Mercurial > emacs
comparison lispref/functions.texi @ 51701:080a8041fef7
(Defining Functions): Explain about redefining primitives.
(Function Safety): Renamed. Minor changes.
Comment out the detailed criteria for what is safe.
author | Richard M. Stallman <rms@gnu.org> |
---|---|
date | Mon, 30 Jun 2003 10:40:27 +0000 |
parents | 23a1cea22d13 |
children | 3d0217ad97db |
comparison
equal
deleted
inserted
replaced
51700:8e56fb9cfe82 | 51701:080a8041fef7 |
---|---|
20 * Mapping Functions:: Applying a function to each element of a list, etc. | 20 * Mapping Functions:: Applying a function to each element of a list, etc. |
21 * Anonymous Functions:: Lambda expressions are functions with no names. | 21 * Anonymous Functions:: Lambda expressions are functions with no names. |
22 * Function Cells:: Accessing or setting the function definition | 22 * Function Cells:: Accessing or setting the function definition |
23 of a symbol. | 23 of a symbol. |
24 * Inline Functions:: Defining functions that the compiler will open code. | 24 * Inline Functions:: Defining functions that the compiler will open code. |
25 * Function safety:: Determining whether a function is safe to call. | 25 * Function Safety:: Determining whether a function is safe to call. |
26 * Related Topics:: Cross-references to specific Lisp primitives | 26 * Related Topics:: Cross-references to specific Lisp primitives |
27 that have a special bearing on how functions work. | 27 that have a special bearing on how functions work. |
28 @end menu | 28 @end menu |
29 | 29 |
30 @node What Is a Function | 30 @node What Is a Function |
55 such as @code{car} or @code{append}. These functions are also called | 55 such as @code{car} or @code{append}. These functions are also called |
56 @dfn{built-in} functions or @dfn{subrs}. (Special forms are also | 56 @dfn{built-in} functions or @dfn{subrs}. (Special forms are also |
57 considered primitives.) | 57 considered primitives.) |
58 | 58 |
59 Usually the reason we implement a function as a primitive is either | 59 Usually the reason we implement a function as a primitive is either |
60 because it is fundamental, because it provides a low-level interface to | 60 because it is fundamental, because it provides a low-level interface |
61 operating system services, or because it needs to run fast. Primitives | 61 to operating system services, or because it needs to run fast. |
62 can be modified or added only by changing the C sources and recompiling | 62 Primitives can be modified or added only by changing the C sources and |
63 the editor. See @ref{Writing Emacs Primitives}. | 63 recompiling the editor. See @ref{Writing Emacs Primitives}. |
64 | 64 |
65 @item lambda expression | 65 @item lambda expression |
66 A @dfn{lambda expression} is a function written in Lisp. | 66 A @dfn{lambda expression} is a function written in Lisp. |
67 These are described in the following section. | 67 These are described in the following section. |
68 @ifnottex | 68 @ifnottex |
571 By contrast, in programs that manipulate function definitions for other | 571 By contrast, in programs that manipulate function definitions for other |
572 purposes, it is better to use @code{fset}, which does not keep such | 572 purposes, it is better to use @code{fset}, which does not keep such |
573 records. | 573 records. |
574 @end defun | 574 @end defun |
575 | 575 |
576 You cannot create a new primitive function with @code{defun} or | |
577 @code{defalias}, but you use them to change the function definition of | |
578 any symbol, even one such as @code{car} or @code{x-popup-menu} whose | |
579 normal definition is a primitive. However, this is risky: for | |
580 instance, it is next to impossible to redefine @code{car} without | |
581 breaking Lisp completely. Redefining an obscure function such as | |
582 @code{x-popup-menu} is less dangerous, but it still may not work as | |
583 you expect. If there are calls to the primitive from C code, they | |
584 call the primitive's C definition directly, so changing the symbol's | |
585 definition will have no effect on them. | |
586 | |
576 See also @code{defsubst}, which defines a function like @code{defun} | 587 See also @code{defsubst}, which defines a function like @code{defun} |
577 and tells the Lisp compiler to open-code it. @xref{Inline Functions}. | 588 and tells the Lisp compiler to open-code it. @xref{Inline Functions}. |
578 | 589 |
579 @node Calling Functions | 590 @node Calling Functions |
580 @section Calling Functions | 591 @section Calling Functions |
1156 do for macros. (@xref{Argument Evaluation}.) | 1167 do for macros. (@xref{Argument Evaluation}.) |
1157 | 1168 |
1158 Inline functions can be used and open-coded later on in the same file, | 1169 Inline functions can be used and open-coded later on in the same file, |
1159 following the definition, just like macros. | 1170 following the definition, just like macros. |
1160 | 1171 |
1161 @node Function safety | 1172 @node Function Safety |
1162 @section Determining whether a function is safe to call | 1173 @section Determining whether a function is safe to call |
1163 @cindex function safety | 1174 @cindex function safety |
1164 @cindex safety of functions | 1175 @cindex safety of functions |
1165 @cindex virus detection | 1176 |
1166 @cindex Trojan-horse detection | 1177 Some major modes such as SES (@pxref{Top,,,ses}) call functions that |
1167 @cindex DDoS attacks | 1178 are stored in user files. User files sometimes have poor |
1168 | 1179 pedigrees---you can get a spreadsheet from someone you've just met, or |
1169 Some major modes such as SES (see @pxref{Top,,,ses}) will call | 1180 you can get one through email from someone you've never met. So it is |
1170 functions that are stored in user files. User files sometimes have | 1181 risky to call a function whose source code is stored in a user file |
1171 poor pedigrees---you can get a spreadsheet from someone you've just | 1182 until you have determined that it is safe. |
1172 met, or you can get one through email from someone you've never met. | |
1173 Such files can contain viruses and other Trojan horses that could | |
1174 corrupt your operating system environment, delete your files, or even | |
1175 turn your computer into a DDoS zombie! To avoid this terrible fate, | |
1176 you should not call a function whose source code is stored in a user | |
1177 file until you have determined that it is safe. | |
1178 | 1183 |
1179 @defun unsafep form &optional unsafep-vars | 1184 @defun unsafep form &optional unsafep-vars |
1180 Returns nil if @var{form} is a @dfn{safe} lisp expression, or returns | 1185 Returns @code{nil} if @var{form} is a @dfn{safe} lisp expression, or |
1181 a list that describes why it might be unsafe. The argument | 1186 returns a list that describes why it might be unsafe. The argument |
1182 @var{unsafep-vars} is a list of symbols known to have temporary | 1187 @var{unsafep-vars} is a list of symbols known to have temporary |
1183 bindings at this point; it is mainly used for internal recursive | 1188 bindings at this point; it is mainly used for internal recursive |
1184 calls. The current buffer is an implicit argument, which provides a | 1189 calls. The current buffer is an implicit argument, which provides a |
1185 list of buffer-local bindings. | 1190 list of buffer-local bindings. |
1186 @end defun | 1191 @end defun |
1187 | 1192 |
1188 Being quick and simple, @code{unsafep} does a very light analysis and | 1193 Being quick and simple, @code{unsafep} does a very light analysis and |
1189 rejects many Lisp expressions that are actually safe. There are no | 1194 rejects many Lisp expressions that are actually safe. There are no |
1190 known cases where @code{unsafep} returns nil for an unsafe expression. | 1195 known cases where @code{unsafep} returns @code{nil} for an unsafe |
1191 However, a ``safe'' Lisp expression can return a string with a | 1196 expression. However, a ``safe'' Lisp expression can return a string |
1192 @code{display} property, containing an associated Lisp expression to | 1197 with a @code{display} property, containing an associated Lisp |
1193 be executed after the string is inserted into a buffer. This | 1198 expression to be executed after the string is inserted into a buffer. |
1194 associated expression can be a virus. In order to be safe, you must | 1199 This associated expression can be a virus. In order to be safe, you |
1195 delete properties from all strings calculated by user code before | 1200 must delete properties from all strings calculated by user code before |
1196 inserting them into buffers. | 1201 inserting them into buffers. |
1197 | 1202 |
1203 @ignore | |
1198 What is a safe Lisp expression? Basically, it's an expression that | 1204 What is a safe Lisp expression? Basically, it's an expression that |
1199 calls only built-in functions with no side effects (or only innocuous | 1205 calls only built-in functions with no side effects (or only innocuous |
1200 ones). Innocuous side effects include displaying messages and | 1206 ones). Innocuous side effects include displaying messages and |
1201 altering non-risky buffer-local variables (but not global variables). | 1207 altering non-risky buffer-local variables (but not global variables). |
1202 | 1208 |
1207 An atom or quoted thing. | 1213 An atom or quoted thing. |
1208 @item | 1214 @item |
1209 A call to a safe function (see below), if all its arguments are | 1215 A call to a safe function (see below), if all its arguments are |
1210 safe expressions. | 1216 safe expressions. |
1211 @item | 1217 @item |
1212 One of the special forms [and, catch, cond, if, or, prog1, prog2, | 1218 One of the special forms @code{and}, @code{catch}, @code{cond}, |
1213 progn, while, unwind-protect], if all its arguments are safe. | 1219 @code{if}, @code{or}, @code{prog1}, @code{prog2}, @code{progn}, |
1220 @code{while}, and @code{unwind-protect}], if all its arguments are | |
1221 safe. | |
1214 @item | 1222 @item |
1215 A form that creates temporary bindings [condition-case, dolist, | 1223 A form that creates temporary bindings (@code{condition-case}, |
1216 dotimes, lambda, let, let*], if all args are safe and the symbols to | 1224 @code{dolist}, @code{dotimes}, @code{lambda}, @code{let}, or |
1217 be bound are not explicitly risky (see @pxref{File Local Variables}). | 1225 @code{let*}), if all args are safe and the symbols to be bound are not |
1226 explicitly risky (see @pxref{File Local Variables}). | |
1218 @item | 1227 @item |
1219 An assignment [add-to-list, setq, push, pop], if all args are safe and | 1228 An assignment using @code{add-to-list}, @code{setq}, @code{push}, or |
1220 the symbols to be assigned are not explicitly risky and they already | 1229 @code{pop}, if all args are safe and the symbols to be assigned are |
1221 have temporary or buffer-local bindings. | 1230 not explicitly risky and they already have temporary or buffer-local |
1231 bindings. | |
1222 @item | 1232 @item |
1223 One of [apply, mapc, mapcar, mapconcat] if the first argument is a | 1233 One of [apply, mapc, mapcar, mapconcat] if the first argument is a |
1224 safe explicit lambda and the other args are safe expressions. | 1234 safe explicit lambda and the other args are safe expressions. |
1225 @end itemize | 1235 @end itemize |
1226 | 1236 |
1229 @item | 1239 @item |
1230 A lambda containing safe expressions. | 1240 A lambda containing safe expressions. |
1231 @item | 1241 @item |
1232 A symbol on the list @code{safe-functions}, so the user says it's safe. | 1242 A symbol on the list @code{safe-functions}, so the user says it's safe. |
1233 @item | 1243 @item |
1234 A symbol with a non-nil @code{side-effect-free} property. | 1244 A symbol with a non-@code{nil} @code{side-effect-free} property. |
1235 @item | 1245 @item |
1236 A symbol with a non-nil @code{safe-function} property. Value t | 1246 A symbol with a non-@code{nil} @code{safe-function} property. Value t |
1237 indicates a function that is safe but has innocuous side effects. | 1247 indicates a function that is safe but has innocuous side effects. |
1238 Other values will someday indicate functions with classes of side | 1248 Other values will someday indicate functions with classes of side |
1239 effects that are not always safe. | 1249 effects that are not always safe. |
1240 @end itemize | 1250 @end itemize |
1241 | 1251 |
1242 The @code{side-effect-free} and @code{safe-function} properties are | 1252 The @code{side-effect-free} and @code{safe-function} properties are |
1243 provided for built-in functions and for low-level functions and macros | 1253 provided for built-in functions and for low-level functions and macros |
1244 defined in @file{subr.el}. You can assign these properties for the | 1254 defined in @file{subr.el}. You can assign these properties for the |
1245 functions you write. | 1255 functions you write. |
1246 | |
1247 @end table | 1256 @end table |
1248 | 1257 @end ignore |
1249 | |
1250 @c Emacs versions prior to 19 did not have inline functions. | |
1251 | 1258 |
1252 @node Related Topics | 1259 @node Related Topics |
1253 @section Other Topics Related to Functions | 1260 @section Other Topics Related to Functions |
1254 | 1261 |
1255 Here is a table of several functions that do things related to | 1262 Here is a table of several functions that do things related to |