Page History

...

A call to f() provides a status indicator which that is zero upon success , and a non-zero value indicating upon failure, assuming the user provided a valid pointer to an object of type errno_t.

...

• A return status can only be returned if the caller provides a valid pointer to an object of type errno_t. If this argument is NULL, there is no way to indicate this error.
• Source code becomes even larger , due to the possibilities of receiving a NULL null pointer.
• All error indicators must be checked after calling functions.
• Any function that allocates resources must ensure they are freed incases in cases where errors occur.
• Unlike return values, static analysis tools generally do not diagnose a failure to check error indicators passed as argument pointers.

...

The call to f() provides a status indicator which that is zero upon success , and a non-zero value indicating upon failure.

This solution has many of the same properties as those observed with errno, including advantages and drawbacks.

• Source code size is inflated, though not by as much as in other approaches.
• All error indicators must be checked after calling functions.
• Nesting of function calls that all use this mechanism is problematic.
• Any function that allocates resources must ensure they are freed incases in cases where errors occur.
• In general, combining registries of different sets of errors is difficult. For example, changing the above code to use errno is difficult and bug-prone ; as because one must be precisely aware of when C library functions set and clear errno, and one must be aware of all valid errno values before adding new ones.
• There are major limitations on calling f() from other application-independent code. Since Because f() sets my_errno to 0, it may potentially be overwriting a nonzero error value set by another application-independent calling function.

...

Compliant Solution ( setjmp() and longjmp() )

C provides two functions, setjmp() and longjmp(), that can be used to alter control flow. This allows a user of these functions to ignore error values , and entrust trust that control flow will be correctly diverted in the event of error.

...

Calls to f() will either succeed , or divert control into an if clause designed to catch the error.

• Source code will not become significantly larger , because function signatures do not change, and neither do functions that neither detect nor handle the error.
• Allocated resources must still be freed despite the error.
• Requires The application to must call setjmp() before invoking application-independent code.
• Signals are not necessarily preserved through longjmp() calls.
• The use of setjmp()/longjmp() bypasses the normal function call and return discipline.
• Any function that allocates resources must ensure they are freed incases in cases where errors occur.

Summary

Risk Analysis

A lack Lack of an error detection mechanism prevents applications from knowing when an error has disrupted normal program behavior.

...