[plt-scheme] Musing on (rnrs (6)) sandboxing

From: Robby Findler (robby at eecs.northwestern.edu)
Date: Thu Feb 4 12:46:53 EST 2010

Its a tricky problem. I think you probably want to start reading the
research papers that PLT has produced on the topic. Start with Matthew
Flatt's web page. I think there is a paper at ISMM that you want to


On Thu, Feb 4, 2010 at 12:32 AM, Synx <plt at synx.us.to> wrote:
> So R6RS has no accomodations for limits on memory, disk access, nested
> evaluation, or network functionality. For example any evaluator that
> allows the use of recursion in r6rs will thrash the computer it's on to
> a halt the moment some user submits the code '(let loop () (+ 1 (loop)))
> I was trying to think how to sandbox such things. The only thing I could
> come up with is to have every datum produced by the user be wrapped in
> some kind of "memory tracking" object that watches a pretend memory
> limit and throws an error when that limit has been decremented to or
> below zero. Would that mean taking every instance of "1" in the above
> program and putting (watch-memory limiter integer-size 1) in its place?
> Given that the R6RS doesn't specify any sort of memory management or
> memory limiting, how would you implement such a thing, as an extension
> to the R6RS? I know PLT can do it natively, but it's always been
> attractive to me to write something that can run (if not perfectly) on
> more than one implementation.
> _________________________________________________
>  For list-related administrative tasks:
>  http://list.cs.brown.edu/mailman/listinfo/plt-scheme

Posted on the users mailing list.