On 10/22/19 11:03 AM, Vinnie Falco via Boost wrote:
On Tue, Oct 22, 2019 at 10:40 AM Robert Ramey via Boost
wrote: Did you look into using boost.spirit for parsing?
I didn't even consider it. All of the parsers that I work with accept untrusted inputs,
I don't buy this as a reason - in fact I'd call it reason to specify and enforce a formal grammar.
so when writing a parser I prefer to have no external dependencies. Spirit is an enormous dependency and scares off potential users.
This I can appreciate and sympathize with.. It points to the problem that C++ and boost have been wrestling with forever - dependency management. I'm pretty doubtful that anyone can write a demonstrably correct parser without using such a tool. So if security is an issue perhaps you might want to write a test program based on spirit. This would give one confidence that your library won't introduce security holes - at least on the inputs tested. This might be appreciated. Since users don't typically build/run tests (though I've advocated that they should!) there wouldn't be any kind of dependency issue for them. And it would give you the option of writing 1000++ test cases without having to check them all by hand. Just food for thought - feeding the beast. Robert Ramey
Thanks
_______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost