On Fri 31 Mar 2017 23:41, l...@gnu.org (Ludovic Courtès) writes: > Andy Wingo <wi...@pobox.com> skribis: > >> On Fri 31 Mar 2017 13:33, l...@gnu.org (Ludovic Courtès) writes: > > [...] > >>>> ;; These can only form part of a safe binding set if no mutable >>>> ;; pair is exposed to the sandbox. >>>> (define *mutating-pair-bindings* >>>> '(((guile) >>>> set-car! >>>> set-cdr!))) >>> >>> When used on a literal pair (mapped read-only), these can cause a >>> segfault. Now since the code is ‘eval’d, the only literal pairs it can >>> see are those passed by the caller I suppose, so this may be safe? >> >> Who knows. I mean vector-set! can also cause segfaults. I think we >> should fix that situation to throw an exception. > > Yes, that would be nice, though I suppose it’s currently tricky to > achieve no? Maybe that newfangled ‘userfaultfd’ will save us all.
Maybe :) I mean it's possible now to catch SIGSEGV. I just sent a patch to guile-devel; wdyt? Needs docs & tests of course. >>>> (define *all-pure-and-impure-bindings* >>>> (append *all-pure-bindings* >>> >>> Last but not least: why all the stars? :-) >>> I’m used to ‘%something’. >> >> For me I read % as being pronounced "sys" and indicating internal >> bindings. Why do you use it for globals? Is it your proposal that we >> use it for globals? > > I tend to do that but I realize I must be a minority here. Let it be > stars then. :-) I think that like you, I learned Scheme conventions in an ad-hoc way, apeing conventions from many sources (Guile's own code, Common Lisp, random Scheme). I would be happy if we could be a bit more purposeful about our conventions and I would be happy to change mine :) % can work fine :) Andy
