Documentation Source Text

Check-in [ff59449da3]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Typo fixes and wording improvements.
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: ff59449da313ec17e4242f9306355514a9193c19246cb28910b8c1d6a6577014
User & Date: drh 2018-03-24 08:53:23
Context
2018-03-27
12:51
Update the speed and size chart. check-in: e704c03dfe user: drh tags: trunk
2018-03-24
08:53
Typo fixes and wording improvements. check-in: ff59449da3 user: drh tags: trunk
2018-03-23
23:08
Fix typo and minor wording change in the CoC. check-in: 43b0cc26d6 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to pages/codeofconduct.in.

29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
SQLite has been and continues to be completely free to everyone,
without precondition.

<p>
However, those who wish to participate in the SQLite community,
either by commenting on the public mailing lists or by contributing
patches or suggestions or in any other way,
are expected to present themselves in a manner
that honors the overarching spirit of the rule, even if they
disagree with specific details.
Polite and professional discussion is always welcomed, from anyone.

<h1>The Rule</h1>

<ol>







|







29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
SQLite has been and continues to be completely free to everyone,
without precondition.

<p>
However, those who wish to participate in the SQLite community,
either by commenting on the public mailing lists or by contributing
patches or suggestions or in any other way,
are expected to conduct themselves in a manner
that honors the overarching spirit of the rule, even if they
disagree with specific details.
Polite and professional discussion is always welcomed, from anyone.

<h1>The Rule</h1>

<ol>

Changes to pages/printf.in.

127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
<center>
<table border=1 cellpadding="10" width="80%">
<tr>
<th>Substitution Type<th>Meaning
<tr>
<td>%
<td>Two "%" characters in a row are translated into a single "%" in the output,
    without substiting any values.
<tr>
<td>d, i
<td>The argument is a signed integer which is displayed in decimal.
<tr>
<td>u
<td>The argument is an unsigned integer which is displayed in decimal.
<tr>







|







127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
<center>
<table border=1 cellpadding="10" width="80%">
<tr>
<th>Substitution Type<th>Meaning
<tr>
<td>%
<td>Two "%" characters in a row are translated into a single "%" in the output,
    without substituting any values.
<tr>
<td>d, i
<td>The argument is a signed integer which is displayed in decimal.
<tr>
<td>u
<td>The argument is an unsigned integer which is displayed in decimal.
<tr>

Changes to pages/whyc.in.

41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
...
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
...
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177

<p>Other programming languages sometimes claim to be "as fast as C".
But no other language claims to be faster than C for general-purpose
programming, because none are.

<h2>Compatibility</h2>

<p>Nearly all systems have the ability to call with libraries
written in C.  This is not true of other implementation languages.

<p>So, for example, Android applications written in Java are able to
invoke SQLite (through an adaptor).  Maybe it would have been more
convenient for Android if SQLite had been coded in Java as that would
make the interface simpler.  However, on iPhone applications are coded
in Objective-C or Swift, neither of which have the ability to call
................................................................................
objects.  And, to be fair, objects are often a good way to
decompose a problem.  But objects are not the only way, and are
not always the best way to decompose a problem.  Sometimes good old
procedural code is easier to write, easier to maintain and understand,
and faster than object-oriented code.

<li><p>
When SQLite was first being developed, Java was a young an immature
language.  C++ was older, but was undergoing such growing pains that
it was difficult to find any two C++ compilers that worked the same
way.  So C was definitely a better choice back when SQLite was first
being developed.  The situation is less stark now, but there is little
to no benefit in recoding SQLite at this point.
</ol>

<h1>Why Isn't SQLite Coded In A "Safe" Language?</h1>

<p>
There has lately been a lot of interest in "safe" programming languages
like Rust or Go in which is impossible, or at least difficult, to make
common programming errors like memory leaks or array overruns.  So the
question often arises as to why SQLite is not coded in a "safe" language.

<ol>
<li><p>
None of the safe programming languages existed for the first 10 years
of SQLite's existance.  SQLite could be recoded in Go or Rust, but doing
................................................................................
no help beyond ordinary C code in solving the rather more difficult
problem of computing a correct answer to an SQL statement.

<li><p>
Safe languages are often touted for helping to prevent
security vulnerabilities. True enough, but SQLite is
not a particularly security-sensitive library.  If an application is
running untrusted and unverified SQL, then it already has way bigger
security issues (SQL injection) that no "safe" language will fix.
<p>
It is true that applications sometimes import complete binary SQLite
database files from untrusted sources, and such imports could present a
possible attack vector.  However, those code paths in SQLite are
limited and are extremely well tested.  And pre-validation routines 
are available to applications that want to read untrusted databases







|







 







|











|







 







|







41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
...
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
...
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177

<p>Other programming languages sometimes claim to be "as fast as C".
But no other language claims to be faster than C for general-purpose
programming, because none are.

<h2>Compatibility</h2>

<p>Nearly all systems have the ability to call libraries
written in C.  This is not true of other implementation languages.

<p>So, for example, Android applications written in Java are able to
invoke SQLite (through an adaptor).  Maybe it would have been more
convenient for Android if SQLite had been coded in Java as that would
make the interface simpler.  However, on iPhone applications are coded
in Objective-C or Swift, neither of which have the ability to call
................................................................................
objects.  And, to be fair, objects are often a good way to
decompose a problem.  But objects are not the only way, and are
not always the best way to decompose a problem.  Sometimes good old
procedural code is easier to write, easier to maintain and understand,
and faster than object-oriented code.

<li><p>
When SQLite was first being developed, Java was a young and immature
language.  C++ was older, but was undergoing such growing pains that
it was difficult to find any two C++ compilers that worked the same
way.  So C was definitely a better choice back when SQLite was first
being developed.  The situation is less stark now, but there is little
to no benefit in recoding SQLite at this point.
</ol>

<h1>Why Isn't SQLite Coded In A "Safe" Language?</h1>

<p>
There has lately been a lot of interest in "safe" programming languages
like Rust or Go in which it is impossible, or is at least difficult, to make
common programming errors like memory leaks or array overruns.  So the
question often arises as to why SQLite is not coded in a "safe" language.

<ol>
<li><p>
None of the safe programming languages existed for the first 10 years
of SQLite's existance.  SQLite could be recoded in Go or Rust, but doing
................................................................................
no help beyond ordinary C code in solving the rather more difficult
problem of computing a correct answer to an SQL statement.

<li><p>
Safe languages are often touted for helping to prevent
security vulnerabilities. True enough, but SQLite is
not a particularly security-sensitive library.  If an application is
running untrusted and unverified SQL, then it already has much bigger
security issues (SQL injection) that no "safe" language will fix.
<p>
It is true that applications sometimes import complete binary SQLite
database files from untrusted sources, and such imports could present a
possible attack vector.  However, those code paths in SQLite are
limited and are extremely well tested.  And pre-validation routines 
are available to applications that want to read untrusted databases