Curt Hagenlocher
2007-Oct-25 06:06 UTC
[Ironruby-core] "Taint" and (internal) copy constructors
Currently, the copy constructors for the MutableString class will "lose" the taint flag on the string being copied. One practical consequence of this is that any builtins that store local copies of the MutableString would have to manually fix the taint flag. Wouldn''t it be better if the default behavior were to preserve this information? Under CRuby, a = "123" => "123" a.taint => "123" a.clone.tainted? => true a[1,1].tainted? => true Under IronRuby, a = "123" => "123" a.taint => "123" a.clone.tainted? => true a[1,1].tainted? => *false* It appears that RubyUtils.TryCopyObject is the only place where this flag is preserved, and this function is called by both Object.clone and Object.dup. -- Curt Hagenlocher curt at hagenlocher.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ironruby-core/attachments/20071024/5842f3f8/attachment.html
Tomas Matousek
2007-Oct-25 06:15 UTC
[Ironruby-core] "Taint" and (internal) copy constructors
Freezing and tainting are not supported yet. We have only "stubs" for them today. Tomas From: ironruby-core-bounces at rubyforge.org [mailto:ironruby-core-bounces at rubyforge.org] On Behalf Of Curt Hagenlocher Sent: Wednesday, October 24, 2007 11:06 PM To: ironruby-core at rubyforge.org Subject: [Ironruby-core] "Taint" and (internal) copy constructors Currently, the copy constructors for the MutableString class will "lose" the taint flag on the string being copied. One practical consequence of this is that any builtins that store local copies of the MutableString would have to manually fix the taint flag. Wouldn''t it be better if the default behavior were to preserve this information? Under CRuby, a = "123" => "123" a.taint => "123" a.clone.tainted? => true a[1,1].tainted? => true Under IronRuby, a = "123" => "123" a.taint => "123" a.clone.tainted? => true a[1,1].tainted? => false It appears that RubyUtils.TryCopyObject is the only place where this flag is preserved, and this function is called by both Object.clone and Object.dup. -- Curt Hagenlocher curt at hagenlocher.org<mailto:curt at hagenlocher.org> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ironruby-core/attachments/20071024/ddc1ac96/attachment.html
Charles Oliver Nutter
2007-Oct-25 09:32 UTC
[Ironruby-core] "Taint" and (internal) copy constructors
Curt Hagenlocher wrote:> Currently, the copy constructors for the MutableString class will "lose" > the taint flag on the string being copied. One practical consequence of > this is that any builtins that store local copies of the MutableString > would have to manually fix the taint flag. Wouldn''t it be better if the > default behavior were to preserve this information?JRuby mimics this behavior, but we''ve debated just kicking taint and SAFE out the window. They''re not provably safe (even in MRI), so they''re almost certainly unsafe...and woah, the overhead. Most folks using JRuby now just assume neither work. - Charlie
Curt Hagenlocher
2007-Oct-25 15:25 UTC
[Ironruby-core] "Taint" and (internal) copy constructors
On 10/25/07, Charles Oliver Nutter <charles.nutter at sun.com> wrote:> > > JRuby mimics this behavior, but we''ve debated just kicking taint and > SAFE out the window. They''re not provably safe (even in MRI), so they''re > almost certainly unsafe...and woah, the overhead. > > Most folks using JRuby now just assume neither work.Both taint and frozen have a very 90s Perl feel to them :). Being new to Ruby, I have absolutely no feel for how often they''re used (with CRuby). -- Curt Hagenlocher curt at hagenlocher.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ironruby-core/attachments/20071025/713e518e/attachment-0001.html
Charles Oliver Nutter
2007-Oct-25 15:53 UTC
[Ironruby-core] "Taint" and (internal) copy constructors
Curt Hagenlocher wrote:> On 10/25/07, *Charles Oliver Nutter* <charles.nutter at sun.com > <mailto:charles.nutter at sun.com>> wrote: > > > JRuby mimics this behavior, but we''ve debated just kicking taint and > SAFE out the window. They''re not provably safe (even in MRI), so > they''re > almost certainly unsafe...and woah, the overhead. > > Most folks using JRuby now just assume neither work. > > > Both taint and frozen have a very 90s Perl feel to them :). Being new > to Ruby, I have absolutely no feel for how often they''re used (with CRuby).frozen is another thing entirely, and it has good uses (locking down strings and arrays so they can''t be modified, for example). But taint/SAFE are (IMHO) ugly, dated mechanisms for handling security, by sprinkling security checks all over high-level method calls and hoping you don''t miss any. Not to mention extensions can ignore tainting completely. Yucko. - Charlie
Curt Hagenlocher
2007-Oct-25 16:25 UTC
[Ironruby-core] "Taint" and (internal) copy constructors
On 10/25/07, Charles Oliver Nutter <charles.nutter at sun.com> wrote:> > > frozen is another thing entirely, and it has good uses (locking down > strings and arrays so they can''t be modified, for example).Are extensions not able to ignore "frozen", then? Other than strings and arrays, it''s hard for me to see a compelling reason for this feature. But then, my thinking is undoubtedly influenced by Python, where strings are immutable and "frozen arrays" are called tuples. :) More to the point of this list, though, how can you decide which features of CRuby to ignore? It can''t just be a matter of overhead, because the overhead for "taint" seems to be almost exactly the same as that for "frozen" -- both features require you to keep external bookkeeping information for objects defined outside of Ruby when the feature is used. -- Curt Hagenlocher curt at hagenlocher.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ironruby-core/attachments/20071025/77e05962/attachment.html
Charles Oliver Nutter
2007-Oct-25 17:23 UTC
[Ironruby-core] "Taint" and (internal) copy constructors
Curt Hagenlocher wrote:> On 10/25/07, *Charles Oliver Nutter* <charles.nutter at sun.com > <mailto:charles.nutter at sun.com>> wrote: > > > frozen is another thing entirely, and it has good uses (locking down > strings and arrays so they can''t be modified, for example). > > > Are extensions not able to ignore "frozen", then?No, extensions can pretty much do anything they want, which is why they suck and why it''s nearly impossible for any non-C-based implementation to ever support them.> Other than strings and arrays, it''s hard for me to see a compelling > reason for this feature. But then, my thinking is undoubtedly > influenced by Python, where strings are immutable and "frozen arrays" > are called tuples. :)Even .NET and Java collection libraries provide ways to get immutable collections; it''s similar to this. But regardless of whether you think it''s useful, the important point is below...> More to the point of this list, though, how can you decide which > features of CRuby to ignore? It can''t just be a matter of overhead, > because the overhead for "taint" seems to be almost exactly the same as > that for "frozen" -- both features require you to keep external > bookkeeping information for objects defined outside of Ruby when the > feature is used.You can decide what features to ignore once you know what features are needed for existing apps to run. For example...JRuby can run Rails and just about anything else that''s pure Ruby, so we''ve been able to determine that certain optimizations are safe and certain features can be safely "unsupported". It''s really, really hard to make that determination before you can run nontrivial apps, but you can learn from others. I''d say the only feature we gave up on early was continuations, and I actually made a serious effort to support them until we discovered how infrequently they were used in the real world. I shall miss my stackless interpreter, slow though it was. - Charlie