[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GNU Guile 2.2.1 released

From: Andy Wingo
Subject: GNU Guile 2.2.1 released
Date: Wed, 19 Apr 2017 19:22:59 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

We are happy to announce GNU Guile release 2.2.1, the first bug-fix
release in the new 2.2 stable release series.

This release adds a "sandbox" facility that can run code from untrusted
users.  It also includes a compiler and runtime change that ensures that
attempts to mutate literal constants will always throw an exception.
Before this change, the mutation would either succeed, potentially
corrupting further use of that constant or other constants sharing
structure with it, or cause a segmentation fault if that data happened
to be mapped read-only.  See the NEWS excerpt that follows for full

                             *  *  *

Guile is an implementation of the Scheme programming language.

The Guile web page is located at, and
among other things, it contains a copy of the Guile manual and pointers
to more resources.

Guile can run interactively, as a script interpreter, and as a Scheme
compiler to VM bytecode.  It is also packaged as a library so that
applications can easily incorporate a complete Scheme interpreter/VM.
An application can use Guile as an extension language, a clean and
powerful configuration language, or as multi-purpose "glue" to connect
primitives provided by the application.  It is easy to call Scheme code
>From C code and vice versa.  Applications can add new functions, data
types, control structures, and even syntax to Guile, to create a
domain-specific language tailored to the task at hand.

Guile implements many common Scheme standards, including R5RS, R6RS, and
a number of SRFIs.  In addition, Guile includes its own module system,
full access to POSIX system calls, networking support, multiple threads,
dynamic linking, a foreign function call interface, and powerful string

Guile 2.2.1 can be installed in parallel with Guile 2.0.x; see

                             *  *  *

Changes in 2.2.1 (since 2.2.0):

* Notable changes

** New sandboxed evaluation facility

Guile now has a way to execute untrusted code in a safe way.  See
"Sandboxed Evaluation" in the manual for full details, including some
important notes on limitations on the sandbox's ability to prevent
resource exhaustion.

** All literal constants are read-only

According to the Scheme language definition, it is an error to attempt
to mutate a "constant literal".  A constant literal is data that is a
literal quoted part of a program.  For example, all of these are errors:

  (set-car! '(1 . 2) 42)
  (append! '(1 2 3) '(4 5 6))
  (vector-set! '#(a b c) 1 'B)

Guile takes advantage of this provision of Scheme to deduplicate shared
structure in constant literals within a compilation unit, and to
allocate constant data directly in the compiled object file.  If the
data needs no relocation at run-time, as is the case for pairs or
vectors that only contain immediate values, then the data can actually
be shared between different Guile processes, using the operating
system's virtual memory facilities.

However, in Guile 2.2.0, constants that needed relocation were actually
mutable -- though (vector-set! '#(a b c) 1 'B) was an error, Guile
wouldn't actually cause an exception to be raised, silently allowing the
mutation.  This could affect future users of this constant, or indeed of
any constant in the compilation unit that shared structure with the
original vector.

Additionally, attempting to mutate constant literals mapped in the
read-only section of files would actually cause a segmentation fault, as
the operating system prohibits writes to read-only memory.  "Don't do
that" isn't a very nice solution :)

Both of these problems have been fixed.  Any attempt to mutate a
constant literal will now raise an exception, whether the constant needs
relocation or not.

** Syntax objects are now a distinct type

It used to be that syntax objects were represented as a tagged vector.
These values could be forged by users to break scoping abstractions,
preventing the implementation of sandboxing facilities in Guile.  We are
as embarrassed about the previous situation as we pleased are about the
fact that we've fixed it.

Unfortunately, during the 2.2 stable series (or at least during part of
it), we need to support files compiled with Guile 2.2.0.  These files
may contain macros that contain legacy syntax object constants.  See the
discussion of "allow-legacy-syntax-objects?" in "Syntax Transformer
Helpers" in the manual for full details.

* Bug fixes

*** Fix snarfing with -ggdb3 (#25803)
*** Fix spurious snarf warnings for net_db.c
*** Output statprof flat display to correct port
*** Document guile-2.2 cond-expand feature
*** Add --with-bdw-gc for BSDs that use bdw-gc-threaded (see README)
*** Documentation typo fixes (#26188)
*** Fix SRFI-9 date->string bugs with ~N and ~F (#26261, #26260, #26259)
*** SRFI-19 current-time-monotonic returns time of right type (#26329)
*** Avoid causing GC when looking up exception handler
*** Increment objcode version, in a compatible way
*** Fix compile warning in (system base types)
*** Only run tests that require fork if it is provided
*** Speed up procedure-minimum-arity for fixed arity
*** REPL server tests catch ECONNABORTED
*** Avoid deprecated argument to setvbuf in (web client)
*** Remove non-existent 'open-connection-for-uri' export from (web client)

                             *  *  *

Here are the compressed sources:   (18MB)   (10MB)   (9MB)

Here are the GPG detached signatures[*]:

Use a mirror for higher download bandwidth:

Here are the SHA256 checksums:


[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify guile-2.2.1.tar.gz.sig

If that command fails because you don't have the required public key,
then run this command to import it:

  gpg --keyserver --recv-keys 

and rerun the 'gpg --verify' command.

This release was bootstrapped with the following tools:
  Autoconf 2.69
  Automake 1.15
  Libtool 2.4.6
  Gnulib v0.1-1157-gb03f418
  Makeinfo 6.3

Thanks Sergei Trofimovich, Dale Smith, Freja Nordsiek, Matt Wette,
Andrew Moss, and Michael Gran, who all contributed to this release.

Happy hacking with Guile,

Andy, Ludovic, and Mark

reply via email to

[Prev in Thread] Current Thread [Next in Thread]