Re: When to validate?

From: Andy Heninger (
Date: Fri Dec 10 2004 - 11:55:29 CST

  • Next message: Marcin 'Qrczak' Kowalczyk: "Re: Nicest UTF"

    Arcane Jill wrote:
    > Here's something that's been bothering me. Suppose I write a function -
      [ that process strings in one of the UTFs]
    > I'm supposed to validate the input, yes?

    You are designing the API - you get to choose what it does.

    An application as a whole needs to validate external input that is
    alleged to be in some format, and ensure that any output that is
    promised to be in some format is indeed completely in that format. But
    this doesn't say anything at all about what individual library functions
    do or don't do.

    Some important things in designing a function API are

    o Fully define what the behavior is. With a function like
         tolower(), you could leave malformed sequences unaltered;
         you could replace them with some substitution character;
         you could return or not return a separate error indication;
         or you can do anything else you can think of.

         Just don't choose "the behavior is undefined". And don't crash.

         Presumably you have some idea of how you (or others) will be
         using your function, so choose something that will be convenient
         and efficient for the intended use.

    o If there are reasonable precedents established by the conventions
         of your own library, or other similar libraries, follow them.

         Don't take your users by surprise with something completely
         different and unexpected for no good reason.

    -- Andy Heninger

    This archive was generated by hypermail 2.1.5 : Fri Dec 10 2004 - 11:57:52 CST