Re: Style question: Should one check for NULL pointers?

From: H. Peter Anvin (hpa@zytor.com)
Date: Fri Jul 11 2003 - 15:36:25 EST

Next message: Andries Brouwer: "Re: 2.5 'what to expect'"
Previous message: H. Peter Anvin: "Re: Style question: Should one check for NULL pointers?"
In reply to: Horst von Brand: "Re: Style question: Should one check for NULL pointers?"
Next in thread: Alan Stern: "Re: Style question: Should one check for NULL pointers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Followup to: <200307111932.h6BJWMr5004606@eeyore.valparaiso.cl>
By author: Horst von Brand <vonbrand@inf.utfsm.cl>
In newsgroup: linux.dev.kernel
>
> Alan Stern <stern@rowland.harvard.edu> said:
>
> [...]
>
> > Suppose everything is working correctly and the pointer never is NULL.
> > Then it really doesn't matter whether you check or not; the loss in code
> > speed and size is completely negligible (except maybe deep in some inner
> > loop). But there is a loss in code clarity; when I see a check like that
> > it makes me think, "What's that doing there? Can that pointer ever be
> > NULL, or is someone just being paranoid?" Distractions of that sort don't
> > help when trying to read code.
>
> My personal paranoia when reading code goes the other way: How can I be
> sure it won´t ever be NULL? Maybe it can't be now (and to find that out an
> hour grepping around goes by), but the very next patch introduces the
> possibility. Better have the function do an extra check, or make sure
> somehow the assumption won't _ever_ be violated. But that is a large (huge,
> even) cost, so...
>

And you just shot yourself in the foot, majorly, because you tested
for NULLness and then took the action you anticipated might have been
appropriate, which really it wasn't, and you allowed a kernel with
now-corrupt data structures to continue to run.

This is bad. This is extrememly bad. And your "forward thinking"
*caused* it.

A null pointer dereference in the kernel is fatal for a reason. It
indicates that there are interfaces that aren't consistent, and your
data structures are now completely unreliable.

-hpa

-- 
<hpa@transmeta.com> at work, <hpa@zytor.com> in private!
If you send me mail in HTML format I will assume it's spam.
"Unix gives you enough rope to shoot yourself in the foot."
Architectures needed: ia64 m68k mips64 ppc ppc64 s390 s390x sh v850 x86-64
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Andries Brouwer: "Re: 2.5 'what to expect'"
Previous message: H. Peter Anvin: "Re: Style question: Should one check for NULL pointers?"
In reply to: Horst von Brand: "Re: Style question: Should one check for NULL pointers?"
Next in thread: Alan Stern: "Re: Style question: Should one check for NULL pointers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Jul 15 2003 - 22:00:42 EST