Parse, Don’t Validate AKA Some C Safety Tips
Parse, Don’t Validate AKA Some C Safety Tips
www.lelanthran.com
Parse, Don’t Validate AKA Some C Safety Tips
14 comments
-
-
I love the argument about c having type safety with the little side-swipe at rust. "AcTuAlLy C does have type safety! You just have to jump through the following 50 hoops to get it!". I'm an outsider to both C and Rust but it's still funny.
-
It is pretty funny that C's type system can be described pretty differently based on the speaker's experience. The parable of the Blub language comes to mind.
-
People that say that are thinking of strong typed languages instead of type safe languages. There’s a difference. And it looks like you’re on to it.
-
-
I prefer to do both, a validation check to see if it has the general form of data I expect then parse what got successfully validated.
-
It is crazy to go to all of the extra trouble of dealing with an additional pointer for the
email_ttype, when it is just astructthat is a simple wrapper around achar *that could be passed around directly; a lot of the code in this example is just for dealing with having to manage the lifetime of the extraemail_tallocation, which seems like an unnecessary hoop to jump through.-
Isn't that sort of just the cost of doing business in C? It's a sparse language, so it falls to the programmer to cobble together more.
I do also think the concrete example of emails should be taken as a stand-in. Errors like swapping a parameter for an email application is likely not very harmful and detected early given the volume of email that exists. But in other, less fault-tolerant applications it becomes a lot more valuable.
-
C supports passing
structs around by value, so there was no need to allocate memory for it on the heap.
-
-
14 comments
I feel I gotta point out it's a pretty funny example—email comes up so frequently as a thing that you're recommended to neither parse nor validate, just try to send an email to the address and see if it works. If you need to know that it was received successfully, a link to click is the general method.
But "parse, don't validate" is still a generally good idea, no matter the example used. :)
I don't see it. I would much prefer to validate early rather than late. The example of 'other code might validate it differently or not at all' seems specious. I don't want invalid information "deep within the bowels of the system".
Parsing is a way of "validating early". You either get a successful parse and the program continues working on known-good data with that knowledge encoded in the type system, or you handle incorrect data as soon as it's encountered.