On Wed, 04 Mar 2009 08:12:48 -0800, Sean Kelly wrote: > So I guess the real question is whether a function is expected to > validate its parameters. I'd argue that it isn't, but then I'm from a > C/C++ background. For me, validation is a debugging tool, or at least > an optional feature for applications that want the added insurance.
The rule-of-thumb that I use is that a function needs to validate a parameter if that parameter /can/ come from user input and /may not/ have been previously validated and is /critical/ to the success of the function's behaviour. If all of these are true, it means that the function has a potential to fail if it doesn't take the responsibility of parameter validation. If a parameter can only come from other functions, which are already guaranteed to only emit validate data, the parameter data does not need re-validation. However, even for some of these functions a 'contract' validation of input parameters might be needed if you are attempting to validate the logic or data flow, rather than the contents of the data itself. Contract validation of function results is not the same thing as input validation. Output validation is an attempt to prove that the function's logic is correct. Input validation is not a debugging tool. It is a chance to inform the program's user that they might have given the program some wrong information to work with. -- Derek Parnell Melbourne, Australia skype: derek.j.parnell
