lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Roberto Ierusalimschy wrote:
> On Wed, 22 Aug 2001, Edgar Toernig wrote:
> > [...]
> > The possibly raised errors in your first example are:
> >
> >  - lua_getglobal may invoke tag methods and by that executes arbitrary
> >    code and can generate all kind of errors.
> >
> >  - lua_pushstring may get an out of memory error.
> >
> >  - lua_getglobal and lua_pushstring may get a stack overflow.
> >
> >  - If you'd used lua_tostring instead of lua_tonumber you could get
> >    an out of memory there too.
> >
> > [...]
> > Unfortunately it's pretty difficult to protect against these errors.
> The first error can be avoided calling lua_rawget, instead of
> lua_getglobal.

And if you want tag methods?

> Stack overflows can be avoided checking stack space before
> the call (lua_stackspace). That leave us only with out of memory
> errors. Those are really hard to protect in the current implementation.

Hmm... I follow your argumentation: to protect against out of memory
errors you have to check for available memory first.  IMHO this kind
of argumentation is flawed.  Not only does it duplicate all sanity
checks of the system, it even requires intimate knowledge of the
implementation of the API functions.  Sometimes the requirements may
even be unpredictable.

What's so bad about a public version of luaD_runprotected?  It would
catch all cases without duplicating work or requiring knowledge of
implementation details.  Of course, a method to pass caught errors to
upper handlers would be required too (luaD_breakrun).

Ciao, ET.

PS: That could even help you to fix the FILE* leak in the iolib ;-)