|
Show me a function that have the following signature void foo(int* pint) that sets the value of the int that pint points at to 47 and does so in a secure manner.
|
|
|
|
|
That topic should be determined before hand depending on the type of data and solution that is to be written. In most cases I would say the library should validate the data and handle errors, because people tend to look at functions as a black box. However, for a particular implementation, it may be more efficient for the caller to verify their data.
For example, take a 3D rendering program that must process millions of polygons, it would waste a lot of time to process each polygon separately in a library function, however if the caller could verify the data all at once before calling the processing function, that would probably be more efficient.
The bottom line is, it is difficult to always classify the solution in software engineering, as the solution usually depends on the domain of the problem.
Build a man a fire, and he will be warm for a day Light a man on fire, and he will be warm for the rest of his life!
|
|
|
|
|
Paul Watt wrote:
It depends...
Exactly my thoughts when reading the survey question. In fact, rigidly applying any set of rules across the board, without examining their impact in certain areas, is often a problem in technology. Consistency and thoroughness are usually good, but not when applied indiscriminately. The real world is not as neatly compartmentalised as we would like to think, so our solutions must be adaptable to suit.
|
|
|
|
|
I checked "Both", but it really does depend.
It really depends on how important it is to be robust. If you are doing real-time 3D rendering, for instance, and one polygon fails to render, big whoop. The user might not even notice. So in that case do minimal error checking. Functions that could cause harm to the system or your program, though, should be checked thoroughly on both ends.
It also depends on how much implementation you need to know to check to see if parameters are valid. If a parameter has to be between 0 and 10, that's easy to check. If you are reading a data file and have to check to see if it exists and is the right format, then let the library function do that.
You can pick your friends, and you can pick your nose, but you can't pick your friend's nose.
|
|
|
|
|
Of course, the worst thing in many cases is for the library to check for errors, and then try to deal with bad data silently. If the caller then fails to check everything, the program ships with undetected errors.
shog
nine
Ever since i heard the voice
i thought i had no choice...
|
|
|
|
|
and thats why we throw exceptions
|
|
|
|
|
Which nobody catches or they just have this huge global catch that causes the program to abort. We trade one bad implementation with another.
Tim Smith
I'm going to patent thought. I have yet to see any prior art.
|
|
|
|
|
Exceptions don't do anything but obfuscate the code, and what's worse, the most important part is obfuscated - the error handling and data validation.
I don't put any of that try/catch crap in my own personal code.
------- signature starts
"...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001
Please review the Legal Disclaimer in my bio.
------- signature ends
|
|
|
|
|
Yes I think everybody should use assembly language.
lean, mean, no assert, no try / catch / finally..
push, pop, mov, pat, kapow, gum, booom...
Do you think all those programming language, compiler and library designers and programmers do not have enough experience with programming, debugging?
It is Ok to be sceptical, do not underestimate the power of denial, but come on.
Even Microsoft started to write secure code...
bgiraya
|
|
|
|
|
"NO AND THEN" -Dude where's my car
Sorry, had to.
-Lunchy
|
|
|
|
|
Personally I prefer the library to check arguments, if there is something wrong then to return an appropriate error code but ensuring that no crash can occur. The caller can then check this return code. I don't like to ship code that causes my application to crash - any my boss would be on my back quick enough
|
|
|
|
|