Checking function parameters in Phobos

Jonathan M Davis jmdavisProg at gmx.com
Wed Nov 20 03:16:20 PST 2013 

On Wednesday, November 20, 2013 11:49:32 Jacob Carlborg wrote:
> On 2013-11-20 09:50, Walter Bright wrote:
> > Important is deciding upon the notions of "validated data" and
> > "untrusted data" is.
> > 
> > 1. Validated data should get asserts if it is found to be invalid.
> > 
> > 2. Untrusted data should get exceptions thrown if it is found to be
> > invalid (or return errors).
> > 
> > For example, consider a utf string. If it has passed a validation check,
> > then it becomes trusted data. Further processing on it should assert if
> > it turns out to be invalid (because then you've got a programming bug).
> > 
> > File open failures should always throw, and never assert, because the
> > file is not part of the program and so is inherently not trusted.
> > 
> > One way to distinguish validated from untrusted data is by using
> > different types (or a naming convention, see Joel Spolsky's
> > http://www.joelonsoftware.com/articles/Wrong.html).
> > 
> > It is of major importance in a program to think about what APIs get
> > validated arguments and what APIs get untrusted arguments.
> 
> How should we accomplish this? We can't replace:
> 
> void main (string[] args)
> 
> With
> 
> void main (UnsafeString[] args)
> 
> And break every application out there.

You'd do it the other way around by having something like

ValidatedString!char s = validateString("hello world");

ValidatedString would then avoid any extra validation when iterating over the 
characters, though I don't know how much of an efficiency gain that would 
actually be given that much of the validation occurs naturally when decoding 
or using stride. It would have the downside that any function which 
specializes on strings would likely have to then specialize on ValidatedString 
as well. So, while I agree with the idea in concept, I'd propose that we 
benchmark the difference in decoding and striding without the checks and see if 
there actually is much difference. Because if there isn't, then I don't think 
that it's worth going to the trouble of adding something like ValidatedString.

- Jonathan M Davis

More information about the Digitalmars-d mailing list