• Advertisement
Sign in to follow this  
  • entries
    37
  • comments
    68
  • views
    46685

developer rant #1: the script engine tirade

Sign in to follow this  

504 views

Is it too much to ask for a sane, object oriented scripting language that isn't a bitch to embed? I've been doing some eyeballing of scripting languages to embed for a project, and the four that I've come up with (Python, Ruby, Lua, and Squirrel), in my opinion, all fall short. Python, while by far the easiest to embed (thank you, Boost programmers), suffers from the strange and esoteric tabbing issue, which is enough to prevent me from really doing anything with the language. Ruby is the best in terms of language, but the embedding documentation is severely lacking and the embedding itself is sort of wierded out. Lua and Squirrel both share a whacky stack which has defyed all my attempts to understand it.

This places me in the boat to attempt to create my own scripting language, a procedure fraught with peril. As such, many previous attempts by others that I've been privy to have mostly been highly simple affairs where each statement is little more than a cover for a C function. While these languages have ease of use and a generally easy description (one can create the entire scripting engine in a day with lex and yacc) they're a real bitch to extend.

Another issue that comes to mind is the standard libraries for all these languages. When embedding a scripting language into a program, there's certain library features you don't want, and others you do want that aren't there. When you're faced with missing features, it's usually not too hard to just buckle down and write a module or extension library for the langauge that adds them. When you need to ensure that the file system is inaccessable, you have a problem. If the language has file IO functions built right into it, it's automatically unusable. Otherwise, if those functions are built into the language's standard library of functions, you might be able to get rid of them, but at great cost, since there might be a lot of other standard library code that builds upon the file system stuff.

(If you think that the file system example is silly, think of this. A lot of people run their computers using an unlimited or administrator account. A cracker who trojans his destructive code as a mod for your game could, with access to the file system and/or networking, bomb the system by deleting critical files, download and replace certain other files, install spyware, or in fact have the fake mod work as spyware, slurping up data from the user's files. You don't want that happening to you and your players don't want it happening to them.)
Sign in to follow this  


10 Comments


Recommended Comments

So, after a period of inactivity, my developer journal once again sees use. Anyway, this is the first in a series of posts I call "developer rants" in which I spew invective and wax insulting on one issue or another. Chances are half of them are due to a misunderstanding on my part, and other times it'll be complaining about something that I'm just too lazy to change.

The purpose of the exercise is to garner comments, thoughts, and ideas related to the rant topics. At the same time, it's also to help others gain an understanding of some lesser known things, such as the security issues with scripting or the like.

So, comment away! I'll probably not reply to your comments, but at least we get to see more than just one opinion.

Share this comment


Link to comment
On the Lua note, I've been using it a bit via LuaBind, which once you get past the 'written against an old version of boost' problem is pretty easy to use.. at least imo.

I also recall hearing that Luabind is going to be merged into boost along side python to form a kinda core scripting language hook system kinda thing.. which would be cool if i didnt dream it [grin]

Share this comment


Link to comment
I've been messing around with AngelScript for the last while and since it wasn't on your list I thought I'd recommend it. I'm finding it very easy to integrate it with C++, and to do all those menial tasks like loading in scripts and running them on command are really straight forward compared to some.

Share this comment


Link to comment
I've noticed that so far, everyone's harping on how this language and that language are soooo much easier to integrate. But security, the harder topic, is being ignored. Seriously, it's only a matter of time before fake mods wielding spyware and virii start swarming your favourite video games.

Don't make me write a proof of concept, because I'm too lazy.

Share this comment


Link to comment
Just ask the Azgard what scripting language they use. [smile] Seriously though, I'd be interested to see what option you go with.

Share this comment


Link to comment
noaktree: You mean to say Asgard.

Feral: That does not at all answer the security issues that I am raising here. Not in the slightest.

Share this comment


Link to comment
Alright, I have to admit that I did a disservice to Lua. Lua's standard library, when used, does not give scripts access to all parts of it; in fact, you have to explicitly call certain functions from C to allow scripts to use any part. These parts are:
* Basic functions (function call: luaopen_base)
* String functions (function call: luaopen_string)
* Table functions (function call: luaopen_table)
* Math functions (function call: luaopen_math)
* I/O & OS functions (function call: luaopen_io)
* Debug functions (function call: luaopen_debug)

Because of certain functions within them, the debug and I/O functions should be blocked from scripts. In addition, certain basic functions also require prevention. It may be easier to not use the basic functionality of the standard library at all, but even if you do use it, you will want to block out loadlib, and possibly others (rawget, rawset, and anything dealing with metatables and environments).

That all said, maybe I will use Lua for my project, if I can find a binding package that hides the wierd-ass stack machine from me.

Share this comment


Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Advertisement