Joshua Haberman
7/20/2006 3:51:00 PM
On Fri, Jul 21, 2006 at 12:30:14AM +0900, why the lucky stiff wrote:
> On Thu, Jul 20, 2006 at 03:00:23PM +0900, Yukihiro Matsumoto wrote:
> > I'd like to have it in the standard distribution once it become
> > stable. It looks much nicer than still unreliable $SAFE=4.
>
> To be stable, I might need to enhance Thread. For now is there a way to prevent
> thread calls? To prevent crashes, I might need to pause threads until the
> Sandbox is complete. Then I will give Sandbox.timeout which gives a maximum
> execution time.
I don't want to diss your work, since it is obviously a significant
accomplishment. But aren't these problems symptoms of the fact that the
approach (swapping out global variables) is sort of a hack? Wouldn't
all these problems disappear if you did this the "right" way, by making
these globals into members of a structure that get passed to every
function (eg. make the parser re-entrant)?
I'm sure you considered that for a moment, but dismissed it because it
would be far too intrusive (affecting the entire interpreter, and all
extensions). I can't think of any practical way around it (I thought of
a few impractical ones though: one used the preprocessor, another used
C++ :).
Is a re-entrant interpreter coming anytime soon? Ruby 2.0? That would
make a sandboxing extension the realm of mere mortals, instead of taking
the black magic that why has pulled off. :)
Josh