From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Philip Kaludercic Newsgroups: gmane.emacs.bugs Subject: bug#58506: Use ".dir-locals.eld" and ".dir-locals-2.eld" when they exist Date: Sat, 15 Oct 2022 15:12:12 +0000 Message-ID: <877d115df7.fsf@posteo.net> References: <87sfjsgkl4.fsf@posteo.net> <865ygn4pno.fsf@mail.linkov.net> <87y1tiabq5.fsf@gnus.org> <87czauzhch.fsf@gmail.com> <87k052h1zt.fsf@posteo.net> <87ilkl78cd.fsf@gnus.org> <874jw577gn.fsf@posteo.net> <87ilkl5sow.fsf@gnus.org> <87v8ol5ngw.fsf@posteo.net> <87wn912nsc.fsf@gnus.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="5313"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 58506@debbugs.gnu.org, Robert Pluim , Juri Linkov , Stefan Kangas , Stefan Monnier To: Lars Ingebrigtsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Oct 15 17:13:24 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ojiqq-00019w-3I for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 15 Oct 2022 17:13:24 +0200 Original-Received: from localhost ([::1]:51820 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ojiqo-0001L8-VT for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 15 Oct 2022 11:13:22 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:38028) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ojiqU-0001Kl-8L for bug-gnu-emacs@gnu.org; Sat, 15 Oct 2022 11:13:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:43384) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ojiqT-0002nq-Uv for bug-gnu-emacs@gnu.org; Sat, 15 Oct 2022 11:13:01 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ojiqT-0001ms-QC for bug-gnu-emacs@gnu.org; Sat, 15 Oct 2022 11:13:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Philip Kaludercic Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 15 Oct 2022 15:13:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 58506 X-GNU-PR-Package: emacs Original-Received: via spool by 58506-submit@debbugs.gnu.org id=B58506.16658467476815 (code B ref 58506); Sat, 15 Oct 2022 15:13:01 +0000 Original-Received: (at 58506) by debbugs.gnu.org; 15 Oct 2022 15:12:27 +0000 Original-Received: from localhost ([127.0.0.1]:42460 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ojipu-0001lq-JH for submit@debbugs.gnu.org; Sat, 15 Oct 2022 11:12:27 -0400 Original-Received: from mout01.posteo.de ([185.67.36.65]:45397) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ojipq-0001la-7s for 58506@debbugs.gnu.org; Sat, 15 Oct 2022 11:12:25 -0400 Original-Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 2DD73240026 for <58506@debbugs.gnu.org>; Sat, 15 Oct 2022 17:12:13 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1665846736; bh=FDdyPlrOHNzwnS4ZjyoJpHYrakHcnyCvosKo/H+nkdQ=; h=From:To:Cc:Subject:Autocrypt:Date:From; b=lwukuOMPyx2cSUhlX5jL9b9ottII4Ygv2JfgDbkFyrnbtcE1zYklg7xaDxTTZOKdt UdpM/yYLbVfe20h2WIbmldLMY69NOAt9Rn6OoAeB24SeD0EKrn0D1jRAMrOw/1gf5V MgDajrn3vTMsoVsZeRPXWr2Cc5cW/R+f8k7I5fg6P3RXUxoGSS/gwQqxR/OLDga4Iz 0Bp7+12KnZ0sid7OUJJCwqjKki/NNHrTuuY9m5rZeMzshdxxy5Wlr+d2eIpbHzzWgV Xr2Pvr9vXTgbcMlwnmUVIzCEIP5VGTsMWR/AO/o2TsvkbSgjzczYwyr/rfILMtCqQ6 iJqza/iN4Xhfg== Original-Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4MqRZ455yRz6tmH; Sat, 15 Oct 2022 17:12:12 +0200 (CEST) In-Reply-To: <87wn912nsc.fsf@gnus.org> (Lars Ingebrigtsen's message of "Sat, 15 Oct 2022 15:56:35 +0200") Autocrypt: addr=philipk@posteo.net; prefer-encrypt=nopreference; keydata= mDMEYHHqUhYJKwYBBAHaRw8BAQdAp3GdmYJ6tm5McweY6dEvIYIiry+Oz9rU4MH6NHWK0Ee0QlBo aWxpcCBLYWx1ZGVyY2ljIChnZW5lcmF0ZWQgYnkgYXV0b2NyeXB0LmVsKSA8cGhpbGlwa0Bwb3N0 ZW8ubmV0PoiQBBMWCAA4FiEEDM2H44ZoPt9Ms0eHtVrAHPRh1FwFAmBx6lICGwMFCwkIBwIGFQoJ CAsCBBYCAwECHgECF4AACgkQtVrAHPRh1FyTkgEAjlbGPxFchvMbxzAES3r8QLuZgCxeAXunM9gh io0ePtUBALVhh9G6wIoZhl0gUCbQpoN/UJHI08Gm1qDob5zDxnIHuDgEYHHqUhIKKwYBBAGXVQEF AQEHQNcRB+MUimTMqoxxMMUERpOR+Q4b1KgncDZkhrO2ql1tAwEIB4h4BBgWCAAgFiEEDM2H44Zo Pt9Ms0eHtVrAHPRh1FwFAmBx6lICGwwACgkQtVrAHPRh1Fw1JwD/Qo7kvtib8jy7puyWrSv0MeTS g8qIxgoRWJE/KKdkCLEA/jb9b9/g8nnX+UcwHf/4VfKsjExlnND3FrBviXUW6NcB X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:245564 Archived-At: --=-=-= Content-Type: text/plain Lars Ingebrigtsen writes: > Philip Kaludercic writes: > >> Another idea could be to take inspiration from Guile's "Sandboxed >> Evaluation"[0] and provide a "safe subset" of Elisp that can be >> evaluated (with some additional checks). >> >> E.g. the following would allow evaluating `add-to-list' if the list if >> safe and the value is self-evaluating: > > Oh, that's a good idea. I wonder whether anybody's written an > interpreter for a "safe" version of Emacs Lisp -- then people could put > `if' statements etc also into these files. There is unsafep, but that is too strict for what we want. E.g. (unsafep '(setq tab-width 3)) ;; => (global-variable tab-width) even though we would want this to work. I've attached an incomplete sketch of how this could look like --=-=-= Content-Type: text/plain Content-Disposition: attachment; filename=safe-eval.el ;;; safe-eval.el --- Evaluation of Safe Emacs Lisp -*- lexical-binding: t; -*- ;; Copyright (C) 2022 Philip Kaludercic ;; Author: Philip Kaludercic ;; Created: 15Oct22 ;; Keywords: lisp ;; This program is free software; you can redistribute it and/or modify ;; it under the terms of the GNU General Public License as published by ;; the Free Software Foundation, either version 3 of the License, or ;; (at your option) any later version. ;; This program is distributed in the hope that it will be useful, ;; but WITHOUT ANY WARRANTY; without even the implied warranty of ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;; GNU General Public License for more details. ;; You should have received a copy of the GNU General Public License ;; along with this program. If not, see . ;;; Commentary: ;; An evaluator for safe Emacs Lisp code. ;;; Code: (eval-when-compile (require 'pcase)) (require 'cl-lib) (require 'seq) (require 'macroexp) (cl-defgeneric safe-eval-p (form) "Return non-nil if it is safe to evaluate FORM. A FORM is safe if it is not a function call, has no side-effects or a method has been defined to verify its safety." (:method :around (form) "Macroexpand FORM before testing for safety." (cl-call-next-method (macroexpand-all form))) ;; Some basic logic (:method ((form (head if))) "A `if' FORM is safe if all arguments are safe." (pcase-let ((`(if ,(pred safe-eval-p) ,(pred safe-eval-p) . ,else) form)) (seq-every-p #'safe-eval-p else))) (:method ((form (head when))) "A `when' FORM is safe if all arguments are safe." (pcase-let ((`(when ,(pred safe-eval-p) . ,body) form)) (seq-every-p #'safe-eval-p body))) (:method ((form (head unless))) "A `unless' FORM is safe if all arguments are safe." (pcase-let ((`(unless ,(pred safe-eval-p) . ,body) form)) (seq-every-p #'safe-eval-p body))) ;; Common state modifiers (:method ((form (head setq))) "A `setq' FORM is safe the new value is a safe value." (pcase-let ((`(setq ,var ,val) form)) (and (safe-eval-p val) (safe-local-variable-p var val)))) (:method ((form (head add-hook))) "A form with `add-hook' must modify a hook locally." (pcase-let* ((`(add-hook ',hook ,(or `#',func `',func) ,(pred macroexp-const-p) ,(and (pred macroexp-const-p) (pred identity))) form) (new-hook (cons func (symbol-value hook)))) (and (safe-local-variable-p hook new-hook) (macroexp-const-p func)))) (:method ((form (head add-to-list))) "A `add-to-hook' FORM is safe the new list is has a safe value." (pcase-let* ((`(add-to-list ',list-var ,element ,append) form) (old-list (symbol-value list-var)) (new-list (if append (append old-list (list element)) (cons element old-list)))) ;; FIXME: `new-list' contains `element' before evaluation. (and (safe-local-variable-p list-var new-list) (safe-eval-p element) (macroexp-const-p append)))) ;; ;; Fallback (:method ((form t)) "A fallback handler to check if FORM is side-effect free." (or (not (consp form)) (and (get (car form) 'side-effect-free) (seq-every-p #'safe-eval-p (cdr form)))))) ;;;###autoload (defun safe-eval (form) "Evaluate FORM is it is safe per `safe-eval-p'. If it is not safe, it will be silently ignored." (when (safe-eval-p form) (eval form t))) ;;;###autoload (defun safe-eval-file (filename) "Evaluate the safe contents of FILENAME. All files deemed unsafe by `safe-eval-p' are silently ignored.'" (with-temp-buffer (insert-file-contents filename) (while (not (eobp)) (safe-eval (read (current-buffer)))))) (provide 'safe-eval) ;;; safe-eval.el ends here --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable > We already mark functions as being side-effect-free, so it seems like > code like > > (if (cl-oddp (% (random) 2)) > (setq ...)) > > would be "safe" together with the safep markup for assignments we > already have. We could make a safe restricted language subset for use > both here and in similar circumstances. That is a good point, but I think more tagging should be done. Ideally this would read as regular elisp (which is kind of ironic considering that we are discussing an .eld file), so it would be nice if mode-specific modifications could be done by just writing --8<---------------cut here---------------start------------->8--- (when (derived-mode-p 'c-mode) (setq tab-width 8)) --8<---------------cut here---------------end--------------->8--- or something like that. >> No, what I had in mind was not to trigger warnings but either to >> highlight unused variables or provide a command that would check it for >> you. > > Oh, right. That's another good idea. =F0=9F=98=80 One idea would be to use Flymake. --=-=-=--