[squeak-dev] Mirror primitives

Eliot Miranda eliot.miranda at gmail.com
Tue Sep 8 06:28:06 UTC 2009 

On Mon, Sep 7, 2009 at 5:36 PM, Igor Stasenko<siguctua at gmail.com> wrote:
> 2009/9/7 Eliot Miranda <eliot.miranda at gmail.com>:
>>
>>
>> Eliot (phone)
>>
>> On 7 Sep 2009, at 14:35, "Jecel Assumpcao Jr" <jecel at merlintec.com> wrote:
>>
>>> I would just like to mention that Self (and it is likely that Newspeak
>>> too, but I haven't looked) has mirror *objects* and not mirror
>>> *primitives*. Yes, these objects actually use primitives to get their
>>> work done but these primitives don't work for any objects other than
>>> mirrors (and if Self didn't have a global namespace for primitives, this
>>> check wouldn't even be necessary since non mirror objects wouldn't even
>>> have a way to try to invoke these primitives).
>>>
>>> The mirror objects operate on only one object that is stored as an
>>> "instance variable" when the mirror was created, so you can't pass
>>> random objects as parameters. To have a secure system you would only
>>> have to control the code that allows new mirrors to be created.
>>> Unfortunately, Self didn't do that but instead allows anybody to create
>>> a mirror on anybody else. It wouldn't be very hard to do, however. Of
>>> course, as has already been pointed out this wouldn't get you much in
>>> terms of security if you keep all the current holes that Squeak has.
>>>
>>
>> Ok, that presents a straight-forward e xtension to the primitive
>> implementations (forgive typoes; I'm at the park + kids).  If the argument
>> count is higher than the base primitive's we insist on the receiver being a
>> context who's receiver is the object to be acted upon, e.g.
>>
>> primitiveInstVarAt
>>    (argumentCount > 2
>>    and: [(self isIntegerObject: (self stackValue:  argumentCount))
>>             or: [(self isContext: (self stackValue:  argumentCount)) not
>>             or: [(self fetchPointer: ReceiverIndex ofObject: (self
>> stackValue:  argumentCount)) ~= (self stackValue: 2)]]]]) ifTrue:
>>            [^self primitiveFail].
>>
>>     ....
>>
>> then the mirror primitives are safe.
>>
>> Yes?
>>
>
> sorry, can't follow.. its hard to grok through the slang code, even if
> its a smalltalk.
> Can you please provide the analogous simplified implementation in
> non-slang code which will show the actual intent of safety checks?

primitiveInstVarAt
      argumentCount > 2 ifTrue:"if so this is a mirror prim"
          [ | receiver objectToFetchInstVarFrom |
          receiver := self stackValue: argumentCount.
          objectToFetchInstVarFrom := self stackValue: 2.
          (receiver isContext not
           or: [receiver receiver ~= objectToFetchInstVarFrom]) ifTrue:
               [^self primitiveFail]].

     ... go fetch the inst var ...


>
>>
>>
>>> One possible objection to mirror objects is that you might need to
>>> create them exactly in situations where creating new objects might cause
>>> problems (low memory or certain kinds of bugs).
>>>
>>> http://bracha.org/mirrors.pdf has good background information for
>>> anybody having problems keeping up with this thread.
>>>
>>> -- Jecel
>>>
>>>
>>
>>
>
>
>
> --
> Best regards,
> Igor Stasenko AKA sig.
>
>

More information about the Squeak-dev mailing list