Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Add a comment to the Lemon documentation regarding the security of the lemon.exe command-line tool. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
4c2458c1908181dc2f6bc594395c06d0 |
User & Date: | drh 2017-06-01 01:53:19.186 |
Context
2017-06-02
| ||
13:16 | Fix a typo in the header comment of the "series.c" virtual table extension. (check-in: d637feb4e3 user: drh tags: trunk) | |
2017-06-01
| ||
01:53 | Add a comment to the Lemon documentation regarding the security of the lemon.exe command-line tool. (check-in: 4c2458c190 user: drh tags: trunk) | |
2017-05-31
| ||
17:30 | Add the SQLITE_STMTSTATUS_MEMUSED opcode to sqlite3_stmt_status() for finding the heap memory usage by a single prepared statement. (check-in: c26cf978ee user: drh tags: trunk) | |
Changes
Changes to doc/lemon.html.
︙ | ︙ | |||
18 19 20 21 22 23 24 25 26 27 28 29 30 31 | Lemon also implements features that can be used to eliminate resource leaks, making is suitable for use in long-running programs such as graphical user interfaces or embedded controllers.</p> <p>This document is an introduction to the Lemon parser generator.</p> <h2>Theory of Operation</h2> <p>The main goal of Lemon is to translate a context free grammar (CFG) for a particular language into C code that implements a parser for that language. The program has two inputs: | > > > > > > > > > > > > > > > > > > > > | 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | Lemon also implements features that can be used to eliminate resource leaks, making is suitable for use in long-running programs such as graphical user interfaces or embedded controllers.</p> <p>This document is an introduction to the Lemon parser generator.</p> <h2>Security Note</h2> <p>The language parser code created by Lemon is very robust and is well-suited for use in internet-facing applications that need to safely process maliciously crafted inputs. <p>The "lemon.exe" command-line tool itself works great when given a valid input grammar file and almost always gives helpful error messages for malformed inputs. However, it is possible for a malicious user to craft a grammar file that will cause lemon.exe to crash. We do not see this as a problem, as lemon.exe is not intended to be used with hostile inputs. To summarize:</p> <ul> <li>Parser code generated by lemon → Robust and secure <li>The "lemon.exe" command line tool itself → Not so much </ul> <h2>Theory of Operation</h2> <p>The main goal of Lemon is to translate a context free grammar (CFG) for a particular language into C code that implements a parser for that language. The program has two inputs: |
︙ | ︙ |