RubyGems - kobako - Versions diffs - 0.3.0 → 0.5.0 - Mend

kobako 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (98) hide show

checksums.yaml +4 -4
data/.release-please-manifest.json +1 -0
data/CHANGELOG.md +29 -0
data/Cargo.lock +1 -1
data/README.md +85 -6
data/data/kobako.wasm +0 -0
data/ext/kobako/Cargo.toml +1 -1
data/ext/kobako/src/lib.rs +4 -2
data/ext/kobako/src/{wasm → runtime}/cache.rs +22 -18
data/ext/kobako/src/runtime/capture.rs +91 -0
data/ext/kobako/src/runtime/config.rs +26 -0
data/ext/kobako/src/runtime/dispatch.rs +211 -0
data/ext/kobako/src/runtime/exports.rs +51 -0
data/ext/kobako/src/runtime/guest_mem.rs +228 -0
data/ext/kobako/src/{wasm/host_state.rs → runtime/invocation.rs} +195 -81
data/ext/kobako/src/runtime/trap.rs +134 -0
data/ext/kobako/src/runtime.rs +782 -0
data/ext/kobako/src/snapshot.rs +110 -0
data/lib/kobako/capture.rb +11 -16
data/lib/kobako/catalog/handles.rb +107 -0
data/lib/kobako/catalog/namespaces.rb +99 -0
data/lib/kobako/{snippet/table.rb → catalog/snippets.rb} +37 -62
data/lib/kobako/catalog.rb +18 -0
data/lib/kobako/codec/decoder.rb +13 -7
data/lib/kobako/codec/factory.rb +21 -18
data/lib/kobako/codec/utils.rb +118 -29
data/lib/kobako/codec.rb +6 -3
data/lib/kobako/errors.rb +45 -28
data/lib/kobako/fault.rb +40 -0
data/lib/kobako/handle.rb +60 -0
data/lib/kobako/namespace.rb +67 -0
data/lib/kobako/outcome.rb +55 -29
data/lib/kobako/runtime.rb +30 -0
data/lib/kobako/sandbox.rb +131 -67
data/lib/kobako/sandbox_options.rb +6 -9
data/lib/kobako/snapshot.rb +40 -0
data/lib/kobako/snippet/binary.rb +6 -7
data/lib/kobako/snippet/source.rb +8 -8
data/lib/kobako/snippet.rb +7 -9
data/lib/kobako/transport/dispatcher.rb +195 -0
data/lib/kobako/transport/error.rb +24 -0
data/lib/kobako/transport/request.rb +78 -0
data/lib/kobako/transport/response.rb +69 -0
data/lib/kobako/transport/run.rb +141 -0
data/lib/kobako/transport/yield.rb +91 -0
data/lib/kobako/transport/yielder.rb +89 -0
data/lib/kobako/transport.rb +24 -0
data/lib/kobako/usage.rb +41 -0
data/lib/kobako/version.rb +1 -1
data/lib/kobako.rb +4 -3
data/release-please-config.json +24 -0
data/sig/kobako/capture.rbs +0 -2
data/sig/kobako/{rpc/handle_table.rbs → catalog/handles.rbs} +3 -9
data/sig/kobako/catalog/namespaces.rbs +17 -0
data/sig/kobako/{snippet/table.rbs → catalog/snippets.rbs} +2 -11
data/sig/kobako/{rpc.rbs → catalog.rbs} +1 -1
data/sig/kobako/codec/decoder.rbs +2 -1
data/sig/kobako/codec/factory.rbs +3 -3
data/sig/kobako/codec/utils.rbs +11 -1
data/sig/kobako/errors.rbs +7 -7
data/sig/kobako/fault.rbs +19 -0
data/sig/kobako/handle.rbs +18 -0
data/sig/kobako/namespace.rbs +19 -0
data/sig/kobako/outcome.rbs +2 -2
data/sig/kobako/runtime.rbs +23 -0
data/sig/kobako/sandbox.rbs +10 -7
data/sig/kobako/snapshot.rbs +15 -0
data/sig/kobako/transport/dispatcher.rbs +34 -0
data/sig/kobako/transport/error.rbs +6 -0
data/sig/kobako/transport/request.rbs +32 -0
data/sig/kobako/transport/response.rbs +30 -0
data/sig/kobako/transport/run.rbs +27 -0
data/sig/kobako/transport/yield.rbs +34 -0
data/sig/kobako/transport/yielder.rbs +21 -0
data/sig/kobako/transport.rbs +4 -0
data/sig/kobako/usage.rbs +11 -0
metadata +52 -30
data/ext/kobako/src/wasm/dispatch.rs +0 -161
data/ext/kobako/src/wasm/instance.rs +0 -771
data/ext/kobako/src/wasm.rs +0 -125
data/lib/kobako/invocation.rb +0 -112
data/lib/kobako/rpc/dispatcher.rb +0 -169
data/lib/kobako/rpc/envelope.rb +0 -118
data/lib/kobako/rpc/fault.rb +0 -41
data/lib/kobako/rpc/handle.rb +0 -39
data/lib/kobako/rpc/handle_table.rb +0 -107
data/lib/kobako/rpc/namespace.rb +0 -74
data/lib/kobako/rpc/server.rb +0 -158
data/lib/kobako/rpc.rb +0 -11
data/lib/kobako/wasm.rb +0 -25
data/sig/kobako/invocation.rbs +0 -23
data/sig/kobako/rpc/dispatcher.rbs +0 -33
data/sig/kobako/rpc/envelope.rbs +0 -51
data/sig/kobako/rpc/fault.rbs +0 -20
data/sig/kobako/rpc/handle.rbs +0 -19
data/sig/kobako/rpc/namespace.rbs +0 -24
data/sig/kobako/rpc/server.rbs +0 -37
data/sig/kobako/wasm.rbs +0 -39

data/sig/kobako/transport/yield.rbs ADDED Viewed

@@ -0,0 +1,34 @@
+module Kobako
+  module Transport
+    TAG_OK: Integer
+    TAG_BREAK: Integer
+    TAG_RESERVED: Integer
+    TAG_ERROR: Integer
+    LIVE_TAGS: Array[Integer]
+    class Yield
+      attr_reader tag: Integer
+      attr_reader value: untyped
+      def self.decode: (String bytes) -> Yield
+      def self.reject_dead_tag!: (Integer tag) -> void
+      def initialize: (tag: Integer, value: untyped) -> void
+      def with: (?tag: Integer, ?value: untyped) -> Yield
+      def ok?: () -> bool
+      def break?: () -> bool
+      def error?: () -> bool
+      def encode: () -> String
+      def ==: (untyped other) -> bool
+      def hash: () -> Integer
+    end
+  end
+end

data/sig/kobako/transport/yielder.rbs ADDED Viewed

@@ -0,0 +1,21 @@
+module Kobako
+  module Transport
+    class Yielder
+      @yield_to_guest: ^(String) -> String
+      @break_tag: Symbol
+      @active: bool
+      def initialize: (^(String) -> String yield_to_guest, Symbol break_tag) -> void
+      def yield: (*untyped args) -> untyped
+      def to_proc: () -> Proc
+      def invalidate!: () -> void
+      private
+      def yield_failure: (untyped payload, default: String) -> RuntimeError
+    end
+  end
+end

data/sig/kobako/transport.rbs ADDED Viewed

@@ -0,0 +1,4 @@
+module Kobako
+  module Transport
+  end
+end

data/sig/kobako/usage.rbs ADDED Viewed

@@ -0,0 +1,11 @@
+module Kobako
+  class Usage < Data
+    EMPTY: Usage
+    attr_reader wall_time: Float
+    attr_reader memory_peak: Integer
+    def self.new: (wall_time: Float, memory_peak: Integer) -> Usage
+                | (Float wall_time, Integer memory_peak) -> Usage
+  end
+end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kobako
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Aotokitsuruya
@@ -29,14 +29,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.91
+        version: 0.9.128
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.91
+        version: 0.9.128
 description: kobako provides an in-process Wasm sandbox (wasmtime + mruby) with a
   MessagePack-based host/guest RPC, allowing Ruby applications to execute untrusted
   mruby scripts under capability-based Service injection.
@@ -47,6 +47,8 @@ extensions:
 - ext/kobako/extconf.rb
 extra_rdoc_files: []
 files:
+- ".release-please-manifest.json"
+- CHANGELOG.md
 - Cargo.lock
 - Cargo.toml
 - LICENSE
@@ -55,13 +57,22 @@ files:
 - ext/kobako/Cargo.toml
 - ext/kobako/extconf.rb
 - ext/kobako/src/lib.rs
-- ext/kobako/src/wasm.rs
-- ext/kobako/src/wasm/cache.rs
-- ext/kobako/src/wasm/dispatch.rs
-- ext/kobako/src/wasm/host_state.rs
-- ext/kobako/src/wasm/instance.rs
+- ext/kobako/src/runtime.rs
+- ext/kobako/src/runtime/cache.rs
+- ext/kobako/src/runtime/capture.rs
+- ext/kobako/src/runtime/config.rs
+- ext/kobako/src/runtime/dispatch.rs
+- ext/kobako/src/runtime/exports.rs
+- ext/kobako/src/runtime/guest_mem.rs
+- ext/kobako/src/runtime/invocation.rs
+- ext/kobako/src/runtime/trap.rs
+- ext/kobako/src/snapshot.rs
 - lib/kobako.rb
 - lib/kobako/capture.rb
+- lib/kobako/catalog.rb
+- lib/kobako/catalog/handles.rb
+- lib/kobako/catalog/namespaces.rb
+- lib/kobako/catalog/snippets.rb
 - lib/kobako/codec.rb
 - lib/kobako/codec/decoder.rb
 - lib/kobako/codec/encoder.rb
@@ -69,51 +80,62 @@ files:
 - lib/kobako/codec/factory.rb
 - lib/kobako/codec/utils.rb
 - lib/kobako/errors.rb
-- lib/kobako/invocation.rb
+- lib/kobako/fault.rb
+- lib/kobako/handle.rb
+- lib/kobako/namespace.rb
 - lib/kobako/outcome.rb
 - lib/kobako/outcome/panic.rb
-- lib/kobako/rpc.rb
-- lib/kobako/rpc/dispatcher.rb
-- lib/kobako/rpc/envelope.rb
-- lib/kobako/rpc/fault.rb
-- lib/kobako/rpc/handle.rb
-- lib/kobako/rpc/handle_table.rb
-- lib/kobako/rpc/namespace.rb
-- lib/kobako/rpc/server.rb
+- lib/kobako/runtime.rb
 - lib/kobako/sandbox.rb
 - lib/kobako/sandbox_options.rb
+- lib/kobako/snapshot.rb
 - lib/kobako/snippet.rb
 - lib/kobako/snippet/binary.rb
 - lib/kobako/snippet/source.rb
-- lib/kobako/snippet/table.rb
+- lib/kobako/transport.rb
+- lib/kobako/transport/dispatcher.rb
+- lib/kobako/transport/error.rb
+- lib/kobako/transport/request.rb
+- lib/kobako/transport/response.rb
+- lib/kobako/transport/run.rb
+- lib/kobako/transport/yield.rb
+- lib/kobako/transport/yielder.rb
+- lib/kobako/usage.rb
 - lib/kobako/version.rb
-- lib/kobako/wasm.rb
+- release-please-config.json
 - sig/kobako.rbs
 - sig/kobako/capture.rbs
+- sig/kobako/catalog.rbs
+- sig/kobako/catalog/handles.rbs
+- sig/kobako/catalog/namespaces.rbs
+- sig/kobako/catalog/snippets.rbs
 - sig/kobako/codec/decoder.rbs
 - sig/kobako/codec/encoder.rbs
 - sig/kobako/codec/error.rbs
 - sig/kobako/codec/factory.rbs
 - sig/kobako/codec/utils.rbs
 - sig/kobako/errors.rbs
-- sig/kobako/invocation.rbs
+- sig/kobako/fault.rbs
+- sig/kobako/handle.rbs
+- sig/kobako/namespace.rbs
 - sig/kobako/outcome.rbs
 - sig/kobako/outcome/panic.rbs
-- sig/kobako/rpc.rbs
-- sig/kobako/rpc/dispatcher.rbs
-- sig/kobako/rpc/envelope.rbs
-- sig/kobako/rpc/fault.rbs
-- sig/kobako/rpc/handle.rbs
-- sig/kobako/rpc/handle_table.rbs
-- sig/kobako/rpc/namespace.rbs
-- sig/kobako/rpc/server.rbs
+- sig/kobako/runtime.rbs
 - sig/kobako/sandbox.rbs
 - sig/kobako/sandbox_options.rbs
+- sig/kobako/snapshot.rbs
 - sig/kobako/snippet.rbs
 - sig/kobako/snippet/binary.rbs
 - sig/kobako/snippet/source.rbs
-- sig/kobako/snippet/table.rbs
-- sig/kobako/wasm.rbs
+- sig/kobako/transport.rbs
+- sig/kobako/transport/dispatcher.rbs
+- sig/kobako/transport/error.rbs
+- sig/kobako/transport/request.rbs
+- sig/kobako/transport/response.rbs
+- sig/kobako/transport/run.rbs
+- sig/kobako/transport/yield.rbs
+- sig/kobako/transport/yielder.rbs
+- sig/kobako/usage.rbs
 homepage: https://github.com/elct9620/kobako
 licenses:
 - Apache-2.0

data/ext/kobako/src/wasm/dispatch.rs DELETED Viewed

@@ -1,161 +0,0 @@
-//! Host-side dispatch for the `__kobako_dispatch` import.
-//!
-//! When the guest invokes the wasm import declared in
-//! `wasm/kobako-wasm/src/abi.rs`, wasmtime calls back into the host
-//! through the closure built in [`super::instance::Instance::build`].
-//! That closure delegates here. The dispatcher (docs/behavior.md B-12 / B-13):
-//!
-//!   1. Reads the Request bytes from guest linear memory.
-//!   2. Hands them to the Ruby-side `Kobako::RPC::Server` and recovers
-//!      Response bytes.
-//!   3. Allocates a guest buffer via `__kobako_alloc(len)` invoked
-//!      through `Caller::get_export`.
-//!   4. Writes the Response bytes into the guest buffer.
-//!   5. Returns packed `(ptr<<32)|len` for the guest to decode.
-//!
-//! Returns 0 on any step failure. `Kobako::Sandbox` always installs a
-//! Server before invoking the guest, so reaching the dispatcher with
-//! no Server bound is itself a wire-layer fault; the guest maps a 0
-//! return to a trap. Failures during normal dispatch surface as
-//! Response.err envelopes from the Server itself — they never reach
-//! this 0-return path.
-//!
-//! ## Why this module writes to `stderr`
-//!
-//! This file is the one place in `ext/` that deliberately prints
-//! through `eprintln!`. The host normally surfaces faults by
-//! raising a `MagnusError` back into Ruby; the dispatcher contract
-//! is the exception — it must return a packed `i64` to the guest
-//! and cannot raise, so a 0 return is the only signal the wasm side
-//! receives. The guest collapses every 0 into the same trap, so the
-//! Ruby host has no way to attribute the failure to a specific
-//! step (missing `memory` export vs. no Server bound vs. Server
-//! raised vs. `__kobako_alloc` returned 0 vs. `memory.write`
-//! rejected).
-//!
-//! [`handle`] writes a single `[kobako-dispatch] <reason>` line to
-//! `stderr` on each failure path so operators have a breadcrumb to
-//! correlate the trap with the actual cause. The line is emitted in
-//! both debug and release builds on purpose: dispatcher failures
-//! are wire-layer faults rather than expected error paths
-//! (`Kobako::Sandbox` always installs a Server, the Server is
-//! contracted never to raise, etc.), so the "release-build noise"
-//! cost is bounded — under normal operation the line is never
-//! written. Operators that need to silence the channel can redirect
-//! the host process's stderr, but the kobako convention is "ext
-//! never logs" plus this single, named exception.
-use magnus::value::{Opaque, ReprValue};
-use magnus::{Error as MagnusError, RString, Ruby, Value};
-use wasmtime::{Caller, Extern};
-use super::host_state::HostState;
-/// Drive a single `__kobako_dispatch` invocation end-to-end. Entry point
-/// from the wasmtime closure built in [`super::instance::Instance::build`].
-///
-/// Returns the packed `(ptr<<32)|len` u64 on success, 0 on any
-/// wire-layer fault. Failure paths log a `[kobako-dispatch]` line to
-/// `stderr` so operators have a breadcrumb when the guest sees a 0
-/// return and traps; before this every failure was silent. The Server
-/// itself is contracted never to raise (it folds Service exceptions
-/// into Response.err envelopes), so reaching the failure path is
-/// always a wiring bug or wire-layer fault rather than an expected
-/// path.
-pub(crate) fn handle(caller: &mut Caller<'_, HostState>, req_ptr: i32, req_len: i32) -> i64 {
-    match try_handle(caller, req_ptr, req_len) {
-        Ok(packed) => packed,
-        Err(reason) => {
-            eprintln!("[kobako-dispatch] {}", reason);
-            0
-        }
-    }
-}
-/// Result-returning core of [`handle`]. Pulled out so each early
-/// failure path carries a diagnostic string instead of an opaque 0.
-fn try_handle(
-    caller: &mut Caller<'_, HostState>,
-    req_ptr: i32,
-    req_len: i32,
-) -> Result<i64, &'static str> {
-    let req_bytes = read_caller_memory(caller, req_ptr, req_len)
-        .ok_or("guest 'memory' export missing or request slice out of bounds")?;
-    // `Kobako::Sandbox` always installs a Server before invoking the
-    // guest, so reaching this branch indicates a misuse rather than a
-    // normal control path.
-    let server = caller
-        .data()
-        .server()
-        .ok_or("no Ruby Server bound — Sandbox#run must precede __kobako_dispatch")?;
-    let resp_bytes = invoke_server(server, &req_bytes).map_err(|_| {
-        "Ruby Server#dispatch raised — contract is to fold faults into Response.err"
-    })?;
-    write_response(caller, &resp_bytes)
-}
-/// Call the Ruby Server's `#dispatch(request_bytes)` method and return
-/// the encoded Response bytes. Errors here mean the Server itself
-/// failed (it is contracted never to raise — see
-/// `Kobako::RPC::Server#dispatch`), which we treat as a wire-layer fault.
-fn invoke_server(server: Opaque<Value>, req_bytes: &[u8]) -> Result<Vec<u8>, MagnusError> {
-    // The wasmtime callback runs on the same Ruby thread that called the
-    // active Sandbox invocation (#eval or #run) — the invariant SPEC
-    // Implementation Standards Architecture pins for the host gem — so
-    // `Ruby::get()` is always available here. Panicking with `expect`
-    // localises the violation rather than letting a nonsense error
-    // propagate.
-    let ruby = Ruby::get().expect("Ruby handle unavailable in __kobako_dispatch");
-    let server_value: Value = ruby.get_inner(server);
-    let req_str = ruby.str_from_slice(req_bytes);
-    let resp: RString = server_value.funcall("dispatch", (req_str,))?;
-    Ok(super::rstring_to_vec(resp))
-}
-/// Allocate a guest-side buffer through `__kobako_alloc` and copy the
-/// response bytes into it. Returns the packed `(ptr<<32)|len` u64.
-/// Each failure path carries a `&'static str` reason so the dispatcher
-/// wrapper can surface a useful diagnostic rather than a silent 0.
-fn write_response(caller: &mut Caller<'_, HostState>, bytes: &[u8]) -> Result<i64, &'static str> {
-    let alloc = match caller.get_export("__kobako_alloc") {
-        Some(Extern::Func(f)) => f
-            .typed::<i32, i32>(&*caller)
-            .map_err(|_| "guest '__kobako_alloc' export has wrong signature")?,
-        _ => return Err("guest '__kobako_alloc' export missing"),
-    };
-    let len_i32 = i32::try_from(bytes.len()).map_err(|_| "response exceeds i32::MAX bytes")?;
-    let ptr = alloc
-        .call(&mut *caller, len_i32)
-        .map_err(|_| "__kobako_alloc trapped")?;
-    if ptr == 0 {
-        return Err("__kobako_alloc returned 0 (out of memory)");
-    }
-    let mem = match caller.get_export("memory") {
-        Some(Extern::Memory(m)) => m,
-        _ => return Err("guest 'memory' export missing"),
-    };
-    mem.write(&mut *caller, ptr as usize, bytes)
-        .map_err(|_| "memory.write rejected response buffer range")?;
-    let ptr_u32 = ptr as u32;
-    let len_u32 = bytes.len() as u32;
-    Ok(((ptr_u32 as i64) << 32) | (len_u32 as i64))
-}
-/// Copy `[ptr, ptr+len)` out of the guest's linear memory as seen from
-/// `caller`. Returns `None` when `memory` is not exported or the slice
-/// falls outside the live memory range.
-fn read_caller_memory(caller: &mut Caller<'_, HostState>, ptr: i32, len: i32) -> Option<Vec<u8>> {
-    let mem = match caller.get_export("memory") {
-        Some(Extern::Memory(m)) => m,
-        _ => return None,
-    };
-    let data = mem.data(&caller);
-    let start = ptr as usize;
-    let end = start.checked_add(len as usize)?;
-    data.get(start..end).map(|s| s.to_vec())
-}