World: r3wp
[!REBOL3]
older newer | first last |
Geomol 27-May-2011 [8980x2] | But who can abuse it? Just ourselves or outside hackers in a web application? |
If it's just the programmer, who has full control over the functions anyway, then I see no problem. | |
Kaj 27-May-2011 [8982x2] | Yeah, that's the criterium. You still need to be able to inject code |
However, if someone gets a sandbox, every function made available can now be probed for code injection through this hole | |
Sunanda 27-May-2011 [8984] | For better local variables, you can use USE. But it's a bit clunky. f: func [a b][use [c] [c: a + b c]] ;; 'c is local to the function, and not easily/obviously affected by anything outside |
BrianH 28-May-2011 [8985x2] | It's really not any more of a problem for /local than it is for any other function option or argument, since the real problem is that the techniques for code injection have been revealed. Fortunately, so have the methods for avoiding or counteracting it: APPLY, type checking, get-words, or wrapping expressions in parens or putting them at the end of blocks to make sure that they can't get access to modifiable values later on in the block. |
Sunanda, agreed, and also about it being clunky, particularly because USE has both COPY/deep and BIND/copy overhead in R3. ASSERT/type [local none!] is still the most efficient method. | |
Robert 30-May-2011 [8987] | Has anyone tried to use extensions in R3 OSX? Do these work? |
Andreas 30-May-2011 [8988] | Yes, they work. (Only did some basic testing, though.) |
Robert 30-May-2011 [8989] | Callback as well then? |
Andreas 30-May-2011 [8990x2] | Didn't try. |
Yes, my basic callback test works fine. | |
Robert 31-May-2011 [8992] | Perfect. |
Geomol 6-Jun-2011 [8993] | In R3, BACK doens't behave as SKIP ... -1. >> s: [1 2 3 4] == [1 2 3 4] >> t: skip s 3 == [4] >> remove/part s 3 == [4] Now it takes 3 x BACK t to see anything: >> back back back t == [4] while it only takes 2 x skip -1: >> skip skip t -1 -1 == [4] I'm not sure, if this is known or desired behaviour. |
BrianH 6-Jun-2011 [8994x2] | In R2, indexes are constrained to the bounds of the series they reference, so if you shorten the series you lose your position. In R3 your position is preserved for most of the standard operations, just in case you add back to the series later. The operations that can't possibly work for those out-of-bounds references trigger errors (mostly modifying operations), and the ones that could work if you consider series bounds to be an implementation detail and out-of-bounds values to be just not there return none (data access functions). SKIP is an exception, afaik, to allow you to sync up with the bounds - useful, but I don't remember whether it was intentional or a happy accident. >> a: "abc" == "abc" >> c: skip a 2 == "c" >> remove/part a 2 == "c" >> index? skip c 0 == 2 >> index? c == 3 |
The point of this in R3 was to rebalance the behavior in favor of not triggering as many errors when they aren't useful. The policy in R3 is that errors should be your friends, and that means triggering errors where they help in general, preferably informative errors, and not triggering errors where they aren't generally helpful. The conceptual definition of series was changed in R3 to make bounds less hard so as to trigger fewer errors; out-of-bounds positions are now considered to have no values in them, rather than not being there, under most circumstances when you can get away with it - you can't necessarily get away with it for modifying operations. This change was based on analysis of common code patterns, and considering that error catching is expensive in most programming languages, including REBOL; none checking is much less expensive. In the cases where explicit bounds checking is necessary, that isn't expensive to add to your code, not nearly as expensive as the bounds checking required in code in R2 that isn't required at all in R3. | |
onetom 6-Jun-2011 [8996] | BrianH: that's a beautiful description. it should be part of the R3/Concepts document. can we just dump it to there? (i don't have write privileges yet) |
BrianH 6-Jun-2011 [8997] | It would be a victory if we can get to the point where if R3 developers see an error triggered in R3 they are thankful for the information provided, because it will make it easier for them to find the mistake in their code that caused the uncaught error to be triggered in the first place. This is why error locality is so important, as is triggering better errors, and not assuming that something is an error unless the code says it is. If developers can think of errors as being their friends, all the better. |
onetom 6-Jun-2011 [8998] | these are the kind of explanations which i miss in case of other languages when im wondering over design decisions like: "what kind of animal could have came up with such a fucked-in-the-nose idea?" |
BrianH 6-Jun-2011 [8999] | It's a little easier with R3, where a lot of the design decisions were made for good reasons, and by consensus. And because we decided early that R3's answer to backwards compatibility with R2 is to keep maintaining R2 for such code. That frees us to fix aspects of R2's design that turned out to not be that good an idea in retrospect. |
Gregg 6-Jun-2011 [9000] | +1 for getting Brian's detailed notes logged someplace so they are usable (and so they don't get lost). |
Geomol 6-Jun-2011 [9001] | Desiding what to do with block indexes out of range is a tough call, I think. I understand the argument not to cause errors, if it can be handled somehow, but I'm not sure, handling out-of-range problems is always good. What if it's a user bug in the code, that made the index get out of range? Then the user won't easily find that bug, as it causes no error. It's not possible to index a block lower than 1 (first element). It's only possible to index out of range in the other end of the block, getting past the tail. And that can only be done by having an index there, and then remove something from earlier in the block. When the index is beyond the tail, then it has to be desided what to do with insert, remove, skip, next, back, pick, select, append used on that index. (and maybe more like TAIL?, INDEX?, ...) What does other languages do? |
onetom 6-Jun-2011 [9002] | what other languages have position markers associated with arrays/lists/vectors inherently? |
Geomol 6-Jun-2011 [9003x2] | Let's say, my index is way beyond the tail, and I insert a new element there. It may then just be appended to the series, which is at an index way before my pointer. What if I then e.g. say: remove/part my-index -1 |
what should happen? And why? | |
Ladislav 6-Jun-2011 [9005x3] | Geomol: "I'm not sure, if this is known or desired behaviour" - Brian used a long description, but the fact is, that the best part of it is "accident". I bet, that it has not been checked, and it is not clear, whether the difference is desirable or not. |
As far as I am concerned, the difference is not desirable. | |
Let's say, my index is way beyond the tail, and I insert a new element there. - you are out of luck, such an operation is not supported | |
Geomol 6-Jun-2011 [9008x3] | >> s == [1 2 3] >> t: tail s == [] >> remove/part s 2 == [3] >> insert t 1 == [] >> s == [3 1] |
>> index? t == 4 >> system/version == 2.100.111.2.5 | |
Seems to be. | |
Ladislav 6-Jun-2011 [9011x2] | Hmm, did not actually check, thanks |
Now, what do you think about the behaviour? Do you find it useful? (I do not) | |
Geomol 6-Jun-2011 [9013] | The more I think about it, I tend to not like it. It must be up to the user to be sure, the indexes are in bound when used. It's really cryptic code required to make this work. |
Ladislav 6-Jun-2011 [9014] | BTW, "Let's say, my index is way beyond the tail, and I insert a new element there." - in fact, I was right saying that the operations was not supported, since it did not insert a new element there |
Geomol 6-Jun-2011 [9015] | yeah :) |
BrianH 6-Jun-2011 [9016] | Only the part with the behavior of SKIP might be an accident. The rest was the result of a blog discussion over two years ago, which iirc happened while Ladislav was taking a break from REBOL. |
Ladislav 6-Jun-2011 [9017] | In my opinion, this is clearly unsettled (BACK vs. SKIP), and was not discussed before |
BrianH 6-Jun-2011 [9018] | No, SKIP wasn't discussed. The rest was. |
Ladislav 6-Jun-2011 [9019] | So, the above mentioned INSERT behaviour was discussed? |
BrianH 6-Jun-2011 [9020] | I think so, but it was in that private world where Carl's GUI for R3 was being worked on with Henrik and me. It looks like INSERT works like SKIP. |
Ladislav 6-Jun-2011 [9021x2] | In R2, indexes are constrained to the bounds of the series they reference, so if you shorten the series you lose your position - this is provably false |
(and the proof is quite old) | |
BrianH 6-Jun-2011 [9023x2] | I was simplifying to avoid having to write a bunch of test code when my time is limited. Any proofs are welcome, though maybe the R2 proofs should go in Core. |
The word "constrained" was a simplification of the real process. | |
Ladislav 6-Jun-2011 [9025] | The proof exists, welcome or unwelcome, to demonstrate the actual properties of the interpreter, and to prove why the behaviour of some function is unuseful. |
BrianH 6-Jun-2011 [9026] | Yup, especially for R2. |
Ladislav 6-Jun-2011 [9027] | http://www.rebol.net/wiki/Identity#Indices_of_series |
BrianH 6-Jun-2011 [9028x2] | It would be possible and in keeping with the metaphor to have an out-of-bounds INSERT pad blocks with none values, but since strings and binaries don't have a way to have inline nones, that would make the behavior of blocks inconsistent. That is why INSERT behaves the way it does. If you want INSERT to trigger an error in that case, like POKE and set-path modification, that would make sense too. |
Or we could just say that INSERT, APPEND, SKIP, AT and LENGTH? are constrained to bounds, while PICK, POKE, and the ordinals and path accesses that are based on them are not. | |
older newer | first last |