As for persistence and garbage collection -- Tcl is GREAT at this sort
of thing. You have access to several storage management schemes. Also,
Tcl's facility for allowing multiple "interpreters" gives you the
ULTIMATE garbage collection -- you can reclaim EVERYTHING if you so
choose as soon as the foreign script is done running, by running it in
its own interpreter. Hybrid schemes are also possible.
As for what it means to have a safe execution environment, I refer you
both to the ATOMICMAIL paper and to the Safe-Tcl paper published in
ULPAA '94 of this year. That paper is available as part of the safe-tcl
distribution, which also includes a document that explains the basic
model, a language specification, full source code and documentation.
FTP it from ftp.ics.uci.edu, in the directory mrose/safe-tcl.
There's also a mailing list: safe-tcl[-request]@cs.utk.edu, for anyone
who is interested.
I am NOT going to argue that Tcl is the perfect language, or that I have
solved all the problems of safe execution environments and everyone
should just use my work. However, I do strongly encourage you to read
about Safe-Tcl and to try to avoid re-inventing the wheel if possible.
A single scripting language, with both restricted ("safe") and
unrestricted versions, would be a great thing to see universally
deployed..... -- Nathaniel