|
- @c -*-texinfo-*-
- @c This is part of the GNU Guile Reference Manual.
- @c Copyright (C) 1996, 1997, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009,
- @c 2010, 2011, 2012, 2013, 2014, 2020, 2021 Free Software Foundation, Inc.
- @c See the file guile.texi for copying conditions.
- @node Read/Load/Eval/Compile
- @section Reading and Evaluating Scheme Code
- This chapter describes Guile functions that are concerned with reading,
- loading, evaluating, and compiling Scheme code at run time.
- @menu
- * Scheme Syntax:: Standard and extended Scheme syntax.
- * Scheme Read:: Reading Scheme code.
- * Annotated Scheme Read:: Reading Scheme code, for the compiler.
- * Scheme Write:: Writing Scheme values to a port.
- * Fly Evaluation:: Procedures for on the fly evaluation.
- * Compilation:: How to compile Scheme files and procedures.
- * Loading:: Loading Scheme code from file.
- * Load Paths:: Where Guile looks for code.
- * Character Encoding of Source Files:: Loading non-ASCII Scheme code from file.
- * Delayed Evaluation:: Postponing evaluation until it is needed.
- * Local Evaluation:: Evaluation in a local lexical environment.
- * Local Inclusion:: Compile-time inclusion of one file in another.
- * Sandboxed Evaluation:: Evaluation with limited capabilities.
- * REPL Servers:: Serving a REPL over a socket.
- * Cooperative REPL Servers:: REPL server for single-threaded applications.
- @end menu
- @node Scheme Syntax
- @subsection Scheme Syntax: Standard and Guile Extensions
- @menu
- * Expression Syntax::
- * Comments::
- * Block Comments::
- * Case Sensitivity::
- * Keyword Syntax::
- * Reader Extensions::
- @end menu
- @node Expression Syntax
- @subsubsection Expression Syntax
- An expression to be evaluated takes one of the following forms.
- @table @nicode
- @item @var{symbol}
- A symbol is evaluated by dereferencing. A binding of that symbol is
- sought and the value there used. For example,
- @example
- (define x 123)
- x @result{} 123
- @end example
- @item (@var{proc} @var{args}@dots{})
- A parenthesised expression is a function call. @var{proc} and each
- argument are evaluated, then the function (which @var{proc} evaluated
- to) is called with those arguments.
- The order in which @var{proc} and the arguments are evaluated is
- unspecified, so be careful when using expressions with side effects.
- @example
- (max 1 2 3) @result{} 3
- (define (get-some-proc) min)
- ((get-some-proc) 1 2 3) @result{} 1
- @end example
- The same sort of parenthesised form is used for a macro invocation,
- but in that case the arguments are not evaluated. See the
- descriptions of macros for more on this (@pxref{Macros}, and
- @pxref{Syntax Rules}).
- @item @var{constant}
- Number, string, character and boolean constants evaluate ``to
- themselves'', so can appear as literals.
- @example
- 123 @result{} 123
- 99.9 @result{} 99.9
- "hello" @result{} "hello"
- #\z @result{} #\z
- #t @result{} #t
- @end example
- Note that an application must not attempt to modify literal strings,
- since they may be in read-only memory.
- @item (quote @var{data})
- @itemx '@var{data}
- @findex quote
- @findex '
- Quoting is used to obtain a literal symbol (instead of a variable
- reference), a literal list (instead of a function call), or a literal
- vector. @nicode{'} is simply a shorthand for a @code{quote} form.
- For example,
- @example
- 'x @result{} x
- '(1 2 3) @result{} (1 2 3)
- '#(1 (2 3) 4) @result{} #(1 (2 3) 4)
- (quote x) @result{} x
- (quote (1 2 3)) @result{} (1 2 3)
- (quote #(1 (2 3) 4)) @result{} #(1 (2 3) 4)
- @end example
- Note that an application must not attempt to modify literal lists or
- vectors obtained from a @code{quote} form, since they may be in
- read-only memory.
- @item (quasiquote @var{data})
- @itemx `@var{data}
- @findex quasiquote
- @findex `
- Backquote quasi-quotation is like @code{quote}, but selected
- sub-expressions are evaluated. This is a convenient way to construct
- a list or vector structure most of which is constant, but at certain
- points should have expressions substituted.
- The same effect can always be had with suitable @code{list},
- @code{cons} or @code{vector} calls, but quasi-quoting is often easier.
- @table @nicode
- @item (unquote @var{expr})
- @itemx ,@var{expr}
- @findex unquote
- @findex ,
- Within the quasiquote @var{data}, @code{unquote} or @code{,} indicates
- an expression to be evaluated and inserted. The comma syntax @code{,}
- is simply a shorthand for an @code{unquote} form. For example,
- @example
- `(1 2 (* 9 9) 3 4) @result{} (1 2 (* 9 9) 3 4)
- `(1 2 ,(* 9 9) 3 4) @result{} (1 2 81 3 4)
- `(1 (unquote (+ 1 1)) 3) @result{} (1 2 3)
- `#(1 ,(/ 12 2)) @result{} #(1 6)
- @end example
- @item (unquote-splicing @var{expr})
- @itemx ,@@@var{expr}
- @findex unquote-splicing
- @findex ,@@
- Within the quasiquote @var{data}, @code{unquote-splicing} or
- @code{,@@} indicates an expression to be evaluated and the elements of
- the returned list inserted. @var{expr} must evaluate to a list. The
- ``comma-at'' syntax @code{,@@} is simply a shorthand for an
- @code{unquote-splicing} form.
- @example
- (define x '(2 3))
- `(1 ,x 4) @result{} (1 (2 3) 4)
- `(1 ,@@x 4) @result{} (1 2 3 4)
- `(1 (unquote-splicing (map 1+ x))) @result{} (1 3 4)
- `#(9 ,@@x 9) @result{} #(9 2 3 9)
- @end example
- Notice @code{,@@} differs from plain @code{,} in the way one level of
- nesting is stripped. For @code{,@@} the elements of a returned list
- are inserted, whereas with @code{,} it would be the list itself
- inserted.
- @end table
- @c
- @c FIXME: What can we say about the mutability of a quasiquote
- @c result? R5RS doesn't seem to specify anything, though where it
- @c says backquote without commas is the same as plain quote then
- @c presumably the "fixed" portions of a quasiquote expression must be
- @c treated as immutable.
- @c
- @end table
- @node Comments
- @subsubsection Comments
- @c FIXME::martin: Review me!
- Comments in Scheme source files are written by starting them with a
- semicolon character (@code{;}). The comment then reaches up to the end
- of the line. Comments can begin at any column, and the may be inserted
- on the same line as Scheme code.
- @lisp
- ; Comment
- ;; Comment too
- (define x 1) ; Comment after expression
- (let ((y 1))
- ;; Display something.
- (display y)
- ;;; Comment at left margin.
- (display (+ y 1)))
- @end lisp
- It is common to use a single semicolon for comments following
- expressions on a line, to use two semicolons for comments which are
- indented like code, and three semicolons for comments which start at
- column 0, even if they are inside an indented code block. This
- convention is used when indenting code in Emacs' Scheme mode.
- @node Block Comments
- @subsubsection Block Comments
- @cindex multiline comments
- @cindex block comments
- @cindex #!
- @cindex !#
- @c FIXME::martin: Review me!
- In addition to the standard line comments defined by R5RS, Guile has
- another comment type for multiline comments, called @dfn{block
- comments}. This type of comment begins with the character sequence
- @code{#!} and ends with the characters @code{!#}.
- These comments are compatible with the block
- comments in the Scheme Shell @file{scsh} (@pxref{The Scheme shell
- (scsh)}). The characters @code{#!} were chosen because they are the
- magic characters used in shell scripts for indicating that the name of
- the program for executing the script follows on the same line.
- Thus a Guile script often starts like this.
- @lisp
- #! /usr/local/bin/guile -s
- !#
- @end lisp
- More details on Guile scripting can be found in the scripting section
- (@pxref{Guile Scripting}).
- @cindex R6RS block comments
- @cindex SRFI-30 block comments
- Similarly, Guile (starting from version 2.0) supports nested block
- comments as specified by R6RS and
- @url{http://srfi.schemers.org/srfi-30/srfi-30.html, SRFI-30}:
- @lisp
- (+ 1 #| this is a #| nested |# block comment |# 2)
- @result{} 3
- @end lisp
- For backward compatibility, this syntax can be overridden with
- @code{read-hash-extend} (@pxref{Reader Extensions,
- @code{read-hash-extend}}).
- There is one special case where the contents of a comment can actually
- affect the interpretation of code. When a character encoding
- declaration, such as @code{coding: utf-8} appears in one of the first
- few lines of a source file, it indicates to Guile's default reader
- that this source code file is not ASCII. For details see @ref{Character
- Encoding of Source Files}.
- @node Case Sensitivity
- @subsubsection Case Sensitivity
- @cindex fold-case
- @cindex no-fold-case
- @c FIXME::martin: Review me!
- Scheme as defined in R5RS is not case sensitive when reading symbols.
- Guile, on the contrary is case sensitive by default, so the identifiers
- @lisp
- guile-whuzzy
- Guile-Whuzzy
- @end lisp
- are the same in R5RS Scheme, but are different in Guile.
- It is possible to turn off case sensitivity in Guile by setting the
- reader option @code{case-insensitive}. For more information on reader
- options, @xref{Scheme Read}.
- @lisp
- (read-enable 'case-insensitive)
- @end lisp
- It is also possible to disable (or enable) case sensitivity within a
- single file by placing the reader directives @code{#!fold-case} (or
- @code{#!no-fold-case}) within the file itself.
- @node Keyword Syntax
- @subsubsection Keyword Syntax
- @node Reader Extensions
- @subsubsection Reader Extensions
- @deffn {Scheme Procedure} read-hash-extend chr proc
- @deffnx {C Function} scm_read_hash_extend (chr, proc)
- Install the procedure @var{proc} for reading expressions
- starting with the character sequence @code{#} and @var{chr}.
- @var{proc} will be called with two arguments: the character
- @var{chr} and the port to read further data from. The object
- returned will be the return value of @code{read}.
- Passing @code{#f} for @var{proc} will remove a previous setting.
- @end deffn
- @node Scheme Read
- @subsection Reading Scheme Code
- @rnindex read
- @deffn {Scheme Procedure} read [port]
- @deffnx {C Function} scm_read (port)
- Read an s-expression from the input port @var{port}, or from
- the current input port if @var{port} is not specified.
- Any whitespace before the next token is discarded.
- @end deffn
- The behaviour of Guile's Scheme reader can be modified by manipulating
- its read options.
- @cindex options - read
- @cindex read options
- @deffn {Scheme Procedure} read-options [setting]
- Display the current settings of the global read options. If
- @var{setting} is omitted, only a short form of the current read options
- is printed. Otherwise if @var{setting} is the symbol @code{help}, a
- complete options description is displayed.
- @end deffn
- The set of available options, and their default values, may be had by
- invoking @code{read-options} at the prompt.
- @smalllisp
- scheme@@(guile-user)> (read-options)
- (square-brackets keywords #f positions)
- scheme@@(guile-user)> (read-options 'help)
- positions yes Record positions of source code expressions.
- case-insensitive no Convert symbols to lower case.
- keywords #f Style of keyword recognition: #f, 'prefix or 'postfix.
- r6rs-hex-escapes no Use R6RS variable-length character and string hex escapes.
- square-brackets yes Treat `[' and `]' as parentheses, for R6RS compatibility.
- hungry-eol-escapes no In strings, consume leading whitespace after an
- escaped end-of-line.
- curly-infix no Support SRFI-105 curly infix expressions.
- r7rs-symbols no Support R7RS |...| symbol notation.
- @end smalllisp
- Note that Guile also includes a preliminary mechanism for setting read
- options on a per-port basis. For instance, the @code{case-insensitive}
- read option is set (or unset) on the port when the reader encounters the
- @code{#!fold-case} or @code{#!no-fold-case} reader directives.
- Similarly, the @code{#!curly-infix} reader directive sets the
- @code{curly-infix} read option on the port, and
- @code{#!curly-infix-and-bracket-lists} sets @code{curly-infix} and
- unsets @code{square-brackets} on the port (@pxref{SRFI-105}). There is
- currently no other way to access or set the per-port read options.
- The boolean options may be toggled with @code{read-enable} and
- @code{read-disable}. The non-boolean @code{keywords} option must be set
- using @code{read-set!}.
- @deffn {Scheme Procedure} read-enable option-name
- @deffnx {Scheme Procedure} read-disable option-name
- @deffnx {Scheme Syntax} read-set! option-name value
- Modify the read options. @code{read-enable} should be used with boolean
- options and switches them on, @code{read-disable} switches them off.
- @code{read-set!} can be used to set an option to a specific value. Due
- to historical oddities, it is a macro that expects an unquoted option
- name.
- @end deffn
- For example, to make @code{read} fold all symbols to their lower case
- (perhaps for compatibility with older Scheme code), you can enter:
- @lisp
- (read-enable 'case-insensitive)
- @end lisp
- For more information on the effect of the @code{r6rs-hex-escapes} and
- @code{hungry-eol-escapes} options, see (@pxref{String Syntax}).
- For more information on the @code{r7rs-symbols} option, see
- (@pxref{Symbol Read Syntax}).
- @node Annotated Scheme Read
- @subsection Reading Scheme Code, For the Compiler
- When something goes wrong with a Scheme program, the user will want to
- know how to fix it. This starts with identifying where the error
- occured: we want to associate a source location with each component part
- of source code, and propagate that source location information through
- to the compiler or interpreter.
- For that, Guile provides @code{read-syntax}.
- @deffn {Scheme Procedure} read-syntax [port]
- Read an s-expression from the input port @var{port}, or from the current
- input port if @var{port} is not specified.
- If, after skipping white space and comments, no more bytes are available
- from @var{port}, return the end-of-file object. @xref{Binary I/O}.
- Otherwise, return an annotated datum. An annotated datum is a syntax
- object which associates a source location with a datum. For example:
- @example
- (call-with-input-string " foo" read-syntax)
- ; @result{} #<syntax:unknown file:1:2 foo>
- (call-with-input-string "(foo)" read-syntax)
- ; @result{}
- ; #<syntax:unknown file:1:0
- ; (#<syntax unknown file:1:1 foo>)>
- @end example
- As the second example shows, all fields of pairs and vectors are also
- annotated, recursively.
- @end deffn
- Most users are familiar with syntax objects in the context of macros,
- which use syntax objects to associate scope information with
- identifiers. @xref{Macros}. Here we use syntax objects to associate
- source location information with any datum, but without attaching scope
- information. The Scheme compiler (@code{compile}) and the interpreter
- (@code{eval}) can accept syntax objects directly as input, allowing them
- to associate source information with resulting code.
- @xref{Compilation}, and @xref{Fly Evaluation}.
- Note that there is a legacy interface for getting source locations into
- the Scheme compiler or interpreter, which is to use a side table that
- associates ``source properties'' with each subdatum returned by
- @code{read}, instead of wrapping the datums directly as in
- @code{read-syntax}. This has the disadvantage of not being able to
- annotate all kinds of datums. @xref{Source Properties}, for more
- information.
- @node Scheme Write
- @subsection Writing Scheme Values
- Any scheme value may be written to a port. Not all values may be read
- back in (@pxref{Scheme Read}), however.
- @rnindex write
- @rnindex print
- @deffn {Scheme Procedure} write obj [port]
- Send a representation of @var{obj} to @var{port} or to the current
- output port if not given.
- The output is designed to be machine readable, and can be read back
- with @code{read} (@pxref{Scheme Read}). Strings are printed in
- double quotes, with escapes if necessary, and characters are printed in
- @samp{#\} notation.
- @end deffn
- @rnindex display
- @deffn {Scheme Procedure} display obj [port]
- Send a representation of @var{obj} to @var{port} or to the current
- output port if not given.
- The output is designed for human readability, it differs from
- @code{write} in that strings are printed without double quotes and
- escapes, and characters are printed as per @code{write-char}, not in
- @samp{#\} form.
- @end deffn
- As was the case with the Scheme reader, there are a few options that
- affect the behavior of the Scheme printer.
- @cindex options - print
- @cindex print options
- @deffn {Scheme Procedure} print-options [setting]
- Display the current settings of the read options. If @var{setting} is
- omitted, only a short form of the current read options is
- printed. Otherwise if @var{setting} is the symbol @code{help}, a
- complete options description is displayed.
- @end deffn
- The set of available options, and their default values, may be had by
- invoking @code{print-options} at the prompt.
- @smalllisp
- scheme@@(guile-user)> (print-options)
- (quote-keywordish-symbols reader highlight-suffix "@}" highlight-prefix "@{")
- scheme@@(guile-user)> (print-options 'help)
- highlight-prefix @{ The string to print before highlighted values.
- highlight-suffix @} The string to print after highlighted values.
- quote-keywordish-symbols reader How to print symbols that have a colon
- as their first or last character. The
- value '#f' does not quote the colons;
- '#t' quotes them; 'reader' quotes them
- when the reader option 'keywords' is
- not '#f'.
- escape-newlines yes Render newlines as \n when printing
- using `write'.
- r7rs-symbols no Escape symbols using R7RS |...| symbol
- notation.
- @end smalllisp
- These options may be modified with the print-set! syntax.
- @deffn {Scheme Syntax} print-set! option-name value
- Modify the print options. Due to historical oddities, @code{print-set!}
- is a macro that expects an unquoted option name.
- @end deffn
- @node Fly Evaluation
- @subsection Procedures for On the Fly Evaluation
- Scheme has the lovely property that its expressions may be represented
- as data. The @code{eval} procedure takes a Scheme datum and evaluates
- it as code.
- @rnindex eval
- @c ARGFIXME environment/environment specifier
- @deffn {Scheme Procedure} eval exp module_or_state
- @deffnx {C Function} scm_eval (exp, module_or_state)
- Evaluate @var{exp}, a list representing a Scheme expression,
- in the top-level environment specified by @var{module_or_state}.
- While @var{exp} is evaluated (using @code{primitive-eval}),
- @var{module_or_state} is made the current module. The current module
- is reset to its previous value when @code{eval} returns.
- XXX - dynamic states.
- Example: (eval '(+ 1 2) (interaction-environment))
- @end deffn
- @rnindex interaction-environment
- @deffn {Scheme Procedure} interaction-environment
- @deffnx {C Function} scm_interaction_environment ()
- Return a specifier for the environment that contains
- implementation--defined bindings, typically a superset of those
- listed in the report. The intent is that this procedure will
- return the environment in which the implementation would
- evaluate expressions dynamically typed by the user.
- @end deffn
- @xref{Environments}, for other environments.
- One does not always receive code as Scheme data, of course, and this is
- especially the case for Guile's other language implementations
- (@pxref{Other Languages}). For the case in which all you have is a
- string, we have @code{eval-string}. There is a legacy version of this
- procedure in the default environment, but you really want the one from
- @code{(ice-9 eval-string)}, so load it up:
- @example
- (use-modules (ice-9 eval-string))
- @end example
- @deffn {Scheme Procedure} eval-string string [#:module=#f] [#:file=#f] @
- [#:line=#f] [#:column=#f] @
- [#:lang=(current-language)] @
- [#:compile?=#f]
- Parse @var{string} according to the current language, normally Scheme.
- Evaluate or compile the expressions it contains, in order, returning the
- last expression.
- If the @var{module} keyword argument is set, save a module excursion
- (@pxref{Module System Reflection}) and set the current module to
- @var{module} before evaluation.
- The @var{file}, @var{line}, and @var{column} keyword arguments can be
- used to indicate that the source string begins at a particular source
- location.
- Finally, @var{lang} is a language, defaulting to the current language,
- and the expression is compiled if @var{compile?} is true or there is no
- evaluator for the given language.
- @end deffn
- @deffn {C Function} scm_eval_string (string)
- @deffnx {C Function} scm_eval_string_in_module (string, module)
- These C bindings call @code{eval-string} from @code{(ice-9
- eval-string)}, evaluating within @var{module} or the current module.
- @end deffn
- @deftypefn {C Function} SCM scm_c_eval_string (const char *string)
- @code{scm_eval_string}, but taking a C string in locale encoding instead
- of an @code{SCM}.
- @end deftypefn
- @deffn {Scheme Procedure} apply proc arg @dots{} arglst
- @deffnx {C Function} scm_apply_0 (proc, arglst)
- @deffnx {C Function} scm_apply_1 (proc, arg1, arglst)
- @deffnx {C Function} scm_apply_2 (proc, arg1, arg2, arglst)
- @deffnx {C Function} scm_apply_3 (proc, arg1, arg2, arg3, arglst)
- @deffnx {C Function} scm_apply (proc, arg, rest)
- @rnindex apply
- Call @var{proc} with arguments @var{arg} @dots{} and the
- elements of the @var{arglst} list.
- @code{scm_apply} takes parameters corresponding to a Scheme level
- @code{(lambda (proc arg1 . rest) ...)}. So @var{arg1} and all but the
- last element of the @var{rest} list make up @var{arg} @dots{}, and the
- last element of @var{rest} is the @var{arglst} list. Or if @var{rest}
- is the empty list @code{SCM_EOL} then there's no @var{arg} @dots{}, and
- (@var{arg1}) is the @var{arglst}.
- @var{arglst} is not modified, but the @var{rest} list passed to
- @code{scm_apply} is modified.
- @end deffn
- @deffn {C Function} scm_call_0 (proc)
- @deffnx {C Function} scm_call_1 (proc, arg1)
- @deffnx {C Function} scm_call_2 (proc, arg1, arg2)
- @deffnx {C Function} scm_call_3 (proc, arg1, arg2, arg3)
- @deffnx {C Function} scm_call_4 (proc, arg1, arg2, arg3, arg4)
- @deffnx {C Function} scm_call_5 (proc, arg1, arg2, arg3, arg4, arg5)
- @deffnx {C Function} scm_call_6 (proc, arg1, arg2, arg3, arg4, arg5, arg6)
- @deffnx {C Function} scm_call_7 (proc, arg1, arg2, arg3, arg4, arg5, arg6, arg7)
- @deffnx {C Function} scm_call_8 (proc, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8)
- @deffnx {C Function} scm_call_9 (proc, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9)
- Call @var{proc} with the given arguments.
- @end deffn
- @deffn {C Function} scm_call (proc, ...)
- Call @var{proc} with any number of arguments. The argument list must be
- terminated by @code{SCM_UNDEFINED}. For example:
- @example
- scm_call (scm_c_public_ref ("guile", "+"),
- scm_from_int (1),
- scm_from_int (2),
- SCM_UNDEFINED);
- @end example
- @end deffn
- @deffn {C Function} scm_call_n (proc, argv, nargs)
- Call @var{proc} with the array of arguments @var{argv}, as a
- @code{SCM*}. The length of the arguments should be passed in
- @var{nargs}, as a @code{size_t}.
- @end deffn
- @deffn {Scheme Procedure} primitive-eval exp
- @deffnx {C Function} scm_primitive_eval (exp)
- Evaluate @var{exp} in the top-level environment specified by
- the current module.
- @end deffn
- @node Compilation
- @subsection Compiling Scheme Code
- The @code{eval} procedure directly interprets the S-expression
- representation of Scheme. An alternate strategy for evaluation is to
- determine ahead of time what computations will be necessary to
- evaluate the expression, and then use that recipe to produce the
- desired results. This is known as @dfn{compilation}.
- While it is possible to compile simple Scheme expressions such as
- @code{(+ 2 2)} or even @code{"Hello world!"}, compilation is most
- interesting in the context of procedures. Compiling a lambda expression
- produces a compiled procedure, which is just like a normal procedure
- except typically much faster, because it can bypass the generic
- interpreter.
- Functions from system modules in a Guile installation are normally
- compiled already, so they load and run quickly.
- @cindex automatic compilation
- Note that well-written Scheme programs will not typically call the
- procedures in this section, for the same reason that it is often bad
- taste to use @code{eval}. By default, Guile automatically compiles any
- files it encounters that have not been compiled yet (@pxref{Invoking
- Guile, @code{--auto-compile}}). The compiler can also be invoked
- explicitly from the shell as @code{guild compile foo.scm}.
- (Why are calls to @code{eval} and @code{compile} usually in bad taste?
- Because they are limited, in that they can only really make sense for
- top-level expressions. Also, most needs for ``compile-time''
- computation are fulfilled by macros and closures. Of course one good
- counterexample is the REPL itself, or any code that reads expressions
- from a port.)
- Automatic compilation generally works transparently, without any need
- for user intervention. However Guile does not yet do proper dependency
- tracking, so that if file @file{@var{a}.scm} uses macros from
- @file{@var{b}.scm}, and @var{@var{b}.scm} changes, @code{@var{a}.scm}
- would not be automatically recompiled. To forcibly invalidate the
- auto-compilation cache, pass the @code{--fresh-auto-compile} option to
- Guile, or set the @code{GUILE_AUTO_COMPILE} environment variable to
- @code{fresh} (instead of to @code{0} or @code{1}).
- For more information on the compiler itself, see @ref{Compiling to the
- Virtual Machine}. For information on the virtual machine, see @ref{A
- Virtual Machine for Guile}.
- The command-line interface to Guile's compiler is the @command{guild
- compile} command:
- @deffn {Command} {guild compile} [@option{option}...] @var{file}...
- Compile @var{file}, a source file, and store bytecode in the compilation cache
- or in the file specified by the @option{-o} option. The following options are
- available:
- @table @option
- @item -L @var{dir}
- @itemx --load-path=@var{dir}
- Add @var{dir} to the front of the module load path.
- @item -o @var{ofile}
- @itemx --output=@var{ofile}
- Write output bytecode to @var{ofile}. By convention, bytecode file
- names end in @code{.go}. When @option{-o} is omitted, the output file
- name is as for @code{compile-file} (see below).
- @item -x @var{extension}
- Recognize @var{extension} as a valid source file name extension.
- For example, to compile R6RS code, you might want to pass @command{-x
- .sls} so that files ending in @file{.sls} can be found.
- @item -W @var{warning}
- @itemx --warn=@var{warning}
- @cindex warnings, compiler
- Enable specific warning passes; use @code{-Whelp} for a list of
- available options. The default is @code{-W1}, which enables a number of
- common warnings. Pass @code{-W0} to disable all warnings.
- @item -O @var{opt}
- @itemx --optimize=@var{opt}
- @cindex optimizations, compiler
- Enable or disable specific compiler optimizations; use @code{-Ohelp} for
- a list of available options. The default is @code{-O2}, which enables
- most optimizations. @code{-O0} is recommended if compilation speed is
- more important than the speed of the compiled code. Pass
- @code{-Ono-@var{opt}} to disable a specific compiler pass. Any number
- of @code{-O} options can be passed to the compiler, with later ones
- taking precedence.
- @item --r6rs
- @itemx --r7rs
- Compile in an environment whose default bindings, reader options, and
- load paths are adapted for specific Scheme standards. @xref{R6RS
- Support}, and @xref{R7RS Support}.
- @item -f @var{lang}
- @itemx --from=@var{lang}
- Use @var{lang} as the source language of @var{file}. If this option is omitted,
- @code{scheme} is assumed.
- @item -t @var{lang}
- @itemx --to=@var{lang}
- Use @var{lang} as the target language of @var{file}. If this option is omitted,
- @code{rtl} is assumed.
- @item -T @var{target}
- @itemx --target=@var{target}
- Produce code for @var{target} instead of @var{%host-type} (@pxref{Build
- Config, %host-type}). Target must be a valid GNU triplet, such as
- @code{armv5tel-unknown-linux-gnueabi} (@pxref{Specifying Target
- Triplets,,, autoconf, GNU Autoconf Manual}).
- @end table
- Each @var{file} is assumed to be UTF-8-encoded, unless it contains a
- coding declaration as recognized by @code{file-encoding}
- (@pxref{Character Encoding of Source Files}).
- @end deffn
- The compiler can also be invoked directly by Scheme code. These
- interfaces are in their own module:
- @example
- (use-modules (system base compile))
- @end example
- @deffn {Scheme Procedure} compile exp [#:env=#f] @
- [#:from=(current-language)] @
- [#:to=value] [#:opts='()] @
- [#:optimization-level=(default-optimization-level)] @
- [#:warning-level=(default-warning-level)]
- Compile the expression @var{exp} in the environment @var{env}. If
- @var{exp} is a procedure, the result will be a compiled procedure;
- otherwise @code{compile} is mostly equivalent to @code{eval}.
- For a discussion of languages and compiler options, @xref{Compiling to
- the Virtual Machine}.
- @end deffn
- @deffn {Scheme Procedure} compile-file file [#:output-file=#f] @
- [#:from=(current-language)] [#:to='rtl] @
- [#:env=(default-environment from)] @
- [#:opts='()] @
- [#:optimization-level=(default-optimization-level)] @
- [#:warning-level=(default-warning-level)] @
- [#:canonicalization='relative]
- Compile the file named @var{file}.
- Output will be written to a @var{output-file}. If you do not supply an
- output file name, output is written to a file in the cache directory, as
- computed by @code{(compiled-file-name @var{file})}.
- @var{from} and @var{to} specify the source and target languages.
- @xref{Compiling to the Virtual Machine}, for more information on these
- options, and on @var{env} and @var{opts}.
- As with @command{guild compile}, @var{file} is assumed to be
- UTF-8-encoded unless it contains a coding declaration.
- @end deffn
- @deffn {Scheme Parameter} default-optimization-level
- The default optimization level, as an integer from 0 to 9. The default
- is 2.
- @end deffn
- @deffn {Scheme Parameter} default-warning-level
- The default warning level, as an integer from 0 to 9. The default is 1.
- @end deffn
- @xref{Parameters}, for more on how to set parameters.
- @deffn {Scheme Procedure} compiled-file-name file
- Compute a cached location for a compiled version of a Scheme file named
- @var{file}.
- This file will usually be below the @file{$HOME/.cache/guile/ccache}
- directory, depending on the value of the @env{XDG_CACHE_HOME}
- environment variable. The intention is that @code{compiled-file-name}
- provides a fallback location for caching auto-compiled files. If you
- want to place a compile file in the @code{%load-compiled-path}, you
- should pass the @var{output-file} option to @code{compile-file},
- explicitly.
- @end deffn
- @defvr {Scheme Variable} %auto-compilation-options
- This variable contains the options passed to the @code{compile-file}
- procedure when auto-compiling source files. By default, it enables
- useful compilation warnings. It can be customized from @file{~/.guile}.
- @end defvr
- @node Loading
- @subsection Loading Scheme Code from File
- @rnindex load
- @deffn {Scheme Procedure} load filename [reader]
- Load @var{filename} and evaluate its contents in the top-level
- environment.
- @var{reader} if provided should be either @code{#f}, or a procedure with
- the signature @code{(lambda (port) @dots{})} which reads the next
- expression from @var{port}. If @var{reader} is @code{#f} or absent,
- Guile's built-in @code{read} procedure is used (@pxref{Scheme Read}).
- The @var{reader} argument takes effect by setting the value of the
- @code{current-reader} fluid (see below) before loading the file, and
- restoring its previous value when loading is complete. The Scheme code
- inside @var{filename} can itself change the current reader procedure on
- the fly by setting @code{current-reader} fluid.
- If the variable @code{%load-hook} is defined, it should be bound to a
- procedure that will be called before any code is loaded. See
- documentation for @code{%load-hook} later in this section.
- @end deffn
- @deffn {Scheme Procedure} load-compiled filename
- Load the compiled file named @var{filename}.
- Compiling a source file (@pxref{Read/Load/Eval/Compile}) and then
- calling @code{load-compiled} on the resulting file is equivalent to
- calling @code{load} on the source file.
- @end deffn
- @deffn {Scheme Procedure} primitive-load filename
- @deffnx {C Function} scm_primitive_load (filename)
- Load the file named @var{filename} and evaluate its contents in the
- top-level environment. @var{filename} must either be a full pathname or
- be a pathname relative to the current directory. If the variable
- @code{%load-hook} is defined, it should be bound to a procedure that
- will be called before any code is loaded. See the documentation for
- @code{%load-hook} later in this section.
- @end deffn
- @deftypefn {C Function} SCM scm_c_primitive_load (const char *filename)
- @code{scm_primitive_load}, but taking a C string instead of an
- @code{SCM}.
- @end deftypefn
- @defvar current-reader
- @code{current-reader} holds the read procedure that is currently being
- used by the above loading procedures to read expressions (from the file
- that they are loading). @code{current-reader} is a fluid, so it has an
- independent value in each dynamic root and should be read and set using
- @code{fluid-ref} and @code{fluid-set!} (@pxref{Fluids and Dynamic
- States}).
- Changing @code{current-reader} is typically useful to introduce local
- syntactic changes, such that code following the @code{fluid-set!} call
- is read using the newly installed reader. The @code{current-reader}
- change should take place at evaluation time when the code is evaluated,
- or at compilation time when the code is compiled:
- @findex eval-when
- @example
- (eval-when (compile eval)
- (fluid-set! current-reader my-own-reader))
- @end example
- The @code{eval-when} form above ensures that the @code{current-reader}
- change occurs at the right time.
- @end defvar
- @defvar %load-hook
- A procedure to be called @code{(%load-hook @var{filename})} whenever a
- file is loaded, or @code{#f} for no such call. @code{%load-hook} is
- used by all of the loading functions (@code{load} and
- @code{primitive-load}, and @code{load-from-path} and
- @code{primitive-load-path} documented in the next section).
- For example an application can set this to show what's loaded,
- @example
- (set! %load-hook (lambda (filename)
- (format #t "Loading ~a ...\n" filename)))
- (load-from-path "foo.scm")
- @print{} Loading /usr/local/share/guile/site/foo.scm ...
- @end example
- @end defvar
- @deffn {Scheme Procedure} current-load-port
- @deffnx {C Function} scm_current_load_port ()
- Return the current-load-port.
- The load port is used internally by @code{primitive-load}.
- @end deffn
- @node Load Paths
- @subsection Load Paths
- The procedure in the previous section look for Scheme code in the file
- system at specific location. Guile also has some procedures to search
- the load path for code.
- @defvar %load-path
- List of directories which should be searched for Scheme modules and
- libraries. When Guile starts up, @code{%load-path} is initialized to
- the default load path @code{(list (%library-dir) (%site-dir)
- (%global-site-dir) (%package-data-dir))}. The @env{GUILE_LOAD_PATH}
- environment variable can be used to prepend or append additional
- directories (@pxref{Environment Variables}).
- @xref{Build Config}, for more on @code{%site-dir} and related
- procedures.
- @end defvar
- @deffn {Scheme Procedure} load-from-path filename
- Similar to @code{load}, but searches for @var{filename} in the load
- paths. Preferentially loads a compiled version of the file, if it is
- available and up-to-date.
- @end deffn
- A user can extend the load path by calling @code{add-to-load-path}.
- @deffn {Scheme Syntax} add-to-load-path dir
- Add @var{dir} to the load path.
- @end deffn
- For example, a script might include this form to add the directory that
- it is in to the load path:
- @example
- (add-to-load-path (dirname (current-filename)))
- @end example
- It's better to use @code{add-to-load-path} than to modify
- @code{%load-path} directly, because @code{add-to-load-path} takes care
- of modifying the path both at compile-time and at run-time.
- @deffn {Scheme Procedure} primitive-load-path filename [exception-on-not-found]
- @deffnx {C Function} scm_primitive_load_path (filename)
- Search @code{%load-path} for the file named @var{filename} and
- load it into the top-level environment. If @var{filename} is a
- relative pathname and is not found in the list of search paths,
- an error is signalled. Preferentially loads a compiled version of the
- file, if it is available and up-to-date.
- If @var{filename} is a relative pathname and is not found in the list of
- search paths, one of three things may happen, depending on the optional
- second argument, @var{exception-on-not-found}. If it is @code{#f},
- @code{#f} will be returned. If it is a procedure, it will be called
- with no arguments. (This allows a distinction to be made between
- exceptions raised by loading a file, and exceptions related to the
- loader itself.) Otherwise an error is signalled.
- For compatibility with Guile 1.8 and earlier, the C function takes only
- one argument, which can be either a string (the file name) or an
- argument list.
- @end deffn
- @deffn {Scheme Procedure} %search-load-path filename
- @deffnx {C Function} scm_sys_search_load_path (filename)
- Search @code{%load-path} for the file named @var{filename}, which must
- be readable by the current user. If @var{filename} is found in the list
- of paths to search or is an absolute pathname, return its full pathname.
- Otherwise, return @code{#f}. Filenames may have any of the optional
- extensions in the @code{%load-extensions} list; @code{%search-load-path}
- will try each extension automatically.
- @end deffn
- @defvar %load-extensions
- A list of default file extensions for files containing Scheme code.
- @code{%search-load-path} tries each of these extensions when looking for
- a file to load. By default, @code{%load-extensions} is bound to the
- list @code{("" ".scm")}.
- @end defvar
- As mentioned above, when Guile searches the @code{%load-path} for a
- source file, it will also search the @code{%load-compiled-path} for a
- corresponding compiled file. If the compiled file is as new or newer
- than the source file, it will be loaded instead of the source file,
- using @code{load-compiled}.
- @defvar %load-compiled-path
- Like @code{%load-path}, but for compiled files. By default, this path
- has two entries: one for compiled files from Guile itself, and one for
- site packages. The @env{GUILE_LOAD_COMPILED_PATH} environment variable
- can be used to prepend or append additional directories
- (@pxref{Environment Variables}).
- @end defvar
- When @code{primitive-load-path} searches the @code{%load-compiled-path}
- for a corresponding compiled file for a relative path it does so by
- appending @code{.go} to the relative path. For example, searching for
- @code{ice-9/popen} could find
- @code{/usr/lib/guile/3.0/ccache/ice-9/popen.go}, and use it instead of
- @code{/usr/share/guile/3.0/ice-9/popen.scm}.
- If @code{primitive-load-path} does not find a corresponding @code{.go}
- file in the @code{%load-compiled-path}, or the @code{.go} file is out of
- date, it will search for a corresponding auto-compiled file in the
- fallback path, possibly creating one if one does not exist.
- @xref{Installing Site Packages}, for more on how to correctly install
- site packages. @xref{Modules and the File System}, for more on the
- relationship between load paths and modules. @xref{Compilation}, for
- more on the fallback path and auto-compilation.
- Finally, there are a couple of helper procedures for general path
- manipulation.
- @deffn {Scheme Procedure} parse-path path [tail]
- @deffnx {C Function} scm_parse_path (path, tail)
- Parse @var{path}, which is expected to be a colon-separated string, into
- a list and return the resulting list with @var{tail} appended. If
- @var{path} is @code{#f}, @var{tail} is returned.
- @end deffn
- @deffn {Scheme Procedure} parse-path-with-ellipsis path base
- @deffnx {C Function} scm_parse_path_with_ellipsis (path, base)
- Parse @var{path}, which is expected to be a colon-separated string, into
- a list and return the resulting list with @var{base} (a list) spliced in
- place of the @code{...} path component, if present, or else @var{base}
- is added to the end. If @var{path} is @code{#f}, @var{base} is
- returned.
- @end deffn
- @deffn {Scheme Procedure} search-path path filename [extensions [require-exts?]]
- @deffnx {C Function} scm_search_path (path, filename, rest)
- Search @var{path} for a directory containing a file named
- @var{filename}. The file must be readable, and not a directory. If we
- find one, return its full filename; otherwise, return @code{#f}. If
- @var{filename} is absolute, return it unchanged. If given,
- @var{extensions} is a list of strings; for each directory in @var{path},
- we search for @var{filename} concatenated with each @var{extension}. If
- @var{require-exts?} is true, require that the returned file name have
- one of the given extensions; if @var{require-exts?} is not given, it
- defaults to @code{#f}.
- For compatibility with Guile 1.8 and earlier, the C function takes only
- three arguments.
- @end deffn
- @node Character Encoding of Source Files
- @subsection Character Encoding of Source Files
- @cindex source file encoding
- @cindex primitive-load
- @cindex load
- Scheme source code files are usually encoded in ASCII or UTF-8, but the
- built-in reader can interpret other character encodings as well. When
- Guile loads Scheme source code, it uses the @code{file-encoding}
- procedure (described below) to try to guess the encoding of the file.
- In the absence of any hints, UTF-8 is assumed. One way to provide a
- hint about the encoding of a source file is to place a coding
- declaration in the top 500 characters of the file.
- A coding declaration has the form @code{coding: XXXXXX}, where
- @code{XXXXXX} is the name of a character encoding in which the source
- code file has been encoded. The coding declaration must appear in a
- scheme comment. It can either be a semicolon-initiated comment, or the
- first block @code{#!} comment in the file.
- The name of the character encoding in the coding declaration is
- typically lower case and containing only letters, numbers, and hyphens,
- as recognized by @code{set-port-encoding!} (@pxref{Ports,
- @code{set-port-encoding!}}). Common examples of character encoding
- names are @code{utf-8} and @code{iso-8859-1},
- @url{http://www.iana.org/assignments/character-sets, as defined by
- IANA}. Thus, the coding declaration is mostly compatible with Emacs.
- However, there are some differences in encoding names recognized by
- Emacs and encoding names defined by IANA, the latter being essentially a
- subset of the former. For instance, @code{latin-1} is a valid encoding
- name for Emacs, but it's not according to the IANA standard, which Guile
- follows; instead, you should use @code{iso-8859-1}, which is both
- understood by Emacs and dubbed by IANA (IANA writes it uppercase but
- Emacs wants it lowercase and Guile is case insensitive.)
- For source code, only a subset of all possible character encodings can
- be interpreted by the built-in source code reader. Only those
- character encodings in which ASCII text appears unmodified can be
- used. This includes @code{UTF-8} and @code{ISO-8859-1} through
- @code{ISO-8859-15}. The multi-byte character encodings @code{UTF-16}
- and @code{UTF-32} may not be used because they are not compatible with
- ASCII.
- @cindex read
- @cindex encoding
- @cindex port encoding
- @findex set-port-encoding!
- There might be a scenario in which one would want to read non-ASCII
- code from a port, such as with the function @code{read}, instead of
- with @code{load}. If the port's character encoding is the same as the
- encoding of the code to be read by the port, not other special
- handling is necessary. The port will automatically do the character
- encoding conversion. The functions @code{setlocale} or by
- @code{set-port-encoding!} are used to set port encodings
- (@pxref{Ports}).
- If a port is used to read code of unknown character encoding, it can
- accomplish this in three steps. First, the character encoding of the
- port should be set to ISO-8859-1 using @code{set-port-encoding!}.
- Then, the procedure @code{file-encoding}, described below, is used to
- scan for a coding declaration when reading from the port. As a side
- effect, it rewinds the port after its scan is complete. After that,
- the port's character encoding should be set to the encoding returned
- by @code{file-encoding}, if any, again by using
- @code{set-port-encoding!}. Then the code can be read as normal.
- Alternatively, one can use the @code{#:guess-encoding} keyword argument
- of @code{open-file} and related procedures. @xref{File Ports}.
- @deffn {Scheme Procedure} file-encoding port
- @deffnx {C Function} scm_file_encoding (port)
- Attempt to scan the first few hundred bytes from the @var{port} for
- hints about its character encoding. Return a string containing the
- encoding name or @code{#f} if the encoding cannot be determined. The
- port is rewound.
- Currently, the only supported method is to look for an Emacs-like
- character coding declaration (@pxref{Recognize Coding, how Emacs
- recognizes file encoding,, emacs, The GNU Emacs Reference Manual}). The
- coding declaration is of the form @code{coding: XXXXX} and must appear
- in a Scheme comment. Additional heuristics may be added in the future.
- @end deffn
- @node Delayed Evaluation
- @subsection Delayed Evaluation
- @cindex delayed evaluation
- @cindex promises
- Promises are a convenient way to defer a calculation until its result
- is actually needed, and to run such a calculation only once. Also
- @pxref{SRFI-45}.
- @deffn syntax delay expr
- @rnindex delay
- Return a promise object which holds the given @var{expr} expression,
- ready to be evaluated by a later @code{force}.
- @end deffn
- @deffn {Scheme Procedure} promise? obj
- @deffnx {C Function} scm_promise_p (obj)
- Return true if @var{obj} is a promise.
- @end deffn
- @rnindex force
- @deffn {Scheme Procedure} force p
- @deffnx {C Function} scm_force (p)
- Return the value obtained from evaluating the @var{expr} in the given
- promise @var{p}. If @var{p} has previously been forced then its
- @var{expr} is not evaluated again, instead the value obtained at that
- time is simply returned.
- During a @code{force}, an @var{expr} can call @code{force} again on
- its own promise, resulting in a recursive evaluation of that
- @var{expr}. The first evaluation to return gives the value for the
- promise. Higher evaluations run to completion in the normal way, but
- their results are ignored, @code{force} always returns the first
- value.
- @end deffn
- @node Local Evaluation
- @subsection Local Evaluation
- Guile includes a facility to capture a lexical environment, and later
- evaluate a new expression within that environment. This code is
- implemented in a module.
- @example
- (use-modules (ice-9 local-eval))
- @end example
- @deffn syntax the-environment
- Captures and returns a lexical environment for use with
- @code{local-eval} or @code{local-compile}.
- @end deffn
- @deffn {Scheme Procedure} local-eval exp env
- @deffnx {C Function} scm_local_eval (exp, env)
- @deffnx {Scheme Procedure} local-compile exp env [opts=()]
- Evaluate or compile the expression @var{exp} in the lexical environment
- @var{env}.
- @end deffn
- Here is a simple example, illustrating that it is the variable
- that gets captured, not just its value at one point in time.
- @example
- (define e (let ((x 100)) (the-environment)))
- (define fetch-x (local-eval '(lambda () x) e))
- (fetch-x)
- @result{} 100
- (local-eval '(set! x 42) e)
- (fetch-x)
- @result{} 42
- @end example
- While @var{exp} is evaluated within the lexical environment of
- @code{(the-environment)}, it has the dynamic environment of the call to
- @code{local-eval}.
- @code{local-eval} and @code{local-compile} can only evaluate
- expressions, not definitions.
- @example
- (local-eval '(define foo 42)
- (let ((x 100)) (the-environment)))
- @result{} syntax error: definition in expression context
- @end example
- Note that the current implementation of @code{(the-environment)} only
- captures ``normal'' lexical bindings, and pattern variables bound by
- @code{syntax-case}. It does not currently capture local syntax
- transformers bound by @code{let-syntax}, @code{letrec-syntax} or
- non-top-level @code{define-syntax} forms. Any attempt to reference such
- captured syntactic keywords via @code{local-eval} or
- @code{local-compile} produces an error.
- @node Local Inclusion
- @subsection Local Inclusion
- This section has discussed various means of linking Scheme code
- together: fundamentally, loading up files at run-time using @code{load}
- and @code{load-compiled}. Guile provides another option to compose
- parts of programs together at expansion-time instead of at run-time.
- @deffn {Scheme Syntax} include file-name
- Open @var{file-name}, at expansion-time, and read the Scheme forms that
- it contains, splicing them into the location of the @code{include},
- within a @code{begin}.
- If @var{file-name} is a relative path, it is searched for relative to
- the path that contains the file that the @code{include} form appears in.
- @end deffn
- If you are a C programmer, if @code{load} in Scheme is like
- @code{dlopen} in C, consider @code{include} to be like the C
- preprocessor's @code{#include}. When you use @code{include}, it is as
- if the contents of the included file were typed in instead of the
- @code{include} form.
- Because the code is included at compile-time, it is available to the
- macroexpander. Syntax definitions in the included file are available to
- later code in the form in which the @code{include} appears, without the
- need for @code{eval-when}. (@xref{Eval When}.)
- For the same reason, compiling a form that uses @code{include} results
- in one compilation unit, composed of multiple files. Loading the
- compiled file is one @code{stat} operation for the compilation unit,
- instead of @code{2*@var{n}} in the case of @code{load} (once for each
- loaded source file, and once each corresponding compiled file, in the
- best case).
- Unlike @code{load}, @code{include} also works within nested lexical
- contexts. It so happens that the optimizer works best within a lexical
- context, because all of the uses of bindings in a lexical context are
- visible, so composing files by including them within a @code{(let ()
- ...)} can sometimes lead to important speed improvements.
- On the other hand, @code{include} does have all the disadvantages of
- early binding: once the code with the @code{include} is compiled, no
- change to the included file is reflected in the future behavior of the
- including form.
- Also, the particular form of @code{include}, which requires an absolute
- path, or a path relative to the current directory at compile-time, is
- not very amenable to compiling the source in one place, but then
- installing the source to another place. For this reason, Guile provides
- another form, @code{include-from-path}, which looks for the source file
- to include within a load path.
- @deffn {Scheme Syntax} include-from-path file-name
- Like @code{include}, but instead of expecting @code{file-name} to be an
- absolute file name, it is expected to be a relative path to search in
- the @code{%load-path}.
- @end deffn
- @code{include-from-path} is more useful when you want to install all of
- the source files for a package (as you should!). It makes it possible
- to evaluate an installed file from source, instead of relying on the
- @code{.go} file being up to date.
- @node Sandboxed Evaluation
- @subsection Sandboxed Evaluation
- Sometimes you would like to evaluate code that comes from an untrusted
- party. The safest way to do this is to buy a new computer, evaluate the
- code on that computer, then throw the machine away. However if you are
- unwilling to take this simple approach, Guile does include a limited
- ``sandbox'' facility that can allow untrusted code to be evaluated with
- some confidence.
- To use the sandboxed evaluator, load its module:
- @example
- (use-modules (ice-9 sandbox))
- @end example
- Guile's sandboxing facility starts with the ability to restrict the time
- and space used by a piece of code.
- @deffn {Scheme Procedure} call-with-time-limit limit thunk limit-reached
- Call @var{thunk}, but cancel it if @var{limit} seconds of wall-clock
- time have elapsed. If the computation is cancelled, call
- @var{limit-reached} in tail position. @var{thunk} must not disable
- interrupts or prevent an abort via a @code{dynamic-wind} unwind handler.
- @end deffn
- @deffn {Scheme Procedure} call-with-allocation-limit limit thunk limit-reached
- Call @var{thunk}, but cancel it if @var{limit} bytes have been
- allocated. If the computation is cancelled, call @var{limit-reached} in
- tail position. @var{thunk} must not disable interrupts or prevent an
- abort via a @code{dynamic-wind} unwind handler.
- This limit applies to both stack and heap allocation. The computation
- will not be aborted before @var{limit} bytes have been allocated, but
- for the heap allocation limit, the check may be postponed until the next garbage collection.
- Note that as a current shortcoming, the heap size limit applies to all
- threads; concurrent allocation by other unrelated threads counts towards
- the allocation limit.
- @end deffn
- @deffn {Scheme Procedure} call-with-time-and-allocation-limits time-limit allocation-limit thunk
- Invoke @var{thunk} in a dynamic extent in which its execution is limited
- to @var{time-limit} seconds of wall-clock time, and its allocation to
- @var{allocation-limit} bytes. @var{thunk} must not disable interrupts
- or prevent an abort via a @code{dynamic-wind} unwind handler.
- If successful, return all values produced by invoking @var{thunk}. Any
- uncaught exception thrown by the thunk will propagate out. If the time
- or allocation limit is exceeded, an exception will be thrown to the
- @code{limit-exceeded} key.
- @end deffn
- The time limit and stack limit are both very precise, but the heap limit
- only gets checked asynchronously, after a garbage collection. In
- particular, if the heap is already very large, the number of allocated
- bytes between garbage collections will be large, and therefore the
- precision of the check is reduced.
- Additionally, due to the mechanism used by the allocation limit (the
- @code{after-gc-hook}), large single allocations like @code{(make-vector
- #e1e7)} are only detected after the allocation completes, even if the
- allocation itself causes garbage collection. It's possible therefore
- for user code to not only exceed the allocation limit set, but also to
- exhaust all available memory, causing out-of-memory conditions at any
- allocation site. Failure to allocate memory in Guile itself should be
- safe and cause an exception to be thrown, but most systems are not
- designed to handle @code{malloc} failures. An allocation failure may
- therefore exercise unexpected code paths in your system, so it is a
- weakness of the sandbox (and therefore an interesting point of attack).
- The main sandbox interface is @code{eval-in-sandbox}.
- @deffn {Scheme Procedure} eval-in-sandbox exp [#:time-limit 0.1] @
- [#:allocation-limit #e10e6] @
- [#:bindings all-pure-bindings] @
- [#:module (make-sandbox-module bindings)] @
- [#:sever-module? #t]
- Evaluate the Scheme expression @var{exp} within an isolated
- "sandbox". Limit its execution to @var{time-limit} seconds of
- wall-clock time, and limit its allocation to @var{allocation-limit}
- bytes.
- The evaluation will occur in @var{module}, which defaults to the result
- of calling @code{make-sandbox-module} on @var{bindings}, which itself
- defaults to @code{all-pure-bindings}. This is the core of the
- sandbox: creating a scope for the expression that is @dfn{safe}.
- A safe sandbox module has two characteristics. Firstly, it will not
- allow the expression being evaluated to avoid being cancelled due to
- time or allocation limits. This ensures that the expression terminates
- in a timely fashion.
- Secondly, a safe sandbox module will prevent the evaluation from
- receiving information from previous evaluations, or from affecting
- future evaluations. All combinations of binding sets exported by
- @code{(ice-9 sandbox)} form safe sandbox modules.
- The @var{bindings} should be given as a list of import sets. One import
- set is a list whose car names an interface, like @code{(ice-9 q)}, and
- whose cdr is a list of imports. An import is either a bare symbol or a
- pair of @code{(@var{out} . @var{in})}, where @var{out} and @var{in} are
- both symbols and denote the name under which a binding is exported from
- the module, and the name under which to make the binding available,
- respectively. Note that @var{bindings} is only used as an input to the
- default initializer for the @var{module} argument; if you pass
- @code{#:module}, @var{bindings} is unused. If @var{sever-module?} is
- true (the default), the module will be unlinked from the global module
- tree after the evaluation returns, to allow @var{mod} to be
- garbage-collected.
- If successful, return all values produced by @var{exp}. Any uncaught
- exception thrown by the expression will propagate out. If the time or
- allocation limit is exceeded, an exception will be thrown to the
- @code{limit-exceeded} key.
- @end deffn
- Constructing a safe sandbox module is tricky in general. Guile defines
- an easy way to construct safe modules from predefined sets of bindings.
- Before getting to that interface, here are some general notes on safety.
- @enumerate
- @item The time and allocation limits rely on the ability to interrupt
- and cancel a computation. For this reason, no binding included in a
- sandbox module should be able to indefinitely postpone interrupt
- handling, nor should a binding be able to prevent an abort. In practice
- this second consideration means that @code{dynamic-wind} should not be
- included in any binding set.
- @item The time and allocation limits apply only to the
- @code{eval-in-sandbox} call. If the call returns a procedure which is
- later called, no limit is ``automatically'' in place. Users of
- @code{eval-in-sandbox} have to be very careful to reimpose limits when
- calling procedures that escape from sandboxes.
- @item Similarly, the dynamic environment of the @code{eval-in-sandbox}
- call is not necessarily in place when any procedure that escapes from
- the sandbox is later called.
- This detail prevents us from exposing @code{primitive-eval} to the
- sandbox, for two reasons. The first is that it's possible for legacy
- code to forge references to any binding, if the
- @code{allow-legacy-syntax-objects?} parameter is true. The default for
- this parameter is true; @pxref{Syntax Transformer Helpers} for the
- details. The parameter is bound to @code{#f} for the duration of the
- @code{eval-in-sandbox} call itself, but that will not be in place during
- calls to escaped procedures.
- The second reason we don't expose @code{primitive-eval} is that
- @code{primitive-eval} implicitly works in the current module, which for
- an escaped procedure will probably be different than the module that is
- current for the @code{eval-in-sandbox} call itself.
- The common denominator here is that if an interface exposed to the
- sandbox relies on dynamic environments, it is easy to mistakenly grant
- the sandboxed procedure additional capabilities in the form of bindings
- that it should not have access to. For this reason, the default sets of
- predefined bindings do not depend on any dynamically scoped value.
- @item Mutation may allow a sandboxed evaluation to break some invariant
- in users of data supplied to it. A lot of code culturally doesn't
- expect mutation, but if you hand mutable data to a sandboxed evaluation
- and you also grant mutating capabilities to that evaluation, then the
- sandboxed code may indeed mutate that data. The default set of bindings
- to the sandbox do not include any mutating primitives.
- Relatedly, @code{set!} may allow a sandbox to mutate a primitive,
- invalidating many system-wide invariants. Guile is currently quite
- permissive when it comes to imported bindings and mutability. Although
- @code{set!} to a module-local or lexically bound variable would be fine,
- we don't currently have an easy way to disallow @code{set!} to an
- imported binding, so currently no binding set includes @code{set!}.
- @item Mutation may allow a sandboxed evaluation to keep state, or
- make a communication mechanism with other code. On the one hand this
- sounds cool, but on the other hand maybe this is part of your threat
- model. Again, the default set of bindings doesn't include mutating
- primitives, preventing sandboxed evaluations from keeping state.
- @item The sandbox should probably not be able to open a network
- connection, or write to a file, or open a file from disk. The default
- binding set includes no interaction with the operating system.
- @end enumerate
- If you, dear reader, find the above discussion interesting, you will
- enjoy Jonathan Rees' dissertation, ``A Security Kernel Based on the
- Lambda Calculus''.
- @defvr {Scheme Variable} all-pure-bindings
- All ``pure'' bindings that together form a safe subset of those bindings
- available by default to Guile user code.
- @end defvr
- @defvr {Scheme Variable} all-pure-and-impure-bindings
- Like @code{all-pure-bindings}, but additionally including mutating
- primitives like @code{vector-set!}. This set is still safe in the sense
- mentioned above, with the caveats about mutation.
- @end defvr
- The components of these composite sets are as follows:
- @defvr {Scheme Variable} alist-bindings
- @defvrx {Scheme Variable} array-bindings
- @defvrx {Scheme Variable} bit-bindings
- @defvrx {Scheme Variable} bitvector-bindings
- @defvrx {Scheme Variable} char-bindings
- @defvrx {Scheme Variable} char-set-bindings
- @defvrx {Scheme Variable} clock-bindings
- @defvrx {Scheme Variable} core-bindings
- @defvrx {Scheme Variable} error-bindings
- @defvrx {Scheme Variable} fluid-bindings
- @defvrx {Scheme Variable} hash-bindings
- @defvrx {Scheme Variable} iteration-bindings
- @defvrx {Scheme Variable} keyword-bindings
- @defvrx {Scheme Variable} list-bindings
- @defvrx {Scheme Variable} macro-bindings
- @defvrx {Scheme Variable} nil-bindings
- @defvrx {Scheme Variable} number-bindings
- @defvrx {Scheme Variable} pair-bindings
- @defvrx {Scheme Variable} predicate-bindings
- @defvrx {Scheme Variable} procedure-bindings
- @defvrx {Scheme Variable} promise-bindings
- @defvrx {Scheme Variable} prompt-bindings
- @defvrx {Scheme Variable} regexp-bindings
- @defvrx {Scheme Variable} sort-bindings
- @defvrx {Scheme Variable} srfi-4-bindings
- @defvrx {Scheme Variable} string-bindings
- @defvrx {Scheme Variable} symbol-bindings
- @defvrx {Scheme Variable} unspecified-bindings
- @defvrx {Scheme Variable} variable-bindings
- @defvrx {Scheme Variable} vector-bindings
- @defvrx {Scheme Variable} version-bindings
- The components of @code{all-pure-bindings}.
- @end defvr
- @defvr {Scheme Variable} mutating-alist-bindings
- @defvrx {Scheme Variable} mutating-array-bindings
- @defvrx {Scheme Variable} mutating-bitvector-bindings
- @defvrx {Scheme Variable} mutating-fluid-bindings
- @defvrx {Scheme Variable} mutating-hash-bindings
- @defvrx {Scheme Variable} mutating-list-bindings
- @defvrx {Scheme Variable} mutating-pair-bindings
- @defvrx {Scheme Variable} mutating-sort-bindings
- @defvrx {Scheme Variable} mutating-srfi-4-bindings
- @defvrx {Scheme Variable} mutating-string-bindings
- @defvrx {Scheme Variable} mutating-variable-bindings
- @defvrx {Scheme Variable} mutating-vector-bindings
- The additional components of @code{all-pure-and-impure-bindings}.
- @end defvr
- Finally, what do you do with a binding set? What is a binding set
- anyway? @code{make-sandbox-module} is here for you.
- @deffn {Scheme Procedure} make-sandbox-module bindings
- Return a fresh module that only contains @var{bindings}.
- The @var{bindings} should be given as a list of import sets. One import
- set is a list whose car names an interface, like @code{(ice-9 q)}, and
- whose cdr is a list of imports. An import is either a bare symbol or a
- pair of @code{(@var{out} . @var{in})}, where @var{out} and @var{in} are
- both symbols and denote the name under which a binding is exported from
- the module, and the name under which to make the binding available,
- respectively.
- @end deffn
- So you see that binding sets are just lists, and
- @code{all-pure-and-impure-bindings} is really just the result of
- appending all of the component binding sets.
- @node REPL Servers
- @subsection REPL Servers
- @cindex REPL server
- The procedures in this section are provided by
- @lisp
- (use-modules (system repl server))
- @end lisp
- When an application is written in Guile, it is often convenient to
- allow the user to be able to interact with it by evaluating Scheme
- expressions in a REPL.
- The procedures of this module allow you to spawn a @dfn{REPL server},
- which permits interaction over a local or TCP connection. Guile itself
- uses them internally to implement the @option{--listen} switch,
- @ref{Command-line Options}.
- @deffn {Scheme Procedure} make-tcp-server-socket [#:host=#f] @
- [#:addr] [#:port=37146]
- Return a stream socket bound to a given address @var{addr} and port
- number @var{port}. If the @var{host} is given, and @var{addr} is not,
- then the @var{host} string is converted to an address. If neither is
- given, we use the loopback address.
- @end deffn
- @deffn {Scheme Procedure} make-unix-domain-server-socket [#:path="/tmp/guile-socket"]
- Return a UNIX domain socket, bound to a given @var{path}.
- @end deffn
- @deffn {Scheme Procedure} run-server [server-socket]
- @deffnx {Scheme Procedure} spawn-server [server-socket]
- Create and run a REPL, making it available over the given
- @var{server-socket}. If @var{server-socket} is not provided, it
- defaults to the socket created by calling @code{make-tcp-server-socket}
- with no arguments.
- @code{run-server} runs the server in the current thread, whereas
- @code{spawn-server} runs the server in a new thread.
- @end deffn
- @deffn {Scheme Procedure} stop-server-and-clients!
- Closes the connection on all running server sockets.
- Please note that in the current implementation, the REPL threads are
- cancelled without unwinding their stacks. If any of them are holding
- mutexes or are within a critical section, the results are unspecified.
- @end deffn
- @node Cooperative REPL Servers
- @subsection Cooperative REPL Servers
- @cindex Cooperative REPL server
- The procedures in this section are provided by
- @lisp
- (use-modules (system repl coop-server))
- @end lisp
- Whereas ordinary REPL servers run in their own threads (@pxref{REPL
- Servers}), sometimes it is more convenient to provide REPLs that run at
- specified times within an existing thread, for example in programs
- utilizing an event loop or in single-threaded programs. This allows for
- safe access and mutation of a program's data structures from the REPL,
- without concern for thread synchronization.
- Although the REPLs are run in the thread that calls
- @code{spawn-coop-repl-server} and @code{poll-coop-repl-server},
- dedicated threads are spawned so that the calling thread is not blocked.
- The spawned threads read input for the REPLs and to listen for new
- connections.
- Cooperative REPL servers must be polled periodically to evaluate any
- pending expressions by calling @code{poll-coop-repl-server} with the
- object returned from @code{spawn-coop-repl-server}. The thread that
- calls @code{poll-coop-repl-server} will be blocked for as long as the
- expression takes to be evaluated or if the debugger is entered.
- @deffn {Scheme Procedure} spawn-coop-repl-server [server-socket]
- Create and return a new cooperative REPL server object, and spawn a new
- thread to listen for connections on @var{server-socket}. Proper
- functioning of the REPL server requires that
- @code{poll-coop-repl-server} be called periodically on the returned
- server object.
- @end deffn
- @deffn {Scheme Procedure} poll-coop-repl-server coop-server
- Poll the cooperative REPL server @var{coop-server} and apply a pending
- operation if there is one, such as evaluating an expression typed at the
- REPL prompt. This procedure must be called from the same thread that
- called @code{spawn-coop-repl-server}.
- @end deffn
- @c Local Variables:
- @c TeX-master: "guile.texi"
- @c End:
|