[Python-Dev] Capabilities

[Guido van Rossum]

> On Sun, 9 Mar 2003, Guido van Rossum wrote:
> > - Which attributes are considered introspective?
> 
> Here's a preliminary description of the boundary between "introspective"
> and "restricted", off the top of my head:
> 
>     1.  The only thing you can do with a bound method is to call it
>         (bound methods have no attributes except __doc__).

Plus __repr__ and __str__.  And if they have attributes at all they
have __getattribute__.  And if they are callable they have __call__.

>     2.  The following instance attributes are off limits:
>         __class__, __dict__, __module__.
> 
> That might be a reasonable start.

Not sure.  Classic rexec disallowed these (and a few more), but the
problem with disallowing __dict__ of an instance was that this made it
impossible for untrusted code to use certain coding patterns like
overriding __setattr__.

> However, there is still the problem that the established technique
> for storing instance-specific state in Python is to use globally-
> accessible data attributes instead of a limited scope.  We would
> also need to add a safe (private) place for instances to put state.

I wonder if we could write special descriptors for this?  The problem
as I see it is that the interpreter doesn't keep track of whether a
particular function is part of a class definition or not, so there's
no way to tell whether it should have access to private data or not.

Proxies get around this, but with the stated disadvantages.

--Guido van Rossum (home page: http://www.python.org/~guido/)