Re: [Chicken-hackers] substring function and bounds checks

[Peter Bex]

On Wed, Feb 06, 2013 at 07:20:28PM +0100, Michele La Monaca wrote:
> Hi Peter,
> 
> Excuse me if I have been somehow rude but, you know,
> we both have strong ideas.

Same here!  This is something I feel strongly about and sometimes that
leads to heated replies.  I should really learn to put aside the mailer
and mull things over before replying so quickly :)

> Indeed, I don't think
> 
> (substring2 "foo" 0 10) -> "foo"
> 
> is conceptually wrong or sloppy as long as you know exactly what the
> semantic of the function is ("give me at most N chars" -> perl or
> "give me chars up to the Nth position or up to the end of the string
> whatever the first" -> python, ruby).

Indeed, if you know exactly what the semantics are and act by them
there's nothing inherently safer or unsafer about either.  However,
that's the same argument used by the PHP folks in the link I pasted
earlier: you shouldn't use the "==" operator when you really want to
strictly compare string contents.  This is true.  However, it's also
way too easy to get wrong as it's the default (or only) way of doing
things, so you end up jumping through hoops when you *don't* want this
behavior.

On the other hand, it's trivial to change the more "restricted" behavior
to be more "sloppy".

> Regarding the practical aspects of the issue, I hope you might agree
> with me that substring2 if far superior to substring1.

No, this is exactly the thing we are arguing about: in my opinion,
substring2 is imprecise and sloppy.

> Having to catch exceptions, or having to write a wrapper function, as
> Jim suggested, to achieve a minimal sane usage of substring1 (and hey
> we are not talking about the apollo11-land-on-the-moon-button function),
> should give you a sense of the inadequacy of the substring function
> currently shipped with chicken.

I don't understand why it's so hard to pass correct, valid indices to
substring.  How come you don't know the length of the string but do
know what positions to extract from it?  It sounds to me like you
haven't exactly thought about what you want it to do, therefore you'd
like some sort of approximation of something that could be vaguely
what you would maybe mean.

Again, the function isn't inadequate: it functions precisely as designed.
Also, the attitude "I'm not writing a critical piece of code so I can
be sloppy" is what leads to the current global security crisis we're in.
Every piece of code that runs in networked environments *will* be
attacked, sooner or later.  Even if your application isn't critical in
*any* way, anyone operating a botnet isn't going to care, they'll just
add your machine to it.

> Anyway, as you suggested, maybe it is just too early for me... let's
> see. (I hope) I am the kind of person which periodically reconsider
> without preconceptions his beliefs and principles, though, admittedly,
> I am rather defensive at the beginning.

Try to approach programming languages open-mindedly.  Also, if you decide
you dislike how things are being done, don't try to change the standard
but use something that fits better into your style!

Cheers,
Peter
-- 
http://sjamaan.ath.cx