Type | Wish | Status | reviewed | Date | 3-May-2011 08:11 |
---|---|---|---|---|---|
Version | alpha 111 | Category | Native | Submitted by | Ladislav |
Platform | All | Severity | minor | Priority | normal |
Summary | DO WORD behaviour |
---|---|
Description |
I asked REBOL users what did they prefer as the result of the example code below. All of them preferred to get the string! datatype like in R2, with only one exception, Brian Hawley preferring to obtain the function! like in R3. Reasons for the preference were: * the users prefer the DO function to treat words the same way as they are treated when DO encounters them inline in a code block * the users think that for the alternative behaviour they can use the GET function * some of the users think the current R3 behaviour is a bug * the users find the R2 behaviour when processing the example code perfect and more logical |
Example code |
a: make object! [b: does ["OK"]] type? do in a 'b |
Assigned to | n/a | Fixed in | - | Last Update | 6-Jan-2016 14:25 |
---|
Comments | |
---|---|
(0003170)
BrianH 3-May-2011 12:04 |
Um, sorry, you are missing the other part of the R2 behavior: What you propose to have DO do if passed a word value with a function assigned to it, executing the function, R2's DO also does with blocks or parens assigned to the words - even DO evaluating an inline word doesn't do something like that. It's a pretty severe unfixable bug in R2 because of backwards compatibility. Also, I notice that all of the example code in your poll had no side effects and took no parameters, let alone use words with blocks assigned to them, so the vote doesn't really count as much as you think.
In R2: >> a: does [print "pwned!"] >> do 'a pwned! ; DO of a word! assigned a function executes the function, like inline word evaluation >> a: [print "pwned!"] == [print "pwned!"] >> do 'a pwned! ; DO of a word! assigned a block executes the block, completely inconsistent with inline word evaluation >> a: func [:x y] [set :x :y insert clear :y "bye-bye data!" print "pwned!"] >> do 'a b: [valuable data] pwned! >> b == ["bye-bye data!"] ; DO of a word! allows get-word hacking! In the mezzanine code, DO of an arbitrary function value is considered to be an unsafe practice since you can hack the code of functions using get-word parameters. At least when doing blocks and parens we can be sure that they take no parameters, so they are at least safe to call (SECURE, PROTECT and binding tricks ensure they are safe to run). For function values we use APPLY to prevent hacking, or more often we screen them out altogether categorically. For words, there is no APPLY. We can screen them out by only allowing block! and paren!, sometimes. Adding the feature you request would add word! to the set of types that it wouldn't be safe to DO without data flow analysis or a lot of screening code. The consistency argument (your first bullet point) is not a bad one, as long as we are really specific about what we want to be consistent with. Following the pattern of your proposed behavior for lit-words in #1434, and that of parens, it seems that it would be reasonably safe for all word and path types to have this: >> do :some-word-or-path-value be treated the same as this: >> do reduce [:some-word-or-path-value] The putting-it-in-a-block-by-itself restriction in the equivalence is important. Note that a set-word or set-path evaluated by itself in a block would trigger an error, so DO of a set-word or set-path value should also trigger an error, though not necessarily the same one (see #1883 for details). And a word or path that refers to a function would trigger an error if the function takes parameters, but not otherwise. Both of these errors reduce the attack surface of calling code, so malicious words and paths can't get access to the original version of a function body and inject code or see hidden contexts and bindings. This would make words and paths no more unsafe to DO than parens or blocks. The behavior of R2's DO path! follows this model pretty well, so it might not be a bad idea to emulate. See #1881 for details. When deciding about a language feature you need to not only consider how it will be used in the best case, but how it will be used in the worst case. How much screening code will you need to add to make the feature safe to use in your code? How does the amount and awkwardness of the code plus its screening guards compare to the code to do the equivalent behavior without the feature? What does the feature add that you couldn't do before? Hopefully this comment can help with this evaluation. |
(0003174)
Ladislav 3-May-2011 13:28 |
"DO of a word! assigned a block executes the block, completely inconsistent with inline word evaluation " - I did not try to discuss that in this ticket. Please, let me know if the summary does not suffice to explain the subject of the ticket in an understandable way. |
(0003175)
BrianH 3-May-2011 13:43 |
"* the users find the R2 behaviour perfect and more logical " - that is the part that discusses that subject. The example is misleading. |
(0003178)
Ladislav 3-May-2011 14:07 |
Changed the formulation to "the users find the R2 behaviour when processing the example code perfect and more logical" to underline that the ticket relates to the summary. Otherwise, there are many examples when REBOL users *don't* find the R2 behaviour perfect and logical. |
(0003179)
Ladislav 3-May-2011 21:04 |
"...and since you've requested that lit-word! and lit-path! be returned to their R2-style..." - I did not request that |
(0003183)
BrianH 5-May-2011 14:03 |
Updated the comment accordingly, and in accordance with the conclusions reached in #1434. #1881 has some more explanation of why the limits of R2's DO path! are a good idea to follow, and #1883 deals with the same issue for DO set-path!. |
(0004273)
BrianH 27-Feb-2014 20:44 |
Note: I am working on an implementation of this and #1881, with this behavior:
>> do :some-word-or-path-value be treated the same as this: >> do reduce [:some-word-or-path-value] Coming soon. |
(0004681)
Ladislav 6-Jan-2016 14:19 |
BrianH: "DO of a word! assigned a block executes the block, completely inconsistent with inline word evaluation" - yes, and completely consistent with explicit evaluation |
(0004682)
Ladislav 6-Jan-2016 14:25 |
BrianH: "DO of a word! allows get-word hacking!" - you must be joking, how exactly does crippling the functionality of DO in this way prevent simpler:
a b: [valuable data] ? |
Date | User | Field | Action | Change |
---|---|---|---|---|
6-Jan-2016 14:25 | Ladislav | Comment : 0004682 | Added | - |
6-Jan-2016 14:19 | Ladislav | Comment : 0004681 | Added | - |
5-Mar-2014 09:16 | BrianH | Status | Modified | submitted => reviewed |
5-Mar-2014 09:16 | BrianH | Category | Modified | Unspecified => Native |
27-Feb-2014 20:50 | BrianH | Comment : 0003170 | Modified | - |
27-Feb-2014 20:50 | BrianH | Comment : 0004273 | Modified | - |
27-Feb-2014 20:44 | BrianH | Comment : 0004273 | Added | - |
7-Oct-2013 10:36 | Ladislav | Description | Modified | - |
7-Oct-2013 10:35 | Ladislav | Comment : 0003178 | Modified | - |
7-Oct-2013 10:34 | Ladislav | Comment : 0003178 | Modified | - |
5-May-2011 14:03 | BrianH | Comment : 0003183 | Added | - |
5-May-2011 13:59 | BrianH | Comment : 0003170 | Modified | - |
5-May-2011 13:58 | BrianH | Comment : 0003170 | Modified | - |
3-May-2011 21:04 | Ladislav | Comment : 0003179 | Added | - |
3-May-2011 14:13 | Ladislav | Comment : 0003174 | Modified | - |
3-May-2011 14:11 | Ladislav | Comment : 0003178 | Modified | - |
3-May-2011 14:09 | Ladislav | Comment : 0003178 | Modified | - |
3-May-2011 14:08 | Ladislav | Comment : 0003178 | Modified | - |
3-May-2011 14:07 | Ladislav | Comment : 0003178 | Added | - |
3-May-2011 14:06 | Ladislav | Code | Modified | - |
3-May-2011 14:06 | Ladislav | Description | Modified | - |
3-May-2011 13:43 | BrianH | Comment : 0003175 | Added | - |
3-May-2011 13:37 | Ladislav | Comment : 0003174 | Modified | - |
3-May-2011 13:28 | Ladislav | Comment : 0003174 | Modified | - |
3-May-2011 13:28 | Ladislav | Comment : 0003174 | Added | - |
3-May-2011 12:49 | BrianH | Comment : 0003170 | Modified | - |
3-May-2011 12:04 | BrianH | Comment : 0003170 | Added | - |
3-May-2011 08:11 | Ladislav | Ticket | Added | - |