[Cryptography] GnuTLS -- time to look at the diff.

Nico Williams nico at cryptonector.com
Thu Mar 6 19:53:35 EST 2014


On Thu, Mar 6, 2014 at 4:53 PM, Dave Horsfall <dave at horsfall.org> wrote:
> On Thu, 6 Mar 2014, Phillip Hallam-Baker wrote:
>> People can write good code using gotos... but most do not

People can also write crappy code without gotos, and there's plenty of
crappy code without goto (I'm sure you can find plenty of crappy
Python, JavaScript, ... code).

> You forgot one:
>
> People can write good code without using GOTOs whatsoever, but most do not.

That's silly.  Some languages have no goto.  And others use lambda as
the ultimate goto (get the reference?).  Spaghetti code is spaghetti
code -- goto is not necessary.  Just witness the constant complaints
about callback hell in JavaScript -- tell me you find it all easy to
read, but I warn you now: I won't believe you.

> The argument that GOTOs can be used for error conditions is specious; my
> coding style:
>
>         if (some error)
>                 cleanup(N);     // final exit code

Right, because users love applications that recover from error
conditions by (from the user's point of view) crashing.  And
developers love libraries that do that to their apps.</sarc>

Look, this is no different than the never ending arguments about
exceptions versus explicit error checking.  Using a single goto label
for error handling is a fine pattern, and not unlike what Go does for
handling otherwise-unhandled exceptions.  I wonder what you think of
Go-style exception handling... and if you like it, why one shouldn't
try to approximate it when writing in C.

(Sure, you might well tell us not to write in C, but there's an
enormous base of code written in C that we can't all just abandon.  We
don't all always get to pick the languages we program in, so "don't
use C" isn't all that useful as advice goes -- someone has to deal
with the existing code base.)

> As I said before, I cannot remember the last time I used a GOTO.  Then
> again, it got drilled into us in Computer Science to only have a single
> exit point.

I use it: a) when the code base I'm working with does (and so maybe
I've got to stick to the upstream's style), b) when I own the code
base and using goto results in code that's easier to read.

I find code that indents many levels difficult to read.  I also find
it difficult to read code where everything is refactored into
three-line functions just to avoid many levels of indentation and
goto.  At some point you're dealing with enough complexity that these
considerations cease to be a big deal -- and then you *really* want
strong software engineering processes.  I'd say TLS involves such a
level of complexity.

Meanwhile I've seen (and found) many, many security bugs, of many
different types, so I'll concern myself with software engineering
processes for preventing these in the first place.  You are free to be
shallow in your own response, though I'd rather you were more
thoughtful.

Nico
--


More information about the cryptography mailing list