[PATCH weston-ivi-shell 04/15] ivi-shell supports a type of shell for In-Vehicle Infotainment system.

Bill Spitzak spitzak at gmail.com
Tue Mar 11 12:10:45 PDT 2014

Pekka Paalanen wrote:

>>>> +    wl_list_for_each(seat, &ec->seat_list, link) {
>>>> +        if (seat) {
>>>> +            shell->seat = seat;
>>> 'seat' cannot be NULL here. It seems you are assuming that there can be
>>> only one seat? Why?
>> Ideally, I agree. However I am in automotive software, and I have habit 
>> to avoid NULL access as much as possible in case of the worst scenario.
> Then put an assert(), though in this case even that would be too much.
> You can never get a NULL from wl_list_for_each(). You might get a bad
> pointer if the list is corrupted, but the odds of getting exactly NULL
> are diminishing even with corruption.
> Silently ignoring NULLs where they should never appear may hide real
> problems in testing, and even in production you'd probably want to log
> it somehow to help post mortem.

In addition, seeing an "if (x)" is a strong indication to the programmer 
that x *can* be NULL, and they will then make modifications to perceived 
bugs on the assumption that NULL is a possible value. This often leads 
to this same mistake being propagated to every function called by this 
and every use of a variable this value is stored into.

An assert(x) however is a strong indication that x is *not* NULL.

If you really are tempted to make a test so that if you missed a bug 
there is less chance of the optimized program crashing, what I do is 
something like this:

	if (!x) return; // THIS SHOULD NOT HAPPEN

More information about the wayland-devel mailing list