Run Goal on temporary loaded sources and discard the module and
loaded predicates after completion. This predicate performs the
following steps:
- If Module is unbound, create a unique identifier for it.
- Turn Module into a temporary module using set_module/1.
Note that this requires the module to be non-existent or
empty. If Module is specified, it should typically be set
to a unique value as obtained from e.g. uuid/1.
- Run Setup in the context of Module.
- If setup succeeded possible choice points are discarded
and Goal is started.
The logical result of this predicate is the same as
`(Setup@Module -> Goal@Module)`, i.e., both Setup and Goal are
resolved relative to the current module, but executed in the
context of Module. If Goal must be called in Module, use
call(Goal).
The module and all its predicates are destroyed after Goal
terminates, as defined by setup_call_cleanup/3.
Discussion This predicate is intended to load programs in an
isolated environment and reclaim all resources. This
unfortunately is incomplete:
- Running the code may leave side effects such as creating
records, flags, changing Prolog flags, etc. The system
has no provisions to track this.
- So called functors (name/arity pairs) are not yet subject
to garbage collection. Functors are both used to define
predicates and to create compound terms.
- See also
- - library(sandbox) determines whether unknown goals are safe
to call.
- - load_files/2 offers the option sandboxed(true)to load code
from unknown sources safely.