Skip to content

Commit

Permalink
Put hard sandbox checks on new primops
Browse files Browse the repository at this point in the history
  • Loading branch information
@dolio
dolio committed Oct 24, 2023
1 parent e87e74d commit 609720a
Showing 1 changed file with 22 additions and 16 deletions.
38 changes: 22 additions & 16 deletions parser-typechecker/src/Unison/Runtime/Machine.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -401,22 +401,28 @@ exec !env !denv !_activeThreads !ustk !bstk !k _ (BPrim1 SDBL i) = do
exec !_ !denv !_activeThreads !ustk !bstk !k _ (BPrim1 op i) = do
(ustk, bstk) <- bprim1 ustk bstk op i
pure (denv, ustk, bstk, k)
exec !env !denv !_activeThreads !ustk !bstk !k _ (BPrim2 SDBX i j) = do
s <- peekOffS bstk i
c <- peekOff bstk j
l <- decodeSandboxArgument s
b <- checkSandboxing env l c
ustk <- bump ustk
poke ustk $ if b then 1 else 0
pure (denv, ustk, bstk, k)
exec !env !denv !_activeThreads !ustk !bstk !k _ (BPrim2 SDBV i j) = do
s <- peekOffS bstk i
v <- peekOffBi bstk j
l <- decodeSandboxArgument s
res <- checkValueSandboxing env l v
bstk <- bump bstk
poke bstk $ encodeSandboxResult res
pure (denv, ustk, bstk, k)
exec !env !denv !_activeThreads !ustk !bstk !k _ (BPrim2 SDBX i j)
| sandboxed env =
die "attempted to use sandboxed operation: sandboxLinks"
| otherwise = do
s <- peekOffS bstk i
c <- peekOff bstk j
l <- decodeSandboxArgument s
b <- checkSandboxing env l c
ustk <- bump ustk
poke ustk $ if b then 1 else 0
pure (denv, ustk, bstk, k)
exec !env !denv !_activeThreads !ustk !bstk !k _ (BPrim2 SDBV i j)
| sandboxed env =
die "attempted to use sandboxed operation: Value.validateSandboxed"
| otherwise = do
s <- peekOffS bstk i
v <- peekOffBi bstk j
l <- decodeSandboxArgument s
res <- checkValueSandboxing env l v
bstk <- bump bstk
poke bstk $ encodeSandboxResult res
pure (denv, ustk, bstk, k)
exec !_ !denv !_activeThreads !ustk !bstk !k _ (BPrim2 EQLU i j) = do
x <- peekOff bstk i
y <- peekOff bstk j
Expand Down

0 comments on commit 609720a

Please sign in to comment.