October 04, 2012 Re: Idea: Introduce zero-terminated string specifier | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Regan Heath | On Wed, 03 Oct 2012 08:37:14 -0400, Regan Heath <regan@netmail.co.nz> wrote:
> On Tue, 02 Oct 2012 21:44:11 +0100, Steven Schveighoffer <schveiguy@yahoo.com> wrote:
>> In fact, a better solution would be to define a C string type (other than char *), and just pretend those system calls return that. Then support that C string type in writef.
>>
>> -Steve
>
> :D
> http://comments.gmane.org/gmane.comp.lang.d.general/97793
>
Almost what I was thinking.
:)
Though, at that point, I don't think we need a special specifier for writef. %s works.
However, looking at the vast reach of these changes, I wonder if it's worth it. That's a lot of prototypes to C functions that have to change, and a large compiler change (treating string literals as CString instead of char *), just so C strings print out with writef. Not to mention code that will certainly break...
-Steve
| |||
Permalink
ReplyOctober 04, 2012 Re: Idea: Introduce zero-terminated string specifier | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to deadalnix | On Tuesday, 2 October 2012 at 13:07:46 UTC, deadalnix wrote:
> Le 01/10/2012 22:33, Vladimir Panteleev a écrit :
>> On Monday, 1 October 2012 at 12:12:52 UTC, deadalnix wrote:
>>> Le 01/10/2012 13:29, Vladimir Panteleev a écrit :
>>>> On Monday, 1 October 2012 at 10:56:36 UTC, deadalnix wrote:
>>>>> How does to!string know that the string is 0 terminated ?
>>>>
>>>> By convention (it doesn't).
>>>
>>> It is unsafe as hell oO
>>
>> Forcing the programmer to put strlen calls everywhere in his code is not
>> any safer.
>
> I make the library safer. If the programmer manipulate unsafe construct (like c strings) it is up to the programmer to ensure safety, not the lib.
Thrusting the programmer is what brought upon us the wrath of security exploits via buffer overflows.
--
Paulo
| |||
October 04, 2012 Re: Idea: Introduce zero-terminated string specifier | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Steven Schveighoffer | On Thu, 04 Oct 2012 01:05:14 +0100, Steven Schveighoffer <schveiguy@yahoo.com> wrote: > On Wed, 03 Oct 2012 08:37:14 -0400, Regan Heath <regan@netmail.co.nz> wrote: > >> On Tue, 02 Oct 2012 21:44:11 +0100, Steven Schveighoffer <schveiguy@yahoo.com> wrote: >>> In fact, a better solution would be to define a C string type (other than char *), and just pretend those system calls return that. Then support that C string type in writef. >>> >>> -Steve >> >> :D >> http://comments.gmane.org/gmane.comp.lang.d.general/97793 >> > > Almost what I was thinking. > > :) > > Though, at that point, I don't think we need a special specifier for writef. %s works. True. > However, looking at the vast reach of these changes, I wonder if it's worth it. That's a lot of prototypes to C functions that have to change, and a large compiler change (treating string literals as CString instead of char *), just so C strings print out with writef. That's not the only motivation. The change brings more type safety in general and should help to catch bugs, like for example the common one made by people just starting out with D (from a C/C++ background). > Not to mention code that will certainly break... Some code will definitely stop compiling, but it's debatable as to whether this code is not already "broken" to some degree.. it's likely not as safe/robust as it could be. R -- Using Opera's revolutionary email client: http://www.opera.com/mail/ | |||
Copyright © 1999-2021 by the D Language Foundation