The code sent to a pengine is executed in the context of the module
pengine_sandbox and the safety of goals is validated using safe_goal/1
prior to execution. Any pengine has access to the safe predicates
library(sandbox). If a server wishes to extend
the set of predicates, it must:
- Define one or more modules that export the desired additional predicates.
- Makes this code available to the sandbox using the call below,
assuming that the additional predicates are defined in the Prolog module
- Register safe foreign predicates with
library(sandbox), i.e., predicates that do not have side effects such as accessing the file system, load foreign extensions, define other predicates outside the sandbox environment, etc.
Note that the safety of Prolog predicate can typically be proven by
library(sandbox). This may not be the case if untracktable forms of meta-calling are used. In this case it is adviced to avoid such code. If this is not possible, the code must be carefully reviewed by hand and of proven to be safe it may be registered with the sandbox library.
For example, basic RDF access can be granted to pengines using the code below. Please study the sandboxing code carefully before adding declarations.
:- use_module(pengine_sandbox:library(semweb/rdf_db)). :- use_module(library(sandbox)). :- multifile sandbox:safe_primitive/1. sandbox:safe_primitive(rdf_db:rdf(_,_,_)).