|
Diego Nehab wrote:
Hi,On the flip side, when you expose all the primitives, a higher level API can be written in Lua.- Peter OddingI agree.Damn it, I sent the message before writing the rest. As I said, I agree too.The only problem is that, according to Lua's philosophy, itshould not be possible to crash an application from Lua. Exposing the bare Win32 API might not be compatible withthis philosophy. Regards, Diego.
I couldn't agree more, and go to quite a bit of trouble to avoid my own binary modules from crashing on invalid input.
Continuing on high- vs. low-level API advantages: when a module writer decides to expose the primitives I think he/she essentially gives over control to users of the module, and will have to accept the consequences (if you don't validate all input your module can crash and take the Lua interpreter with it).
Last note, if any of you are running Windows, try lua.exe -e "os.date'%e'". Does that crash? Because it does for me, on all >= XP SP2 installations I've tried. This means it's already possible to crash `plain' Lua on Windows, at least the os library, given an invalid (according to Microsoft's CRT) format string. Of course no-one could expect the Lua authors to implement (localized) date formatting independent of the CRT, but this goes to show that input validation is important.
- Peter Odding PS. Please don't take the lua.exe -e "os.date'%e'" comment as FUD against Lua!