|
|
|
|
We use a code style similar to the linux kernel. Use tabs to indent and spaces to align/wrap beyond the indentation level.
We don't try to guarantee completely robust and problem free behavior in cases where the caller or system isn't behaving. We consider these to be outside of our control:
Broken input from callers. We use preconditions to check input and immediately return. We don't try to provide error codes for all the various ways callers can screw around.
Out of memory. It is pretty much impossible to handle out of memory errors correctly. Handling them alongside other errors is naive and broken. We don't try to guarantee library state (such as locks or memory leaks) when memory allocation fails.
We do check the results from all memory allocations, but treat them as unexpected conditions. As a nod to the behavior of callers of this library, we don't abort on memory allocation failures. We use preconditions with somewhat sane results.
Exception: when reading files or allocating potentially unbounded amounts of memory, we should respond robustly to memory allocation failures.
These unexpected conditions indicate a bug either in p11-kit or in the system. All bets are off once this occurs.
Use the return_val_xxx() precondition macros to
check for unexpected conditions.