guile-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC: (ice-9 sandbox)


From: Andy Wingo
Subject: Re: RFC: (ice-9 sandbox)
Date: Fri, 31 Mar 2017 18:26:39 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

On Fri 31 Mar 2017 13:33, address@hidden (Ludovic Courtès) writes:

> Andy Wingo <address@hidden> skribis:
>
> The allocations that trigger ‘after-gc-hook’ could be caused by a
> separate thread, right?  That’s probably an acceptable limitation, but
> one to be aware of.

Ah yes, we should document this.  Sadly we just don't have very good
metrics here.

> Also, if the code does:
>
>   (make-bytevector (expt 2 32))
>
> then ‘after-gc-hook’ run too late, as the comment notes.

Yep.

> IIUC ‘@@’ in unavailable in the returned module, right?

Correct.  You could put it there but that's a bad ideal.

> Isn’t make-fresh-user-module + purify-module! equivalent to just
> (make-module)?

No, beautify-user-module! does a few more things too.  I was thinking
that we would want to be able to work on the public interface of the
module so I wanted to make sure it was there but in retrospect we don't
need it and can probably simplify things I guess.

>> ;; These can only form part of a safe binding set if no mutable
>> ;; pair is exposed to the sandbox.
>> (define *mutating-pair-bindings*
>>   '(((guile)
>>      set-car!
>>      set-cdr!)))
>
> When used on a literal pair (mapped read-only), these can cause a
> segfault.  Now since the code is ‘eval’d, the only literal pairs it can
> see are those passed by the caller I suppose, so this may be safe?

Who knows.  I mean vector-set! can also cause segfaults.  I think we
should fix that situation to throw an exception.

>> (define *all-pure-and-impure-bindings*
>>   (append *all-pure-bindings*
>
> Last but not least: why all the stars?  :-)
> I’m used to ‘%something’.

For me I read % as being pronounced "sys" and indicating internal
bindings.  Why do you use it for globals?  Is it your proposal that we
use it for globals?

Andy



reply via email to

[Prev in Thread] Current Thread [Next in Thread]