Hi,
I've created a Python Bytecode Verifier in Python. I'm not a Python
guru so I borrowed coding patterns from C/C++. I also created this
with C portability in mind. The only reason I used Python was to
experiment with Python and was easier to morph code during
development.
If this program were ported to C it would only need 8 bytes per opcode
(some additional storage to track blocks) and a single pass. I haven't
found backward jumps to previously unused code in any compiled Python
code but it can easily be supported. In that case some more partial
passes are required.
I also was able to successfully verify all Python files in the
Python-2.5.2 source package.
The verification algorythm should be quite complete but I may have
missed some limitations of the interpreter that could be checked by
the verifier as well.
The ability to create this verfier proved that although Python
bytecode is designed for a dynamically typed interpreter, is still
easily verifiable. I am willing port this code C but only in the case
if there is any chance to be included in Python.
I believe that Python in general would benefit having the ability to
safely load .pyc files and create code objects on the fly.
Both Java and .NET have the ability to safely load compiled byte code.
.NET Framework, just like Python also has the ability to create and
execute new code at run-time.
You may feel that enabling closed source applications and/or creating
a multi-language runtime would hurt Python but both of these have
contributed to the success of Java (both the language and the
runtime).
Kornél
I am writing a garbage collector that is similar to Python's. I want to know what you think, what problems I may encounter, and what kind of value I'm looking at.
For my review of literature, I have read excerpts from, and stepped through, Python's GC. I'm picturing it as a specialized breadth-first search.
I am concerned by the inability to call user-defined finalization methods. I'm considering a workaround that performs GC in two steps. First, it requests the objects to drop their references that participate in the cycle. Then, it enqueues the decref'ed object for an unnested destruction.
Here is a proof-of-concept implementation.
http://groups.google.com/group/comp.lang.python/browse_thread/thread/d3bb41…
Appending query parameters to a URL is a very common need. However, there's
nothing in urllib.parse (and older urlparse) that caters for that need.
Therefore, I propose adding the following to 2.7 and 3.1 in the respective
libs:
def add_query_params(url, **params):
"""
Adds additional query parameters to the given url, preserving original
parameters.
Usage:
>>> add_query_params('http://foo.com', a='b')
'http://foo.com?a=b'
>>> add_query_params('http://foo.com?a=b', b='c', d='q')
'http://foo.com?a=b&b=c&d=q'
The real implementation should be more strict, e.g. raise on the
following:
>>> add_query_params('http://foo.com?a=b', a='b')
'http://foo.com?a=b&a=b'
"""
if not params:
return url
encoded = urllib.urlencode(params)
url = urlparse.urlparse(url)
return urlparse.urlunparse((url.scheme, url.netloc, url.path,
url.params,
(encoded if not url.query else url.query + '&' + encoded),
url.fragment))
Howdy all,
I am preparing a PEP, and corresponding reference implementation, for
a standard implementation of the steps needed to turn a program into a
well-behaved Unix daemon.
This message is a call for comments, support, and suggestions, prior
to submitting this PEP to the editor.
:PEP: XXX
:Title: Standard daemon process library
:Version: 0.1
:Last-Modified: 2009-01-26 08:44
:Author: Ben Finney <ben+python(a)benfinney.id.au>
:Status: Draft
:Type: Standards Track
:Content-Type: text/x-rst
:Created: 2009-01-26
:Python-Version: 3.1
:Post-History:
========
Abstract
========
Writing a program to become a well-behaved Unix daemon is somewhat
complex and tricky to get right, yet the steps are largely similar for
any daemon regardless of what else the program may need to do.
This PEP introduces a module to the Python standard library that
provides a simple interface to the task of becoming a daemon process.
.. contents::
..
Table of Contents:
Abstract
Specification
Example usage
Interface
``Daemon`` objects
``DaemonError`` objects
Motivation
Rationale
Correct daemon behaviour
Reference Implementation
References
Copyright
=============
Specification
=============
Example usage
=============
Simple example of usage::
import daemon
from spam import do_main_program
this_daemon = daemon.Daemon()
this_daemon.start()
do_main_program()
More complex example usage::
import os
import grp
import signal
import daemon
from spam import (
initial_program_setup,
do_main_program,
program_cleanup,
reload_program_config,
)
initial_program_setup()
important_file = open('spam.data', 'w')
interesting_file = open('eggs.data', 'w')
this_daemon = daemon.Daemon()
this_daemon.files_preserve = [important_file, interesting_file]
this_daemon.working_directory = '/var/lib/foo'
this_daemon.umask = 0o002
mail_gid = grp.getgrnam('mail').gr_gid
this_daemon.gid = mail_gid
this_daemon.terminate_callback = program_cleanup
this_daemon.reload_callback = reload_program_config
this_daemon.reload_signals = [signal.SIGHUP, signal.SIGUSR1]
this_daemon.start()
do_main_program()
Interface
=========
A new module, `daemon`, is added to the standard library.
The module defines a class, `Daemon`, used to represent the settings
for a daemon process.
An exception class, `DaemonError`, is defined for exceptions raised
from the module.
``Daemon`` objects
==================
A `Daemon` instance represents the behaviour settings for the process
when it becomes a daemon. The behaviour is customised by setting
attributes on the instance, before calling the `start` method.
The following attributes are defined.
`files_preserve`
:Default: ``None``
List of files that should *not* be closed when starting the
daemon. If ``None``, all open file descriptors will be closed.
Elements of the list are file descriptors (as returned by a file
object's `fileno()` method) or Python `file` objects. Each
specifies a file that is not to be closed during daemon start.
`chroot_directory`
:Default: ``None``
Full path to a directory to set as the effective root directory of
the process. If ``None``, specifies that the root directory is not
to be changed.
`working_directory`
:Default: ``'/'``
Full path of the working directory to which the process should
change on daemon start.
Since a filesystem cannot be unmounted if a process has its
current working directory on that filesystem, this should either
be left at default or set to a directory that is a sensible “home
directory” for the daemon while it is running.
`lockfile_directory`
:Default: ``'/var/run'``
Absolute directory path to contain the daemon's lockfile. If
``None``, the lockfile behaviour for this daemon is skipped.
`lockfile_name`
:Default: ``None``
Base name of the lockfile for this daemon, without directory or
extension. If ``None``, the name is derived from the process
command line.
`umask`
:Default: ``0``
File access creation mask (“umask”) to set for the process on
daemon start.
Since a process inherits its umask from its parent process,
starting the daemon will reset the umask to this value so that
files are created by the daemon with access modes as it expects.
`ignore_signals`
:Default: ``[signal.SIGTTOU, signal.SIGTTIN, signal.SIGTSTP]``
List of signals that the process should ignore (by setting the
signal action to ``signal.SIG_IGN``) on daemon start.
`terminate_signals`
:Default: ``[signal.SIGTERM]``
List of signals that the process should interpret as a request to
terminate cleanly.
`terminate_callback`
:Default: ``None``
Callable to invoke when the process receives any of the
`terminate_signals` signals, before then terminating the process.
`reload_signals`
:Default: ``[signal.SIGHUP]``
List of signals that the process should interpret as a request to
reload runtime configuration.
`reload_callback`
:Default: ``None``
Callable to invoke when the process receives any of the
`reload_signals` signals.
`uid`
:Default: ``None``
The user ID (“uid”) value to switch the process to on daemon start.
`gid`
:Default: ``None``
The group ID (“gid”) value to switch the process to on daemon start.
`prevent_core`
:Default: ``True``
If true, prevents the generation of core files, in order to avoid
leaking sensitive information from daemons run as `root`.
`stdout`
:Default: ``None``
File-like object, open for writing (in append mode, 'w+'), that
will be used as the new value of `sys.stdout`. If it represents an
actual file, it should be listed in `files_preserve` to prevent it
being closed during daemon start. If ``None``, then `sys.stdout`
is not re-bound.
`stderr`
:Default: ``None``
File-like object, open for writing (in append mode, 'w+'), that
will be used as the new value of `sys.stderr`. If it represents an
actual file, it should be listed in `files_preserve` to prevent it
being closed during daemon start. If ``None``, then `sys.stderr`
is not re-bound.
The following methods are defined.
`start()`
:Return: ``None``
Start the daemon. This performs the following steps:
* If the `chroot_directory` attribute is not ``None``:
* Set the effective root directory of the process to that
directory (via `os.chroot`). This allows running the daemon
process inside a “chroot gaol” as a means of limiting the
system's exposure to rogue behaviour by the process.
* If the `lockfile_directory` attribute is not ``None``:
* Look in that directory for a file named '`lockfile_name`.pid';
if it exists, raise a `DaemonError` to prevent multiple
instances of the daemon process.
* Close all open file descriptors, excluding those listed in the
`files_preserve` attribute.
* Change current working directory to the path specified by the
`working_directory` attribute.
* Reset the file access creation mask to the value specified by
the `umask` attribute.
* Detach the current process into its own process group, and
disassociate from any controlling terminal.
This step is skipped if it is determined to be redundant: if the
process was started by `init`, by `initd`, or by `inetd`.
* Set signal handlers as specified by the `ignore_signals`,
`terminate_signals`, `terminate_callback`, `reload_signals`,
`reload_callback` attributes.
* If the `prevent_core` attribute is true:
* Set the resource limits for the process to prevent any core
dump from the process.
* Set the process uid and gid to the true uid and gid of the
process, to relinquish any elevated privilege.
* If the `lockfile_directory` attribute is not ``None``:
* Create the lockfile for this daemon in that directory, by
writing a text line containing the current process ID (“pid”)
to a file named '`lockfile_name`.pid'.
* If either of the attributes `uid` or `gid` are not ``None``:
* Set the process uid and/or gid to the specified values.
* If either of the attributes `stdout` or `stderr` are not
``None``:
* Bind the names `sys.stdout` and/or `sys.stderr` to the
corresponding objects.
`reload()`
:Return: ``None``
Reload the daemon configuration. The meaning of this is entirely
defined by the customisation of this daemon: if the
`reload_callback` attribute is not ``None``, call that object. The
return value is discarded.
`stop()`
:Return: ``None``
Stop the daemon. This performs the following steps:
* If the `terminate_callback` attribute is not ``None``:
* Call that object. The return value is discarded.
* If the `lockfile_directory` attribute is not ``None``:
* Delete the lockfile for this daemon.
* Raise a `SystemExit` exception.
``DaemonError`` objects
=======================
The `DaemonError` class inherits from `Exception`. The module
implementation will raise an instance of `DaemonError` when an error
occurs in processing daemon behaviour.
==========
Motivation
==========
The majority of programs written to be Unix daemons either implement
behaviour very similar to that in the `Specification`_, or are
poorly-behaved daemons by the `Rationale`_.
Since these steps should be much the same in most implementations but
are very particular and easy to omit or implement incorrectly, they
are a prime target for a standard well-tested implementation in the
standard library.
=========
Rationale
=========
Correct daemon behaviour
========================
According to Stevens in [stevens]_ §2.6, a program should perform the
following steps to become a Unix daemon process.
* Close all open file descriptors.
* Change current working directory.
* Reset the file access creation mask.
* Run in the background.
* Disassociate from process group.
* Ignore terminal I/O signals.
* Disassociate from control terminal.
* Don't reacquire a control terminal.
* Correctly handle the following circumstances:
* Started by System V `init` process.
* Daemon termination by ``SIGTERM`` signal.
* Children generate ``SIGCLD`` signal.
The `daemon` package [daemon]_ lists (in its summary of features)
behaviour that should be performed when turning a program into a
well-behaved Unix daemon process. The following are appropriate for a
daemon started once the program is already running:
* Sets up the correct process context for a daemon.
* Behaves sensibly when started by `initd(8)` or `inetd(8)`.
* Revokes any suid or sgid privileges to reduce security risks in case
daemon is incorrectly installed with special privileges.
* Prevents the generation of core files to prevent leaking sensitive
information from daemons run as root (optional).
* Names the daemon by creating and locking a PID file to guarantee
that only one daemon with the given name can execute at any given
time (optional).
* Sets the user and group under which to run the daemon (optional,
root only).
* Creates a chroot gaol (optional, root only).
* Captures the daemon's stdout and stderr and directs them to syslog
(optional).
========================
Reference Implementation
========================
The `python-daemon` package [python-daemon]_.
As of 2009-01-26, the package is under active development and is not
yet a full implementation of this PEP.
==========
References
==========
.. [stevens]
`Unix Network Programming`, W. Richard Stevens, 1994 Prentice
Hall.
.. [daemon]
The (non-Python) `daemon` package,
`<http://www.libslack.org/daemon/>`_ by “raf” <raf(a)raf.org>.
.. [python-daemon]
The `python-daemon` package at the Python Package Index,
`<http://pypi.python.org/pypi/python-daemon>`_. This is the
successor to [bda.daemon]_.
.. [bda.daemon]
The `bda.daemon` package at the Python Package Index,
`<http://pypi.python.org/pypi/bda.daemon>`_. This is an
implementation of [cookbook-66012]_.
.. [cookbook-66012]
Many good ideas were contributed by the community to Python
cookbook recipe 66012, “Fork a daemon process on Unix”
`<http://code.activestate.com/recipes/66012/>`_.
=========
Copyright
=========
This work is hereby placed in the public domain. To the extent that
placing a work in the public domain is not legally possible, the
copyright holder hereby grants to all recipients of this work all
rights and freedoms that would otherwise be restricted by copyright.
--
\ “Pinky, are you pondering what I'm pondering?” “Well, I think |
`\ so (hiccup), but Kevin Costner with an English accent?” —_Pinky |
_o__) and The Brain_ |
Ben Finney
I've made another couple of tweaks to the formal semantics
(so as not to over-specify when the iterator methods are
looked up).
Latest version of the PEP, together with the prototype
implementation and other related material, is available
here:
http://www.cosc.canterbury.ac.nz/greg.ewing/python/yield-from/
--
Greg
Guido asked me to explain why the removal of unbound methods in Python
3.0 causes a problem for enforcing encapsulation in CapPython (an
object-capability subset of Python), which I talked about in a blog
post [1]. It also came up on python-dev [2].
Let me try a slightly different example to answer Guido's immediate
question.
Suppose we have an object x with a private attribute, "_field",
defined by a class Foo:
class Foo(object):
def __init__(self):
self._field = "secret"
x = Foo()
Suppose CapPython code is handed x. It should not be able to read
x._field, and the expression x._field will be rejected by CapPython's
static verifier.
However, in Python 3.0, the CapPython code can do this:
class C(object):
def f(self):
return self._field
C.f(x) # returns "secret"
Whereas in Python 2.x, C.f(x) would raise a TypeError, because C.f is
not being called on an instance of C.
Guido said, "I don't understand where the function object f gets its
magic powers".
The answer is that function definitions directly inside class
statements are treated specially by the verifier.
If you wrote the same function definition at the top level:
def f(var):
return var._field # rejected
the attribute access would be rejected by the verifier, because "var"
is not a self variable, and private attributes may only be accessed
through self variables.
I renamed the variable in the example, but the name of the variable
makes no difference to whether it is considered to be a self variable.
Self variables are defined as follows:
If a function definition "def f(v1, ...)" appears immediately within a
"class" statement, the function's first argument, v1, is a self
variable, provided that:
* the "def" is not preceded by any decorators, and
* "f" is not read anywhere in class scope and is not declared as global.
The reason for these two restrictions is to prevent the function
object from escaping and being used directly.
Mark
[1] http://lackingrhoticity.blogspot.com/2008/09/cappython-unbound-methods-and-…
[2] http://mail.python.org/pipermail/python-dev/2008-September/082499.html
Hi,
If Python had method decorators @final (meaning: it is an error to
override this method in any subclass) and @override (meaning: it is an
error not having this method in a superclass), I would use them in my
projects (some of them approaching 20 000 lines of Python code) and
I'll feel more confident writing object-oriented Python code. Java
already has similar decorators or specifiers. Do you think it is a
good idea to have these in Python?
I've created a proof-of-concept implementation, which uses
metaclasses, and it works in Python 2.4 an Python 2.5. See
http://www.math.bme.hu/~pts/pobjects.py and
http://www.math.bme.hu/~pts/pobjects_example.py
Best regards,
Péter
>>>>> "Greg" == Greg Ewing <greg.ewing(a)canterbury.ac.nz> writes:
Greg> *All* shuffling algorithms are limited by that.
Greg> Think about it: A shuffling algorithm is a function from a random
Greg> number to a permutation. There's no way you can get more permutations
Greg> out than there are random numbers to put in.
Hi Greg
Maybe we should put a note to that effect in random.shuffle.__doc__ :-)
http://mail.python.org/pipermail/python-dev/2006-June/065815.html
Regards,
Terry
In this situation, which happens to me fairly frequently...
try:
try:
raise Cheese
except Cheese, e:
# handle cheese
raise
except:
# handle all manner of stuff, including cheese
...it would be nice (& more readable) if one were able to recatch a
named exception with the generic (catch-all) except clause of its own
try, something like this:
try:
raise Cheese
except Cheese, e:
# handle cheese
recatch
except:
# handle all manner of stuff, including cheese
Moved from python-dev to python-ideas.
On Sat, 28 Mar 2009 04:19:46 am Jared Grubb wrote:
> I was recently reviewing some Python code for a friend who is a C++
> programmer, and he had code something like this:
>
> def foo():
> try = 0
> while try<MAX:
> ret = bar()
> if ret: break
> ++try
>
> I was a bit surprised that this was syntactically valid,
You shouldn't be. Unary operators are inspired by the equivalent
mathematical unary operators.
...
> It appears that the grammar treats the above example as the unary +
> op applied twice:
As it should.
...
> I'm not a EBNF expert, but it seems that we could modify the grammar
> to be more restrictive so the above code would not be silently valid.
> E.g., "++5" and "1+++5" and "1+-+5" are syntax errors, but still keep
> "1++5", "1+-5", "1-+5" as valid. (Although, '~' throws in a kink...
> should '~-5' be legal? Seems so...)
Why would we want to do this? I'm sure there are plenty of other syntax
constructions in Python which just happen to look like something from
other languages, but have a different meaning. Do we have to chase our
tails removing every possible syntactically valid string in Python that
has a different meaning in some other language? Or is C++ somehow
special that we treat it differently from all the other languages?
Not only is this a self-inflicted error (writing C++ code in a Python
program is a PEBCAK error), but it's rare: it only affects a minority
of C++ programmers, and they are only a minority of Python programmers.
There's no need to complicate the grammar to prevent this sort of
error. Keep it simple. ---1 on the proposal (*grin*).
--
Steven D'Aprano