We are forking D (page 6)

Settings

Help

Index » General » We are forking D (page 6)

January 06

Re: We are forking D

Posted by matheus
in reply to H. S. Teoh

Permalink

matheus

Posted in reply to H. S. Teoh

Permalink

On Friday, 5 January 2024 at 19:21:36 UTC, H. S. Teoh wrote:
> ...
> DIP1036 is already merged and working. E.g., the following works today:
> ...

Already!? - I need to check this but I couldn't find any nightly build (The currently Readme points to original Dlang), so I think I will need to build myself?

Matheus.

January 06

Re: We are forking D

Posted by matheus
in reply to Bastiaan Veelo

Permalink

matheus

Posted in reply to Bastiaan Veelo

Permalink

On Saturday, 6 January 2024 at 13:18:40 UTC, Bastiaan Veelo wrote:
> ...

With the risk of putting myself in hot waters, my understanding (I may be wrong!) is that after the xmas incident, Adam posts were under moderation and he went lay low mode around this mailing list.

So I'd suggest you to talk to Adam directly over IRC #opend which I think it will reach him fast.

Matheus.

January 06

Re: We are forking D

Posted by H. S. Teoh
in reply to matheus

Permalink

H. S. Teoh

Posted in reply to matheus

Permalink

On Sat, Jan 06, 2024 at 01:53:18PM +0000, matheus via Digitalmars-d wrote:
> On Friday, 5 January 2024 at 19:21:36 UTC, H. S. Teoh wrote:
> > ...
> > DIP1036 is already merged and working. E.g., the following works today:
> > ...
> 
> Already!? - I need to check this but I couldn't find any nightly build (The currently Readme points to original Dlang), so I think I will need to build myself?
[...]

Thanks to the recent unified Makefile (which happened before the fork), you can just git clone dmd and phobos (under the same parent directory) and run Make in each, and you should get a working compiler.

T

-- 
Change is inevitable, except from a vending machine.

January 06

Re: We are forking D

Posted by IGotD-
in reply to matheus

Permalink

IGotD-

Posted in reply to matheus

Permalink

On Saturday, 6 January 2024 at 13:53:18 UTC, matheus wrote:
>
> Already!? - I need to check this but I couldn't find any nightly build (The currently Readme points to original Dlang), so I think I will need to build myself?

Yes, the fork was announced just a few days ago and the CI system has not yet been built up.

January 06

Re: We are forking D

Posted by Mengu
in reply to H. S. Teoh

Permalink

Mengu

Posted in reply to H. S. Teoh

Permalink

On Saturday, 6 January 2024 at 14:44:07 UTC, H. S. Teoh wrote:
> On Sat, Jan 06, 2024 at 01:53:18PM +0000, matheus via Digitalmars-d wrote:
>> On Friday, 5 January 2024 at 19:21:36 UTC, H. S. Teoh wrote:
>> > ...
>> > DIP1036 is already merged and working. E.g., the following works today:
>> > ...
>> 
>> Already!? - I need to check this but I couldn't find any nightly build (The currently Readme points to original Dlang), so I think I will need to build myself?
> [...]
>
> Thanks to the recent unified Makefile (which happened before the fork), you can just git clone dmd and phobos (under the same parent directory) and run Make in each, and you should get a working compiler.
>
>
> T

except for apple silicon :-)

January 06

Re: We are forking D

Posted by Meta
in reply to matheus

Permalink

Meta

Posted in reply to matheus

Permalink

On Saturday, 6 January 2024 at 14:39:44 UTC, matheus wrote:
> On Saturday, 6 January 2024 at 13:18:40 UTC, Bastiaan Veelo wrote:
>> ...
>
> With the risk of putting myself in hot waters, my understanding (I may be wrong!) is that after the xmas incident, Adam posts were under moderation and he went lay low mode around this mailing list.
>
> So I'd suggest you to talk to Adam directly over IRC #opend which I think it will reach him fast.
>
> Matheus.

What happened on Christmas?

January 06

Re: We are forking D

Posted by H. S. Teoh
in reply to matheus

Permalink

H. S. Teoh

Posted in reply to matheus

Permalink

On Sat, Jan 06, 2024 at 01:53:18PM +0000, matheus via Digitalmars-d wrote:
> On Friday, 5 January 2024 at 19:21:36 UTC, H. S. Teoh wrote:
> > ...
> > DIP1036 is already merged and working. E.g., the following works today:
> > ...
> 
> Already!? - I need to check this but I couldn't find any nightly build (The currently Readme points to original Dlang), so I think I will need to build myself?
[...]

Thought I'd showcase what the string interpolation tuple DIP can do, which currently compiles with the forked compiler and behaves as advertised:

````
// Taken from Adam's interpolation-examples repo
// (https://github.com/adamdruppe/interpolation-examples)
module demo.sql;

import arsd.sqlite;
import lib.sql;

import std.stdio;

void main() {
	auto db = new Sqlite(":memory:");
	db.query("CREATE TABLE sample (id INTEGER, name TEXT)");

	// you might think this is sql injection... but it isn't! the lib
	// uses the rich metadata provided by the interpolated sequence to
	// use prepared statements appropriate for the db engine under the hood
	int id = 1;
	string name = "' DROP TABLE', '";
	db.execi(i"INSERT INTO sample VALUES ($(id), $(name))");

	foreach(row; db.query("SELECT * from sample"))
		writeln(row[0], ": ", row[1]);
}
````

This compiles with the forked compiler today, and correctly handles the dangerous string `name` that imitates a SQL injection attack. Thanks to the compile-time information provided by the interpolation tuple, the backend code is able to understand that the contents of `name` is string data to be bound to a SQL placeholder rather than copied verbatim into a SQL query string (which would have allowed the SQL injection attack to work), so it is able to safely store the data as a harmless string inside the database.

Output (note that the string "' DROP TABLE', '" is stored as a string, and the attempted SQL injection did not work):

----------------
1: ' DROP TABLE', '
----------------

Noteworthy is the fact that the competing string interpolation proposals are *not* immune to this sort of SQL injection attack, because premature conversion of the i"" literal to string *would* result in a successful injection.

My personal hope is that the string interpolation tuple DIP would go through in the official version of D and we would all benefit from it, rather than have the current stalemate continue for another who knows how many years.

T

-- 
Unix was not designed to stop people from doing stupid things, because that would also stop them from doing clever things. -- Doug Gwyn

January 07

Re: We are forking D

Posted by Walter Bright
in reply to H. S. Teoh

Permalink

Walter Bright

Posted in reply to H. S. Teoh

Permalink

On 1/6/2024 9:35 PM, H. S. Teoh wrote:
> Noteworthy is the fact that the competing string interpolation proposals
> are *not* immune to this sort of SQL injection attack, because premature
> conversion of the i"" literal to string *would* result in a successful
> injection.

The same technique of having a template take the generated tuple and modifying it as it sees fit works with DIP1027, too. I posted an example here in the last debate about this.

The tuple generated from the istring is passed to a template that accepts tuples. The format string is the first element in the tuples, and it is a string literal. The template reads the format string character by character, generating a new format string as it goes. It examines the format specifications, and the type of the corresponding tuple argument, and adjusts the output to the new format string as required.

The template then returns the new tuple which consists of the new format string followed by the arguments.

It's true that in order for this to work,

```
db.execi(i"INSERT INTO sample VALUES ($(id), $(name))");
```
would need to be written as:
```
db.execi(xxx!(i"INSERT INTO sample VALUES ($(id), $(name))"));
```
where `xxx` is the thoroughly unimaginative name of the transformer template.

Is adding the template call an undue burden? Follow the call to deb.execi() with:

```
std.stdio.writeln(i"id = ($(id), name = $(name)");
```
I haven't tried this myself, as I don't have sql on my machine, but I expect the output to stdout would not be what one would expect. I.e. The imported Interpolation functions will produce what is right for sql, not writeln, which would be in error.

Since you do have this setup, please give this line a try and let us know what it prints.

January 07

Re: We are forking D

Posted by Paolo Invernizzi
in reply to Walter Bright

Permalink

Paolo Invernizzi

Posted in reply to Walter Bright

Permalink

On Sunday, 7 January 2024 at 09:04:16 UTC, Walter Bright wrote:
> On 1/6/2024 9:35 PM, H. S. Teoh wrote:
>> Noteworthy is the fact that the competing string interpolation proposals
>> are *not* immune to this sort of SQL injection attack, because premature
>> conversion of the i"" literal to string *would* result in a successful
>> injection.
>
> The same technique of having a template take the generated tuple and modifying it as it sees fit works with DIP1027, too. I posted an example here in the last debate about this.
>
> The tuple generated from the istring is passed to a template that accepts tuples. The format string is the first element in the tuples, and it is a string literal. The template reads the format string character by character, generating a new format string as it goes. It examines the format specifications, and the type of the corresponding tuple argument, and adjusts the output to the new format string as required.
>
> The template then returns the new tuple which consists of the new format string followed by the arguments.
>
> It's true that in order for this to work,
>
> ```
> db.execi(i"INSERT INTO sample VALUES ($(id), $(name))");
> ```
> would need to be written as:
> ```
> db.execi(xxx!(i"INSERT INTO sample VALUES ($(id), $(name))"));
> ```
> where `xxx` is the thoroughly unimaginative name of the transformer template.
>
> Is adding the template call an undue burden? Follow the call to deb.execi() with:
>
> ```
> std.stdio.writeln(i"id = ($(id), name = $(name)");
> ```
> I haven't tried this myself, as I don't have sql on my machine, but I expect the output to stdout would not be what one would expect. I.e. The imported Interpolation functions will produce what is right for sql, not writeln, which would be in error.
>
> Since you do have this setup, please give this line a try and let us know what it prints.

In our codebase, we are binding of local variables to sql parameters with something like:

  mixin( BindParameters!actualQuery );

Also that way of doing it is not 'an undue burden'.

The whole point is, well, let's move on and simplify it!

DIP1036 could allow us to do that, with better library code and more encapsulation, your proposal simply can't do that without what you call 'more burden'.

Long story short: in our codebase, we will stick with mixins with your proposal merged, on the contrary, we will use DIP1036 functionalities if merged.

/P

January 07

Re: We are forking D

Posted by bomat
in reply to Don Allen

Permalink

bomat

Posted in reply to Don Allen

Permalink

On Thursday, 4 January 2024 at 03:12:48 UTC, Don Allen wrote:

I view this development positively. The constant strife I've observed as a latecomer to D, but as someone who has done and managed software development for a very long time, was clearly not healthy or accomplishing anything other than wasting peoples' energy, because it wasn't converging. This divorce will hopefully allow the disagreements to be resolved on technical merits.

Also being a newcomer to the language, I quite agree. While it's sad to see a split in a language that is already niche as it is, I try to see the positive sides (as Abdulhaq wrote, forking is better than quitting), and I hope that everyone can gain new insights by having a direct comparison between different approaches.

Having said that, I want to express my great respect for what Walter and the others responsible for D have accomplished.

Seconded! At the same time however, I want to express respect towards Adam D Ruppe. I don't know him at all, but I have enjoyed his D Cookbook and, although discussions may have become a bit too heated, I respect people with so much passion for a project.

Given its conservative objectives (as opposed to something like Haskell or even Rust -- "here's a new way to think about computer programming"), I think D is very, very good...

Again, agreed! When I see the syntax of a lot of self-proclaimed "C-Killers", I can't help but wonder if things really have to be that ugly...

... and as a long-time language enthusiast, I'm familiar with the competition, such as Nim and Zig (which isn't really competition because it is still far from releasable quality, both the software and documentation).

And yet, I feel like Zig is already getting more attention than D. Just my impression, I'm not going to speculate why that is.

That D hasn't taken over the world is beside the point; good things aren't always popular, e.g., Scheme, and sometimes bad things are very popular, e.g., Windows, JavaScript, C/C++.

Now this is the point where I have to totally disagree with you. It doesn't suffice for a system to be well designed and great to use "in theory", there must also be tooling, documentation, thousands if not millions of samples, and an active community.
Otherwise it will not feel safe to embrace it - certainly not for companies, but to a lesser extent for every single developer.
If you look at your list of examples again - regardless if you deem them "good" or "bad" - this is something that every single one of them has, and which their competitors don't.
If you google for a problem/question you have with any of the mentioned things, you are very likely to find a viable solution.

In short, in order for something to be successful, it already has to be successful. This is a paradox that has been written about a lot and by much smarter people than me, and it is mysterious to most why some few projects have achieved to get over this hump while millions of others haven't.

This brings me back to the beginning of my post where I lamented the split of an already niche language. Again, I hope that the motto "unity is strength" does not apply in this case and that everyone keeps open minded enough to profit from each other.

Top | Forum index | About this forum

Forums