A grammar for Perl, or something close

swartz has asked for the wisdom of the Perl Monks concerning the following question:

I have heard rumours that Perl 5 is not parseable by any kind of earthly grammar. However, I'm wondering if one could get close, and if anyone has actually tried.

I'm interested in creating a "watered down" Perl environment for web developers. Developers would be able to embed a certain safe subset of Perl in their HTML - the basic control and data structures, without the eval, file I/O, system commands, backticks, etc.

The closest thing I've found, naturally, is the Safe module. I've tried gamely to use it, but it presents a host of problems when used with Mason (and, I expect, other templating systems.) One of the major problems is that once you're inside the safe compartment, everything you call out to (such as useful CPAN modules) is restricted by safe as well.

What I want, instead, is just a black box that I can hand a piece of Perl code and have it say "yes" or "no" indicating whether it is a safe subset of Perl according to my definition in the grammar. Inputs to this black box would, of course, have to include a full list of allowed function and package names.

I'm aware of the great difficulty of trying to parse Perl in its fullness, and I would be willing to sacrafice a fair amount of functionality and syntax in order to get to an actual usable grammar.

Thanks for any advice and pointers.

Jon

Comment on A grammar for Perl, or something close

Replies are listed 'Best First'.
Re: A grammar for Perl, or something close by Zaxo (Archbishop) on Nov 15, 2003 at 00:45 UTC
Perl has a grammar, it's just not simple. Take a look at the `yacc` (*.yy) files in the perl distribution. After Compline, Zaxo	[reply]
Re: A grammar for Perl, or something close by rob_au (Abbot) on Nov 15, 2003 at 02:10 UTC
the basic control and data structures, without the eval, file I/O, system commands, backticks, etc You may want to have a look at microperl which was introduced as a new feature with Perl 5.7.0. This build incorporates the bootstrap feature of Perl which behaves similar to any other build of Perl, but does not incorporate Dynaloader XS module allowing the execution of C-based Perl modules or system specific functions providing you with a scaled down subset of perl which is perfect for hacking or porting. If you are interested, there was an article on microperl written by Simon Cozens in Issue 19 of The Perl Journal here - This article has also been incorporated in the O'Reilly published "Computer Science and Perl Programming". `perl -le "print+unpack'N',pack'B32','00000000000000000000001010001101'"`	[reply]
Re: A grammar for Perl, or something close by bart (Canon) on Nov 15, 2003 at 00:40 UTC
I have heard rumours that Perl 5 is not parseable by any kind of earthly grammar. However, I'm wondering if one could get close, and if anyone has actually tried. Perltidy? Sourceforge cpan And then, there's cperl, the perl syntax highlighting mode for Emacs. Funny how the first matches Google comes up with, are in the hates-software domain, so I guess it's not all swell. :) Nothing to do with how it parses perl, however.	[reply]
•Re: A grammar for Perl, or something close by merlyn (Sage) on Nov 15, 2003 at 15:11 UTC
You face a very difficult task. Be sure to read my On Parsing Perl note. -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]
Re: A grammar for Perl, or something close by chromatic (Archbishop) on Nov 15, 2003 at 01:59 UTC
The grammar thing is awfully complex. Have you looked at the `ops` pragma instead? It may be easier than Safe. I've not used it, though.	[reply] [d/l]
Re: A grammar for Perl, or something close by BUU (Prior) on Nov 15, 2003 at 04:10 UTC
I get the feeling this is more an issue of trust then technical details. Why don't you trust the web developers to use the full power of perl? Why must you use technical means to enforce social constraints? I seem to recall reading that this generally doesn't work. I could think of several semi bad to just bad things a web developer could do just in html/javascript. You obviously trust them not to do this, so why not trust them with perl? If you are more concerned with protecting other systems from the web developers accidents, then why not use some form of user permissions to strictly control what the webdev's can actually touch?	[reply]
Re: A grammar for Perl, or something close by Chady (Priest) on Nov 15, 2003 at 11:37 UTC
Developers would be able to embed a certain safe subset of Perl in their HTML Juerd has plp, which does something like that. He who asks will be a fool for five minutes, but he who doesn't ask will remain a fool for life. Chady \| http://chady.net/	[reply]
Re: Re: A grammar for Perl, or something close by jordanh (Chaplain) on Nov 15, 2003 at 16:45 UTC
It's funny how things come full circle. I had the impression that PHP was developed for exactly the reasons the poster listed, although it seems the real history is somewhat different. In any case, people seem to believe that PHP is a simpler, safer Perl for Web development and PHP is certainly a simplified Perl in syntax. Juerd's plp appears to be an attempt to adapt Perl to have all the purported advantages of PHP, but it's real Perl.	[reply]
Re: A grammar for Perl, or something close by Arrowhead (Monk) on Nov 17, 2003 at 14:57 UTC
Have you considered handing your web developers a template language, if that is what they really need? I'm very happy with the Template Toolkit which doesn't look at all like perl, easily stands out in an HTML page and of course integrates very well with perl.	[reply]

Back to Seekers of Perl Wisdom