Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Users Search
Help Dashboard Sign In Sign Up
Q&A Code Reviews Meta
Q&A
Posts Tags Edits
Ask Question

Welcome to Software Development on Codidact!

Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.

Post History

84%
+9 −0
Q&A Should I check if pointer parameters are null pointers?

As with most everything in engineering, how much call arguments to a subroutine should be validated is a tradeoff. There is no single universal right answer. Note that checking for null pointers ...

posted 2y ago by Olin Lathrop‭

Answer
#1: Initial revision by user avatar Olin Lathrop‭ · 2022-04-05T13:24:23Z (over 2 years ago) 
As with most everything in engineering, how much call arguments to a subroutine should be validated is a tradeoff.  There is no single universal right answer.  Note that checking for null pointers is only one instance of validating information from elsewhere before acting on it.

Advantages of data validation:<ul>

<li>Helps during development and debugging.

<li>Protects against possible malicious use.

<li>Reduces cascading errors.  When everything is a mess, it's often hard to figure out what initially went wrong.

<li>Allowing bad data to pass may cause a hard failure later and crash the whole system.  Trying to dereference a NIL pointer will usually crash a program.  At that point, it can't apply any corrective action.  However, if a NIL pointer is detected, then there is opportunity to handle the error without disrupting other parts of the operation.

<li>There might be legitimate reasons data could be invalid.  Your subroutine might be the right place to check for that.

<li>Some errors can cause correct-looking results.  Getting wrong answers can be far worse than the process stalling and giving no answer.

<li>Safety-critical applications.  <i>"Invalid message received about adjusting the control rods"</i> may be preferred over <i>"Raise the control rods by 10<sup>38</sup> meters"</i>.

</ul>

Of course nothing is free.  Data validation comes at the cost of larger code size and slower run-time response.  Whether that is a worthwhile tradeoff depends on a number of parameters:<ul>

<li>Does the extra delay in responsiveness matter?  In critical control applications, it might.

<li>Does the extra code space matter?  If it's in a high-volume throw-away consumer product that maxxes out a cheap microcontroller, then using the next size up micro may make the whole product non-viable.

<li>What's the cost of failure?  Misreading a button press on a child's toy versus on an x-ray cancer treatment machine have vastly different downsides.

<li>How likely is bad data?  Something a user types in could be anything, whereas the reading from your 10 bit A/D is always going to be 0-1023.  Also, at some point data needs to be trusted.  Is this a low level routine that should only be handed good data that has already been validated by upper layers?

<li>Is there anything you can do about it?  On an embedded microcontroller there may be no operating system, no user console to write messages to, etc.  In the end, your not really going to output 10<sup>38</sup> volts.  Resetting the system may be worse than the disruption due to a bad data value.

</ul>

<b>Everything is a tradeoff.</b>