Untrusted environment: Difference between revisions

The operator takes two arguments and derives a function, which specifies which kind of foreign interface you want. For example, <tt>1'''!:'''1</tt> is the specific function to read a file, and <tt>1'''!:'''2</tt> is the function to write one (as in <tt>1'''!:'''1 'filename'</tt> and <tt>some_data 1'''!:'''2 'filename'</tt>, respectively). The foreign function <tt>15'''!:'''0</tt> allows the J programmer to call a shared library (dll, so, dylib, etc), <tt>2'''!:'''5</tt> reads environment variables (e.g. <tt>2'''!:'''5'PATH'</tt>), and <tt>2'''!:'''55</tt> will terminate the program (quit, die: the mnemonic is that <tt>255</tt> is the "last" value of a byte, and <tt>2'''!:'''55</tt> is the "last" thing you want to do in a J program). There are many more, grouped into families (the first argument to <tt>'''!:'''</tt> specifies which family you want, e.g. <tt>''1'''''!:'''n</tt> is the ''file'' family, and <tt>1'''!:'''''1''</tt> is to ''read'' a file, specifically).

But the key thing is that this one operator, <tt>'''!:'''</tt>, controls ''all'' the dangerous stuff, so if we want to prevent dangerous stuff, we only have to put guards in one place. And, in fact, we have "foreign controls": foreign functions which themselves control which foreign functions are allowed. In other words, there's only one "door" to J, and we can lock it.