unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed
* check argument count in defcustom :safe?
@ 2015-04-11 15:42 Stephen Leake
  2015-04-12  3:48 ` Stefan Monnier
  0 siblings, 1 reply; 5+ messages in thread
From: Stephen Leake @ 2015-04-11 15:42 UTC (permalink / raw)
  To: emacs-devel

I have changed the signature of a defcustom variable; it used to require
a function taking 2 args, now it takes 3. So I'd like to have the :safe
predicate check the argument count, not just `functionp'.

The argument count is only available for byte-compiled functions, so I'd
have to skip that check for non-compiled. But most of the time, the
check will be useful.

The low-level C code that executes byte code checks the argument count,
but I don't see any way to access the argument count from lisp. Am I
missing something?

To be specific, here's the defcustom:

(defcustom ada-case-identifier 'ada-mixed-case
  "..."
  :type '(choice (const ada-mixed-case)
		 (const ada-lower-case)
		 (const ada-upper-case))
  :group 'ada
  :safe  'functionp)

What can I add to the :safe expression to check the argument count?

-- 
-- Stephe



^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: check argument count in defcustom :safe?
  2015-04-11 15:42 check argument count in defcustom :safe? Stephen Leake
@ 2015-04-12  3:48 ` Stefan Monnier
  2015-04-12  6:45   ` Philipp Stephani
  0 siblings, 1 reply; 5+ messages in thread
From: Stefan Monnier @ 2015-04-12  3:48 UTC (permalink / raw)
  To: Stephen Leake; +Cc: emacs-devel

>   :safe  'functionp)

FWIW, I think it makes absolutely no sense for :safe to be `functionp'.
This is just a gaping security hole.  And checking the number of
arguments would make no difference in this respect.

> but I don't see any way to access the argument count from lisp.  Am I
> missing something?

The number of arguments passed to a function is something that can be
easily checked by the function, but checking the number of arguments
accepted by a function is generally impossible (think of a function like

   (lambda (&rest args)
     (if (> (length args) (if (halting-p (car args)) 2 3))
         (signal 'wrong-number-of-arguments 'foo (length args)))
     ...)


-- Stefan



^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: check argument count in defcustom :safe?
  2015-04-12  3:48 ` Stefan Monnier
@ 2015-04-12  6:45   ` Philipp Stephani
  2015-04-12 10:00     ` Artur Malabarba
  2015-04-12 11:59     ` Stefan Monnier
  0 siblings, 2 replies; 5+ messages in thread
From: Philipp Stephani @ 2015-04-12  6:45 UTC (permalink / raw)
  To: Stefan Monnier, Stephen Leake; +Cc: emacs-devel

[-- Attachment #1: Type: text/plain, Size: 838 bytes --]

Stefan Monnier <monnier@iro.umontreal.ca> schrieb am So., 12. Apr. 2015 um
05:48 Uhr:

> The number of arguments passed to a function is something that can be
> easily checked by the function, but checking the number of arguments
> accepted by a function is generally impossible (think of a function like
>
>    (lambda (&rest args)
>      (if (> (length args) (if (halting-p (car args)) 2 3))
>          (signal 'wrong-number-of-arguments 'foo (length args)))
>      ...)
>

But most functions are well-behaved and don't impose additional
restrictions over those expressed in their parameter declaration; in these
cases inspecting the argument list using help-function-arglist should work
well enough.
Agreed that using this as safe predicate is a security hole, the choices
should just be normal symbols that are not used as functions.

[-- Attachment #2: Type: text/html, Size: 1159 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: check argument count in defcustom :safe?
  2015-04-12  6:45   ` Philipp Stephani
@ 2015-04-12 10:00     ` Artur Malabarba
  2015-04-12 11:59     ` Stefan Monnier
  1 sibling, 0 replies; 5+ messages in thread
From: Artur Malabarba @ 2015-04-12 10:00 UTC (permalink / raw)
  To: Philipp Stephani; +Cc: Stephen Leake, Stefan Monnier, emacs-devel

[-- Attachment #1: Type: text/plain, Size: 67 bytes --]

> Agreed that using this as safe predicate is a security hole,

+1

[-- Attachment #2: Type: text/html, Size: 104 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: check argument count in defcustom :safe?
  2015-04-12  6:45   ` Philipp Stephani
  2015-04-12 10:00     ` Artur Malabarba
@ 2015-04-12 11:59     ` Stefan Monnier
  1 sibling, 0 replies; 5+ messages in thread
From: Stefan Monnier @ 2015-04-12 11:59 UTC (permalink / raw)
  To: Philipp Stephani; +Cc: Stephen Leake, emacs-devel

> But most functions are well-behaved and don't impose additional
> restrictions over those expressed in their parameter declaration; in these
> cases inspecting the argument list using help-function-arglist should work
> well enough.

I'm just pointing out that the concept is fundamentally flawed, even if
you can hack something that will behave acceptably in most cases.


        Stefan



^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-04-12 11:59 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-04-11 15:42 check argument count in defcustom :safe? Stephen Leake
2015-04-12  3:48 ` Stefan Monnier
2015-04-12  6:45   ` Philipp Stephani
2015-04-12 10:00     ` Artur Malabarba
2015-04-12 11:59     ` Stefan Monnier

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).