Sandbox

← Reference
Io

C implementation of Sandbox — a wrapper that lazily spins up an entire nested IoState and runs strings of Io code inside it. The inner IoState is stored in the IoObject's data pointer (see DATA(self)) and created lazily by IoSandbox_boxState so empty Sandbox clones stay cheap. Quota-style protection (messageCountLimit, timeLimit) is enforced by the inner IoState's evaluator, not by this module; setters here just poke those fields. Output from code run in the sandbox is intercepted via IoState_printCallback_ and re-sent as a printCallback message back to the outer VM, so the host can decide what to do with sandboxed stdout.

IoSandbox_addPrintCallback(self)

Sets up the inner IoState's print callback to route writes into IoSandbox_printCallback, which forwards them back to the outer VM as an Io-level printCallback message. Called from boxState so every lazily-created inner state has I/O redirection wired up.

IoSandbox_boxState(self)

Returns the inner IoState, creating it lazily on first access via IoState_new() and wiring up the print callback. Called by every quota setter, getter, and doSandboxString, so this is where the nested VM really comes into existence.

IoSandbox_free(self)

Registered as the tag's freeFunc. Tears down the inner IoState (via IoState_free, which recursively frees every object in the nested VM) if one was ever created; otherwise does nothing.

IoSandbox_new(state)

Convenience constructor: look up the Sandbox proto and clone it. The inner IoState is still not materialized until first use.

IoSandbox_newTag(state)

Builds the Sandbox tag with clone and free function pointers. No markFunc is registered — the inner IoState owns its own GC and is not walked by the outer collector.

IoSandbox_printCallback(voidSelf, ba)

Bridge from inner-VM print output to the outer VM. Copies the bytes into a fresh IoSeq, builds a `printCallback(buffer)` message, and performs it on the Sandbox object in the outer state's lobby scope — letting Io code override printCallback to capture sandboxed output.

IoSandbox_proto(state)

Creates the Sandbox proto: no inner IoState yet (data pointer stays NULL until first use). Installs the quota / evaluation method table and registers the proto on the outer state.

IoSandbox_rawClone(proto)

Registered as the tag's cloneFunc. Does not duplicate the inner IoState — the clone starts fresh and will get its own IoState on first boxState() call. Cheap to clone even when the proto has a fully populated inner VM.