try/catch idiom in std.datetime
Walter Bright
newshound2 at digitalmars.com
Mon Nov 18 15:04:48 PST 2013
On 11/18/2013 2:45 PM, Andrei Alexandrescu wrote:
> There are two possible takes on this:
>
> 1. The standard library is considered part of the user's program, and the whole
> thing is a unit. In that case, passing the wrong int to std.gun is an PROGRAM
> error and 100% blame goes to the programmer who wrote the caller code. In that
> case, assert/assert(0)/contracts are the appropriate constructs to be used
> inside std.gun.
>
> This is the approach taken by the C standard library, which is free to do
> whatever it wants (including crashing the program) upon calls such as
> strlen(NULL) etc.
>
> 2. The standard library is a separate entity from the PROGRAM, and as far as it
> cares, any data from the user is INPUT. So the standard library with SCRUB the
> input, in which case enforce() and throwing exceptions are appropriate.
>
> This is the approach taken by the Windows API, Java, C#, and to a good extent
> the newer parts of C++'s standard library.
>
> To claim that one approach is exactly right and the other is exactly wrong would
> miss important insights.
Or:
3. Input validation and data processing should have separate functions in the
library.
(The Windows API is a special case - it must regard all input as untrusted,
unvalidated input, and it must protect Windows itself from malicious input. This
is not true of Phobos.)
More information about the Digitalmars-d
mailing list