[zeromq-dev] Questions about Coding Style

niXman i.nixman at gmail.com
Sat Feb 11 11:23:54 CET 2012

2012/2/11 john skaller <skaller at users.sourceforge.net>:
> On 11/02/2012, at 8:27 PM, niXman wrote:
>> Continuing review of the libzmq code, I have found a few situations
>> when the program will be crushed on segmentation fault.
> It's impossible to avoid this in C.
>> I consider that programs crash on segmentation fault is an
>> inadmissible error of the ØMQ developers', but not the library user's.
> No. The right thing is: the library is only responsible if the
> pre-conditions of the function call are met. If the pre-conditions
> of the call are not met, all bets are off.
>> For example the call:
>>> rc = zmq_setsockopt (sub, ZMQ_SUBSCRIBE, 0, 4);
>> will end on segmentation fault on line 56 of the sub.cpp file.
> The user, not the library, is responsible for sending correct
> arguments to functions.
> I assume here, the problem is that a blob was expected, i.e. a pointer
> to a char array, length 4, but a NULL pointer got sent instead.
> That's the user's fault. The library might check the pointer is not
> NULL, but that's not enough. The pointer may be non-null
> and point off the end of an array: you'll get a segfault.
> libzmq does some really weird things to try to check sockets,
> etc, are valid things, to compensate for the stupidity of C.
> But they're only statistical helps. Sometimes it will catch
> a bad pointer. Sometimes it will segfault.
> It's actually not clear to me it is worth cluttering up the code
> with such sanity checks. We hope instead no one is actually
> using the C binding of 0MQ, other than bindings into saner languages.
> --
> john skaller
> skaller at users.sourceforge.net
In the example above, it is enough to add check on null pointer ( if
(optvallen_ && !(optval_)) {} ). This gives to the user more
information about the error, instead of the silent crash.

Regarding the check of pointers of sockets, everything is simple here.
I'm actually very surprised that at present check is implemented in
this way.

Any function fulfilling operations with sockets except zmq_socket(),
should check the pointer for its presence presence in ctx_t::sockets.
It can seem an unnecessary overhead. But I consider that this overhead
will be very scanty.


> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev

More information about the zeromq-dev mailing list