[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Logs-devel] questions
From: |
Jim Prewett |
Subject: |
Re: [Logs-devel] questions |
Date: |
Tue, 23 May 2006 06:10:00 -0600 (MDT) |
> First off, what I feel is a peep-hole optimization:
>
> Why is the LoGS-debug macro defined as
> (defmacro LoGS-debug (message &rest rest)
> `(when +debug+
> (format t ,message ,@rest)))
>
> and not
>
> (defmacro LoGS-debug (message &rest rest)
> `(when ,+debug+ ; notice the comma
> (format t ,message ,@rest)))
yeah, I think that is a bug! :)
I have always thought of LoGS as just an excuse for me to learn some Lisp
(and actually use it for something that I need help with, not writing
stupid trivial mapcar down a list sort of 'Lisp programs' and not writing
'AI' type programs; not Computer Science class toys in other words :)
I've always thought Lisp would be a good language to write a 'real
program' in. I've learned a *lot* in the last 3 1/2-ish years :)
Let me make sure I understand: My version ends up producing code:
(when +debug+ ... ) and therefore checks the 'current' value of +debug+
whereas your version ends up producing code: (when t ... ) and therefore,
the value of +debug+ is set. I'm sure that your code is correct.
I wouldn't be surprised if most compilers did about the same thing with
both pieces of code since +debug+ is declared as a constant; I'm not sure
that we'll actually see any speed-up from this optimization. I believe
that I *intended* to have your version :)
There are some *real gems* of macros in the LoGS source ;) I discovered a
*stupid* bug in file-write a version or so ago that was sort-of simular
to this. :)
> In Parlance.lisp, for MATCH-REGEXP-BINDING-LIST
>
> I think you meant:
>
> OLD:
> ! (when matches
> ! (let ((sub-matches (copy-array-add-zeroeth-element
> sub-matches matches)))
> ! (unless (eql (length sub-matches) (length binding-list))
> ! (error "binding and match length mis-match~%"))
>
> NEW:
> + (when matches
> + (let ((sub-matches (if use-full-match
> + (copy-array-add-zeroeth-element
> + sub-matches matches)
> + sub-matches)))
> + (unless (eql (length sub-matches) (length binding-list))
> + (error "binding and match length mis-match ~A ~A~%"
> + sub-matches binding-list))
>
> btw, how do you use this function?
>
> I tried
> (let* ((message (make-instance 'message :message "one(two)(three)four"))
> (rule (make-instance
> 'rule
> :match (match-regexp-binding-list "one(two)(three)four" '($1 $2))
> :actions
> (lambda (message matches sub-matches)
> (declare (ignore message matches sub-matches))
> (format t "at least it matched.")
> ;; How do I refer to that $1 and $2 above?
> (list (list '$1 '$2)))))
> (ruleset (make-instance 'ruleset)))
> (enqueue ruleset rule)
> (check-rule ruleset message))
>
> Why doesn't this match? And how do I use the bindings made?
first off, that regexp is not going to match that message! :) I think you
meant for the message to be "onetwothreefour", not "one(two)(three)four".
What should be happening here is that the regexp matches, and the match
function, as usual, returns a set (list of lists) of 'bindings' to be used
in the action function. Above, it should be returning something like:
(($1 "two")
($2 "three"))
Then, in the action function, you may refer to them as normal variables
(they are special variables bound before the actions are called).
;; off the *top* of my head, totally naked without my REPL in front of
;; me... I think it might look something like this:
(let* ((message (make-instance :message :message "one two three four"))
(ruleset (make-instance 'ruleset))
(rule (make-instance
'rule
:match (match-regexp-binding-list
"one (\\w+) (\\w+) four"
'($1 $2))
:actions
(list
(lambda (message)
(format t "$1: ~A $2: ~A~%" $1 $2))))))
(enqueue ruleset rule)
(check-rule ruleset message))
the point here, which you seem to have picked up on, is to make the Perl
guys feel more at home (at some point in the future) by making it easy to
specify a regexp like "one(two)(three)four" and when it matches have $1
and $2 bound to "two" and "three" respectively in the action function.
Also, something like this will really help when I finally get around to
implementing LoGSurfer, a re-implementation of Logsurfer in LoGS :) Kerry
Thompson is going to hate me ;)
(If you did not know, I am /technically/ a developer of Logsurfer+ with
Kerry Thompson and Wolfgang Ley. They do all the hard work.)
> This question is _really_ nitpicking, but I'm curious: Why are the
> defgenerics for CHECK-RULE and CHECK-RULES the exact opposite in
> order?
>
> (defgeneric check-rule (rule message)) and
> (defgeneric check-rules (message ruleset))
part of it is that that is just how it has always been :) In comparison
to the magnitude of *most* of the mistakes in LoGS, this is minor ;P
we should be able to refactor that one quite quickly I'd think. Thats
been one of those things I've always been meaning to get to :)
> I also have an incomplete mail in which I'm comparing SEC rules vs
> LoGS rules. Before I actually finish writing all of that and getting
> to work on the macro ideas I have (most of which you've already
> implemented in Parlance.lisp).
Parlance needs a *lot* of help :) Thats the shakiest file in all of LoGS
:) There are a lot of half-implemented ideas, probably a few bad ideas,
and who knows what evil is lurking in that file ;)
Jim