Hi Gerd and OCaml users, First note that we are not breaking backward compatibility: you can always use the -unsafe-string flag to compile your dusty code. On 2014-07-05, at 13:04, Gerd Stolpmann wrote: > So my scenario is quite low-level: I/O, and C interfaces. As you said, bigarrays are the best suited for that kind of code. But that's not a good reason to make all strings as heavy as bigarrays. If you need bigarrays, by all means use bigarrays in your code, not String or Bytes. On 2014-07-05, at 13:24, Gerd Stolpmann wrote: > Well, the complexity can be reduced a bit by using phantom types: > > type string = [`String] stringlike > type bytes = [`Bytes] stringlike > > and then just define function-by-function what is permitted: This is almost the same as our first version, which we discarded as too complex and not compatible enough (as you noted, because of unresolved type variables). But it might make a come-back. On 2014-07-08, at 14:24, Gerd Stolpmann wrote: > It will create confusion even with actively maintained code bases. What > could help here is very clear communication when the change will be the > standard behavior, and how the migration will take place. Currently, it > feels like a big experiment - hey, let's users tentatively enable it, > and watch out for problems. OK, we need to be clearer on the "how" (in an nutshell, the default will switch from -unsafe-string to -safe-string at some point in the future when we feel that enough of the existing code has been updated). As for the "when", we can't tell because that depends a lot on how fast the community updates its code. Hopefully no more than three years. Possibly as soon as 4.03.0. > There could also be a section in > the manual explaining the new behavior, and how to convert code. That's a good idea. > Right, that's the good side of it. (Although the danger is quite > theoretical, as most programmers seem to intuitively follow the rule > "don't mutate strings you did not create". I've never seen this kind of > bug in practice.) What about programmers who deliberately trigger the bug (aka "attackers", in a security setting)? It's not just about how unlikely a bug is, but also whether it can be exploited. > For instance, there is one module in OCamlnet where a regexp is directly > run on an I/O buffer (generally, you need to do some primitive parsing > on I/O buffers before you can extract strings, and that's where > stringlike would be nice to have). Without stringlike, I would have to > replace that regexp somehow. If stringlike is polymorphic, you will need a new regexp library that operates on stringlike. We cannot update the current regexp library to use stringlike because that would introduce polymorphism and unresolved type variables, and that might break some of the code that used to run on 1.03... On 2014-07-14, at 19:45, Richard W.M. Jones wrote: > That would imply removing incorrect functions like String.uppercase > and String.lowercase. First, we mark them deprecated. Then we wait a very long time before we actually remove them from (if ever). -- Damien