Newsgroups: comp.lang.scheme
Path: cantaloupe.srv.cs.cmu.edu!das-news2.harvard.edu!news2.near.net!news.mathworks.com!news.alpha.net!uwm.edu!psuvax1!news.ecn.bgu.edu!siemens!princeton!nimaster.princeton.edu!blume
From: blume@aleph.cs.princeton.edu (Matthias Blume)
Subject: Re: FFI & Scheme (was: scm On Mac)
In-Reply-To: net@cs.tu-berlin.de's message of 19 Oct 1994 17:13:23 GMT
Message-ID: <BLUME.94Oct19151643@aleph.cs.princeton.edu>
Originator: news@nimaster
Sender: news@Princeton.EDU (USENET News System)
Nntp-Posting-Host: aleph.cs.princeton.edu
Organization: Princeton University
References: <jrvincent-1110941643260001@jrvincent.con.wesleyan.edu>
	<37tglb$r0t@news.cs.tu-berlin.de>
	<BLUME.94Oct17094023@aleph.cs.princeton.edu>
	<bakulCxvu4n.BL4@netcom.com> <383k3j$h1o@news.cs.tu-berlin.de>
Date: Wed, 19 Oct 1994 19:16:43 GMT
Lines: 29

In article <383k3j$h1o@news.cs.tu-berlin.de> net@cs.tu-berlin.de (Oliver Laumann) writes:

   In article <bakulCxvu4n.BL4@netcom.com>, Bakul Shah <bakul@netcom.com> wrote:
   > IMHO this is the way to go.  Once there is a `raw' foreign
   > function interface we can pretty up interfaces to specific
   > libraries; make them Scheme friendly.

   When introducing a ``raw'' foreign function interface, it becomes
   possible to write Scheme code that crashes the interpreter.  This is
   a serious problem when using Scheme as an extension language, as it
   enables users to crash the entire application from within extension
   language programs.  An extension language should handle errors
   gracefully.  Imagine it were possible to crash an Emacs editing session
   from within a buggy Emacs-Lisp extension.

Very valid observation!  The solution I envision for this is to first
of all have a module system (!!), which then provides a module
(modules) of primitives (like System.Unsafe... in SML/NJ).  This is
definitely the way VSCM will be going.  (Check out the stuff under
./sepcomp/* in
	ftp://ftp.cs.princeton.edu/pub/blume/vscm/vscmV1r1.tar.gz
which is an unofficial release of VSCM!)

At least this encapsulates access to unsafe primitives in a neat way.
Furthermore it isn't hard to completely prohibit unguarded access to
them from user code.

--
-Matthias
