(Defining Functions): Explain about redefining primitives.

(Function Safety): Renamed. Minor changes. Comment out the detailed criteria for what is safe.
author: Richard M. Stallman 2003-06-30 10:40:27 +0000
committer: Richard M. Stallman 2003-06-30 10:40:27 +0000
commit: a68defffdafbe7e61b8db90d534c04e147b14f91 (patch)
tree: 7c883e0c494bfaabe41bffeb831fa7eca14ac9a0
parent: 6a4803ec738ba800eab12bf776c38f1b5345c2d7 (diff)
download: emacs-a68defffdafbe7e61b8db90d534c04e147b14f91.tar.gz
emacs-a68defffdafbe7e61b8db90d534c04e147b14f91.zip
1 files changed, 48 insertions, 41 deletions
diff --git a/lispref/functions.texi b/lispref/functions.texi
index 576ad51b006..9ffb6561b23 100644
--- a/lispref/functions.texi
+++ b/lispref/functions.texi
@@ -22,7 +22,7 @@ define them.
 * Function Cells::        Accessing or setting the function definition
                            of a symbol.
 * Inline Functions::      Defining functions that the compiler will open code.
-* Function safety::       Determining whether a function is safe to call.
+* Function Safety::       Determining whether a function is safe to call.
 * Related Topics::        Cross-references to specific Lisp primitives
                            that have a special bearing on how functions work.
 @end menu
@@ -57,10 +57,10 @@ such as @code{car} or @code{append}.  These functions are also called
 considered primitives.)
 Usually the reason we implement a function as a primitive is either
-because it is fundamental, because it provides a low-level interface to
+because it is fundamental, because it provides a low-level interface
-operating system services, or because it needs to run fast.  Primitives
+to operating system services, or because it needs to run fast.
-can be modified or added only by changing the C sources and recompiling
+Primitives can be modified or added only by changing the C sources and
-the editor.  See @ref{Writing Emacs Primitives}.
+recompiling the editor.  See @ref{Writing Emacs Primitives}.
 @item lambda expression
 A @dfn{lambda expression} is a function written in Lisp.
@@ -573,6 +573,17 @@ purposes, it is better to use @code{fset}, which does not keep such
 records.
 @end defun
+  You cannot create a new primitive function with @code{defun} or
+@code{defalias}, but you use them to change the function definition of
+any symbol, even one such as @code{car} or @code{x-popup-menu} whose
+normal definition is a primitive.  However, this is risky: for
+instance, it is next to impossible to redefine @code{car} without
+breaking Lisp completely.  Redefining an obscure function such as
+@code{x-popup-menu} is less dangerous, but it still may not work as
+you expect.  If there are calls to the primitive from C code, they
+call the primitive's C definition directly, so changing the symbol's
+definition will have no effect on them.
  See also @code{defsubst}, which defines a function like @code{defun}
 and tells the Lisp compiler to open-code it.  @xref{Inline Functions}.
@@ -1158,27 +1169,21 @@ do for macros.  (@xref{Argument Evaluation}.)
 Inline functions can be used and open-coded later on in the same file,
 following the definition, just like macros.
-@node Function safety
+@node Function Safety
 @section Determining whether a function is safe to call
 @cindex function safety
 @cindex safety of functions
-@cindex virus detection
-@cindex Trojan-horse detection
+Some major modes such as SES (@pxref{Top,,,ses}) call functions that
-@cindex DDoS attacks
+are stored in user files.  User files sometimes have poor
+pedigrees---you can get a spreadsheet from someone you've just met, or
-Some major modes such as SES (see @pxref{Top,,,ses}) will call
+you can get one through email from someone you've never met.  So it is
-functions that are stored in user files.  User files sometimes have
+risky to call a function whose source code is stored in a user file
-poor pedigrees---you can get a spreadsheet from someone you've just
+until you have determined that it is safe.
-met, or you can get one through email from someone you've never met.
-Such files can contain viruses and other Trojan horses that could
-corrupt your operating system environment, delete your files, or even
-turn your computer into a DDoS zombie!  To avoid this terrible fate,
-you should not call a function whose source code is stored in a user
-file until you have determined that it is safe.
 @defun unsafep form &optional unsafep-vars
-Returns nil if @var{form} is a @dfn{safe} lisp expression, or returns
+Returns @code{nil} if @var{form} is a @dfn{safe} lisp expression, or
-a list that describes why it might be unsafe.  The argument
+returns a list that describes why it might be unsafe.  The argument
 @var{unsafep-vars} is a list of symbols known to have temporary
 bindings at this point; it is mainly used for internal recursive
 calls.  The current buffer is an implicit argument, which provides a
@@ -1187,14 +1192,15 @@ list of buffer-local bindings.
 Being quick and simple, @code{unsafep} does a very light analysis and
 rejects many Lisp expressions that are actually safe.  There are no
-known cases where @code{unsafep} returns nil for an unsafe expression.
+known cases where @code{unsafep} returns @code{nil} for an unsafe
-However, a ``safe'' Lisp expression can return a string with a
+expression.  However, a ``safe'' Lisp expression can return a string
-@code{display} property, containing an associated Lisp expression to
+with a @code{display} property, containing an associated Lisp
-be executed after the string is inserted into a buffer.  This
+expression to be executed after the string is inserted into a buffer.
-associated expression can be a virus.  In order to be safe, you must
+This associated expression can be a virus.  In order to be safe, you
-delete properties from all strings calculated by user code before
+must delete properties from all strings calculated by user code before
 inserting them into buffers.
+@ignore
 What is a safe Lisp expression?  Basically, it's an expression that
 calls only built-in functions with no side effects (or only innocuous
 ones).  Innocuous side effects include displaying messages and
@@ -1209,16 +1215,20 @@ An atom or quoted thing.
 A call to a safe function (see below), if all its arguments are
 safe expressions.
 @item
-One of the special forms [and, catch, cond, if, or, prog1, prog2,
+One of the special forms @code{and}, @code{catch}, @code{cond},
-progn, while, unwind-protect], if all its arguments are safe.
+@code{if}, @code{or}, @code{prog1}, @code{prog2}, @code{progn},
+@code{while}, and @code{unwind-protect}], if all its arguments are
+safe.
 @item
-A form that creates temporary bindings [condition-case, dolist,
+A form that creates temporary bindings (@code{condition-case},
-dotimes, lambda, let, let*], if all args are safe and the symbols to
+@code{dolist}, @code{dotimes}, @code{lambda}, @code{let}, or
-be bound are not explicitly risky (see @pxref{File Local Variables}).
+@code{let*}), if all args are safe and the symbols to be bound are not
+explicitly risky (see @pxref{File Local Variables}).
 @item
-An assignment [add-to-list, setq, push, pop], if all args are safe and
+An assignment using @code{add-to-list}, @code{setq}, @code{push}, or
-the symbols to be assigned are not explicitly risky and they already
+@code{pop}, if all args are safe and the symbols to be assigned are
-have temporary or buffer-local bindings.
+not explicitly risky and they already have temporary or buffer-local
+bindings.
 @item
 One of [apply, mapc, mapcar, mapconcat] if the first argument is a
 safe explicit lambda and the other args are safe expressions.
@@ -1231,9 +1241,9 @@ A lambda containing safe expressions.
 @item
 A symbol on the list @code{safe-functions}, so the user says it's safe.
 @item
-A symbol with a non-nil @code{side-effect-free} property.
+A symbol with a non-@code{nil} @code{side-effect-free} property.
 @item
-A symbol with a non-nil @code{safe-function} property.  Value t
+A symbol with a non-@code{nil} @code{safe-function} property.  Value t
 indicates a function that is safe but has innocuous side effects.
 Other values will someday indicate functions with classes of side
 effects that are not always safe.
@@ -1243,11 +1253,8 @@ The @code{side-effect-free} and @code{safe-function} properties are
 provided for built-in functions and for low-level functions and macros
 defined in @file{subr.el}.  You can assign these properties for the
 functions you write.
 @end table
+@end ignore
-@c Emacs versions prior to 19 did not have inline functions.
 @node Related Topics
 @section Other Topics Related to Functions
author	Richard M. Stallman	2003-06-30 10:40:27 +0000
committer	Richard M. Stallman	2003-06-30 10:40:27 +0000
commit	a68defffdafbe7e61b8db90d534c04e147b14f91 (patch)
tree	7c883e0c494bfaabe41bffeb831fa7eca14ac9a0
parent	6a4803ec738ba800eab12bf776c38f1b5345c2d7 (diff)
download	emacs-a68defffdafbe7e61b8db90d534c04e147b14f91.tar.gz emacs-a68defffdafbe7e61b8db90d534c04e147b14f91.zip

diff --git a/lispref/functions.texi b/lispref/functions.texi index 576ad51b006..9ffb6561b23 100644 --- a/lispref/functions.texi +++ b/lispref/functions.texi
@@ -22,7 +22,7 @@ define them.
22	* Function Cells:: Accessing or setting the function definition	22	* Function Cells:: Accessing or setting the function definition
23	of a symbol.	23	of a symbol.
24	* Inline Functions:: Defining functions that the compiler will open code.	24	* Inline Functions:: Defining functions that the compiler will open code.
25	* Function safety:: Determining whether a function is safe to call.	25	* Function Safety:: Determining whether a function is safe to call.
26	* Related Topics:: Cross-references to specific Lisp primitives	26	* Related Topics:: Cross-references to specific Lisp primitives
27	that have a special bearing on how functions work.	27	that have a special bearing on how functions work.
28	@end menu	28	@end menu
@@ -57,10 +57,10 @@ such as @code{car} or @code{append}. These functions are also called
57	considered primitives.)	57	considered primitives.)
58		58
59	Usually the reason we implement a function as a primitive is either	59	Usually the reason we implement a function as a primitive is either
60	because it is fundamental, because it provides a low-level interface to	60	because it is fundamental, because it provides a low-level interface
61	operating system services, or because it needs to run fast. Primitives	61	to operating system services, or because it needs to run fast.
62	can be modified or added only by changing the C sources and recompiling	62	Primitives can be modified or added only by changing the C sources and
63	the editor. See @ref{Writing Emacs Primitives}.	63	recompiling the editor. See @ref{Writing Emacs Primitives}.
64		64
65	@item lambda expression	65	@item lambda expression
66	A @dfn{lambda expression} is a function written in Lisp.	66	A @dfn{lambda expression} is a function written in Lisp.
@@ -573,6 +573,17 @@ purposes, it is better to use @code{fset}, which does not keep such
573	records.	573	records.
574	@end defun	574	@end defun
575		575
		576	You cannot create a new primitive function with @code{defun} or
		577	@code{defalias}, but you use them to change the function definition of
		578	any symbol, even one such as @code{car} or @code{x-popup-menu} whose
		579	normal definition is a primitive. However, this is risky: for
		580	instance, it is next to impossible to redefine @code{car} without
		581	breaking Lisp completely. Redefining an obscure function such as
		582	@code{x-popup-menu} is less dangerous, but it still may not work as
		583	you expect. If there are calls to the primitive from C code, they
		584	call the primitive's C definition directly, so changing the symbol's
		585	definition will have no effect on them.
		586
576	See also @code{defsubst}, which defines a function like @code{defun}	587	See also @code{defsubst}, which defines a function like @code{defun}
577	and tells the Lisp compiler to open-code it. @xref{Inline Functions}.	588	and tells the Lisp compiler to open-code it. @xref{Inline Functions}.
578		589
@@ -1158,27 +1169,21 @@ do for macros. (@xref{Argument Evaluation}.)
1158	Inline functions can be used and open-coded later on in the same file,	1169	Inline functions can be used and open-coded later on in the same file,
1159	following the definition, just like macros.	1170	following the definition, just like macros.
1160		1171
1161	@node Function safety	1172	@node Function Safety
1162	@section Determining whether a function is safe to call	1173	@section Determining whether a function is safe to call
1163	@cindex function safety	1174	@cindex function safety
1164	@cindex safety of functions	1175	@cindex safety of functions
1165	@cindex virus detection	1176
1166	@cindex Trojan-horse detection	1177	Some major modes such as SES (@pxref{Top,,,ses}) call functions that
1167	@cindex DDoS attacks	1178	are stored in user files. User files sometimes have poor
1168		1179	pedigrees---you can get a spreadsheet from someone you've just met, or
1169	Some major modes such as SES (see @pxref{Top,,,ses}) will call	1180	you can get one through email from someone you've never met. So it is
1170	functions that are stored in user files. User files sometimes have	1181	risky to call a function whose source code is stored in a user file
1171	poor pedigrees---you can get a spreadsheet from someone you've just	1182	until you have determined that it is safe.
1172	met, or you can get one through email from someone you've never met.
1173	Such files can contain viruses and other Trojan horses that could
1174	corrupt your operating system environment, delete your files, or even
1175	turn your computer into a DDoS zombie! To avoid this terrible fate,
1176	you should not call a function whose source code is stored in a user
1177	file until you have determined that it is safe.
1178		1183
1179	@defun unsafep form &optional unsafep-vars	1184	@defun unsafep form &optional unsafep-vars
1180	Returns nil if @var{form} is a @dfn{safe} lisp expression, or returns	1185	Returns @code{nil} if @var{form} is a @dfn{safe} lisp expression, or
1181	a list that describes why it might be unsafe. The argument	1186	returns a list that describes why it might be unsafe. The argument
1182	@var{unsafep-vars} is a list of symbols known to have temporary	1187	@var{unsafep-vars} is a list of symbols known to have temporary
1183	bindings at this point; it is mainly used for internal recursive	1188	bindings at this point; it is mainly used for internal recursive
1184	calls. The current buffer is an implicit argument, which provides a	1189	calls. The current buffer is an implicit argument, which provides a
@@ -1187,14 +1192,15 @@ list of buffer-local bindings.
1187		1192
1188	Being quick and simple, @code{unsafep} does a very light analysis and	1193	Being quick and simple, @code{unsafep} does a very light analysis and
1189	rejects many Lisp expressions that are actually safe. There are no	1194	rejects many Lisp expressions that are actually safe. There are no
1190	known cases where @code{unsafep} returns nil for an unsafe expression.	1195	known cases where @code{unsafep} returns @code{nil} for an unsafe
1191	However, a ``safe'' Lisp expression can return a string with a	1196	expression. However, a ``safe'' Lisp expression can return a string
1192	@code{display} property, containing an associated Lisp expression to	1197	with a @code{display} property, containing an associated Lisp
1193	be executed after the string is inserted into a buffer. This	1198	expression to be executed after the string is inserted into a buffer.
1194	associated expression can be a virus. In order to be safe, you must	1199	This associated expression can be a virus. In order to be safe, you
1195	delete properties from all strings calculated by user code before	1200	must delete properties from all strings calculated by user code before
1196	inserting them into buffers.	1201	inserting them into buffers.
1197		1202
		1203	@ignore
1198	What is a safe Lisp expression? Basically, it's an expression that	1204	What is a safe Lisp expression? Basically, it's an expression that
1199	calls only built-in functions with no side effects (or only innocuous	1205	calls only built-in functions with no side effects (or only innocuous
1200	ones). Innocuous side effects include displaying messages and	1206	ones). Innocuous side effects include displaying messages and
@@ -1209,16 +1215,20 @@ An atom or quoted thing.
1209	A call to a safe function (see below), if all its arguments are	1215	A call to a safe function (see below), if all its arguments are
1210	safe expressions.	1216	safe expressions.
1211	@item	1217	@item
1212	One of the special forms [and, catch, cond, if, or, prog1, prog2,	1218	One of the special forms @code{and}, @code{catch}, @code{cond},
1213	progn, while, unwind-protect], if all its arguments are safe.	1219	@code{if}, @code{or}, @code{prog1}, @code{prog2}, @code{progn},
		1220	@code{while}, and @code{unwind-protect}], if all its arguments are
		1221	safe.
1214	@item	1222	@item
1215	A form that creates temporary bindings [condition-case, dolist,	1223	A form that creates temporary bindings (@code{condition-case},
1216	dotimes, lambda, let, let*], if all args are safe and the symbols to	1224	@code{dolist}, @code{dotimes}, @code{lambda}, @code{let}, or
1217	be bound are not explicitly risky (see @pxref{File Local Variables}).	1225	@code{let*}), if all args are safe and the symbols to be bound are not
		1226	explicitly risky (see @pxref{File Local Variables}).
1218	@item	1227	@item
1219	An assignment [add-to-list, setq, push, pop], if all args are safe and	1228	An assignment using @code{add-to-list}, @code{setq}, @code{push}, or
1220	the symbols to be assigned are not explicitly risky and they already	1229	@code{pop}, if all args are safe and the symbols to be assigned are
1221	have temporary or buffer-local bindings.	1230	not explicitly risky and they already have temporary or buffer-local
		1231	bindings.
1222	@item	1232	@item
1223	One of [apply, mapc, mapcar, mapconcat] if the first argument is a	1233	One of [apply, mapc, mapcar, mapconcat] if the first argument is a
1224	safe explicit lambda and the other args are safe expressions.	1234	safe explicit lambda and the other args are safe expressions.
@@ -1231,9 +1241,9 @@ A lambda containing safe expressions.
1231	@item	1241	@item
1232	A symbol on the list @code{safe-functions}, so the user says it's safe.	1242	A symbol on the list @code{safe-functions}, so the user says it's safe.
1233	@item	1243	@item
1234	A symbol with a non-nil @code{side-effect-free} property.	1244	A symbol with a non-@code{nil} @code{side-effect-free} property.
1235	@item	1245	@item
1236	A symbol with a non-nil @code{safe-function} property. Value t	1246	A symbol with a non-@code{nil} @code{safe-function} property. Value t
1237	indicates a function that is safe but has innocuous side effects.	1247	indicates a function that is safe but has innocuous side effects.
1238	Other values will someday indicate functions with classes of side	1248	Other values will someday indicate functions with classes of side
1239	effects that are not always safe.	1249	effects that are not always safe.
@@ -1243,11 +1253,8 @@ The @code{side-effect-free} and @code{safe-function} properties are
1243	provided for built-in functions and for low-level functions and macros	1253	provided for built-in functions and for low-level functions and macros
1244	defined in @file{subr.el}. You can assign these properties for the	1254	defined in @file{subr.el}. You can assign these properties for the
1245	functions you write.	1255	functions you write.
1246
1247	@end table	1256	@end table
1248		1257	@end ignore
1249
1250	@c Emacs versions prior to 19 did not have inline functions.
1251		1258
1252	@node Related Topics	1259	@node Related Topics
1253	@section Other Topics Related to Functions	1260	@section Other Topics Related to Functions