mustardscript 0.1.0

package/crates/mustard/src/runtime/tests/serialization.rs

@@ -0,0 +1,170 @@
+use super::*;
+
+#[test]
+fn round_trips_program_and_snapshot() {
+    let source = "const value = fetch_data(1); value + 2;";
+    let program = compile(source).expect("compile should succeed");
+    let bytecode = lower_to_bytecode(&program).expect("lowering should succeed");
+    let program_bytes = dump_program(&bytecode).expect("program dump should succeed");
+    let loaded_program = load_program(&program_bytes).expect("program load should succeed");
+    assert_eq!(loaded_program.root, bytecode.root);
+    assert_eq!(loaded_program.functions.len(), bytecode.functions.len());
+
+    let suspension = suspend(source, &["fetch_data"]);
+    let snapshot_bytes = dump_snapshot(&suspension.snapshot).expect("snapshot dump should succeed");
+    let loaded_snapshot = load_snapshot(&snapshot_bytes).expect("snapshot load should succeed");
+    let resumed = resume_with_options(
+        loaded_snapshot,
+        ResumePayload::Value(number(1.0)),
+        ResumeOptions {
+            cancellation_token: None,
+            snapshot_policy: Some(SnapshotPolicy {
+                capabilities: vec!["fetch_data".to_string()],
+                limits: RuntimeLimits::default(),
+            }),
+        },
+    )
+    .expect("resume should succeed");
+    match resumed {
+        ExecutionStep::Completed(value) => {
+            assert_eq!(value, number(3.0));
+        }
+        other => panic!("expected completion, got {other:?}"),
+    }
+}
+
+#[test]
+fn rejects_invalid_jump_targets_before_execution() {
+    let program = invalid_program(vec![Instruction::Jump(99), Instruction::Return]);
+    let error = start_bytecode(&program, ExecutionOptions::default())
+        .expect_err("invalid jump target should fail validation");
+    assert!(error.to_string().contains("jumps to invalid target 99"));
+}
+
+#[test]
+fn rejects_inconsistent_stack_depth_in_serialized_programs() {
+    let program = invalid_program(vec![
+        Instruction::PushNumber(1.0),
+        Instruction::JumpIfTrue(3),
+        Instruction::Pop,
+        Instruction::Return,
+    ]);
+    let bytes = dump_program(&program).expect("invalid program still serializes");
+    let error =
+        load_program(&bytes).expect_err("invalid serialized program should fail validation");
+    assert!(
+        error
+            .to_string()
+            .contains("has inconsistent validation state")
+    );
+}
+
+#[test]
+fn rejects_cross_version_serialized_programs() {
+    let program = lower_to_bytecode(&compile("1;").expect("compile should succeed"))
+        .expect("lowering should succeed");
+    let mut bytes = dump_program(&program).expect("program should serialize");
+    bytes[0] = bytes[0].saturating_add(1);
+    let error = load_program(&bytes).expect_err("cross-version program should be rejected");
+    assert!(
+        error
+            .to_string()
+            .contains("serialized program version mismatch")
+    );
+}
+
+#[test]
+fn rejects_invalid_snapshot_frame_state() {
+    let mut suspension = suspend("const value = fetch_data(1); value + 2;", &["fetch_data"]);
+    suspension.snapshot.runtime.frames[0].ip = 999;
+    let bytes = dump_snapshot(&suspension.snapshot).expect("snapshot should serialize");
+    let error = load_snapshot(&bytes).expect_err("invalid snapshot should fail validation");
+    assert!(
+        error
+            .to_string()
+            .contains("frame instruction pointer 999 is out of range")
+    );
+}
+
+#[test]
+fn direct_execution_snapshot_deserialize_reruns_validation() {
+    let mut suspension = suspend("const value = fetch_data(1); value + 2;", &["fetch_data"]);
+    suspension.snapshot.runtime.frames[0].ip = 999;
+    let bytes =
+        bincode::serialize(&suspension.snapshot).expect("snapshot should serialize directly");
+    let error = bincode::deserialize::<ExecutionSnapshot>(&bytes)
+        .expect_err("invalid snapshots should fail validation during direct deserialize");
+    assert!(
+        error
+            .to_string()
+            .contains("frame instruction pointer 999 is out of range")
+    );
+}
+
+#[test]
+fn rejects_cross_version_snapshots() {
+    let suspension = suspend("const value = fetch_data(1); value + 2;", &["fetch_data"]);
+
+    let mut bytes = dump_snapshot(&suspension.snapshot).expect("snapshot should serialize");
+    bytes[0] = bytes[0].saturating_add(1);
+    let error = load_snapshot(&bytes).expect_err("cross-version snapshot should be rejected");
+    assert!(
+        error
+            .to_string()
+            .contains("serialized snapshot version mismatch")
+    );
+}
+
+#[test]
+fn rejects_out_of_range_promise_combinator_snapshot_state() {
+    let mut suspension = suspend(
+        r#"
+        async function main() {
+          return Promise.all([fetch_data(1), fetch_data(2)]);
+        }
+        main();
+        "#,
+        &["fetch_data"],
+    );
+
+    let target = suspension
+        .snapshot
+        .runtime
+        .promises
+        .iter()
+        .find_map(|(key, promise)| match promise.driver.as_ref() {
+            Some(PromiseDriver::All { .. }) => Some(key),
+            _ => None,
+        })
+        .expect("Promise.all target should exist");
+
+    let mutated = suspension
+        .snapshot
+        .runtime
+        .promises
+        .values_mut()
+        .find_map(|promise| {
+            promise.reactions.iter_mut().find_map(|reaction| match reaction {
+                PromiseReaction::Combinator {
+                    target: reaction_target,
+                    index,
+                    ..
+                } if *reaction_target == target => {
+                    *index = 99;
+                    Some(())
+                }
+                _ => None,
+            })
+        });
+    assert!(mutated.is_some(), "Promise.all combinator reaction should exist");
+
+    let bytes = dump_snapshot(&suspension.snapshot).expect("snapshot should serialize");
+    let error = load_snapshot(&bytes).expect_err("forged snapshot should fail validation");
+    assert!(
+        error
+            .to_string()
+            .contains("promise")
+            && error.to_string().contains("combinator index"),
+        "unexpected error: {error}"
+    );
+}

package/crates/mustard/src/runtime/validation/bytecode.rs

@@ -0,0 +1,484 @@
+use super::*;
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+struct ValidationState {
+    stack_depth: usize,
+    scope_depth: usize,
+    handler_depth: usize,
+    pending_depth: usize,
+}
+
+pub(in crate::runtime) fn validate_bytecode_program(
+    program: &BytecodeProgram,
+) -> MustardResult<()> {
+    if program.functions.is_empty() {
+        return Err(MustardError::validation(
+            "bytecode validation failed: program defines no functions",
+            None,
+        ));
+    }
+    if program.root >= program.functions.len() {
+        return Err(MustardError::validation(
+            format!(
+                "bytecode validation failed: root function {} is out of range for {} functions",
+                program.root,
+                program.functions.len()
+            ),
+            None,
+        ));
+    }
+    for (function_id, function) in program.functions.iter().enumerate() {
+        validate_function(program, function_id, function)?;
+    }
+    Ok(())
+}
+
+fn validate_function(
+    program: &BytecodeProgram,
+    function_id: usize,
+    function: &FunctionPrototype,
+) -> MustardResult<()> {
+    if function.code.is_empty() {
+        return Err(MustardError::validation(
+            format!("bytecode validation failed: function {function_id} has no instructions"),
+            None,
+        ));
+    }
+    if !matches!(function.code.last(), Some(Instruction::Return)) {
+        return Err(MustardError::validation(
+            format!("bytecode validation failed: function {function_id} does not end in Return"),
+            None,
+        ));
+    }
+
+    let code_len = function.code.len();
+    for (ip, instruction) in function.code.iter().enumerate() {
+        match instruction {
+            Instruction::MakeClosure {
+                function_id: target,
+            } if *target >= program.functions.len() => {
+                return Err(MustardError::validation(
+                    format!(
+                        "bytecode validation failed: function {function_id} instruction {ip} references missing closure target {target}"
+                    ),
+                    None,
+                ));
+            }
+            Instruction::Jump(target)
+            | Instruction::JumpIfFalse(target)
+            | Instruction::JumpIfTrue(target)
+            | Instruction::JumpIfNullish(target)
+            | Instruction::EnterFinally { exit: target }
+            | Instruction::PushPendingJump { target, .. }
+                if *target >= code_len =>
+            {
+                return Err(MustardError::validation(
+                    format!(
+                        "bytecode validation failed: function {function_id} instruction {ip} jumps to invalid target {target}"
+                    ),
+                    None,
+                ));
+            }
+            Instruction::PushHandler { catch, finally }
+                if catch.is_some_and(|target| target >= code_len)
+                    || finally.is_some_and(|target| target >= code_len) =>
+            {
+                return Err(MustardError::validation(
+                    format!(
+                        "bytecode validation failed: function {function_id} instruction {ip} references an invalid exception target"
+                    ),
+                    None,
+                ));
+            }
+            _ => {}
+        }
+    }
+
+    let mut states = vec![None; code_len];
+    let mut work = VecDeque::from([(
+        0usize,
+        ValidationState {
+            stack_depth: 0,
+            scope_depth: 0,
+            handler_depth: 0,
+            pending_depth: 0,
+        },
+    )]);
+    while let Some((ip, state)) = work.pop_front() {
+        if let Some(existing) = states[ip] {
+            if existing != state {
+                return Err(MustardError::validation(
+                    format!(
+                        "bytecode validation failed: function {function_id} instruction {ip} has inconsistent validation state: existing={existing:?}, new={state:?}"
+                    ),
+                    None,
+                ));
+            }
+            continue;
+        }
+        states[ip] = Some(state);
+
+        let instruction = &function.code[ip];
+        let next_state = apply_validation_effect(function_id, ip, instruction, state)?;
+        for successor in validation_successors(ip, instruction, code_len) {
+            work.push_back((successor, next_state));
+        }
+        match instruction {
+            Instruction::PushHandler { catch, finally } => {
+                if let Some(target) = catch {
+                    work.push_back((
+                        *target,
+                        ValidationState {
+                            handler_depth: state.handler_depth,
+                            ..state
+                        },
+                    ));
+                } else if let Some(target) = finally {
+                    work.push_back((
+                        *target,
+                        ValidationState {
+                            handler_depth: state.handler_depth,
+                            pending_depth: state.pending_depth + 1,
+                            ..state
+                        },
+                    ));
+                }
+            }
+            Instruction::PushPendingJump {
+                target,
+                target_handler_depth,
+                target_scope_depth,
+            } => {
+                work.push_back((
+                    *target,
+                    ValidationState {
+                        scope_depth: *target_scope_depth,
+                        handler_depth: *target_handler_depth,
+                        ..state
+                    },
+                ));
+            }
+            _ => {}
+        }
+    }
+
+    Ok(())
+}
+
+fn apply_validation_effect(
+    function_id: usize,
+    ip: usize,
+    instruction: &Instruction,
+    state: ValidationState,
+) -> MustardResult<ValidationState> {
+    let require_stack = |count: usize| -> MustardResult<()> {
+        if state.stack_depth < count {
+            return Err(MustardError::validation(
+                format!(
+                    "bytecode validation failed: function {function_id} instruction {ip} requires stack depth {count}, found {}",
+                    state.stack_depth
+                ),
+                None,
+            ));
+        }
+        Ok(())
+    };
+
+    let next = match instruction {
+        Instruction::PushUndefined
+        | Instruction::PushNull
+        | Instruction::PushBool(_)
+        | Instruction::PushNumber(_)
+        | Instruction::PushBigInt(_)
+        | Instruction::PushString(_)
+        | Instruction::PushRegExp { .. }
+        | Instruction::LoadName(_)
+        | Instruction::LoadGlobalObject
+        | Instruction::MakeClosure { .. }
+        | Instruction::BeginCatch => ValidationState {
+            stack_depth: state.stack_depth + 1,
+            ..state
+        },
+        Instruction::StoreName(_) => {
+            require_stack(1)?;
+            state
+        }
+        Instruction::InitializePattern(_) | Instruction::Pop => {
+            require_stack(1)?;
+            ValidationState {
+                stack_depth: state.stack_depth - 1,
+                ..state
+            }
+        }
+        Instruction::PushEnv => ValidationState {
+            scope_depth: state.scope_depth + 1,
+            ..state
+        },
+        Instruction::PopEnv => {
+            if state.scope_depth == 0 {
+                return Err(MustardError::validation(
+                    format!(
+                        "bytecode validation failed: function {function_id} instruction {ip} pops an empty scope stack"
+                    ),
+                    None,
+                ));
+            }
+            ValidationState {
+                scope_depth: state.scope_depth - 1,
+                ..state
+            }
+        }
+        Instruction::DeclareName { .. } => state,
+        Instruction::MakeArray { count } => {
+            require_stack(*count)?;
+            ValidationState {
+                stack_depth: state.stack_depth - count + 1,
+                ..state
+            }
+        }
+        Instruction::ArrayPush => {
+            require_stack(2)?;
+            state
+        }
+        Instruction::ArrayPushHole => {
+            require_stack(1)?;
+            state
+        }
+        Instruction::ArrayExtend => {
+            require_stack(2)?;
+            ValidationState {
+                stack_depth: state.stack_depth - 1,
+                ..state
+            }
+        }
+        Instruction::MakeObject { keys } => {
+            require_stack(keys.len())?;
+            ValidationState {
+                stack_depth: state.stack_depth - keys.len() + 1,
+                ..state
+            }
+        }
+        Instruction::CopyDataProperties => {
+            require_stack(2)?;
+            ValidationState {
+                stack_depth: state.stack_depth - 1,
+                ..state
+            }
+        }
+        Instruction::CreateIterator => {
+            require_stack(1)?;
+            state
+        }
+        Instruction::IteratorNext => {
+            require_stack(1)?;
+            ValidationState {
+                stack_depth: state.stack_depth + 1,
+                ..state
+            }
+        }
+        Instruction::GetPropStatic { .. } => {
+            require_stack(1)?;
+            state
+        }
+        Instruction::GetPropComputed { .. } => {
+            require_stack(2)?;
+            ValidationState {
+                stack_depth: state.stack_depth - 1,
+                ..state
+            }
+        }
+        Instruction::PatternArrayIndex(_)
+        | Instruction::PatternArrayRest(_)
+        | Instruction::PatternObjectRest(_)
+        | Instruction::Update(_) => {
+            require_stack(1)?;
+            state
+        }
+        Instruction::SetPropStatic { .. } => {
+            require_stack(2)?;
+            ValidationState {
+                stack_depth: state.stack_depth - 1,
+                ..state
+            }
+        }
+        Instruction::SetPropComputed => {
+            require_stack(3)?;
+            ValidationState {
+                stack_depth: state.stack_depth - 2,
+                ..state
+            }
+        }
+        Instruction::Unary(_) => {
+            require_stack(1)?;
+            state
+        }
+        Instruction::Binary(_) => {
+            require_stack(2)?;
+            ValidationState {
+                stack_depth: state.stack_depth - 1,
+                ..state
+            }
+        }
+        Instruction::Dup => {
+            require_stack(1)?;
+            ValidationState {
+                stack_depth: state.stack_depth + 1,
+                ..state
+            }
+        }
+        Instruction::Dup2 => {
+            require_stack(2)?;
+            ValidationState {
+                stack_depth: state.stack_depth + 2,
+                ..state
+            }
+        }
+        Instruction::PushHandler { .. } => ValidationState {
+            handler_depth: state.handler_depth + 1,
+            ..state
+        },
+        Instruction::PopHandler => {
+            if state.handler_depth == 0 {
+                return Err(MustardError::validation(
+                    format!(
+                        "bytecode validation failed: function {function_id} instruction {ip} pops an empty handler stack"
+                    ),
+                    None,
+                ));
+            }
+            ValidationState {
+                handler_depth: state.handler_depth - 1,
+                ..state
+            }
+        }
+        Instruction::EnterFinally { .. } => state,
+        Instruction::Throw { .. } => {
+            require_stack(1)?;
+            state
+        }
+        Instruction::PushPendingJump {
+            target_handler_depth,
+            target_scope_depth,
+            ..
+        } => {
+            if *target_handler_depth > state.handler_depth {
+                return Err(MustardError::validation(
+                    format!(
+                        "bytecode validation failed: function {function_id} instruction {ip} targets handler depth {target_handler_depth} from depth {}",
+                        state.handler_depth
+                    ),
+                    None,
+                ));
+            }
+            if *target_scope_depth > state.scope_depth {
+                return Err(MustardError::validation(
+                    format!(
+                        "bytecode validation failed: function {function_id} instruction {ip} targets scope depth {target_scope_depth} from depth {}",
+                        state.scope_depth
+                    ),
+                    None,
+                ));
+            }
+            ValidationState {
+                pending_depth: state.pending_depth + 1,
+                ..state
+            }
+        }
+        Instruction::PushPendingReturn => {
+            require_stack(1)?;
+            ValidationState {
+                stack_depth: state.stack_depth - 1,
+                pending_depth: state.pending_depth + 1,
+                ..state
+            }
+        }
+        Instruction::PushPendingThrow => {
+            require_stack(1)?;
+            ValidationState {
+                stack_depth: state.stack_depth - 1,
+                pending_depth: state.pending_depth + 1,
+                ..state
+            }
+        }
+        Instruction::ContinuePending => {
+            if state.pending_depth == 0 {
+                return Err(MustardError::validation(
+                    format!(
+                        "bytecode validation failed: function {function_id} instruction {ip} resumes without a pending completion"
+                    ),
+                    None,
+                ));
+            }
+            ValidationState {
+                pending_depth: state.pending_depth - 1,
+                ..state
+            }
+        }
+        Instruction::Jump(_) => state,
+        Instruction::JumpIfFalse(_)
+        | Instruction::JumpIfTrue(_)
+        | Instruction::JumpIfNullish(_) => {
+            require_stack(1)?;
+            state
+        }
+        Instruction::Call {
+            argc, with_this, ..
+        } => {
+            let required = argc + 1 + usize::from(*with_this);
+            require_stack(required)?;
+            ValidationState {
+                stack_depth: state.stack_depth - required + 1,
+                ..state
+            }
+        }
+        Instruction::CallWithArray { with_this, .. } => {
+            let required = 2 + usize::from(*with_this);
+            require_stack(required)?;
+            ValidationState {
+                stack_depth: state.stack_depth - required + 1,
+                ..state
+            }
+        }
+        Instruction::Await => {
+            require_stack(1)?;
+            state
+        }
+        Instruction::Construct { argc } => {
+            let required = argc + 1;
+            require_stack(required)?;
+            ValidationState {
+                stack_depth: state.stack_depth - required + 1,
+                ..state
+            }
+        }
+        Instruction::ConstructWithArray => {
+            require_stack(2)?;
+            ValidationState {
+                stack_depth: state.stack_depth - 1,
+                ..state
+            }
+        }
+        Instruction::Return => state,
+    };
+    Ok(next)
+}
+
+fn validation_successors(ip: usize, instruction: &Instruction, code_len: usize) -> Vec<usize> {
+    match instruction {
+        Instruction::Jump(target) => vec![*target],
+        Instruction::JumpIfFalse(target)
+        | Instruction::JumpIfTrue(target)
+        | Instruction::JumpIfNullish(target) => {
+            let mut successors = vec![*target];
+            if ip + 1 < code_len {
+                successors.push(ip + 1);
+            }
+            successors
+        }
+        Instruction::ContinuePending | Instruction::Throw { .. } | Instruction::Return => {
+            Vec::new()
+        }
+        _ if ip + 1 < code_len => vec![ip + 1],
+        _ => Vec::new(),
+    }
+}

package/crates/mustard/src/runtime/validation/mod.rs

@@ -0,0 +1,14 @@
+use std::collections::{HashSet, VecDeque};
+
+use crate::diagnostic::{DiagnosticKind, MustardError, MustardResult};
+
+use super::*;
+
+mod bytecode;
+mod policy;
+mod snapshot;
+mod walk;
+
+pub(super) use bytecode::validate_bytecode_program;
+pub(super) use policy::validate_snapshot_policy;
+pub(super) use snapshot::validate_snapshot;