From 4d7bd2d69487dfa2b61b953d0213c47030f6c34a Mon Sep 17 00:00:00 2001
From: Andreas Gustafsson <source@isc.org>
Date: Tue, 19 Sep 2000 22:47:14 +0000
Subject: [PATCH] added rule about not modifying return values when failing

---
 doc/dev/coding.html | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/doc/dev/coding.html b/doc/dev/coding.html
index c765b4c2b0..138085069b 100644
--- a/doc/dev/coding.html
+++ b/doc/dev/coding.html
@@ -15,7 +15,7 @@
  - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: coding.html,v 1.13 2000/08/01 01:18:21 tale Exp $ -->
+<!-- $Id: coding.html,v 1.14 2000/09/19 22:47:14 gson Exp $ -->
 
 <H2>C Language</H2>
 
@@ -346,6 +346,11 @@ Bad (obviously for more than one reason ...):
 A function should report success or failure, and do so accurately.  It
 should never fail silently.  Use of Design by Contract can help here.<P>
 
+When a function is designed to return results to the caller by
+assigning to caller variables through pointer arguments, it should
+perform the assignment only if it succeeds and leave the variables
+unmodified if it fails.<P>
+
 <H4>Testing Bits</H4>
 Bit testing should be as follows:<P>
 Good: