BPLib often uses a simple int to identify different objects/records/services, things like OS-provided files and mutexes, BPLIB storage services, and all the various other items. There are two big weaknesses here:
The "0" value refers to a valid resource. BPLIB attempts to set the value of "-1" to indicate an invalid resource. However, because of the (good) pattern of calling memset() to zero-out newly created structures, and the C standard which indicates the BSS section should be zero-ed out by the implementation when a program starts, the value of 0 often occurs within otherwise-uninitialized structures. Data structures should preferably be designed to be passively safe, that is, where 0 is a benign value, and not require active initialization action to make them safe (aside from memset).
All integers are interchangeable. That is, there is no protection of against using an ID/Handle value as a regular number. One can add IDs together and do mathematical operations on them. One can also pass one ID type in place of another type, for example a handle referring to a flash storage instance may be passed to a ram or file storage operation, or an OS abstraction call.
Recommendation: Use an abstract, type-safe value as ID, where a value that has been zero-ed out does not alias a real/valid value, and also makes sure that IDs of different types do not alias each other.
BPLib often uses a simple
int
to identify different objects/records/services, things like OS-provided files and mutexes, BPLIB storage services, and all the various other items. There are two big weaknesses here:memset()
to zero-out newly created structures, and the C standard which indicates the BSS section should be zero-ed out by the implementation when a program starts, the value of 0 often occurs within otherwise-uninitialized structures. Data structures should preferably be designed to be passively safe, that is, where 0 is a benign value, and not require active initialization action to make them safe (aside from memset).Recommendation: Use an abstract, type-safe value as ID, where a value that has been zero-ed out does not alias a real/valid value, and also makes sure that IDs of different types do not alias each other.