https://www.cossacklabs.com/blog/macros-in-crypto-c-code.html
Like death and taxes, one thing that you can be sure of is that using C macros in a modern software project will cause a debate. While for some macros remain a convenient and efficient way of achieving particular programming goals, for others they are opaque, introduce the unnecessary risk of coding errors, and reduce readability.
The criticism of macros is particularly acute in the wider security community. Among Cossack Labs' engineers and the core Themis crypto library contributors there are people who previously worked on auditing cryptographic implementations of critical code. Their typical knee-jerk reaction to macros was always "kill it with fire and never use it again". Taking no sides, we would like to assess both pros and cons of using such dangerous things as macros in security code (as we faced the issue when developing Themis) and suggest some techniques for lowering the accompanying risks.
We'll also discuss a custom "for-audit" build target for Themis designed specifically to generate source code that exposes the macros to inspection because we appreciate the need for security software to be subject to detailed source code scrutiny.
(Score: 3, Informative) by bart9h on Saturday December 02 2017, @06:14PM (4 children)
Giving a obviously, and specially bad, use of something as an argument against it?
Everyone knows that should be written as
#define SUB(a,b) ((a)-(b))
which has none of the problems you mentioned.
(Score: 3, Informative) by Thexalon on Saturday December 02 2017, @06:37PM (2 children)
You skipped right over this sentence:
Good language constructs are those that make it difficult to get wrong and make it easy to catch when you get it wrong. This is like pointing the gun at your own foot - not necessarily wrong, but you're asking for trouble.
In my example failure, even if you had a little test function, odds are very likely that you did something like this:
assert(15 == sub(23, 8));
And you ran the test suite, saw that the assertion passed, and were happy with it because your test covered the code nicely and was correct. And that means that when the bug crept in, this wouldn't be high on your list of things to look at. Especially because a likely result of the error is continuing the program with the wrong value and having a problem in a completely different area of the code because of that incorrect value, rather than a crash right away that you can figure out via a stack trace (and even if you can get a stack trace, the trace points you to where the macro is referenced, rather than the macro itself, so you have to go digging through the header files to find it). Or, even worse, and entirely possible, the incorrect value gets given back to the users as output, and because they either can't or don't double-check with their own calculations, it can even look like the program works correctly even though it's wrong.
Yes, I used an intentionally trivial example. In a more complex expression, it's more likely this mistake will occur and not get caught until it's a lot harder to sort out.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 3, Insightful) by fyngyrz on Saturday December 02 2017, @11:07PM (1 child)
Not if you're actually competent with c, it isn't.
The argument you're making is essentially "cripple the language (or the use of it) to safety-net incompetent practitioners."
My argument is: Indulge in some self-improvement. If you don't have a good grasp of how to properly write a c macro, then either don't write them, or go improve your competence with them (seriously, WTF are you, or your employees, doing writing production c code if you don't understand the preprocessor???). For organizations / businesses, pick people with better skillsets (and stop triaging employment by irrelevant crap... it's skill you actually need, so start looking at that, and only that.)
TL;DR: It's not the c macro system. It's incompetent practitioners.
(Score: 2) by coolgopher on Sunday December 03 2017, @12:32AM
While I agree with you in broad strokes, the C macros are very clunky and don't fit into the language particularly well for anything remotely advanced. Then again, in many ways it's its lack of knowledge of C that makes it powerful - you can run rough-shod over all manner of things (not that you should, in 99% of cases, of course).
(Score: 2) by crafoo on Saturday December 02 2017, @11:53PM
No, that's part of the main point against macros: not everyone knows "#define sub(A, B) A-B" is a bad macro. Most people can write an inline function that subtracts values.
Also the argument that macros make code more readable is patently ridiculous. It makes it more readable to someone who ASSUMES they know what a macro is doing.
Anyway, whatever. Programmer arrogance keeps many people employed. They get a kick out of fuzzing your shit macros.