Ciao, "Jon Wilson" wrote: >What does PURIFY-MODULE! actually do? [...] Removes >bindings in MODULE which are inherited from the (guile) >module. [...] I think the mechanics of what it does are >clear enough, but from my understanding of modules, it >seems essentially useless.
You are right. I have not inspected MAKE-MODULE (shame on me), I blindly assumed that PURIFY-MODULE! has the same effect of the '#:pure' option to DEFINE-MODULE. >Is there any reason why you chose to read and eval >the file manually rather than using LOAD with the >current module set to asl-interp? Because: 1. it does not require the dynamic wind to switch module, so the code is shorter; 2. if you have the string, you can preprocess/validate it before evaluating it; I know that this is what the ASL interpreter is supposed to do... 3. if you modify the code I posted to use some other thing than WITH-INPUT-FROM-FILE you can write more user friendly error messages in case the file is not loadable; 4. it is not clear to me why Guile allows the invocation of LOAD in a pure module, with the dynamic-wind-like solution; I think that I understand the mechanics of it (when the function is read the symbol LOAD is substituted), but IMHO it is an error; 5. if one wants to load a file in ASL, it is better to have a specialised version of LOAD in the ASL interpreter that checks the file extension, the source directory in a selected path, etc, and finally that builds more user friendly error messages. >How can I evaluate the safety of various things I might >add in? This needs some thought, it is the same as: how can I make secure CGI scripts for the web? Random list: 1. deny everything, allow selected; 2. do not allow direct file system access; 3. do not allow direct network access; 4. do not allow direct access to environment variables; 5. do not use EVAL and the like on user expressions in the uplevel module; 6. put a limit on the represented data length and the number of records, so that they cannot be generated in an endless loop (in case you allow looping stuff in ASL, which could be useful). -- Marco Maggi "They say jump!, you say how high?" Rage Against the Machine - "Bullet in the Head" _______________________________________________ Guile-user mailing list Guile-user@gnu.org http://lists.gnu.org/mailman/listinfo/guile-user