james@rubyxml.com wrote:
What I’ve found, though, is that that cost of incessant validation is
often much greater than the cost of recovering from an exception when bad
data or markup is allowed too far along a processing path. It is, in some
ways, similar to static types in a programming languages.
This may be true in your domain, but there are often circumstances where you
must attempt to prove validity, and the requirement for that proof is
beyond your control.
The restrictions tend to be greater when you’re working in a heterogeneous,
large organization. It is easier to prove validation via a static, well
defined validation mechanism than programmatically.
Larry Wall once said that systems should be generous in what they accept,
and strict in what they emit.
Open Sources: Voices from the Open Source Revolution
With all due respect to Larry, this is simply not a responsible philosophy
in many problem domains. Financial transactions aren’t the only place
where you want to be able to wholly reject badly formatted data, rather
than accept and make assumptions. Medical data, financial transactions,
military targetting systems (well, that last one is arguable – any
system where the precision of the information is critical enough that
processing incorrect information is worse than not processing any data at
all are all candidates for heavy validation.
“Oops. Sorry about that. There was a missing tag in the order,
so when the wrecking crew saw ‘Hudson St.’, they assumed it was NORTH
Hudson St., and your house looked kinda shoddy to them anyway…”
It’s a rather broad statement, but I’ve taken to mean that the burden of
correctness is on the sender. The receiver needs only do enough to
Again, in many systems, /everybody/ better be on the same sheet of music.
If you’re going to remove a kidney, you’d better be sure you got the right
person.
However, 99.999% of the time the request was fine. So, had we done
“proper” validation, far more wasted processing would have occurred.
I’m of the opinion that there is a lot of wasted processing power sitting
out there. If it gets used doing useless validation but catches even a
rare error, than fine by me. Remember, .001% of a year is 8 hours… how
much would you mind having a day’s pay taken out of your paycheck?
I understand what you’re saying, and I agree with you. In most cases, I
don’t do validation myself. In most cases, the consequences of a mistake
are not significant. However, there are many, many applications where you
not only /should/ be extra careful, but that you /must/.
In response to Bob’s question…
Sean. I’m not sure I understand what is meant by “extremely important” and
“can’t have enough” – especially what this means in the context of
… that is what I mean by “extremely important”. WRT XML-RPC, I don’t
know. XML-RPC is just a specification for how processes communicate. If
the information they’re communicating is part of a critical system, I’d
guess that the system might be a candidate for validation. If it just
means that your spiffy, animated instant-messaging love letter doesn’t get
to Lucy down the hall, it probably isn’t that important.
···
–
… “It’s not that I’m afraid to die. I just don’t want to be there when
<|> it happens.”
/|\ – Woody Allen
/|