How about adding NEW Special Tokens?? For ease and Security

Wed May 25 06:45:46 PDT 2011

Am 25.05.2011 15:43, schrieb KennyTM~:
> On May 25, 11 16:29, Matthew Ong wrote:
>> Hi all,
>>
>> These 2 tokens are very useful for debugging and also trouble shooting
>> during exceptions time and even implementing logging api similar to
>> log4j:
>> I do understand that this are compile time information and they are
>> static.
>>
>> __FILE__ // prints something like D:\User\Project\...\MyMod.d
>> I do not like this full path format because it might give hacker some
>> idea when of server directory layout structure for webbase cgi / layout,
>> accidentally by junior developer because of mis handled exceptions.
>> __LINE__ // some line number.
>>
>> How about keeping those 2 and also adding some new compile time
>> information's tokens:
>> 1) __FILENAME__ // prints only MyMod.d
> 
> std.path.basename(__FILE__);
> 
>> 2) __MODULE__ // prints the full module name. eg: std.c.windows
> 
> .stringof[7 .. $]
> 
>> 3) __FUNCNAME__ // prints the function name.
> 
> If we had __function (see
> http://d.puremagic.com/issues/show_bug.cgi?id=5140), then it would be
> 
> __traits(identifier, __function)
> 
> Also check
> http://www.digitalmars.com/d/archives/digitalmars/D/FUNCTION_implemented_with_mixins_and_mangles_92055.html
> 
> 
>> 4) __BLOCKNAME__ // perhaps another name, but prints
>> class/struct/interface/template... name. If is global, print global.
>> 5) __DEBUGLINE__ // prints __MODULE__ ~ __BLOCKNAME__ ~ __FUNCNAME__ ~
>> __LINE__
> 
> Just define that function if you need it.
> 
> string __DEBUGLINE__() {
>     return __MODULE__ ~ ":" ~ ...;
> }
> 

are you sure this works? this probably returns the module etc where
__DEBUGLINE__ resides and not the module etc from where it's called.

>>
>> The reasons for those are:
>> 1) to make the life of coder simple instead of having to every time call
>> a template function/function to trim those information.
>> 2) Some time the code does gets move around within a large project due
>> to re-factoring and remodeling. Having only the file name & line number
>> might loose the
>>
>> I am rather sure that the compiler will have some Abstract Syntax Tree
>> in memory to map value for such tokens.
>>
>> It would be even more cool if there is some immutable runtime special
>> tokens:
>> 1) __LOGIN__ // Current user login id, eg: johnchia
>> 2) __UID__ // User login number, eg: 0, 304,1234,...
>> 3) __PID__ // Current program process id
>> 4) __PPID__ // Parent process id
>> 5) __STIME__ // Start time, date time,2011-02-23 14:45, to see if there
>> is a long over due program.
>> 6) __CMDLINE__ // prints full path name C:\Program
>> Files\Notepad++\notepad.exe
>> 7) __TOTMEM__ // Total amount of memory being used. Read Only, but
>> dynamic.
>> 8) __MAXMEM__ // Max amount of memory allocated for this process.Read
>> Only, but dynamic. (perhaps a new setting may be done at the library or
>> function somewhere to limit the total amount of memory being allocated
>> by code.) I find that such setting are very useful to limit such within
>> a multi-threaded and multi-tasking application such as a web server. I
>> helps to reduce the amount of paging needed during runtime and stabilise
>> the system.
> 
> -8.
> 
> Use those functions (getuid(), getpid(), etc.) if you need those values.
> Why make them look like compile-time special tokens?
> 
>>
>> These runtime tokens will be very useful for developer to do secure
>> coding to check for some runtime Access Control Information or
>> preventing denial of service and maybe anti buffer over flowing attacks.
>>
>> Perhaps the runtime special information are already available. If not,
>> that might be in the future version.
>>
>>
>>
> 