On Tue, Mar 01, 2005 at 10:18:17PM +0200, Tuomo Valkonen wrote: > On Tue, Mar 01, 2005 at 08:55:40PM +0100, Matthieu Moy wrote: > > Restricting the list of available functions is dangerous > > because it's hard to know if a function call will not call another > > function that will itself trigger a hook which itself will call a > > forbidden function or something like this. > > It becomes a bit easier if we only allow in a given context "pure" > functions that do not (seem to) modify program state. Of course it's > not foolproof, but much easier than trying to find exactly the functions > that are safe to call.
I have partly implemented this solution, and am leaning towards it, although I haven't finally decided. Another problem with the other solution is synchronisation with what else is going on. With all the hook calls could be deferred to the main loop during a single event processing call from there, one would sometimes infact have to defer stuff from the already deferred handlers to yet another handler, or otherwise a hook might mess up the situation for the next hook. In the protected mode solution the script writer would similarly have to defer unsafe processing until the mainloop. So, in the end, deferring hook calling in the end doesn't win much for the script writer, and the code is more messy. -- Tuomo
