Mailman 3 March 2009 - Python-ideas

Python Bytecode Verifier
by Kornél Pál Sept. 20, 2009

Sept. 20, 2009

Hi, I've created a Python Bytecode Verifier in Python. I'm not a Python guru so I borrowed coding patterns from C/C++. I also created this with C portability in mind. The only reason I used Python was to experiment with Python and was easier to morph code during development. If this program were ported to C it would only need 8 bytes per opcode (some additional storage to track blocks) and a single pass. I haven't found backward jumps to previously unused code in any compiled Python code but it can easily be supported. In that case some more partial passes are required. I also was able to successfully verify all Python files in the Python-2.5.2 source package. The verification algorythm should be quite complete but I may have missed some limitations of the interpreter that could be checked by the verifier as well. The ability to create this verfier proved that although Python bytecode is designed for a dynamically typed interpreter, is still easily verifiable. I am willing port this code C but only in the case if there is any chance to be included in Python. I believe that Python in general would benefit having the ability to safely load .pyc files and create code objects on the fly. Both Java and .NET have the ability to safely load compiled byte code. .NET Framework, just like Python also has the ability to create and execute new code at run-time. You may feel that enabling closed source applications and/or creating a multi-language runtime would hurt Python but both of these have contributed to the success of Java (both the language and the runtime). Kornél

2 2

python-like garbage collector & workaround
by castironpi-ng＠comcast.net April 18, 2009

April 18, 2009

I am writing a garbage collector that is similar to Python's. I want to know what you think, what problems I may encounter, and what kind of value I'm looking at. For my review of literature, I have read excerpts from, and stepped through, Python's GC. I'm picturing it as a specialized breadth-first search. I am concerned by the inability to call user-defined finalization methods. I'm considering a workaround that performs GC in two steps. First, it requests the objects to drop their references that participate in the cycle. Then, it enqueues the decref'ed object for an unnested destruction. Here is a proof-of-concept implementation. http://groups.google.com/group/comp.lang.python/browse_thread/thread/d3bb41…

4 4

Proposed addtion to urllib.parse in 3.1 (and urlparse in 2.7)
by Mart Sõmermaa April 12, 2009

April 12, 2009

Appending query parameters to a URL is a very common need. However, there's nothing in urllib.parse (and older urlparse) that caters for that need. Therefore, I propose adding the following to 2.7 and 3.1 in the respective libs: def add_query_params(url, **params): """ Adds additional query parameters to the given url, preserving original parameters. Usage: >>> add_query_params('http://foo.com', a='b') 'http://foo.com?a=b' >>> add_query_params('http://foo.com?a=b', b='c', d='q') 'http://foo.com?a=b&b=c&d=q' The real implementation should be more strict, e.g. raise on the following: >>> add_query_params('http://foo.com?a=b', a='b') 'http://foo.com?a=b&a=b' """ if not params: return url encoded = urllib.urlencode(params) url = urlparse.urlparse(url) return urlparse.urlunparse((url.scheme, url.netloc, url.path, url.params, (encoded if not url.query else url.query + '&' + encoded), url.fragment))

12 26

Draft PEP: Standard daemon process library
by Ben Finney April 8, 2009

April 8, 2009

Howdy all, I am preparing a PEP, and corresponding reference implementation, for a standard implementation of the steps needed to turn a program into a well-behaved Unix daemon. This message is a call for comments, support, and suggestions, prior to submitting this PEP to the editor. :PEP: XXX :Title: Standard daemon process library :Version: 0.1 :Last-Modified: 2009-01-26 08:44 :Author: Ben Finney <ben+python(a)benfinney.id.au> :Status: Draft :Type: Standards Track :Content-Type: text/x-rst :Created: 2009-01-26 :Python-Version: 3.1 :Post-History: ======== Abstract ======== Writing a program to become a well-behaved Unix daemon is somewhat complex and tricky to get right, yet the steps are largely similar for any daemon regardless of what else the program may need to do. This PEP introduces a module to the Python standard library that provides a simple interface to the task of becoming a daemon process. .. contents:: .. Table of Contents: Abstract Specification Example usage Interface ``Daemon`` objects ``DaemonError`` objects Motivation Rationale Correct daemon behaviour Reference Implementation References Copyright ============= Specification ============= Example usage ============= Simple example of usage:: import daemon from spam import do_main_program this_daemon = daemon.Daemon() this_daemon.start() do_main_program() More complex example usage:: import os import grp import signal import daemon from spam import ( initial_program_setup, do_main_program, program_cleanup, reload_program_config, ) initial_program_setup() important_file = open('spam.data', 'w') interesting_file = open('eggs.data', 'w') this_daemon = daemon.Daemon() this_daemon.files_preserve = [important_file, interesting_file] this_daemon.working_directory = '/var/lib/foo' this_daemon.umask = 0o002 mail_gid = grp.getgrnam('mail').gr_gid this_daemon.gid = mail_gid this_daemon.terminate_callback = program_cleanup this_daemon.reload_callback = reload_program_config this_daemon.reload_signals = [signal.SIGHUP, signal.SIGUSR1] this_daemon.start() do_main_program() Interface ========= A new module, `daemon`, is added to the standard library. The module defines a class, `Daemon`, used to represent the settings for a daemon process. An exception class, `DaemonError`, is defined for exceptions raised from the module. ``Daemon`` objects ================== A `Daemon` instance represents the behaviour settings for the process when it becomes a daemon. The behaviour is customised by setting attributes on the instance, before calling the `start` method. The following attributes are defined. `files_preserve` :Default: ``None`` List of files that should *not* be closed when starting the daemon. If ``None``, all open file descriptors will be closed. Elements of the list are file descriptors (as returned by a file object's `fileno()` method) or Python `file` objects. Each specifies a file that is not to be closed during daemon start. `chroot_directory` :Default: ``None`` Full path to a directory to set as the effective root directory of the process. If ``None``, specifies that the root directory is not to be changed. `working_directory` :Default: ``'/'`` Full path of the working directory to which the process should change on daemon start. Since a filesystem cannot be unmounted if a process has its current working directory on that filesystem, this should either be left at default or set to a directory that is a sensible “home directory” for the daemon while it is running. `lockfile_directory` :Default: ``'/var/run'`` Absolute directory path to contain the daemon's lockfile. If ``None``, the lockfile behaviour for this daemon is skipped. `lockfile_name` :Default: ``None`` Base name of the lockfile for this daemon, without directory or extension. If ``None``, the name is derived from the process command line. `umask` :Default: ``0`` File access creation mask (“umask”) to set for the process on daemon start. Since a process inherits its umask from its parent process, starting the daemon will reset the umask to this value so that files are created by the daemon with access modes as it expects. `ignore_signals` :Default: ``[signal.SIGTTOU, signal.SIGTTIN, signal.SIGTSTP]`` List of signals that the process should ignore (by setting the signal action to ``signal.SIG_IGN``) on daemon start. `terminate_signals` :Default: ``[signal.SIGTERM]`` List of signals that the process should interpret as a request to terminate cleanly. `terminate_callback` :Default: ``None`` Callable to invoke when the process receives any of the `terminate_signals` signals, before then terminating the process. `reload_signals` :Default: ``[signal.SIGHUP]`` List of signals that the process should interpret as a request to reload runtime configuration. `reload_callback` :Default: ``None`` Callable to invoke when the process receives any of the `reload_signals` signals. `uid` :Default: ``None`` The user ID (“uid”) value to switch the process to on daemon start. `gid` :Default: ``None`` The group ID (“gid”) value to switch the process to on daemon start. `prevent_core` :Default: ``True`` If true, prevents the generation of core files, in order to avoid leaking sensitive information from daemons run as `root`. `stdout` :Default: ``None`` File-like object, open for writing (in append mode, 'w+'), that will be used as the new value of `sys.stdout`. If it represents an actual file, it should be listed in `files_preserve` to prevent it being closed during daemon start. If ``None``, then `sys.stdout` is not re-bound. `stderr` :Default: ``None`` File-like object, open for writing (in append mode, 'w+'), that will be used as the new value of `sys.stderr`. If it represents an actual file, it should be listed in `files_preserve` to prevent it being closed during daemon start. If ``None``, then `sys.stderr` is not re-bound. The following methods are defined. `start()` :Return: ``None`` Start the daemon. This performs the following steps: * If the `chroot_directory` attribute is not ``None``: * Set the effective root directory of the process to that directory (via `os.chroot`). This allows running the daemon process inside a “chroot gaol” as a means of limiting the system's exposure to rogue behaviour by the process. * If the `lockfile_directory` attribute is not ``None``: * Look in that directory for a file named '`lockfile_name`.pid'; if it exists, raise a `DaemonError` to prevent multiple instances of the daemon process. * Close all open file descriptors, excluding those listed in the `files_preserve` attribute. * Change current working directory to the path specified by the `working_directory` attribute. * Reset the file access creation mask to the value specified by the `umask` attribute. * Detach the current process into its own process group, and disassociate from any controlling terminal. This step is skipped if it is determined to be redundant: if the process was started by `init`, by `initd`, or by `inetd`. * Set signal handlers as specified by the `ignore_signals`, `terminate_signals`, `terminate_callback`, `reload_signals`, `reload_callback` attributes. * If the `prevent_core` attribute is true: * Set the resource limits for the process to prevent any core dump from the process. * Set the process uid and gid to the true uid and gid of the process, to relinquish any elevated privilege. * If the `lockfile_directory` attribute is not ``None``: * Create the lockfile for this daemon in that directory, by writing a text line containing the current process ID (“pid”) to a file named '`lockfile_name`.pid'. * If either of the attributes `uid` or `gid` are not ``None``: * Set the process uid and/or gid to the specified values. * If either of the attributes `stdout` or `stderr` are not ``None``: * Bind the names `sys.stdout` and/or `sys.stderr` to the corresponding objects. `reload()` :Return: ``None`` Reload the daemon configuration. The meaning of this is entirely defined by the customisation of this daemon: if the `reload_callback` attribute is not ``None``, call that object. The return value is discarded. `stop()` :Return: ``None`` Stop the daemon. This performs the following steps: * If the `terminate_callback` attribute is not ``None``: * Call that object. The return value is discarded. * If the `lockfile_directory` attribute is not ``None``: * Delete the lockfile for this daemon. * Raise a `SystemExit` exception. ``DaemonError`` objects ======================= The `DaemonError` class inherits from `Exception`. The module implementation will raise an instance of `DaemonError` when an error occurs in processing daemon behaviour. ========== Motivation ========== The majority of programs written to be Unix daemons either implement behaviour very similar to that in the `Specification`_, or are poorly-behaved daemons by the `Rationale`_. Since these steps should be much the same in most implementations but are very particular and easy to omit or implement incorrectly, they are a prime target for a standard well-tested implementation in the standard library. ========= Rationale ========= Correct daemon behaviour ======================== According to Stevens in [stevens]_ §2.6, a program should perform the following steps to become a Unix daemon process. * Close all open file descriptors. * Change current working directory. * Reset the file access creation mask. * Run in the background. * Disassociate from process group. * Ignore terminal I/O signals. * Disassociate from control terminal. * Don't reacquire a control terminal. * Correctly handle the following circumstances: * Started by System V `init` process. * Daemon termination by ``SIGTERM`` signal. * Children generate ``SIGCLD`` signal. The `daemon` package [daemon]_ lists (in its summary of features) behaviour that should be performed when turning a program into a well-behaved Unix daemon process. The following are appropriate for a daemon started once the program is already running: * Sets up the correct process context for a daemon. * Behaves sensibly when started by `initd(8)` or `inetd(8)`. * Revokes any suid or sgid privileges to reduce security risks in case daemon is incorrectly installed with special privileges. * Prevents the generation of core files to prevent leaking sensitive information from daemons run as root (optional). * Names the daemon by creating and locking a PID file to guarantee that only one daemon with the given name can execute at any given time (optional). * Sets the user and group under which to run the daemon (optional, root only). * Creates a chroot gaol (optional, root only). * Captures the daemon's stdout and stderr and directs them to syslog (optional). ======================== Reference Implementation ======================== The `python-daemon` package [python-daemon]_. As of 2009-01-26, the package is under active development and is not yet a full implementation of this PEP. ========== References ========== .. [stevens] `Unix Network Programming`, W. Richard Stevens, 1994 Prentice Hall. .. [daemon] The (non-Python) `daemon` package, `<http://www.libslack.org/daemon/>`_ by “raf” <raf(a)raf.org>. .. [python-daemon] The `python-daemon` package at the Python Package Index, `<http://pypi.python.org/pypi/python-daemon>`_. This is the successor to [bda.daemon]_. .. [bda.daemon] The `bda.daemon` package at the Python Package Index, `<http://pypi.python.org/pypi/bda.daemon>`_. This is an implementation of [cookbook-66012]_. .. [cookbook-66012] Many good ideas were contributed by the community to Python cookbook recipe 66012, “Fork a daemon process on Unix” `<http://code.activestate.com/recipes/66012/>`_. ========= Copyright ========= This work is hereby placed in the public domain. To the extent that placing a work in the public domain is not legally possible, the copyright holder hereby grants to all recipients of this work all rights and freedoms that would otherwise be restricted by copyright. -- \ “Pinky, are you pondering what I'm pondering?” “Well, I think | `\ so (hiccup), but Kevin Costner with an English accent?” —_Pinky | _o__) and The Brain_ | Ben Finney

21 81

Revised**7 PEP on Yield-From
by Greg Ewing April 4, 2009

April 4, 2009

I've made another couple of tweaks to the formal semantics (so as not to over-specify when the iterator methods are looked up). Latest version of the PEP, together with the prototype implementation and other related material, is available here: http://www.cosc.canterbury.ac.nz/greg.ewing/python/yield-from/ -- Greg

10 137

CapPython's use of unbound methods
by Mark Seaborn March 30, 2009

March 30, 2009

Guido asked me to explain why the removal of unbound methods in Python 3.0 causes a problem for enforcing encapsulation in CapPython (an object-capability subset of Python), which I talked about in a blog post [1]. It also came up on python-dev [2]. Let me try a slightly different example to answer Guido's immediate question. Suppose we have an object x with a private attribute, "_field", defined by a class Foo: class Foo(object): def __init__(self): self._field = "secret" x = Foo() Suppose CapPython code is handed x. It should not be able to read x._field, and the expression x._field will be rejected by CapPython's static verifier. However, in Python 3.0, the CapPython code can do this: class C(object): def f(self): return self._field C.f(x) # returns "secret" Whereas in Python 2.x, C.f(x) would raise a TypeError, because C.f is not being called on an instance of C. Guido said, "I don't understand where the function object f gets its magic powers". The answer is that function definitions directly inside class statements are treated specially by the verifier. If you wrote the same function definition at the top level: def f(var): return var._field # rejected the attribute access would be rejected by the verifier, because "var" is not a self variable, and private attributes may only be accessed through self variables. I renamed the variable in the example, but the name of the variable makes no difference to whether it is considered to be a self variable. Self variables are defined as follows: If a function definition "def f(v1, ...)" appears immediately within a "class" statement, the function's first argument, v1, is a self variable, provided that: * the "def" is not preceded by any decorators, and * "f" is not read anywhere in class scope and is not declared as global. The reason for these two restrictions is to prevent the function object from escaping and being used directly. Mark [1] http://lackingrhoticity.blogspot.com/2008/09/cappython-unbound-methods-and-… [2] http://mail.python.org/pipermail/python-dev/2008-September/082499.html

3 6

method decorators @final and @override in Python 2.4
by Péter Szabó March 29, 2009

March 29, 2009

Hi, If Python had method decorators @final (meaning: it is an error to override this method in any subclass) and @override (meaning: it is an error not having this method in a superclass), I would use them in my projects (some of them approaching 20 000 lines of Python code) and I'll feel more confident writing object-oriented Python code. Java already has similar decorators or specifiers. Do you think it is a good idea to have these in Python? I've created a proof-of-concept implementation, which uses metaclasses, and it works in Python 2.4 an Python 2.5. See http://www.math.bme.hu/~pts/pobjects.py and http://www.math.bme.hu/~pts/pobjects_example.py Best regards, Péter

10 20

Re: [Python-ideas] About adding a new iterator methodcalled "shuffled"
by Terry Jones March 29, 2009

March 29, 2009

>>>>> "Greg" == Greg Ewing <greg.ewing(a)canterbury.ac.nz> writes: Greg> *All* shuffling algorithms are limited by that. Greg> Think about it: A shuffling algorithm is a function from a random Greg> number to a permutation. There's no way you can get more permutations Greg> out than there are random numbers to put in. Hi Greg Maybe we should put a note to that effect in random.shuffle.__doc__ :-) http://mail.python.org/pipermail/python-dev/2006-June/065815.html Regards, Terry

16 31

suggestion for try/except program flow
by Mark Donald March 29, 2009

March 29, 2009

In this situation, which happens to me fairly frequently... try: try: raise Cheese except Cheese, e: # handle cheese raise except: # handle all manner of stuff, including cheese ...it would be nice (& more readable) if one were able to recatch a named exception with the generic (catch-all) except clause of its own try, something like this: try: raise Cheese except Cheese, e: # handle cheese recatch except: # handle all manner of stuff, including cheese

3 6

Re: [Python-ideas] Grammar for plus and minus unary ops
by Steven D'Aprano March 28, 2009

March 28, 2009

Moved from python-dev to python-ideas. On Sat, 28 Mar 2009 04:19:46 am Jared Grubb wrote: > I was recently reviewing some Python code for a friend who is a C++ > programmer, and he had code something like this: > > def foo(): > try = 0 > while try<MAX: > ret = bar() > if ret: break > ++try > > I was a bit surprised that this was syntactically valid, You shouldn't be. Unary operators are inspired by the equivalent mathematical unary operators. ... > It appears that the grammar treats the above example as the unary + > op applied twice: As it should. ... > I'm not a EBNF expert, but it seems that we could modify the grammar > to be more restrictive so the above code would not be silently valid. > E.g., "++5" and "1+++5" and "1+-+5" are syntax errors, but still keep > "1++5", "1+-5", "1-+5" as valid. (Although, '~' throws in a kink... > should '~-5' be legal? Seems so...) Why would we want to do this? I'm sure there are plenty of other syntax constructions in Python which just happen to look like something from other languages, but have a different meaning. Do we have to chase our tails removing every possible syntactically valid string in Python that has a different meaning in some other language? Or is C++ somehow special that we treat it differently from all the other languages? Not only is this a self-inflicted error (writing C++ code in a Python program is a PEBCAK error), but it's rare: it only affects a minority of C++ programmers, and they are only a minority of Python programmers. There's no need to complicate the grammar to prevent this sort of error. Keep it simple. ---1 on the proposal (*grin*). -- Steven D'Aprano

6 5