Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Variable comparisons

From: der Mouse <mouse () Rodents Montreal QC CA>
Date: Wed, 03 Dec 2003 17:35:13 +0000
[if (constant == variable) as defense against s/==/=/]

[M]y erstwhile manager complained about lack of readability, since as
you point out:

This is counter to the way we generally tend to think when writing
mathematical expressions,


Well, yes, but mathematical expressions rarely include anything very
much like programming-language assignments.


Meanwhile, even while I still worked there, I tried to avoid
assignments within conditionals....


-Wparentheses -Werror is your friend. :-)

Even if you don't use gcc for your production builds, with a suitable
bunch of warning options it makes a fairly nice lint-alike.  In some
circumstances it doesn't even have to be ported to your target, or even
build, platform.  (Depending on the lint, I sometimes think it's better
than lint.  The more paranoid will of course use both....)

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               [EMAIL PROTECTED]
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
Previous By Date Next
Previous By Thread Next

Current thread: