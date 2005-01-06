from the see-what-we-did-there? dept.
Like death and taxes, one thing that you can be sure of is that using C macros in a modern software project will cause a debate. While for some macros remain a convenient and efficient way of achieving particular programming goals, for others they are opaque, introduce the unnecessary risk of coding errors, and reduce readability.
The criticism of macros is particularly acute in the wider security community. Among Cossack Labs' engineers and the core Themis crypto library contributors there are people who previously worked on auditing cryptographic implementations of critical code. Their typical knee-jerk reaction to macros was always "kill it with fire and never use it again". Taking no sides, we would like to assess both pros and cons of using such dangerous things as macros in security code (as we faced the issue when developing Themis) and suggest some techniques for lowering the accompanying risks.
We'll also discuss a custom "for-audit" build target for Themis designed specifically to generate source code that exposes the macros to inspection because we appreciate the need for security software to be subject to detailed source code scrutiny.
(Score: 2) by crafoo on Saturday December 02, @02:13PM
I guess my opinion is that they should have just written out each error check test case and been done with it. It would have been more readable and not all that much more typing. Also, if you're going to use a macro for C error handling, maybe consider just using GOTO. Do the custom stuff you need and then jump to the standardized stuff you need instead of wrapping it up in a macro.
My feeling is that once you've put a conditional or flow-control structure in a macro you've made a mistake.
I don't have a lot of love for C++ templates either. I guess I've seen them used effectively, although there has always been a competing library that didn't use them and had at least as good performance ... so .. not convinced on the C++ template subject either.
(Score: 2) by Virindi on Saturday December 02, @02:15PM
Macros are just a tool. Like many language (and preprocessor) constructs, it is easy to use them poorly and difficult to use them well. C/CPP is full of such constructs.
It's really up to the programmer to use any language in a way that makes "what is actually happening" clear to the reader. Hiding what is actually happening, rather than merely trying to make things easier to read but still clear in meaning, is the way of evil.
(Score: 3, Funny) by The Mighty Buzzard on Saturday December 02, @02:16PM
Anyone using macros in production code should be killed to death unless they expand the macro in a comment above each use. It may save your monkey ass a few keystrokes but it costs every single person who ever has to touch your code at least an order of magnitude more time than it saved you.
