

GOTO (Still) Considered Harmful - Baustin
http://blog.smartbear.com/news/goto-still-considered-harmful/

======
fexl
A few days ago I wrote up something on this same issue:

[http://fexl.com/goto-considered-harmful](http://fexl.com/goto-considered-
harmful)

However, after discussing the issue on the cryptography mailing list, I
realized that the really serious problem here was not the use of goto itself,
but the lack of an obvious test case.

Clearly Apple did not have a single test case which made the
SSLVerifySignedServerKeyExchange function call sslRawVerify. Since the whole
point is to call sslRawVerify, this is an astounding omission in testing.

The "goto fail" pattern is common throughout OpenSSL. I of course think
OpenSSL stinks to high heaven, but for reasons not directly related to "goto".
I do think the use of "goto" gives off a bad "code smell" though.

I myself never use goto. When I'm writing code, I always create "if" or
"while" blocks and then fill them in. It never even occurs to me to use goto.

My main objection to "goto", aside from the spaghetti code which might arise
from it, though not necessarily, is that goto makes it difficult to refactor
code.

Normally it's pretty easy to move a chunk of code into a separate function.
However, if that code contains "goto", then you're pretty much stuck until you
factor out the goto.

------
voidiac
Goto is quite common among c-programmers when it comes to error handling.

~~~
fexl
Yeah, though I refactored their code to avoid the "goto", as an exercise. It
would indeed facilitate making separate functions for common swaths of code,
notably the duplicate code blocks beginning with ReadyHash and ending with
SSLHashSHA1.final. Exactly as I said, goto makes it harder to refactor code.

