Fine, I'll bite :-)
On Fri, Jul 09, 2021 at 04:17:08PM +0200, Alejandro Colomar (man-pages) wrote:
> On 7/9/21 3:54 PM, Jonny Grant wrote:
> >Yes, this could work. But it does rely on programmer typing it like that
> >every time... Maybe an inline function better.
>
> I agree on that.
A function (or any other abstraction) can be fine for this, *iff* you
can make people use it correctly. Since it is pretty much impossible to
give a good succinct name to this function, I posit that is not the
case. Please feel free to prove me wrong (by coming up with a decent
name for it).
> >I'd prefer a Annex K of C11 style function ISO/IEC TR 24731-1 for strlen()
> >- but there isn't one such as strnlen_s.
>
> Please, consider not calling some function safesomething() or similar,
> as it isn't 100% safe. It's like calling some thing "the new X". How
> will you call the next version? "the nova X"? And the next? "the
> supernew X"?
>
> As I said before, unsigned types are unsafe, you may want to accept it
> or not, but they are.
I thought Annex K was great entertainment, but calling unsigned types
"unsafe" takes the cake.
Unsigned types are Z/nZ with n some power of two. Signed types are not
even Z (overflow is undefined). Unsigned types are useful for
describing many machine things. They are useful for sizes, not only
because sizes cannot be negative, but also because sizes can be bigger
than the maximum positive number that can fit in the same size signed
number. They are useful for bitty things, registers maybe, stuff in
memory, or device I/O registers. And they are much more useful than C
signed numbers for holding memory addresses, where you need that (you
can do sane aritmetic on it).
Using unsigned types without range checking is often wrong ("unsafe" in
your words). Using signed types without range checking is just as wrong
in the same cases, if not more (overflow is undefined). At least in the
"unsigned" case it is *possible* its behaviour is what the programmer
intended!
> Agree on this again, but I think the following is readable:
>
> len = strlennull(maybenull);
If you use it a million times, of course you can give it a short and
non-sensical name, and expect the users to learn what it means. If not,
it is better to be slightly more verbose, and reduce the mental load.
Segher
