472,799 Members | 1,557 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,799 software developers and data experts.

How far should I go in protecting the user from his stupidity?

In a recent thread http://tinyurl.com/8n7fe I asked about preventing
the user from deleting the object pointed to by a pointer/reference.
Now I would like to ask about a different aspect of this thing: it this
protection worth it? It is fairly obvious that deleting an object you
will need in the future is wrong. So is it worth to bother with
protecting it against deletion?

Dec 28 '05 #1
6 1300
"Roman Werpachowski" <ro****************@gmail.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...
In a recent thread http://tinyurl.com/8n7fe I asked about preventing
the user from deleting the object pointed to by a pointer/reference.
Now I would like to ask about a different aspect of this thing: it this
protection worth it?
No it is not worth that level of protection. Who are these users deleting
stuff! :) They can always do this too:

int i = 0;
delete &i;
It is fairly obvious that deleting an object you
will need in the future is wrong. So is it worth to bother with
protecting it against deletion?


Don't delete anything explicitly anyway... Always use an apropriate smart
pointer to define the lifetime of dynamic objects.

For example, when it comes to communicating the transfer of ownership, pass
or return std::auto_ptr objects by value. That way, there is no question of
whether the user should delete or not.

Ali

Dec 29 '05 #2

Roman Werpachowski wrote:
In a recent thread http://tinyurl.com/8n7fe I asked about preventing
the user from deleting the object pointed to by a pointer/reference.
Now I would like to ask about a different aspect of this thing: it this
protection worth it? It is fairly obvious that deleting an object you
will need in the future is wrong. So is it worth to bother with
protecting it against deletion?


As has already been stated the return of a pointer has many problems.
The fact that they can do bad things with your internal pointer is just
one. The problem of object ownership becomes a real issue when
returning pointers - just who is going to delete the thing? What is
its lifetime? Can I depend on it to be a certain value consistently or
is it going to change the next time that function is called (for
instance C functions that returned char* often were implemented with a
static array that would get altered any time that function was
called)...

So really your issue goes beyond "just" protection from callers. I do
disagree with the other answer in that I think that alone is reason
enough to look for an alternative, but there are certainly several
other problems with returning a pointer. Obviously nothing that cannot
be worked with for programmers have been returning pointers for years,
but it just adds to the burden of coding in an unnecissary way....best
to avoid any possible problems if possible.

Had a little "argument" with a coworker about something similar today.
I prefer to keep things as safe as possible without going overboard.
Having exposed pointers is one of those things I really like to avoid
and will spend a little bit of time looking for an alternative if I
find I think I need to do that...most often I find a better way. If a
user can cause you to crash I think that is bad.

Today's argument was about a vector inside of a struct. The struct is
public and so its internal vector is as well. Things were getting
weird and an idea given to me was to make that vector a pointer. I
explained that I didn't like this idea because someone can delete it or
point it to someplace bad. Of course he "would never do that" but I
still don't like leaving that posibility open - I would then feel the
need to check that pointer any time it is accessed, at least with a
debug wrapped assert(). Now, an empty vector is no issue - I just end
up not doing anything - so the exposed vector is "ok"...but I didn't
want to do the same with a pointer....and I ended up solving the
problem in a more robust and elegant manner.

IMHO it is not silly to protect your class from users doing stupid
things - quite often that user will end up being you and the time spent
debugging may far outweigh the time looking for a method of
encapsulation.

Dec 29 '05 #3
ro**********@gmail.com wrote:

IMHO it is not silly to protect your class from users doing stupid
things - quite often that user will end up being you and the time spent
debugging may far outweigh the time looking for a method of
encapsulation.


Definitely, I agree with you.
Recently, I encountered interesting "idea of arena".
As I understand from following article "arena" seems to solve
some of problems related to ownership and lifetime of objects:

http://www.cuj.com/documents/s=7990/cujcexp1910austern/

Here also Bjarne considers this idea:
http://public.research.att.com/~bs/b...acement-delete
Cheers
--
Mateusz ŇĀoskot
http://mateusz.loskot.net
Dec 29 '05 #4

Mateusz Loskot wrote:
ro**********@gmail.com wrote:

IMHO it is not silly to protect your class from users doing stupid
things - quite often that user will end up being you and the time spent
debugging may far outweigh the time looking for a method of
encapsulation.


Definitely, I agree with you.
Recently, I encountered interesting "idea of arena".


Looks like the NSAutoreleasePool from objective-c. In objective-c all
objects are created on the heap. Returning an object is necessary but
is equivelant to returning TYPE* all the time. So one creates the
object and calls autorelease just before returning it, which places the
object on the release pool's stack for deletion. When the pool gets
deleted it destroys everything in it. To keep an object you call
retain, which increments a counter inside the object that tells it not
to go away when release is called. New release pools get placed in the
current pool's stack so deleting one previous destroyes those created
after...

There are some simple rules to follow when using a system like
this...namely that the object is your responsibility when you call an
alloc or retain. You relinquish your part by calling autorelease and
placing the object in the current pool. It works pretty well when the
rules of object ownership are followed.

Dec 29 '05 #5
"Roman Werpachowski" <ro****************@gmail.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...
In a recent thread http://tinyurl.com/8n7fe I asked about preventing
the user from deleting the object pointed to by a pointer/reference.
Now I would like to ask about a different aspect of this thing: it this
protection worth it? It is fairly obvious that deleting an object you
will need in the future is wrong. So is it worth to bother with
protecting it against deletion?


As soon as you come up with idiot proof code, they'll come up with a better
idiot.

Jan 2 '06 #6
Jim Langston <ta*******@rocketmail.com> schrieb:
As soon as you come up with idiot proof code, they'll come up with a better
idiot.


Or only idiots will want to use it.

Markus
Jan 2 '06 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

24
by: Yang Li Ke | last post by:
Hi guys! Anyone know a way so that users purchasing my scripts would not be able to share them with other people ? Yang
6
by: nell | last post by:
Hi all, I've developed a testing application in python, and should supply it in a way that no one (lets say they are regular users) will understand it and edit it. The application source is all...
12
by: Roland Hall | last post by:
I read Aaron's article: http://www.aspfaq.com/show.asp?id=2276 re: protecting images from linked to by other sites. There is a link at the bottom of that page that references an interesting...
4
by: Jonathan Henderson | last post by:
Obfuscators aren't only used for protecting intellectual property. See the hacker demo at this link: http://www.preemptive.com/documentation/NetHackerDemo.html For those who don't know what...
3
by: vj | last post by:
I'm building a large infrastructure with about 30 servers (all running linux). I allow my end users to write scripts which then get broken down in smaller parts and run across the 30 servers. The...
7
by: phal | last post by:
Hi I think there are many different browsers to browse to the Internet, how can I write the javascript to identify different browser and display according to the users. Some browser disable the...
5
by: k.i.n.g. | last post by:
Hi, I have a csv file which in taken as the input file for adding users in my linux mail server with the format userid,fullname,passwword,dateofbith Now I have to write a script to generate...
12
by: Dr. Edmund M. Hayes | last post by:
I wrote a access program that works well enough that a handful of people would like to buy it from me. My problem is that if I sell it to someone there is no mechanism that I know of to protect...
0
by: xamman | last post by:
hi there! according to msdn (link at bottom) i should be able to protect a whole class declaratively as above. However i keep getting 'request for principal permissions failed' exceptions. in...
0
by: erikbower65 | last post by:
Using CodiumAI's pr-agent is simple and powerful. Follow these steps: 1. Install CodiumAI CLI: Ensure Node.js is installed, then run 'npm install -g codiumai' in the terminal. 2. Connect to...
0
by: kcodez | last post by:
As a H5 game development enthusiast, I recently wrote a very interesting little game - Toy Claw ((http://claw.kjeek.com/))。Here I will summarize and share the development experience here, and hope it...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Sept 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
0
by: Taofi | last post by:
I try to insert a new record but the error message says the number of query names and destination fields are not the same This are my field names ID, Budgeted, Actual, Status and Differences ...
14
DJRhino1175
by: DJRhino1175 | last post by:
When I run this code I get an error, its Run-time error# 424 Object required...This is my first attempt at doing something like this. I test the entire code and it worked until I added this - If...
0
by: Rina0 | last post by:
I am looking for a Python code to find the longest common subsequence of two strings. I found this blog post that describes the length of longest common subsequence problem and provides a solution in...
5
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
0
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
0
by: lllomh | last post by:
How does React native implement an English player?

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.