Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Perl>
  3. porters
perl5.002 and Safe extension
mbeattie at sable
Dec 8, 1995, 11:06 AM
Post #1 of 5 (266 views)
Permalink
I'm only slowly getting back into hacking perl since I've been on
paternity leave for three weeks. I've now got and built 5.002b1d
and checked out the Safe extension which Jarkko let me know was
misbehaving with 5.002b1. The "safety" isn't a problem; it just
turned out that $cpt->reval() wasn't propagating the error return
value out of the compartment properly. The explanation is that
5.002 caches the GV for $@ as errgv whereas 5.001 always did a
GvSV(gv_fetchpv("@", ...). So with 5.001, doing perl_call_sv
within a compartment was finding $@ subject to the fake top of the
symbol tree and with 5.002 it was going straight to the real $@.

Enough explanation: here's the upshot. Although I *can* fix it to
get the old behaviour (and will do if people insist) the new
G_KEEPERR flag to perl_call_sv means that it is even simpler to
change the bahaviour of
$foo = $cpt->reval($whatever)
so that it behaves more like
$foo = eval $whatever;
Recall that reval currently returns any error message in $whatever
to $foo (e.g. "<naughtyop> trapped by operation mask..."). However
a real eval returns the value of the last statement and sets $@ on
errors. I can make use of G_KEEPERR and tweak Safe.pm (by just
deleting two lines actually :-) so that reval behaves this way
instead. The question is

Do you think I should change Safe to this behaviour?

Of course, I can always add a flag to choose somehow between the
old and the new but that might get messy. I can think of some
obvious pros and cons (mostly cons, if I going to be cautious).

I'd like #define USE_OP_MASK to be the default in 5.002 and
I'm going to send in a patch for that, along with one that changes
MAXO to be a variable rather than a #define. That makes it safer
for old versions of Safe.so to work with new versions of perl.
I think I remember Larry saying that USE_OP_MASK would be OK as
a default in 5.002 but I'm letting people know here so that they
can argue against it if they wish rather than slipping it in under
their noses. I also think it might be nice to have Safe distributed
with the standard perl distribution. What do you all think?

--Malcolm

--
Malcolm Beattie <mbeattie@sable.ox.ac.uk>
Unix Systems Programmer
Oxford University Computing Services
Re: perl5.002 and Safe extension [ In reply to ]
gsar at engin
Dec 8, 1995, 3:13 PM
Post #2 of 5 (258 views)
Permalink
On Fri, 08 Dec 1995 18:06:23 GMT, Malcolm Beattie wrote:
>value out of the compartment properly. The explanation is that
>5.002 caches the GV for $@ as errgv whereas 5.001 always did a
>GvSV(gv_fetchpv("@", ...). So with 5.001, doing perl_call_sv
>within a compartment was finding $@ subject to the fake top of the
>symbol tree and with 5.002 it was going straight to the real $@.
>

This is a subtle issue that I neglected to mention. $@ is a true global now
because of the caching. You cannot do local($@) as might have been possible
before 5.002 (I can't access my perl now, so can't talk with much certainity
about that). I think this is as it must be, but am open to comments.

>Enough explanation: here's the upshot. Although I *can* fix it to
>get the old behaviour (and will do if people insist) the new
>G_KEEPERR flag to perl_call_sv means that it is even simpler to
>change the bahaviour of
> $foo = $cpt->reval($whatever)
>so that it behaves more like
> $foo = eval $whatever;
[...]
> Do you think I should change Safe to this behaviour?

Yes. Besides being consistent with eval, it allows the evaled code to return
one (possibly more relevant) piece of information in a straight-forward
manner.

>
>Of course, I can always add a flag to choose somehow between the
>old and the new but that might get messy. I can think of some
>obvious pros and cons (mostly cons, if I going to be cautious).
>
>I'd like #define USE_OP_MASK to be the default in 5.002 and
>I'm going to send in a patch for that, along with one that changes
>MAXO to be a variable rather than a #define. That makes it safer
>for old versions of Safe.so to work with new versions of perl.
>I think I remember Larry saying that USE_OP_MASK would be OK as
>a default in 5.002 but I'm letting people know here so that they
>can argue against it if they wish rather than slipping it in under
>their noses. I also think it might be nice to have Safe distributed
>with the standard perl distribution. What do you all think?
>

I vote yes on both counts.

- Sarathy.
gsar@engin.umich.edu
Re: perl5.002 and Safe extension [ In reply to ]
Tim.Bunce at ig
Dec 11, 1995, 7:32 PM
Post #3 of 5 (258 views)
Permalink
> From: Malcolm Beattie <mbeattie@sable.ox.ac.uk>
>
> I'm only slowly getting back into hacking perl since I've been on
> paternity leave for three weeks. I've now got and built 5.002b1d
> and checked out the Safe extension which Jarkko let me know was
> misbehaving with 5.002b1. The "safety" isn't a problem; it just
> turned out that $cpt->reval() wasn't propagating the error return
> value out of the compartment properly. The explanation is that
> 5.002 caches the GV for $@ as errgv whereas 5.001 always did a
> GvSV(gv_fetchpv("@", ...). So with 5.001, doing perl_call_sv
> within a compartment was finding $@ subject to the fake top of the
> symbol tree and with 5.002 it was going straight to the real $@.

> Enough explanation: here's the upshot. Although I *can* fix it to
> get the old behaviour (and will do if people insist) the new
> G_KEEPERR flag to perl_call_sv means that it is even simpler to
> change the bahaviour of
> $foo = $cpt->reval($whatever)
> so that it behaves more like
> $foo = eval $whatever;
> Recall that reval currently returns any error message in $whatever
> to $foo (e.g. "<naughtyop> trapped by operation mask..."). However
> a real eval returns the value of the last statement and sets $@ on
> errors. I can make use of G_KEEPERR and tweak Safe.pm (by just
> deleting two lines actually :-) so that reval behaves this way
> instead. The question is
>
> Do you think I should change Safe to this behaviour?

Yes.

> Of course, I can always add a flag to choose somehow between the
> old and the new but that might get messy. I can think of some
> obvious pros and cons (mostly cons, if I going to be cautious).

You could offer an reval with that old functionality in a subclass.

> I'd like #define USE_OP_MASK to be the default in 5.002

Agreed.

Out of interest, and to put peoples' mind at rest, have you
benchmarked perl -c ... with and without USE_OP_MASK?

Tim.
Re: perl5.002 and Safe extension [ In reply to ]
Tim.Bunce at ig
Dec 11, 1995, 7:47 PM
Post #4 of 5 (259 views)
Permalink
> From: Gurusamy Sarathy <gsar@engin.umich.edu>
>
> On Fri, 08 Dec 1995 18:06:23 GMT, Malcolm Beattie wrote:
> >value out of the compartment properly. The explanation is that
> >5.002 caches the GV for $@ as errgv whereas 5.001 always did a
> >GvSV(gv_fetchpv("@", ...). So with 5.001, doing perl_call_sv
> >within a compartment was finding $@ subject to the fake top of the
> >symbol tree and with 5.002 it was going straight to the real $@.
>
> This is a subtle issue that I neglected to mention. $@ is a true global now
> because of the caching. You cannot do local($@) as might have been possible
> before 5.002 (I can't access my perl now, so can't talk with much certainity
> about that). I think this is as it must be, but am open to comments.

I don't see why local would not work. Local saves a copy of the value
elsewhere and arranges for it to be put back when the scope exits.
The location of $@ never moves, errgv == gv_fetchpv("@", ...);
Note that perl also caches $_, STDIN, $& etc (see perl.h).

Tim.
Re: perl5.002 and Safe extension [ In reply to ]
gsar at engin
Dec 11, 1995, 10:44 PM
Post #5 of 5 (258 views)
Permalink
On Tue, 12 Dec 1995 02:47:13 GMT, Tim Bunce wrote:
>>
>> You cannot do local($@) as might have been possible
>> before 5.002 (I can't access my perl now, so can't talk with much certainity
>> about that). I think this is as it must be, but am open to comments.
>
>I don't see why local would not work. Local saves a copy of the value
>elsewhere and arranges for it to be put back when the scope exits.
>The location of $@ never moves, errgv == gv_fetchpv("@", ...);
>Note that perl also caches $_, STDIN, $& etc (see perl.h).
>

Indeed. I was merely confused by Malcolm's case (and clueless enough to
post without really looking at the sources). Thanks.

- Sarathy.
gsar@engin.umich.edu

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal