[Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Richard Jones]

A security problem has been found in mod_caml 1.0.5 and earlier which
could lead to a SQL insertion attack on PostgreSQL databases.
mod_caml normally escapes strings before inserting them into
PostgreSQL queries.  However a bug was found in this escaping
function.  This would allow attackers to craft arbitrary SQL commands
to run against the database.

This is fixed in version 1.0.6, along with some other minor bugfixes,
or you can apply the source patch at the end of this message.

Because savannah.nongnu.org continues to be partially unavailable,
version 1.0.6 is available here:

http://www.annexia.org/tmp/mod_caml-1.0.6.tar.gz (about 74K)

Rich.

----------------------------------------------------------------------

From: http://www.merjis.com/developers/mod_caml/

What is mod_caml?

mod_caml is a set of Objective CAML (OCaml) bindings for the Apache
API. It allows you to run CGI scripts written in OCaml directly inside
the Apache webserver. However, it is much much more than just that:

    * Bind to any part of the Apache request cycle.
    * Read and modify internal Apache structures.
    * Share modules of code between handlers and scripts.
    * CGI library and templating system (allows separation of
      code and presentation).
    * Works with Apache 1.3 and Apache 2.0.
    * DBI library for simple database access.
    * DBI library can use Perl DBDs (database drivers) [requires
      Perl4Caml >= 0.3.6]

----------------------------------------------------------------------
diff -u -r1.11 dbi_postgres.ml
--- dbi_postgres.ml	23 Nov 2003 14:24:57 -0000	1.11
+++ dbi_postgres.ml	15 Jan 2004 13:34:04 -0000
@@ -42,11 +42,16 @@
 (* Damn. [Postgres] module doesn't export the PQescapeString function, so
  * I've had to write it myself.
  *)
-let escape_string s =
-  String.concat "" [ "'";
-		     (Pcre.replace ~pat:"'" ~templ:"''" s);
-		     "'" ]
+let escape_string =
+  let re1 = Pcre.regexp "'" in		(* Double up any single quotes. *)
+  let sub1 = Pcre.subst "''" in
+  let re2 = Pcre.regexp "\\\\" in	(* Double up any backslashes. *)
+  let sub2 = Pcre.subst "\\\\" in
+  fun s ->
+    let s = Pcre.replace ~rex:re1 ~itempl:sub1 s in
+    let s = Pcre.replace ~rex:re2 ~itempl:sub2 s in
+    "'" ^ s ^ "'"			(* Surround with quotes. *)
 
 (* PCRE regular expressions for parsing timestamps and intervals. *)
 let re_timestamp =
----------------------------------------------------------------------

-- 
Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
MAKE+ is a sane replacement for GNU autoconf/automake. One script compiles,
RPMs, pkgs etc. Linux, BSD, Solaris. http://www.annexia.org/freeware/makeplus/

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Richard Jones]

On Thu, Jan 15, 2004 at 04:04:33PM +0100, Frederic van der Plancke wrote:
> Hi Richard, 
> 
> I see something strange with your patch:
> 
> Richard Jones wrote:
> [...]
> > This is fixed in version 1.0.6, along with some other minor bugfixes,
> > or you can apply the source patch at the end of this message.
> [...]
> > +  let re1 = Pcre.regexp "'" in         (* Double up any single quotes. *)
> > +  let sub1 = Pcre.subst "''" in
> > +  let re2 = Pcre.regexp "\\\\" in      (* Double up any backslashes. *)
> > +  let sub2 = Pcre.subst "\\\\" in
> 
> This does not look right: why sub2 = re2 and not sub2 = re2 ^ re2 ?

No, it seems to be right.

PCRE doesn't using \ escaping in substitutions, only in regular
expressions.  So the re2 matches \ and sub2 substitutes \\.

Rich.

-- 
Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
MAKE+ is a sane replacement for GNU autoconf/automake. One script compiles,
RPMs, pkgs etc. Linux, BSD, Solaris. http://www.annexia.org/freeware/makeplus/

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Markus Mottl]

On Thu, 15 Jan 2004, Richard Jones wrote:
> On Thu, Jan 15, 2004 at 04:04:33PM +0100, Frederic van der Plancke wrote:
> > > +  let re2 = Pcre.regexp "\\\\" in      (* Double up any backslashes. *)
> > > +  let sub2 = Pcre.subst "\\\\" in
> > 
> > This does not look right: why sub2 = re2 and not sub2 = re2 ^ re2 ?
> 
> No, it seems to be right.
> 
> PCRE doesn't using \ escaping in substitutions, only in regular
> expressions.  So the re2 matches \ and sub2 substitutes \\.

Richard is right here: I know it looks awful, but the four backslashes
in the regexp pattern for re2 indeed only stand for one. They
have to be escaped in the OCaml-string and also for PCRE again,
i.e. twice. Substitution patterns use the $-sign for escaping - therefore
escaping only needs to be done once.

Regards,
Markus

-- 
Markus Mottl          http://www.oefai.at/~markus          markus@oefai.at

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Richard Jones]

On Thu, Jan 15, 2004 at 05:19:44PM +0100, Markus Mottl wrote:
> I know it looks awful, but the four backslashes in the regexp
> pattern for re2 indeed only stand for one. They have to be escaped
> in the OCaml-string and also for PCRE again,
> i.e. twice. Substitution patterns use the $-sign for escaping -
> therefore escaping only needs to be done once.

Another reason to hasten the addition of regular expressions to the
OCaml lexer, 'a la Perl!

Rich.

-- 
Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
http://www.execellence.com/

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[james woodyatt]

On 15 Jan 2004, at 08:53, Richard Jones wrote:
> On Thu, Jan 15, 2004 at 05:19:44PM +0100, Markus Mottl wrote:
>> I know it looks awful, but the four backslashes in the regexp
>> pattern for re2 indeed only stand for one. They have to be escaped
>> in the OCaml-string and also for PCRE again,
>> i.e. twice. Substitution patterns use the $-sign for escaping -
>> therefore escaping only needs to be done once.
>
> Another reason to hasten the addition of regular expressions to the
> OCaml lexer, 'a la Perl!

Doesn't the lexer already have regular expressions?  I think you mean 
something to make regular expressions into first-class values in the 
language.  I'm not sure that's necessary.

In my recently released Pagoda Core Foundation library, there is an 
implementation of lazily evaluated deterministic finite automata.  It 
also contains a functional lexical analyzer implementation that uses 
it.  What remains to be done-- and I'm sorta planning to get around to 
doing it myself one of these years-- is to compile regular expressions 
from string values and to do appropriate syntactical glucose with 
CamlP4.

Since I released the library under a BSD style license, it's certainly 
*possible* that someone could write an extension that doesn't require 
any changes to the core language.


-- 
j h woodyatt <jhw@wetware.com>

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Richard Jones]

On Thu, Jan 15, 2004 at 10:15:30PM -0800, james woodyatt wrote:
> On 15 Jan 2004, at 08:53, Richard Jones wrote:
> >On Thu, Jan 15, 2004 at 05:19:44PM +0100, Markus Mottl wrote:
> >>I know it looks awful, but the four backslashes in the regexp
> >>pattern for re2 indeed only stand for one. They have to be escaped
> >>in the OCaml-string and also for PCRE again,
> >>i.e. twice. Substitution patterns use the $-sign for escaping -
> >>therefore escaping only needs to be done once.
> >
> >Another reason to hasten the addition of regular expressions to the
> >OCaml lexer, 'a la Perl!
> 
> Doesn't the lexer already have regular expressions?  I think you mean 
> something to make regular expressions into first-class values in the 
> language.  I'm not sure that's necessary.

Being able to write:

var ~ /ab+/

and similar certainly makes string handling and simple parsing a lot
easier.

Rich.

-- 
Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
Perl4Caml lets you use any Perl library in your type-safe Objective
CAML programs. http://www.merjis.com/developers/perl4caml/

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Brian Hurt]

On Fri, 16 Jan 2004, Richard Jones wrote:

> Being able to write:
> 
> var ~ /ab+/
> 
> and similar certainly makes string handling and simple parsing a lot
> easier.
> 

That (or something close to that) could be done via a library.  What I'd 
like to see is to be able to pattern match on regexs, like:

match str with
	| /ab+/ -> ...
	| /foo(bar)*/ -> ...

etc.  The compiler could then combine all the matchings into a single DFA, 
improving performance over code like:

if (regex_match str "ab+") then
    ...
else if (regex_match str "foo(bar)*") then
    ...
else 
    ...

The regex matching would also let the compiler know if there were possible 
unmatched strings (these would should up as transitions to the error state 
in the DFA).

Hmm.  Actually, you could get close to this.  You simply write a function 
with the signature:

val multiway_regex: (string * 'a) list -> string -> 'a

The assumption here is that 'a would be a variant type.  This would allow 
you to do:

type my_regex_matching = Abb | Foobar | ... ;;

let regex = multiway_regex [ ("ab+", Abb); ("foo(bar)*", Foobar); ... ];;

match (regex string) with
	| Abb -> (* matched /ab+/ *)
	| FooBar -> (* matched /foo(bar)*/ *)
	...

No- you'd want to be able to grab the substrings.  So the type should be:

val multiway_regex: (string * (string list -> 'a)) list -> string -> 'a

Where the string list passed in to the generator function would be the 
list of substrings matched inside parens.

-- 
"Usenet is like a herd of performing elephants with diarrhea -- massive,
difficult to redirect, awe-inspiring, entertaining, and a source of
mind-boggling amounts of excrement when you least expect it."
                                - Gene Spafford 
Brian

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Yutaka OIWA]

Hello.

>> On Fri, 16 Jan 2004 09:34:54 +0000, Richard Jones <rich@annexia.org> said:

Richard> Being able to write:

Richard> var ~ /ab+/

Richard> and similar certainly makes string handling and simple parsing a lot
Richard> easier.

>> On Fri, 16 Jan 2004 13:05:15 -0600 (CST), Brian Hurt <bhurt@spnz.org> said:

Brian> What I'd like to see is to be able to pattern match on regexs, like:

Brian> match str with
Brian> 	| /ab+/ -> ...
Brian> 	| /foo(bar)*/ -> ...

Brian> etc.

My camlp4-macro named Regexp/OCaml may solve most of the requests:
try it from http://www.yl.is.s.u-tokyo.ac.jp/~oiwa/caml/ .

Using Regexp/OCaml, you can write the code like

    Regexp.match str with
      "^(\d+)-(\d+)$" as f : int, t : int ->
        for i = f to t do
          printf "%d\n" i
        done
    | "^(\d+)$" as s : int ->
        printf "%d\n" s

to perform branch based on multiple regular patterns and to extract
matched substrings automatically (bound to f, t, s respectively, after
converted to int type by using int_of_string).  See 
http://www.yl.is.s.u-tokyo.ac.jp/~oiwa/pub/caml/regexp-pp-0.9.3/README.match-regexp
for further details.


Brian> The compiler could then combine all the matchings into a single DFA, 
Brian> improving performance over code like:

Brian> if (regex_match str "ab+") then
Brian>     ...
Brian> else if (regex_match str "foo(bar)*") then
Brian>     ...
Brian> else 
Brian>     ...

The code generated by current Regexp/OCaml is something similar to the
above, (however, pattern compilations are performed only once per
execution per each pattern.) but if the backend regexp engine
(currently Regexp/OCaml uses PCRE/OCaml) supports optimization for
multiple regular expression matching, Regexp/OCaml can easily
utilize it.  Analysis for patterns may be performed at compilation
(camlp4-translation) phase, if required.

Brian> The regex matching would also let the compiler know if there were possible 
Brian> unmatched strings (these would should up as transitions to the error state 
Brian> in the DFA).

This feature is not currently implemented in Regexp/OCaml, but
as the macro package owns self-implemented parser for regular
patterns, it is possible to implement if I have enough time to do.
(And it is included in my personal to-do list for Regexp/OCaml.)

-- 
Yutaka Oiwa              Yonezawa Lab., Dept. of Computer Science,
      Graduate School of Information Sci. & Tech., Univ. of Tokyo.
      <oiwa@yl.is.s.u-tokyo.ac.jp>, <yutaka@oiwa.shibuya.tokyo.jp>
PGP fingerprint = C9 8D 5C B8 86 ED D8 07  EA 59 34 D8 F4 65 53 61

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Markus Mottl]

On Sat, 17 Jan 2004, Yutaka OIWA wrote:
> The code generated by current Regexp/OCaml is something similar to the
> above, (however, pattern compilations are performed only once per
> execution per each pattern.) but if the backend regexp engine
> (currently Regexp/OCaml uses PCRE/OCaml) supports optimization for
> multiple regular expression matching, Regexp/OCaml can easily
> utilize it.  Analysis for patterns may be performed at compilation
> (camlp4-translation) phase, if required.

As mentioned in a previous post, this could be done using the callout
features of PCRE-OCaml. Only problem: the string to be matched is
internally copied to the C-heap (once), because the OCaml-GC could
theoretically move the string to another memory location in the OCaml-heap
during callouts.

Thus, it may not be as efficient as you expect, and possibly only pay
off if the patterns match the same, long string prefixes. Unfortunately,
there is no workaround for this: you'd either have to rewrite PCRE so
that you can return pointers to new string locations after each callout
(no, thanks ;) or somehow be able to temporarily protect strings from
being moved by the GC (not feasible either, I suppose; would, however,
work with character strings in char Bigarrays if I am not mistaken).

Regards,
Markus

-- 
Markus Mottl          http://www.oefai.at/~markus          markus@oefai.at

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Markus Mottl]

On Fri, 16 Jan 2004, Brian Hurt wrote:
> That (or something close to that) could be done via a library.  What I'd 
> like to see is to be able to pattern match on regexs, like:
> 
> match str with
> 	| /ab+/ -> ...
> 	| /foo(bar)*/ -> ...
> 
> etc.  The compiler could then combine all the matchings into a single DFA, 
> improving performance over code like:
> 
> if (regex_match str "ab+") then
>     ...
> else if (regex_match str "foo(bar)*") then
>     ...
> else 
>     ...

I'd like to point out that PCRE-OCaml has functionality for using
callouts, i.e. you can indeed put all alternatives into one huge regular
expression, mark them with callout numbers, and thus execute code (a
closure passed to the matching engine) depending on the currently matched
alternative (and even explicitly backtrack if you want). Very powerful...

Unfortunately, the automaton used internally by PCRE is not a DFA.
It's still optimized to some extent, but I don't know the details.

Regards,
Markus

-- 
Markus Mottl          http://www.oefai.at/~markus          markus@oefai.at

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Luc Maranget]

> On Fri, 16 Jan 2004, Richard Jones wrote:
> 
> > Being able to write:
> > 
> > var ~ /ab+/
> > 
> > and similar certainly makes string handling and simple parsing a lot
> > easier.
> > 
> 
> That (or something close to that) could be done via a library.  What I'd 
> like to see is to be able to pattern match on regexs, like:
> 
> match str with
> 	| /ab+/ -> ...
> 	| /foo(bar)*/ -> ...
> 
> etc.  The compiler could then combine all the matchings into a single DFA, 
> improving performance over code like:
> 
Hello,

I am not exactly sure I understand your needs. But you should probably have a
look at ocamllex.


-- 
Luc Maranget

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Richard Jones]

On Mon, Jan 19, 2004 at 11:13:53AM +0100, Luc Maranget wrote:
> I am not exactly sure I understand your needs. But you should probably have a
> look at ocamllex.

Coming from a Perl background, ocamllex is a very heavyweight solution
for the simple problem of doing quick string matches.  The
Regexp/OCaml package looks very good indeed - shame it can't be part
of the standard syntax!

Rich.

-- 
Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
PTHRLIB is a library for writing small, efficient and fast servers in C.
HTTP, CGI, DBI, lightweight threads: http://www.annexia.org/freeware/pthrlib/

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Luc Maranget]

> On Mon, Jan 19, 2004 at 11:13:53AM +0100, Luc Maranget wrote:
> > I am not exactly sure I understand your needs. But you should probably have a
> > look at ocamllex.
> 
> Coming from a Perl background, ocamllex is a very heavyweight solution
> for the simple problem of doing quick string matches.  The
> Regexp/OCaml package looks very good indeed - shame it can't be part
> of the standard syntax!
> 
> Rich.
> 
> -- 
> Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
> Merjis Ltd. http://www.merjis.com/ - improving website return on investment
> PTHRLIB is a library for writing small, efficient and fast servers in C.
> HTTP, CGI, DBI, lightweight threads: http://www.annexia.org/freeware/pthrlib/

Normally, using camlp4 you can insert regexp matchings
in ``standard'' syntax. Although the current manual of
camlp4 does not tell much about that.
Furthermore the code is at the moment broken in the CVS tree...


To me, the extra burden of having to preprocess the lexer
source is not that heavy in a big program, where you have Makefiles
anyway.  Besides some expressivity bonuses (but beware, such
expressivity often comes with fuzziness) one advantage of the library
approach is the possibility to give regexps dynamically (eg by reading external
files).  Few applications  take advantage of this.


Of course all my nice reasoning fails when you consider ``scripting'',
but even then, the idea of putting regexps in strings leads to unncessary
complications (ie many backslashes).
A more convenient way would be by some regexp data type either
abstract or concrete.
Such an API should probably be added to supported ocaml regexp packages.

Cheers,

-- Luc

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Richard Jones]

On Mon, Jan 19, 2004 at 03:43:33PM +0100, Luc Maranget wrote:
> Of course all my nice reasoning fails when you consider ``scripting'',
> but even then, the idea of putting regexps in strings leads to unncessary
> complications (ie many backslashes).
> A more convenient way would be by some regexp data type either
> abstract or concrete.

I think you hit the nail on the head there.  The problem is indeed
that much interesting programming these days is "scripting" - ie.
lots of short single-purpose programs maintained in a collection of
programs rather than an application.

If you analyse what Perl has which other languages don't, it can be
mostly reduced to these items:

* Syntactic support for processing lines in a file, ie:

	while (<>) { ... }

  which is an astonishing piece of brevity.  It reads all the command line
  arguments, opens the files specified and hands them line-at-a-time to
  the code inside the while loop.  I think ExtLib has some functionality
  to do a small part of this.  It should be included in the standard
  distribution.

* Syntactic support for regular expression matching / substring extraction.

  (As discussed before.)

* No (visible) compilation required.

  #!/usr/bin/perl

  Very useful.  There was some discussion before about writing scripts
  starting with:

  #!/usr/bin/ocaml

* Certain idiomatic forms, such as:

	statement if condition;
  and:	statement unless condition;

  which reduce code size.

* Absolutely huge library.

  I'm trying to do my bit here by writing libraries, and specifically
  with perl4caml which allows you to use Perl libraries with OCaml.  A
  central CPAN-like resource would still be very useful.

Rich.

-- 
Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
Perl4Caml lets you use any Perl library in your type-safe Objective
CAML programs. http://www.merjis.com/developers/perl4caml/

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Markus Mottl]

On Mon, 19 Jan 2004, Richard Jones wrote:
> * Syntactic support for processing lines in a file, ie:
> 
> 	while (<>) { ... }
> 
>   which is an astonishing piece of brevity.  It reads all the command line
>   arguments, opens the files specified and hands them line-at-a-time to
>   the code inside the while loop.  I think ExtLib has some functionality
>   to do a small part of this.  It should be included in the standard
>   distribution.

Opening all files presented on the command line and passing them to some
user-specified function can be easily done using higher-order functions,
e.g.:

  let all_lines f =
    for i = 1 to Array.length Sys.argv - 1 do
      let ic = open_in Sys.argv.(i) in
      try while true do f (input_line ic) done
      with End_of_file -> close_in ic
    done

Putting functions like "all_lines" into a utility module, you can use
"#load" to apply it from scripts:

  #load "util.cmo"
  open Util
  let _ = all_lines print_endline

I don't see a need for syntactic support. Adding two very short lines
to the top of your script (one-time effort) is hardly distracting.

> * Syntactic support for regular expression matching / substring extraction.
> 
>   (As discussed before.)

People often abuse this Perl-feature, because they don't know how to
write lexers/parsers using generators, which would sometimes be the
better choice.

> * No (visible) compilation required.
> 
>   #!/usr/bin/perl
> 
>   Very useful.  There was some discussion before about writing scripts
>   starting with:
> 
>   #!/usr/bin/ocaml

You don't need compilation with OCaml if you want to do scripting!

All you need to do is create a toplevel using the "-custom"-flag, e.g.:

  ocamlmktop -custom -o mytop

This is required under Unix, because only binary executables can be used
for interpretation due to security concerns.

Then write a script like this (assuming that mytop is in the same
directory - you can place it elsewhere, of course):

  #!mytop

  #load "unix.cma"
  open Unix

  let _ = Printf.printf "%f\n" (Unix.gettimeofday ())

As you can see, even loading modules (here: Unix) that use shared
libraries works like a charm.

Btw., what's the reason why "ocaml" is not installed using "-custom"
by default? The size of the executables is almost the same, and people
could more easily use OCaml for scripting then.

> * Certain idiomatic forms, such as:
> 
> 	statement if condition;
>   and:	statement unless condition;
> 
>   which reduce code size.

Too much redundancy with control constructs is not a good idea, IMHO.
The gain is just too small.

> * Absolutely huge library.
> 
>   I'm trying to do my bit here by writing libraries, and specifically
>   with perl4caml which allows you to use Perl libraries with OCaml.  A
>   central CPAN-like resource would still be very useful.

I agree that there could be more and better libraries around. But that's
true for any language whose programmers want to be lazy. ;-)

Regards,
Markus

-- 
Markus Mottl          http://www.oefai.at/~markus          markus@oefai.at

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Richard Jones]

On Mon, Jan 19, 2004 at 06:46:40PM +0100, Markus Mottl wrote:
> Putting functions like "all_lines" into a utility module, you can use
> "#load" to apply it from scripts:
[...]
> I don't see a need for syntactic support. Adding two very short lines
> to the top of your script (one-time effort) is hardly distracting.

I agree with you completely.  It'd just be nice to have the library
included in standard OCaml.  No, in fact not just 'nice', necessary -
so that it becomes a standard idiom which can be taught to students of
the language.

> > * Syntactic support for regular expression matching / substring extraction.
> People often abuse this Perl-feature, because they don't know how to
> write lexers/parsers using generators, which would sometimes be the
> better choice.

Sometimes, but mostly I think regexps are used appropriately.  Writing
a full-blown parser is something of an undertaking.  Writing a simple
script which just reads a config file or a data file or similar
shouldn't need this effort.  (Another related argument: Give me the
choice of shooting myself in the foot if I want to.)

> Too much redundancy with control constructs is not a good idea, IMHO.
> The gain is just too small.

Mmmm ... perhaps.  Actually I think 'unless' specifically is very
useful.  I've even written a trivial camlp4 extension for it, and we
use it in lots of Merjis code.

Rich.

-- 
Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
If I have not seen as far as others, it is because I have been
standing in the footprints of giants.  -- from Usenet

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Eray Ozkural]

On Monday 19 January 2004 20:05, Richard Jones wrote:
> Mmmm ... perhaps.  Actually I think 'unless' specifically is very
> useful.  I've even written a trivial camlp4 extension for it, and we
> use it in lots of Merjis code.

Unless does not sound like a common keyword.

Haskell style "where" would be excellent though. I was using it all the time 
in Haskell.

Regards,

-- 
Eray Ozkural (exa) <erayo@cs.bilkent.edu.tr>
Comp. Sci. Dept., Bilkent University, Ankara  KDE Project: http://www.kde.org
www: http://www.cs.bilkent.edu.tr/~erayo  Malfunction: http://mp3.com/ariza
GPG public key fingerprint: 360C 852F 88B0 A745 F31B  EA0F 7C07 AE16 874D 539C

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Markus Mottl]

On Mon, 19 Jan 2004, Eray Ozkural wrote:
> On Monday 19 January 2004 20:05, Richard Jones wrote:
> > Mmmm ... perhaps.  Actually I think 'unless' specifically is very
> > useful.  I've even written a trivial camlp4 extension for it, and we
> > use it in lots of Merjis code.
> 
> Unless does not sound like a common keyword.
> 
> Haskell style "where" would be excellent though. I was using it all the time 
> in Haskell.

"where" is one keyword, which I might find useful. Code can be made much
more readable if function applications come first and values used in it
are defined further below. Otherwise, the user may have to scan large
portions of value definitions before getting to the "core" of a function.

Regards,
Markus

-- 
Markus Mottl          http://www.oefai.at/~markus          markus@oefai.at

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Eray Ozkural]

On Tuesday 20 January 2004 13:31, Markus Mottl wrote:
> "where" is one keyword, which I might find useful. Code can be made much
> more readable if function applications come first and values used in it
> are defined further below. Otherwise, the user may have to scan large
> portions of value definitions before getting to the "core" of a function.

Absolutely! It looks much better than 5 nested let scopes (although they are 
semantically identical). Where was this inefficient DFT function I had 
written. Ah, here  it is:
dft :: (RealFloat a) => (SampleVector (Complex a)) -> Int
    -> (SampleVector (Complex a))
dft x n =
    listArray (0, (n-1)) [transform f | f <- [0..(n-1)]]
    where
    transform f = scale * (foldl1 (+) [freqcomp f k | k <- [0..(n-1)]])
    freqcomp f k = (x!k) * (exp_polar (-(2 * (fromIntegral k)
                                         * pi * (fromIntegral f) ) /
                                       (fromIntegral n)) )
    scale = 1/(fromIntegral n)


I find use of where keyword much more readable in many places.

Cheers,

-- 
Eray Ozkural (exa) <erayo@cs.bilkent.edu.tr>
Comp. Sci. Dept., Bilkent University, Ankara  KDE Project: http://www.kde.org
www: http://www.cs.bilkent.edu.tr/~erayo  Malfunction: http://mp3.com/ariza
GPG public key fingerprint: 360C 852F 88B0 A745 F31B  EA0F 7C07 AE16 874D 539C

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[skaller]

On Tue, 2004-01-20 at 22:31, Markus Mottl wrote:

> "where" is one keyword, which I might find useful. 

Hmmm .. but wasn't it part of Caml before, and was dropped
since it only duplicates let/in functionality .. and
no one used it?

-- 
John Max Skaller, mailto:skaller@tpg.com.au
snail:25/85c Wigram Rd, Glebe, NSW 2037, Australia.
voice:61-2-9660-0850. Checkout Felix: http://felix.sf.net




-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Michal Moskal]

On Mon, Jan 19, 2004 at 11:45:10PM +0200, Eray Ozkural wrote:
> On Monday 19 January 2004 20:05, Richard Jones wrote:
> > Mmmm ... perhaps.  Actually I think 'unless' specifically is very
> > useful.  I've even written a trivial camlp4 extension for it, and we
> > use it in lots of Merjis code.
> 
> Unless does not sound like a common keyword.
> 
> Haskell style "where" would be excellent though. I was using it all the time 
> in Haskell.

Haskell is lazy, ocaml is strict. Consider following snippet of
``ocaml'':

let _ = f (x)
  where x = g ()

Now, the reader of the code might take false impression that f() is
executed before g(). Of course there is no such danger with function
definitions in where blocks, but still I think readability is the reason
it is absent from ocaml.

-- 
: Michal Moskal :: http://www.kernel.pl/~malekith : GCS {C,UL}++++$ a? !tv
: When in doubt, use brute force. -- Ken Thompson : {E-,w}-- {b++,e}>+++ h

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Eray Ozkural]

On Tuesday 20 January 2004 19:34, you wrote:
> Haskell is lazy, ocaml is strict. Consider following snippet of
> ``ocaml'':
>
> let _ = f (x)
>   where x = g ()
>
> Now, the reader of the code might take false impression that f() is
> executed before g(). Of course there is no such danger with function
> definitions in where blocks, but still I think readability is the reason
> it is absent from ocaml.

Such a reader would be equally confused by let blocks. The order of execution 
is hardly the concern here.

I don't think the problem you mention has much to do with where syntax. Its 
semantics is quite independent of evaluation strategy! (Plus, you can write 
monadic code in Haskell, which is basically safe imperative code... and you 
can use strictness where appropriate)

That is quite possibly one of the most elegant features of Haskell syntax (not 
semantics) It helps balance scopes inside a function definition, actually 
*improving* readability.

Regards,

-- 
Eray Ozkural (exa) <erayo@cs.bilkent.edu.tr>
Comp. Sci. Dept., Bilkent University, Ankara  KDE Project: http://www.kde.org
www: http://www.cs.bilkent.edu.tr/~erayo  Malfunction: http://mp3.com/ariza
GPG public key fingerprint: 360C 852F 88B0 A745 F31B  EA0F 7C07 AE16 874D 539C

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Michal Moskal]

On Tue, Jan 20, 2004 at 07:52:56PM +0200, Eray Ozkural wrote:
> On Tuesday 20 January 2004 19:34, you wrote:
> > Haskell is lazy, ocaml is strict. Consider following snippet of
> > ``ocaml'':
> >
> > let _ = f (x)
> >   where x = g ()
> >
> > Now, the reader of the code might take false impression that f() is
> > executed before g(). Of course there is no such danger with function
> > definitions in where blocks, but still I think readability is the reason
> > it is absent from ocaml.
> 
> Such a reader would be equally confused by let blocks. The order of execution 
> is hardly the concern here.

	let _ =
	  let x = g () in
	  f (x)

First execute g(), then f(), plain and simple.

This may sound a bit heretic here, but this is how most programmers
think about program execution -- first do this, then do that. Even more
-- this is how ocaml works.

> I don't think the problem you mention has much to do with where syntax. Its 
> semantics is quite independent of evaluation strategy! 

Yes, of course you can have well defined semantic for any string of
characters. But that's not the point. You say it's more readable --
you're probably right. I say it *can* be confusing.

-- 
: Michal Moskal :: http://www.kernel.pl/~malekith : GCS {C,UL}++++$ a? !tv
: When in doubt, use brute force. -- Ken Thompson : {E-,w}-- {b++,e}>+++ h

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Markus Mottl]

On Tue, 20 Jan 2004, Michal Moskal wrote:
> Yes, of course you can have well defined semantic for any string of
> characters. But that's not the point. You say it's more readable --
> you're probably right. I say it *can* be confusing.

That's the usual problem: programmers can always write illegible code.
"where" could make things easier to read in some cases, more difficult
in others. The programmer could decide in each case what solution would
be preferable (to him, that is).

-- 
Markus Mottl          http://www.oefai.at/~markus          markus@oefai.at

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[David Brown]

On Tue, Jan 20, 2004 at 07:54:45PM +0100, Michal Moskal wrote:

> > > Now, the reader of the code might take false impression that f() is
> > > executed before g(). Of course there is no such danger with function
> > > definitions in where blocks, but still I think readability is the reason
> > > it is absent from ocaml.

The where clause works well for Haskell, because there are no order of
evaluation issues.  Because of side-effects, the where clause in ocaml
would usually just end up being confusing.  Think of a multi-page
expression with a where clause at the end.  Not that this is good code,
but it would sure be easy to miss.  It would probably cause the same
kinds of problems that C's 'break' causes in switch statements.

Dave Brown

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Eray Ozkural]

On Tuesday 20 January 2004 21:37, David Brown wrote:
> On Tue, Jan 20, 2004 at 07:54:45PM +0100, Michal Moskal wrote:
> > > > Now, the reader of the code might take false impression that f() is
> > > > executed before g(). Of course there is no such danger with function
> > > > definitions in where blocks, but still I think readability is the
> > > > reason it is absent from ocaml.
>
> The where clause works well for Haskell, because there are no order of
> evaluation issues.  Because of side-effects, the where clause in ocaml
> would usually just end up being confusing.  Think of a multi-page
> expression with a where clause at the end.  Not that this is good code,
> but it would sure be easy to miss.  It would probably cause the same
> kinds of problems that C's 'break' causes in switch statements.

I disagree. Think of a multi-page expression with a let clause in the 
beginning.

-- 
Eray Ozkural (exa) <erayo@cs.bilkent.edu.tr>
Comp. Sci. Dept., Bilkent University, Ankara  KDE Project: http://www.kde.org
www: http://www.cs.bilkent.edu.tr/~erayo  Malfunction: http://mp3.com/ariza
GPG public key fingerprint: 360C 852F 88B0 A745 F31B  EA0F 7C07 AE16 874D 539C

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Max Kirillov]

On Tue, Jan 20, 2004 at 11:37:56AM -0800, David Brown wrote:
> The where clause works well for Haskell, because there are no order of
> evaluation issues.  Because of side-effects, the where clause in ocaml
> would usually just end up being confusing.  Think of a multi-page
> expression with a where clause at the end.  Not that this is good code,
> but it would sure be easy to miss.  It would probably cause the same
> kinds of problems that C's 'break' causes in switch statements.

If you want to make your code cryptic, no language feature (or
lack of one) can prevent you from that. "Where" construction is
a powerful way to make code more readable, placing it in "top to
bottom" style. You noted that placing actual computation in where block
can hinder the evaluation order. Then don't place the computation in
"where" block! Let's rewrite your example like this:

let _ = 
    let x = g () in
    f x
  where g () = ...

Here, no uncertainty about evaluation order left.

PS: You are right about scoping.  But it's not critical -- it we could
have certain rules, we coul write predictable and readable code.  Some
time ago, I used my own realization of "where" (via camlp4) and often
had to use brackets. Even then, I think that my code was quite readable.
Now, I think than haskell rules (whare as part of definition, not
expression) are quite rasonable.


> Dave Brown

-- 
Max

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Max Kirillov]

On Wed, Jan 21, 2004 at 11:52:08AM -0800, Christopher Dutchyn wrote:
> 
> Can you post your camlp4 extension that contains where?

Look in the list archives. Note that I did not follow the haskell
semantic there; I recommend you to midify that to do so. It's quite easy
to do and good point to start understanding camlp4. Then, I warning you
that you are to produce nonportable code.

-- 
Max

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Brian Hurt]

On Tue, 20 Jan 2004, Michal Moskal wrote:

> Haskell is lazy, ocaml is strict. Consider following snippet of
> ``ocaml'':
> 
> let _ = f (x)
>   where x = g ()
> 
> Now, the reader of the code might take false impression that f() is
> executed before g(). Of course there is no such danger with function
> definitions in where blocks, but still I think readability is the reason
> it is absent from ocaml.
> 

That peice of code would be equivelent to:
let _ =
    let x = g () in
    f x
;;

So precision isn't lost, just hidden.

I would think the following might be more of a problem:

let x = ... ;;

let _ = f x 
(* at this point, does the compiler know which x to use? *)
where x = g ()
;;

Even more hideous possibilities arise:

let rec f x = 
    let x = f (x + 3) 
    in 
    f (2 * x) 
    where f x = 2 + (f x) 
    and x = 3
;;

I admit that I can't follow which fs and which xs are which, and what the
result of that function would be (it'd be typed int -> int, that is
clear).  Even a simple question like "does f 3 even terminate?" is not at 
all obvious, let alone what answer it'd return.

Rewritting it makes it more obvious:

let rec f x =
    let f x = 2 + (f x)
    and x = 3
    in
    let x = f (x + 3) in
    f (2 * x)
;;

Hmm.  Opps- I do have an infinite recursion, don't I?

The solution to the five-deep let clauses is to cut them out to be their 
own top-level functions.  Function calls aren't that expensive.  And Ocaml 
is very good (IMHO maybe even a little too aggressive) about inlining 
functions where it's worthwhile.  And doesn't necessarily inline inner 
functions automatically either.  In poking around in the assembler output 
of various ocaml code I've written, the compiler will often take a 
complicated inner function and compile it like a stand-alone function.
Function calls simply aren't that expensive.

But the point here is that you're not gaining anything by using inner 
functions vr.s outer functions.  If you've got a big, unmanageable 
function, hack it apart into smaller stand-alone subfunctions.

-- 
"Usenet is like a herd of performing elephants with diarrhea -- massive,
difficult to redirect, awe-inspiring, entertaining, and a source of
mind-boggling amounts of excrement when you least expect it."
                                - Gene Spafford 
Brian

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Eray Ozkural]

On Wednesday 21 January 2004 01:00, Brian Hurt wrote:
> That peice of code would be equivelent to:
> let _ =
>     let x = g () in
>     f x
> ;;
>
> So precision isn't lost, just hidden.
>
> I would think the following might be more of a problem:
>
> let x = ... ;;
>
> let _ = f x
> (* at this point, does the compiler know which x to use? *)
> where x = g ()
> ;;
>

Compiler knows which x to use, let and which differ only in syntax! Semantics 
is the same.

> Even more hideous possibilities arise:
>
> let rec f x =
>     let x = f (x + 3)
>     in
>     f (2 * x)
>     where f x = 2 + (f x)
>     and x = 3
> ;;
>
> I admit that I can't follow which fs and which xs are which, and what the
> result of that function would be (it'd be typed int -> int, that is
> clear).  Even a simple question like "does f 3 even terminate?" is not at
> all obvious, let alone what answer it'd return.
>
[snip]

Yes, admittedly, it's a terrible code :)

However, I will unfortunately have to insist that "where" is neither redundant 
nor error prone. It's one of the most elegant syntactic sugar's I've seen in 
a long long while. Especially when you are writing down a mathematical 
formulae, it makes things clearer. Putting every little variable in module 
scope isn't a substitute for me.

What I meant was that the absence of "where" in ocaml does not seem to me "by 
design" as another poster claimed. Ocaml is not (and quite possibly cannot 
be) the perfect language although it is the best programming language 
IMHO!!!!

Cheers,

-- 
Eray Ozkural (exa) <erayo@cs.bilkent.edu.tr>
Comp. Sci. Dept., Bilkent University, Ankara  KDE Project: http://www.kde.org
www: http://www.cs.bilkent.edu.tr/~erayo  Malfunction: http://mp3.com/ariza
GPG public key fingerprint: 360C 852F 88B0 A745 F31B  EA0F 7C07 AE16 874D 539C

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[David Brown]

On Wed, Jan 21, 2004 at 01:48:19AM +0200, Eray Ozkural wrote:

> Compiler knows which x to use, let and which differ only in syntax! Semantics 
> is the same.

Does it?

let f a =
  let a = a + 1 in
  a
  where a = a + 2

What does this function do?  You could argue for any result a, (a+1),
(a+2), or (a+3).  The casual definition of the where clause doesn't
specify precedence.  Obviously, an implementation would have to chose
one, but there is no clear reason one choice is better than the other.

Dave

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Eray Ozkural]

On Wednesday 21 January 2004 02:34, David Brown wrote:
> On Wed, Jan 21, 2004 at 01:48:19AM +0200, Eray Ozkural wrote:
> > Compiler knows which x to use, let and which differ only in syntax!
> > Semantics is the same.
>
> Does it?
>
> let f a =
>   let a = a + 1 in
>   a
>   where a = a + 2
>
> What does this function do?  You could argue for any result a, (a+1),
> (a+2), or (a+3).  The casual definition of the where clause doesn't
> specify precedence.  Obviously, an implementation would have to chose
> one, but there is no clear reason one choice is better than the other.

Have a look at Haskell's syntax rules, they work well enough. This is again 
just syntax, it's not a big deal. If the programmer feels the chosen 
syntactic rules make some of his code look ambiguous he may elect
  a) not to use "where"
  b) use blocks to properly indicate scoping, which is just as valid for 
complex use of let!

-- 
Eray Ozkural (exa) <erayo@cs.bilkent.edu.tr>
Comp. Sci. Dept., Bilkent University, Ankara  KDE Project: http://www.kde.org
www: http://www.cs.bilkent.edu.tr/~erayo  Malfunction: http://mp3.com/ariza
GPG public key fingerprint: 360C 852F 88B0 A745 F31B  EA0F 7C07 AE16 874D 539C

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Eray Ozkural]

On Wednesday 21 January 2004 02:34, David Brown wrote:
> What does this function do?  You could argue for any result a, (a+1),
> (a+2), or (a+3).  The casual definition of the where clause doesn't
> specify precedence.  Obviously, an implementation would have to chose
> one, but there is no clear reason one choice is better than the other.

I guess some syntactic constructs are fairly subjective. I wonder what the 
designers thought of a where clause.

Regards,

-- 
Eray Ozkural (exa) <erayo@cs.bilkent.edu.tr>
Comp. Sci. Dept., Bilkent University, Ankara  KDE Project: http://www.kde.org
www: http://www.cs.bilkent.edu.tr/~erayo  Malfunction: http://mp3.com/ariza
GPG public key fingerprint: 360C 852F 88B0 A745 F31B  EA0F 7C07 AE16 874D 539C

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Shawn Wagner]

On Wed, Jan 21, 2004 at 04:34:47AM +0200, Eray Ozkural wrote:
> On Wednesday 21 January 2004 02:34, David Brown wrote:
> > What does this function do?  You could argue for any result a, (a+1),
> > (a+2), or (a+3).  The casual definition of the where clause doesn't
> > specify precedence.  Obviously, an implementation would have to chose
> > one, but there is no clear reason one choice is better than the other.
> 
> I guess some syntactic constructs are fairly subjective. I wonder what the 
> designers thought of a where clause.
> 

Could it be done as a syntax extension via camlp4?

-- 
Shawn Wagner
shawnw@speakeasy.org

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Andreas Rossberg]

David Brown wrote:
> 
> Does it?
> 
> let f a =
>   let a = a + 1 in
>   a
>   where a = a + 2
> 
> What does this function do?  You could argue for any result a, (a+1),
> (a+2), or (a+3).  The casual definition of the where clause doesn't
> specify precedence.  Obviously, an implementation would have to chose
> one, but there is no clear reason one choice is better than the other.

It is not obvious, since there is a another, strictly better choice: the 
grammer could simply give let and where same precedence and disallow 
mixing them without parentheses.

	- Andreas

-- 
Andreas Rossberg, rossberg@ps.uni-sb.de

"Computer games don't affect kids; I mean if Pac Man affected us
  as kids, we would all be running around in darkened rooms, munching
  magic pills, and listening to repetitive electronic music."
  - Kristian Wilson, Nintendo Inc.

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Brian Hurt]

On Wed, 21 Jan 2004, Eray Ozkural wrote:

> On Wednesday 21 January 2004 01:00, Brian Hurt wrote:
> > I would think the following might be more of a problem:
> >
> > let x = ... ;;
> >
> > let _ = f x
> > (* at this point, does the compiler know which x to use? *)
> > where x = g ()
> > ;;
> >
> 
> Compiler knows which x to use, let and which differ only in syntax! Semantics 
> is the same.

It's not the compiler I worry about, it's the poor maintainance 
programmer.

-- 
"Usenet is like a herd of performing elephants with diarrhea -- massive,
difficult to redirect, awe-inspiring, entertaining, and a source of
mind-boggling amounts of excrement when you least expect it."
                                - Gene Spafford 
Brian

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Kenneth Knowles]

> Give me the
> choice of shooting myself in the foot if I want to.

Type systems, orthogonal syntax, garbage collection...
Removing this choice is much of what programming language design is about.

I fully agree that having a syntactic integration of regular expressions is a
good idea (via camlp4 of course), but if you want to be able to shoot yourself
in the foot I strongly recommend C++ :-)

-Kenn

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[David Brown]

On Mon, Jan 19, 2004 at 06:46:40PM +0100, Markus Mottl wrote:

> All you need to do is create a toplevel using the "-custom"-flag, e.g.:
> 
>   ocamlmktop -custom -o mytop
> 
> This is required under Unix, because only binary executables can be used
> for interpretation due to security concerns.

Oddly enough, it works anyway on OSX.  Should I report this as a
security problem to Apple?

Dave Brown

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Markus Mottl]

On Mon, 19 Jan 2004, David Brown wrote:
> On Mon, Jan 19, 2004 at 06:46:40PM +0100, Markus Mottl wrote:
> 
> > All you need to do is create a toplevel using the "-custom"-flag, e.g.:
> > 
> >   ocamlmktop -custom -o mytop
> > 
> > This is required under Unix, because only binary executables can be used
> > for interpretation due to security concerns.
> 
> Oddly enough, it works anyway on OSX.  Should I report this as a
> security problem to Apple?

Well, there are certainly some risks associated with this "feature".  It's
much easier to replace scripts (= plain text) than binary executables,
i.e. Trojan horses can enter the game more easily. The Linux manpage on
"execve" states:

  execve() executes the program pointed to by filename.  filename must
  be either  a  binary  executable,  or a script starting with a line of
  the form "#! interpreter [arg]".  In the latter case, the interpreter
  must be  a  valid  pathname  for an executable which is not itself a
  script, which will be invoked as interpreter [arg] filename.

Having interpreters become Trojan horses is a very bad thing indeed,
because they are much more likely to be called by unsuspecting users...

Regards,
Markus

-- 
Markus Mottl          http://www.oefai.at/~markus          markus@oefai.at

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[David Brown]

On Mon, Jan 19, 2004 at 08:15:13PM +0100, Markus Mottl wrote:

>   execve() executes the program pointed to by filename.  filename must
>   be either  a  binary  executable,  or a script starting with a line of
>   the form "#! interpreter [arg]".  In the latter case, the interpreter
>   must be  a  valid  pathname  for an executable which is not itself a
>   script, which will be invoked as interpreter [arg] filename.

Interesting, since this case works just fine on my linux machine as
well.

Dave

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[Richard Jones]

On Mon, Jan 19, 2004 at 06:57:46PM +0100, Luc Maranget wrote:
> Of course programmers have to type a bit more
> where you wrote ``bar(foo)*''
> you now write ``seq [str "bar" ; rep (str "foo")]''
> (or 
> let bar = str "bar"
> and foo = str "foo" in
> seq [bar ; rep foo])

Ack!  I don't like that at all :-(

Rich.

-- 
Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
PTHRLIB is a library for writing small, efficient and fast servers in C.
HTTP, CGI, DBI, lightweight threads: http://www.annexia.org/freeware/pthrlib/

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners

Re: [Caml-list] ANNOUNCE: mod_caml 1.0.6 - includes security patch

[skaller]

On Mon, 2004-01-19 at 21:13, Luc Maranget wrote:

> > match str with
> > 	| /ab+/ -> ...
> > 	| /foo(bar)*/ -> ...
> > 
> > etc.  The compiler could then combine all the matchings into a single DFA, 
> > improving performance over code like:
> > 
> Hello,
> 
> I am not exactly sure I understand your needs. But you should probably have a
> look at ocamllex.

Ocamllex is too heavy weight. 

-- 
John Max Skaller, mailto:skaller@tpg.com.au
snail:25/85c Wigram Rd, Glebe, NSW 2037, Australia.
voice:61-2-9660-0850. Checkout Felix: http://felix.sf.net




-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners