From: "H. Peter Anvin" <hpa@zytor.com>
To: linux-kernel@vger.kernel.org
Subject: Re: Style question: Should one check for NULL pointers?
Date: 11 Jul 2003 13:36:25 -0700 [thread overview]
Message-ID: <ben749$mkp$1@cesium.transmeta.com> (raw)
In-Reply-To: 200307111932.h6BJWMr5004606@eeyore.valparaiso.cl
Followup to: <200307111932.h6BJWMr5004606@eeyore.valparaiso.cl>
By author: Horst von Brand <vonbrand@inf.utfsm.cl>
In newsgroup: linux.dev.kernel
>
> Alan Stern <stern@rowland.harvard.edu> said:
>
> [...]
>
> > Suppose everything is working correctly and the pointer never is NULL.
> > Then it really doesn't matter whether you check or not; the loss in code
> > speed and size is completely negligible (except maybe deep in some inner
> > loop). But there is a loss in code clarity; when I see a check like that
> > it makes me think, "What's that doing there? Can that pointer ever be
> > NULL, or is someone just being paranoid?" Distractions of that sort don't
> > help when trying to read code.
>
> My personal paranoia when reading code goes the other way: How can I be
> sure it won´t ever be NULL? Maybe it can't be now (and to find that out an
> hour grepping around goes by), but the very next patch introduces the
> possibility. Better have the function do an extra check, or make sure
> somehow the assumption won't _ever_ be violated. But that is a large (huge,
> even) cost, so...
>
And you just shot yourself in the foot, majorly, because you tested
for NULLness and then took the action you anticipated might have been
appropriate, which really it wasn't, and you allowed a kernel with
now-corrupt data structures to continue to run.
This is bad. This is extrememly bad. And your "forward thinking"
*caused* it.
A null pointer dereference in the kernel is fatal for a reason. It
indicates that there are interfaces that aren't consistent, and your
data structures are now completely unreliable.
-hpa
--
<hpa@transmeta.com> at work, <hpa@zytor.com> in private!
If you send me mail in HTML format I will assume it's spam.
"Unix gives you enough rope to shoot yourself in the foot."
Architectures needed: ia64 m68k mips64 ppc ppc64 s390 s390x sh v850 x86-64
next prev parent reply other threads:[~2003-07-11 20:22 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-10 20:28 Style question: Should one check for NULL pointers? Alan Stern
2003-07-10 20:52 ` Eli Carter
2003-07-10 22:12 ` H. Peter Anvin
2003-07-11 2:35 ` Alan Stern
2003-07-11 14:29 ` Eli Carter
2003-07-11 15:16 ` Alan Stern
2003-07-12 18:40 ` Horst von Brand
2003-07-13 21:42 ` Alan Stern
2003-07-11 20:33 ` H. Peter Anvin
2003-07-10 22:54 ` David D. Hagood
2003-07-11 4:02 ` Hollis Blanchard
2003-07-11 4:38 ` Hua Zhong
2003-07-11 14:13 ` David D. Hagood
2003-07-11 14:52 ` Richard B. Johnson
2003-07-11 15:39 ` Alan Stern
2003-07-11 19:32 ` Horst von Brand
2003-07-11 20:36 ` H. Peter Anvin [this message]
2003-07-11 21:21 ` Alan Stern
2003-07-13 22:53 ` Ingo Oeser
[not found] <7QmZ.5RP.17@gated-at.bofh.it>
2003-07-10 21:00 ` Dennis Bliefernicht
2003-07-10 22:13 ` H. Peter Anvin
2003-07-10 22:28 ` Larry McVoy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='ben749$mkp$1@cesium.transmeta.com' \
--to=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).