Hi all,

This is a summary of ruby-dev ML in these days.


[ruby-dev:21616] access ENV on $SAFE==4 (contd.)

  From the previous ruby-dev summary ([ruby-talk:84412]):

    Hidetoshi NAGAI found that Safe interpreter of Tcl/Tk
    don't allow to refer some informations of environments,
    such as env, OS, library and so on. And he asked
    whether we should forbid to use ENV, RUBY_PLATFORM
    and $LOAD_PATH when $SAFE=4.

  Hidetoshi NAGAI posted a summary of the thread in [ruby-dev:21804].
  This entry is an incomplete translation of his summary.

    * $LOAD_PATH

      $LOAD_PATH cannot be referred to nor modified when $SAFE>=4.

    * ENV

      The following new methods are introduced
      `insecure' means $SAFE>=4 in this document.

      : ENV.allow_insecure_ref(varname)

	  Enables insecure programs to refer to VARNAME environment
          variable.
	  Raises SecurityError if this method is called on $SAFE>=4.

          By default, even insecure programs can refer to all the
          environment variables for backward compatibility.

      : ENV.deny_insecure_ref(varname)

	  Disables insecure programs to refer to VARNAME environment
          variable.
	  Raises SecurityError if this method is called on $SAFE>=4.

      : ENV.insecure_ref_allowed?(varname)  ->  bool

	  Returns true if insecure programs can refer to VARNAME environment
          variable.
	  Raises SecurityError if this method is called on $SAFE>=4.

      : ENV.insecure_ref_denied?(varname)  ->  bool

	  Returns true unless insecure programs can refer to VARNAME environment
          variable.
	  Raises SecurityError if this method is called on $SAFE>=4.

      : ENV.insecure_ref_allowings  ->  [String]

	  Returns a list of environment variable names that insecure
          programs can refer to.
	  Raises SecurityError if this method is called on $SAFE>=4.

      : ENV.insecure_ref_denyings  ->  [String]

	  Returns a list of environment variable names that insecure
          programs cannot refer to.
	  Raises SecurityError if this method is called on $SAFE>=4.

    * Module

      The following new methods are introduced.
      `insecure' means $SAFE>=4 in this document.

      : Module#allow_insecure_ref(constname)

	  Enables insecure programs to refer to CONSTNAME constant.
	  Raises SecurityError if this method is called on $SAFE>=4.

      : Module#deny_insecure_ref(constname)

	  Disables insecure programs to refer to CONSTNAME constant.
	  Raises SecurityError if this method is called on $SAFE>=4.

      : Module#insecure_ref_allowed?(constname)  ->  bool

	  Returns true if insecure programs can refer to CONSTNAME
	  constant.
	  Raises SecurityError if this method is called on $SAFE>=4.

      : Module#insecure_ref_denied?(constname)

	  Returns true unless insecure programs can refer to CONSTNAME
	  constant.
	  Raises SecurityError if this method is called on $SAFE>=4.

      : Module#insecure_ref_allowings  ->  [String]

	  Returns a list of constant names which insecure programs
	  can refer to.
	  Raises SecurityError if this method is called on $SAFE>=4.

      : Module#insecure_ref_denyings  ->  [String]

	  Returns a list of constant names which are hidden from
	  insecure programs.
	  Raises SecurityError if this method is called on $SAFE>=4.

    * RUBY_PLATFORM, PLATFORM

      Object.deny_insecure_ref(:RUBY_PLATFORM) and
      Object.deny_insecure_ref(:PLATFORM) are the default.
      These constants are invisible from insecure programs.


  Matz agreed with him on the concept, but we still needs better
  method names.

[ruby-dev:21707] drb Hash#each

  Matz found that the Hash#each test case of dRuby failed on the
  latest ruby.  The reason of this failure is the feature mismatch
  between yield([k,v]) and Proc#call([k,v]):

    % cat t
    def m1
      yield [1,2]
    end
    m1 {|k,v| p [k,v] }

    def m2( &block )
      block.call([1,2])
    end
    m2 {|k,v| p [k,v] }


    % ruby -v t
    ruby 1.8.1 (2003-10-26) [i686-linux]
    [1, 2]
    [[1, 2], nil]

  Matz finally changed Proc#call behavior, so now yield and Proc#call
  produces same results:

    % ruby -v t
    ruby 1.8.1 (2003-11-04) [i686-linux]
    [1, 2]
    [1, 2]


[ruby-dev:21794] rb_iter_break() on ruby 1.8.1p2

  MURATA Kenta reported that ruby 1.8.1p2 broke the following program:

    #include <ruby.h>

    static VALUE
    ahi_ahi(VALUE obj)
    {
        rb_yield(Qnil);
    }

    static VALUE
    ahi_abort(VALUE obj)
    {
        rb_iter_break();
    }

    void
    Init_ahi(void)
    {
        VALUE cAhi = rb_define_class("Ahi", rb_cObject);
        rb_define_method(cAhi, "ahi", ahi_ahi, 0);
        rb_define_method(cAhi, "abort", ahi_abort, 0);
    }

  If you compile this extension and execute it, ruby will exit with
  status 1:

    $ ruby -rahi -e "a = Ahi.new; a.ahi { a.abort }"
    -e:1:in `abort': unexpected break (LocalJumpError)
	    from -e:1
	    from -e:1:in `ahi'
	    from -e:1

  This is because rb_iter_break() is called in different method frame
  from which the block is running.  For these kind of purpose, you
  should use rb_catch() and rb_throw().  These APIs are described in
  Pickaxe (page 195).

  For the "right" usage of rb_iter_break(), see enum.c.

[ruby-dev:21816] "this method is deprecated" warning messages

  Koji Arai reported that some warning messages are not printed on
  ruby 1.8.1 preview 1.  Corresponding warnings messages are:

    % ruby-1.8.0 -e "{1=>'a', 2=>'b', 3=>'c'}.select(1,2,3)"
    -e:1: warning: Hash#select(key..) is deprecated; use Hash#values_at

    % ruby-1.8.0 -e '"foo" =~ "foo"'
    -e:1: warning: string =~ string will be obsolete; use explicit regexp

    % ruby-1.8.0 -e '$_ = "foo"; p ~"foo"'
    -e:1: warning: ~string will be obsolete; use explicit regexp

  Matz decided to remove Hash#select from 1.8.1 with the warning message.
  (str~=str and ~str remain even in 1.8.1.)


-- Minero Aoki

Special Thanks: SugHimsi, U.Nakamura, Hiroharu Sugawara, Akinori MUSHA