World: r3wp

I understand you otherwise, if runtime doesn't allow 100% safe execution 
then this is the only way, I am just saying it would be cool if it 
would allow it

Well, in R3 we don't have pointers or pointer arithmetic, you can't 
just reference arbitrary memory, all data has to be either literal 
or returned from a function. Words aren't bound by default, they 
are bound by the LOAD and DO mezzanine code, which can easily be 
replaced for your sandboxed code. The code can run in an isolated 
module with careful control of its imports.

I'd like users to construct their own sql as well and send it to 
the server ... but I don't

If I new enough about sql .. I could scan their query and check for 
safety

new = knew

We also have execution limits in R3 (which will be improved). There 
are no such limits in R2, so your sandboxed dialect would need to 
be staticly determinable if you want to avoid endless loops.

There's a web demo of R3 ... .

I think he checks for execution time before killing endless loops 
...

A sandboxed dialect in R2 would be slower because of the overloaded 
ordinals.

sql can't redefine itself so you could with analysis somewhat surelly 
test if select is really just select, but there are some border cases 
with string escaping specific to certain databases that's why it's 
really hard to prevent sql injections manually (or so they say)

You would have to replace them with mezzanine code.

BrianH: yes, I saw that .. that is very nice also in such cases

2.7.7 would be easier to sandbox since R2/Forward did half the work.

Maybe something related .. why google is using Lua : 

http://google-opensource.blogspot.com/2010/01/love-for-luajit.html
http://article.gmane.org/gmane.comp.lang.lua.general/62321

>>Our Lua usage isn't too widespread at the moment; it's really one
infrastructure project in particular that uses Lua to allow

user-defined functions to run within a tightly controlled container.

Lua was the best choice, because of its low overhead, fast execution,
and the ability to set limits on execution time.<<

hm.. basically I see now where my inspiration came from to finally 
started nagging about this today :))

Lua was designed as an extension language, not a general-purpose 
language.

basically they mention exactly what we are talking about now. also 
about what you mention "execution limits"

yes, I know.. but those abilities only make it stronger not weaker 
at the end (it also has some form of sandboxing it seems):
http://lua-users.org/wiki/SandBoxes

the fact that R3 will be embeddable inside c apps is a HUGE plus 
in my view too

They make it stronger at a different field of endeavor. We can borrow 
ideas from Lua for those occasions where we are performing Lua-like 
tasks, especially to make extension language dialects.

I embedded lua and nekovm when I was working at some game to make 
levels scriptable instead of data driven. It was really nice way 
to make games, and if I could I would much rather use rebol. rebol 
is the data and dialect language which is main point of embedding 
dynamic languages in the first place

And these embedded dialects could even resemble a subset of the DO 
dialect.

I really like lua, I would most probably be using it if it weren't 
for rebol which still have even more reasons to use it

cool

BrianH: while I have you here :)) .. is there any chance to have 
a curry word in rebol 


>> format-money "$" 10000 "" "," "." ; args are: before number after 
1000-separator dec-separator
>> format-money "$" 4500 "" "," "." 

>> my-format: curry format-money [ "$" _ "" "," "." ]
>> my-format 10000
>> my-format 4500

maybe I will try to hack it in R2 some day.. but it probably won't 
be very effective

Try using APPLY in a generated wrapper function.

I will thanks

It will be a little tricky if you want to support get-word and lit-word 
parameters. It might be at the same scale as APPLY in R2. See the 
source of APPLY for details.

In any case it would be a *lot* slower than making wrapper functions.

aha, then it's maybe not that usefull.. I have wrapper function right 
now for this case... basically I have a closure money-format-maker

Take a look at the new functions in 2.7.7, particularly APPLY and 
CLOSURE.

I'm still hoping to make an IT function in R3 though :)

I will :) .. what is IT ? like the last thing on stack maybe?

REBOL doesn't use a stack machine. IT was a proposal for a function 
to return the result of the conditional expression of the nearest 
enclosing conditional function, basically IF or UNLESS. If we can 
add CASE support too that would be amazing, but it's unlikely without 
IF being native. As it is a mezzanine IF function would need debug 
privileges.

a mezzanine IF function -> a mezzanine IT function

What about a "pipe" operator (as in F#), such that you can write 
something like:
read/lines %files | remove-each x [10 > length? x] | sort 

Would be simplier to read than:
sort remove-each x read %file [10> length? x]


Basically the pipe gives the parameter to the following function 
that is of the same type of the function that precede it.
BTW I think that this could be done with a dialect

REMOVE-EACH has 3 parameters.

To know which parameter to pass along you'd need a dialect with a 
list of supported functions in its code.

yes, the second parameter is given by the pipe

but you can see the type of the parameter

And how would the pipe know to send to the second parameter, when 
the first and third also allow block parameters? REMOVE-EACH is just 
another function - the meaning of its parameters is specific to that 
function.

isn't the first parameter of remove-each a word ?

There's a lot of tricks that you can do with compiled languages with 
fixed function definitions that you can't do as easily in REBOL without 
whole program analysis.

>> spec-of :remove-each
== [

    {Removes values for each block that returns true. Returns remove 
    count. (Modifies)}

    'word [word! block!] "Word or block of words to set each time (local)"
    data [series!] "The series to traverse"
    body [block!] "Block to evaluate (return TRUE to remove)"
]

ops, wrong example ;-)

It just happens that that function value is assigned to that word. 
With the next call of the piped code it might be a different function.

hehe, this is exactly where curry would be needed :))

read/lines %files | curry remove-each [ x _ [10 > length? x] ] | 
sort

for functions that take just one example you can make it yourself 
pretty simpy.. I made it last week for processing tome fixed width 
data file ..

People say "do it in a dialect" like those come for free. There's 
dialect processing overhead, issues of when the arguments are processed, 
decisions about whether there are keywords or not. To get an idea 
about the real overhead of doing it in a dialect, look at the source 
of APPLY or MAP-EACH in R2. Both are compiled dialects.