Last week my colleague Daniele Veneroni1 told me:
"You chose the wrong timing to write a post about the usefulness of goto. Have you heard what happened to Apple?"
To make it short, there was a vulnerability into the validation of SSL/TLS connections in iOS devices. According to Sophos, this is the broken code:
. . . hashOut.data = hashes + SSL_MD5_DIGEST_LEN; hashOut.length = SSL_SHA1_DIGEST_LEN; if ((err = SSLFreeBuffer(&hashCtx)) != 0) goto fail; if ((err = ReadyHash(&SSLHashSHA1, &hashCtx)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; /* MISTAKE! THIS LINE SHOULD NOT BE HERE */ if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; err = sslRawVerify(...); . . .
The error is probably a result of a bad copy 'n' paste, not the
goto itself. Nonetheless if that line would have been correctly positioned (i.e. at the same level of the
if statements), it would be immediately clear to everyone looking the code that something was wrong.
This event gives me the opportunity to talk about something that I consider very important when programming: the coding style.
Matters of Style
Believe me, I've seen code less readable than this
When there are at least two people working on the same project, the coding style is the first thing that will cause problems. Tabs versus white spaces, bracket placing, CamelCase versus underscores, and, over all, indentation.
What is the purpose of the indentation? To make more readable the code. And why you should use descriptive names for variables and functions? For the same reason: readability. Your code should not only be executed by a processor, but also understood by other programmers.
And other programmers are full of laziness, impatience and hubris just like you. So they don't want to read every single row of your code just to add a trivial feature. This is true both in the open and the closed source worlds because if your code is not easy to maintain, it will be abandoned or someone will decide that is cheaper to rewrite it.
I have to admit it. Often in the past I've used two-characters indentation and CamelCase names for functions and variables (you know, once I was also known as Mr Pascal).
But now those days are over. What I've decided to do some years ago is to use a different style for every programming language: so, for example, for Python I use PEP8. For C there are at least ten different styles, each one with his supporters (or should I call them ultras?). After a short research I decided for the Linux Kernel coding style.
If you read the document, you'll find that every choice is there for a good reason and the main guideline is always the readability. Because, as the creator of Python Guido Van Rossum once said:
code is read much more often than it is written
Image taken from Wikimedia Commons (public domain)