[Python-Dev] Sandboxed Threads in Python

Josiah Carlson jcarlson at uci.edu
Sat Oct 8 20:03:31 CEST 2005

Adam Olsen <rhamph at gmail.com> wrote:
> On 10/7/05, Josiah Carlson <jcarlson at uci.edu> wrote:
> > Adam Olsen <rhamph at gmail.com> wrote:
> > > I need to stress that *only* the new, immutable and "thread-safe
> > > mark-and-sweep" types would be affected by these changes.  Everything
> > > else would continue to exist as it did before, and the benchmark
> > > exists to show they can coexist without killing performance.
> >
> > All the benchmark showed was that checking for a constant in the
> > refcount during in/decrefing, and not garbage collecting those objects,
> > didn't adversely affect performance.
> >
> > As an aside, there's also the ugly bit about being able to guarantee
> > that an object is immutable.  I personally mutate Python strings in my C
> > code all the time (long story, not to be discussed here), and if I can
> > do it now, then any malicious or "inventive" person can do the same in
> > this "sandboxed thread" Python "of the future".
> Malicious use is hardly a serious concern.  Someone using C code could
> just as well crash the interpreter.

Your malicious user is my inventive colleague.  Here's one: performing
zero-copy inter-thread IPC by modifying shared immutables. Attempting to
enforce a policy of "don't do that, it's not supported" is not going to
be effective, especially when doing unsupported things increase speed.

People have known for decades that having anything run in kernel space
beyond the kernel is dangerous, but they still do because it is faster.

I can (but won't) point out examples for days of bad decisions made for
the sake of speed, or policy that has been ignored for the sake of speed
(some of these overlap and some don't).

> Modifying a python string you just created before you expose it to
> python code should be fine.  If that's not what you're doing.. I'm not
> sure I want to know *wink*

You really don't want to know.

> Maybe.. I'm not convinced.  There's a lot of payback IMO.

You've not convinced me either.  Good luck in getting a group together
to make it happen.

 - Josiah

More information about the Python-Dev mailing list