/
qmlSimpleSlicer.ml
1901 lines (1780 loc) · 76.7 KB
/
qmlSimpleSlicer.ml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
(*
Copyright © 2011, 2012 MLstate
This file is part of Opa.
Opa is free software: you can redistribute it and/or modify it under the
terms of the GNU Affero General Public License, version 3, as published by
the Free Software Foundation.
Opa is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for
more details.
You should have received a copy of the GNU Affero General Public License
along with Opa. If not, see <http://www.gnu.org/licenses/>.
*)
module Format = Base.Format
module List = Base.List
module String = Base.String
module Q = QmlAst
module Package = ObjectFiles.Package
module WClass = struct
let all =
WarningClass.create
~public:true
~name:"slicer"
~doc:"All the warnings of the slicer"
~err:true
~enable:true
()
let sliced_expr =
WarningClass.create
~parent:all
~public:true
~name:"sliced_expr"
~doc:"Warns when a declaration with a @sliced_expr is not defined on both sides"
~err:true
~enable:true
()
module Server = struct
(* can only be checked at link time *)
(** when a server directive has no purpose, TODO *)
let useless =
WarningClass.create
~parent:all
~public:true
~name:"server.useless"
~doc:"Warns when a declaration with a server directive is never called from the client (i.e. remove it)"
~err:false
~enable:true
()
(** when a server directive is ignored *)
let meaningless =
WarningClass.create
~parent:all
~public:true
~name:"server.meaningless"
~doc:"Warns when a declaration with a server directive is using a protected (or server_private) value"
~err:false
~enable:true
()
(** when a server directive is generating first order call back to the client *)
let misleading =
WarningClass.create
~parent:all
~public:true
~name:"server.misleading"
~doc:"Warns when a declaration with a server directive is calling the client called"
~err:false
~enable:true
()
end
module Protected = struct
(** when a protected directive is generating first order call back to the client *)
let misleading =
WarningClass.create
~parent:all
~public:true
~name:"protected.misleading"
~doc:"Warns when a declaration with a protected directive is calling the client called"
~err:false
~enable:true
()
(** when a exposed directive is generating first order call back to the client *)
let implicit_access =
WarningClass.create
~parent:all
~public:true
~name:"protected.implicit.expose"
~doc:"Warns when a xhtml event is giving access to a protected value by being implicitly exposed but completly server side (safe in most cases)"
~err:false
~enable:true
()
end
module Exposed = struct
(** when an exposed directive is not exposing a protected value *)
let meaningless =
WarningClass.create
~parent:all
~public:true
~name:"exposed.meaningless"
~doc:"Warns when a declaration is asked to be exposed but it is not using any protected value"
~err:false
~enable:true
()
(** when an exposed directive is adding an entry point uselessly TODO *)
let useless =
WarningClass.create
~parent:all
~public:true
~name:"exposed.useless"
~doc:"Warns when a declaration with an exposed directive is never called from client"
~err:false
~enable:true
()
(** when a exposed directive is generating first order call back to the client *)
let misleading =
WarningClass.create
~parent:all
~public:true
~name:"exposed.misleading"
~doc:"Warns when a declaration with an exposed directive is calling the client"
~err:false
~enable:true
()
end
let as_ignored l = List.iter (fun wclass -> WarningClass.set_warn wclass false;
WarningClass.set_warn_error wclass false) l
let as_warning l = List.iter (fun wclass -> WarningClass.set_warn wclass true;
WarningClass.set_warn_error wclass false) l
let as_error li lw all = List.iter (fun wclass ->
if not(List.mem wclass li) && not(List.mem wclass lw) then (
WarningClass.set_warn wclass true;
WarningClass.set_warn_error wclass true
)
) all
(* first list => ignored
second list => warning
otherwise error *)
let all_swclass = [ Server.meaningless ; Server.useless ; Server.misleading ;
Exposed.meaningless; Exposed.useless ; Exposed.misleading ;
(*TODO*) (* TODO *) Protected.misleading ; Protected.implicit_access]
let security_levels_warnings = [
"low", (
all_swclass,
[]
);
"warnall", (
[],
all_swclass
);
"normal", (
[Exposed.misleading; Server.misleading; Protected.implicit_access; Server.misleading],
[Protected.misleading]
);
"high", (
[Exposed.misleading],
[Server.misleading;Protected.implicit_access]
);
"higher", (
[],
[Exposed.misleading;Protected.implicit_access]
);
"pedantic", (
[],
[]
)
]
let select_security_level level =
let ignored, warn = List.assoc level security_levels_warnings
in
as_ignored ignored;
as_warning warn;
as_error ignored warn all_swclass
let security_levels = List.map fst security_levels_warnings
let warning_set = WarningClass.Set.create_from_list ([
all;
sliced_expr;
] @ all_swclass)
end
let warning_set = WClass.warning_set
module Options = struct
module Arg = Base.Arg
module Type = struct
type options = {
check_level : string;
}
end
include Type
let default_options = {
check_level = "normal"
}
let _ = WClass.select_security_level default_options.check_level
let r = ref default_options
let list =
[
"--slicer-check",
Arg.Symbol (WClass.security_levels, (fun level ->
r := { check_level = level };
WClass.select_security_level level;
)),
Format.sprintf " Level of security of the slicing checks (%a) [%s]"
(Format.pp_list "@ " Format.pp_print_string) WClass.security_levels
default_options.check_level
;
]
end
type splitted_code = {
code : QmlAst.code ;
published : Pass_ExplicitInstantiation.published_map;
original_renaming : QmlRenamingMap.t;
renaming : QmlRenamingMap.t ;
}
type side_annotation =
| Client (* client side *)
| Server (* server side *)
| Both (* side independent *)
type user_wish =
| Prefer
| Force
type user_annotation = { side : side_annotation; wish : user_wish }
type client_code_kind =
[ `expression
| `insert_server_value (* SHOULD NOT BE USED FOR FUNCTIONAL TYPES, it is useless *)
| `alias ]
type server_code_kind =
[ `expression
| `alias ]
(**
A weakened form of type [privacy], exported to the rest of the compiler
*)
type publication = [ `Published of [`sync | `async | `funaction ]
| `Private ]
type privacy =
| Published of bool (* the bool indicate that the publish was implicit *)
| Private
| Visible
let variant_of_async async =
if async then `async else `sync
type 'a value =
| Local of 'a
| External of Package.t
type information = (* TODO: explicit the invariants *)
{ (* fields that aren't computed *)
mutable privacy : privacy;
implemented_both : bool;
mutable user_annotation : user_annotation option;
ident : Ident.t;
async : bool;
mutable expr : Q.expr value; (* this field is muted only at the very end
* to avoid marshalling the expression *)
(* computed by initialize_env *)
mutable calls_server_bypass : BslKey.t option;
mutable calls_client_bypass : BslKey.t option;
mutable has_sliced_expr : bool;
mutable lambda_lifted : Ident.t list;
(* computed by propagate_server_private *)
mutable calls_private : information value option; (* this field is independent of the @publish annotation *)
(* TODO handle instantaneous deps *)
(* computed by the kind of effect analysis *)
mutable does_side_effects : bool;
(* these fields are computed by choose sides *)
mutable needs_the_server : bool;
mutable needs_the_client : bool;
(*mutable need_serialization : bool; (* not equivalent to calls_the_client || calls_the_server
* because you need serialization mechanisms
* for @insert_server_value, but there is no call
* (at least if there is no function) *)*)
mutable on_the_server : server_code_kind option option; (* TODO: use a right default value? options because this is unset at the beginning *)
mutable on_the_client : client_code_kind option option; (* same thing *)
mutable publish_on_the_client : bool; (* need a @comet_publish *)
mutable publish_on_the_server : bool; (* need an @ajax_publish *)
(* these fields are computed by the renaming are used to be able
* to do the same alpha conversion of identifiers across different
* compilation units *)
mutable server_ident : [ `ident of Ident.t
| `tsc of (QmlAst.ty, unit) QmlGenericScheme.tsc option
| `ident_tsc of Ident.t * (QmlAst.ty, unit) QmlGenericScheme.tsc option
| `undefined ];
(* if the declaration is defined on the server,
* gives the renamed identifier
* if not, it gives the typescheme to put on the @ajax_call *)
mutable client_ident : [ `ident of Ident.t
| `tsc of (QmlAst.ty, unit) QmlGenericScheme.tsc option
| `ident_tsc of Ident.t * (QmlAst.ty, unit) QmlGenericScheme.tsc option
| `undefined ];
}
let pp_option pp_a f = function
| None -> Format.pp_print_string f "None"
| Some a -> Format.fprintf f "Some %a" pp_a a
let pp_server_ident f = function
| `ident i -> Format.fprintf f "`ident %s" (Ident.to_string i)
| `tsc tsc_opt -> Format.fprintf f "`tsc %a" (pp_option QmlPrint.pp_base#tsc) tsc_opt
| `ident_tsc (i, tsc_opt) ->
Format.fprintf f "`ident_tsc (%s, %a)" (Ident.to_string i) (pp_option
QmlPrint.pp_base#tsc) tsc_opt
| `undefined -> Format.pp_print_string f "undefined"
let pp_kind f = function
| `expression -> Format.pp_print_string f "`expression"
| `insert_server_value -> Format.pp_print_string f "`insert_server_value"
| `alias -> Format.pp_print_string f "`alias"
let pp_value pp_a f = function
| Local a -> Format.fprintf f "Local %a" pp_a a
| External p -> Format.fprintf f "External %a" Package.pp p
let pp_info_ident f {ident; _} = Format.pp_print_string f (Ident.to_string ident)
let pp_privacy f = function
| Published _ -> Format.pp_print_string f "Published"
| Private -> Format.pp_print_string f "Private"
| Visible -> Format.pp_print_string f "Visible"
let pp_info f {ident; server_ident; client_ident;
publish_on_the_server; publish_on_the_client;
on_the_server; on_the_client;
calls_private; privacy;
calls_server_bypass; calls_client_bypass; _} =
Format.fprintf f "@[<v>{@[<v2>@ ident: %s@ server_ident: %a@ client_ident: %a\
@ publish_on_the_server: %B@ publish_on_the_client: %B\
@ on_the_server: %a@ on_the_client: %a\
@ calls_private: %a@ privacy: %a\
@ calls_server_bypass: %a@ calls_client_bypass: %a@]@ }@]"
(Ident.to_string ident) pp_server_ident server_ident pp_server_ident client_ident
publish_on_the_server publish_on_the_client
(pp_option (pp_option pp_kind)) on_the_server (pp_option (pp_option pp_kind)) on_the_client
(pp_option (pp_value pp_info_ident)) calls_private pp_privacy privacy
(pp_option BslKey.pp) calls_server_bypass (pp_option BslKey.pp) calls_client_bypass
module Information =
struct
type t = information
let compare info1 info2 = Ident.compare info1.ident info2.ident
let equal info1 info2 = Ident.equal info1.ident info2.ident
let hash info = Ident.hash info.ident
end
module G = struct
include Graph.Imperative.Digraph.ConcreteBidirectional(Information)
let exists_succ f graph node =
Return.set_checkpoint
(fun label ->
iter_succ (fun node -> if f node then Return.return label true) graph node;
false
)
let find_succ f graph node =
Return.set_checkpoint
(fun label ->
iter_succ (fun node -> if f node then Return.return label node) graph node;
raise Not_found
)
end
type environment =
{ informations : information IdentTable.t;
call_graph : G.t;
client_bsl_lang : BslLanguage.t;
server_bsl_lang : BslLanguage.t; (* could have a debug mode where both sides are ml *)
bymap : BslLib.BSL.ByPassMap.t;
gamma : QmlTypes.gamma;
annotmap : Q.annotmap;
}
let get_bypass_side env bslkey =
match BslLib.BSL.ByPassMap.find_opt env.bymap bslkey with
| None ->
(* shouldn't have undefined bypass at that point *)
OManager.i_error "@[missing bypass @{<bright>%a@}@] in bypasses @[%a@]"
BslKey.pp bslkey
BslLib.BSL.ByPassMap.pp env.bymap
| Some bypass ->
let langs = BslLib.BSL.ByPass.langs bypass in
let impl_client = List.mem env.client_bsl_lang langs in
let impl_server = List.mem env.server_bsl_lang langs in
match impl_server,impl_client with
| true,true -> `both
| false,true -> `client
| true,false -> `server
| _ -> assert false (* could happen in we use a c only bypass *)
(* TODO: annotation of db default values as full server
* annotation of dbgen generated code as server private *)
(* TODO: pas de passe collect annotations *)
(* TODO: handle recursive annotations full_server -> pas besoin de serialization + at least on the server but not only? *)
(* TODO: annotation @assert_both etc? *)
(* TODO: never insert_server_value of any datatype containing functions? *)
let empty_env ~client_bsl_lang ~server_bsl_lang bymap typer_env =
{ informations = IdentTable.create 100;
call_graph = G.create ();
client_bsl_lang ;
server_bsl_lang ;
bymap = bymap;
gamma = typer_env.QmlTypes.gamma;
annotmap = typer_env.QmlTypes.annotmap;
}
(* same as rewriteAsyncLambda presumably *)
type ignored_directive = [
| Q.type_directive
| Q.lambda_lifting_directive
| Q.slicer_directive
]
let async_lambda e =
QmlAstWalk.Expr.traverse_exists
(fun tra -> function
| Q.Coerce _
| Q.Directive (_, #ignored_directive, _, _) ->
tra e
| Q.Lambda _ -> true
| _ -> false
) e
let rec slicer_annots_of_expr visibility both_implem side_annot async annotmap expr =
match expr with
| Q.Directive (label, `async, [e], _) when async_lambda e ->
async := true;
let tsc_gen = QmlAnnotMap.find_tsc_opt_label label !annotmap in
annotmap := QmlAnnotMap.add_tsc_opt_label (Q.Label.expr e) tsc_gen !annotmap;
slicer_annots_of_expr visibility both_implem side_annot async annotmap e
| Q.Coerce (label, e, ty) ->
let e' = slicer_annots_of_expr visibility both_implem side_annot async annotmap e in
(*if e == e' then expr else*) Q.Coerce (label, e', ty)
| Q.Directive (label, (#Q.type_directive as d), [e], ty) ->
let e' = slicer_annots_of_expr visibility both_implem side_annot async annotmap e in
(*if e == e' then expr else*) Q.Directive (label, d, [e'], ty)
| Q.Directive (label, (`visibility_annotation _ | `side_annotation _ as v), [e], _) ->
begin match v, !visibility, !side_annot with
| `visibility_annotation v, None, _ ->
visibility := Some (
match v with
| `public (`sync | `async as sync) ->
(async := match sync with `async -> true | `sync -> !async);
Published false
| `private_ -> Private
| `public `funaction -> Published true (* `sync*)
(* problem: since fun actions are lambda lifting with two groups
* of lambda, the funaction is onclick="f(env)(arg)"
* and the remote call f(env) does not return void
* it should be solved by putting fun action lifting after typing
* and by putting a partial apply directly
* when this is done, `funaction should become `async as is done
* in the commented code below
*)
)
| `side_annotation v, _, None ->
side_annot := Some (
match v with
| `client -> {side=Client;wish=Force}
| `server -> {side=Server;wish=Force}
| `both -> {side=Both;wish=Force}
| `both_implem -> both_implem := true; {side=Both;wish=Force}
| `prefer_client -> {side=Client;wish=Prefer}
| `prefer_server -> {side=Server;wish=Prefer}
| `prefer_both -> {side=Both;wish=Prefer}
)
| `visibility_annotation _, Some _, _ ->
let context = QmlError.Context.expr expr in
QmlError.serror context "You have conflicting security annotations (protected,exposed) on the same declaration."
| `side_annotation _, _, Some _ ->
let context = QmlError.Context.expr expr in
QmlError.serror context "You have conflicting side annotations (server,client) on the same declaration."
end;
let tsc_gen = QmlAnnotMap.find_tsc_opt_label label !annotmap in
annotmap := QmlAnnotMap.add_tsc_opt_label (Q.Label.expr e) tsc_gen !annotmap;
slicer_annots_of_expr visibility both_implem side_annot async annotmap e
| _ -> expr
let default_information ~env ~annotmap (ident,expr) =
let visibility = ref None in
let both_implem = ref false in
let side_annot = ref None in
let async = ref false in
let expr = slicer_annots_of_expr visibility both_implem side_annot async annotmap expr in
if !async then (
(* we can't have asynchronous calls to functions that return something else than void
* note that {} / ... is not good either because f(x:{} / ...) = x cannot
* be called asynchronous
* So we are NOT checking that the return type is unifiable with void,
* we want exactly void
* Another way to do that would be to force the typer to unify void and the return type
* but for that, the directive would need to be still in the ast when typing *)
let ty = QmlAnnotMap.find_ty (Q.QAnnot.expr expr) !annotmap in
let fail () =
let context = QmlError.Context.expr expr in
QmlError.serror context
"@[@@async_publish can be put only on functions whose return type is {}@]@\n\
@[<2>Hint:@\nit has type %a@]@."
QmlPrint.pp#ty ty
in
(match QmlTypesUtils.Inspect.get_arrow_through_alias_and_private env.gamma ty with
| None -> fail ()
| Some (_params, ty) ->
if not (QmlTypesUtils.Inspect.is_type_void env.gamma ty) then fail ());
);
{ calls_private = None;
lambda_lifted = [];
calls_server_bypass = None;
calls_client_bypass = None;
privacy = Option.default Visible !visibility;
implemented_both = !both_implem;
user_annotation = !side_annot;
async = !async;
has_sliced_expr = false;
expr = Local expr;
on_the_server = None;
on_the_client = None;
publish_on_the_server = false;
publish_on_the_client = false;
needs_the_client = false;
needs_the_server = false;
ident = ident;
does_side_effects = false;
server_ident = `undefined;
client_ident = `undefined;
}, expr
let get_expr = function
| {expr = Local expr; _} -> expr
| {expr = External _; _} -> assert false
let is_external = function
| {expr = External _; _} -> true
| {expr = Local _; _} -> false
let pp_pos_a f label = FilePos.pp_pos f (Annot.pos label)
let pp_pos f info =
match info.expr with
| Local expr -> pp_pos_a f (Q.Label.expr expr)
| External package -> Package.pp_full f package
let update_call_graph env info =
let infos = env.informations in
let call_graph = env.call_graph in
match info.expr with
| External _ -> ()
| Local expr ->
QmlAstWalk.Expr.iter_context_down
(fun context -> function
| Q.Ident (_, i) -> (
try
let info_i = IdentTable.find infos i in
G.add_edge call_graph info info_i
with Not_found -> ()
);
context
| Q.Bypass (_, key) -> (
match get_bypass_side env key with
| `server -> info.calls_server_bypass <- Some key
| `client -> info.calls_client_bypass <- Some key
| `both -> ()
);
context
| Q.Directive (label, `sliced_expr, _, _) ->
if context then
OManager.serror "@[<v>%a@]@\n@[<2> You have a nested @@sliced_expr.@]"
pp_pos_a label;
info.has_sliced_expr <- true;
true
| Q.Directive (label, (`side_annotation _ | `visibility_annotation _), _, _) ->
let error_context = QmlError.Context.label label in
QmlError.serror error_context "@[This is an invalid slicer annotation: they can only appear on toplevel bindings (or inside toplevel modules) or on function bindings.@]";
context
| Q.Directive (_, `lifted_lambda (_,hierarchy), _, _) ->
assert (info.lambda_lifted = []);
(* if the code is lifted, you have only one function per toplevel
declaration (so at most one @lifted_lambda) *)
info.lambda_lifted <- hierarchy;
context
| _ ->
context
)
false
expr
let initialize_env ~env code =
let annotmap = ref env.annotmap in
let call_graph = env.call_graph in
let initialize_bindings iel =
List.map
(fun ((i,_) as bnd) ->
let info, e = default_information ~env ~annotmap bnd in
IdentTable.add env.informations i info;
G.add_vertex call_graph info;
(i, e)
) iel in
let code =
List.map
(function
| Q.NewVal (label,iel) ->
Q.NewVal (label,initialize_bindings iel)
| Q.NewValRec (label,iel) ->
Q.NewValRec (label,initialize_bindings iel)
| Q.NewType _ -> assert false
| Q.Database _ -> assert false
| Q.NewDbValue _ -> assert false)
code in
IdentTable.iter (fun _ info -> update_call_graph env info) env.informations;
{env with annotmap = !annotmap}, code
module G_for_server_private =
struct
include G
let iter_succ f graph node =
iter_succ (fun node -> match node.privacy with Published _ -> () | _ -> f node) graph node
let exists_succ f graph node =
exists_succ (fun node -> match node.privacy with Published _ -> false | _ -> f node) graph node
let find_succ f graph node =
find_succ (fun node -> match node.privacy with Published _ -> false | _ -> f node) graph node
let find_opt_succ f graph node =
try Some (find_succ f graph node) with Not_found -> None
end
module SCC_for_server_private = GraphUtils.Components.Make(G_for_server_private)
let propagate_server_private env =
let graph = env.call_graph in
let groups = SCC_for_server_private.scc ~size:200 graph in
List.iter
(fun group ->
let info_opt =
List.find_map
(fun info ->
if info.calls_server_bypass <> None || info.privacy = Private
then Some info
else
G_for_server_private.find_opt_succ
(fun node -> node.calls_private <> None) graph info)
group in
match info_opt with
| Some info -> List.iter (fun node -> node.calls_private <- Some (Local info)) group
| None -> ()
) groups
module S_eff =
struct
type t = QmlEffects.SlicerEffect.env
let pass = "qmlSimpleSlicerEffect"
let pp f _ = Format.pp_print_string f "<dummy>"
end
module R_eff =
struct
include ObjectFiles.Make(S_eff)
let load () =
fold
(fun (eff1,typ1) (eff2,typ2) ->
(IdentMap.safe_merge eff1 eff2, IdentMap.safe_merge typ1 typ2))
(IdentMap.empty,IdentMap.empty)
let save (load_eff,load_typ) (final_eff,final_typ) =
let diff_env = (IdentMap.diff final_eff load_eff, IdentMap.diff final_typ load_typ) in
save diff_env
end
let analyse_side_effects env code =
let bypass_typer =
let typer = BslLib.BSL.ByPassMap.bypass_typer env.bymap in
fun s -> Option.get (typer s) in
let initial_env = R_eff.load () in
let (effect_env,_) as final_env = QmlEffects.SlicerEffect.infer_code ~initial_env bypass_typer code in
R_eff.save initial_env final_env;
IdentTable.iter
(fun ident info ->
info.does_side_effects <- QmlEffects.SlicerEffect.flatten_effect (IdentMap.find ident effect_env)
) env.informations
module SCC = GraphUtils.Components.Make(G)
let get_arity_opt gamma annotmap e =
let ty = QmlAnnotMap.find_ty (Q.QAnnot.expr e) annotmap in
match QmlTypesUtils.Inspect.get_arrow_through_alias_and_private gamma ty with
| Some (params, _) -> Some (List.length params)
| None -> None
let get_arity_of_functional_type gamma annotmap e =
Option.get (get_arity_opt gamma annotmap e)
let has_functional_type gamma annotmap e =
match get_arity_opt gamma annotmap e with
| None -> false
| Some _ -> true
let rec find_private_path acc info =
let acc = info :: acc in
match info.privacy with
| Private -> List.rev acc, `annot
| Published _ | Visible ->
match info.calls_server_bypass with
| Some key -> List.tl (List.rev acc), `key key
| None ->
match info.calls_private with
| None -> assert false
| Some (Local info) -> find_private_path acc info
| Some (External package) -> List.rev acc, `package package
let find_private_path info = find_private_path [] info
let pp_private_path pp_pos f info =
let l,end_ = find_private_path info in
let pp_info f info =
Format.fprintf f "'%s' at @[<v>%a@]"
(Ident.original_name info.ident)
pp_pos info in
let pp_end f = function
| `key key -> Format.fprintf f "%%%%%a%%%% which is a server bypass" BslKey.pp key
| `package package -> Format.fprintf f "from package %a" Package.pp_full package
| `annot -> Format.fprintf f "which is annotated as 'protected'" in
if l = [] then
Format.fprintf f "@[<v>%a@]"
pp_end end_
else
Format.fprintf f "@[<v>%a@ %a@]"
(Format.pp_list "@ " pp_info) l
pp_end end_
(* FIXME: with the smarter analysis for side effects, this function doesn't work anymore:
* @server b = 1
* @client a = (-> b)() would probably not do an insert_server_value when it should
* this function contains some bugs anyway *)
let direct_dep_on_the_server env node =
let informations = env.informations in
let rec aux tra bnds = function
| Q.Lambda _ -> true
| Q.Ident (_, i) as expr -> (
(* we don't have to care about recursive deps
* (cases when on_the_server or on_the_client can be None)
* because in recursion we only have lambdas, which never do side effects *)
try
match IdentTable.find informations i with
| { on_the_server = Some (Some _); on_the_client = Some None; _} ->
(* avoiding to put an insert_server_value on cases such as @server f() = ...; @both g = f
* this is hackish and this should be done better by computing dependencies while doing
* side effect analysis *)
has_functional_type env.gamma env.annotmap expr
| _ -> true
with
| Not_found -> true
)
| e -> tra bnds e in
not (QmlAstWalk.Expr.traverse_forall_context_down aux IdentSet.empty (get_expr node))
type faulty = Private_path | No
let warn_tagged_but_use node ~wclass ~tagged ~use (faulty:faulty) consequence=
OManager.warning ~wclass
"@[<v>%a@]@\n@[<2> '%s' is tagged as '%s' but it uses '%s' values%a%s@]"
pp_pos node
(Ident.original_name node.ident)
tagged
use
(fun b node -> match faulty with
| No -> Format.fprintf b "%s" ". "
| Private_path -> Format.fprintf b ":@\n%a@\n" (pp_private_path pp_pos) node
)
node
consequence
let may_warn_tagged_but_use ~emit node ~wclass ~tagged ~use faulty consequence =
if emit then (
warn_tagged_but_use node ~wclass ~tagged ~use faulty consequence;
false
) else false
let check_privacy ~emit_error:_ ~emit node =
let may_warn ~wclass ~tagged ~use faulty consequence =
ignore(may_warn_tagged_but_use ~emit node ~wclass ~tagged ~use faulty consequence)
in
match node.privacy with
| Published implicit ->
(* an explicit exposed value is giving access to nothing protected *)
let c1 = node.calls_private = None && not(implicit) in
if c1 then may_warn ~wclass:WClass.Exposed.meaningless
~tagged:"exposed" ~use:"only non protected" No
"The directive will be ignored"
;
(* an implict exposed value is giving access to a protected value *)
let c2 = node.calls_private <> None && implicit in
if c2 then may_warn ~wclass:WClass.Protected.implicit_access
~tagged:"implicit exposed" ~use:"protected" Private_path
"The access to these value is guaranteed to be safe, but they can be accessed."
;
let c3 = node.needs_the_client && not(implicit) in
if c3 then may_warn ~wclass:WClass.Exposed.misleading
~tagged:"exposed" ~use:"client" No
"This is can be inefficient and may be a security threat."
;
c1 && c2 && c3
| Visible -> true
| Private ->
let c1 = node.needs_the_client in
if c1 then may_warn ~wclass:WClass.Protected.misleading
~tagged:"protected" ~use:"client" No
"This is probably a security threat."
;
c1
let check_side ~emit_error ~emit node =
let side_str = function
| Server -> "server"
| Both -> "both"
| Client -> "client"
in
let c1 = if node.calls_private <> None then (
match node.user_annotation with
| Some {wish=Force; side=Server} when not(node.does_side_effects)->
may_warn_tagged_but_use ~emit node ~wclass:WClass.Server.meaningless
~tagged:"server" ~use:"protected" Private_path
"The directive will be ignored.";
| Some {wish=Force; side=(Client|Both) as side} ->
let c1 = side=Both && (match node.privacy with Published _ -> true | _ -> false) in
if not(c1) && (emit || emit_error) then (
OManager.serror "@[<v>%a@]@\n@[<4> '%s' is tagged as '%s' but it uses 'protected' values:@\n%a@]"
pp_pos node
(Ident.original_name node.ident)
(side_str side)
(pp_private_path pp_pos) node;
c1
) else c1
| _ -> true
) else true
in
let c2 = if node.needs_the_client then (
match node.user_annotation with
| Some {wish=Force; side=Server} ->
may_warn_tagged_but_use ~emit node ~wclass:WClass.Server.misleading
~tagged:"server" ~use:"client" No
"This can be inefficient.";
| _ -> true
) else true
in
let c3 = if node.has_sliced_expr then (
match node.user_annotation with
| Some {wish=Force; side=(Client|Server) as side} ->
may_warn_tagged_but_use ~emit node ~wclass:WClass.sliced_expr
~tagged:(side_str side) ~use:"sliced_expr" No
"This is unusual."
| _ -> true
) else true
in c1 && c2 && c3
let check_node ?(emit_error=false) ~emit node =
let c1 = check_privacy ~emit_error ~emit node in
let c2 = check_side ~emit_error ~emit node in
c1 && c2
let look_at_user_annotation env pp_pos node annot =
let rec aux node annot =
ignore( check_node ~emit_error:false ~emit:false node);
match annot with
| Some {wish=Force; side=Client} ->
node.on_the_server <- Some None;
node.on_the_client <- Some (Some `expression);
node.publish_on_the_server <- false;
node.publish_on_the_client <- true
| Some {wish=Force; side=Server} ->
(match node.calls_client_bypass with
| Some key ->
OManager.serror "@[<v>%a@]@\n@[<2> '%s' is tagged as @@server but it contains a client bypass (%%%%%a%%%%).@]"
pp_pos node
(Ident.original_name node.ident)
BslKey.pp key
| None -> ());
node.on_the_server <- Some (Some `expression);
node.on_the_client <- Some None;
node.publish_on_the_server <- node.calls_private = None || (match node.privacy with Published _-> true | _-> false);
node.publish_on_the_client <- false
| Some {wish=Force; side=Both} ->
let fake_server, fake_client =
if node.calls_private <> None then (
(
match node.privacy with
| Published _ -> ()
| _ ->
OManager.serror "@[<v>%a@]@\n@[<4> '%s' is tagged as 'both' but it uses a 'protected' values:@\n%a@]"
pp_pos node
(Ident.original_name node.ident)
(pp_private_path pp_pos) node
);
if node.implemented_both then
OManager.serror "@[<v>%a@]@\n@[<4> '%s' is tagged as 'both_implem' but it uses 'protected' values:@\n%a@]"
pp_pos node
(Ident.original_name node.ident)
(pp_private_path pp_pos) node;
false, true
) else
match node.calls_client_bypass with
| Some key ->
if node.implemented_both then (
OManager.serror "@[<v>%a@]@\n@[<4> '%s' is tagged as 'both_implem' but it uses the client bypass %s@]"
pp_pos node
(Ident.original_name node.ident)
(BslKey.to_string key)
);
true, false
| None ->
false, false in
let on_the_server =
if fake_server then
let functional_type = has_functional_type env.gamma env.annotmap (get_expr node) in
if not functional_type then
OManager.serror "@[<v>%a@]@\n@[<2> '%s' is tagged as 'both' but it contains a client bypass (%%%%%a%%%%) and it is not a function.@]"
pp_pos node
(Ident.original_name node.ident)
BslKey.pp (Option.get node.calls_client_bypass);
`alias
else
`expression in
let on_the_client =
let functional_type = has_functional_type env.gamma env.annotmap (get_expr node) in
if fake_client then
if functional_type then
`alias
else
`insert_server_value
else if node.implemented_both then
`expression
else if node.does_side_effects then
`insert_server_value
else
(* not sure exactly what should happen when you have instantaneous deps, should possibly be a slicing error *)
if direct_dep_on_the_server env node then
if functional_type then
`alias
else
`insert_server_value
else
`expression in
if node.has_sliced_expr then (
(match on_the_client with
| `expression -> ()
| `alias | `insert_server_value ->
OManager.warning ~wclass:WClass.sliced_expr "@[<v>%a@]@\n@[<2> '%s' contains a 'sliced_expr' but the client code will not be executed.@]"
pp_pos node
(Ident.original_name node.ident)
);
(match on_the_server with
| `expression -> ()
| `alias ->
OManager.warning ~wclass:WClass.sliced_expr "@[<v>%a@]@\n@[<2> '%s' contains a 'sliced_expr' but the server code will not be executed.@]"
pp_pos node
(Ident.original_name node.ident))
);
node.on_the_server <- Some (Some on_the_server);
node.on_the_client <- Some (Some on_the_client);
node.publish_on_the_server <- on_the_client = `alias;
node.publish_on_the_client <- on_the_server = `alias
| Some {wish=Prefer; side=Client} ->
(* same check as for @client to be sure that we have no error and no warning *)
if node.calls_private <> None || node.has_sliced_expr then
aux node None
else
aux node (Some {wish=Force; side=Client})
| Some {wish=Prefer; side=Server} ->
(* same check as for @server *)
if node.calls_client_bypass <> None || node.has_sliced_expr then
aux node None
else
aux node (Some {wish=Force; side=Server})