1. 10

  2. 1

    On compiler flags that catch logic errors:

    -Werror=switch (gcc/clang): Catch missing cases in enum switches:

    const char* toString(TrafficLight color) {
        switch(color) {
            case TrafficLight::Red:
                return "Red";
            case TrafficLight::Yellow:
                return "Yellow";
            // BUG: Forgot Green
            // DANGER: Thou shalt not add a default to an enum switch!
            // default
        // NOTE: Here is the real default.
        // If all cases are handled, this is only reachable with the help of a
        // cosmic ray (i.e. reachable according to MISRA C).
        return nullptr;

    The unfortunate thing is that this static check only works for switches without a default … which outdated policies (e.g. MISRA C) would insist adding in order to catch the same at runtime. The crucial argument here is that a static check plus a runtime check is better than a runtime check.

    1. 1

      We use splint and C I have a cunning macro that disappears when we splint a switch…. so splint will fail if any cases are missing.

      But because C’s enum’s are b0rked and not really typesafe, the cunning macro converts itself into “default: screamAndDie();” when compiled by gcc to catch cases where the switch variable isn’t a enum value.