What's the best way to minimize the need of run time checks?

Mon Aug 29 09:13:32 EDT 2016

On Mon, Aug 29, 2016 at 10:46 PM, Steve D'Aprano
<steve+python at pearwood.info> wrote:
> On Mon, 29 Aug 2016 10:31 pm, Chris Angelico wrote:
>
>> On Mon, Aug 29, 2016 at 10:13 PM, BartC <bc at freeuk.com> wrote:
>>> In C, you can write this:
>>>
>>>  int x;
>>>
>>>  x = 5;
>>>  x = "hello";
>>>
>>> With certain compilers (eg. gcc) you only get a warning. (And since I
>>> don't show warnings to avoid inundation, that seems to compile fine for
>>> me!)
>>
>> That's because strings, in C, are really pointers-to-char, and for
>> hysterical raisins, pointers can be assigned to integers with just a
>> warning. (Good code should have an explicit cast here.)
>
> Let me see if I've got this straight... Bart's second assignment will
> allocate a block of memory at least five bytes in size, stuff the ASCII
> codes for 'h', 'e', 'l', 'l' and 'o' in that block (possibly with a null
> byte at the end?) and then assign x to the address of that block.
>
> Am I right?

Mostly. Six for the \0 at the end, and the actual allocation happens
at compile time; this is a literal, so it means "have a thing
somewhere in memory that has h, e, l, l, o, \0, and I am its address".
So the actual run-time effect of this second assignment is simply to
set x to that address - which is effectively equivalent to "x = 5;"
with some other value. That's why it's permitted (with a warning). In
situations where you really WANT that, it's simple enough to demand
it:

x = (int)"hello";

but, as mentioned, backward compatibility means that this is permitted
without the explicit cast. Personally, I'd call it an error, and all
my C/C++ programs are designed to be compiled with -Wall, although I
don't necessarily demand utter silence from the compiler. Every
warning should be understood.

> That's better than my first thought, which was that it would write either
>
>     0x6865  ('he', if int is 16 bits)
>
> or
>
>     0x68656c6c  ('hell', if int is 32 bits)
>
>
> to x, and either discard the rest of the characters or just blindly write
> them over the top of whatever variable (if any) happens to follow x in
> memory.

Right, that's what would happen if you use single quotes (although
that's an extension). Interestingly, even though I'm on a 64-bit
system, gcc seems to work with 32-bit character constants at most;
it's happy to set x = 'helo', but x = 'hello' produces a "character
constant too long" warning and just uses 'ello'. (Actually, ANY
multi-character constant produces a warning, but that's because I have
it set to warn about all use of non-standard features. Not everyone
will.)

>> Getting inundated with warnings would be a major code smell.
>
> "The low oil warning light in my car was always on, so I put some masking
> tape over it so it wasn't bothering me any more."
>
>
> It freaks me out something wicked when I run a major GUI application like
> Firefox from the command line. Have you seen how many warnings and failed
> assertions it generates? It is scary.
>

Agreed, although not all of them are the fault of Firefox itself. I've
seen some GUI libraries that themselves produce warnings. Not good,
IMO.

ChrisA