Ideas on "Why Living Dangerous can be A Good Thing" in Ruby?

[Peter Lacey]

This is a good point. In languages like C++, your security can really
go to hell through improper memory management. This is much less
likely to happen in Ruby.

Don't let the java guys off so easily, either.

- In Java it's possible to add classes to a package unless that
package is sealed.
- When inner classes are compiled in Java they are converted to
ordinary classes. Any private fields of the containing class are
converted to public fields.
- Cloning an object in Java bypasses its constructor.
- Non-clonable classes can be extended and the child can implement
cloneable.
- Java objects can be serialized exposing state, including private
fields.
- Non-serializable objects can be sub-classed just like non-cloneable
objects.
- Serialized objects can be deserialized, bypassing the constructor.
- Static fields are essentially globals, discoverable and settable by
anyone.

All of these can be addressed with good, but tedious, coding
practices, but still when trying to secure Java code from another
programmer, you have your work cut out for you. This is especially
tricky in Java "frameworks" and development tools that routinely
serialize/deserialize objects and use reflection to create objects at
runtime.

Pete

 

[James Edward Gray II]

One of the things I really liked about Bertrand Meyer's _Object
Oriented
Software Engineering_ was his 'programming by contract' point of view.
I've found that concept to be useful in almost any program I've
written
after reading that book regardless of the language I've used.

One of the most useful ideas is the notion that if client code
refuses to adhere to the pre-conditions then all bets are off and the
library code has no responsibility to ensure correct behavior.

This is an excellent point, in my opinion. If I write code like:

not_my_object.instance_eval { @secret_value += 1 }

I know I'm crossing the line. When it eventually breaks, I'll know
who's fault it is. For now though, I'm telling Ruby, "Just trust me;
I know what I'm doing here." The great part is that she believes me
and does it.

James Edward Gray II

 

[Gregory Brown]

This is an excellent point, in my opinion. If I write code like:

not_my_object.instance_eval { @secret_value +=3D 1 }

I know I'm crossing the line. When it eventually breaks, I'll know
who's fault it is. For now though, I'm telling Ruby, "Just trust me;
I know what I'm doing here." The great part is that she believes me
and does it.

This is definitely a point worth making, that *most* people know that
meta-programming is dangerous stuff, so their either extremely careful
or their pretty open about letting you know that their efforts may
well have unsavory effects.

The key point to be made, I believe, is that ruby puts all the
power... and the responsibility, in the programmers hands. Which in
my opinion, is where it should be anyway.

 

[Gregory Brown]

I know I'm crossing the line. When it eventually breaks, I'll know
who's fault it is. For now though, I'm telling Ruby, "Just trust me;
I know what I'm doing here." The great part is that she believes me
and does it.

Let's think of examples where this certainly is true and results in
good things. The first one that came to my head, and the example I
used in class was automated memoization. I'd like to hear some of the
greater hacks and accomplishments people have seen/done using the
openness and dynamicity of ruby as a feature, instead of a risk.
(There are plenty of them out there).

Does anyone have a good example of a domain specific language that
heavily uses metaprogramming to make it 'work' ?

 

[James Edward Gray II]

This is definitely a point worth making, that *most* people know that
meta-programming is dangerous stuff

If you are compiling this information for a written piece, I suggest
beginning with some definitions. I do not consider the above example
metaprogramming, for example, just a violation of encapsulation.

James Edward Gray II

 

[Gregory Brown]

If you are compiling this information for a written piece, I suggest
beginning with some definitions. I do not consider the above example
metaprogramming, for example, just a violation of encapsulation.

Well that depends on who put the secret value there, doesn't it?

But good point. How would you (the community) define
meta-programming, open class system, and the dynamic nature of ruby?

 

[James Edward Gray II]

How would you (the community) define meta-programming

Code that writes code.

open class system

Classes that can be changed (methods added, removed, etc.) at runtime.

and the dynamic nature of ruby?

That's a lot harder.

I like to think that Ruby does away with much of the compile time vs
runtime separation and that is a big source of it's dynamic nature.

You will need a better definition than that though, of course...

James Edward Gray II

 

[Gregory Brown]

Code that writes code.

I think this is most of the way there. From the wikipedia:

"Metaprogramming is the writing of programs that write or manipulate
other programs (or themselves) as their data or that do part of the
work that is otherwise done at runtime during compile time."

http://en.wikipedia.org/wiki/Meta-programming

Classes that can be changed (methods added, removed, etc.) at runtime.

It's probably worthwhile to note that this makes things like irb possible, =
no?
Seeing as the 'main' area of Ruby is just within an Object.

Classes can be fully manipulated too, I'm not sure if this is part of
a complete definition or not. That classnames themselves are first
class values and can be manipulated as such.

I like to think that Ruby does away with much of the compile time vs
runtime separation and that is a big source of it's dynamic nature.

I like this idea. My professor had the misconception about ruby that
you could modify a class however you wanted, but could not remove it's
original set of methods or undefine fields or things like that. This
misconception is due to the fact that static languages really do tend
to make their class definitions rather solid, where they're as free as
anything else in ruby

 

[dblack]

Hi --

Code that writes code.

Do you mean it's synonymous with code generation? I don't think I'd
make that association -- not that I have a great definition for it.
In fact, I tend to think of metaprogramming in Ruby as programming
that someone things would seem cooler if it were called meta
Another way to put which is: in Ruby, I'm not sure there's really a
strict line.

Then there's reflection and/or introspection, which I think are part
of it. If you examine what methods exist on a given object, rather
than just calling them, that's reflective and also could be called
metaprogramming. But, again, I don't really have a definition. Ruby
lets you eat the tablecloth, so to speak.

Classes that can be changed (methods added, removed, etc.) at runtime.


That's a lot harder.

I like to think that Ruby does away with much of the compile time vs runtime
separation and that is a big source of it's dynamic nature.

You will need a better definition than that though, of course...

"Ruby is dynamic, like human nature" -- Matz, RubyConf 2001 (or 2002;
I think 2001).


David

--
David A. Black
(e-mail address removed)

"Ruby for Rails", from Manning Publications, coming April 2006!
http://www.manning.com/books/black

 

[dblack]

Hi --

It's probably worthwhile to note that this makes things like irb possible, no?
Seeing as the 'main' area of Ruby is just within an Object.

Classes can be fully manipulated too, I'm not sure if this is part of
a complete definition or not. That classnames themselves are first
class values and can be manipulated as such.

I'd make a distinction between the "classes are objects too" thing,
and the matter of what you can do *to* classes. They could, for
example, be frozen, but still be first-class objects. So there are
separate things going on.

I like this idea. My professor had the misconception about ruby that
you could modify a class however you wanted, but could not remove it's
original set of methods or undefine fields or things like that. This
misconception is due to the fact that static languages really do tend
to make their class definitions rather solid, where they're as free as
anything else in ruby

Another key aspect of dynamicness in Ruby is that objects are not
constrained by the set of capabilities with which they are born --
essentially, the divergence of type from class.


David

--
David A. Black
(e-mail address removed)

"Ruby for Rails", from Manning Publications, coming April 2006!
http://www.manning.com/books/black

 

[James Britt]

Well that depends on who put the secret value there, doesn't it?

But good point. How would you (the community) define
meta-programming, open class system, and the dynamic nature of ruby?

An element (the key element?) of meta-programming is the creation or
modification of methods, classes, and modules based on runtime
information. I.e. run-time introduction of new behavior.

So, as JEGII pointed out, merely bypassing encapsulation is not
metaprogramming by this (rough) definition.


But the means of introducing new behavior needs some examination; I can
think of ways of adding new behavior that probably wouldn't strike many
people as examples of metaprogramming.


James

"One man's meta is another man's poison."
or
"I never meta program I didn't like."

(I'm getting flashbacks of Whatsamatta U. Paging Jay Ward ...)

--

http://www.ruby-doc.org - Ruby Help & Documentation
http://www.artima.com/rubycs/ - Ruby Code & Style: Writers wanted
http://www.rubystuff.com - The Ruby Store for Ruby Stuff
http://www.jamesbritt.com - Playing with Better Toys
http://www.30secondrule.com - Building Better Tools

 

[Todd]

Code that writes code.

A shiver goes up my spine

Classes that can be changed (methods added, removed, etc.) at runtime.
Scary.


That's a lot harder.

I like to think that Ruby does away with much of the compile time vs
runtime separation and that is a big source of it's dynamic nature.

You will need a better definition than that though, of course...

James Edward Gray II

The programmer in me loves Ruby for it's relative simplicity (coupled
with relative complexity if need be). The IT and DBA in me shudders at
the thought that such a thing exists, simply because data integrity
should be paramount; more important than your family, for God's sake!
It has to be something you can put your foot on and be sure it won't
move.

I mean, here you have a black box that a few moments from now may not
be a black box anymore! It may turn green... It may pop out at you
like those fond memories of the jack-in-the-box. You look at it, prod
it, it isn't reliable (you posit), it doesn't come up like the sun in
the morning every day, and start to feel there's some deep and dark
sinister purpose waiting to be unleashed. This program, this thing,
suddenly feels like almost sort of a Pandora's box. In that moment of
inspiration, you quickly walk away feeling better about yourself for
suggesting another, more 'stable', language that we can use. The CIO
will be proud

At least, that was my first impression. That, until I started seeing
how impressive not only the coding practices were, but also the
incredible knowledge base in the Ruby community. Not to mention how it
has made my life a bit easier.

Todd

 

[Todd]

Code that writes code.

A shiver goes up my spine

Classes that can be changed (methods added, removed, etc.) at runtime.
Scary.


That's a lot harder.

I like to think that Ruby does away with much of the compile time vs
runtime separation and that is a big source of it's dynamic nature.

You will need a better definition than that though, of course...

James Edward Gray II

The programmer in me loves Ruby for it's relative simplicity (coupled
with relative complexity if need be). The IT and DBA in me shudders at
the thought that such a thing exists, simply because data integrity
should be paramount; more important than your family, for God's sake!
It has to be something you can put your foot on and be sure it won't
move.

I mean, here you have a black box that a few moments from now may not
be a black box anymore! It may turn green... It may pop out at you
like those fond memories of the jack-in-the-box. You look at it, prod
it, it isn't reliable (you posit), it doesn't come up like the sun in
the morning every day, and start to feel there's some deep and dark
sinister purpose waiting to be unleashed. This program, this thing,
suddenly feels like almost sort of a Pandora's box. In that moment of
inspiration, you quickly walk away feeling better about yourself for
suggesting another, more 'stable', language that we can use. The CIO
will be proud

At least, that was my first impression. That, until I started seeing
how impressive not only the coding practices were, but also the
incredible knowledge base in the Ruby community. Not to mention how it
has made my life a bit easier.

Todd

 

[Gregory Brown]

An element (the key element?) of meta-programming is the creation or
modification of methods, classes, and modules based on runtime
information. I.e. run-time introduction of new behavior.

So, as JEGII pointed out, merely bypassing encapsulation is not
metaprogramming by this (rough) definition.

How does this sound for a definition:

"When code is designed to dynamically write or modify it's own code or
other code, this is considered to be Meta-programming. This often
makes heavy use of reflection and introspection, two key tools for
dynamic manipulation of code."

 

[Todd]

From: "Todd" <[email protected]>
Newsgroups: comp.lang.ruby
Subject: Re: Ideas on "Why Living Dangerous can be A Good Thing" in
Ruby?
Date: Sun, 08 Jan 2006 13:16:52 -0800

Code that writes code.

A shiver goes up my spine

Classes that can be changed (methods added, removed, etc.) at runtime.
Scary.


That's a lot harder.

I like to think that Ruby does away with much of the compile time vs
runtime separation and that is a big source of it's dynamic nature.

You will need a better definition than that though, of course...

James Edward Gray II

The programmer in me loves Ruby for it's relative simplicity (coupled
with relative complexity if need be). The IT and DBA in me shudders at
the thought that such a thing exists, simply because data integrity
should be paramount! More important than your family, for God's sake!
It has to be something you can put your foot on and be sure it won't
move.

I mean, here you have a black box that a few moments from now may not
be a black box anymore! It may turn green... It may pop out at you
like those fond memories of the jack-in-the-box. You look at it, prod
it, it isn't reliable (you posit), it doesn't come up like the sun in
the morning every day, and start to feel there's some deep and dark
sinister purpose waiting to be unleashed. This program, this thing,
suddenly feels like almost sort of a Pandora's box. In that moment of
inspiration, you quickly walk away feeling better about yourself for
suggesting another, more 'stable', language that you can use. The CIO
will be proud

At least, that was my first impression. That, until I started seeing
how impressive not only the coding practices were, but also the
incredible knowledge base in the Ruby community. Not to mention how
it has made my life a bit easier.

It is rather simple to program malicious code in Ruby, but that may be
quite
possible in any programming medium.

Todd

 

[dblack]

Hi --

How does this sound for a definition:

"When code is designed to dynamically write or modify it's own code or

s/'//

other code, this is considered to be Meta-programming. This often
makes heavy use of reflection and introspection, two key tools for
dynamic manipulation of code."

I'm not sure I'd say that reflection and introspection (and by the
way, is there an established difference between those two terms?) are
"manipulation" techniques. In fact, they're sort of non-manipulation
techniques; they give you information about what's going on, without
actually changing anything.

(I'm still chickening out of trying to define metaprogramming myself



David

--
David A. Black
(e-mail address removed)

"Ruby for Rails", from Manning Publications, coming April 2006!
http://www.manning.com/books/black

 

[Steve Litt]

Sentences like the above always read to me as: "Java was designed to
protect the programmer from doing programmer things." Always sounds
funny to me.

Hi Edward,

I like being protected from myself. I'm an excellent analyst, designer, and
yes, coder. But I'm somewhat careless. I make mistakes. That's why I'm glad I
have a cover on my circular saw. That's why I'm glad my electric stove has
lights saying which burners are still hot. And that's why I enjoy programming
in languages like Ruby, Python and Java, that protect me from myself.

I spent 10 years coding in C, and every time I had to track down intermittents
that usually turned out to be one uninitialized variable, or a picket fence
condition where I went off the end of the allocated array by one, or forgot
to free a variable or freed it twice, and that kind of thing.

I know a lot of people who never make mistakes. They can code C all day long
and never get a segfault. They needn't be protected from themselves. But not
all excellent programmers are like them.

SteveT

Steve Litt
http://www.troubleshooters.com
(e-mail address removed)

 

[James Edward Gray II]

Hi Edward,

James actually.

And that's why I enjoy programming in languages like Ruby, Python
and Java, that protect me from myself.

Wow, that's a might unusual alliance of languages. I wonder how most
Java programmers would feel about being lumped in with Python and
Ruby on safety...

James Edward Gray II

 

[Gregory Brown]

Hi --



s/'//

Thanks

I'm not sure I'd say that reflection and introspection (and by the
way, is there an established difference between those two terms?)

I suppose not, but they were your words. Perhaps the only difference
between them is that introspection is looking within oneself and
reflection is slightly more general. Maybe they're the same thing.=20
I don't know.

are "manipulation" techniques. In fact, they're sort of non-manipulation
techniques; they give you information about what's going on, without
actually changing anything.

Right. I didn't intend to mean that they were manipulation
techniques, but that they were important tools for meta-programming.=20
If meta-programming is a manipulation technique, say... giving you a
haircut. Would you rather use a mirror (reflection) or not?

How can I best rephrase, rewrite, etc the definition to show that
reflection is a key tool for doing manipulation, not something that
does manipulation itself?

 

[Gregory Brown]

That's why I'm glad my electric stove has
lights saying which burners are still hot. And that's why I enjoy program= ming
in languages like Ruby, Python and Java, that protect me from myself.

Java: Yes. (in the average scenario)
Python: Pretty much kinda maybe.
Ruby: You'll shoot your eye out!