pub struct SandboxLimits {
pub interval: Cell<i32>,
pub instr_limited: Cell<bool>,
pub instr_remaining: Cell<u64>,
pub instr_limit: Cell<u64>,
pub mem_limit: Cell<Option<usize>>,
pub tripped: Cell<u8>,
pub aborting: Cell<bool>,
}Expand description
Per-runtime sandbox budget, shared by every thread (main + coroutines) via
the Rc<RefCell<GlobalState>> they all hold. Every field is a Cell so the
VM can charge the budget through the shared Ref it borrows in the
count-hook path — no &mut and no write-borrow on the hot path.
interval == 0 means inactive; in that case the VM never sets the
count-hook mask, so there is zero overhead.
Fields§
§interval: Cell<i32>Count-hook interval in instructions; 0 = sandbox inactive.
instr_limited: Cell<bool>Whether an instruction budget is enforced.
instr_remaining: Cell<u64>Instructions left before the budget trips.
instr_limit: Cell<u64>Configured instruction limit, retained so reset can refill.
mem_limit: Cell<Option<usize>>GC-byte ceiling; None = no memory limit.
tripped: Cell<u8>One of the SANDBOX_TRIP_* codes.
aborting: Cell<bool>Sticky once a limit trips: the abort is uncatchable. While set,
pcall/xpcall/coroutine.resume re-raise the trip error instead of
swallowing it, so untrusted code cannot defeat the budget by catching
it in a loop. Cleared only by LuaState::sandbox_reset.