On Mon, Mar 03, 2008 at 02:48:35PM +0100, Thomas Roessler wrote: > Indeed, it is -- in particular if (like in this case, I believe) the > code which makes foo constant might change in the future in a way > that would make foo non-constant. But you can say that about any item of code. Any part of the tree might change at some point to render an assumption invalid. In the same function, there are strings helpstr and buf which are used without checking - by your logic, they should be checked on each use just in case someone happens to change the code structure. At least for myself, I'd prefer a warning free build to warnings which come out just because someone might potentially, hypothetically change a piece of code at some random time in the indefinite future. I think a warning-free build gives us much more in terms of usefulness. Defensive programming is all very well, but you can definitely take it too far. :-) At this point it's Brendan's choice, I guess. -- Paul
Attachment:
signature.asc
Description: Digital signature