Andy Wingo <wi...@pobox.com> skribis: > On Fri 31 Mar 2017 13:33, l...@gnu.org (Ludovic Courtès) writes:
[...] >>> ;; These can only form part of a safe binding set if no mutable >>> ;; pair is exposed to the sandbox. >>> (define *mutating-pair-bindings* >>> '(((guile) >>> set-car! >>> set-cdr!))) >> >> When used on a literal pair (mapped read-only), these can cause a >> segfault. Now since the code is ‘eval’d, the only literal pairs it can >> see are those passed by the caller I suppose, so this may be safe? > > Who knows. I mean vector-set! can also cause segfaults. I think we > should fix that situation to throw an exception. Yes, that would be nice, though I suppose it’s currently tricky to achieve no? Maybe that newfangled ‘userfaultfd’ will save us all. >>> (define *all-pure-and-impure-bindings* >>> (append *all-pure-bindings* >> >> Last but not least: why all the stars? :-) >> I’m used to ‘%something’. > > For me I read % as being pronounced "sys" and indicating internal > bindings. Why do you use it for globals? Is it your proposal that we > use it for globals? I tend to do that but I realize I must be a minority here. Let it be stars then. :-) Thanks for working on this! Ludo’.
