Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sandboxed environment errors out #264

Open
jgeraerts opened this issue Aug 26, 2024 · 4 comments
Open

sandboxed environment errors out #264

jgeraerts opened this issue Aug 26, 2024 · 4 comments

Comments

@jgeraerts
Copy link

I was trying to toy around with steel in a prototype I'm doing. Especially the sandboxed environment looked nice to me but it errors out when constructing.

A failing test demonstrating the issue:

  #[test]
    fn test_sandboxed_environment() {
        let mut engine = Engine::new_sandboxed();
        assert!(engine.compile_and_run_raw_program("(+ 1 1)").is_ok());
    }

---- steel_vm::engine::engine_api_tests::test_sandboxed_environment stdout ----
thread 'steel_vm::engine::engine_api_tests::test_sandboxed_environment' panicked at crates/steel-core/src/steel_vm/engine.rs:959:50:
called Result::unwrap() on an Err value: SteelErr { repr: Repr { kind: FreeIdentifier, message: "Cannot reference an identifier before its definition: #%function-ptr-table", span: Some(0..0), stack_trace: None } }
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
@mattwparas
Copy link
Owner

Looks like I've got some bitrot there - will take a look

@mattwparas
Copy link
Owner

Okay, taking a look at this now - besides the obvious that it doesn't work, I just wanted to ask what you were hoping the sandboxed engine would do? I haven't spent a great deal of time hardening the sandbox explicitly, but I can easily disallow access to certain APIs and enable easy interruption.

However, it would be trivial for someone to simply allocate an incredibly large list - there are currently no guard rails for that. If you're interested in something like that, I can start plumbing through protections for that kind of thing and start making headway

@jgeraerts
Copy link
Author

I was looking to use it as a prototype - dsl around datafusion oriented code. So ideally I could register custom functions and only allow control-flow constructs, basic math etc etc. But you don't need to bother with it for me specifically. I just wanted to report it so you were aware.

@mattwparas
Copy link
Owner

Got it - so I'll follow up with some fixes here and an example of how you can achieve that soon (hoping either this evening or tomorrow evening)

If you ever post the data fusion code publicly, let me know! I'm also interested in steel wrapping data fusion in some way

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jgeraerts @mattwparas