adrift on a cosmic ocean

Writings on various topics (mostly technical) from Oliver Hookins and Angela Collins. We have lived in Berlin since 2009, have two kids, and have far too little time to really justify having a blog.

Safety and discipline in coding

Posted by Oliver on the 28th of January, 2014 in category Tech
Tagged with: public_sendruby

A couple of years ago now at least, at my previous employer, I was just starting to feel reasonably comfortable with Ruby. I can attribute a large part of that to having had a great boss who gave me the time to sink a bunch of time into coding up our IaaS and Config Management systems while still being effectively a Systems Administrator, and another large part to reading Metaprogramming Ruby. A lot of the knowledge from the book has now seeped out of my brain, but it is an excellent read and I thoroughly recommend it if you want to know more about Ruby. I think it was on recommendation from Cody Herriges or Ken Barber of Puppet Labs, maybe both - cheers, whoever it was!

Feeling like Ruby was simply the best thing, I was quite quickly cut down by other coworkers with more development experience than I when topics such as Object#method_missing and Object#send were brought up. To a non-Rubyist I can see how these look like gaping vulnerabilities just waiting to be abused, and to be fair they can be (and are abused a lot). Of course, they are also staples of metaprogramming and require discipline and awareness of how to use them safely in that paradigm.

Specifically around the case of Object#send we were comparing method visibility functionality between Ruby, Python and perhaps Java. Ruby seemed to be quite understandable in this regard but the obvious exception pointed out is that Object#send ignores all visibility rules. Arriving exceptionally late to the party now in 2014 (and in my defence, only as a result of some necessary code-diving and lack of using Ruby much recently) I notice that 1.9 and later includes Object#public_send in its API.

Again, since discipline and awareness should be core developer traits, I don't think it is entirely necessary but it is nice that the API evolved to address the need for better use of built-in method visibility controls. As for me, hopefully I can reduce my cycle time of finding new language features down from years to just a few months :)

© 2010-2018 Oliver Hookins and Angela Collins