On Fri, Jul 20, 2018 at 04:41:34PM +0200, Duy Nguyen wrote: > > Let's start by banning strcpy() and sprintf(). It's not > > impossible to use these correctly, but it's easy to do so > > incorrectly, and there's always a better option. > > Is it possible to extend this to ban variables as well? I'm still > going to delete the_index from library code. Once that work is done I > will ban it from entering again (it's only allowed in builtin/ for > example). The next target after that would be the_repository. > > Right now I will do this by not declaring the variable [2], which ends > up with a much less friendly compile warning. I did something similar > [1] in an earlier iteration but did not do extensive research on this > topic like you did.
IMHO just not declaring the variable is the right move (and is what I would do with these functions if libc wasn't already declaring them). The compile error may be less friendly, but these things are temporary as topics-in-flight catch up. Whereas strcpy() will be with us forever. I also think that removing variables is a special case of a larger technique: when we change function semantics, we try to change the signatures, too. So there you'll get a type error, or not enough arguments, or whatever. And the next step is usually "git log" or "git blame" to see what happened, and what the conversion should look like. -Peff
