2009/9/7 Eliot Miranda <eliot.miranda at gmail.com>:
>
>
> Eliot (phone)
>
> On 7 Sep 2009, at 14:35, "Jecel Assumpcao Jr" <jecel at merlintec.com> wrote:
>
>> I would just like to mention that Self (and it is likely that Newspeak
>> too, but I haven't looked) has mirror *objects* and not mirror
>> *primitives*. Yes, these objects actually use primitives to get their
>> work done but these primitives don't work for any objects other than
>> mirrors (and if Self didn't have a global namespace for primitives, this
>> check wouldn't even be necessary since non mirror objects wouldn't even
>> have a way to try to invoke these primitives).
>>
>> The mirror objects operate on only one object that is stored as an
>> "instance variable" when the mirror was created, so you can't pass
>> random objects as parameters. To have a secure system you would only
>> have to control the code that allows new mirrors to be created.
>> Unfortunately, Self didn't do that but instead allows anybody to create
>> a mirror on anybody else. It wouldn't be very hard to do, however. Of
>> course, as has already been pointed out this wouldn't get you much in
>> terms of security if you keep all the current holes that Squeak has.
>>
>
> Ok, that presents a straight-forward e xtension to the primitive
> implementations (forgive typoes; I'm at the park + kids).  If the argument
> count is higher than the base primitive's we insist on the receiver being a
> context who's receiver is the object to be acted upon, e.g.
>
> primitiveInstVarAt
>    (argumentCount > 2
>    and: [(self isIntegerObject: (self stackValue:  argumentCount))
>             or: [(self isContext: (self stackValue:  argumentCount)) not
>             or: [(self fetchPointer: ReceiverIndex ofObject: (self
> stackValue:  argumentCount)) ~= (self stackValue: 2)]]]]) ifTrue:
>            [^self primitiveFail].
>
>     ....
>
> then the mirror primitives are safe.
>
> Yes?
>

sorry, can't follow.. its hard to grok through the slang code, even if
its a smalltalk.
Can you please provide the analogous simplified implementation in
non-slang code which will show the actual intent of safety checks?

>
>
>> One possible objection to mirror objects is that you might need to
>> create them exactly in situations where creating new objects might cause
>> problems (low memory or certain kinds of bugs).
>>
>> http://bracha.org/mirrors.pdf has good background information for
>> anybody having problems keeping up with this thread.
>>
>> -- Jecel
>>
>>
>
>



-- 
Best regards,
Igor Stasenko AKA sig.