[plt-scheme] (in)security in a top-level eval

From: Matthew Flatt (mflatt at cs.utah.edu)
Date: Tue Feb 20 16:40:27 EST 2007

At Tue, 20 Feb 2007 13:05:57 -0600, "Robby Findler" wrote:
> > I tried this (in mzscheme3m) on a recent SVN snapshot:
> >
> > (define cust1 (make-custodian))
> > (custodian-limit-memory cust1 1000 cust1)
> > (current-custodian cust1)
> > (let loop ((acc '()))
> >     (loop (cons 'x acc)))
> >
> > I expected this to raise an exception after a few seconds, but it kept
> > running.  What's the proper way to set this up?

The objects allocated in the loop stay live because they're referenced
by the continuation, which in turns stays alive because it's used by
the thread. So all the objects allocated in the loop are charged to the
thread's owning custodian (as opposed to the current custodian), which
is the original custodian.

Try creating a new thread for the loop after changing the custodian:

 (define cust1 (make-custodian))
 (custodian-limit-memory cust1 1000 cust1)
 (current-custodian cust1)
 (sync
  (thread
   (lambda ()
     (let loop ((acc '()))
       (loop (cons 'x acc))))))
 (printf "done\n")

Matthew



Posted on the users mailing list.