From 5514afa4bc9f31da13813cd7024be982352d4f13 Mon Sep 17 00:00:00 2001 From: Matthew Flatt Date: Sun, 22 Mar 2009 16:42:03 +0000 Subject: [PATCH] notes on the hazards of sandbox break propagation svn: r14220 --- collects/scribblings/reference/sandbox.scrbl | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/collects/scribblings/reference/sandbox.scrbl b/collects/scribblings/reference/sandbox.scrbl index 386a62df8d..d469fb5f94 100644 --- a/collects/scribblings/reference/sandbox.scrbl +++ b/collects/scribblings/reference/sandbox.scrbl @@ -411,12 +411,18 @@ collected by sandbox evaluators. Use @defboolparam[sandbox-propagate-breaks propagate?]{ -When this boolean parameter is true, breaking while an evaluator is -running evaluator propagates the break signal to the sandboxed +When both this boolean parameter and @scheme[(break-enabled)] are true, +breaking while an evaluator is +running propagates the break signal to the sandboxed context. This makes the sandboxed evaluator break, typically, but beware that sandboxed evaluation can capture and avoid the breaks (so if safe execution of code is your goal, make sure you use it with a -time limit). The default is @scheme[#t].} +time limit). Also, beware that a break may be received after the +evaluator's result, in which case the evaluation result is lost. Finally, +beware that a break may be propagated after an evaluator has produced +a result, so that the break is visible on the next interaction with +the evaluator (or the break is lost if the evaluator is not used +further). The default is @scheme[#t].} @defparam[sandbox-namespace-specs spec (cons/c (-> namespace?)