Richard Hodges
2017-09-04 08:09:27 UTC
From this question on SO: https://stackoverflow.com/q/46032307/2015579
here's a well-intentioned offering to produce a substring from either a
string-view or string in a uniform way:
#include <string>#include <string_view>
std::string_view sub_string(std::string_view s,
std::size_t p,
std::size_t n = std::string_view::npos){
return s.substr(p, n);}
std::string sub_string(std::string&& s,
std::size_t p,
std::size_t n = std::string_view::npos){
return s.substr(p, n);}
std::string sub_string(std::string const& s,
std::size_t p,
std::size_t n = std::string_view::npos){
return s.substr(p, n);}
And here's how it will introduce random segfaults into user code.
int main(){
using namespace std::literals;
auto source = "foobar"s;
auto bar = sub_string(source, 3);
// but uh-oh...
bar = sub_string("foobar"s, 3);
// now use bar at your peril...
}
gcc and clang don't produce any warnings here. I don't believe code reviews
will find bugs like this reliably, and often neither will unit testing.
Allowing implicit conversions from std::string to std::string_view is all
very nice, and I understand the intention - to allow algorithms to become
more efficient by a simple, compatible interface change.
C++11 went a long way to removing c++'s reputation as a difficult language
to get right.
This one design error in c++17 will re-award c++ the accolade of "most
buggy and segfaultly language on the planet".
On grounds of safety alone, it is a design error and should be removed.
here's a well-intentioned offering to produce a substring from either a
string-view or string in a uniform way:
#include <string>#include <string_view>
std::string_view sub_string(std::string_view s,
std::size_t p,
std::size_t n = std::string_view::npos){
return s.substr(p, n);}
std::string sub_string(std::string&& s,
std::size_t p,
std::size_t n = std::string_view::npos){
return s.substr(p, n);}
std::string sub_string(std::string const& s,
std::size_t p,
std::size_t n = std::string_view::npos){
return s.substr(p, n);}
And here's how it will introduce random segfaults into user code.
int main(){
using namespace std::literals;
auto source = "foobar"s;
auto bar = sub_string(source, 3);
// but uh-oh...
bar = sub_string("foobar"s, 3);
// now use bar at your peril...
}
gcc and clang don't produce any warnings here. I don't believe code reviews
will find bugs like this reliably, and often neither will unit testing.
Allowing implicit conversions from std::string to std::string_view is all
very nice, and I understand the intention - to allow algorithms to become
more efficient by a simple, compatible interface change.
C++11 went a long way to removing c++'s reputation as a difficult language
to get right.
This one design error in c++17 will re-award c++ the accolade of "most
buggy and segfaultly language on the planet".
On grounds of safety alone, it is a design error and should be removed.
--
---
You received this message because you are subscribed to the Google Groups "ISO C++ Standard - Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to std-discussion+***@isocpp.org.
To post to this group, send email to std-***@isocpp.org.
Visit this group at https://groups.google.com/a/isocpp.org/group/std-discussion/.
---
You received this message because you are subscribed to the Google Groups "ISO C++ Standard - Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to std-discussion+***@isocpp.org.
To post to this group, send email to std-***@isocpp.org.
Visit this group at https://groups.google.com/a/isocpp.org/group/std-discussion/.