jaysome said:
I disagree. It should be recommended.
That's because strlen(NULL) results in undefined behavior, and you
should have caught such an error during verification, way before the
software gets into *production* (especially with safety-critical
software).
One can never test every possible condition in complex real-world
software, and the consequences of your validation being incomplete are
too severe to risk a crash no matter how sure you are you got it right.
Trying to do _something_ reasonable at least has the _chance_ of saving
lives; crashing leaves no chance at all. Deliberately choosing to kill
people is likely to bankrupt you, if not put you in jail.
Pedantism is for those who don't have to face the consequences, or those
whose work doesn't matter.
If not, then what you are saying is that it's better to rely on the
results of undefined behavior of strlen(NULL) and all it's perverse
consequences than to rely on the "crash"?
Yes.
Imagine a hypothetical 911* call center. Now, say there's a bug that
causes the agents' phones to crash randomly due to trapping on
strlen(NULL). It's one thing for that to be an accident, in which case
the phone vendor is likely to only face a few million dollars (per
victim) in fines and civil suits, but if it came out that the crash was
deliberate when there was the option of handling the error without
hanging up on someone who was being raped or assaulted, well, let's just
say juries wouldn't be very sympathetic to those responsible.
(And this isn't such a hypothetical example. I've seen it actually
happen to two different vendors, though NDAs prevent me from saying who
or when.)
S
* For those outside the US, replace with your local emergency services
number, e.g. 112 in Europe.