Joerg Hoehle <firstname.lastname@example.org> wrote:
| email@example.com (Rob Warnock) writes:
| > CMUCL has weak pointers and weak hashtables (and also supports
| > finalization), but from looking at the source it would seem
| > that symbol tables *don't* use normal hashtables [they use
| > a specialized internal "package-hashtable" type], and thus
| > can't use weak hashtables! (Oops.)
| Rob, if you manage to change the way an implementation manages symbol
| tables, then you're clearly hacking a particular version of that
| implementation. -- You shouldn't do that.
Uh... I think you have me confused with the OP who started this
thread. I wasn't proposing to hack *anything*, only describing
how I think current CMUCL actually behaves in this regard.
Specifically, it doesn't appear that symbols are "weak" in CMUCL,
even if they have no "contents" (e.g., a global or function or
| Your posting seems to imply that cmucl is in a worse position than the
| other CL implementations because it does not use "normal" hashtables
| for symbol tables. This is IMHO not justified.
I was not criticizing in any way. I was only trying to describe
the details of what I *saw* when I looked at the CMUCL source.
Remember, the immediately-previous poster (Wade Humeniuk) had
listed a bunch of implementations with various kinds of weak
references, saying "...and (I think) CMUCL...", and I was simply
clarifying the extent to which [as I saw it] CMUCL matched the
rest of the implementations in that list.
In the process, I noticed that while it *does* provide weak
hash-tables, it doesn't use them for its own symbol tables,
and also that its own symbol tables didn't seem to support
GC'ing symbols that were no longer referenced. Thus it --
AND PROBABLY MOST OTHER CL IMPLEMENTATIONS!! -- appears to be
vulnerable to the OP's hypothesized XML->keyword-package DoS
attack. That's all.
| Instead, you should use a portable library of weak tables[*] (IIRC I
| heard someone write that) and roll your own XML element identifiers,
| as others suggested.
Again, you're confusing me with the OP who was asking about
the possibility of an XML->keyword-package DoS attack. I'm not
doing anything with XML myself. [At least, not if I can help it!!]
Rob Warnock <firstname.lastname@example.org>
627 26th Avenue <URL:http://rpw3.org/>
San Mateo, CA 94403 (650)572-2607