[Delta] API question PKeyBase::decrypt()

Justin Karneges justin-psi2 at affinix.com
Sun Apr 29 10:03:31 PDT 2007 

On Sunday 29 April 2007 1:00 am, Remko Tronçon wrote:
> > Non-const references in arguments give the appearance of pass-by-value
> > when in fact the argument could be modified by the function.  Pointers
> > aren't as ambiguous.  This is a common C++ practice.
>
> This doesn't make sense. Non-const references give the exact opposite
> appearance: they mean that you pass them to your function by reference
> (reference), and that your function can modify them (non-const), and
> it only modifies them locally (i.e. it does not store the reference).
> If you wanted to pass it by value, you would have passed it ... by
> value (or by const-reference and leave the copying up to the callee).

By appearance, I meant in the act of calling the function:

  foo a, b;
  bar(a, &b);

At a glance, it would be easy for a third-party to read this as if 'a' won't 
be modified (it is probably some sort of input) and 'b' might be (possibly an 
output, possibly not).  Suppose we changed the second argument definition to 
use a non-const reference:

  bar(a, b);

This is just less readable, IMO.  It looks like two inputs.  If the reader 
later learns that the codebase likes to use non-const references often, then 
the reader has to worry about a function like this being possibly two inputs, 
possibly two outputs, or possibly two simultaneous inputs and outputs.

> This is why non-const references almost never appear in C++ software,
> because not many functions modify arguments.

And not many functions have multiple return values either?

> AFAIK, the only reason you would want to pass something by pointer
> instead of by non-const reference is because you are keeping the
> pointer in the object of the callee, or if you want to make it
> optional to get the value back by giving it a default NULL value.
> (which is done by Qt a lot). But neither of both are the case in a
> function called 'decrypt' ?

I tried to find an example in Qt, but you're right, all the functions that I 
could find that take pointers for arguments (except for the ones that are 
handing the object off to the callee) are used to allow optional passing (0 
for not passed).  I found at least one non-const reference too: in 
QTextEncoder.

We could of course rewrite the function to use the Qt tradition:

SecureArray decrypt(const SecureArray &in, EncryptionAlgorithm alg, bool *ok = 
0);

I think the reason I didn't do this is because I didn't want the 'ok' boolean 
to be optional.  However, making it required is not conventional:

SecureArray decrypt(const SecureArray &in, EncryptionAlgorithm alg, bool *ok);

Nor is this:

SecureArray decrypt(const SecureArray &in, EncryptionAlgorithm alg, bool &ok);

The form I ended up using is also not conventional, I guess, but it at least 
allows easy usage in an if-statement:

bool decrypt(const SecureArray &in, SecureArray *out, EncryptionAlgorithm 
alg);

if(!decrypt(in, &out, alg))
  { error }

Perhaps this one is the answer:

bool decrypt(EncryptionAlgorithm alg, const SecureArray &in, SecureArray *out 
= 0);

:)

-Justin

More information about the delta mailing list