7. Abstract out tedious, repetitive, and/or low-level tasks. IOW, don't call malloc() directly from your application code, but wrap it in a function that performs error checking and initialization of the memory being returned.
I agree with all except #1, which can mask a failure to suitably
initialize later.
--
Chuck F (cb********@yah oo.com) (cb********@wor ldnet.att.net)
Available for consulting/temporary embedded and systems.
<http://cbfalconer.home .att.net> USE worldnet address!
In article <g0************ *****@newsread3 .news.pas.earth link.net>,
Mike Wahler <mk******@mkwah ler.net> wrote: "Keith Thompson" <ks***@mib.or g> wrote in message news:ln******* *****@nuthaus.m ib.org... jo*******@my-deja.com (John Bode) writes: [...] > 6. When comparing against a constant expression for equality, put the > constant on the LHS (i.e., if (SOME_CONSTANT == x)); this will catch > any problems where you typed "=" when you meant "==". [...]
This one is controversial. Personally, I find the (5 == x) form grating; I'd rather use (x == 5) and just make sure I get the operator right. (This has been discussed to death here before.)
#define equals ==
if(x equals y) ;
Heh.
But don't most compilers catch (warn about) this anyway, these days?
That is, they want you to change:
if (x = 5)
to:
if ((x = 5))
> But don't most compilers catch (warn about) this anyway, these days? That is, they want you to change:
if (x = 5) to: if ((x = 5))
What will the compiler catch if you have a multiple test, like:
if ((x = 5) && (y == 6))
Guillaume <"grsNOSPAM at NOTTHATmail dot com"> writes: But don't most compilers catch (warn about) this anyway, these days? That is, they want you to change: if (x = 5) to: if ((x = 5))
What will the compiler catch if you have a multiple test, like:
if ((x = 5) && (y == 6))
gcc doesn't.
--
Keith Thompson (The_Other_Keit h) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
On Sat, 16 Oct 2004 01:26:14 +0000, Keith Thompson wrote: Guillaume <"grsNOSPAM at NOTTHATmail dot com"> writes: But don't most compilers catch (warn about) this anyway, these days? That is, they want you to change: if (x = 5) to: if ((x = 5))
What will the compiler catch if you have a multiple test, like:
if ((x = 5) && (y == 6))
gcc doesn't.
int main()
{
int x = 3, y = 4;
if ( y = x )
;
return 0;
}
gcc -Wall test.c
test.c: In function `main':
test.c:5: warning: suggest parentheses around assignment used as truth
value
Apparently, it does. Just not with the default warning levels... but
you'd never fail to use at least -Wall during development, would you?
On Fri, 15 Oct 2004, Kelsey Bjarnason wrote: On Sat, 16 Oct 2004 01:26:14 +0000, Keith Thompson wrote: Guillaume <"grsNOSPAM at NOTTHATmail dot com"> writes: What will the compiler catch if you have a multiple test, like:
if ((x = 5) && (y == 6)) gcc doesn't.
[...] Apparently, it does.
Try again, this time with the line Guillaume asked about. Keith's
absolutely right.
On the other hand, gcc /will/ warn you if you leave off the redundant
parentheses in Guillaume's example. Which some people might see as an
advantage to leaving them off (my preferred style in many cases as it
reduces clutter), but really I don't consider "mistyping == as = or
vice versa" to be a statistically significant problem in the first place.
-Arthur
In article
<pa************ *************** *@xxnospamyy.li ghtspeed.bc.ca> ,
Kelsey Bjarnason <ke*****@xxnosp amyy.lightspeed .bc.ca> wrote: On Sat, 16 Oct 2004 01:26:14 +0000, Keith Thompson wrote:
Guillaume <"grsNOSPAM at NOTTHATmail dot com"> writes: But don't most compilers catch (warn about) this anyway, these days? That is, they want you to change: if (x = 5) to: if ((x = 5))
What will the compiler catch if you have a multiple test, like:
if ((x = 5) && (y == 6))
gcc doesn't.
int main() { int x = 3, y = 4;
if ( y = x ) ;
return 0; }
gcc -Wall test.c test.c: In function `main': test.c:5: warning: suggest parentheses around assignment used as truth value
I believe they were referring to the latter construction:
if ((x = 5) && (y == 6))
which is not caught (at least not with -Wall on gcc 3.4.2).
Cheers,
- jonathan
Kelsey Bjarnason <ke*****@xxnosp amyy.lightspeed .bc.ca> writes: On Sat, 16 Oct 2004 01:26:14 +0000, Keith Thompson wrote:
Guillaume <"grsNOSPAM at NOTTHATmail dot com"> writes: What will the compiler catch if you have a multiple test, like:
if ((x = 5) && (y == 6))
gcc doesn't.
if ( y = x ) ;
Are you paying attention?
--
Ben Pfaff
email: bl*@cs.stanford .edu
web: http://benpfaff.org
"Arthur J. O'Dwyer" <aj*@nospam.and rew.cmu.edu> writes: On Fri, 15 Oct 2004, Kelsey Bjarnason wrote: On Sat, 16 Oct 2004 01:26:14 +0000, Keith Thompson wrote: Guillaume <"grsNOSPAM at NOTTHATmail dot com"> writes:
What will the compiler catch if you have a multiple test, like:
if ((x = 5) && (y == 6))
gcc doesn't.
[...] Apparently, it does.
Try again, this time with the line Guillaume asked about. Keith's absolutely right.
On the other hand, gcc /will/ warn you if you leave off the redundant parentheses in Guillaume's example. Which some people might see as an advantage to leaving them off (my preferred style in many cases as it reduces clutter), but really I don't consider "mistyping == as = or vice versa" to be a statistically significant problem in the first place.
The parentheses aren't redundant (if that's really supposed to be "="
rather than "=="). If you leave them out:
if (x = 5 && y == 6)
is equivalent to
if (x = (5 && y == 6))
Of course if you correctly use "==" rather than "=", they are redundant:
if (x == 5 && y == 6)
--
Keith Thompson (The_Other_Keit h) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
On Sat, 16 Oct 2004 00:12:55 -0400, Arthur J. O'Dwyer wrote: On Fri, 15 Oct 2004, Kelsey Bjarnason wrote: On Sat, 16 Oct 2004 01:26:14 +0000, Keith Thompson wrote: Guillaume <"grsNOSPAM at NOTTHATmail dot com"> writes:
What will the compiler catch if you have a multiple test, like:
if ((x = 5) && (y == 6))
gcc doesn't.
[...] Apparently, it does.
Try again, this time with the line Guillaume asked about. Keith's absolutely right.
Actually, it does. Note that the (x=5) is included in the extra layer of
parentheses, which is the _fix_ to allow such a situation to occur without
the warning. Trying it in the context of the original actual problem -
without the extra parentheses - it does, indeed, complain.
One can hardly say "X doesn't do this" when it does _unless_ one takes
steps to prevent it... and then test with code which has, in fact, taken
those steps. Might as well compile with all warnings disabled and then
complain the compiler doesn't detect any of a thousand or more things. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: psimakov |
last post by:
There is a new article out by Pavel Simakov entitled:
Javascript Refactoring for safer, faster, better AJAX.
http://www.softwaresecretweapons.com/jspwiki/Wiki.jsp?page=JavascriptRefactoringForSaferFasterBetterAJAX
He argues that its time for Javascript coding practices to mature into
professional software engineering, discusses various ways to improve
Javascript code and has examples of Javascript refactoring from
real-life projects....
|
by: Pradyot Dhulipala |
last post by:
Can some one please point me to a comprehensive resource for writing C
programs?I checked out Steve Summit's FAQ.
Thanks,
Pradyot
|
by: Brett |
last post by:
Let's say some one makes the argument that instead of multi threading an
application, they say it's better just to make multiple applications. The
app does the same thing for different modules. The modules are conceptually
the same. They contain mostly data but some processing to get data. The
app knows nothing about how they get the data. Just that they return data
in a starndard format. The argument is based on 12 apps vs. 1 multi...
|
by: Clint Olsen |
last post by:
I was just thinking about the virtues of C vs. C++ wrt. ADT/generic
programming. The biggest complaint about writing container libraries for
ADTs is that void * offers no type safety. Does it really have to be this
way?
Couldn't you for instance track an object's accesses with void pointers and
ensure they are used consistently across calls?
---------
|
by: WXS |
last post by:
Using lock(this) has been much maligned since someone external to your object
can lock causing possible deadlock and forcing you to now create an extra
object lock_=new object(); in any classes using locking with nothing better
to lock on.
How about supporting a protected property on System.Object as SyncObj (so it
is really an internal locking object rather than this object) or something
like that that can be locked on. Perhaps the C#...
| |
by: jacob navia |
last post by:
Recently, Microsoft proposed to the C standards comitee a rewrite of
many functions in the standard library to make them safer in usage than
the current ones.
The new functions are specified in the TR 24731.
lcc-win32 has released a first implementation of this TR with most
functions implemented (the wide character versions of those functions
aren't in this first release)
|
by: Joseph Turian |
last post by:
I've been using assert liberally throughout my code.
Then, upon compiling with -NDEBUG, I found that my program had
different output.
Why? Because -NDEBUG disables assert, but I had (at least) one assert
with a side-effect.
Can someone recommend a safer mechanism for assertions? e.g. one that
determines the const-ness of what is being checked?
Thanks,
|
by: Ben Bacarisse |
last post by:
I am porting a program from the Windows world to the Linux world. The
source uses MS's new "safer" string functions such as:
strcat_s(dest, size, source);
but there are also calls such as:
strcat_s(dest, source);
I gather that the MS C++ library includes a option whereby some
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
| |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |