How much is set in stone?
Andrew Dalke
dalke at dalkescientific.com
Sat Nov 10 12:50:17 EST 2001
Paul Rubin:
>Comparing Python with Perl, generally I find Python better designed
>but its implementation more likely to take short cuts.
I've reported several core dump bugs in Perl over time. The most
recent was a couple months back. I've used Python a lot more than
Perl, and I work out of CVS, so it's hard to compare the two,
but I feel that they are comparable in implementation solidity.
Yes, I've reported Python core dumps as well.
I find it impressive you can compare implementation details. When
I've found problems or had questions with Perl's C implementation,
I haven't been able to figure out heads nor tails of the code. In
Python, I've never had that problem except once where there was
a 'tstate' bug related to how threads are done.
> The security
>issue with pickle.loads that we spent a long time discussing is
>something I think the perl developers would not have tolerated.
I thought most of those pickle bugs have been addressed. I know
I sent in fixes for a couple of them. As I recall, it wasn't
tolerated, but no one wanted to go fix.
As for security, I'm astonished that Perl passes NUL containing
strings to system calls, which opens up a Perl script to all sorts
of subtle attacks. Perhaps the most famous is
http://www.mail-archive.com/modperl@apache.org/msg00396.html
Python raises an exception in this case. There are other concerns
I have, but the point is I don't see Perl being the best example
with which to compare.
>There's all kinds of other missing functionality in the runtime system
>as well, that doesn't result directly in unrobust programs, but does
>make it more difficult to write robustly. A lot of this ng is about
>the resulting issues.
As I said, I've done Perl coding before, as well as Tcl, C++, and
others. I've also hung around those newsgroups. I don't see
specifically unusual here indicative of a lack of robustness. It
may be because I read c.l.perl from the 4.0.38 -> 5.2 days (so
you could say it wasn't as robust then) or c.l.tcl in the 7.x days.
Wow! Google says my first post to c.l.py was in Sept. 1995 -- but
I was mostly a lurker back then.
Could you remind me what sorts of functionality you consider to
be missing? Are you talking about things like taintedness and
sandboxing? (In which case language like C++ also fit under the
category of "more difficult to write robustly", with which I'll
agree.) I've written a whole lot of Python code and I can't
think of anything in the run-time which needed to be improved to
increase robustness.
There have been improvements in the language which have improved
expressibility and maintainability, but I believe that to be a
different though related issue.
Andrew
dalke at dalkescientific.com
More information about the Python-list
mailing list