Skip to main content

Ruby: All Your Method are Belong to Me

Ruby has a curious approach to protecting instance variables, constants, and private methods.

I've often heard Java programmers criticize Python because it doesn't enforce privacy in any way. Personally, I think that it'd be great if Python could be fully sandboxed like JavaScript can, but sandboxing is a completely separate topic. Preventing a programmer who works on my team from calling a method that I've named _private_method isn't all that interesting to me. If he sees the fact that I've named the method with a leading underscore, and he still feels the need to call it, so be it.

Ruby does provide private instance variables, constants, and private methods, but really, those are just suggestions.

For instance, if you override a constant, you just get a warning:
irb(main):001:0> A = 1
=> 1
irb(main):002:0> A = 2
(irb):2: warning: already initialized constant A
=> 2
irb(main):003:0> puts A
2
=> nil
If you have an object, and you want to call a private method, you can just inject a method into that object in order to get access to the private method:
class SuperSecret
  private
  def secret
    puts "Wombats!"
  end
end

obj = SuperSecret.new
begin
  puts obj.secret
rescue
  puts "Yep, it blocked me properly."  # Yep, it gets blocked.
end

def obj.hack_the_secret
  secret
end

obj.hack_the_secret                    # Prints "Wombats!"
You can use the same "inject a method" trick to get access to instance variables:
def obj.get_a
  @a
end
In no way am I criticizing Ruby for this behavior. As I said, I think it's a bad situation if you can't trust your team members. I just wanted to point out that in Ruby, the protection mechanisms are really just suggestions ;)
Labels:

Comments

Anonymous said…
You can also use instance_eval to get at instance variables:

obj.instance_eval { @a }
10:31 PM
Tom said…
Or #send.

obj.send(:private_method)
8:12 AM
jjinux said…
Wow, even #send doesn't enforce the constraints? That's crazy ;)
3:12 AM
Anonymous said…
Well, given security constraints are not set you can call private java method (using reflection and setAccessible(boolean))
2:48 PM
Anonymous said…
The intent in 1.9 is supposedly to switch it so that send does respect private vs non-private, and a different version (I think last I checked it was __send__) does not. The clearest way to get an instance variable, by the way, is instance_variable_get:

obj.instance_variable_get :@a

Similarly, you can set them via instance_variable_set. It turns out that the approach that it is `just a suggestion' is a common one in Ruby: show convention, but allow the programmer the flexibility to achieve what they want without getting in the way. In short, trust the programmer. This is a concept that is completely alien to Java's approach -- and that's why Java is usually better suited to the so-called `enterprise', where you often meet subpar coders who would blow entire cities up accidentally if they had the flexibility that Ruby provides.
5:30 PM
jjinux said…
> Well, given security constraints are not set you can call private java method (using reflection and setAccessible(boolean))

That's so awesome ;) Thanks for the comment!
4:22 PM
jjinux said…
> In short, trust the programmer.

I agree. Thanks for the comment ;)
4:23 PM
Josh Peters said…
private, protected, and public have a purpose: they keep folks away from the unstable parts of your API.

It's a very, very good thing to have a means by which you can keep programmers from inadvertently depending on what should be refactorable. That's what we're doing when we declare something private, we're saying "it may go away in a .x revision"
3:13 PM
Post a Comment

Popular posts from this blog

Ubuntu 20.04 on a 2015 15" MacBook Pro

I decided to give Ubuntu 20.04 a try on my 2015 15" MacBook Pro. I didn't actually install it; I just live booted from a USB thumb drive which was enough to try out everything I wanted. In summary, it's not perfect, and issues with my camera would prevent me from switching, but given the right hardware, I think it's a really viable option. The first thing I wanted to try was what would happen if I plugged in a non-HiDPI screen given that my laptop has a HiDPI screen. Without sub-pixel scaling, whatever scale rate I picked for one screen would apply to the other. However, once I turned on sub-pixel scaling, I was able to pick different scale rates for the internal and external displays. That looked ok. I tried plugging in and unplugging multiple times, and it didn't crash. I doubt it'd work with my Thunderbolt display at work, but it worked fine for my HDMI displays at home. I even plugged it into my TV, and it stuck to the 100% scaling I picked for the othe
1 comment
Read more

Drawing Sierpinski's Triangle in Minecraft Using Python

In his keynote at PyCon, Eben Upton, the Executive Director of the Rasberry Pi Foundation, mentioned that not only has Minecraft been ported to the Rasberry Pi, but you can even control it with Python . Since four of my kids are avid Minecraft fans, I figured this might be a good time to teach them to program using Python. So I started yesterday with the goal of programming something cool for Minecraft and then showing it off at the San Francisco Python Meetup in the evening. The first problem that I faced was that I didn't have a Rasberry Pi. You can't hack Minecraft by just installing the Minecraft client. Speaking of which, I didn't have the Minecraft client installed either ;) My kids always play it on their Nexus 7s. I found an open source Minecraft server called Bukkit that "provides the means to extend the popular Minecraft multiplayer server." Then I found a plugin called RaspberryJuice that implements a subset of the Minecraft Pi modding API for B
4 comments
Read more

Creating Windows 10 Boot Media for a Lenovo Thinkpad T410 Using Only a Mac and a Linux Machine

TL;DR: Giovanni and I struggled trying to get Windows 10 installed on the Lenovo Thinkpad T410. We struggled a lot trying to create the installation media because we only had a Mac and a Linux machine to work with. Everytime we tried to boot the USB thumb drive, it just showed us a blinking cursor. At the end, we finally realized that Windows 10 wasn't supported on this laptop :-/ I've heard that it took Thomas Edison 100 tries to figure out the right material to use as a lightbulb filament. Well, I'm no Thomas Edison, but I thought it might be noteworthy to document our attempts at getting it to boot off a USB thumb drive: Download the ISO. Attempt 1: Use Etcher. Etcher says it doesn't work for Windows. Attempt 2: Use Boot Camp Assistant. It doesn't have that feature anymore. Attempt 3: Use Disk Utility on a Mac. Erase a USB thumb drive: Format: ExFAT Scheme: GUID Partition Map Mount the ISO. Copy everything from
4 comments
Read more