"Objection!" or "Rules I don't agree with"

[filker0]

As am reading rule-by-rule, I write off most differences between the rules set forth in @MaJerle's personal coding standard and those that I follow as stylistic choices, and dismiss things that violate MISRA guidelines as only a problem for people doing code which is subject to such rules. I have no "objection" to these clashes with what I do.

So far (and I'm nowhere near the end), I have found one rule that leaves me baffled, and removes a very powerful feature of the C language:

• Always use pre-increment (and decrement respectively) instead of post-increment (and decrement respectively)

In a good coding standard, every outright prohibition needs to have a justification stated in the document. There is no reason stated that the post- operations are bad coding practice. Using post decrement or increment in, say, the step clause of a for statement has no effect on the loop, so it's arbitrary which is used, however it gets harder and harder to justify this restriction as dig into it.

Post increment and post decrement are very important when dealing with pointers to arrays of things that are either being searched or used as a push-down stack. When all you want to do is to increase or decrease the value of a simple variable with no other side-effect, such a rule against post-decrement or post-increment may be defendable, but the outright ban on the post-access functions is not.

An example of a correct use of post increment (I know, my coding style follows BSD conventions):

int strncmp(const char* left, const char* right, size_t max)
{
    int result = 0; /* start assuming equality */

    if ((left != right) && (max > 0))
    { /* Pointers are different and not zero length */
        if ((left == NULL) && (right != NULL))
        { /* *NULL < non-NULL */
            result = -1; /* rather than crashing, we define this as left < right */
        }
        else if ((left != NULL) && (right == NULL))
        { /* *non-NULL > *NULL */
            result = -1; /* rather than crashing, we define this as left > right */
        }
        else
        { /* Not the same memory, at least 1 byte to compare, and neither pointer is NULL */
            while (max-- > 0)   /* not trying to be annoying by using post-decrement */
            {
                result = ((int)*left++ - (int)*right++);
                if (result != 0)
                {
                    break;
                }
            }
        }
    }
    return result;
} /* end of strncmp() */

Note: I added all the parameter checks to avoid accusations of putting up unsafe code. I work at an avionics company, and have written safety critical code.

The same pattern goes for any of the str and mem functions that do sequential operations on bytes/words/etc. of buffers; post increment is used all the time; it's safe, efficient, and does not do anything unexpected. Post decrement is used in strrchar() and many other places. Stacks that grow downward in the address space use pre-decrement to push and post-increment to pop assuming that the stack pointer references the value at the top of the stack. If the SP points to the next free location, you use post-decrement to push and pre-increment to pop. I've encountered both variations.

My memory is that the pre- and post- access operations were introduced to C early on because the PDP-11 had addressing modes that collapsed the operation into a single instruction, and the pointers were adjusted by the number of bytes of the thing being acted on. Made the compiler simpler to write.

I may add additional comments to this thread if I come across other rules I find baffling.

[MaJerle]

Always prefer pre-increment (and decrement respectively) instead of post-increment (and decrement respectively)

would be a better text. And the reason I say so has to do with those moving to C++ later. Post and pre-increments on a class types works differently when it comes to copy and references.

In C it doesnt really matter, no classes here.

[filker0]

Makes sense. What you have here is a C coding standard, however, so I would go further and say:

Always prefer pre-increment and decrement over post-increment or decrement in cases where the selection does not affect the program behavior.

In C++, operator overloading makes the meaning of "++" less clear. A linked list container, for example, might treat "++" on a reference to be "advance to the next linked item", and there is no way to check for validity of the postfix version of "++" or "--" when you reach the end of the list. The pre-increment can be checked more reasonably. For this reason, I would add:

Rationale: This rule is to promote best practices when moving from C to C++, where the pre- and post- ++ and -- operators may be overloaded or undefined for class object references.