r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

[!REBOL3]

Geomol
27-May-2011
[8980x2]
But who can abuse it? Just ourselves or outside hackers in a web 
application?
If it's just the programmer, who has full control over the functions 
anyway, then I see no problem.
Kaj
27-May-2011
[8982x2]
Yeah, that's the criterium. You still need to be able to inject code
However, if someone gets a sandbox, every function made available 
can now be probed for code injection through this hole
Sunanda
27-May-2011
[8984]
For better local variables, you can use USE. But it's a bit clunky.

   f: func [a b][use [c] [c: a + b c]]   ;; 'c is local to the function, 
   and not easily/obviously affected by anything outside
BrianH
28-May-2011
[8985x2]
It's really not any more of a problem for /local than it is for any 
other function option or argument, since the real problem is that 
the techniques for code injection have been revealed. Fortunately, 
so have the methods for avoiding or counteracting it: APPLY, type 
checking, get-words, or wrapping expressions in parens or putting 
them at the end of blocks to make sure that they can't get access 
to modifiable values later on in the block.
Sunanda, agreed, and also about it being clunky, particularly because 
USE has both COPY/deep and BIND/copy overhead in R3. ASSERT/type 
[local none!] is still the most efficient method.
Robert
30-May-2011
[8987]
Has anyone tried to use extensions in R3 OSX? Do these work?
Andreas
30-May-2011
[8988]
Yes, they work. (Only did some basic testing, though.)
Robert
30-May-2011
[8989]
Callback as well then?
Andreas
30-May-2011
[8990x2]
Didn't try.
Yes, my basic callback test works fine.
Robert
31-May-2011
[8992]
Perfect.
Geomol
6-Jun-2011
[8993]
In R3, BACK doens't behave as SKIP ... -1.

>> s: [1 2 3 4]
== [1 2 3 4]
>> t: skip s 3
== [4]
>> remove/part s 3
== [4]

Now it takes 3 x BACK t to see anything:

>> back back back t
== [4]

while it only takes 2 x skip -1:

>> skip skip t -1 -1
== [4]

I'm not sure, if this is known or desired behaviour.
BrianH
6-Jun-2011
[8994x2]
In R2, indexes are constrained to the bounds of the series they reference, 
so if you shorten the series you lose your position. In R3 your position 
is preserved for most of the standard operations, just in case you 
add back to the series later. The operations that can't possibly 
work for those out-of-bounds references trigger errors (mostly modifying 
operations), and the ones that could work if you consider series 
bounds to be an implementation detail and out-of-bounds values to 
be just not there return none (data access functions). SKIP is an 
exception, afaik, to allow you to sync up with the bounds - useful, 
but I don't remember whether it was intentional or a happy accident.
>> a: "abc"
== "abc"
>> c: skip a 2
== "c"
>> remove/part a 2
== "c"
>> index? skip c 0
== 2
>> index? c
== 3
The point of this in R3 was to rebalance the behavior in favor of 
not triggering as many errors when they aren't useful. The policy 
in R3 is that errors should be your friends, and that means triggering 
errors where they help in general, preferably informative errors, 
and not triggering errors where they aren't generally helpful. The 
conceptual definition of series was changed in R3 to make bounds 
less hard so as to trigger fewer errors; out-of-bounds positions 
are now considered to have no values in them, rather than not being 
there, under most circumstances when you can get away with it - you 
can't necessarily get away with it for modifying operations. This 
change was based on analysis of common code patterns, and considering 
that error catching is expensive in most programming languages, including 
REBOL; none checking is much less expensive. In the cases where explicit 
bounds checking is necessary, that isn't expensive to add to your 
code, not nearly as expensive as the bounds checking required in 
code in R2 that isn't required at all in R3.
onetom
6-Jun-2011
[8996]
BrianH: that's a beautiful description. it should be part of the 
R3/Concepts document. can we just dump it to there? (i don't have 
write privileges yet)
BrianH
6-Jun-2011
[8997]
It would be a victory if we can get to the point where if R3 developers 
see an error triggered in R3 they are thankful for the information 
provided, because it will make it easier for them to find the mistake 
in their code that caused the uncaught error to be triggered in the 
first place. This is why error locality is so important, as is triggering 
better errors, and not assuming that something is an error unless 
the code says it is. If developers can think of errors as being their 
friends, all the better.
onetom
6-Jun-2011
[8998]
these are the kind of explanations which i miss in case of other 
languages when im wondering over design decisions like: "what kind 
of animal could have came up with such a fucked-in-the-nose idea?"
BrianH
6-Jun-2011
[8999]
It's a little easier with R3, where a lot of the design decisions 
were made for good reasons, and by consensus. And because we decided 
early that R3's answer to backwards compatibility with R2 is to keep 
maintaining R2 for such code. That frees us to fix aspects of R2's 
design that turned out to not be that good an idea in retrospect.
Gregg
6-Jun-2011
[9000]
+1 for getting Brian's detailed notes logged someplace so they are 
usable (and so they don't get lost).
Geomol
6-Jun-2011
[9001]
Desiding what to do with block indexes out of range is a tough call, 
I think. I understand the argument not to cause errors, if it can 
be handled somehow, but I'm not sure, handling out-of-range problems 
is always good. What if it's a user bug in the code, that made the 
index get out of range? Then the user won't easily find that bug, 
as it causes no error.


It's not possible to index a block lower than 1 (first element). 
It's only possible to index out of range in the other end of the 
block, getting past the tail. And that can only be done by having 
an index there, and then remove something from earlier in the block. 
When the index is beyond the tail, then it has to be desided what 
to do with
	insert, remove, skip, next, back, pick, select, append
used on that index. (and maybe more like TAIL?, INDEX?, ...)

What does other languages do?
onetom
6-Jun-2011
[9002]
what other languages have position markers associated with arrays/lists/vectors 
inherently?
Geomol
6-Jun-2011
[9003x2]
Let's say, my index is way beyond the tail, and I insert a new element 
there. It may then just be appended to the series, which is at an 
index way before my pointer. What if I then e.g. say:
	remove/part my-index -1
what should happen? And why?
Ladislav
6-Jun-2011
[9005x3]
Geomol: "I'm not sure, if this is known or desired behaviour" - Brian 
used a long description, but the fact is, that the best part of it 
is "accident". I bet, that it has not been checked, and it is not 
clear, whether the difference is desirable or not.
As far as I am concerned, the difference is not desirable.
Let's say, my index is way beyond the tail, and I insert a new element 
there.
 - you are out of luck, such an operation is not supported
Geomol
6-Jun-2011
[9008x3]
>> s
== [1 2 3]
>> t: tail s
== []
>> remove/part s 2
== [3]
>> insert t 1
== []
>> s
== [3 1]
>> index? t
== 4
>> system/version
== 2.100.111.2.5
Seems to be.
Ladislav
6-Jun-2011
[9011x2]
Hmm, did not actually check, thanks
Now, what do you think about the behaviour? Do you find it useful? 
(I do not)
Geomol
6-Jun-2011
[9013]
The more I think about it, I tend to not like it. It must be up to 
the user to be sure, the indexes are in bound when used. It's really 
cryptic code required to make this work.
Ladislav
6-Jun-2011
[9014]
BTW, "Let's say, my index is way beyond the tail, and I insert a 
new element there." - in fact, I was right saying that the operations 
was not supported, since it did not insert a new element there
Geomol
6-Jun-2011
[9015]
yeah :)
BrianH
6-Jun-2011
[9016]
Only the part with the behavior of SKIP might be an accident. The 
rest was the result of a blog discussion over two years ago, which 
iirc happened while Ladislav was taking a break from REBOL.
Ladislav
6-Jun-2011
[9017]
In my opinion, this is clearly unsettled (BACK vs. SKIP), and was 
not discussed before
BrianH
6-Jun-2011
[9018]
No, SKIP wasn't discussed. The rest was.
Ladislav
6-Jun-2011
[9019]
So, the above mentioned INSERT behaviour was discussed?
BrianH
6-Jun-2011
[9020]
I think so, but it was in that private world where Carl's GUI for 
R3 was being worked on with Henrik and me. It looks like INSERT works 
like SKIP.
Ladislav
6-Jun-2011
[9021x2]
In R2, indexes are constrained to the bounds of the series they reference, 
so if you shorten the series you lose your position
 - this is provably false
(and the proof is quite old)
BrianH
6-Jun-2011
[9023x2]
I was simplifying to avoid having to write a bunch of test code when 
my time is limited. Any proofs are welcome, though maybe the R2 proofs 
should go in Core.
The word "constrained" was a simplification of the real process.
Ladislav
6-Jun-2011
[9025]
The proof exists, welcome or unwelcome, to demonstrate the actual 
properties of the interpreter, and to prove why the behaviour of 
some function is unuseful.
BrianH
6-Jun-2011
[9026]
Yup, especially for R2.
Ladislav
6-Jun-2011
[9027]
http://www.rebol.net/wiki/Identity#Indices_of_series
BrianH
6-Jun-2011
[9028x2]
It would be possible and in keeping with the metaphor to have an 
out-of-bounds INSERT pad blocks with none values, but since strings 
and binaries don't have a way to have inline nones, that would make 
the behavior of blocks inconsistent. That is why INSERT behaves the 
way it does. If you want INSERT to trigger an error in that case, 
like POKE and set-path modification, that would make sense too.
Or we could just say that INSERT, APPEND, SKIP, AT and LENGTH? are 
constrained to bounds, while PICK, POKE, and the ordinals and path 
accesses that are based on them are not.