how-to
/
CppCoreGuidelines
mirror of https://github.com/isocpp/CppCoreGuidelines.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Reversed order of Lifetime.1 and .2

Browse Source
pull/894/merge
hsutter 9 years ago
parent ff9bce8035
commit b10ffdf55f
1 changed files with 38 additions and 38 deletions
Show Stats Download Patch File Download Diff File

76
CppCoreGuidelines.md
Unescape Escape View File

@ -19128,92 +19128,92 @@ The following are specific rules that are being enforced.
Lifetime safety profile summary:
* [Lifetime.1: Don't dereference a possibly null pointer.](#Pro-lifetime-null-deref)
* [Lifetime.2: Don't dereference a possibly invalid pointer.](#Pro-lifetime-invalid-deref)
* [Lifetime.1: Don't dereference a possibly invalid pointer.](#Pro-lifetime-invalid-deref)
* [Lifetime.2: Don't dereference a possibly null pointer.](#Pro-lifetime-null-deref)
* [Lifetime.3: Don't pass a possibly invalid pointer to a function.](#Pro-lifetime-invalid-argument)
### <a name="Pro-lifetime-null-deref"></a>Lifetime.1: Don't dereference a possibly null pointer.
### <a name="Pro-lifetime-invalid-deref"></a>Lifetime.1: Don't dereference a possibly invalid pointer.
##### Reason
It is undefined behavior.
To resolve the problem, either extend the lifetime of the object the pointer is intended to refer to, or shorten the lifetime of the pointer (move the dereference to before the pointed-to object's lifetime ends).
##### Example, bad
void f(int* p1)
void f()
{
*p1 = 42; // BAD, p1 might be null
int x = 0;
int* p = &x;
int i = 0;
int* p2 = condition() ? &i : nullptr;
*p2 = 42; // BAD, p2 might be null
if (condition()) {
int y = 0;
p = &y;
} // invalidates p
*p = 42; // BAD, p might be invalid if the branch was taken
}
##### Example, good
void f(int* p1, not_null<int*> p3)
void f()
{
if (p1 != nullptr) {
*p1 = 42; // OK, must be not null in this branch
}
int x = 0;
int* p = &x;
int i = 0;
int* p2 = condition() ? &i : nullptr;
if (p2 != nullptr) {
*p2 = 42; // OK, must be not null in this branch
int y = 0;
if (condition()) {
p = &y;
}
*p3 = 42; // OK, not_null does not need to be tested for nullness
*p = 42; // OK, p points to x or y and both are still in scope
}
##### Enforcement
* Issue a diagnostic for any dereference of a pointer that could have been set to null along a local code path leading to the dereference. To fix: Add a null check and dereference the pointer only in a branch that has tested to ensure non-null.
* Issue a diagnostic for any dereference of a pointer that could have been invalidated (could point to an object that was destroyed) along a local code path leading to the dereference. To fix: Extend the lifetime of the pointed-to object, or move the dereference to before the pointed-to object's lifetime ends.
### <a name="Pro-lifetime-invalid-deref"></a>Lifetime.2: Don't dereference a possibly invalid pointer.
### <a name="Pro-lifetime-null-deref"></a>Lifetime.2: Don't dereference a possibly null pointer.
##### Reason
It is undefined behavior.
To resolve the problem, either extend the lifetime of the object the pointer is intended to refer to, or shorten the lifetime of the pointer (move the dereference to before the pointed-to object's lifetime ends).
##### Example, bad
void f()
void f(int* p1)
{
int x = 0;
int* p = &x;
if (condition()) {
int y = 0;
p = &y;
} // invalidates p
*p1 = 42; // BAD, p1 might be null
*p = 42; // BAD, p might be invalid if the branch was taken
int i = 0;
int* p2 = condition() ? &i : nullptr;
*p2 = 42; // BAD, p2 might be null
}
##### Example, good
void f()
void f(int* p1, not_null<int*> p3)
{
int x = 0;
int* p = &x;
if (p1 != nullptr) {
*p1 = 42; // OK, must be not null in this branch
}
int y = 0;
if (condition()) {
p = &y;
int i = 0;
int* p2 = condition() ? &i : nullptr;
if (p2 != nullptr) {
*p2 = 42; // OK, must be not null in this branch
}
*p = 42; // OK, p points to x or y and both are still in scope
*p3 = 42; // OK, not_null does not need to be tested for nullness
}
##### Enforcement
* Issue a diagnostic for any dereference of a pointer that could have been invalidated (could point to an object that was destroyed) along a local code path leading to the dereference. To fix: Extend the lifetime of the pointed-to object, or move the dereference to before the pointed-to object's lifetime ends.
* Issue a diagnostic for any dereference of a pointer that could have been set to null along a local code path leading to the dereference. To fix: Add a null check and dereference the pointer only in a branch that has tested to ensure non-null.

Write Preview
Loading…
Cancel
Save