[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: package.seeall and strict conflict
- From: David Manura <dm.lua@...>
- Date: Thu, 13 Aug 2009 00:59:40 -0400
I'd like to document a conflict, perhaps not all together new, that
came up today between package.seeall and the strict module...
Let some module A in a program do require "strict" and some other
module B in the program do module(..., package.seeall). Now, strict
behavior is applied to the implementation of B. This may be desirable
or it might not be.
More seriously, if a client of B tries to access B.C where C is not a
member of B, then strict will raise an error. I came across an
instance of this problem in a program (LuaDist) where B represented
the program's configuration settings. Here, B.C may or may not exist
depending on the user's settings, but clients of B need to at least
test whether B.C exists. The particular code was actually "if
config[n] then", where "n" might be nil (which is not an invalid thing
to do), in which case the line 'error("variable '"..n.."' is not
declared", 2)' in strict.lua itself fails with an error about
attempting to concatenate nil. There are other problems too [1]--e.g.
if some module loads a module C (which happens to have the same name)
then B.C suddenly comes into existence and alters the programs
configuration.
I've long felt there are significant flaws in how the "module"
function works [1] because it encourages certain practices and has
subtle behaviors that make writing reliable and secure programs more
difficult. The main problem is that it mixes up a module's private
(imported) namespace used by its implementation with the global
environment namespace, and if package.seeall is used, it also mixes
these up with a module's public (exported) namespace. The problems
can be mitigated, however, by avoiding package.seeall, avoiding and
checking for global variables (e.g. local B = require "B", plus
methods in [2]), and following certain conventions for naming modules
(e.g. the maintainer of module B shall control who can name a module
B.C).
[1] http://lua-users.org/wiki/LuaModuleFunctionCritiqued
[2] http://lua-users.org/wiki/DetectingUndefinedVariables
