Mercurial > emacs
comparison lispref/functions.texi @ 51701:080a8041fef7
(Defining Functions): Explain about redefining primitives.
(Function Safety): Renamed. Minor changes.
Comment out the detailed criteria for what is safe.
| author | Richard M. Stallman <rms@gnu.org> |
|---|---|
| date | Mon, 30 Jun 2003 10:40:27 +0000 |
| parents | 23a1cea22d13 |
| children | 3d0217ad97db |
comparison
equal
deleted
inserted
replaced
| 51700:8e56fb9cfe82 | 51701:080a8041fef7 |
|---|---|
| 20 * Mapping Functions:: Applying a function to each element of a list, etc. | 20 * Mapping Functions:: Applying a function to each element of a list, etc. |
| 21 * Anonymous Functions:: Lambda expressions are functions with no names. | 21 * Anonymous Functions:: Lambda expressions are functions with no names. |
| 22 * Function Cells:: Accessing or setting the function definition | 22 * Function Cells:: Accessing or setting the function definition |
| 23 of a symbol. | 23 of a symbol. |
| 24 * Inline Functions:: Defining functions that the compiler will open code. | 24 * Inline Functions:: Defining functions that the compiler will open code. |
| 25 * Function safety:: Determining whether a function is safe to call. | 25 * Function Safety:: Determining whether a function is safe to call. |
| 26 * Related Topics:: Cross-references to specific Lisp primitives | 26 * Related Topics:: Cross-references to specific Lisp primitives |
| 27 that have a special bearing on how functions work. | 27 that have a special bearing on how functions work. |
| 28 @end menu | 28 @end menu |
| 29 | 29 |
| 30 @node What Is a Function | 30 @node What Is a Function |
| 55 such as @code{car} or @code{append}. These functions are also called | 55 such as @code{car} or @code{append}. These functions are also called |
| 56 @dfn{built-in} functions or @dfn{subrs}. (Special forms are also | 56 @dfn{built-in} functions or @dfn{subrs}. (Special forms are also |
| 57 considered primitives.) | 57 considered primitives.) |
| 58 | 58 |
| 59 Usually the reason we implement a function as a primitive is either | 59 Usually the reason we implement a function as a primitive is either |
| 60 because it is fundamental, because it provides a low-level interface to | 60 because it is fundamental, because it provides a low-level interface |
| 61 operating system services, or because it needs to run fast. Primitives | 61 to operating system services, or because it needs to run fast. |
| 62 can be modified or added only by changing the C sources and recompiling | 62 Primitives can be modified or added only by changing the C sources and |
| 63 the editor. See @ref{Writing Emacs Primitives}. | 63 recompiling the editor. See @ref{Writing Emacs Primitives}. |
| 64 | 64 |
| 65 @item lambda expression | 65 @item lambda expression |
| 66 A @dfn{lambda expression} is a function written in Lisp. | 66 A @dfn{lambda expression} is a function written in Lisp. |
| 67 These are described in the following section. | 67 These are described in the following section. |
| 68 @ifnottex | 68 @ifnottex |
| 571 By contrast, in programs that manipulate function definitions for other | 571 By contrast, in programs that manipulate function definitions for other |
| 572 purposes, it is better to use @code{fset}, which does not keep such | 572 purposes, it is better to use @code{fset}, which does not keep such |
| 573 records. | 573 records. |
| 574 @end defun | 574 @end defun |
| 575 | 575 |
| 576 You cannot create a new primitive function with @code{defun} or | |
| 577 @code{defalias}, but you use them to change the function definition of | |
| 578 any symbol, even one such as @code{car} or @code{x-popup-menu} whose | |
| 579 normal definition is a primitive. However, this is risky: for | |
| 580 instance, it is next to impossible to redefine @code{car} without | |
| 581 breaking Lisp completely. Redefining an obscure function such as | |
| 582 @code{x-popup-menu} is less dangerous, but it still may not work as | |
| 583 you expect. If there are calls to the primitive from C code, they | |
| 584 call the primitive's C definition directly, so changing the symbol's | |
| 585 definition will have no effect on them. | |
| 586 | |
| 576 See also @code{defsubst}, which defines a function like @code{defun} | 587 See also @code{defsubst}, which defines a function like @code{defun} |
| 577 and tells the Lisp compiler to open-code it. @xref{Inline Functions}. | 588 and tells the Lisp compiler to open-code it. @xref{Inline Functions}. |
| 578 | 589 |
| 579 @node Calling Functions | 590 @node Calling Functions |
| 580 @section Calling Functions | 591 @section Calling Functions |
| 1156 do for macros. (@xref{Argument Evaluation}.) | 1167 do for macros. (@xref{Argument Evaluation}.) |
| 1157 | 1168 |
| 1158 Inline functions can be used and open-coded later on in the same file, | 1169 Inline functions can be used and open-coded later on in the same file, |
| 1159 following the definition, just like macros. | 1170 following the definition, just like macros. |
| 1160 | 1171 |
| 1161 @node Function safety | 1172 @node Function Safety |
| 1162 @section Determining whether a function is safe to call | 1173 @section Determining whether a function is safe to call |
| 1163 @cindex function safety | 1174 @cindex function safety |
| 1164 @cindex safety of functions | 1175 @cindex safety of functions |
| 1165 @cindex virus detection | 1176 |
| 1166 @cindex Trojan-horse detection | 1177 Some major modes such as SES (@pxref{Top,,,ses}) call functions that |
| 1167 @cindex DDoS attacks | 1178 are stored in user files. User files sometimes have poor |
| 1168 | 1179 pedigrees---you can get a spreadsheet from someone you've just met, or |
| 1169 Some major modes such as SES (see @pxref{Top,,,ses}) will call | 1180 you can get one through email from someone you've never met. So it is |
| 1170 functions that are stored in user files. User files sometimes have | 1181 risky to call a function whose source code is stored in a user file |
| 1171 poor pedigrees---you can get a spreadsheet from someone you've just | 1182 until you have determined that it is safe. |
| 1172 met, or you can get one through email from someone you've never met. | |
| 1173 Such files can contain viruses and other Trojan horses that could | |
| 1174 corrupt your operating system environment, delete your files, or even | |
| 1175 turn your computer into a DDoS zombie! To avoid this terrible fate, | |
| 1176 you should not call a function whose source code is stored in a user | |
| 1177 file until you have determined that it is safe. | |
| 1178 | 1183 |
| 1179 @defun unsafep form &optional unsafep-vars | 1184 @defun unsafep form &optional unsafep-vars |
| 1180 Returns nil if @var{form} is a @dfn{safe} lisp expression, or returns | 1185 Returns @code{nil} if @var{form} is a @dfn{safe} lisp expression, or |
| 1181 a list that describes why it might be unsafe. The argument | 1186 returns a list that describes why it might be unsafe. The argument |
| 1182 @var{unsafep-vars} is a list of symbols known to have temporary | 1187 @var{unsafep-vars} is a list of symbols known to have temporary |
| 1183 bindings at this point; it is mainly used for internal recursive | 1188 bindings at this point; it is mainly used for internal recursive |
| 1184 calls. The current buffer is an implicit argument, which provides a | 1189 calls. The current buffer is an implicit argument, which provides a |
| 1185 list of buffer-local bindings. | 1190 list of buffer-local bindings. |
| 1186 @end defun | 1191 @end defun |
| 1187 | 1192 |
| 1188 Being quick and simple, @code{unsafep} does a very light analysis and | 1193 Being quick and simple, @code{unsafep} does a very light analysis and |
| 1189 rejects many Lisp expressions that are actually safe. There are no | 1194 rejects many Lisp expressions that are actually safe. There are no |
| 1190 known cases where @code{unsafep} returns nil for an unsafe expression. | 1195 known cases where @code{unsafep} returns @code{nil} for an unsafe |
| 1191 However, a ``safe'' Lisp expression can return a string with a | 1196 expression. However, a ``safe'' Lisp expression can return a string |
| 1192 @code{display} property, containing an associated Lisp expression to | 1197 with a @code{display} property, containing an associated Lisp |
| 1193 be executed after the string is inserted into a buffer. This | 1198 expression to be executed after the string is inserted into a buffer. |
| 1194 associated expression can be a virus. In order to be safe, you must | 1199 This associated expression can be a virus. In order to be safe, you |
| 1195 delete properties from all strings calculated by user code before | 1200 must delete properties from all strings calculated by user code before |
| 1196 inserting them into buffers. | 1201 inserting them into buffers. |
| 1197 | 1202 |
| 1203 @ignore | |
| 1198 What is a safe Lisp expression? Basically, it's an expression that | 1204 What is a safe Lisp expression? Basically, it's an expression that |
| 1199 calls only built-in functions with no side effects (or only innocuous | 1205 calls only built-in functions with no side effects (or only innocuous |
| 1200 ones). Innocuous side effects include displaying messages and | 1206 ones). Innocuous side effects include displaying messages and |
| 1201 altering non-risky buffer-local variables (but not global variables). | 1207 altering non-risky buffer-local variables (but not global variables). |
| 1202 | 1208 |
| 1207 An atom or quoted thing. | 1213 An atom or quoted thing. |
| 1208 @item | 1214 @item |
| 1209 A call to a safe function (see below), if all its arguments are | 1215 A call to a safe function (see below), if all its arguments are |
| 1210 safe expressions. | 1216 safe expressions. |
| 1211 @item | 1217 @item |
| 1212 One of the special forms [and, catch, cond, if, or, prog1, prog2, | 1218 One of the special forms @code{and}, @code{catch}, @code{cond}, |
| 1213 progn, while, unwind-protect], if all its arguments are safe. | 1219 @code{if}, @code{or}, @code{prog1}, @code{prog2}, @code{progn}, |
| 1220 @code{while}, and @code{unwind-protect}], if all its arguments are | |
| 1221 safe. | |
| 1214 @item | 1222 @item |
| 1215 A form that creates temporary bindings [condition-case, dolist, | 1223 A form that creates temporary bindings (@code{condition-case}, |
| 1216 dotimes, lambda, let, let*], if all args are safe and the symbols to | 1224 @code{dolist}, @code{dotimes}, @code{lambda}, @code{let}, or |
| 1217 be bound are not explicitly risky (see @pxref{File Local Variables}). | 1225 @code{let*}), if all args are safe and the symbols to be bound are not |
| 1226 explicitly risky (see @pxref{File Local Variables}). | |
| 1218 @item | 1227 @item |
| 1219 An assignment [add-to-list, setq, push, pop], if all args are safe and | 1228 An assignment using @code{add-to-list}, @code{setq}, @code{push}, or |
| 1220 the symbols to be assigned are not explicitly risky and they already | 1229 @code{pop}, if all args are safe and the symbols to be assigned are |
| 1221 have temporary or buffer-local bindings. | 1230 not explicitly risky and they already have temporary or buffer-local |
| 1231 bindings. | |
| 1222 @item | 1232 @item |
| 1223 One of [apply, mapc, mapcar, mapconcat] if the first argument is a | 1233 One of [apply, mapc, mapcar, mapconcat] if the first argument is a |
| 1224 safe explicit lambda and the other args are safe expressions. | 1234 safe explicit lambda and the other args are safe expressions. |
| 1225 @end itemize | 1235 @end itemize |
| 1226 | 1236 |
| 1229 @item | 1239 @item |
| 1230 A lambda containing safe expressions. | 1240 A lambda containing safe expressions. |
| 1231 @item | 1241 @item |
| 1232 A symbol on the list @code{safe-functions}, so the user says it's safe. | 1242 A symbol on the list @code{safe-functions}, so the user says it's safe. |
| 1233 @item | 1243 @item |
| 1234 A symbol with a non-nil @code{side-effect-free} property. | 1244 A symbol with a non-@code{nil} @code{side-effect-free} property. |
| 1235 @item | 1245 @item |
| 1236 A symbol with a non-nil @code{safe-function} property. Value t | 1246 A symbol with a non-@code{nil} @code{safe-function} property. Value t |
| 1237 indicates a function that is safe but has innocuous side effects. | 1247 indicates a function that is safe but has innocuous side effects. |
| 1238 Other values will someday indicate functions with classes of side | 1248 Other values will someday indicate functions with classes of side |
| 1239 effects that are not always safe. | 1249 effects that are not always safe. |
| 1240 @end itemize | 1250 @end itemize |
| 1241 | 1251 |
| 1242 The @code{side-effect-free} and @code{safe-function} properties are | 1252 The @code{side-effect-free} and @code{safe-function} properties are |
| 1243 provided for built-in functions and for low-level functions and macros | 1253 provided for built-in functions and for low-level functions and macros |
| 1244 defined in @file{subr.el}. You can assign these properties for the | 1254 defined in @file{subr.el}. You can assign these properties for the |
| 1245 functions you write. | 1255 functions you write. |
| 1246 | |
| 1247 @end table | 1256 @end table |
| 1248 | 1257 @end ignore |
| 1249 | |
| 1250 @c Emacs versions prior to 19 did not have inline functions. | |
| 1251 | 1258 |
| 1252 @node Related Topics | 1259 @node Related Topics |
| 1253 @section Other Topics Related to Functions | 1260 @section Other Topics Related to Functions |
| 1254 | 1261 |
| 1255 Here is a table of several functions that do things related to | 1262 Here is a table of several functions that do things related to |