From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) by sourceware.org (Postfix) with ESMTPS id B76253858D3C for ; Sun, 12 May 2024 21:09:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B76253858D3C Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B76253858D3C Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::130 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1715548150; cv=none; b=RK4KabIUrWITlZfyaX4JrifBKPj7s/zjKvj+N59M0rKAMO+xWfJA4LkLUFREHSu5DG3p0gKP8s7QHaNAlvilZEo+AIipG/vlsDpueARHH9s6i+Puwm+zneY6oBf4vpqLEoYEiMAMQjh2HDJ3xzJMLp6ZAIqOeSzT2yCfApdHIhE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1715548150; c=relaxed/simple; bh=uFjZQle1bSc65/3NhJneLKwhavBAbJZOyrzy1y6IVrY=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=siVPA0F+uVfDXJLow2XSJeD2CD1IJdBVP8H1KtZHBm7gebcg9KjQOjT+7rTR7uj2wdcb6VF8tNW1d/vx4VBWCH/VS0+lA9b1ec2fZa5dwD7CcX3UJUeEaSqKDr4j6g122kDF/oP27i0Udgd+tCwOb7ALDgbPcplluU2isF0mOK4= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-lf1-x130.google.com with SMTP id 2adb3069b0e04-522297f91bcso2631533e87.3 for ; Sun, 12 May 2024 14:09:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715548147; x=1716152947; darn=sourceware.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=UcLsM2u6GZburEelzE8OwBKjXhb+egAGBIdtd0e7OtQ=; b=LL1nTS3IMDAMvFvMNqXzPBJ2Rk1hr2+EEPU+vnmQj/8shSXGLisBeToRs5uO9l/y3+ LH7fKgPKu9fxUE8rLN1v3G72Wl3GU1/iA/VcD4rUoTgwGqSEWtjggSp61wN4NFf0JFxq kgkz4C2tIYwSPyGZzgorh+//f0IF/7ldsWRm0/MspJZAmRERbjUxLDhttJJfu8bYSlI0 OO3RQEEfLK1uJ7mmwGxXyeXAG553WRVH90vXc+fDjWZZIZAFVZgmqAt8MC+DSqlQcqIU bUA0Jfpe8j6xVPIcdJBtwY7IFLe/uNPFmnR/MJwAzjsOVfv0ufP0mPf5o2Ruww2FLEm0 6/3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715548147; x=1716152947; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=UcLsM2u6GZburEelzE8OwBKjXhb+egAGBIdtd0e7OtQ=; b=hlvubkSq7PN+/xH7D3bbEfaxQ4H0GNVAONmVyy5tboIorfFSVypPEwhbN+oDmd5pD4 ERJTT26T7bdeIoaogLxZoT8bbF6fTSO1T6utNuLYprlGKuDaAw0eDMDY25uqnIeABoD3 T0Za+227sDEzyui0VxYbpz7dzUATkNKqIatjIQ8+VparOYXr8bFmMo9I93p4ZXScLPTw dkTCGxMl9D6YFA/2DH+0oc/pRTctvweQEE//iabdMNLL8D5E+NO0PcQ30aaPeAzbNNcq XwGQI6MH7g/ur5jvLykqgzbbW19fyNPUTZafTj4qK69xackeu2NlI156dfjlObi/EsXc 5DYA== X-Forwarded-Encrypted: i=1; AJvYcCW2a3apacNRgu+Si5DFHKnaH2czRoklCYDDf1ZUbv8XWncd/SN2hKMwIftHt7sO9LB5U9J6XCxL+2cVHiUAD630enRT X-Gm-Message-State: AOJu0YyIt63bjl7r/OyWrO2tEQraDvhOD6c1kXy0t8ALiDwMfDLosR1H VqFoNQzFT+4Kv555aDIUTJP6bC0fPWTNmFQLC8zaXtyniOIRsDXLb76ZD/IPN/waKbl+xtHg+GB gPEEJE8gZTRyG2QzDchvI6/5StvEfIw== X-Google-Smtp-Source: AGHT+IEmxwAyrGoSP6h76ALiRJk0pNl1JFKel+p0KOGIMYWubJirMiEuZsULuwZjXoILTm1tENJ7r2jxXn8imSpDyHA= X-Received: by 2002:ac2:5479:0:b0:51f:4144:98fb with SMTP id 2adb3069b0e04-5221027bcd2mr4971533e87.67.1715548146641; Sun, 12 May 2024 14:09:06 -0700 (PDT) MIME-Version: 1.0 References: <9e584c45-8a18-458b-ba2b-0f27450490d7@bothner.com> <7a0d870e-23c0-4e8e-8232-3dc7998e3e73@bothner.com> <4c435a3e-0517-46c5-b541-88f1355dfe4b@bothner.com> In-Reply-To: <4c435a3e-0517-46c5-b541-88f1355dfe4b@bothner.com> From: Panicz Maciej Godek Date: Sun, 12 May 2024 23:08:55 +0200 Message-ID: Subject: Re: Evaluating definitions from another thread To: Per Bothner , kawa Content-Type: multipart/alternative; boundary="000000000000e036fa0618482d82" X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --000000000000e036fa0618482d82 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable sob., 11 maj 2024 o 17:44 Per Bothner napisa=C5=82(a): > If you allow the user to evaluate arbitrary expressions, that should be > done in a separate > context (environment) than GRASP itself. The user context should not > inherit everything from > the GRASP context; only deliberately exported bindings, mostly read-only. > And the user context > should not be able to add or modify arbitrary bindings in the GRASP > context; only bindings > that the GRASP engine deliberately amkes available to the eval context. > I agree that, at some point, this will need to be addressed - in particular, when people start sharing extensions that they write, I'll need to create a model for managing access to particular parts of the system. However, at this moment coming up with a compelling way of creating extensions is much more important. > This is security 101. Of course if you just want to make some someware for > yourself to > learn or play around with, do what you like. But if you want to write > software for others > to use, you need to consider security issues. > > If you want each evaluation to be performed on a separate thread, then you > need to consider > how things are synchronized: How updates in the eval thread cause changes > in the GRASP engine. > It is possible that using parameters will "do the right thing" - but I > wouldn't count on it. > > Today I developed the following subclass of ThreadLocation: https://github.com/panicz/grasp/compare/main...shared-parameters The idea is that the values stored in the thread locations are themselves SharedLocations. According to my test, they behave as expected: (define x (make-shared-parameter 'x 0)) (parameterize ((x 1)) (future (begin (sleep 1) (display "changing x from ") (display (x)) (set! (x) 2) (display " to ") (display (x)) (newline))) (display "inner value of x: ") (display (x)) (newline) (sleep 2) (display "inner value of x after 2 seconds: ") (display (x)) (newline) ) (display "outer value of x: ") (display (x)) (newline) The output produced by running the above program is inner value of x: 1 changing x from 1 to 2 inner value of x after 2 seconds: 2 outer value of x: 0 whereas if - instead of using "shared parameters", I use the regular parameters, I get inner value of x: 1 changing x from 1 to 2 inner value of x after 2 seconds: 1 outer value of x: 0 I didn't quite understand why the constructor of SharedLocation requires a timestamp, and I passed it (java.lang.System:currentTimeMillis). Is that OK? --000000000000e036fa0618482d82--