jkominek/locked-boxes.rkt

## locked-boxes.rkt
#lang racket

; idea: use inspectors & parameters to protect values so they
;       can't be used outside of approved dynamic extents.
;       probably not fully baked? (continuations, etc)

; (define-values (b lock) (locked-box important-v key))
; (parameterize ([lock key])
;   ; in here b can be used
;   (less-trusted-code b))
;   ; now b can no longer be used, even if less-trusted-code kept a copy

(define-values (lockable-inspector-prop thing1 thing2)
  (make-impersonator-property 'thing?))

(define (locked-box v key #:lock [lock (make-parameter #f)])
  (values
   (chaperone-box (box v)
                  (lambda (b v)
                    (if (eq? (lock) key)
                        v
                        (error "you don't have the key!")))
                  (lambda (b v)
                    (if (eq? (lock) key)
                        v
                        (error "you don't have the key!")))
                  lockable-inspector-prop
                  (void))
   lock 'lock-parameter))

(define secret (gensym))

(define-values (b lock) (locked-box 'secretsquirrel secret))

; fail (caught)
(with-handlers ([values (lambda (e) (exn-message e))])
  (unbox b))

; ok
(parameterize ([lock secret])
  (unbox b))

; fail on print (uncaught)
(parameterize ([lock secret])
  b)
	#lang racket

	; idea: use inspectors & parameters to protect values so they
	; can't be used outside of approved dynamic extents.
	; probably not fully baked? (continuations, etc)

	; (define-values (b lock) (locked-box important-v key))
	; (parameterize ([lock key])
	; ; in here b can be used
	; (less-trusted-code b))
	; ; now b can no longer be used, even if less-trusted-code kept a copy

	(define-values (lockable-inspector-prop thing1 thing2)
	(make-impersonator-property 'thing?))

	(define (locked-box v key #:lock [lock (make-parameter #f)])
	(values
	(chaperone-box (box v)
	(lambda (b v)
	(if (eq? (lock) key)
	v
	(error "you don't have the key!")))
	(lambda (b v)
	(if (eq? (lock) key)
	v
	(error "you don't have the key!")))
	lockable-inspector-prop
	(void))
	lock 'lock-parameter))

	(define secret (gensym))

	(define-values (b lock) (locked-box 'secretsquirrel secret))

	; fail (caught)
	(with-handlers ([values (lambda (e) (exn-message e))])
	(unbox b))

	; ok
	(parameterize ([lock secret])
	(unbox b))

	; fail on print (uncaught)
	(parameterize ([lock secret])
	b)