this post was submitted on 28 Mar 2025
44 points (97.8% liked)

Programming

19298 readers
121 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 2 years ago
MODERATORS
snowe
Ategon
[email protected]
44
Parse, Don’t Validate AKA Some C Safety Tips (www.lelanthran.com)
submitted 5 days ago by [email protected] to c/programming
14 comments fedilink hide all child comments
top 14 comments
sorted by: hot top controversial new old
[–] Piatro 4 points 3 days ago (2 children)

I love the argument about c having type safety with the little side-swipe at rust. "AcTuAlLy C does have type safety! You just have to jump through the following 50 hoops to get it!". I'm an outsider to both C and Rust but it's still funny.

[–] Colloidal 1 points 1 day ago

People that say that are thinking of strong typed languages instead of type safe languages. There’s a difference. And it looks like you’re on to it.

[–] [email protected] 1 points 2 days ago

It is pretty funny that C's type system can be described pretty differently based on the speaker's experience. The parable of the Blub language comes to mind.

[–] bitcrafter 2 points 3 days ago (1 children)

It is crazy to go to all of the extra trouble of dealing with an additional pointer for the email_t type, when it is just a struct that is a simple wrapper around a char * that could be passed around directly; a lot of the code in this example is just for dealing with having to manage the lifetime of the extra email_t allocation, which seems like an unnecessary hoop to jump through.

[–] [email protected] 2 points 2 days ago (1 children)

Isn't that sort of just the cost of doing business in C? It's a sparse language, so it falls to the programmer to cobble together more.

I do also think the concrete example of emails should be taken as a stand-in. Errors like swapping a parameter for an email application is likely not very harmful and detected early given the volume of email that exists. But in other, less fault-tolerant applications it becomes a lot more valuable.

[–] bitcrafter 1 points 2 days ago

C supports passing structs around by value, so there was no need to allocate memory for it on the heap.

[–] [email protected] 3 points 4 days ago

I prefer to do both, a validation check to see if it has the general form of data I expect then parse what got successfully validated.

[–] [email protected] 13 points 5 days ago (1 children)

I feel I gotta point out it's a pretty funny example—email comes up so frequently as a thing that you're recommended to neither parse nor validate, just try to send an email to the address and see if it works. If you need to know that it was received successfully, a link to click is the general method.

But "parse, don't validate" is still a generally good idea, no matter the example used. :)

[–] [email protected] 6 points 5 days ago (1 children)

I don't see it. I would much prefer to validate early rather than late. The example of 'other code might validate it differently or not at all' seems specious. I don't want invalid information "deep within the bowels of the system".

[–] [email protected] 12 points 5 days ago (1 children)

Parsing is a way of "validating early". You either get a successful parse and the program continues working on known-good data with that knowledge encoded in the type system, or you handle incorrect data as soon as it's encountered.

[–] [email protected] -2 points 4 days ago (1 children)

I understand the concept. I just disagree that it's a good idea.

[–] zygo_histo_morpheus 4 points 3 days ago (1 children)

Why do you think it's a bad idea? Both you and OP are in agreement that you should validate early, which seemed to be what your first comment was about. Is it encoding that the data has been validated in the typesystem that you disagree with?

[–] [email protected] 0 points 3 days ago (1 children)

I disagree that parsing is validating. For example, you could give me a valid ISO date time string, but I want a shipping date and you gave me something in the past. It parses, but is not valid.

I disagree that validating early is bad because some other part of the code might also validate later and possibly do it differently. Yes, that's bad, but not a reason to not validate early.

[–] zygo_histo_morpheus 2 points 3 days ago

This article uses the term "parsing" in a non-standard way - it's not just about transforming text into structured data, it's about transforming more general data in to more specific data. For example, you could have a function that "parses" valid dates into valid shipping dates, which returns an error if the input date is in the past for instance and returns a valid_shipping_date type. This type would likely be identical to a normal date, but it would carry extra semantic meaning and would help you to leverage the type checker to make sure that this check actually gets performed.

Doing this would arguably be a bit overzealous, maybe it makes more sense to just parse strings into valid dates and merely validate that they also make sense as shipping dates. Still, any validation can be transformed into a "parse" by simply adding extra type-level information to the validation.