From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,29d8139471e3f53e X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news3.google.com!proxad.net!feeder1-2.proxad.net!news.in2p3.fr!in2p3.fr!news.ecp.fr!news.jacob-sparre.dk!pnx.dk!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Securing type extensions Date: Tue, 5 Oct 2010 00:59:19 -0500 Organization: Jacob Sparre Andersen Message-ID: References: <87iq2bfenl.fsf@mid.deneb.enyo.de> <874odv9npv.fsf@ludovic-brenta.org> <87y6b7cedd.fsf@mid.deneb.enyo.de> <66a3704c-54f9-4f04-8860-aa12f516134b@t3g2000vbb.googlegroups.com> <87d3sib44t.fsf@mid.deneb.enyo.de> <134q4k2ly2pf4$.17nlv1q6q5ivo.dlg@40tude.net> <4c8dec8e$0$6990$9b4e6d93@newsspool4.arcor-online.net> <4c8e3f44$0$6769$9b4e6d93@newsspool3.arcor-online.net> <4c8e87f8$0$6877$9b4e6d93@newsspool2.arcor-online.net> NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: munin.nbi.dk 1286258361 28507 69.95.181.76 (5 Oct 2010 05:59:21 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Tue, 5 Oct 2010 05:59:21 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931 X-RFC2646: Format=Flowed; Response Xref: g2news1.google.com comp.lang.ada:14385 Date: 2010-10-05T00:59:19-05:00 List-Id: "Georg Bauhaus" wrote in message news:4c8e87f8$0$6877$9b4e6d93@newsspool2.arcor-online.net... ... > Another reason, not stated, to ask about an event driven parser > with user supplied type extensions was to learn how this can > be done without dispatching calls on subprograms not known > by the author of the parser (and possibly back). > > (Calling user supplied prim ops might become a problem if > some bug (even a misuse) will make parties blame each > other. One of them might be socio-economically stronger.) We worried a lot about this problem in Claw. We eventually learned to not trust the user-defined routines any more than we had to. Because we found that even competent programmers (i.e. me :-) make mistakes which could lock up the entire application. Thus (for instance), most of the (internal) operations have timeouts such that if they can't be completed they are just abandoned raising an exception. We got a lot fewer calls and e-mails once we did that, because tasking mistakes in the call-backs at least showed up in the global exception handlers (rather than just deadlocking). (Recall that Claw was probably the first serious attempt to use Ada 95 OOP in a major serious way. So we had to figure out a lot of this by trial-and-error. The number of bug reports that we sent to compiler vendors demonstrated no one had tried a lot of the OOP features before...) Randy.