42BS

void my_free(void *p) {
const size_t num_bytes = prv_get_size(p);
free(p);
// Set each word to 0xbdbdbdbd
memset(p, 0xbd, num_bytes);
}

Ouch, this is evil. The memset() should be in any case before the free()

1 reply

tyler

Good point! I’ll fix that up.

1 reply

andersm

Be aware that the memset call is likely to be removed if optimizations are enabled. With GCC, you can use the -fno-builtin-memset flag to prevent this, but that may pessimize the generated code elsewhere.

bora

Thanks for the inspiring article! I would like to ask what is meant by “state machine generators” in this article. Which ones do you prefer to use? Are you planning an article on this topic?

1 reply

tyler

You can find them all over Github usually. The ones I immediately know of are:

• anchor/fsm at master · rideskip/anchor · GitHub
• https://www.state-machine.com/
• https://www.fsmpro.io/

There are more, and there are probably better ones than the ones listed above.

miro

I’m really glad to see that other fellow embedded software developers reach similar conclusions about facing software errors head on (otherwise known as Design by Contract – DbC).

In a shameless self-promotion, I’d like to mention my articles and blogs about the same subject matter:

• “An Exception or a Bug?”, article published in CUJ in 2003
• “A Nail for a Fuse”, blog posted originally on EmbeddedGurus in 2007

1 reply

g-berthiaume

I really like your fuse analogy.
It really hit the nail on the head for me.