package Fatal;
-use 5.005_64;
+use 5.008; # 5.8.x needed for autodie
use Carp;
use strict;
-our($AUTOLOAD, $Debug, $VERSION);
+use warnings;
-$VERSION = 1.02;
+use constant LEXICAL_TAG => q{:lexical};
+use constant VOID_TAG => q{:void};
-$Debug = 0 unless defined $Debug;
+use constant ERROR_NOARGS => 'Cannot use lexical %s with no arguments';
+use constant ERROR_VOID_LEX => VOID_TAG.' cannot be used with lexical scope';
+use constant ERROR_LEX_FIRST => LEXICAL_TAG.' must be used as first argument';
+use constant ERROR_NO_LEX => "no %s can only start with ".LEXICAL_TAG;
+use constant ERROR_BADNAME => "Bad subroutine name for %s: %s";
+use constant ERROR_NOTSUB => "%s is not a Perl subroutine";
+use constant ERROR_NOT_BUILT => "%s is neither a builtin, nor a Perl subroutine";
+use constant ERROR_CANT_OVERRIDE => "Cannot make the non-overridable builtin %s fatal";
+
+use constant ERROR_NO_IPC_SYS_SIMPLE => "IPC::System::Simple required for Fatalised/autodying system()";
+
+use constant ERROR_IPC_SYS_SIMPLE_OLD => "IPC::System::Simple version %f required for Fatalised/autodying system(). We only have version %f";
+
+use constant ERROR_AUTODIE_CONFLICT => q{"no autodie '%s'" is not allowed while "use Fatal '%s'" is in effect};
+
+use constant ERROR_FATAL_CONFLICT => q{"use Fatal '%s'" is not allowed while "no autodie '%s'" is in effect};
+
+# Older versions of IPC::System::Simple don't support all the
+# features we need.
+
+use constant MIN_IPC_SYS_SIMPLE_VER => 0.12;
+
+# All the Fatal/autodie modules share the same version number.
+our $VERSION = '1.999';
+
+our $Debug ||= 0;
+
+# EWOULDBLOCK values for systems that don't supply their own.
+# Even though this is defined with our, that's to help our
+# test code. Please don't rely upon this variable existing in
+# the future.
+
+our %_EWOULDBLOCK = (
+ MSWin32 => 33,
+);
+
+# We have some tags that can be passed in for use with import.
+# These are all assumed to be CORE::
+
+my %TAGS = (
+ ':io' => [qw(:dbm :file :filesys :ipc :socket
+ read seek sysread syswrite sysseek )],
+ ':dbm' => [qw(dbmopen dbmclose)],
+ ':file' => [qw(open close flock sysopen fcntl fileno binmode
+ ioctl truncate)],
+ ':filesys' => [qw(opendir closedir chdir link unlink rename mkdir
+ symlink rmdir readlink umask)],
+ ':ipc' => [qw(:msg :semaphore :shm pipe)],
+ ':msg' => [qw(msgctl msgget msgrcv msgsnd)],
+ ':threads' => [qw(fork)],
+ ':semaphore'=>[qw(semctl semget semop)],
+ ':shm' => [qw(shmctl shmget shmread)],
+ ':system' => [qw(system exec)],
+
+ # Can we use qw(getpeername getsockname)? What do they do on failure?
+ # XXX - Can socket return false?
+ ':socket' => [qw(accept bind connect getsockopt listen recv send
+ setsockopt shutdown socketpair)],
+
+ # Our defaults don't include system(), because it depends upon
+ # an optional module, and it breaks the exotic form.
+ #
+ # This *may* change in the future. I'd love IPC::System::Simple
+ # to be a dependency rather than a recommendation, and hence for
+ # system() to be autodying by default.
+
+ ':default' => [qw(:io :threads)],
+
+ # Version specific tags. These allow someone to specify
+ # use autodie qw(:1.994) and know exactly what they'll get.
+
+ ':1.994' => [qw(:default)],
+ ':1.995' => [qw(:default)],
+ ':1.996' => [qw(:default)],
+ ':1.997' => [qw(:default)],
+ ':1.998' => [qw(:default)],
+ ':1.999' => [qw(:default)],
+
+);
+
+$TAGS{':all'} = [ keys %TAGS ];
+
+# This hash contains subroutines for which we should
+# subroutine() // die() rather than subroutine() || die()
+
+my %Use_defined_or;
+
+# CORE::open returns undef on failure. It can legitimately return
+# 0 on success, eg: open(my $fh, '-|') || exec(...);
+
+@Use_defined_or{qw(
+ CORE::fork
+ CORE::recv
+ CORE::send
+ CORE::open
+ CORE::fileno
+ CORE::read
+ CORE::readlink
+ CORE::sysread
+ CORE::syswrite
+ CORE::sysseek
+ CORE::umask
+)} = ();
+
+# Cached_fatalised_sub caches the various versions of our
+# fatalised subs as they're produced. This means we don't
+# have to build our own replacement of CORE::open and friends
+# for every single package that wants to use them.
+
+my %Cached_fatalised_sub = ();
+
+# Every time we're called with package scope, we record the subroutine
+# (including package or CORE::) in %Package_Fatal. This allows us
+# to detect illegal combinations of autodie and Fatal, and makes sure
+# we don't accidently make a Fatal function autodying (which isn't
+# very useful).
+
+my %Package_Fatal = ();
+
+# The first time we're called with a user-sub, we cache it here.
+# In the case of a "no autodie ..." we put back the cached copy.
+
+my %Original_user_sub = ();
+
+# We use our package in a few hash-keys. Having it in a scalar is
+# convenient. The "guard $PACKAGE" string is used as a key when
+# setting up lexical guards.
+
+my $PACKAGE = __PACKAGE__;
+my $PACKAGE_GUARD = "guard $PACKAGE";
+my $NO_PACKAGE = "no $PACKAGE"; # Used to detect 'no autodie'
+
+# Here's where all the magic happens when someone write 'use Fatal'
+# or 'use autodie'.
sub import {
- my $self = shift(@_);
- my($sym, $pkg);
- $pkg = (caller)[0];
- foreach $sym (@_) {
- &_make_fatal($sym, $pkg);
- }
-};
-
-sub AUTOLOAD {
- my $cmd = $AUTOLOAD;
- $cmd =~ s/.*:://;
- &_make_fatal($cmd, (caller)[0]);
- goto &$AUTOLOAD;
+ my $class = shift(@_);
+ my $void = 0;
+ my $lexical = 0;
+
+ my ($pkg, $filename) = caller();
+
+ @_ or return; # 'use Fatal' is a no-op.
+
+ # If we see the :lexical flag, then _all_ arguments are
+ # changed lexically
+
+ if ($_[0] eq LEXICAL_TAG) {
+ $lexical = 1;
+ shift @_;
+
+ # If we see no arguments and :lexical, we assume they
+ # wanted ':default'.
+
+ if (@_ == 0) {
+ push(@_, ':default');
+ }
+
+ # Don't allow :lexical with :void, it's needlessly confusing.
+ if ( grep { $_ eq VOID_TAG } @_ ) {
+ croak(ERROR_VOID_LEX);
+ }
+ }
+
+ if ( grep { $_ eq LEXICAL_TAG } @_ ) {
+ # If we see the lexical tag as the non-first argument, complain.
+ croak(ERROR_LEX_FIRST);
+ }
+
+ my @fatalise_these = @_;
+
+ # Thiese subs will get unloaded at the end of lexical scope.
+ my %unload_later;
+
+ # This hash helps us track if we've alredy done work.
+ my %done_this;
+
+ # NB: we're using while/shift rather than foreach, since
+ # we'll be modifying the array as we walk through it.
+
+ while (my $func = shift @fatalise_these) {
+
+ if ($func eq VOID_TAG) {
+
+ # When we see :void, set the void flag.
+ $void = 1;
+
+ } elsif (exists $TAGS{$func}) {
+
+ # When it's a tag, expand it.
+ push(@fatalise_these, @{ $TAGS{$func} });
+
+ } else {
+
+ # Otherwise, fatalise it.
+
+ # If we've already made something fatal this call,
+ # then don't do it twice.
+
+ next if $done_this{$func};
+
+ # We're going to make a subroutine fatalistic.
+ # However if we're being invoked with 'use Fatal qw(x)'
+ # and we've already been called with 'no autodie qw(x)'
+ # in the same scope, we consider this to be an error.
+ # Mixing Fatal and autodie effects was considered to be
+ # needlessly confusing on p5p.
+
+ my $sub = $func;
+ $sub = "${pkg}::$sub" unless $sub =~ /::/;
+
+ # If we're being called as Fatal, and we've previously
+ # had a 'no X' in scope for the subroutine, then complain
+ # bitterly.
+
+ if (! $lexical and $^H{$NO_PACKAGE}{$sub}) {
+ croak(sprintf(ERROR_FATAL_CONFLICT, $func, $func));
+ }
+
+ # We're not being used in a confusing way, so make
+ # the sub fatal. Note that _make_fatal returns the
+ # old (original) version of the sub, or undef for
+ # built-ins.
+
+ my $sub_ref = $class->_make_fatal(
+ $func, $pkg, $void, $lexical, $filename
+ );
+
+ $done_this{$func}++;
+
+ $Original_user_sub{$sub} ||= $sub_ref;
+
+ # If we're making lexical changes, we need to arrange
+ # for them to be cleaned at the end of our scope, so
+ # record them here.
+
+ $unload_later{$func} = $sub_ref if $lexical;
+ }
+ }
+
+ if ($lexical) {
+
+ # Dark magic to have autodie work under 5.8
+ # Copied from namespace::clean, that copied it from
+ # autobox, that found it on an ancient scroll written
+ # in blood.
+
+ # This magic bit causes %^H to be lexically scoped.
+
+ $^H |= 0x020000;
+
+ # Our package guard gets invoked when we leave our lexical
+ # scope.
+
+ push(@ { $^H{$PACKAGE_GUARD} }, autodie::Scope::Guard->new(sub {
+ $class->_install_subs($pkg, \%unload_later);
+ }));
+
+ }
+
+ return;
+
}
+# The code here is originally lifted from namespace::clean,
+# by Robert "phaylon" Sedlacek.
+#
+# It's been redesigned after feedback from ikegami on perlmonks.
+# See http://perlmonks.org/?node_id=693338 . Ikegami rocks.
+#
+# Given a package, and hash of (subname => subref) pairs,
+# we install the given subroutines into the package. If
+# a subref is undef, the subroutine is removed. Otherwise
+# it replaces any existing subs which were already there.
+
+sub _install_subs {
+ my ($class, $pkg, $subs_to_reinstate) = @_;
+
+ my $pkg_sym = "${pkg}::";
+
+ while(my ($sub_name, $sub_ref) = each %$subs_to_reinstate) {
+
+ my $full_path = $pkg_sym.$sub_name;
+
+ # Copy symbols across to temp area.
+
+ no strict 'refs'; ## no critic
+
+ local *__tmp = *{ $full_path };
+
+ # Nuke the old glob.
+ { no strict; delete $pkg_sym->{$sub_name}; } ## no critic
+
+ # Copy innocent bystanders back.
+
+ foreach my $slot (qw( SCALAR ARRAY HASH IO FORMAT ) ) {
+ next unless defined *__tmp{ $slot };
+ *{ $full_path } = *__tmp{ $slot };
+ }
+
+ # Put back the old sub (if there was one).
+
+ if ($sub_ref) {
+
+ no strict; ## no critic
+ *{ $pkg_sym . $sub_name } = $sub_ref;
+ }
+ }
+
+ return;
+}
+
+sub unimport {
+ my $class = shift;
+
+ # Calling "no Fatal" must start with ":lexical"
+ if ($_[0] ne LEXICAL_TAG) {
+ croak(sprintf(ERROR_NO_LEX,$class));
+ }
+
+ shift @_; # Remove :lexical
+
+ my $pkg = (caller)[0];
+
+ # If we've been called with arguments, then the developer
+ # has explicitly stated 'no autodie qw(blah)',
+ # in which case, we disable Fatalistic behaviour for 'blah'.
+
+ my @unimport_these = @_ ? @_ : ':all';
+
+ while (my $symbol = shift @unimport_these) {
+
+ if ($symbol =~ /^:/) {
+
+ # Looks like a tag! Expand it!
+ push(@unimport_these, @{ $TAGS{$symbol} });
+
+ next;
+ }
+
+ my $sub = $symbol;
+ $sub = "${pkg}::$sub" unless $sub =~ /::/;
+
+ # If 'blah' was already enabled with Fatal (which has package
+ # scope) then, this is considered an error.
+
+ if (exists $Package_Fatal{$sub}) {
+ croak(sprintf(ERROR_AUTODIE_CONFLICT,$symbol,$symbol));
+ }
+
+ # Record 'no autodie qw($sub)' as being in effect.
+ # This is to catch conflicting semantics elsewhere
+ # (eg, mixing Fatal with no autodie)
+
+ $^H{$NO_PACKAGE}{$sub} = 1;
+
+ if (my $original_sub = $Original_user_sub{$sub}) {
+ # Hey, we've got an original one of these, put it back.
+ $class->_install_subs($pkg, { $symbol => $original_sub });
+ next;
+ }
+
+ # We don't have an original copy of the sub, on the assumption
+ # it's core (or doesn't exist), we'll just nuke it.
+
+ $class->_install_subs($pkg,{ $symbol => undef });
+
+ }
+
+ return;
+
+}
+
+# TODO - This is rather terribly inefficient right now.
+
+# NB: Perl::Critic's dump-autodie-tag-contents depends upon this
+# continuing to work.
+
+{
+ my %tag_cache;
+
+ sub _expand_tag {
+ my ($class, $tag) = @_;
+
+ if (my $cached = $tag_cache{$tag}) {
+ return $cached;
+ }
+
+ if (not exists $TAGS{$tag}) {
+ croak "Invalid exception class $tag";
+ }
+
+ my @to_process = @{$TAGS{$tag}};
+
+ my @taglist = ();
+
+ while (my $item = shift @to_process) {
+ if ($item =~ /^:/) {
+ push(@to_process, @{$TAGS{$item}} );
+ } else {
+ push(@taglist, "CORE::$item");
+ }
+ }
+
+ $tag_cache{$tag} = \@taglist;
+
+ return \@taglist;
+
+ }
+
+}
+
+# This code is from the original Fatal. It scares me.
+
sub fill_protos {
- my $proto = shift;
- my ($n, $isref, @out, @out1, $seen_semi) = -1;
- while ($proto =~ /\S/) {
- $n++;
- push(@out1,[$n,@out]) if $seen_semi;
- push(@out, $1 . "{\$_[$n]}"), next if $proto =~ s/^\s*\\([\@%\$\&])//;
- push(@out, "\$_[$n]"), next if $proto =~ s/^\s*([*\$&])//;
- push(@out, "\@_[$n..\$#_]"), last if $proto =~ s/^\s*(;\s*)?\@//;
- $seen_semi = 1, $n--, next if $proto =~ s/^\s*;//; # XXXX ????
- die "Unknown prototype letters: \"$proto\"";
- }
- push(@out1,[$n+1,@out]);
- @out1;
+ my $proto = shift;
+ my ($n, $isref, @out, @out1, $seen_semi) = -1;
+ while ($proto =~ /\S/) {
+ $n++;
+ push(@out1,[$n,@out]) if $seen_semi;
+ push(@out, $1 . "{\$_[$n]}"), next if $proto =~ s/^\s*\\([\@%\$\&])//;
+ push(@out, "\$_[$n]"), next if $proto =~ s/^\s*([_*\$&])//;
+ push(@out, "\@_[$n..\$#_]"), last if $proto =~ s/^\s*(;\s*)?\@//;
+ $seen_semi = 1, $n--, next if $proto =~ s/^\s*;//; # XXXX ????
+ die "Internal error: Unknown prototype letters: \"$proto\"";
+ }
+ push(@out1,[$n+1,@out]);
+ return @out1;
}
+# This generates the code that will become our fatalised subroutine.
+
sub write_invocation {
- my ($core, $call, $name, @argvs) = @_;
- if (@argvs == 1) { # No optional arguments
- my @argv = @{$argvs[0]};
- shift @argv;
- return "\t" . one_invocation($core, $call, $name, @argv) . ";\n";
- } else {
- my $else = "\t";
- my (@out, @argv, $n);
- while (@argvs) {
- @argv = @{shift @argvs};
- $n = shift @argv;
- push @out, "$ {else}if (\@_ == $n) {\n";
- $else = "\t} els";
- push @out,
- "\t\treturn " . one_invocation($core, $call, $name, @argv) . ";\n";
- }
- push @out, <<EOC;
- }
- die "$name(\@_): Do not expect to get ", scalar \@_, " arguments";
-EOC
- return join '', @out;
- }
+ my ($class, $core, $call, $name, $void, $lexical, $sub, @argvs) = @_;
+
+ if (@argvs == 1) { # No optional arguments
+
+ my @argv = @{$argvs[0]};
+ shift @argv;
+
+ return $class->one_invocation($core,$call,$name,$void,$sub,! $lexical,@argv);
+
+ } else {
+ my $else = "\t";
+ my (@out, @argv, $n);
+ while (@argvs) {
+ @argv = @{shift @argvs};
+ $n = shift @argv;
+
+ push @out, "${else}if (\@_ == $n) {\n";
+ $else = "\t} els";
+
+ push @out, $class->one_invocation($core,$call,$name,$void,$sub,! $lexical,@argv);
+ }
+ push @out, q[
+ }
+ die "Internal error: $name(\@_): Do not expect to get ", scalar \@_, " arguments";
+ ];
+
+ return join '', @out;
+ }
}
sub one_invocation {
- my ($core, $call, $name, @argv) = @_;
- local $" = ', ';
- return qq{$call(@argv) || croak "Can't $name(\@_)} .
- ($core ? ': $!' : ', \$! is \"$!\"') . '"';
+ my ($class, $core, $call, $name, $void, $sub, $back_compat, @argv) = @_;
+
+ # If someone is calling us directly (a child class perhaps?) then
+ # they could try to mix void without enabling backwards
+ # compatibility. We just don't support this at all, so we gripe
+ # about it rather than doing something unwise.
+
+ if ($void and not $back_compat) {
+ Carp::confess("Internal error: :void mode not supported with $class");
+ }
+
+ # @argv only contains the results of the in-built prototype
+ # function, and is therefore safe to interpolate in the
+ # code generators below.
+
+ # TODO - The following clobbers context, but that's what the
+ # old Fatal did. Do we care?
+
+ if ($back_compat) {
+
+ # TODO - Use Fatal qw(system) is not yet supported. It should be!
+
+ if ($call eq 'CORE::system') {
+ return q{
+ croak("UNIMPLEMENTED: use Fatal qw(system) not yet supported.");
+ };
+ }
+
+ local $" = ', ';
+
+ if ($void) {
+ return qq/return (defined wantarray)?$call(@argv):
+ $call(@argv) || croak "Can't $name(\@_)/ .
+ ($core ? ': $!' : ', \$! is \"$!\"') . '"'
+ } else {
+ return qq{return $call(@argv) || croak "Can't $name(\@_)} .
+ ($core ? ': $!' : ', \$! is \"$!\"') . '"';
+ }
+ }
+
+ # The name of our original function is:
+ # $call if the function is CORE
+ # $sub if our function is non-CORE
+
+ # The reason for this is that $call is what we're actualling
+ # calling. For our core functions, this is always
+ # CORE::something. However for user-defined subs, we're about to
+ # replace whatever it is that we're calling; as such, we actually
+ # calling a subroutine ref.
+
+ # Unfortunately, none of this tells us the *ultimate* name.
+ # For example, if I export 'copy' from File::Copy, I'd like my
+ # ultimate name to be File::Copy::copy.
+ #
+ # TODO - Is there any way to find the ultimate name of a sub, as
+ # described above?
+
+ my $true_sub_name = $core ? $call : $sub;
+
+ if ($call eq 'CORE::system') {
+
+ # Leverage IPC::System::Simple if we're making an autodying
+ # system.
+
+ local $" = ", ";
+
+ # We need to stash $@ into $E, rather than using
+ # local $@ for the whole sub. If we don't then
+ # any exceptions from internal errors in autodie/Fatal
+ # will mysteriously disappear before propogating
+ # upwards.
+
+ return qq{
+ my \$retval;
+ my \$E;
+
+
+ {
+ local \$@;
+
+ eval {
+ \$retval = IPC::System::Simple::system(@argv);
+ };
+
+ \$E = \$@;
+ }
+
+ if (\$E) {
+
+ # XXX - TODO - This can't be overridden in child
+ # classes!
+
+ die autodie::exception::system->new(
+ function => q{CORE::system}, args => [ @argv ],
+ message => "\$E", errno => \$!,
+ );
+ }
+
+ return \$retval;
+ };
+
+ }
+
+ # Should we be testing to see if our result is defined, or
+ # just true?
+ my $use_defined_or = exists ( $Use_defined_or{$call} );
+
+ local $" = ', ';
+
+ # If we're going to throw an exception, here's the code to use.
+ my $die = qq{
+ die $class->throw(
+ function => q{$true_sub_name}, args => [ @argv ],
+ pragma => q{$class}, errno => \$!,
+ )
+ };
+
+ if ($call eq 'CORE::flock') {
+
+ # flock needs special treatment. When it fails with
+ # LOCK_UN and EWOULDBLOCK, then it's not really fatal, it just
+ # means we couldn't get the lock right now.
+
+ require POSIX; # For POSIX::EWOULDBLOCK
+
+ local $@; # Don't blat anyone else's $@.
+
+ # Ensure that our vendor supports EWOULDBLOCK. If they
+ # don't (eg, Windows), then we use known values for its
+ # equivalent on other systems.
+
+ my $EWOULDBLOCK = eval { POSIX::EWOULDBLOCK(); }
+ || $_EWOULDBLOCK{$^O}
+ || _autocroak("Internal error - can't overload flock - EWOULDBLOCK not defined on this system.");
+
+ require Fcntl; # For Fcntl::LOCK_NB
+
+ return qq{
+
+ # Try to flock. If successful, return it immediately.
+
+ my \$retval = $call(@argv);
+ return \$retval if \$retval;
+
+ # If we failed, but we're using LOCK_NB and
+ # returned EWOULDBLOCK, it's not a real error.
+
+ if (\$_[1] & Fcntl::LOCK_NB() and \$! == $EWOULDBLOCK ) {
+ return \$retval;
+ }
+
+ # Otherwise, we failed. Die noisily.
+
+ $die;
+
+ };
+ }
+
+ # AFAIK everything that can be given an unopned filehandle
+ # will fail if it tries to use it, so we don't really need
+ # the 'unopened' warning class here. Especially since they
+ # then report the wrong line number.
+
+ return qq{
+ no warnings qw(unopened);
+
+ if (wantarray) {
+ my \@results = $call(@argv);
+ # If we got back nothing, or we got back a single
+ # undef, we die.
+ if (! \@results or (\@results == 1 and ! defined \$results[0])) {
+ $die;
+ };
+ return \@results;
+ }
+
+ # Otherwise, we're in scalar context.
+ # We're never in a void context, since we have to look
+ # at the result.
+
+ my \$result = $call(@argv);
+
+ } . ( $use_defined_or ? qq{
+
+ $die if not defined \$result;
+
+ return \$result;
+
+ } : qq{
+
+ return \$result || $die;
+
+ } ) ;
+
}
+# This returns the old copy of the sub, so we can
+# put it back at end of scope.
+
+# TODO : Check to make sure prototypes are restored correctly.
+
+# TODO: Taking a huge list of arguments is awful. Rewriting to
+# take a hash would be lovely.
+
sub _make_fatal {
- my($sub, $pkg) = @_;
+ my($class, $sub, $pkg, $void, $lexical, $filename) = @_;
my($name, $code, $sref, $real_proto, $proto, $core, $call);
my $ini = $sub;
$sub = "${pkg}::$sub" unless $sub =~ /::/;
+
+ # Figure if we're using lexical or package semantics and
+ # twiddle the appropriate bits.
+
+ if (not $lexical) {
+ $Package_Fatal{$sub} = 1;
+ }
+
+ # TODO - We *should* be able to do skipping, since we know when
+ # we've lexicalised / unlexicalised a subroutine.
+
$name = $sub;
$name =~ s/.*::// or $name =~ s/^&//;
- print "# _make_fatal: sub=$sub pkg=$pkg name=$name\n" if $Debug;
- croak "Bad subroutine name for Fatal: $name" unless $name =~ /^\w+$/;
- if (defined(&$sub)) { # user subroutine
- $sref = \&$sub;
- $proto = prototype $sref;
- $call = '&$sref';
- } elsif ($sub eq $ini) { # Stray user subroutine
- die "$sub is not a Perl subroutine"
- } else { # CORE subroutine
+
+ warn "# _make_fatal: sub=$sub pkg=$pkg name=$name void=$void\n" if $Debug;
+ croak(sprintf(ERROR_BADNAME, $class, $name)) unless $name =~ /^\w+$/;
+
+ if (defined(&$sub)) { # user subroutine
+
+ # This could be something that we've fatalised that
+ # was in core.
+
+ local $@; # Don't clobber anyone else's $@
+
+ if ( $Package_Fatal{$sub} and eval { prototype "CORE::$name" } ) {
+
+ # Something we previously made Fatal that was core.
+ # This is safe to replace with an autodying to core
+ # version.
+
+ $core = 1;
+ $call = "CORE::$name";
+ $proto = prototype $call;
+
+ # We return our $sref from this subroutine later
+ # on, indicating this subroutine should be placed
+ # back when we're finished.
+
+ $sref = \&$sub;
+
+ } else {
+
+ # A regular user sub, or a user sub wrapping a
+ # core sub.
+
+ $sref = \&$sub;
+ $proto = prototype $sref;
+ $call = '&$sref';
+
+ }
+
+ } elsif ($sub eq $ini && $sub !~ /^CORE::GLOBAL::/) {
+ # Stray user subroutine
+ croak(sprintf(ERROR_NOTSUB,$sub));
+
+ } elsif ($name eq 'system') {
+
+ # If we're fatalising system, then we need to load
+ # helper code.
+
+ eval {
+ require IPC::System::Simple; # Only load it if we need it.
+ require autodie::exception::system;
+ };
+
+ if ($@) { croak ERROR_NO_IPC_SYS_SIMPLE; }
+
+ # Make sure we're using a recent version of ISS that actually
+ # support fatalised system.
+ if ($IPC::System::Simple::VERSION < MIN_IPC_SYS_SIMPLE_VER) {
+ croak sprintf(
+ ERROR_IPC_SYS_SIMPLE_OLD, MIN_IPC_SYS_SIMPLE_VER,
+ $IPC::System::Simple::VERSION
+ );
+ }
+
+ $call = 'CORE::system';
+ $name = 'system';
+ $core = 1;
+
+ } elsif ($name eq 'exec') {
+ # Exec doesn't have a prototype. We don't care. This
+ # breaks the exotic form with lexical scope, and gives
+ # the regular form a "do or die" beaviour as expected.
+
+ $call = 'CORE::exec';
+ $name = 'exec';
+ $core = 1;
+
+ } else { # CORE subroutine
$proto = eval { prototype "CORE::$name" };
- die "$name is neither a builtin, nor a Perl subroutine"
- if $@;
- die "Cannot make a non-overridable builtin fatal"
- if not defined $proto;
- $core = 1;
- $call = "CORE::$name";
+ croak(sprintf(ERROR_NOT_BUILT,$name)) if $@;
+ croak(sprintf(ERROR_CANT_OVERRIDE,$name)) if not defined $proto;
+ $core = 1;
+ $call = "CORE::$name";
}
+
if (defined $proto) {
- $real_proto = " ($proto)";
+ $real_proto = " ($proto)";
} else {
- $real_proto = '';
- $proto = '@';
+ $real_proto = '';
+ $proto = '@';
}
- $code = <<EOS;
-sub$real_proto {
- local(\$", \$!) = (', ', 0);
-EOS
+
+ my $true_name = $core ? $call : $sub;
+
+ # TODO: This caching works, but I don't like using $void and
+ # $lexical as keys. In particular, I suspect our code may end up
+ # wrapping already wrapped code when autodie and Fatal are used
+ # together.
+
+ # NB: We must use '$sub' (the name plus package) and not
+ # just '$name' (the short name) here. Failing to do so
+ # results code that's in the wrong package, and hence has
+ # access to the wrong package filehandles.
+
+ if (my $subref = $Cached_fatalised_sub{$class}{$sub}{$void}{$lexical}) {
+ $class->_install_subs($pkg, { $name => $subref });
+ return $sref;
+ }
+
+ $code = qq[
+ sub$real_proto {
+ local(\$", \$!) = (', ', 0); # TODO - Why do we do this?
+ ];
+
+ # Don't have perl whine if exec fails, since we'll be handling
+ # the exception now.
+ $code .= "no warnings qw(exec);\n" if $call eq "CORE::exec";
+
my @protos = fill_protos($proto);
- $code .= write_invocation($core, $call, $name, @protos);
+ $code .= $class->write_invocation($core, $call, $name, $void, $lexical, $sub, @protos);
$code .= "}\n";
- print $code if $Debug;
+ warn $code if $Debug;
+
+ # I thought that changing package was a monumental waste of
+ # time for CORE subs, since they'll always be the same. However
+ # that's not the case, since they may refer to package-based
+ # filehandles (eg, with open).
+ #
+ # There is potential to more aggressively cache core subs
+ # that we know will never want to interact with package variables
+ # and filehandles.
+
{
- no strict 'refs'; # to avoid: Can't use string (...) as a symbol ref ...
- $code = eval("package $pkg; use Carp; $code");
- die if $@;
- local($^W) = 0; # to avoid: Subroutine foo redefined ...
- *{$sub} = $code;
+ local $@;
+ no strict 'refs'; ## no critic # to avoid: Can't use string (...) as a symbol ref ...
+ $code = eval("package $pkg; use Carp; $code"); ## no critic
+ if (not $code) {
+
+ # For some reason, using a die, croak, or confess in here
+ # results in the error being completely surpressed. As such,
+ # we need to do our own reporting.
+ #
+ # TODO: Fix the above.
+
+ _autocroak("Internal error in autodie/Fatal processing $true_name: $@");
+
+ }
}
+
+ # Now we need to wrap our fatalised sub inside an itty bitty
+ # closure, which can detect if we've leaked into another file.
+ # Luckily, we only need to do this for lexical (autodie)
+ # subs. Fatal subs can leak all they want, it's considered
+ # a "feature" (or at least backwards compatible).
+
+ # TODO: Cache our leak guards!
+
+ # TODO: This is pretty hairy code. A lot more tests would
+ # be really nice for this.
+
+ my $leak_guard;
+
+ if ($lexical) {
+
+ $leak_guard = qq<
+ package $pkg;
+
+ sub$real_proto {
+
+ # If we're inside a string eval, we can end up with a
+ # whacky filename. The following code allows autodie
+ # to propagate correctly into string evals.
+
+ my \$caller_level = 0;
+
+ while ( (caller \$caller_level)[1] =~ m{^\\(eval \\d+\\)\$} ) {
+ \$caller_level++;
+ }
+
+ # If we're called from the correct file, then use the
+ # autodying code.
+ goto &\$code if ((caller \$caller_level)[1] eq \$filename);
+
+ # Oh bother, we've leaked into another file. Call the
+ # original code. Note that \$sref may actually be a
+ # reference to a Fatalised version of a core built-in.
+ # That's okay, because Fatal *always* leaks between files.
+
+ goto &\$sref if \$sref;
+ >;
+
+
+ # If we're here, it must have been a core subroutine called.
+ # Warning: The following code may disturb some viewers.
+
+ # TODO: It should be possible to combine this with
+ # write_invocation().
+
+ foreach my $proto (@protos) {
+ local $" = ", "; # So @args is formatted correctly.
+ my ($count, @args) = @$proto;
+ $leak_guard .= qq<
+ if (\@_ == $count) {
+ return $call(@args);
+ }
+ >;
+ }
+
+ $leak_guard .= qq< croak "Internal error in Fatal/autodie. Leak-guard failure"; } >;
+
+ # warn "$leak_guard\n";
+
+ local $@;
+
+ $leak_guard = eval $leak_guard; ## no critic
+
+ die "Internal error in $class: Leak-guard installation failure: $@" if $@;
+ }
+
+ $class->_install_subs($pkg, { $name => $leak_guard || $code });
+
+ $Cached_fatalised_sub{$class}{$sub}{$void}{$lexical} = $leak_guard || $code;
+
+ return $sref;
+
+}
+
+# This subroutine exists primarily so that child classes can override
+# it to point to their own exception class. Doing this is significantly
+# less complex than overriding throw()
+
+sub exception_class { return "autodie::exception" };
+
+{
+ my %exception_class_for;
+ my %class_loaded;
+
+ sub throw {
+ my ($class, @args) = @_;
+
+ # Find our exception class if we need it.
+ my $exception_class =
+ $exception_class_for{$class} ||= $class->exception_class;
+
+ if (not $class_loaded{$exception_class}) {
+ if ($exception_class =~ /[^\w:']/) {
+ confess "Bad exception class '$exception_class'.\nThe '$class->exception_class' method wants to use $exception_class\nfor exceptions, but it contains characters which are not word-characters or colons.";
+ }
+
+ # Alas, Perl does turn barewords into modules unless they're
+ # actually barewords. As such, we're left doing a string eval
+ # to make sure we load our file correctly.
+
+ my $E;
+
+ {
+ local $@; # We can't clobber $@, it's wrong!
+ eval "require $exception_class"; ## no critic
+ $E = $@; # Save $E despite ending our local.
+ }
+
+ # We need quotes around $@ to make sure it's stringified
+ # while still in scope. Without them, we run the risk of
+ # $@ having been cleared by us exiting the local() block.
+
+ confess "Failed to load '$exception_class'.\nThis may be a typo in the '$class->exception_class' method,\nor the '$exception_class' module may not exist.\n\n $E" if $E;
+
+ $class_loaded{$exception_class}++;
+
+ }
+
+ return $exception_class->new(@args);
+ }
+}
+
+# For some reason, dying while replacing our subs doesn't
+# kill our calling program. It simply stops the loading of
+# autodie and keeps going with everything else. The _autocroak
+# sub allows us to die with a vegence. It should *only* ever be
+# used for serious internal errors, since the results of it can't
+# be captured.
+
+sub _autocroak {
+ warn Carp::longmess(@_);
+ exit(255); # Ugh!
+}
+
+package autodie::Scope::Guard;
+
+# This code schedules the cleanup of subroutines at the end of
+# scope. It's directly inspired by chocolateboy's excellent
+# Scope::Guard module.
+
+sub new {
+ my ($class, $handler) = @_;
+
+ return bless $handler, $class;
+}
+
+sub DESTROY {
+ my ($self) = @_;
+
+ $self->();
}
1;
=head1 NAME
-Fatal - replace functions with equivalents which succeed or die
+Fatal - Replace functions with equivalents which succeed or die
=head1 SYNOPSIS
use Fatal qw(open close);
+ open(my $fh, "<", $filename); # No need to check errors!
+
+ use File::Copy qw(move);
+ use Fatal qw(move);
+
+ move($file1, $file2); # No need to check errors!
+
sub juggle { . . . }
- import Fatal 'juggle';
+ Fatal->import('juggle');
+
+=head1 BEST PRACTICE
+
+B<Fatal has been obsoleted by the new L<autodie> pragma.> Please use
+L<autodie> in preference to C<Fatal>. L<autodie> supports lexical scoping,
+throws real exception objects, and provides much nicer error messages.
+
+The use of C<:void> with Fatal is discouraged.
=head1 DESCRIPTION
-C<Fatal> provides a way to conveniently replace functions which normally
-return a false value when they fail with equivalents which halt execution
-if they are not successful. This lets you use these functions without
-having to test their return values explicitly on each call. Errors are
-reported via C<die>, so you can trap them using C<$SIG{__DIE__}> if you
-wish to take some action before the program exits.
+C<Fatal> provides a way to conveniently replace
+functions which normally return a false value when they fail with
+equivalents which raise exceptions if they are not successful. This
+lets you use these functions without having to test their return
+values explicitly on each call. Exceptions can be caught using
+C<eval{}>. See L<perlfunc> and L<perlvar> for details.
The do-or-die equivalents are set up simply by calling Fatal's
C<import> routine, passing it the names of the functions to be
replaced. You may wrap both user-defined functions and overridable
-CORE operators (except C<exec>, C<system> which cannot be expressed
-via prototypes) in this way.
+CORE operators (except C<exec>, C<system>, C<print>, or any other
+built-in that cannot be expressed via prototypes) in this way.
+
+If the symbol C<:void> appears in the import list, then functions
+named later in that import list raise an exception only when
+these are called in void context--that is, when their return
+values are ignored. For example
+
+ use Fatal qw/:void open close/;
+
+ # properly checked, so no exception raised on error
+ if (not open(my $fh, '<' '/bogotic') {
+ warn "Can't open /bogotic: $!";
+ }
+
+ # not checked, so error raises an exception
+ close FH;
+
+The use of C<:void> is discouraged, as it can result in exceptions
+not being thrown if you I<accidentally> call a method without
+void context. Use L<autodie> instead if you need to be able to
+disable autodying/Fatal behaviour for a small block of code.
+
+=head1 DIAGNOSTICS
+
+=over 4
+
+=item Bad subroutine name for Fatal: %s
+
+You've called C<Fatal> with an argument that doesn't look like
+a subroutine name, nor a switch that this version of Fatal
+understands.
+
+=item %s is not a Perl subroutine
+
+You've asked C<Fatal> to try and replace a subroutine which does not
+exist, or has not yet been defined.
+
+=item %s is neither a builtin, nor a Perl subroutine
+
+You've asked C<Fatal> to replace a subroutine, but it's not a Perl
+built-in, and C<Fatal> couldn't find it as a regular subroutine.
+It either doesn't exist or has not yet been defined.
+
+=item Cannot make the non-overridable %s fatal
+
+You've tried to use C<Fatal> on a Perl built-in that can't be
+overridden, such as C<print> or C<system>, which means that
+C<Fatal> can't help you, although some other modules might.
+See the L</"SEE ALSO"> section of this documentation.
+
+=item Internal error: %s
+
+You've found a bug in C<Fatal>. Please report it using
+the C<perlbug> command.
+
+=back
+
+=head1 BUGS
+
+C<Fatal> clobbers the context in which a function is called and always
+makes it a scalar context, except when the C<:void> tag is used.
+This problem does not exist in L<autodie>.
+
+"Used only once" warnings can be generated when C<autodie> or C<Fatal>
+is used with package filehandles (eg, C<FILE>). It's strongly recommended
+you use scalar filehandles instead.
=head1 AUTHOR
-Lionel.Cons@cern.ch
+Original module by Lionel Cons (CERN).
+
+Prototype updates by Ilya Zakharevich <ilya@math.ohio-state.edu>.
+
+L<autodie> support, bugfixes, extended diagnostics, C<system>
+support, and major overhauling by Paul Fenwick <pjf@perltraining.com.au>
+
+=head1 LICENSE
+
+This module is free software, you may distribute it under the
+same terms as Perl itself.
+
+=head1 SEE ALSO
+
+L<autodie> for a nicer way to use lexical Fatal.
-prototype updates by Ilya Zakharevich ilya@math.ohio-state.edu
+L<IPC::System::Simple> for a similar idea for calls to C<system()>
+and backticks.
=cut
projects / p5sagit/p5-mst-13.2.git / blobdiff