I recall seeing goto being used in MS Windows internal OS code, possibly in kernel code, but it's been about 10 or 12 years, so I'm not sure of that. One rationale for its use, I believe, was that if something untoward happened, not as much unwinding of the call stack was needed.D H said:The only places where I've seen GOTO used areI have successfully shot down incorporating the single point of entry / single point of return rule into a project's coding standards by innocently asking "so does that mean we can use goto?"
- In ancient code that dates from the 1970s or earlier.
- In not so ancient code where the programmers saw 1970s era code as a "how to" example of best practices.
- In some finite state automata, where the natural transition from one state to another is to go to that other state.
- In organizations that have mandated the single point of entry / single point of return as an anti-pattern.
... previous thread:goto
I've read the phrase "arrow anti-pattern" more often, usually referring to if else sequences overly nested, spanning over 50 lines of code, resulting in the primary code path of a function being nested 4 levels or more deep, and the else handling code for the first if is at the very end of the nested mess, ... . This is where alternatives like goto or a state type variable are better.anti-pattern
Or, as I said:rcgldr said:I've read the phrase "arrow anti-pattern" more often, usually referring to if else sequences overly nested, spanning over 50 lines of code, resulting in the primary code path of a function being nested 4 levels or more deep, and the else handling code for the first if is at the very end of the nested mess, ... . This is where alternatives like goto or a state type variable are better.
//
// Non-loop to provide easy breaks.
for(;;) {
if(...) break;
...
if(...) break;
...
if(...) break;
...
if(...) break;
...
break;
}function allocate_and_process ():
a = allocate ()
if test (a) == fail:
goto UNDO_A
b = allocate ()
if test (b) == fail:
goto UNDO_B
c = allocate ()
if test (c) == fail:
goto UNDO_C
test_code = do_stuff (a, b, c)
return test_code // returns test result code
UNDO_C:
free (c)
UNDO_B:
free (b)
UNDO A:
free (a)
return COULD_NOT_RUN_TEST // returns value showing test could not runIt might be a weekend's work for an intern to solve half of the problem. It's the other half of the problem, the nuances, that make this difficult. It's a bit like applying a translator that translates from English to Russian and then another that translates from Russian to English. The results, while amusing, are likely to be incorrect.gmar said:That's weird since doing a custom extension for an existing extensible code formatter is probably a weekend's work for an intern.
Probably not. The single versus multiple return statement "debate" is enough programming religion for one thread.gmar said:Now would probably not be a good time for me to mention the exception vs return code "debate".
Another way to look at it: That a design pattern exists in some language is a sign of a weakness in that language. The call stack is a design pattern in assembly; it's (mostly) invisible in high order languages. The goto exit_point widely used in C to address resource issues is (mostly) obviated in C++ programmers with RAII. Mmany C++ design patterns similarly become invisible or unnecessary in a dynamic functional programming language where classes and functions are first class objects.gmar said:One community's pattern is another community's anti-pattern.
It is indeed very common, particularly in low level C code such as OS kernel code. It's a standard C design pattern to ensure that resources are properly handled. In fact, CERT recommends this style over multiple returns: https://www.securecoding.cert.org/confluence/display/seccode/MEM12-C.+Consider+using+a+goto+chain+when+leaving+a+function+on+error+when+using+and+releasing+resources .This is quite common in C. <typical C function with multiple allocations and multiple gotos elided>
There's a lot of C++ code out there that isn't exception safe. Writing exception safe software is doable but is not easy. There's a lot more to it than try and catch. (In fact, one can write exception safe functions that don't use try and catch at all.)Although it's common in C, if you do it in C++ you (usually!) get slapped. Not only do you have RAII, but it's not exception safe.
I'll try not to flame.harborsparrow said:I figure it's about a 99% chance that I'll get flamed for what I'm about to say, but here goes anyway.
While the OP did not specify the language posed by the Google engineer, he did pose the question in terms of C++. Different languages have different design patterns. The single entry / single return design pattern is aimed at older languages that don't have a concept of objects that clean up their mess (e.g., RAII in C++). In more modern languages you're much more likely to see a return (or throw) early design pattern.gmar said:I am not sure this is a C++ question. The OP did not mention what language the Google engineer he quoted was working with and the OP himself chose to consider the statement only within C++.
The Google C++ style guidelines is widely perceived as a "how not to do it" example. It is rather old style, it actively encourages some bad habits. Strictly speaking, the "no exceptions" rule pretty much rules out the C++ standard library. One legitimate place you will see the "no exceptions" rule is in embedded programming. For example, the Joint Strike Fighter rules has this rule (but only because of adequate tool support; that standard is written about ten years old).If the original source was referring to C++, you have to also consider Google's C++ style guidelines disallow the use of exceptions.
That is exactly how they function from a McCabe complexity point of view. Multiple return statements do not function that way. Draw the graph of the function. Those multiple return statements all return to the statement after the call to the function. Exceptions "return" somewhere else up the call stack, even to the function that calls main() if the exception isn't handled. The same goes for calls to exit(), abort(), many calls to kill(), and calls to locally written functions that do not return (because they in turn throw or call exit, abort, or kill). Those are the alternate exits that McCabe warned about needing to be counted rather than multiple return statements.I have stated many times, exceptions are effectively additional function exit points.
void conditional_as_if (bool condition) {
if (condition) {
do_something();
}
else {
do_something_else();
}
}
void conditional_as_switch (bool condition) {
switch (condition) {
case true:
do_something();
break;
default:
do_something_else();
break;
}
}
void conditional_as_ternary (bool condition) {
condition ? do_something() : do_something_else();
}D H said:I'll try not to flame.
What you described is a rather old school way to test code. A more modern view is that you test some function by writing a driver that calls the function in various ways. An even more modern view is that you write the test *before* you write the function. The test is the spec.
The JSF C++ Coding Standardsstandard doesn't say why. It just says that "Rationale: Tool support is not adequate at this time."gmar said:In my opinion, to go into more detail about JSF the 'toolset driven' reason D H quotes that they cite for disallowing exceptions is almost certainly related to the unpredictability of the execution time. I don't think that's been directly solved but the situation is improving. In an ideal world, both systems programming and embedded would have the same intolerance of code failure.
It's a useful metric for indicating how many test cases need to be written, for indicating where the trouble spots are likely to lie, and for estimating costs of future projects with similar size and complexity to an existing one.I don't do or understand cyclic complexity. To me it is another of those measurements that non-technical managers like to add in, like SLOC. Code review goes quite a long way towards addressing this issue.
Suppose you are charged with making a slight mod to a chunk of code. You look at the code and see that the programmer used white space to make the equal signs in a chunk of assignment statements line up vertically. So you temporarily set your IDE to auto-align on the equals sign in assignment statements. What you didn't see is that code is chock full of code like this:I don't really get why people have trouble with source code formatters.
this_var = this_value;
that_var = that_value;
another_var = another_value;
a_variable_of_a_different_color = yet_some_other_value;
a_variable_related_to_the_above = yet_a_different_value;switch (condition) {
case First:
do_the_first_thing();
break;
...
case Last:
do_the_last_thing();
break;
}switch (condition) {
case First:
do_the_first_thing();
break;
...
case Last:
do_the_last_thing();
break;
}D H said:The JSF C++ Coding Standardsstandard doesn't say why. It just says that "Rationale: Tool support is not adequate at this time."
I'll offer another opinion: Lockheed did not want to preclude using Green Hills Software as the development toolkit. (Lockheed did eventually choose Green Hills for the development platform.) Green Hills has historically taken a dim look at the "more advanced features" of C++. Some of these, most notably exceptions, templates, virtual member functions, operator overloading, namespaces, multiple inheritance, and RTTI, they simply chose not to implement those features for a long time.
JSF++ is for hard-real time and safety-critical applications (flight control software). If a computation takes too long someone may die. For that reason, we have to guarantee response times, and we can't - with the current level of tool support - do that for exceptions. --- source: http://www.stroustrup.com/bs_faq2.html
D H said:...whitespace...
gmar said:In my opinion, to go into more detail about JSF the 'toolset driven' reason D H quotes that they cite for disallowing exceptions is almost certainly related to the unpredictability of the execution time.
I do. Green Hills was and to some extent remains the dominant supplier for this type of hard real-time, safety-critical software. Allowing exceptions would have precluded Green Hills. That was not a decision to be made lightly.gmar said:I don't see how those opinions differ.
The hard real-time safety-critical military software community needed a language that encouraged safe programming practices, and by 1997 it was becoming apparently that this language was not Ada. Ada programmers were just too few in number, tool support was minimal because Ada remained a cottage industry language as opposed to a commodity language. That language wasn't C. Heaven forbid! The mindset of those who like bondage and discipline languages such as Ada balk at languages such as C. Ada was invented partly in response to the growth of languages such as C. C++ on the other hand has a lot of safe language features of Ada; these were once again inspired by Ada. C++ had two key things Ada lacked: A good amount of commercial support and a growing programmer base. C++, not C, was a natural fit.I guess that commerically, C++ did "need" some kind of high-profile embedded project.
That's your opinion. How far do those standards go? Down to spacing before equals signs in an assignment statement? That to me is ludicrous. It's the IDE that's broken here, not the code.If non-trivial code isn't formatted according some kind of formal standard, it is broken.
You are making an implicit assumption here of a very rigid, very authoritarian, very complete, and machine testable coding standard. I've seen such standards, and I never liked a single one of them.gmar said:There's an underlying issue here that I think people are on different sides of and perhaps not realising.
This is, "Do you believe that your coding standard is part of your project's specification?"