develooper Front page | perl.perl5.porters | Postings from February 2014

In-test response to a change in the meaning of -T (was: Compileoption to disable taint mode: speedup)

Thread Previous | Thread Next
Peter Rabbitson
February 10, 2014 10:13
In-test response to a change in the meaning of -T (was: Compileoption to disable taint mode: speedup)
Message ID:
On Wed, Oct 10, 2012 at 07:28:17AM +0200, Steffen Mueller wrote:
> On 10/10/2012 12:04 AM, Greg Lindahl wrote:
> >On Tue, Oct 09, 2012 at 11:29:45PM +0200, Leon Timmermans wrote:
> >>On Tue, Oct 9, 2012 at 10:42 PM, Vincent Pit <> wrote:
> >>>Note that disabling taint mode would make it very difficult to install many
> >>>modules from the CPAN, as a lot of tests are run in taint mode (it was
> >>>considered "good practice" some time ago).
> >>
> >>You could conditionally ignore that on a TAP::Harness level.
> >
> >If we're going to say that disabling taint works, someone should
> >figure out a way to smoke it, and then smoke every release with taint
> >disabled. Friends don't encourage friends to use unsmoked features!
> >
> >This is the cost of turning this from an experiment into something
> >people will regularly use.
> >
> >We'd be willing to help out, but I'm not sure if we're up to smoking
> >CPAN on a regular basis.
> This "CPAN modules use it in tests" business is the main reason why
> for work, I'd probably build it to ignore -t/-T. It's just that I'd
> rather not be on public record saying that *others* should do the
> same. :)
> On a side note, the 10% figure was on a particular micro-benchmark.
> Nicholas ran mktables as a benchmark on his Mac using the
> avoid-alignment-noise options. He found an improvement of about 1%.
> Callgrind on my machine seems to agree about losing roughly 1-2% of
> instructions.
> Big question is what -t/-T should do by default. Maybe have two
> Configure options. NO_TAINT_SUPPORT (exception on -t/-T) and
> Still, some tests would fail if they explicitly test taint mode.
> Making those pass would require exposing "do I have taint mode" to
> perl.

Since I ran across taint fixups recently, I decided to take a look at 
this more in depth. The result is [1], figured it is worth sharing. The 
concept can very well be encapsulated into Test::More::WithTaint or 
somesuch, and anyone who fails a tainted test can be told to 'just add a 
use X' without having to change any code at all.



Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About