[squeak-dev] Mirror primitives

Igor Stasenko siguctua at gmail.com
Wed Sep 9 21:01:35 UTC 2009


2009/9/7 Eliot Miranda <eliot.miranda at gmail.com>:
> On Mon, Sep 7, 2009 at 5:36 PM, Igor Stasenko<siguctua at gmail.com> wrote:
>> 2009/9/7 Eliot Miranda <eliot.miranda at gmail.com>:
>>>
>>>
>>> Eliot (phone)
>>>
>>> On 7 Sep 2009, at 14:35, "Jecel Assumpcao Jr" <jecel at merlintec.com> wrote:
>>>
>>>> I would just like to mention that Self (and it is likely that Newspeak
>>>> too, but I haven't looked) has mirror *objects* and not mirror
>>>> *primitives*. Yes, these objects actually use primitives to get their
>>>> work done but these primitives don't work for any objects other than
>>>> mirrors (and if Self didn't have a global namespace for primitives, this
>>>> check wouldn't even be necessary since non mirror objects wouldn't even
>>>> have a way to try to invoke these primitives).
>>>>
>>>> The mirror objects operate on only one object that is stored as an
>>>> "instance variable" when the mirror was created, so you can't pass
>>>> random objects as parameters. To have a secure system you would only
>>>> have to control the code that allows new mirrors to be created.
>>>> Unfortunately, Self didn't do that but instead allows anybody to create
>>>> a mirror on anybody else. It wouldn't be very hard to do, however. Of
>>>> course, as has already been pointed out this wouldn't get you much in
>>>> terms of security if you keep all the current holes that Squeak has.
>>>>
>>>
>>> Ok, that presents a straight-forward e xtension to the primitive
>>> implementations (forgive typoes; I'm at the park + kids).  If the argument
>>> count is higher than the base primitive's we insist on the receiver being a
>>> context who's receiver is the object to be acted upon, e.g.
>>>
>>> primitiveInstVarAt
>>>    (argumentCount > 2
>>>    and: [(self isIntegerObject: (self stackValue:  argumentCount))
>>>             or: [(self isContext: (self stackValue:  argumentCount)) not
>>>             or: [(self fetchPointer: ReceiverIndex ofObject: (self
>>> stackValue:  argumentCount)) ~= (self stackValue: 2)]]]]) ifTrue:
>>>            [^self primitiveFail].
>>>
>>>     ....
>>>
>>> then the mirror primitives are safe.
>>>
>>> Yes?
>>>
>>
>> sorry, can't follow.. its hard to grok through the slang code, even if
>> its a smalltalk.
>> Can you please provide the analogous simplified implementation in
>> non-slang code which will show the actual intent of safety checks?
>
> primitiveInstVarAt
>      argumentCount > 2 ifTrue:"if so this is a mirror prim"
>          [ | receiver objectToFetchInstVarFrom |
>          receiver := self stackValue: argumentCount.
>          objectToFetchInstVarFrom := self stackValue: 2.
>          (receiver isContext not
>           or: [receiver receiver ~= objectToFetchInstVarFrom]) ifTrue:
>               [^self primitiveFail]].
>
>     ... go fetch the inst var ...
aha. thanks
>
>
>>
>>>
>>>
>>>> One possible objection to mirror objects is that you might need to
>>>> create them exactly in situations where creating new objects might cause
>>>> problems (low memory or certain kinds of bugs).
>>>>
>>>> http://bracha.org/mirrors.pdf has good background information for
>>>> anybody having problems keeping up with this thread.
>>>>
>>>> -- Jecel
>>>>
>>>>
>>>
>>>
>>
>>
>>
>> --
>> Best regards,
>> Igor Stasenko AKA sig.
>>
>>
>
>



-- 
Best regards,
Igor Stasenko AKA sig.



More information about the Squeak-dev mailing list