why indentation should be part of the syntax
Roy Smith
roy at panix.com
Sun Mar 2 09:38:50 EST 2014
In article <mailman.7568.1393756930.18130.python-list at python.org>,
Stefan Behnel <stefan_ml at behnel.de> wrote:
> Haven't seen any mention of it on this list yet, but since it's such an
> obvious flaw in quite a number of programming languages, here's a good
> article on the recent security bug in iOS, which was due to accidentally
> duplicated code not actually being as indented as it looked:
>
> https://www.imperialviolet.org/2014/02/22/applebug.html
>
> Stefan
Hogwash. What this looks like is two gotos in a row. Anybody who
reviewed this code would have thrown up a red flag when they saw two
gotos in a row. If anything, the "incorrect" indentation makes it even
more obvious. Any static code analyzer would have also caught this as
an unreachable statement.
Paraphrasing this into Python, you get:
def bogus():
if SSLHashSHA1.update(hashCtx, serverRandom) != 0:
raise fail
if SSLHashSHA1.update(hashCtx, signedParams) != 0:
raise fail
raise fail
if SSLHashSHA1.final(hashCtx, hashOut) != 0:
raise fail
which is syntactically valid (at least, I can import it), but clearly
not what the author intended. So how did Python's indentation rules
save us?
On the other hand, the Python code was actually a little annoying to
type in because emacs refused to auto-indent the second raise! So maybe
the real rule is to only write code using emacs :-)
More information about the Python-list
mailing list