[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: RE: controlling lua from a c program
- From: RLake@...
- Date: Wed, 9 Jul 2003 09:36:33 -0500
> So basicly the answer is no..
Depends what you want to do... see below.
> If i trusted the script writer, i wouldnt use scripts.
I have a *lot* of sympathy for this point of view. I think Lua could be
quite a good language for sandboxing.
> I think your last idea is the best, just implement the needed features
in
> Lua VM..
That is not necessary if all you want to do is throw an error. The issues
Alex has with counthooks all have to do with yielding from a counthook; if
you just want to throw an error, there should be no problem. Put a
counthook of 1,000,000 or some such, and make the hook function call
lua_error.
You might, on the other, want to decide whether to allow the program to
continue or not at that point (by asking for user input, maybe). In that
case, the hook function has to make the decision; the one thing it cannot
do is suspend the script to resume it later.
So it is all simple enough if you do not require use of yield from hook
functions. Yielding from a hook function is problematic because you cannot
yield through a C callback; you cannot wait for the C callback to finish,
either, because it might not. So use of count hooks to implement
preemptive multitasking *is* problematic; the problem comes from a
weakness in C, not Lua, IMHO, but that's another story.
<rant>
There are non-portable ways to get around the C problem: some Scheme
implementations do it by actually copying part of the C stack in order to
implement yield. It is a curiosity of C that while it tries so hard to be
a "high level assembler", it actually does not provide portable access to
the execution environment thereby forcing portable programs to accept a
very limited control structure. So there is no portable way to implement
coroutines; no portable way to implement foreign function interfaces; etc.
I could go on...
</rant>
Short of brute force solutions like the Scheme one referred to above, the
only way to be able to consistently use yield is to ban callbacks from the
untrusted script; this is a severe limitation: no metamethods, for a
start. (There are a number of other things: table.foreach and string.gsub,
for example, and if I am not mistaken the use of scripted error functions.
Some of these are solvable by providing alternative implementations in
pure Lua.)
I don't know if that was any help or not...
R.
