develooper Front page | perl.perl5.porters | Postings from February 2014

In-test response to a change in the meaning of -T (was: Compileoption to disable taint mode: speedup)

Thread Previous | Thread Next
From:
Peter Rabbitson
Date:
February 10, 2014 10:13
Subject:
In-test response to a change in the meaning of -T (was: Compileoption to disable taint mode: speedup)
Message ID:
20140210101336.GA30748@rabbit.us
On Wed, Oct 10, 2012 at 07:28:17AM +0200, Steffen Mueller wrote:
> On 10/10/2012 12:04 AM, Greg Lindahl wrote:
> >On Tue, Oct 09, 2012 at 11:29:45PM +0200, Leon Timmermans wrote:
> >>On Tue, Oct 9, 2012 at 10:42 PM, Vincent Pit <perl@profvince.com> wrote:
> >>>Note that disabling taint mode would make it very difficult to install many
> >>>modules from the CPAN, as a lot of tests are run in taint mode (it was
> >>>considered "good practice" some time ago).
> >>
> >>You could conditionally ignore that on a TAP::Harness level.
> >
> >If we're going to say that disabling taint works, someone should
> >figure out a way to smoke it, and then smoke every release with taint
> >disabled. Friends don't encourage friends to use unsmoked features!
> >
> >This is the cost of turning this from an experiment into something
> >people will regularly use.
> >
> >We'd be willing to help out, but I'm not sure if we're up to smoking
> >CPAN on a regular basis.
> 
> This "CPAN modules use it in tests" business is the main reason why
> for work, I'd probably build it to ignore -t/-T. It's just that I'd
> rather not be on public record saying that *others* should do the
> same. :)
> 
> On a side note, the 10% figure was on a particular micro-benchmark.
> Nicholas ran mktables as a benchmark on his Mac using the
> avoid-alignment-noise options. He found an improvement of about 1%.
> Callgrind on my machine seems to agree about losing roughly 1-2% of
> instructions.
> 
> Big question is what -t/-T should do by default. Maybe have two
> Configure options. NO_TAINT_SUPPORT (exception on -t/-T) and
> SILENT_NO_TAINT_SUPPORT (ignore -t/-T).
> 
> Still, some tests would fail if they explicitly test taint mode.
> Making those pass would require exposing "do I have taint mode" to
> perl.

Since I ran across taint fixups recently, I decided to take a look at 
this more in depth. The result is [1], figured it is worth sharing. The 
concept can very well be encapsulated into Test::More::WithTaint or 
somesuch, and anyone who fails a tainted test can be told to 'just add a 
use X' without having to change any code at all.

[1] https://github.com/dbsrgits/dbix-class/commit/ade96c1f#diff-5084a4f11dec04497be5c5a23996f4d1R5

Cheers


Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About