[Python-Dev] are CObjects inherently unsafe?

Jim Fulton jim at zope.com
Mon Dec 8 07:00:32 EST 2003 

Michael Hudson wrote:
> Jim Fulton <jim at zope.com> writes:
> 
> 
>> > (I'm cc'ing Jim in case he
>>
>>>remembers the true intention for the description; he might also know
>>>whether Zope 2 still uses it;  I can only check Zope 3, and it
>>>doesn't.)
>>
>>What "it" are you refering to.
> 
> 
> The desc field in a CObject.
> 
> 
>>I don't really remember what the description was for. I also
>>don't have the original email.
> 
> 
> http://mail.python.org/pipermail/python-dev/2003-December/040702.html
> 
> 
>>>But even without Jim's confirmation, ISTM from memory and looking at
>>>the source that the 'desc' field (which stands for description)
>>
>>I now hate abbreviations like that btw. :)
> 
> 
> Good :-)
> 
> 
>> > was
>>
>>>intended as a clue that could be checked by the user of a C Object to
>>>verify it had gotten the right one: in a shared header (needed anyway
>>>to describe the layout of the struct pointer contained in the C
>>>Object) you could define a magic word or a magic string value that
>>>would be stored as the description, and the users would check that
>>>value before believing the struct pointer.
>>
>>I vaguely remember that such a clue was one possible application
>>of the extra data.  I really imagined that the destructor could need the
>>extra data, but, again, it's been a long time.  Too bad there's not a PEP. :)
>>
>>
>>>Unfortunately the same CObject version that introduced the description
>>>field also introduced the convenience function PyCObject_Import(),
>>>which doesn't return the description, and returns the void pointer
>>>contained in the CObject without returning the CObject itself, leaving
>>>its caller without a clue about the description...
>>
>>That's because I don't think that the description was primarily intended
>>as a fingerprint.
> 
> 
> I feel a retcon coming on.
> 
> 
>>>Anyway, I think it can be fixed by starting to use the description
>>>field and adding a new convenience C API, perhaps named
>>>PyCObject_ImportEx(), whch takes a description and checks it.  We
>>>should try to standardize on what kind of thing to use as the
>>>description -- if we use a magic word, PyCObject_ImportEx() should do
>>>a simple compare, but if we use a string, it should do a strcmp().  Or
>>>the API could simply return the description into an output parameter,
>>>making the caller responsible for doing the checking.
>>>And the docs should be updated to explain the description better
>>>(currently at one point the description is called "extra callback data
>>>for the destructor function" which seems a rather odd feature).
>>
>>I like the idea of adding this use of the description.  That is,
>>the description is really a marker, that is obtained from an include file
>>and checked against the value in the CObject.
> 
> 
> Right.  What should we use as the description object?  A good old C
> string? 

Probably.  I don't have a strong opinion on it.

Jim

-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org

More information about the Python-Dev mailing list