|
|
Boost : |
Subject: Re: [boost] Formal Review Request: Boost.Convert
From: Andrzej Krzemienski (akrzemi1_at_[hidden])
Date: 2009-02-20 10:40:51
Hi,
I would like to propose removing the default value for the second
argument of convert. I believe it may be insecure. Let me explain it
by exemple. What did I mean when I wrote the following code:
string str = readInput();
int men = convert_to<string, int>(str);
1. I meant: "if conversion is impossible, return 0", because I read
the documentation thoroughly.
2. I am a novice and didn't really think about the situation where
someone types a non-int string.
In case of the first option it is all fine, but if the latter is the
case, it may have been better to throw an exception to the user. I
would propose, rather than having a default "fallback" value to
provide two overloads for convert: one with two parameters where you
can provide the fallback value, and the other, one-parameter, that
would indicate that you want to throw an exception on failure. Yo do
not loose much of your original interface, because you can write more
explicitly:
int men = convert_to<string, int>(str, 0);
I find it better because:
1. It forces the writer to type more clearly his intentions. (Or
explicitly confirm that he is aware that the string may not be
convertible to int.)
2. Releaves you from providing the throw_t argument altogether. This
in turn removes the possibility of writing:
convert<string, int>(str, -1) >> throw_t();
// What does -1 mean here?
Regards,
&rzej
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk