sci

devn 2022-05-10T02:40:08.829039Z

new version of http://getclojure.org is up backed by elasticsearch. It's so cool to have SCI because many things like (defn …) were barred from running in clojail, but not so in SCI. As a result the set of expressions that run successfully tripled to around 57,000

🎉 2
devn 2022-05-10T02:40:55.158269Z

for most queries the first page will bore you, and the last page for the query will be… interesting

devn 2022-05-10T02:42:55.835869Z

There's some cleanup to do and ranking to do for short exprs and as you mentioned things which return fns and such, but I just cracked up when I searched for iterate. Go to the last page.

devn 2022-05-10T02:43:34.852379Z

http://getclojure.org/search?q=iterate&num=14 7 down

😆 1
devn 2022-05-10T02:56:33.775619Z

@borkdude I did find one thing that seems wrong: print-method can pollute everything

devn 2022-05-10T02:58:31.290469Z

If someone runs some code to defmethod print-method for say string, this winds up in the subsequent results

devn 2022-05-10T03:09:30.064739Z

(sci/eval-string "(defmethod print-method String [obj w] (.write w (str \"I'm a string: \" obj)))")

(with-open [w (new StringWriter)]
  (sci/binding [sci/out w]
    (let [res (sci/eval-string "(println \"hello\")")]
      (str w))))

devn 2022-05-10T03:09:44.749489Z

=> "I'm a string: hello\n"

devn 2022-05-10T03:10:09.614619Z

fwiw, this was an issue in clojail as well

borkdude 2022-05-10T03:15:41.516619Z

Good catch. If that bothers you, could you make an issue?

devn 2022-05-10T03:16:57.661099Z

err I should be a bit more clear: it’s not “wrong” per se, but from a “treating SCI as if it’s a sandbox” standpoint, it feels like there is an assumption of a clean context on subsequent runs that doesn’t hold here

devn 2022-05-10T03:17:02.145419Z

and yes, of course!

devn 2022-05-10T03:19:05.583379Z

i know SCI doesn’t necessarily claim to be a sandbox, but for instance

(sci/eval-string "(defn foo [x] (inc x))")
(sci/eval-string "(foo 1)")
rightly fails to resolve symbol foo

borkdude 2022-05-10T03:20:43.599199Z

Yeah, you could either remove print-method or SCI could fix it. The first time I hear this issue. Sandbox is a feature of SCI

devn 2022-05-10T03:21:18.381219Z

it’s a pretty weird one, and i blame chouser for writing this in clojure IRC in like 2011 😄

devn 2022-05-10T03:21:37.767869Z

the defmethod that is

devn 2022-05-10T03:25:06.907549Z

i think im inclined to dig into what it would take to fix it, but of course disallowing it is an option

devn 2022-05-10T03:25:59.961099Z

it feels like an oddity in that it survives separate envs and someone could register print-method and muck up future evaluation

devn 2022-05-10T03:26:05.408769Z

anyway, issue incoming

devn 2022-05-10T03:39:19.496899Z

https://github.com/babashka/sci/issues/726

devn 2022-05-10T03:41:15.084189Z

lmk if there’s anything I can add for context. I’m also happy to take a whack at it. I’m very interested in the “why” of the issue.

borkdude 2022-05-10T04:00:08.125949Z

The why of the issue is that print-method in SCI directly uses the Clojure one and that one uses a global hierarchy

👍 1
devn 2022-05-10T04:01:08.879539Z

i wonder if it’s too involved/causes issues to somehow cleanse the global hierarchy across evaluations

borkdude 2022-05-10T07:33:20.537959Z

That's one of the solutions I was thinking of. Another solution would be to use the hierarchy in the context and make a custom print method

2022-05-10T07:33:25.041299Z

If you're concerned about security, there's still probably some functions or vars that should be off-limit no? print-method might be one of them

borkdude 2022-05-10T07:55:29.232929Z

@didibus most of those things are already not included by default, but print-method slipped through :)

👍 1
borkdude 2022-05-10T08:02:51.398539Z

We already have a custom print-method in SCI: https://github.com/babashka/sci/blob/afc1c010a71a0640a3c4466b7b3a1cce0ad88eee/src/sci/impl/io.cljc#L14 So if we could get access to the ctx + the ctx hierarchy there, we could solve it properly