No registered users in community xowiki
in last 10 minutes
in last 10 minutes
Re: [Xotcl] Very severe limitation in XOTcl
From: Gustaf Neumann <neumann_at_wu-wien.ac.at>
Date: Thu, 05 Aug 2010 09:59:08 +0200
Dear all,
In my understanding, Kristoffers point was that although he is using
XOTcl since many
years (i see postings from him more than 10 years ago) and although he
is a experienced
programmer, he was not aware of the problem with argument values
starting with a dash
(certainly not all, e.g. negative numbers are fine), and he was not
aware of the escape
mechanism (which was added to XOTcl early 2003, see Changelog).
The primarily problem is external input, unfortunately, one weak element
of most
scripting languages. Similar problems lurk around in Tcl in scripts like
set file1 -force
set file2 -violence
file delete $file1 $file2
where one should certainly use "--" to avoid the problem ... once the
developer is are aware of the danger. If a developer is not aware it,
the tests he is writing are most likely not covering it properly.
But a developer frequently writing tests is most likely aware it.
Btw, google codesearch returns more than 5 times more hits for "file
delete $"
than for "file delete --". It is not unlikely, that there are many
such problem lurking around in may tcl scripts. The problem is not
only "file delete" but as well "file copy", "file rename,
any many other tcl commands supporting "--" (switch, lsearch, ...).
And the problem is not only about flags starting with a dash (just
syntactic sugar),
but as well with all other cases, where the interpretation of a <value>
depends
on an interpretation of a <keyword>, especially, when the <keyword> is
optional. In Tcl, one cannot distinguish between "-force" passed as a
literal
or "-force" passed via variable. If we could, life would be in this respect
easier. Compiled languages have it easier, when they require that the
<keywords> are available at compile time.
The case with the dash arguments in XOTcl is especially nasty to the
unaware, since the standard configure method determines on the "-"
(a) where the last argument list ends, and (b), what to call as a method.
If user-data is passed to the object creation, using the list notation is
therefore a must (as mentioned by Artur)
People fully aware of the XOTcl flexibility have no big problem with this,
since they can write their own "configure" method (this method
implements the dash interpretation) and use this (e.g. via mixins)
where appropriate.
-gustaf neumann
Date: Thu, 05 Aug 2010 09:59:08 +0200
Dear all,
In my understanding, Kristoffers point was that although he is using
XOTcl since many
years (i see postings from him more than 10 years ago) and although he
is a experienced
programmer, he was not aware of the problem with argument values
starting with a dash
(certainly not all, e.g. negative numbers are fine), and he was not
aware of the escape
mechanism (which was added to XOTcl early 2003, see Changelog).
The primarily problem is external input, unfortunately, one weak element
of most
scripting languages. Similar problems lurk around in Tcl in scripts like
set file1 -force
set file2 -violence
file delete $file1 $file2
where one should certainly use "--" to avoid the problem ... once the
developer is are aware of the danger. If a developer is not aware it,
the tests he is writing are most likely not covering it properly.
But a developer frequently writing tests is most likely aware it.
Btw, google codesearch returns more than 5 times more hits for "file
delete $"
than for "file delete --". It is not unlikely, that there are many
such problem lurking around in may tcl scripts. The problem is not
only "file delete" but as well "file copy", "file rename,
any many other tcl commands supporting "--" (switch, lsearch, ...).
And the problem is not only about flags starting with a dash (just
syntactic sugar),
but as well with all other cases, where the interpretation of a <value>
depends
on an interpretation of a <keyword>, especially, when the <keyword> is
optional. In Tcl, one cannot distinguish between "-force" passed as a
literal
or "-force" passed via variable. If we could, life would be in this respect
easier. Compiled languages have it easier, when they require that the
<keywords> are available at compile time.
The case with the dash arguments in XOTcl is especially nasty to the
unaware, since the standard configure method determines on the "-"
(a) where the last argument list ends, and (b), what to call as a method.
If user-data is passed to the object creation, using the list notation is
therefore a must (as mentioned by Artur)
People fully aware of the XOTcl flexibility have no big problem with this,
since they can write their own "configure" method (this method
implements the dash interpretation) and use this (e.g. via mixins)
where appropriate.
-gustaf neumann