lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


>originally in response to the "floating point vs. integer" arguments,
>since I believe I've experienced tostring(5) -> 4.999999 or something similar

Integers should be reproduced exactly.
What is sometimes annoying are things like
	> print(sin(30))
	0.4999999999999999
which I get in a SPARC. I get 0.5 in Linux. Of course, this has nothing to do
with IEEE arithmetic, only with the implementation of sin (and perhaps more
probably, the implicit conversion of 30 degress into radians).

>So instead, I'm posting my marshaling code for review by better Lua coders

Have you looked at test/save.lua?
Previous versions used hidden fields such as your __MARSHALED__, but latter
versions use a much better approach suggested by Jon Kleiser: a local table
that remembers which tables were visited.

>I believe that using dostring() directly is a security hole

Since you quote the strings, I don't see a hole.
However, if you mean that running dostring on an user-supplied string is
a security hole, then you may be right. The fault of course is not in dostring
but in your running arbitrary user-supplied strings.

>- setting globals() temporarily to an empty table, with set/get tags to
>generate an error;

That seems to me the best solution.
Have your marshaler generate code in the form
	return { a=1, b=2, ... }
Set an empty global table, run the string and then copy the returned table
to the original global table.
--lhf