[e-lang] Versioning of E and Kernel-E

[Kevin Reid]

Karp, Alan H <alan.karp at hp.com> wrote:

> The operative word being "correct".  My concern was with an incorrect
> expander producing invalid Kernel-E that might expose a flaw in the AST
> evaluator.

If the evaluator accepts invalid Kernel-E, then that is a flaw in the
evaluator. The evaluator does not necessarily invoke the expander.

(In E-on-Java, there is no such thing as an unexpanded E tree, so user
invocation of the evaluator is /always/ using Kernel-E.)

There are also few ways for a Kernel-E tree to be invalid, and they
mostly have natural failure modes if uncaught:

  - Subnodes of the wrong type. This includes unexpanded subnodes, and
invalid AssignExprs (e`x && y := 2`).
    (Likely would cause the compiler/evaluator to fail later but
consistently.)

  - Assignment of a final value - e`def x := 1; x := 2`.
    (Likely to become a runtime error by the AssignExpr being evaluated
as a call to the slot.)

  - Pseudo-cyclic definition: e`def x := x` or e`def x :x := 1`.
    (Refers to a previous definition of x.)

All of these failures seem to me unlikely to cause security problems.

-- 
Kevin Reid                            <http://homepage.mac.com/kpreid/>