On Sun, 9 Mar 2003, Guido van Rossum wrote:
- Which attributes are considered introspective?
Here's a preliminary description of the boundary between "introspective" and "restricted", off the top of my head:
1. The only thing you can do with a bound method is to call it (bound methods have no attributes except __doc__).
Plus __repr__ and __str__. And if they have attributes at all they have __getattribute__. And if they are callable they have __call__.
2. The following instance attributes are off limits: __class__, __dict__, __module__.
That might be a reasonable start.
Not sure. Classic rexec disallowed these (and a few more), but the problem with disallowing __dict__ of an instance was that this made it impossible for untrusted code to use certain coding patterns like overriding __setattr__.
However, there is still the problem that the established technique for storing instance-specific state in Python is to use globally- accessible data attributes instead of a limited scope. We would also need to add a safe (private) place for instances to put state.
I wonder if we could write special descriptors for this? The problem as I see it is that the interpreter doesn't keep track of whether a particular function is part of a class definition or not, so there's no way to tell whether it should have access to private data or not.
Proxies get around this, but with the stated disadvantages.
--Guido van Rossum (home page: http://www.python.org/%7Eguido/)