Checking function parameters in Phobos
Marco Leise
Marco.Leise at gmx.de
Wed Nov 20 04:22:18 PST 2013
Am Wed, 20 Nov 2013 12:49:20 +0100
schrieb Jacob Carlborg <doob at me.com>:
> On 2013-11-20 12:16, Jonathan M Davis wrote:
>
> > You'd do it the other way around by having something like
> >
> > ValidatedString!char s = validateString("hello world");
>
> Right.
>
> > ValidatedString would then avoid any extra validation when iterating over the
> > characters, though I don't know how much of an efficiency gain that would
> > actually be given that much of the validation occurs naturally when decoding
> > or using stride. It would have the downside that any function which
> > specializes on strings would likely have to then specialize on ValidatedString
> > as well. So, while I agree with the idea in concept, I'd propose that we
> > benchmark the difference in decoding and striding without the checks and see if
> > there actually is much difference. Because if there isn't, then I don't think
> > that it's worth going to the trouble of adding something like ValidatedString.
>
> If not just if the string is valid UTF-8. There can be many other types
> of valid strings. Or rather other functions that have additional
> requirements. Like sanitized filenames, HTML/SQL escaped strings and so on.
None of that is feasible. We can only hope that we simply
catch every case of user input (or untrusted data) and check
it before passing it to Phobos APIs. That's why there are
functions to validate and also to sanitize UTF strings on a
best effort basis in Phobos.
So in my opinion Phobos should continue forward with assert
instead of enforce. I/O functions, of course, have to use
exceptions.
That said, I never thought of validating args[] before passing
it to getopt or using them as a filename. Lesson learned, I
guess?
--
Marco
More information about the Digitalmars-d
mailing list