On 2013-11-20 09:50, Walter Bright wrote:
Important is deciding upon the notions of "validated data" and
"untrusted data" is.
1. Validated data should get asserts if it is found to be invalid.
2. Untrusted data should get exceptions thrown if it is found to be
invalid (or return errors).
For example, consider a utf string. If it has passed a validation check,
then it becomes trusted data. Further processing on it should assert if
it turns out to be invalid (because then you've got a programming bug).
File open failures should always throw, and never assert, because the
file is not part of the program and so is inherently not trusted.
One way to distinguish validated from untrusted data is by using
different types (or a naming convention, see Joel Spolsky's
http://www.joelonsoftware.com/articles/Wrong.html).
It is of major importance in a program to think about what APIs get
validated arguments and what APIs get untrusted arguments.
How should we accomplish this? We can't replace:
void main (string[] args)
With
void main (UnsafeString[] args)
And break every application out there.
--
/Jacob Carlborg
