void ** and casting (from Writing Solid Code)
I picked up a second-hand copy of Steve Maguire's Writing Solid Code the other day for a few pennies, and had a quick read. In the third chapter, he advocates surrounding complex systems with "gate keeper" functions that are much safer. As an example, he uses C's malloc/free/realloc functions.
Essentially, he advocates this: (compacted for brevity)
Code:
bool alloc(void **p, size_t z)
{
byte *r = malloc(z);
if (r == NULL) return false;
*p = r;
return true;
}
And then calling it like this:
Code:
char *blk;
if (alloc(&blk, 128) == true) {
/* do something with blk */
} else {
/* handle error condition */
}
He advocates this style because it does not combine two different types of result (in malloc's case, pointer and error condition) into one return value. I kinda buy that.
But the problem I spotted immediately is that one cannot cast the address of a char pointer to a void **, without generating a compiler warning (or worse) relating to implicit casting of pointers. The only way I can see to make this work is to wrap the function call in a macro that uses (void **), but that destroys any type safety (you can then pass anything in!)
So, what am I missing? A quick google suggests nobody else has spoken about these issues from this book.