Subject: Re: INTERN hygiene in Web applications
From: (Rob Warnock)
Date: Wed, 18 Jan 2006 22:25:06 -0600
Newsgroups: comp.lang.lisp
Message-ID: <>
Joerg Hoehle  <> wrote:
| (Rob Warnock) writes:
| > CMUCL has weak pointers and weak hashtables (and also supports
| > finalization), but from looking at the source it would seem
| > that symbol tables *don't* use normal hashtables [they use
| > a specialized internal "package-hashtable" type], and thus
| > can't use weak hashtables! (Oops.)
| Rob, if you manage to change the way an implementation manages symbol
| tables, then you're clearly hacking a particular version of that
| implementation. -- You shouldn't do that.

Uh... I think you have me confused with the OP who started this
thread. I wasn't proposing to hack *anything*, only describing
how I think current CMUCL actually behaves in this regard.
Specifically, it doesn't appear that symbols are "weak" in CMUCL,
even if they have no "contents" (e.g., a global or function or
macro binding).

| Your posting seems to imply that cmucl is in a worse position than the
| other CL implementations because it does not use "normal" hashtables
| for symbol tables. This is IMHO not justified.

I was not criticizing in any way. I was only trying to describe
the details of what I *saw* when I looked at the CMUCL source.
Remember, the immediately-previous poster (Wade Humeniuk) had
listed a bunch of implementations with various kinds of weak
references, saying "...and (I think) CMUCL...", and I was simply
clarifying the extent to which [as I saw it] CMUCL matched the
rest of the implementations in that list.

In the process, I noticed that while it *does* provide weak
hash-tables, it doesn't use them for its own symbol tables,
and also that its own symbol tables didn't seem to support
GC'ing symbols that were no longer referenced. Thus it --
vulnerable to the OP's hypothesized XML->keyword-package DoS
attack. That's all.

| Instead, you should use a portable library of weak tables[*] (IIRC I
| heard someone write that) and roll your own XML element identifiers,
| as others suggested.

Again, you're confusing me with the OP who was asking about
the possibility of an XML->keyword-package DoS attack. I'm not
doing anything with XML myself. [At least, not if I can help it!!]


Rob Warnock			<>
627 26th Avenue			<URL:>
San Mateo, CA 94403		(650)572-2607