On 02/05/2010 11:14 AM, Markus Armbruster wrote:
Run time asserts are a terrible way to deal with reasonably expected errors.
Yes. But what's reasonably expected entirely depends on the contract
between the function and its callers.
I think we need a function that cannot fail and shouldn't used with
untrusted arguments (for what it's worth, that's how we use
qobject_from_jsonf() now). Having related functions with different
contracts is fine with me.
I think the key point is that if we're going to establish these
contracts, it must be obvious.
A reasonable programmer is going to assume that if a function can return
a NULL, it can possibly return an error. If you want to deviate from
those semantics, you either have to name the function appropriately or
put a big comment above the declaration explaining the semantics.
Regards,
Anthony Liguori