[PATCH 4/6] cli: intialize crypto structure in show and reply
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu May 17 14:51:22 PDT 2012
On 05/17/2012 12:45 PM, Jameson Graef Rollins wrote:
> I want them explicitly set for clarity, as well as safety. Code is
> meant to be read by humans, not computers.
I sympathize with this sentiment.
> It's much safer to explicitly set them to what you want
> them to be rather than just assume they'll be set correctly.
I don't think it's an assumption -- Jani is probably relying on the C
standard. Consider, for example, C99 's section 220.127.116.11, which says:
all subobjects that are not initialized explicitly shall be
initialized implicitly the same as objects that have static
the latter clause references 18.104.22.168, which says:
If an object that has static storage duration is not
initialized explicitly, then:
— if it has pointer type, it is initialized to a null pointer;
— if it has arithmetic type, it is initialized to (positive or
— if it is an aggregate, every member is initialized
(recursively) according to these rules;
So it's not just "an assumption", it's a guarantee from the underlying
That said, it's a guarantee i was unaware of until i researched this.
I'm certainly not a C guru, but i've internalized a fair amount of C's
rules and structure and i'd never heard of this
rule before. If i'd seen the uninitialized members of the struct, and
that they were being used without explicit initialization, i would have
had to do a bit of digging to understand what's happening.
The real tradeoff in this choice is whether we prefer:
a) more compact code to facilitate quick reading by experts
b) more verbose code to facilitate comprehension by the non-expert.
I started this discussion leaning strongly toward the (b) perspective.
But now that i know the relevant bits of the standard, i can sympathize
with the (a) perspective as well :P
Overall, i think i'm still in the (b) camp. But i think it's more
important that we don't allow dithering over this issue to prevent the
inclusion of this patch series, which is a step in the right direction
for handling S/MIME messages as well as PGP/MIME.
PS gcc's -pedantic argument provides the following warning:
error: ISO C90 forbids specifying subobject to initialize
So we probably want to specify -std=c99 at least to ensure our choice of
subobject initialization is respected.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1030 bytes
Desc: OpenPGP digital signature
More information about the notmuch