info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
EVALUATE in minimum search order
87 views
Skip to first unread message
none albert
Apr 30, 2022, 8:38:56 AM4/30/22
to
I'm doing my taxes and i have to evaluate strings like "4,54"
resulting in a number of cents.
A do a precaution, I want that numbers are only recognized
after ONLY, i.e. in the minimum search order, to prevent
executing of arbitrary strings, such
" ""rm *"" SYSTEM ".
So I begin the dotaxes word
: dotaxes ONLY ... ;
That works in my simple (own) Forth and also in gforth.
I wonder if that is a portable technique?
Groetjes Albert
P.S. My Forth ignores comma's in numbers. It doable by >NUMBER
but that is a pain.
--
"in our communism country Viet Nam, people are forced to be
alive and in the western country like US, people are free to
die from Covid 19 lol" duc ha
albert@spe&ar&c.xs4all.nl &=n http://home.hccnet.nl/a.w.m.van.der.horst
resulting in a number of cents.
A do a precaution, I want that numbers are only recognized
after ONLY, i.e. in the minimum search order, to prevent
executing of arbitrary strings, such
" ""rm *"" SYSTEM ".
So I begin the dotaxes word
: dotaxes ONLY ... ;
That works in my simple (own) Forth and also in gforth.
I wonder if that is a portable technique?
Groetjes Albert
P.S. My Forth ignores comma's in numbers. It doable by >NUMBER
but that is a pain.
--
"in our communism country Viet Nam, people are forced to be
alive and in the western country like US, people are free to
die from Covid 19 lol" duc ha
albert@spe&ar&c.xs4all.nl &=n http://home.hccnet.nl/a.w.m.van.der.horst
Stephen Pelc
Apr 30, 2022, 10:05:10 AM4/30/22
to
On 30 Apr 2022 at 14:38:52 CEST, "none) (albert" <none) (albert> wrote:
> I'm doing my taxes and i have to evaluate strings like "4,54"
> resulting in a number of cents.
> A do a precaution, I want that numbers are only recognized
> after ONLY, i.e. in the minimum search order, to prevent
> executing of arbitrary strings, such
> " ""rm *"" SYSTEM ".
>
> So I begin the dotaxes word
>
> : dotaxes ONLY ... ;
>
> That works in my simple (own) Forth and also in gforth.
>
> I wonder if that is a portable technique?
I'm not convinced that ONLY is sufficiently defined for you.
> I'm doing my taxes and i have to evaluate strings like "4,54"
> resulting in a number of cents.
> A do a precaution, I want that numbers are only recognized
> after ONLY, i.e. in the minimum search order, to prevent
> executing of arbitrary strings, such
> " ""rm *"" SYSTEM ".
>
> So I begin the dotaxes word
>
> : dotaxes ONLY ... ;
>
> That works in my simple (own) Forth and also in gforth.
>
> I wonder if that is a portable technique?
"Set the search order to the implementation-defined minimum search order. The
minimum search order shall include the words FORTH-WORDLIST and SET-ORDER.
"
The ANS/Forth200x/Forth202x failure to define how number separators can be
defined is a problem that forces people to bury tools. MPE Forths have allowed
users to define separators for 25+ years.
Stephen
--
Stephen Pelc, ste...@vfxforth.com
MicroProcessor Engineering, Ltd. - More Real, Less Time
133 Hill Lane, Southampton SO15 5AF, England
tel: +44 (0)23 8063 1441, +44 (0)78 0390 3612, +34 649 662 974
http://www.mpeforth.com - free VFX Forth downloads
Anton Ertl
Apr 30, 2022, 1:41:11 PM4/30/22
to
albert@cherry.(none) (albert) writes:
>I'm doing my taxes and i have to evaluate strings like "4,54"
>resulting in a number of cents.
>A do a precaution, I want that numbers are only recognized
>after ONLY
I assume you mean that you only want to use EVALUATE, but only
>I'm doing my taxes and i have to evaluate strings like "4,54"
>resulting in a number of cents.
>A do a precaution, I want that numbers are only recognized
>after ONLY
recognize numbers.
>i.e. in the minimum search order, to prevent
>executing of arbitrary strings, such
>" ""rm *"" SYSTEM ".
>
>So I begin the dotaxes word
>
>: dotaxes ONLY ... ;
>
>That works in my simple (own) Forth and also in gforth.
Gforth you can break out of ONLY with FORTH (ONLY is not SEAL, and
even SEAL is not what you want). E.g.
only forth
s" evil-command" system
You can also break out of ONLY with FORTH in iForth, lxf, SwiftForth,
and VFX.
If you want to remove all word lists from the search order, use
0 set-order
- anton
--
M. Anton Ertl http://www.complang.tuwien.ac.at/anton/home.html
comp.lang.forth FAQs: http://www.complang.tuwien.ac.at/forth/faq/toc.html
New standard: http://www.forth200x.org/forth200x.html
EuroForth 2021: https://euro.theforth.net/2021
none albert
May 1, 2022, 5:27:44 AM5/1/22
to
In article <2022Apr3...@mips.complang.tuwien.ac.at>,
convention that you can insert " in a string by doubling it.
I was not prepared to invent a string denotation that doesn't
allow me to define strings of printable characters. (AD MMI that was).
>Gforth you can break out of ONLY with FORTH (ONLY is not SEAL, and
>even SEAL is not what you want). E.g.
>
>only forth
>s" evil-command" system
That was what I wanted to prevent. So no forth-wordlist in the
search-order containing the evil `SYSTEM command.
>
>You can also break out of ONLY with FORTH in iForth, lxf, SwiftForth,
>and VFX.
And ciforth. Everybody uses
`` ONLY FORTH ''
That is not the way the standard expects it apparently.
You are supposed to do
`` forth-wordlist 1 set-order ''
because it is not guaranteed that FORTH is in the minimum search order.
(Last time I looked.)
>
>If you want to remove all word lists from the search order, use
>
>0 set-order
The trick^H^H^H^H technique works in gforth and mpe forth.
: test ONLY S" 1 2 3 DROP" EVALUATE ; redefined test ok
test
*evaluated string*:-1: Undefined word
1 2 3 >>>DROP<<<
Backtrace:
...
What you recommend, works also in ciforth and gforth.
ONLY FORTH ok
: test 0 set-order S" 1 2 3 DROP" EVALUATE ; redefined test ok
test
*evaluated string*:-1: Undefined word
1 2 3 >>>DROP<<<
It works more or less in mpe forth, but you cannot recover
from `` 0 set-order '' . You can only type ^C .
`` ONLY FORTH '' doesn't help. This is certainly a
viable interpretation of the standard, making ONLY the
best portable way to have the Forth system understand numbers
("denotations") only.
>- anton
Groetjes Albert
P.S.
I'm doing my taxes, and an unbridled EVALUATE feels not right.
: doit ONLY
"ING1742206_2021.csv" SLURP-FILE TRANSACTIONS 2!
"recipients.txt" SLURP-FILE DONATIONS 2!
process-recipients ;
Making this into a turnkey, it is not a big deal that the (mpe)
interpreter is messed up, so either technique works.
Anton Ertl <an...@mips.complang.tuwien.ac.at> wrote:
>albert@cherry.(none) (albert) writes:
>>I'm doing my taxes and i have to evaluate strings like "4,54"
>>resulting in a number of cents.
>>A do a precaution, I want that numbers are only recognized
>>after ONLY
>
>I assume you mean that you only want to use EVALUATE, but only
>recognize numbers.
>
>>i.e. in the minimum search order, to prevent
>>executing of arbitrary strings, such
>>" ""rm *"" SYSTEM ".
>>
>>So I begin the dotaxes word
>>
>>: dotaxes ONLY ... ;
>>
>>That works in my simple (own) Forth and also in gforth.
>
>It's not clear what's up with the quotes in the example above, but in
As long as the prefix " was not ISO anyway I adopted the ALGOL68
>albert@cherry.(none) (albert) writes:
>>I'm doing my taxes and i have to evaluate strings like "4,54"
>>resulting in a number of cents.
>>A do a precaution, I want that numbers are only recognized
>>after ONLY
>
>I assume you mean that you only want to use EVALUATE, but only
>recognize numbers.
>
>>i.e. in the minimum search order, to prevent
>>executing of arbitrary strings, such
>>" ""rm *"" SYSTEM ".
>>
>>So I begin the dotaxes word
>>
>>: dotaxes ONLY ... ;
>>
>>That works in my simple (own) Forth and also in gforth.
>
>It's not clear what's up with the quotes in the example above, but in
convention that you can insert " in a string by doubling it.
I was not prepared to invent a string denotation that doesn't
allow me to define strings of printable characters. (AD MMI that was).
>Gforth you can break out of ONLY with FORTH (ONLY is not SEAL, and
>even SEAL is not what you want). E.g.
>
>only forth
>s" evil-command" system
search-order containing the evil `SYSTEM command.
>
>You can also break out of ONLY with FORTH in iForth, lxf, SwiftForth,
>and VFX.
`` ONLY FORTH ''
That is not the way the standard expects it apparently.
You are supposed to do
`` forth-wordlist 1 set-order ''
because it is not guaranteed that FORTH is in the minimum search order.
(Last time I looked.)
>
>If you want to remove all word lists from the search order, use
>
>0 set-order
: test ONLY S" 1 2 3 DROP" EVALUATE ; redefined test ok
test
*evaluated string*:-1: Undefined word
1 2 3 >>>DROP<<<
Backtrace:
...
What you recommend, works also in ciforth and gforth.
ONLY FORTH ok
: test 0 set-order S" 1 2 3 DROP" EVALUATE ; redefined test ok
test
*evaluated string*:-1: Undefined word
1 2 3 >>>DROP<<<
It works more or less in mpe forth, but you cannot recover
from `` 0 set-order '' . You can only type ^C .
`` ONLY FORTH '' doesn't help. This is certainly a
viable interpretation of the standard, making ONLY the
best portable way to have the Forth system understand numbers
("denotations") only.
>- anton
Groetjes Albert
P.S.
I'm doing my taxes, and an unbridled EVALUATE feels not right.
: doit ONLY
"ING1742206_2021.csv" SLURP-FILE TRANSACTIONS 2!
"recipients.txt" SLURP-FILE DONATIONS 2!
process-recipients ;
Making this into a turnkey, it is not a big deal that the (mpe)
interpreter is messed up, so either technique works.
Ruvim
May 1, 2022, 8:14:38 AM5/1/22
to
On 2022-05-01 13:27, albert wrote:
> In article <2022Apr3...@mips.complang.tuwien.ac.at>,
> Anton Ertl <an...@mips.complang.tuwien.ac.at> wrote:
>> albert@cherry.(none) (albert) writes:
>>> I'm doing my taxes and i have to evaluate strings like "4,54"
>>> resulting in a number of cents.
>>> A do a precaution, I want that numbers are only recognized
>>> after ONLY
>>
>> I assume you mean that you only want to use EVALUATE, but only
>> recognize numbers.
>>
[...]
> In article <2022Apr3...@mips.complang.tuwien.ac.at>,
> Anton Ertl <an...@mips.complang.tuwien.ac.at> wrote:
>> albert@cherry.(none) (albert) writes:
>>> I'm doing my taxes and i have to evaluate strings like "4,54"
>>> resulting in a number of cents.
>>> A do a precaution, I want that numbers are only recognized
>>> after ONLY
>>
>> I assume you mean that you only want to use EVALUATE, but only
>> recognize numbers.
>>
>> Gforth you can break out of ONLY with FORTH (ONLY is not SEAL, and
>> even SEAL is not what you want). E.g.
>>
>> only forth
>> s" evil-command" system
>
> That was what I wanted to prevent. So no forth-wordlist in the
> search-order containing the evil `SYSTEM command.
>
>>
>> If you want to remove all word lists from the search order, use
>>
>> 0 set-order
>
> The trick^H^H^H^H technique works in gforth and mpe forth.
> : test ONLY S" 1 2 3 DROP" EVALUATE ; redefined test ok
> test
> *evaluated string*:-1: Undefined word
> 1 2 3 >>>DROP<<<
> Backtrace:
> ...
>
> What you recommend, works also in ciforth and gforth.
>
> ONLY FORTH ok
> : test 0 set-order S" 1 2 3 DROP" EVALUATE ; redefined test ok
> test
> *evaluated string*:-1: Undefined word
> 1 2 3 >>>DROP<<<
>
> It works more or less in mpe forth, but you cannot recover
> from `` 0 set-order '' . You can only type ^C .
> `` ONLY FORTH '' doesn't help. This is certainly a
> viable interpretation of the standard, making ONLY the
> best portable way to have the Forth system understand numbers
> ("denotations") only.
You have to use CATCH and restore the search order.
>> If you want to remove all word lists from the search order, use
>>
>> 0 set-order
>
> The trick^H^H^H^H technique works in gforth and mpe forth.
> : test ONLY S" 1 2 3 DROP" EVALUATE ; redefined test ok
> test
> *evaluated string*:-1: Undefined word
> 1 2 3 >>>DROP<<<
> Backtrace:
> ...
>
> What you recommend, works also in ciforth and gforth.
>
> ONLY FORTH ok
> : test 0 set-order S" 1 2 3 DROP" EVALUATE ; redefined test ok
> test
> *evaluated string*:-1: Undefined word
> 1 2 3 >>>DROP<<<
>
> It works more or less in mpe forth, but you cannot recover
> from `` 0 set-order '' . You can only type ^C .
> `` ONLY FORTH '' doesn't help. This is certainly a
> viable interpretation of the standard, making ONLY the
> best portable way to have the Forth system understand numbers
> ("denotations") only.
: within-order-execute ( i*x xt i*wid u.i -- j*x )
get-order n>r set-order catch nr> set-order throw
;
: string-to-numbers ( sd.numbers -- i*x ) ( f: -- j*r )
['] evaluate 0 within-order-execute
;
: string-to-numbers-count ( f: -- j*r )
( sd.numbers -- i*x u.i-integers u.j-floats )
fdepth >r depth 2 - >r string-to-numbers depth r> - fdepth r> -
;
: s-to-n ( sd.number -- x )
string-to-numbers-count swap 1 <> or
abort" Error: not a single integer"
;
\ test
s" 1 2 3" string-to-numbers . . . \ "3 2 1"
s" 1 2 3 also forth drop" string-to-numbers \ error
--
Ruvim
Anton Ertl
May 1, 2022, 12:23:46 PM5/1/22
to
albert@cherry.(none) (albert) writes:
>In article <2022Apr3...@mips.complang.tuwien.ac.at>,
>Anton Ertl <an...@mips.complang.tuwien.ac.at> wrote:
>>only forth
>>s" evil-command" system
>
>That was what I wanted to prevent. So no forth-wordlist in the
>search-order containing the evil `SYSTEM command.
Does not help if you can change the search order.
>In article <2022Apr3...@mips.complang.tuwien.ac.at>,
>Anton Ertl <an...@mips.complang.tuwien.ac.at> wrote:
>>only forth
>>s" evil-command" system
>
>That was what I wanted to prevent. So no forth-wordlist in the
>search-order containing the evil `SYSTEM command.
>Everybody uses
>`` ONLY FORTH ''
>That is not the way the standard expects it apparently.
>You are supposed to do
>`` forth-wordlist 1 set-order ''
>because it is not guaranteed that FORTH is in the minimum search order.
>(Last time I looked.)
But it does not matter whether you use FORTH, or FORTH-WORDLIST 1
SET-ORDER. It means that ONLY is not a way to prevent an attacker
from doing everything Forth can do.
>>If you want to remove all word lists from the search order, use
>>
>>0 set-order
>
>The trick^H^H^H^H technique works in gforth and mpe forth.
>: test ONLY S" 1 2 3 DROP" EVALUATE ; redefined test ok
>test
>*evaluated string*:-1: Undefined word
>1 2 3 >>>DROP<<<
>Backtrace:
>...
test ok 2
.s <2> 1 2 ok 2
: test1 only s\" forth s\" echo *\" system" evaluate ; cr test1
\ output: #Makefile# #timings.sc~ 2012words.fs AUTHORS ...
Now try replacing "echo" with "rm".
>It works more or less in mpe forth, but you cannot recover
>from `` 0 set-order '' .
S Jack
May 7, 2022, 12:13:05 PM5/7/22
to
On Saturday, April 30, 2022 at 7:38:56 AM UTC-5, none albert wrote:
> A do a precaution, I want that numbers are only recognized
> after ONLY, i.e. in the minimum search order, to prevent
You inspired me to implement ONLY that works with FIG vocabularies.
> A do a precaution, I want that numbers are only recognized
> after ONLY, i.e. in the minimum search order, to prevent
Readily done:
i. Create a vocabulary, VOC0, to be minimal:
forth definitions
vocabulary voc0
voc0 definitions
: fths Forth Definitions ;
fths
i. Now for the FIG part need to link the first (and only) word in
voc0 to the null word in Forth vocabulary. Note, I moved the null
word to the start of the dictionary before LIT so that only the
null word will be linked into voc0:
' lit nfa
hex
{ begin c1 over @ - while cell- repeat } e \ find null word's nfa, C1
decimal
voc0
' fths lfa ! \ link first word in voc0 to null word
fths
i. : ONLY voc0 definitions ;
That's it.
only 1 2 3 \ input numbers
fths . . . \ ==> 3 2 1 , do something with the numbers
In my enhanced interpreter I can also get enclosed strings:
only 42 "Today's number is "
fths count type . \ => Today's number is 42
May not provide much, just some savings of search time but it doesn't
cost anything. It didn't change core other than moving the null word
around. The feature can be left out and loaded when desired.
--
me
0 new messages