[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC: (ice-9 sandbox)
From: |
Ludovic Courtès |
Subject: |
Re: RFC: (ice-9 sandbox) |
Date: |
Mon, 03 Apr 2017 17:35:46 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Andy Wingo <address@hidden> skribis:
> On Fri 31 Mar 2017 23:41, address@hidden (Ludovic Courtès) writes:
>
>> Andy Wingo <address@hidden> skribis:
>>
>>> On Fri 31 Mar 2017 13:33, address@hidden (Ludovic Courtès) writes:
>>
>> [...]
>>
>>>>> ;; These can only form part of a safe binding set if no mutable
>>>>> ;; pair is exposed to the sandbox.
>>>>> (define *mutating-pair-bindings*
>>>>> '(((guile)
>>>>> set-car!
>>>>> set-cdr!)))
>>>>
>>>> When used on a literal pair (mapped read-only), these can cause a
>>>> segfault. Now since the code is ‘eval’d, the only literal pairs it can
>>>> see are those passed by the caller I suppose, so this may be safe?
>>>
>>> Who knows. I mean vector-set! can also cause segfaults. I think we
>>> should fix that situation to throw an exception.
>>
>> Yes, that would be nice, though I suppose it’s currently tricky to
>> achieve no? Maybe that newfangled ‘userfaultfd’ will save us all.
>
> Maybe :) I mean it's possible now to catch SIGSEGV. I just sent a
> patch to guile-devel; wdyt? Needs docs & tests of course.
Neat! I’ll look into it.
>>>>> (define *all-pure-and-impure-bindings*
>>>>> (append *all-pure-bindings*
>>>>
>>>> Last but not least: why all the stars? :-)
>>>> I’m used to ‘%something’.
>>>
>>> For me I read % as being pronounced "sys" and indicating internal
>>> bindings. Why do you use it for globals? Is it your proposal that we
>>> use it for globals?
>>
>> I tend to do that but I realize I must be a minority here. Let it be
>> stars then. :-)
>
> I think that like you, I learned Scheme conventions in an ad-hoc way,
> apeing conventions from many sources (Guile's own code, Common Lisp,
> random Scheme). I would be happy if we could be a bit more purposeful
> about our conventions and I would be happy to change mine :) %
> can work fine :)
I grepped Guile and it seems that stars are actually more common for
globals than % (I thought it was the opposite but as you say, I kind of
discovered/invented the conventions.)
Riastradh’s document at <http://mumble.net/~campbell/scheme/style.txt>
has this:
Affix asterisks to the beginning and end of a globally mutable
variable. This allows the reader of the program to recognize very
easily that it is badly written!
… but it doesn’t say anything about constants nor about %.
It could be ‘all-pure-bindings’, or ‘*all-pure-bindings*’, or
‘%all-pure-bindings’. So, dunno, as you see fit!
Ludo’.