Throw (or respectively) the argument of the NULL function against all of this exploding?

My preference is not to check for NULL pointers. A check against NULL is a test of only one of the billions of possible invalid argument values; the rest are undetectable and potentially much more dangerous. If your function documentation states that NULL is a valid argument with a special value, anyone who calls it should assume that all hell breaks if they pass NULL.

If your function is very short and used in tight loops, checking for NULL can be a significant loss in performance. One very real example is the standard C mbrtowc function, used to decode multibyte characters. If your application needs to do single-character byte encoding, a dedicated UTF-8 decoder can be 20% faster than the optimal implementation of UTF-8 mbrtowc , simply because the latter is required to do a bunch of useless checks at the beginning, mostly The NULL pointer checks, and it called many times on very small data.

Even if most of your functions work with big data, it creates a bad use case to tell the caller that it can pass NULL pointers. What if later you need functions that work with small fragments?

If you do not code for embedded systems, NULL is the least dangerous invalid pointer to dereference, as it will immediately lead to an exception at the operating system level (signal / etc.). If you don't want to rely on this, why not just use assert(ptr); so that you can easily enable / disable checks for debugging?

If the function parameter is a pointer that should not be NULL, then you should not change the parameter for the reference? This probably will not change the reporting of when you get a drop using the NULL pointer, but it does allow the static type of chance check to detect a compilation error.

If the first thing you do is check that the parameter is not NULL, then you should use the link.

 void Foo(Bar *const pBar) { if (pBar == NULL) { throw error(); } // Now do something with pBar } 

Change this to:

 void Foo(Bar &bar) { // Now use bar, safe in the knowledge it not NULL. } 

Remember that you can still get the NULL link:

 Bar *const pBar = NULL; Foo(*pBar); // Will crash *inside* of Foo, rather than at the point of dereference. 

This means that you need to check your parameter again.

However, I’m starting to think that maybe it’s better to just blow up the application the first time that the NULL pointer is dereferenced in the same function - then the crash dump file will show what happened - and let the thorough test find the calls to the bad functions.

If you ever consider this, you should use assert() instead. In this way, the application is guaranteed to properly crash and create a core dump.

Throwing an exception that is not going to be caught will untie the stack, and the diagnostic (internal) problem later can be more complicated - unless, of course, you are inside every function that catches the exception, enriching the error message appropriately in order to resolve the problem later . But if you are already handling exceptions to such an extent, then it makes no sense to treat the error as fatal.

In such cases, I prefer to use assert() , followed by an exhaustive unit test. Conventional high-level tests can rarely cover the code enough. For releases, I will disable assert() (using -DNDEBUG ), as in production, in such a rare case, clients usually prefer a module that can work with a flaw, but somehow it does not crash. (The sad reality of commercial software.)

NB If the code is performance sensitive, then statement may be the best choice. You can disable claims in release builds, but you cannot remove exception handling.

Summarizing. If NULL really cannot happen, use assert() . If you already have exception handling, handle NULL as a regular internal error.

PS Another concept regarding the incorrect processing of arguments (rarely implemented, but I saw some real examples in the past) is to reorganize the code in such a way as to exclude the possibility of an invalid argument. The Life Support / Critical / Carrier Support Program uses these design tricks to reduce overhead.

So, the real question: When writing a C ++ / C library, what possible problems should be considered when specifying an exception / error handling strategy in a particular case for selecting an exception throw (C ++ library) or returning an error code (C library), and in Otherwise, blow everything up when the function arguments do not match the documented constraints?

Design by contract any? I think this is what Neil Butterworth describes. If the specification of the function says that if the argument values ​​are within the specified constraints (preconditions), then the output will be within the specified constraints (postconditions) and there will be no violation of any specific invariants. If the user of your library function violates the documented preconditions, then he opens the season for undefined behavior, so beloved by C ++ people. This should also be documented. You can specify that the function will catch and process the “invalid” argument values ​​(C ++ exceptions / error codes), but then the question arises whether they are still invalid arguments, since the function’s answer to this specified precondition must then be specified postcondition.

All this is due to publicly available code / binaries.

For debugging purposes, you can use assertions, etc., to catch invalid arguments, but this is really checking client code that meets the prerequisites. The client code may be library user code, or possibly library code, or both. As a library writer, you will have to speculate on potential issues for various scenarios / use cases regarding specifications, design and implementation issues.

If your application is doing logging, you can simply write something like: functionX(): got NULL pointer to the log file with timestamps or any other relevant context. As for the decision whether to allow it to explode or to check and throw an error ... Well, it really depends on what your application is doing, what are your priorities and so on. I myself would recommend a combination of check / throw exceptions and logs. Analysis of emergency landfills seems like a waste of time.

I also came to the conclusion that it is better to resolve the application crash when handling a rotten pointer is available than checking the parameters for all functions. At the interface level in the public zone, API level, where applications call libraries, there should be checks and correct error handling (with diagnostics in the end), but from there there is no need for repeated checks and checks. Look at the standard lib library, it uses this very philosophy, if you call strlen or memset or qsort using NULL , you get a well-deserved collapse. This makes sense, as in 99.9% of cases you will provide good pointers, and checking this function will be redundant.

I'm not even going to check the selection anymore, in most cases, if the selection fails, it's too late to do something, and the application crash is better than silently (or even noisy) generating crap results. People who monitor the production detection immediately fail and can diagnose or restart work without unnecessary trouble; another error message in the error logs is easily overlooked and can damage the results for several days.

In our project, which I share with a colleague who uses the opposite approach more, there are fewer errors in my code, since the functional code is not diluted in a sea of ​​unnecessary checks. Of the last 10 errors that we had in production, where 9 were from its part of the code, and the accident in my code was fixed in 10 minutes, the stack trace directly showed in which function I made a false assumption about the parameters.