jacob navia said:
The limits comparison is an integer comparison and a jump.
In most processors this is 2-3 instructions. Then, there is a
call to C99 printf, that is surely at least 3000 - 4000 instructions,
several function calls, and a quite BIG overhead.
Sure - but you don't necessarily need to call printf after asctime. C
certainly doesn't require this. You might have other plans for the string.
But it seems to me that you might be talking about the sprintf code laid
out in the Standard. If so, remember that it's an "as if" situation, and
it would not surprise me if library implementors have found much quicker
ways to do it, given that all the types concerned are integer types.
But a simple error checking comparison of 2 instructions is too much for
you.
Not at all. I'm saying that the programmer should have the *choice*.
Your attitude towards errors and error checking is the same as
the committee. "Error checking is stupid. C doesn't do error checking".
No, my attitude is that error checking is very sensible, and should be done
whenever appropriate. But sometimes the right place to decide whether
error checking is appropriate is *outside* the library function. I think
this is one of those situations.
I quote your message:
"If we wish to add a safety layer, that's our choice, and we have
the freedom *not* to do so in situations whose very nature renders the
safety layer unnecessary."
It is so easy to see that the ranges of the eyar that you got it
wrong in your first try.
Sure - but did you notice that my error was on the side of caution? The
range of values that asctime can represent without overrunning the buffer
is actually greater than I had claimed. I shouldn't have got it wrong but,
if I had done so in production code, the buffer would still have been safe
provided the values in the struct tm were within the ranges I'd
mis-specified.
This after I pointed to you of that error,
Wrong. My error was pointed out by Harald van Dijk.
after you read the standard, etc.
Yes, I overlooked the possibility that tm_year might be negative. This
makes the acceptable value range (from asctime's perspective) wider, not
narrower.
A normal programmer will never discover that.
The kind of programmer who reads the Standard carefully and attentively
will discover it when he or she needs to know it and looks it up. The kind
of programmer who does not read the Standard carefully and attentively
will never notice the omission of explicitly specified ranges anyway.
I proposed that we
calculate the maximum size of that buffer instead of the
hardwired "26" that is the standard text.
What is the maximum size of the buffer? A struct tm is packed to the
gunwales with ints, and ints have no maximum size in C.
Nope, they will not do it.
Mr Cleaver that proposed the change to replace overflowing
numbers with an asterisk was rejected too.
You defend them becasue you and they have the same basic
philosophy towards error checking:
"Error checking is unnecessary overhead"
But I do not have this philosophy. On the contrary, I think error checking
is very important, but I do think that the higher up the call chain it can
be done, the better. If I can use an analogy here, imagine a government
building, complete with security fence and gate guards. The guards check
your pass at the gate. Maybe the security guard in Reception will check
it, too. And then maybe you have to swipe it over an electronic lock
before you can get in. So far, so annoying, but we can see why it might be
necessary. But *once you're in*, imagine what it would be like if, every
time you met anyone else in the building, they checked your pass *again*.
And then you go to another office (check, check, check), and when you get
back to the first office they check it *again*. You'd hardly have time to
get anything done, because you'd spend most of your time showing your
pass. That level of security would be intrusive and counter-productive.
So you build a firewall around your core routines, and you check the data
at the firewall, and you only send data on to the core routines if you
know it's valid. To me, that's just plain common sense.