Re: [Emacs-diffs] master 61f8c23 1/2: Minor advice.el fix

Re: [Emacs-diffs] master 61f8c23 1/2: Minor advice.el fix

[Stefan Monnier]

>     * lisp/emacs-lisp/advice.el (ad-preactivate-advice):
>     Avoid setting the function definition of nil.
>     This was happening during bootstrap of org-compat.el,
>     apparently due to eager macro expansion of code behind
>     a (featurep 'xemacs) test.

Really, I think this business of "disallow fset of nil" is a big waste
of time and will just lead to more pain than gain.

There are umpteen different ways for the user to shoot himself in the
foot.  This one is not even fatal.

Should we also disallow (fset 'car nil)?  How 'bout (fset 'car #'cdr)?


        Stefan

Re: [Emacs-diffs] master 61f8c23 1/2: Minor advice.el fix

[Glenn Morris]

I hear what you're saying. I'm usually not a fan of excessive argument
checking, but this case seemed ok to me. But I don't feel much about
it either way, so if you want to revert it and close the associated
reports as wontfix, that's totally fine by me.

Re: [Emacs-diffs] master 61f8c23 1/2: Minor advice.el fix

[Stefan Monnier]

> I hear what you're saying. I'm usually not a fan of excessive argument
> checking, but this case seemed ok to me. But I don't feel much about
> it either way, so if you want to revert it and close the associated
> reports as wontfix, that's totally fine by me.

The funny thing is that we have a similar arg check in fmakunbound
(which I removed in my local Emacs a long time ago), and the OP
actually tried to undo his mistake using `fmakunbound` but bumped into
that other excessive checking, which prevented him from fixing this
first mistake (of course, (fset nil nil) would have worked, but it
didn't occur to him).


        Stefan

Re: [Emacs-diffs] master 61f8c23 1/2: Minor advice.el fix

[Philipp Stephani]

[-- Attachment #1: Type: text/plain, Size: 731 bytes --]

Stefan Monnier <monnier@iro.umontreal.ca> schrieb am Di., 13. Dez. 2016 um
14:41 Uhr:

> >     * lisp/emacs-lisp/advice.el (ad-preactivate-advice):
> >     Avoid setting the function definition of nil.
> >     This was happening during bootstrap of org-compat.el,
> >     apparently due to eager macro expansion of code behind
> >     a (featurep 'xemacs) test.
>
> Really, I think this business of "disallow fset of nil" is a big waste
> of time and will just lead to more pain than gain.
>
> There are umpteen different ways for the user to shoot himself in the
> foot.  This one is not even fatal.
>
> Should we also disallow (fset 'car nil)?  How 'bout (fset 'car #'cdr)?
>
>
Yes, fset for most primitives should be forbidden.

[-- Attachment #2: Type: text/html, Size: 1369 bytes --]

Re: [Emacs-diffs] master 61f8c23 1/2: Minor advice.el fix

[Stefan Monnier]

> Yes, fset for most primitives should be forbidden.

Define "most".

That would mean we can't use advise, trace-function, debug-on-entry, or
elp on them.  There are very legitimate reasons to fset them.


        Stefan

Re: [Emacs-diffs] master 61f8c23 1/2: Minor advice.el fix

[Philipp Stephani]

[-- Attachment #1: Type: text/plain, Size: 714 bytes --]

Stefan Monnier <monnier@iro.umontreal.ca> schrieb am Sa., 17. Dez. 2016 um
23:09 Uhr:

> > Yes, fset for most primitives should be forbidden.
>
> Define "most".
>
> That would mean we can't use advise, trace-function, debug-on-entry, or
> elp on them.  There are very legitimate reasons to fset them.
>
>
For some of them definitely. I'd draw the line between pure functions like
car and eq, where those facilities never make sense and would be
ineffective anyway as the functions are compiled away or called directly,
and impure functions like call-process, where fset is necessary for
mocking. As a rule of thumb, I'd suggest to ban fset on all symbols that
have a byte-code equivalent, and on constant symbols.

[-- Attachment #2: Type: text/html, Size: 1168 bytes --]

Re: [Emacs-diffs] master 61f8c23 1/2: Minor advice.el fix

[Stefan Monnier]

> For some of them definitely. I'd draw the line between pure functions like
> car and eq, where those facilities never make sense and would be
> ineffective anyway as the functions are compiled away or called directly,
> and impure functions like call-process, where fset is necessary for
> mocking. As a rule of thumb, I'd suggest to ban fset on all symbols that
> have a byte-code equivalent, and on constant symbols.

I still very doubt that the potential benefit is worth the added cost
(more specifically, as a maintainer I would strongly oppose such
measure).  Are you also going to try and prevent the user from using all
the other ways he can shoot himself in the foot?


        Stefan

Re: [Emacs-diffs] master 61f8c23 1/2: Minor advice.el fix

[Philipp Stephani]

[-- Attachment #1: Type: text/plain, Size: 1046 bytes --]

Stefan Monnier <monnier@iro.umontreal.ca> schrieb am So., 18. Dez. 2016 um
21:15 Uhr:

> > For some of them definitely. I'd draw the line between pure functions
> like
> > car and eq, where those facilities never make sense and would be
> > ineffective anyway as the functions are compiled away or called directly,
> > and impure functions like call-process, where fset is necessary for
> > mocking. As a rule of thumb, I'd suggest to ban fset on all symbols that
> > have a byte-code equivalent, and on constant symbols.
>
> I still very doubt that the potential benefit is worth the added cost
> (more specifically, as a maintainer I would strongly oppose such
> measure).


Why is then the potential benefit for the value cells worth the added cost,
i.e. why not also allow (set t 5)?


> Are you also going to try and prevent the user from using all
> the other ways he can shoot himself in the foot?
>
>
To the extent that it's feasible, yes. Emacs Lisp isn't C. If the user
wants to shoot themselves in the foot, they can write a C module.

[-- Attachment #2: Type: text/html, Size: 1757 bytes --]

Re: [Emacs-diffs] master 61f8c23 1/2: Minor advice.el fix

[Stefan Monnier]

> Why is then the potential benefit for the value cells worth the added cost,
> i.e. why not also allow (set t 5)?

One reason that comes to mind is the likelihood of having the user write
(setq t 5).  I can't remember how many times the byte-compiler reminded
me that `t` is not a valid local variable name (admittedly, this
happened much less for `nil`, and admittedly² with lexical-binding it
can actually be safe to define a local `t` or `nil`).

So the tradeoffs are different.

>> Are you also going to try and prevent the user from using all
>> the other ways he can shoot himself in the foot?
> To the extent that it's feasible, yes. Emacs Lisp isn't C. If the user
> wants to shoot themselves in the foot, they can write a C module.

Every Turing-complete language makes it easy for the user to shoot
himself in the foot.  The potential damage is different in C than it is
in Elisp, of course.

There is inevitably a trade-off between "trying to protect the user" and
"not preventing the user from getting his work done".  There's no hard
and fast rule on this, in general.  Like most modern languages Elisp
tries to work pretty hard to make it so that the potential damage is
"clean" (not a core-dump) but doesn't go much further than that.

I have "locked myself" out of my Emacs session many times over the
years, but never by redefining car/nil/... so I don't think it's worth
a lot of effort to try and avoid this specific kind of mistake.

This said, my objection is only based on an expectation of the
maintenance and runtime cost, but I haven't thought hard about how it
could be done.  So if you can find a very simple way to do it which is
easy to maintain, cheap, and doesn't restrict the user, then maybe
I wouldn't actually oppose it.  Hint: it's of course better if it can
simplify existing code (e.g. elp-not-profilable).


        Stefan