13.10 Code Inspectors
In the same way that inspectors control access to structure fields (see Structure Inspectors), inspectors also control access to module bindings. The default inspector for module bindings is determined by the current-code-inspector parameter, instead of the current-inspector parameter.
When a module declaration is evaluated, the value of the current-code-inspector parameter is associated with the module declaration. When the module is invoked via require or dynamic-require, a sub-inspector of the module’s declaration-time inspector is created, and this sub-inspector is associated with the module invocation. Any inspector that controls the sub-inspector (i.e., the declaration-time inspector and its superior) controls the module invocation.
Control over a module invocation enables
the use of module->namespace on the module;
access to the module’s protected identifiers, i.e. those identifiers exported from the module with protect; and
access to the module’s protected and unexported variables within compiled code from read (see current-compile).
If the value of current-code-inspector never changes, then no control is lost for any module invocation, since the module’s invocation is associated with a sub-inspector of current-code-inspector.
The inspector for a module invocation is specific to a particular module registry, in case a module is attached to a new registry via namespace-attach-module. The invocation inspector in a particular registry can be changed via namespace-unprotect-module (but changing the inspector requires control over the old one).
Control over a module declaration (as opposed to a mere invocation) enables the reconstruction of syntax objects that contain references to the module’s protected and unexported identifiers. Otherwise, the compiler and macro expander prevent any reference to a protected or unexported identifier, unless the reference appears within an expression that was generated by the module’s macros (or, more precisely, a macro from a module whose declaration inspector controls the invocation of the identifier’s module). See Syntax Certificates for further information.
(current-code-inspector) → inspector? |
(current-code-inspector insp) → void? |
insp : inspector? |