34 lines
No EOL
22 KiB
HTML
34 lines
No EOL
22 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
|
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"/><meta name="viewport" content="width=device-width, initial-scale=0.8"/><title>16.2.7 Tainted Syntax</title><link rel="stylesheet" type="text/css" href="../scribble.css" title="default"/><link rel="stylesheet" type="text/css" href="../racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-style.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../doc-site.css" title="default"/><script type="text/javascript" src="../scribble-common.js"></script><script type="text/javascript" src="../manual-racket.js"></script><script type="text/javascript" src="../manual-racket.js"></script><script type="text/javascript" src="../doc-site.js"></script><script type="text/javascript" src="../local-redirect/local-redirect.js"></script><script type="text/javascript" src="../local-redirect/local-user-redirect.js"></script><!--[if IE 6]><style type="text/css">.SIEHidden { overflow: hidden; }</style><![endif]--></head><body id="doc-racket-lang-org"><div class="tocset"><div class="tocview"><div class="tocviewlist tocviewlisttopspace"><div class="tocviewtitle"><table cellspacing="0" cellpadding="0"><tr><td style="width: 1em;"><a href="javascript:void(0);" title="Expand/Collapse" class="tocviewtoggle" onclick="TocviewToggle(this,"tocview_0");">►</a></td><td></td><td><a href="index.html" class="tocviewlink" data-pltdoc="x">The Racket Guide</a></td></tr></table></div><div class="tocviewsublisttop" style="display: none;" id="tocview_0"><table cellspacing="0" cellpadding="0"><tr><td align="right">1 </td><td><a href="intro.html" class="tocviewlink" data-pltdoc="x">Welcome to Racket</a></td></tr><tr><td align="right">2 </td><td><a href="to-scheme.html" class="tocviewlink" data-pltdoc="x">Racket Essentials</a></td></tr><tr><td align="right">3 </td><td><a href="datatypes.html" class="tocviewlink" data-pltdoc="x">Built-<wbr></wbr>In Datatypes</a></td></tr><tr><td align="right">4 </td><td><a href="scheme-forms.html" class="tocviewlink" data-pltdoc="x">Expressions and Definitions</a></td></tr><tr><td align="right">5 </td><td><a href="define-struct.html" class="tocviewlink" data-pltdoc="x">Programmer-<wbr></wbr>Defined Datatypes</a></td></tr><tr><td align="right">6 </td><td><a href="modules.html" class="tocviewlink" data-pltdoc="x">Modules</a></td></tr><tr><td align="right">7 </td><td><a href="contracts.html" class="tocviewlink" data-pltdoc="x">Contracts</a></td></tr><tr><td align="right">8 </td><td><a href="i_o.html" class="tocviewlink" data-pltdoc="x">Input and Output</a></td></tr><tr><td align="right">9 </td><td><a href="regexp.html" class="tocviewlink" data-pltdoc="x">Regular Expressions</a></td></tr><tr><td align="right">10 </td><td><a href="control.html" class="tocviewlink" data-pltdoc="x">Exceptions and Control</a></td></tr><tr><td align="right">11 </td><td><a href="for.html" class="tocviewlink" data-pltdoc="x">Iterations and Comprehensions</a></td></tr><tr><td align="right">12 </td><td><a href="match.html" class="tocviewlink" data-pltdoc="x">Pattern Matching</a></td></tr><tr><td align="right">13 </td><td><a href="classes.html" class="tocviewlink" data-pltdoc="x">Classes and Objects</a></td></tr><tr><td align="right">14 </td><td><a href="units.html" class="tocviewlink" data-pltdoc="x">Units</a></td></tr><tr><td align="right">15 </td><td><a href="reflection.html" class="tocviewlink" data-pltdoc="x">Reflection and Dynamic Evaluation</a></td></tr><tr><td align="right">16 </td><td><a href="macros.html" class="tocviewselflink" data-pltdoc="x">Macros</a></td></tr><tr><td align="right">17 </td><td><a href="languages.html" class="tocviewlink" data-pltdoc="x">Creating Languages</a></td></tr><tr><td align="right">18 </td><td><a href="concurrency.html" class="tocviewlink" data-pltdoc="x">Concurrency and Synchronization</a></td></tr><tr><td align="right">19 </td><td><a href="performance.html" class="tocviewlink" data-pltdoc="x">Performance</a></td></tr><tr><td align="right">20 </td><td><a href="parallelism.html" class="tocviewlink" data-pltdoc="x">Parallelism</a></td></tr><tr><td align="right">21 </td><td><a href="running.html" class="tocviewlink" data-pltdoc="x">Running and Creating Executables</a></td></tr><tr><td align="right">22 </td><td><a href="More_Libraries.html" class="tocviewlink" data-pltdoc="x">More Libraries</a></td></tr><tr><td align="right">23 </td><td><a href="dialects.html" class="tocviewlink" data-pltdoc="x">Dialects of Racket and Scheme</a></td></tr><tr><td align="right">24 </td><td><a href="other-editors.html" class="tocviewlink" data-pltdoc="x">Command-<wbr></wbr>Line Tools and Your Editor of Choice</a></td></tr><tr><td align="right"></td><td><a href="doc-bibliography.html" class="tocviewlink" data-pltdoc="x">Bibliography</a></td></tr><tr><td align="right"></td><td><a href="doc-index.html" class="tocviewlink" data-pltdoc="x">Index</a></td></tr></table></div></div><div class="tocviewlist"><table cellspacing="0" cellpadding="0"><tr><td style="width: 1em;"><a href="javascript:void(0);" title="Expand/Collapse" class="tocviewtoggle" onclick="TocviewToggle(this,"tocview_1");">►</a></td><td>16 </td><td><a href="macros.html" class="tocviewlink" data-pltdoc="x">Macros</a></td></tr></table><div class="tocviewsublist" style="display: none;" id="tocview_1"><table cellspacing="0" cellpadding="0"><tr><td align="right">16.1 </td><td><a href="pattern-macros.html" class="tocviewlink" data-pltdoc="x">Pattern-<wbr></wbr>Based Macros</a></td></tr><tr><td align="right">16.2 </td><td><a href="proc-macros.html" class="tocviewselflink" data-pltdoc="x">General Macro Transformers</a></td></tr><tr><td align="right">16.3 </td><td><a href="macro-module.html" class="tocviewlink" data-pltdoc="x">Module Instantiations and Visits</a></td></tr></table></div></div><div class="tocviewlist"><table cellspacing="0" cellpadding="0"><tr><td style="width: 1em;"><a href="javascript:void(0);" title="Expand/Collapse" class="tocviewtoggle" onclick="TocviewToggle(this,"tocview_2");">▼</a></td><td>16.2 </td><td><a href="proc-macros.html" class="tocviewlink" data-pltdoc="x">General Macro Transformers</a></td></tr></table><div class="tocviewsublistbottom" style="display: block;" id="tocview_2"><table cellspacing="0" cellpadding="0"><tr><td align="right">16.2.1 </td><td><a href="stx-obj.html" class="tocviewlink" data-pltdoc="x">Syntax Objects</a></td></tr><tr><td align="right">16.2.2 </td><td><a href="macro-transformers.html" class="tocviewlink" data-pltdoc="x">Macro Transformer Procedures</a></td></tr><tr><td align="right">16.2.3 </td><td><a href="syntax-case.html" class="tocviewlink" data-pltdoc="x">Mixing Patterns and Expressions:<span class="mywbr"> </span> <span class="RktSym"><span class="RktStxLink">syntax-<wbr></wbr>case</span></span></a></td></tr><tr><td align="right">16.2.4 </td><td><a href="with-syntax.html" class="tocviewlink" data-pltdoc="x"><span class="RktSym"><span class="RktStxLink">with-<wbr></wbr>syntax</span></span> and <span class="RktSym"><span class="RktValLink">generate-<wbr></wbr>temporaries</span></span></a></td></tr><tr><td align="right">16.2.5 </td><td><a href="stx-phases.html" class="tocviewlink" data-pltdoc="x">Compile and Run-<wbr></wbr>Time Phases</a></td></tr><tr><td align="right">16.2.6 </td><td><a href="phases.html" class="tocviewlink" data-pltdoc="x">General Phase Levels</a></td></tr><tr><td align="right">16.2.7 </td><td><a href="stx-certs.html" class="tocviewselflink" data-pltdoc="x">Tainted Syntax</a></td></tr></table></div></div></div></div><div class="maincolumn"><div class="main"><div class="navsettop"><span class="navleft"><form class="searchform"><input class="searchbox" id="searchbox" type="text" tabindex="1" placeholder="...search manuals..." title="Enter a search string to search the manuals" onkeypress="return DoSearchKey(event, this, "8.6", "../");"/></form> <a href="https://docs.racket-lang.org/index.html" title="up to the documentation top" data-pltdoc="x" onclick="return GotoPLTRoot("8.6");">top</a><span class="tocsettoggle"> <a href="javascript:void(0);" title="show/hide table of contents" onclick="TocsetToggle();">contents</a></span></span><span class="navright"> <a href="phases.html" title="backward to "16.2.6 General Phase Levels"" data-pltdoc="x">← prev</a> <a href="proc-macros.html" title="up to "16.2 General Macro Transformers"" data-pltdoc="x">up</a> <a href="macro-module.html" title="forward to "16.3 Module Instantiations and Visits"" data-pltdoc="x">next →</a></span> </div><h5 x-source-module="(lib "scribblings/guide/guide.scrbl")" x-source-pkg="racket-doc" x-part-tag=""stx-certs"">16.2.7<tt> </tt><a name="(part._stx-certs)"></a>Tainted Syntax</h5><p>Modules often contain definitions that are meant only for use within
|
|
the same module and not exported with <span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=require.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fbase..rkt%2529._provide%2529%2529&version=8.6" class="RktStxLink Sq" data-pltdoc="x">provide</a></span>. Still, a use
|
|
of a macro defined in the module can expand into a reference of an
|
|
unexported identifier. In general, such an identifier must not be
|
|
extracted from the expanded expression and used in a different
|
|
context, because using the identifier in a different context may break
|
|
invariants of the macro’s module.</p><p>For example, the following module exports a macro <span class="RktSym">go</span> that
|
|
expands to a use of <span class="RktSym">unchecked-go</span>:</p><blockquote class="SCodeFlow"><blockquote class="Rfilebox"><p class="Rfiletitle"><span class="Rfilename"><span class="stt">"m.rkt"</span></span></p><blockquote class="Rfilecontent"><table cellspacing="0" cellpadding="0" class="RktBlk"><tr><td><a href="Module_Syntax.html#%28part._hash-lang%29" class="RktModLink" data-pltdoc="x"><span class="RktMod">#lang</span></a><span class="hspace"> </span><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=index.html&version=8.6" class="RktModLink Sq" data-pltdoc="x"><span class="RktSym">racket</span></a></td></tr><tr><td><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=require.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fbase..rkt%2529._provide%2529%2529&version=8.6" class="RktStxLink Sq" data-pltdoc="x">provide</a></span><span class="hspace"> </span><span class="RktSym">go</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace"> </span></td></tr><tr><td><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=define.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fbase..rkt%2529._define%2529%2529&version=8.6" class="RktStxLink Sq" data-pltdoc="x">define</a></span><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym">unchecked-go</span><span class="hspace"> </span><span class="RktSym">n</span><span class="hspace"> </span><span class="RktSym">x</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace"> </span><span class="RktCmt">;</span><span class="RktCmt"> </span><span class="RktCmt">to avoid disaster, </span><span class="RktSym">n</span><span class="RktCmt"> must be a number</span></td></tr><tr><td><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=generic-numbers.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._%252B%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">+</a></span><span class="hspace"> </span><span class="RktSym">n</span><span class="hspace"> </span><span class="RktVal">17</span><span class="RktPn">)</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace"> </span></td></tr><tr><td><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=define.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fbase..rkt%2529._define-syntax%2529%2529&version=8.6" class="RktStxLink Sq" data-pltdoc="x">define-syntax</a></span><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym">go</span><span class="hspace"> </span><span class="RktSym">stx</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=stx-patterns.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fstxcase-scheme..rkt%2529._syntax-case%2529%2529&version=8.6" class="RktStxLink Sq" data-pltdoc="x">syntax-case</a></span><span class="hspace"> </span><span class="RktSym">stx</span><span class="hspace"> </span><span class="RktPn">(</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace"> </span><span class="RktPn">[</span><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=stx-patterns.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fstxcase-scheme..rkt%2529.__%2529%2529&version=8.6" class="RktStxLink Sq" data-pltdoc="x">_</a></span><span class="hspace"> </span><span class="RktSym">x</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace"> </span><span class="RktRdr">#'</span><span class="RktPn">(</span><span class="RktSym">unchecked-go</span><span class="hspace"> </span><span class="RktVal">8</span><span class="hspace"> </span><span class="RktSym">x</span><span class="RktPn">)</span><span class="RktPn">]</span><span class="RktPn">)</span><span class="RktPn">)</span></td></tr></table></blockquote></blockquote></blockquote><p>If the reference to <span class="RktSym">unchecked-go</span> is extracted from the
|
|
expansion of <span class="RktPn">(</span><span class="RktSym">go</span><span class="stt"> </span><span class="RktVal">'</span><span class="RktVal">a</span><span class="RktPn">)</span>, then it might be inserted into a new
|
|
expression, <span class="RktPn">(</span><span class="RktSym">unchecked-go</span><span class="stt"> </span><span class="RktVal">#f</span><span class="stt"> </span><span class="RktVal">'</span><span class="RktVal">a</span><span class="RktPn">)</span>, leading to disaster. The
|
|
<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=stxops.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._datum-%7E3esyntax%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">datum->syntax</a></span> procedure can be used similarly to construct
|
|
references to an unexported identifier, even when no macro expansion
|
|
includes a reference to the identifier.</p><p>Ultimately, protection of a module’s private bindings depends on
|
|
changing the current <a href="code-inspectors_protect.html#%28tech._code._inspector%29" class="techoutside" data-pltdoc="x"><span class="techinside">code inspector</span></a> by setting the
|
|
<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=modprotect.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._current-code-inspector%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">current-code-inspector</a></span> parameter. <span class="refelem"><span class="refcolumn"><span class="refcontent">See also
|
|
<a href="code-inspectors_protect.html" data-pltdoc="x">Code Inspectors for Trusted and Untrusted Code</a>.</span></span></span> That’s because a code inspector
|
|
controls access to a module’s internal state through functions like
|
|
<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=Namespaces.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._module-%7E3enamespace%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">module->namespace</a></span>. The current code inspector also gates
|
|
access to the <a href="protect-out.html#%28tech._protected%29" class="techoutside" data-pltdoc="x"><span class="techinside">protected</span></a> exports of unsafe modules like
|
|
<a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=unsafe.html&version=8.6" class="RktModLink Sq" data-pltdoc="x"><span class="RktSym">racket/unsafe/ops</span></a>.</p><p>Since the result of macro expansion can be abused to gain access to
|
|
protected bindings, macro functions like <span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=stxtrans.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._local-expand%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">local-expand</a></span> are
|
|
also <a href="protect-out.html#%28tech._protected%29" class="techoutside" data-pltdoc="x"><span class="techinside">protected</span></a>: references to <span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=stxtrans.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._local-expand%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">local-expand</a></span> and similar
|
|
are allowed only within modules that are declared while the original
|
|
code inspector is the current code inspector. Functions like
|
|
<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=Expanding_Top-Level_Forms.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._expand%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">expand</a></span>, which are not used to implement macros but are used
|
|
to inspect the result of macro expansion, are protected in a different
|
|
way: the expansion result is <a name="(tech._tainted)"></a><span style="font-style: italic">tainted</span> so that it cannot be
|
|
compiled or expanded again. More precisely, functions like
|
|
<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=Expanding_Top-Level_Forms.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._expand%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">expand</a></span> accept an optional inspector argument that determines
|
|
whether the result is tainted, but the default value of the argument
|
|
is <span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=modprotect.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._current-code-inspector%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">current-code-inspector</a></span><span class="RktPn">)</span>.</p><blockquote class="refpara"><blockquote class="refcolumn"><blockquote class="refcontent"><p>In previous versions of Racket, a macro was responsible
|
|
for protecting expansion using <span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=stxcerts.html%23%2528def._%2528%2528lib._racket%252Fprivate%252Fstxcase-scheme..rkt%2529._syntax-protect%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">syntax-protect</a></span>. The use of
|
|
<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=stxcerts.html%23%2528def._%2528%2528lib._racket%252Fprivate%252Fstxcase-scheme..rkt%2529._syntax-protect%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">syntax-protect</a></span> is no longer required or recommended.</p></blockquote></blockquote></blockquote><div class="navsetbottom"><span class="navleft"><form class="searchform"><input class="searchbox" id="searchbox" type="text" tabindex="1" placeholder="...search manuals..." title="Enter a search string to search the manuals" onkeypress="return DoSearchKey(event, this, "8.6", "../");"/></form> <a href="https://docs.racket-lang.org/index.html" title="up to the documentation top" data-pltdoc="x" onclick="return GotoPLTRoot("8.6");">top</a><span class="tocsettoggle"> <a href="javascript:void(0);" title="show/hide table of contents" onclick="TocsetToggle();">contents</a></span></span><span class="navright"> <a href="phases.html" title="backward to "16.2.6 General Phase Levels"" data-pltdoc="x">← prev</a> <a href="proc-macros.html" title="up to "16.2 General Macro Transformers"" data-pltdoc="x">up</a> <a href="macro-module.html" title="forward to "16.3 Module Instantiations and Visits"" data-pltdoc="x">next →</a></span> </div></div></div><div id="contextindicator"> </div></body></html> |