Tels wrote:
Moin,
On Thursday 30 March 2006 17:32, Adam Kennedy wrote:
[snip]
Calling ->method( \"" ) or ->method( \undef ) or ->method ( sub { die
"foo" } ) and a dozen other things like that is intentionally provoking
that code into blowing up.
This are good things, but checking every param on every call to be
well-formed is quite expensive. So I can imagine why people don't do
this :)
Well, it doesn't need to be EVERY param in EVERY call.
The places that you concentrate on this checking is at the edges of your
API, where other developers are touching your code.
Certainly this sort of heavy checking is not what you'd be doing for
private methods and places that are quite internal.
As for expensiveness, might I suggest Params::Util :)
Unfortunately, to do such evil testing, the tester needs to be a different
person than the developer. Really. You never are able to break your code
like $JoeRandomPerlDeveloper. But in most projects the Testing Manager is
also the Lead Programmer, Documentation Supervisor, Most Prominent User
and Quality Assurance Senior Manager in one person.
I don't agree. Certainly real life will come up with problems you can't
currently imagine, but when you know the code, and you are honest with
yourself, you should be able to know the sort of things that might be
"interesting" to throw at it.
And as you encounter problems, you can then reuse that evil in your
future evil testing.
OTOH, you cannot catch every evil and malformed input, at least not with
practical costs in memory/time trade-off (especially developer time!), so
some cases are on the order of "dont do that".
If Params::Util does nothing else, it should how simple it is to catch
every evil and malformed input. Sometime all that is needed is just to
fail in the same way for all evil, and have a simple enough param check
that you have a low false-positive rate.
Adam K
