Embedded-AMS
question on the out-of-bound access of a FieldBytes
I have a question regarding how this library defines out-of-bound access on a FieldBytes.
Scenario 1
https://github.com/Embedded-AMS/EmbeddedProto/blob/3fe792288b289f24c2789ece31e36dd25668d8cb/test/test_string_bytes.cpp#L281
If msg was cleared, the length is set to zero, then accessing msg.get_const(0) should be considered invalid. However, in the unittest, the element is accessed and zero is expected.
This library seems not using C++ exception but I think this situation should be asserted rather than defined (to return 0) to prevent potential bugs.
Scenario 2
https://github.com/Embedded-AMS/EmbeddedProto/blob/3fe792288b289f24c2789ece31e36dd25668d8cb/test/test_string_bytes.cpp#L294
When the MAX_LENGTH is exceeded, the index will point to the last element, according to the unittest. However, the intended message is tampered so this mechanism (refer to the last if out-of-bound) seems not making sense to me. Is there a specific reason why it is designed in this way?
Thank you
What's your opinion?
Hello @wuyuanyi135,
It is correct no exceptions or asserts are used. Most microcontrollers have no support for these. When they hit one of these they will go into a hard fault. This will yield undefined behavior with possibly dangerous situations. Think of controlling a motor, while it is running this occurs. Will the motor keep running, will it stop, are safety stops still operational?
To prevent such situations it was chosen to return the value nearest to the index or zero.
A safer function would be something like: error get_const(const int32_t index, const TYPE& value); In this case an error could be returned.
The function mentioned above is now implemented for String, Bytes, and repeated fields. You can find this code on the develop branch.