Skip to main content

Ruby: All Your Method are Belong to Me

Ruby has a curious approach to protecting instance variables, constants, and private methods.

I've often heard Java programmers criticize Python because it doesn't enforce privacy in any way. Personally, I think that it'd be great if Python could be fully sandboxed like JavaScript can, but sandboxing is a completely separate topic. Preventing a programmer who works on my team from calling a method that I've named _private_method isn't all that interesting to me. If he sees the fact that I've named the method with a leading underscore, and he still feels the need to call it, so be it.

Ruby does provide private instance variables, constants, and private methods, but really, those are just suggestions.

For instance, if you override a constant, you just get a warning:
irb(main):001:0> A = 1
=> 1
irb(main):002:0> A = 2
(irb):2: warning: already initialized constant A
=> 2
irb(main):003:0> puts A
2
=> nil
If you have an object, and you want to call a private method, you can just inject a method into that object in order to get access to the private method:
class SuperSecret
  private
  def secret
    puts "Wombats!"
  end
end

obj = SuperSecret.new
begin
  puts obj.secret
rescue
  puts "Yep, it blocked me properly."  # Yep, it gets blocked.
end

def obj.hack_the_secret
  secret
end

obj.hack_the_secret                    # Prints "Wombats!"
You can use the same "inject a method" trick to get access to instance variables:
def obj.get_a
  @a
end
In no way am I criticizing Ruby for this behavior. As I said, I think it's a bad situation if you can't trust your team members. I just wanted to point out that in Ruby, the protection mechanisms are really just suggestions ;)
Labels:

Comments

Anonymous said…
You can also use instance_eval to get at instance variables:

obj.instance_eval { @a }
10:31 PM
Tom said…
Or #send.

obj.send(:private_method)
8:12 AM
jjinux said…
Wow, even #send doesn't enforce the constraints? That's crazy ;)
3:12 AM
Anonymous said…
Well, given security constraints are not set you can call private java method (using reflection and setAccessible(boolean))
2:48 PM
Anonymous said…
The intent in 1.9 is supposedly to switch it so that send does respect private vs non-private, and a different version (I think last I checked it was __send__) does not. The clearest way to get an instance variable, by the way, is instance_variable_get:

obj.instance_variable_get :@a

Similarly, you can set them via instance_variable_set. It turns out that the approach that it is `just a suggestion' is a common one in Ruby: show convention, but allow the programmer the flexibility to achieve what they want without getting in the way. In short, trust the programmer. This is a concept that is completely alien to Java's approach -- and that's why Java is usually better suited to the so-called `enterprise', where you often meet subpar coders who would blow entire cities up accidentally if they had the flexibility that Ruby provides.
5:30 PM
jjinux said…
> Well, given security constraints are not set you can call private java method (using reflection and setAccessible(boolean))

That's so awesome ;) Thanks for the comment!
4:22 PM
jjinux said…
> In short, trust the programmer.

I agree. Thanks for the comment ;)
4:23 PM
Josh Peters said…
private, protected, and public have a purpose: they keep folks away from the unstable parts of your API.

It's a very, very good thing to have a means by which you can keep programmers from inadvertently depending on what should be refactorable. That's what we're doing when we declare something private, we're saying "it may go away in a .x revision"
3:13 PM
Post a Comment

Popular posts from this blog

Ubuntu 20.04 on a 2015 15" MacBook Pro

I decided to give Ubuntu 20.04 a try on my 2015 15" MacBook Pro. I didn't actually install it; I just live booted from a USB thumb drive which was enough to try out everything I wanted. In summary, it's not perfect, and issues with my camera would prevent me from switching, but given the right hardware, I think it's a really viable option. The first thing I wanted to try was what would happen if I plugged in a non-HiDPI screen given that my laptop has a HiDPI screen. Without sub-pixel scaling, whatever scale rate I picked for one screen would apply to the other. However, once I turned on sub-pixel scaling, I was able to pick different scale rates for the internal and external displays. That looked ok. I tried plugging in and unplugging multiple times, and it didn't crash. I doubt it'd work with my Thunderbolt display at work, but it worked fine for my HDMI displays at home. I even plugged it into my TV, and it stuck to the 100% scaling I picked for the othe
1 comment
Read more

ERNOS: Erlang Networked Operating System

I've been reading Dreaming in Code lately, and I really like it. If you're not a dreamer, you may safely skip the rest of this post ;) In Chapter 10, "Engineers and Artists", Alan Kay, John Backus, and Jaron Lanier really got me thinking. I've also been thinking a lot about Minix 3 , Erlang , and the original Lisp machine . The ideas are beginning to synthesize into something cohesive--more than just the sum of their parts. Now, I'm sure that many of these ideas have already been envisioned within Tunes.org , LLVM , Microsoft's Singularity project, or in some other place that I haven't managed to discover or fully read, but I'm going to blog them anyway. Rather than wax philosophical, let me just dump out some ideas: Start with Minix 3. It's a new microkernel, and it's meant for real use, unlike the original Minix. "This new OS is extremely small, with the part that runs in kernel mode under 4000 lines of executable code.&quo
50 comments
Read more

Haskell or Erlang?

I've coded in both Erlang and Haskell. Erlang is practical, efficient, and useful. It's got a wonderful niche in the distributed world, and it has some real success stories such as CouchDB and jabber.org. Haskell is elegant and beautiful. It's been successful in various programming language competitions. I have some experience in both, but I'm thinking it's time to really commit to learning one of them on a professional level. They both have good books out now, and it's probably time I read one of those books cover to cover. My question is which? Back in 2000, Perl had established a real niche for systems administration, CGI, and text processing. The syntax wasn't exactly beautiful (unless you're into that sort of thing), but it was popular and mature. Python hadn't really become popular, nor did it really have a strong niche (at least as far as I could see). I went with Python because of its elegance, but since then, I've coded both p
66 comments
Read more