From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Andy Wingo Newsgroups: gmane.lisp.guile.devel Subject: Re: RFC: (ice-9 sandbox) Date: Fri, 31 Mar 2017 18:26:39 +0200 Message-ID: <87mvc19zuo.fsf@pobox.com> References: <87r31daj8n.fsf@pobox.com> <871std65px.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1490977665 8603 195.159.176.226 (31 Mar 2017 16:27:45 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 31 Mar 2017 16:27:45 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) Cc: guile-devel@gnu.org To: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Original-X-From: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Fri Mar 31 18:27:41 2017 Return-path: Envelope-to: guile-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ctzOU-0008SU-AC for guile-devel@m.gmane.org; Fri, 31 Mar 2017 18:27:22 +0200 Original-Received: from localhost ([::1]:41918 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ctzOa-00082B-6l for guile-devel@m.gmane.org; Fri, 31 Mar 2017 12:27:28 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48740) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ctzO2-0007jm-Fj for guile-devel@gnu.org; Fri, 31 Mar 2017 12:26:55 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ctzNz-0003AF-C4 for guile-devel@gnu.org; Fri, 31 Mar 2017 12:26:54 -0400 Original-Received: from pb-sasl1.pobox.com ([64.147.108.66]:63848 helo=sasl.smtp.pobox.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ctzNz-00038I-5i; Fri, 31 Mar 2017 12:26:51 -0400 Original-Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by pb-sasl1.pobox.com (Postfix) with ESMTP id 087E962965; Fri, 31 Mar 2017 12:26:49 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type:content-transfer-encoding; s=sasl; bh=uI4RHGixHUY9 6x0S5Qd/ghWdZPI=; b=xo6oG7IayzYjFaDwIKtRpVzJT3tKDcLqcOsKIeh7vnXU 9PNpS+Vo/ca9PIXNC1GnLmoBciq+aMCHULCG6ZkKHUZNzcp1kLVcZrphslZ+XzFg IVJ7ud57jgAf9Hlgtsuav51MVsy371+hClxvUo0uXagC0J4PeNs6nws/yDriL3g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type:content-transfer-encoding; q=dns; s=sasl; b=Xet+pO zYikAuDZdpA20Vihr691xCsPbWY9gT78hQBu6Z2vmpxVoBGog6/OiY1q3+n6s6QR 0obW2AzmQww8AXwxkv64cw1rAO663sFMAaBlvUjTLPjR8o3dSuqEb8MioQ7GIJzp ub4SjqWtm+pV7HobjPuJR7GQxndNNwMtuR3rQ= Original-Received: from pb-sasl1.nyi.icgroup.com (unknown [127.0.0.1]) by pb-sasl1.pobox.com (Postfix) with ESMTP id 0120B62964; Fri, 31 Mar 2017 12:26:49 -0400 (EDT) Original-Received: from clucks (unknown [88.160.190.192]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pb-sasl1.pobox.com (Postfix) with ESMTPSA id E1D0862963; Fri, 31 Mar 2017 12:26:47 -0400 (EDT) In-Reply-To: <871std65px.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Fri, 31 Mar 2017 13:33:30 +0200") X-Pobox-Relay-ID: D68F9432-162E-11E7-B9A3-B667064AB293-02397024!pb-sasl1.pobox.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 64.147.108.66 X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Original-Sender: "guile-devel" Xref: news.gmane.org gmane.lisp.guile.devel:19080 Archived-At: On Fri 31 Mar 2017 13:33, ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Andy Wingo skribis: > > The allocations that trigger =E2=80=98after-gc-hook=E2=80=99 could be cau= sed by a > separate thread, right? That=E2=80=99s probably an acceptable limitation= , but > one to be aware of. Ah yes, we should document this. Sadly we just don't have very good metrics here. > Also, if the code does: > > (make-bytevector (expt 2 32)) > > then =E2=80=98after-gc-hook=E2=80=99 run too late, as the comment notes. Yep. > IIUC =E2=80=98@@=E2=80=99 in unavailable in the returned module, right? Correct. You could put it there but that's a bad ideal. > Isn=E2=80=99t make-fresh-user-module + purify-module! equivalent to just > (make-module)? No, beautify-user-module! does a few more things too. I was thinking that we would want to be able to work on the public interface of the module so I wanted to make sure it was there but in retrospect we don't need it and can probably simplify things I guess. >> ;; These can only form part of a safe binding set if no mutable >> ;; pair is exposed to the sandbox. >> (define *mutating-pair-bindings* >> '(((guile) >> set-car! >> set-cdr!))) > > When used on a literal pair (mapped read-only), these can cause a > segfault. Now since the code is =E2=80=98eval=E2=80=99d, the only litera= l pairs it can > see are those passed by the caller I suppose, so this may be safe? Who knows. I mean vector-set! can also cause segfaults. I think we should fix that situation to throw an exception. >> (define *all-pure-and-impure-bindings* >> (append *all-pure-bindings* > > Last but not least: why all the stars? :-) > I=E2=80=99m used to =E2=80=98%something=E2=80=99. For me I read % as being pronounced "sys" and indicating internal bindings. Why do you use it for globals? Is it your proposal that we use it for globals? Andy