how to iterate over sequence and non-sequence ?

Steven D'Aprano steve at REMOVE-THIS-cybersource.com.au
Fri Oct 19 11:13:17 EDT 2007 

On Fri, 19 Oct 2007 16:19:32 +0200, stef wrote:

> Well I'm not collecting data, I'm collecting pointers to data.

I beg to differ, you're collecting data. How that data is to be 
interpreted (a string, a number, a pointer...) is a separate issue.


> This
> program simulates a user written program in JAL. As Python doesn't
> support pointers, instead I collect names.

This doesn't make any sense to me. If your user-written program is 
supplying pointers (that is, memory addresses like 0x15A8), how do you 
get a name from the memory address?


If you are trying to emulate pointer-manipulation, then the usual way to 
simulate a pointer is with an integer offset into an array:

# initialise your memory space to all zeroes:
memory = [chr(0)]*1024*64  # 64K of memory space, enough for anyone
NULL = 0
pointer = 45
memory[pointer:pointer + 5] = 'HELLO'
pointer += 6
memory[pointer:pointer + 5] = 'WORLD'


> The names are derived from an
> analysis of the user program under test, so the danger some of you are
> referring to, is not there, or at least is not that simple.

What about accidental clashes between your program's names and the names 
you are collecting? Are you sure there are no corner cases where 
something you pass to exec can interact badly with your code?

The thing is, exec is stomping through your program's namespace with 
great big steel-capped boots, crushing anything that gets in the way. 
Even if it is safe in your specific example, it is still bad practice, or 
at least risky practice. Code gets reused, copied, and one day a piece of 
code you wrote for the JAL project ends up running on a webserver and now 
you have a serious security hole.

(Every security hole ever started off with a programmer thinking "This is 
perfectly safe to do".)

But more importantly, what makes you think that exec is going to be 
faster and more efficient than the alternatives? By my simple test, I 
find exec to be about a hundred times slower than directly executing the 
same code:

>>> timeit.Timer("a = 1").timeit()
0.26714611053466797
>>> timeit.Timer("exec s", "s = 'a = 1'").timeit()
25.963317155838013


-- 
Steven

More information about the Python-list mailing list