Re: Lessons learned from string-fix and consequences on StringNg design

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Mon, 16 Feb 2009 15:15:10 -0700

On 02/13/2009 10:00 PM, Amos Jeffries wrote:
> Kinkie wrote:
>> On Fri, Feb 13, 2009 at 11:36 AM, Henrik Nordstrom
>> <henrik_at_henriknordstrom.net> wrote:
>>> tor 2009-02-12 klockan 17:19 +0100 skrev Kinkie:
>>>> It would IMHO make sense to:
>>>> 1. introduce StringNg::size_type, which should be a _signed_ 32-bit
>>>> integer
>>>> 2. introduce a static const StringNg::npos = -1 to be used in place of
>>>> std::string::npos
>>> Or use size_t in the API while using a smaler type in the internal
>>> representation.
>>>
>>> size_t is only making a mess for printf style operations, and it's
>>> relatively easy to deal with (and have to be dealt with at a number of
>>> other locations..)
>>
>> Also doable.
>> Currently there is no overflow-checks. Should they be added or should
>> we rely in the callers? Anyone in favour of having some debugs() when
>> a Buffer surpasses some predefined dimension?
>
> Definately. With a 32-bit signed size it _should_ be large enough for
> most uses. A debugs when it goes close to or over the signed rollover
> would be critical IMO. Maybe more, but debugs & assert for now.
Do not assert(), just use Must(false) or equivalent. No reason to kill
the proxy if the caller can simply cancel the offending transaction.
StringNg already uses exceptions for exceptional situations and this is
no different.

Thank you,

Alex.
Received on Mon Feb 16 2009 - 22:15:10 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 17 2009 - 12:00:04 MST