├── .editorconfig ├── .gitignore ├── .rustfmt.toml ├── Cargo.lock ├── Cargo.toml ├── LICENSE-APACHE ├── LICENSE-MIT ├── README.md ├── examples └── workbench.rs ├── src └── lib.rs └── tests ├── arg_parse.rs ├── arg_parse_global.rs ├── complex_restore.rs ├── deterministic_init.rs ├── deterministic_sandbox_handling.rs ├── mut_global_vars.rs ├── retval_restore.rs ├── retval_restore_global.rs ├── val_restore.rs └── val_restore_ffi.rs /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | end_of_line = lf 5 | charset = utf-8 6 | trim_trailing_whitespace = true 7 | insert_final_newline = true 8 | indent_style = tab 9 | indent_size = 4 10 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | .gdb_history 3 | target/ 4 | -------------------------------------------------------------------------------- /.rustfmt.toml: -------------------------------------------------------------------------------- 1 | hard_tabs = true 2 | error_on_line_overflow = false 3 | -------------------------------------------------------------------------------- /Cargo.lock: -------------------------------------------------------------------------------- 1 | [root] 2 | name = "sandcrust" 3 | version = "0.1.0" 4 | dependencies = [ 5 | "bincode 1.0.0-alpha7 (registry+https://github.com/rust-lang/crates.io-index)", 6 | "lazy_static 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)", 7 | "libc 0.2.21 (registry+https://github.com/rust-lang/crates.io-index)", 8 | "memmap 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)", 9 | "nix 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", 10 | "sandheap 0.1.0", 11 | "serde 0.9.13 (registry+https://github.com/rust-lang/crates.io-index)", 12 | "serde_derive 0.9.13 (registry+https://github.com/rust-lang/crates.io-index)", 13 | ] 14 | 15 | [[package]] 16 | name = "bincode" 17 | version = "1.0.0-alpha7" 18 | source = "registry+https://github.com/rust-lang/crates.io-index" 19 | dependencies = [ 20 | "byteorder 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", 21 | "num-traits 0.1.37 (registry+https://github.com/rust-lang/crates.io-index)", 22 | "serde 0.9.13 (registry+https://github.com/rust-lang/crates.io-index)", 23 | ] 24 | 25 | [[package]] 26 | name = "bitflags" 27 | version = "0.7.0" 28 | source = "registry+https://github.com/rust-lang/crates.io-index" 29 | 30 | [[package]] 31 | name = "byteorder" 32 | version = "1.0.0" 33 | source = "registry+https://github.com/rust-lang/crates.io-index" 34 | 35 | [[package]] 36 | name = "cfg-if" 37 | version = "0.1.0" 38 | source = "registry+https://github.com/rust-lang/crates.io-index" 39 | 40 | [[package]] 41 | name = "fs2" 42 | version = "0.4.1" 43 | source = "registry+https://github.com/rust-lang/crates.io-index" 44 | dependencies = [ 45 | "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", 46 | "libc 0.2.21 (registry+https://github.com/rust-lang/crates.io-index)", 47 | "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", 48 | ] 49 | 50 | [[package]] 51 | name = "kernel32-sys" 52 | version = "0.2.2" 53 | source = "registry+https://github.com/rust-lang/crates.io-index" 54 | dependencies = [ 55 | "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", 56 | "winapi-build 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)", 57 | ] 58 | 59 | [[package]] 60 | name = "lazy_static" 61 | version = "0.2.6" 62 | source = "registry+https://github.com/rust-lang/crates.io-index" 63 | 64 | [[package]] 65 | name = "libc" 66 | version = "0.2.21" 67 | source = "registry+https://github.com/rust-lang/crates.io-index" 68 | 69 | [[package]] 70 | name = "memmap" 71 | version = "0.5.2" 72 | source = "registry+https://github.com/rust-lang/crates.io-index" 73 | dependencies = [ 74 | "fs2 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)", 75 | "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", 76 | "libc 0.2.21 (registry+https://github.com/rust-lang/crates.io-index)", 77 | "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", 78 | ] 79 | 80 | [[package]] 81 | name = "nix" 82 | version = "0.8.0" 83 | source = "registry+https://github.com/rust-lang/crates.io-index" 84 | dependencies = [ 85 | "bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", 86 | "cfg-if 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)", 87 | "libc 0.2.21 (registry+https://github.com/rust-lang/crates.io-index)", 88 | "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", 89 | ] 90 | 91 | [[package]] 92 | name = "num-traits" 93 | version = "0.1.37" 94 | source = "registry+https://github.com/rust-lang/crates.io-index" 95 | 96 | [[package]] 97 | name = "quote" 98 | version = "0.3.15" 99 | source = "registry+https://github.com/rust-lang/crates.io-index" 100 | 101 | [[package]] 102 | name = "sandheap" 103 | version = "0.1.0" 104 | dependencies = [ 105 | "libc 0.2.21 (registry+https://github.com/rust-lang/crates.io-index)", 106 | "nix 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", 107 | ] 108 | 109 | [[package]] 110 | name = "serde" 111 | version = "0.9.13" 112 | source = "registry+https://github.com/rust-lang/crates.io-index" 113 | 114 | [[package]] 115 | name = "serde_codegen_internals" 116 | version = "0.14.2" 117 | source = "registry+https://github.com/rust-lang/crates.io-index" 118 | dependencies = [ 119 | "syn 0.11.10 (registry+https://github.com/rust-lang/crates.io-index)", 120 | ] 121 | 122 | [[package]] 123 | name = "serde_derive" 124 | version = "0.9.13" 125 | source = "registry+https://github.com/rust-lang/crates.io-index" 126 | dependencies = [ 127 | "quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)", 128 | "serde_codegen_internals 0.14.2 (registry+https://github.com/rust-lang/crates.io-index)", 129 | "syn 0.11.10 (registry+https://github.com/rust-lang/crates.io-index)", 130 | ] 131 | 132 | [[package]] 133 | name = "syn" 134 | version = "0.11.10" 135 | source = "registry+https://github.com/rust-lang/crates.io-index" 136 | dependencies = [ 137 | "quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)", 138 | "synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)", 139 | "unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)", 140 | ] 141 | 142 | [[package]] 143 | name = "synom" 144 | version = "0.11.3" 145 | source = "registry+https://github.com/rust-lang/crates.io-index" 146 | dependencies = [ 147 | "unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)", 148 | ] 149 | 150 | [[package]] 151 | name = "unicode-xid" 152 | version = "0.0.4" 153 | source = "registry+https://github.com/rust-lang/crates.io-index" 154 | 155 | [[package]] 156 | name = "void" 157 | version = "1.0.2" 158 | source = "registry+https://github.com/rust-lang/crates.io-index" 159 | 160 | [[package]] 161 | name = "winapi" 162 | version = "0.2.8" 163 | source = "registry+https://github.com/rust-lang/crates.io-index" 164 | 165 | [[package]] 166 | name = "winapi-build" 167 | version = "0.1.1" 168 | source = "registry+https://github.com/rust-lang/crates.io-index" 169 | 170 | [metadata] 171 | "checksum bincode 1.0.0-alpha7 (registry+https://github.com/rust-lang/crates.io-index)" = "0b59e448d990f22ba554bc162da49bb5f8636eaffe3fabd085398f356865f127" 172 | "checksum bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "aad18937a628ec6abcd26d1489012cc0e18c21798210f491af69ded9b881106d" 173 | "checksum byteorder 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c40977b0ee6b9885c9013cd41d9feffdd22deb3bb4dc3a71d901cc7a77de18c8" 174 | "checksum cfg-if 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "de1e760d7b6535af4241fca8bd8adf68e2e7edacc6b29f5d399050c5e48cf88c" 175 | "checksum fs2 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "34edaee07555859dc13ca387e6ae05686bb4d0364c95d649b6dab959511f4baf" 176 | "checksum kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "7507624b29483431c0ba2d82aece8ca6cdba9382bff4ddd0f7490560c056098d" 177 | "checksum lazy_static 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "2f61b8421c7a4648c391611625d56fdd5c7567da05af1be655fd8cacc643abb3" 178 | "checksum libc 0.2.21 (registry+https://github.com/rust-lang/crates.io-index)" = "88ee81885f9f04bff991e306fea7c1c60a5f0f9e409e99f6b40e3311a3363135" 179 | "checksum memmap 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)" = "46f3c7359028b31999287dae4e5047ddfe90a23b7dca2282ce759b491080c99b" 180 | "checksum nix 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "314a973a94409e39b78fa3a9cfb4ec4831791879079af087f64bf01394dc6c03" 181 | "checksum num-traits 0.1.37 (registry+https://github.com/rust-lang/crates.io-index)" = "e1cbfa3781f3fe73dc05321bed52a06d2d491eaa764c52335cf4399f046ece99" 182 | "checksum quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)" = "7a6e920b65c65f10b2ae65c831a81a073a89edd28c7cce89475bff467ab4167a" 183 | "checksum serde 0.9.13 (registry+https://github.com/rust-lang/crates.io-index)" = "231dfd55909400769e437326cfb4af8bec97c3dd56ab3d02df8ef5c7e00f179b" 184 | "checksum serde_codegen_internals 0.14.2 (registry+https://github.com/rust-lang/crates.io-index)" = "bc888bd283bd2420b16ad0d860e35ad8acb21941180a83a189bb2046f9d00400" 185 | "checksum serde_derive 0.9.13 (registry+https://github.com/rust-lang/crates.io-index)" = "d75c72ef4dd193d89eb652b73890fe2489996c9ead8b37980f57a1078f96ed50" 186 | "checksum syn 0.11.10 (registry+https://github.com/rust-lang/crates.io-index)" = "171b739972d9a1bfb169e8077238b51f9ebeaae4ff6e08072f7ba386a8802da2" 187 | "checksum synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)" = "a393066ed9010ebaed60b9eafa373d4b1baac186dd7e008555b0f702b51945b6" 188 | "checksum unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f860d7d29cf02cb2f3f359fd35991af3d30bac52c57d265a3c461074cb4dc" 189 | "checksum void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" 190 | "checksum winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)" = "167dc9d6949a9b857f3451275e911c3f44255842c1f7a76f33c55103a909087a" 191 | "checksum winapi-build 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "2d315eee3b34aca4797b2da6b13ed88266e6d612562a0c46390af8299fc699bc" 192 | -------------------------------------------------------------------------------- /Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "sandcrust" 3 | version = "0.1.0" 4 | authors = ["Benjamin Lamowski "] 5 | #repository = "" 6 | #homepage = "" 7 | #documentation = 8 | keywords = [ "componentization", "compartmentalization", "sandbox", "sandboxing", "C"] 9 | license = "MIT/Apache-2.0" 10 | readme = "README.md" 11 | description = "Automatically execute wrapped functions in a sandboxed process." 12 | 13 | [dependencies] 14 | bincode = { git = "https://github.com/bincode-org/bincode.git", tag = "v1.0.0-alpha7" } 15 | lazy_static = "0.2.6" 16 | libc = "0.2.21" 17 | memmap = { version = "0.5.2", optional = true } 18 | nix = "0.8.0" 19 | serde = "0.9.13" 20 | serde_derive = "0.9.13" 21 | 22 | [dependencies.sandheap] 23 | git = "https://github.com/atopia/sandheap" 24 | 25 | [features] 26 | auto_respawn = [] 27 | shm = ["memmap"] 28 | custom_vec = [] 29 | 30 | [lib] 31 | name = "sandcrust" 32 | path = "src/lib.rs" 33 | -------------------------------------------------------------------------------- /LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /LICENSE-MIT: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014 The Rust Project Developers 2 | 3 | Permission is hereby granted, free of charge, to any 4 | person obtaining a copy of this software and associated 5 | documentation files (the "Software"), to deal in the 6 | Software without restriction, including without 7 | limitation the rights to use, copy, modify, merge, 8 | publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software 10 | is furnished to do so, subject to the following 11 | conditions: 12 | 13 | The above copyright notice and this permission notice 14 | shall be included in all copies or substantial portions 15 | of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF 18 | ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED 19 | TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 20 | PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT 21 | SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 22 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 23 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR 24 | IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 25 | DEALINGS IN THE SOFTWARE. 26 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Sandcrust 2 | Sandcrust (**Sand**boxing **C** in **Rust**) is a library that automatically executes wrapped functions in a sandboxed process. 3 | 4 | This is a highly experimental prototype, **do not use in production!** 5 | 6 | ## License 7 | 8 | Sandcrust is licensed under either of 9 | 10 | * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or 11 | http://www.apache.org/licenses/LICENSE-2.0) 12 | * MIT license ([LICENSE-MIT](LICENSE-MIT) or 13 | http://opensource.org/licenses/MIT) 14 | 15 | at your option. 16 | -------------------------------------------------------------------------------- /examples/workbench.rs: -------------------------------------------------------------------------------- 1 | #[macro_use] 2 | extern crate sandcrust; 3 | 4 | use sandcrust::*; 5 | 6 | sandbox!{ 7 | fn empty() { 8 | println!("so empty!"); 9 | } 10 | } 11 | 12 | sandbox!{ 13 | fn Add() { 14 | println!("so additional!"); 15 | } 16 | } 17 | 18 | sandbox!{ 19 | fn half(bla: i32) { 20 | println!("so full with {}!", bla); 21 | } 22 | } 23 | 24 | sandbox!{ 25 | fn full(bla: i32, blubb: i64) { 26 | println!("so full with {} and {}!", bla, blubb); 27 | } 28 | } 29 | 30 | sandbox!{ 31 | fn base_inc(a: &mut i32) { 32 | *a += 1; 33 | } 34 | } 35 | 36 | sandbox!{ 37 | fn base_ret() -> i32 { 38 | let ret = 23; 39 | ret 40 | } 41 | } 42 | 43 | /* 44 | sandbox!{ 45 | fn sandcrust_bincode(src: &[u8]) -> Vec { 46 | //let refer = &src[..]; 47 | let new = src.to_vec(); 48 | new 49 | } 50 | } 51 | */ 52 | 53 | fn main() { 54 | 55 | // let vector = vec![23u8; 42]; 56 | // let new = sandcrust_bincode(&vector); 57 | // assert_eq!(vector, new); 58 | Add(); 59 | println!("before init"); 60 | sandcrust_init(); 61 | println!("after init"); 62 | half(32); 63 | sandcrust_terminate(); 64 | println!("after terminate"); 65 | full(32, 1); 66 | let mut a: i32 = 23; 67 | println!("after auto-launch"); 68 | sandcrust_init(); 69 | println!("after re-launch"); 70 | base_inc(&mut a); 71 | assert_eq!(a, 24); 72 | let local_ret = base_ret(); 73 | assert_eq!(local_ret, 23); 74 | empty(); 75 | } 76 | -------------------------------------------------------------------------------- /src/lib.rs: -------------------------------------------------------------------------------- 1 | //! Sandcrust (**Sand**boxing **C** in **Rust**) is a library that automatically executes wrapped 2 | //! functions in a sandboxed process. 3 | //! 4 | //! This is a highly experimental prototype, **do not use in production!** 5 | #![warn(missing_docs, missing_debug_implementations, trivial_casts, trivial_numeric_casts, unstable_features, unused_extern_crates, unused_results, unused_import_braces, unused_qualifications, variant_size_differences)] 6 | 7 | extern crate nix; 8 | 9 | extern crate bincode; 10 | extern crate serde; 11 | 12 | extern crate sandheap; 13 | 14 | #[cfg(feature = "shm")] 15 | extern crate memmap; 16 | 17 | 18 | #[allow(unused_imports)] 19 | #[macro_use] 20 | extern crate serde_derive; 21 | 22 | #[macro_use] 23 | extern crate lazy_static; 24 | 25 | use std::os::unix::io::FromRawFd; 26 | use std::os::unix::io::AsRawFd; 27 | 28 | use sandheap as sandbox; 29 | 30 | // wrap pid_t in own type to avoid re-import problems with nix 31 | #[doc(hidden)] 32 | pub type SandcrustPid = ::nix::libc::pid_t; 33 | 34 | // pub use because of https://github.com/rust-lang/rust/issues/31355 35 | #[doc(hidden)] 36 | pub use ::nix::unistd::ForkResult as SandcrustForkResult; 37 | 38 | 39 | // fake data type to implement wrappers on, see below 40 | #[doc(hidden)] 41 | #[derive(Debug)] 42 | pub struct SandcrustWrapper; 43 | 44 | #[doc(hidden)] 45 | pub use serde_derive::*; 46 | 47 | pub use serde::{Serialize, Deserialize}; 48 | 49 | /// Default SHM size for Sandcrust. 50 | /// 51 | /// Initialize with sandcrust_init_with_shm_size() or sandcrust_set_shm_size() to set a different size. 52 | #[cfg(feature = "shm")] 53 | pub static SANDCRUST_DEFAULT_SHM_SIZE: usize = 2097152; 54 | 55 | use std::io::{Read, Write}; 56 | use std::time::Duration; 57 | use std::thread; 58 | 59 | // main data structure for sandcrust 60 | #[doc(hidden)] 61 | #[derive(Debug)] 62 | #[cfg(feature = "shm")] 63 | pub struct Sandcrust { 64 | file_in: std::fs::File, 65 | file_out: std::fs::File, 66 | child: SandcrustPid, 67 | shm: ::memmap::Mmap, 68 | shm_offset: usize, 69 | } 70 | 71 | #[doc(hidden)] 72 | #[derive(Debug)] 73 | #[cfg(not(feature = "shm"))] 74 | pub struct Sandcrust { 75 | file_in: std::io::BufWriter, 76 | file_out: std::io::BufReader, 77 | child: SandcrustPid, 78 | } 79 | 80 | 81 | // lazily initialized global Sandcrust object (via Deref magic) for global sandbox 82 | #[cfg(not(feature = "shm"))] 83 | lazy_static! { 84 | #[doc(hidden)] 85 | #[derive(Debug)] 86 | pub static ref SANDCRUST: ::std::sync::Arc<::std::sync::Mutex> = { 87 | std::sync::Arc::new(std::sync::Mutex::new(Sandcrust::fork_new())) 88 | }; 89 | } 90 | 91 | #[cfg(feature = "shm")] 92 | lazy_static! { 93 | #[doc(hidden)] 94 | #[derive(Debug)] 95 | pub static ref SANDCRUST: ::std::sync::Arc<::std::sync::Mutex> = { 96 | std::sync::Arc::new(std::sync::Mutex::new(Sandcrust::fork_new())) 97 | }; 98 | static ref SANDCRUST_SHM_SIZE: ::std::sync::Mutex = ::std::sync::Mutex::new(SANDCRUST_DEFAULT_SHM_SIZE); 99 | } 100 | 101 | 102 | // Necessary, because once the child is initialized, we need a lightweight, non-locking check to 103 | // run the original function. 104 | // Changing this is protected by SANDCRUST's mutex. 105 | #[doc(hidden)] 106 | pub static mut SANDCRUST_INITIALIZED_CHILD: bool = false; 107 | 108 | 109 | impl Sandcrust { 110 | /// New Sandcrust object for one time use. 111 | pub fn new() -> Sandcrust { 112 | let (fd_out, fd_in) = nix::unistd::pipe().expect("sandcrust: failed to set up pipe"); 113 | 114 | #[cfg(feature = "shm")] 115 | let size = SANDCRUST_SHM_SIZE 116 | .lock() 117 | .expect("sandcrust: failed to lock SANDCRUST_SHM_SIZE"); 118 | 119 | #[cfg(feature = "shm")] 120 | let sandcrust = Sandcrust { 121 | file_in: unsafe { ::std::fs::File::from_raw_fd(fd_in) }, 122 | file_out: unsafe { ::std::fs::File::from_raw_fd(fd_out) }, 123 | child: 0, 124 | shm: memmap::Mmap::anonymous(*size, ::memmap::Protection::ReadWrite).expect("sandcrust: failed to set up SHM"), 125 | shm_offset: 0, 126 | }; 127 | #[cfg(not(feature = "shm"))] 128 | let sandcrust = Sandcrust { 129 | file_in: std::io::BufWriter::new(unsafe { ::std::fs::File::from_raw_fd(fd_in) }), 130 | file_out: std::io::BufReader::new(unsafe { ::std::fs::File::from_raw_fd(fd_out) }), 131 | child: 0, 132 | }; 133 | sandcrust 134 | } 135 | 136 | /// New Sandcrust object for global use. 137 | /// 138 | /// Creates a pipe of pairs, forks and returns Sandcrust objects with the appropriate pipe 139 | /// ends bound to file_in and file_out. 140 | pub fn fork_new() -> Sandcrust { 141 | let (child_cmd_receive, parent_cmd_send) = 142 | ::nix::unistd::pipe().expect("sandcrust: failed to set up pipe"); 143 | let (parent_result_receive, child_result_send) = 144 | ::nix::unistd::pipe().expect("sandcrust: failed to set up pipe"); 145 | 146 | #[cfg(feature = "shm")] 147 | let size = SANDCRUST_SHM_SIZE 148 | .lock() 149 | .expect("sandcrust: failed to lock SANDCRUST_SHM_SIZE"); 150 | 151 | #[cfg(feature = "shm")] 152 | let shm = memmap::Mmap::anonymous(*size, ::memmap::Protection::ReadWrite).expect("sandcrust: failed to set up SHM"); 153 | // get pid to check for parent termination 154 | let ppid = ::nix::unistd::getpid(); 155 | let sandcrust = match ::nix::unistd::fork() { 156 | Ok(::nix::unistd::ForkResult::Parent { child, .. }) => { 157 | ::nix::unistd::close(child_cmd_receive).expect("sandcrust: failed to close unused child read FD"); 158 | ::nix::unistd::close(child_result_send).expect("sandcrust: failed to close unused child write FD"); 159 | #[cfg(feature = "shm")] 160 | let sandcrust = Sandcrust { 161 | file_in: unsafe { ::std::fs::File::from_raw_fd(parent_cmd_send) }, 162 | file_out: unsafe { ::std::fs::File::from_raw_fd(parent_result_receive) }, 163 | child: child, 164 | shm: shm, 165 | shm_offset: 0, 166 | }; 167 | #[cfg(not(feature = "shm"))] 168 | let sandcrust = Sandcrust { 169 | file_in: std::io::BufWriter::new(unsafe { ::std::fs::File::from_raw_fd(parent_cmd_send) }), 170 | file_out: std::io::BufReader::new( unsafe { ::std::fs::File::from_raw_fd(parent_result_receive) }), 171 | child: child, 172 | }; 173 | sandcrust 174 | } 175 | Ok(::nix::unistd::ForkResult::Child) => { 176 | // On Linux, instruct the kernel to kill the child when parent exits. 177 | // Compare recorded PID to current parent process ID to eliminate race condition. 178 | // Solution courtesy of 179 | // https://stackoverflow.com/questions/284325/how-to-make-child-process-die-after-parent-exits 180 | #[cfg(target_os="linux")] 181 | { 182 | unsafe { 183 | if 0 != 184 | ::nix::libc::prctl(::nix::libc::PR_SET_PDEATHSIG, ::nix::libc::SIGHUP) { 185 | panic!("Setting prctl() failed!"); 186 | } 187 | } 188 | if ::nix::unistd::getppid() != ppid { 189 | ::std::process::exit(0); 190 | } 191 | } 192 | 193 | // on Unices other that Linux, poll for parent exit every 10 seconds 194 | // During normal operation this threat gets cleaned up on exit. 195 | #[cfg(all(not(target_os="linux"),unix))] 196 | thread::spawn(move || loop { 197 | if ::nix::unistd::getppid() != ppid { 198 | ::std::process::exit(0); 199 | } 200 | thread::sleep(Duration::from_secs(10)); 201 | }); 202 | 203 | // We overload the meaning of file_in / file_out for parent and child here, which is 204 | // not nice but enables the reuse of some methods. 205 | ::nix::unistd::close(parent_cmd_send).expect("sandcrust: failed to close unused parent write FD"); 206 | ::nix::unistd::close(parent_result_receive).expect("sandcrust: failed to close unused parent read FD"); 207 | 208 | #[cfg(feature = "shm")] 209 | let sandcrust = Sandcrust { 210 | file_in: unsafe { ::std::fs::File::from_raw_fd(child_result_send) }, 211 | file_out: unsafe { ::std::fs::File::from_raw_fd(child_cmd_receive) }, 212 | child: 0, 213 | shm: shm, 214 | shm_offset: 0, 215 | }; 216 | 217 | #[cfg(not(feature = "shm"))] 218 | let sandcrust = Sandcrust { 219 | file_in: std::io::BufWriter::new(unsafe { ::std::fs::File::from_raw_fd(child_result_send) }), 220 | file_out: std::io::BufReader::new(unsafe { ::std::fs::File::from_raw_fd(child_cmd_receive) }), 221 | child: 0, 222 | }; 223 | sandcrust 224 | } 225 | Err(e) => panic!("sandcrust: fork() failed with error {}", e), 226 | }; 227 | sandcrust 228 | } 229 | 230 | 231 | /// Check if the process is unintialized child process and run child loop. 232 | /// 233 | /// As noted above, modifications to static mut SANDCRUST_INITIALIZED_CHILD are protected by the mutex 234 | /// held on the global Sandcrust object. 235 | pub fn initialize_child(&mut self) { 236 | if !unsafe { SANDCRUST_INITIALIZED_CHILD } && self.child == -1 { 237 | // Sandbox was terminated, respawn if feature enabled, else fail 238 | #[cfg(feature = "auto_respawn")] 239 | self.respawn(); 240 | #[cfg(not(feature = "auto_respawn"))] 241 | panic!("attempted to call sandboxed function after Sandbox termination"); 242 | } 243 | if !unsafe { SANDCRUST_INITIALIZED_CHILD } && self.child == 0 { 244 | unsafe { SANDCRUST_INITIALIZED_CHILD = true }; 245 | self.run_child_loop(); 246 | } 247 | } 248 | 249 | 250 | /// Wrapper to set up an external sandbox. 251 | pub fn setup_sandbox(&self) { 252 | #[cfg(not(feature = "shm"))] 253 | { 254 | let file_in = self.file_in.get_ref().as_raw_fd(); 255 | let file_out = self.file_out.get_ref().as_raw_fd(); 256 | sandbox::setup(file_in, file_out); 257 | } 258 | #[cfg(feature = "shm")] 259 | { 260 | let file_in = self.file_in.as_raw_fd(); 261 | let file_out = self.file_out.as_raw_fd(); 262 | sandbox::setup(file_in, file_out); 263 | } 264 | } 265 | 266 | 267 | /// Client side loop. 268 | /// 269 | /// Take unsigned number from comand pipe, convert to function pointer and run it. 270 | /// If command number is 0, exit the child process. 271 | fn run_child_loop(&mut self) { 272 | self.setup_sandbox(); 273 | loop { 274 | let func: fn(&mut Sandcrust) = self.get_func_ptr(); 275 | func(self); 276 | } 277 | } 278 | 279 | 280 | /// Waits for process with child pid. 281 | pub fn join_child(&mut self) { 282 | match nix::sys::wait::waitpid(self.child, None) { 283 | Ok(_) => self.child = -1, 284 | Err(e) => panic!("sandcrust waitpid() failed with error {}", e), 285 | } 286 | } 287 | 288 | 289 | /// Put variable in pipe. 290 | #[cfg(not(feature = "shm"))] 291 | pub fn put_var(&mut self, var: T) { 292 | ::bincode::serialize_into(&mut self.file_in, 293 | &var, 294 | ::bincode::Infinite) 295 | .expect("sandcrust: failed to put variable in fifo"); 296 | } 297 | 298 | #[cfg(feature = "shm")] 299 | pub fn put_var(&mut self, var: T) { 300 | let remaining_mem: usize = self.shm.len() - self.shm_offset; 301 | 302 | match ::bincode::serialized_size_bounded(&var, remaining_mem as u64) { 303 | Some(size) => { 304 | let mut mem = unsafe { self.shm.as_mut_slice() }; 305 | let mut window = &mut mem[self.shm_offset..]; 306 | ::bincode::serialize_into(&mut window, 307 | &var, 308 | ::bincode::Bounded(remaining_mem as u64)) 309 | .expect("sandcrust: failed to put variable in shm"); 310 | self.shm_offset += size as usize; 311 | } 312 | None => panic!("sandcrust: SHM out of memory!"), 313 | } 314 | } 315 | 316 | 317 | /// Get variable. 318 | #[cfg(not(feature = "shm"))] 319 | pub fn restore_var(&mut self) -> T { 320 | ::bincode::deserialize_from(&mut self.file_out, ::bincode::Infinite) 321 | .expect("sandcrust: failed to read variable from fifo") 322 | } 323 | 324 | 325 | #[cfg(feature = "shm")] 326 | pub fn restore_var(&mut self) -> T { 327 | let mem = unsafe { self.shm.as_slice() }; 328 | let window = &mem[self.shm_offset..]; 329 | ::bincode::deserialize(window).expect("sandcrust: failed to read variable from shm") 330 | } 331 | 332 | 333 | /// Reset SHM offset. 334 | #[cfg(feature = "shm")] 335 | pub fn reset_shm_offset(&mut self) { 336 | self.shm_offset = 0; 337 | } 338 | 339 | 340 | /// Update SHM offset with size of var. 341 | #[cfg(feature = "shm")] 342 | pub fn update_shm_offset(&mut self, var: T) { 343 | self.shm_offset += ::bincode::serialized_size(&var) as usize; 344 | } 345 | 346 | 347 | /// Wait for return signal from child. 348 | pub fn await_return(&mut self) { 349 | let mut buf = [0u8]; 350 | let _ = self.file_out 351 | .read(&mut buf) 352 | .expect("sandcrust: failed to read ready-signal"); 353 | } 354 | 355 | 356 | /// Signal sucessful IPC return to parent. 357 | pub fn signal_return(&mut self) { 358 | let _ = self.file_in 359 | .write_all(b"1") 360 | .expect("sandcrust: ready-signal write failed"); 361 | } 362 | 363 | 364 | /// Transmit function pointer to child. 365 | pub fn put_func_ptr(&mut self, func: fn(&mut Sandcrust)) { 366 | unsafe { 367 | let func_ptr: *const u8 = ::std::mem::transmute(func); 368 | #[cfg(target_pointer_width = "32")] 369 | let buf: [u8; 4] = std::mem::transmute(func_ptr); 370 | #[cfg(target_pointer_width = "64")] 371 | let buf: [u8; 8] = std::mem::transmute(func_ptr); 372 | let _ = self.file_in 373 | .write_all(&buf) 374 | .expect("sandcrust: failed to send func ptr"); 375 | } 376 | } 377 | 378 | 379 | /// Receive function pointer. 380 | pub fn get_func_ptr(&mut self) -> fn(&mut Sandcrust) { 381 | #[cfg(target_pointer_width = "32")] 382 | let mut buf = [0u8; 4]; 383 | #[cfg(target_pointer_width = "64")] 384 | let mut buf = [0u8; 8]; 385 | self.file_out 386 | .read_exact(&mut buf) 387 | .expect("sandcrust: failed to read func ptr"); 388 | let func_ptr: *const u8 = unsafe { std::mem::transmute(buf) }; 389 | let func: fn(&mut Sandcrust) = unsafe { std::mem::transmute(func_ptr) }; 390 | func 391 | } 392 | 393 | 394 | /// Custom put function for byte vectors. 395 | #[cfg(all(feature = "custom_vec", not(feature = "shm")))] 396 | pub fn put_byte_vector(&mut self, vector: &[u8]) { 397 | let size = vector.len(); 398 | 399 | // put size first 400 | let size_u64 = size as u64; 401 | let size_arr: [u8; 8] = unsafe { std::mem::transmute(size_u64) }; 402 | let _ = self.file_in 403 | .write_all(&size_arr) 404 | .expect("sandcrust: failed to send vector size"); 405 | 406 | // put data 407 | let _ = self.file_in 408 | .write_all(&vector[..]) 409 | .expect("sandcrust: failed to send vector data"); 410 | } 411 | 412 | #[cfg(all(feature = "custom_vec", feature = "shm"))] 413 | pub fn put_byte_vector(&mut self, vector: &[u8]) { 414 | let size = vector.len(); 415 | 416 | // check remaining memory 417 | let remaining_mem: usize = self.shm.len() - self.shm_offset; 418 | if remaining_mem < (size + 8) { 419 | panic!("sandcrust: too little remaining memory to put vector"); 420 | } 421 | 422 | let mut mem = unsafe { self.shm.as_mut_slice() }; 423 | 424 | // put size first 425 | { 426 | let size_u64 = size as u64; 427 | let size_arr: [u8; 8] = unsafe { std::mem::transmute(size_u64) }; 428 | let end = self.shm_offset + 8; 429 | let mut window = &mut mem[self.shm_offset..end]; 430 | window.copy_from_slice(&size_arr); 431 | self.shm_offset += 8; 432 | } 433 | 434 | // put data 435 | let end = self.shm_offset + size; 436 | let mut window = &mut mem[self.shm_offset..end]; 437 | window.copy_from_slice(&vector); 438 | self.shm_offset += size; 439 | } 440 | 441 | 442 | /// Custom restore function for byte vectors. 443 | #[cfg(all(feature = "custom_vec", feature = "shm"))] 444 | pub fn restore_byte_vector(&mut self) -> Vec { 445 | // restore size 446 | let mem = unsafe { self.shm.as_mut_slice() }; 447 | let end = self.shm_offset + 8; 448 | let window = &mem[self.shm_offset..end]; 449 | // necessary, because a slice is a pointer and a size 450 | let mut size_arr: [u8; 8] = [0u8; 8]; 451 | size_arr.copy_from_slice(&window); 452 | let size_u64: u64 = unsafe { std::mem::transmute(size_arr) }; 453 | let size = size_u64 as usize; 454 | 455 | self.shm_offset += 8; 456 | 457 | // fill new vector 458 | let mut new_vec = vec![0u8; size]; 459 | { 460 | let vec_slice = &mut new_vec[..]; 461 | let end = self.shm_offset + size; 462 | let window = &mem[self.shm_offset..end]; 463 | vec_slice.copy_from_slice(window); 464 | } 465 | self.shm_offset += size; 466 | new_vec 467 | } 468 | 469 | /// Custom restore function for byte vectors. 470 | #[cfg(all(feature = "custom_vec", not(feature = "shm")))] 471 | pub fn restore_byte_vector(&mut self) -> Vec { 472 | // restore size 473 | let mut buf = [0u8; 8]; 474 | self.file_out 475 | .read_exact(&mut buf) 476 | .expect("sandcrust: failed to read vector size"); 477 | let size_u64: u64 = unsafe { std::mem::transmute(buf) }; 478 | let size = size_u64 as usize; 479 | 480 | // fill new vector 481 | let mut new_vec = vec![0u8; size]; 482 | self.file_out 483 | .read_exact(&mut new_vec[..]) 484 | .expect("sandcrust: failed to read func ptr"); 485 | new_vec 486 | } 487 | 488 | 489 | /// Send pointer to 'child_terminate' to child loop, causing child to shut down, and collect 490 | /// the child's exit status. 491 | pub fn terminate_child(&mut self) { 492 | let func: fn(&mut Sandcrust) = child_terminate; 493 | self.put_func_ptr(func); 494 | #[cfg(not(feature = "shm"))] 495 | self.flush_pipe(); 496 | self.join_child(); 497 | } 498 | 499 | 500 | /// Set child attribute to acquired value. 501 | pub fn set_child(&mut self, child: SandcrustPid) { 502 | self.child = child; 503 | } 504 | 505 | 506 | /// Respawn sandcrust, setting up new Sandbox. 507 | fn respawn(&mut self) { 508 | let new_sandcrust = Sandcrust::fork_new(); 509 | self.file_in = new_sandcrust.file_in; 510 | self.file_out = new_sandcrust.file_out; 511 | self.child = new_sandcrust.child; 512 | #[cfg(feature = "shm")] 513 | { 514 | self.shm = new_sandcrust.shm; 515 | self.shm_offset = 0; 516 | } 517 | } 518 | 519 | 520 | /// Wrap fork for use in one-time sandbox macro to avoid exporting nix. 521 | pub fn fork(&self) -> Result { 522 | nix::unistd::fork() 523 | } 524 | 525 | 526 | /// Flush Writer pipe to clear buffer. 527 | #[cfg(not(feature = "shm"))] 528 | pub fn flush_pipe(&mut self) { 529 | self.file_in 530 | .flush() 531 | .expect("sandcrust: write flush failed"); 532 | } 533 | } 534 | 535 | 536 | /// Store potentially changed vars into the pipe from child to parent. 537 | #[doc(hidden)] 538 | #[macro_export] 539 | #[cfg(not(feature = "custom_vec"))] 540 | macro_rules! sandcrust_store_changed_vars_global { 541 | ($sandcrust:ident, $head:ident : &mut $var_type:ty) => { $sandcrust.put_var(&$head); }; 542 | ($sandcrust:ident, $head:ident : &mut $var_type:ty, $($tail:tt)+) => { 543 | $sandcrust.put_var(&$head); 544 | sandcrust_store_changed_vars_global!($sandcrust, $($tail)+); 545 | }; 546 | ($sandcrust:ident, $head:ident : &$var_type:ty) => { }; 547 | ($sandcrust:ident, $head:ident : &$var_type:ty, $($tail:tt)+) => { 548 | sandcrust_store_changed_vars_global!($sandcrust, $($tail)+); 549 | }; 550 | ($sandcrust:ident, $head:ident : $var_type:ty, $($tail:tt)+) => { 551 | sandcrust_store_changed_vars_global!($sandcrust, $($tail)+); 552 | }; 553 | ($sandcrust:ident, $head:ident : $var_type:ty ) => { }; 554 | ($sandcrust:ident, mut $head:ident : $var_type:ty ) => { }; 555 | ($sandcrust:ident, mut $head:ident : $var_type:ty, $($tail:tt)+) => { 556 | sandcrust_store_changed_vars_global!($sandcrust, $($tail)+); 557 | }; 558 | ($sandcrust:ident, ) => {}; 559 | } 560 | 561 | #[doc(hidden)] 562 | #[macro_export] 563 | #[cfg(feature = "custom_vec")] 564 | macro_rules! sandcrust_store_changed_vars_global { 565 | ($sandcrust:ident, $head:ident : &mut Vec) => { $sandcrust.put_byte_vector(&$head); }; 566 | ($sandcrust:ident, $head:ident : &mut Vec, $($tail:tt)+) => { 567 | $sandcrust.put_byte_vector(&$head); 568 | sandcrust_store_changed_vars_global!($sandcrust, $($tail)+); 569 | }; 570 | ($sandcrust:ident, $head:ident : &mut $var_type:ty) => { $sandcrust.put_var(&$head); }; 571 | ($sandcrust:ident, $head:ident : &mut $var_type:ty, $($tail:tt)+) => { 572 | $sandcrust.put_var(&$head); 573 | sandcrust_store_changed_vars_global!($sandcrust, $($tail)+); 574 | }; 575 | ($sandcrust:ident, $head:ident : &$var_type:ty) => { }; 576 | ($sandcrust:ident, $head:ident : &$var_type:ty, $($tail:tt)+) => { 577 | sandcrust_store_changed_vars_global!($sandcrust, $($tail)+); 578 | }; 579 | ($sandcrust:ident, $head:ident : $var_type:ty, $($tail:tt)+) => { 580 | sandcrust_store_changed_vars_global!($sandcrust, $($tail)+); 581 | }; 582 | ($sandcrust:ident, $head:ident : $var_type:ty ) => { }; 583 | ($sandcrust:ident, mut $head:ident : $var_type:ty ) => { }; 584 | ($sandcrust:ident, mut $head:ident : $var_type:ty, $($tail:tt)+) => { 585 | sandcrust_store_changed_vars_global!($sandcrust, $($tail)+); 586 | }; 587 | ($sandcrust:ident, ) => {}; 588 | } 589 | 590 | #[doc(hidden)] 591 | #[macro_export] 592 | macro_rules! sandcrust_store_changed_vars { 593 | ($sandcrust:ident, &mut $head:ident) => { $sandcrust.put_var($head); }; 594 | ($sandcrust:ident, &mut $head:ident, $($tail:tt)*) => { 595 | $sandcrust.put_var($head); 596 | sandcrust_store_changed_vars!($sandcrust, $($tail)*); 597 | }; 598 | ($sandcrust:ident, &$head:ident) => { }; 599 | ($sandcrust:ident, &$head:ident, $($tail:tt)+) => { 600 | sandcrust_store_changed_vars!($sandcrust, $($tail)*); 601 | }; 602 | // actually, the stmt match (for directly passing values) is greedy and will match the next ident, too 603 | ($sandcrust:ident, $head:stmt) => { }; 604 | ($sandcrust:ident, $head:stmt, $($tail:tt)+) => { 605 | sandcrust_store_changed_vars!($sandcrust, $($tail)*); 606 | }; 607 | ($sandcrust:ident, $head:ident) => { }; 608 | ($sandcrust:ident, $head:ident, $($tail:tt)+) => { 609 | sandcrust_store_changed_vars!($sandcrust, $($tail)*); 610 | }; 611 | ($sandcrust:ident, ) => {}; 612 | } 613 | 614 | 615 | /// Restore potentially changed vars from pipe in the parent after IPC call. 616 | #[doc(hidden)] 617 | #[macro_export] 618 | #[cfg(not(feature = "shm"))] 619 | macro_rules! sandcrust_restore_changed_vars { 620 | // only restore mut types 621 | ($sandcrust:ident, &mut $head:ident) => { 622 | $head = $sandcrust.restore_var(); 623 | }; 624 | ($sandcrust:ident, &mut $head:ident, $($tail:tt)+) => { 625 | $head = $sandcrust.restore_var(); 626 | sandcrust_restore_changed_vars!($sandcrust, $($tail)+); 627 | }; 628 | ($sandcrust:ident, &$head:ident) => { }; 629 | ($sandcrust:ident, &$head:ident, $($tail:tt)+) => { sandcrust_restore_changed_vars!($sandcrust, $($tail)+); }; 630 | // actually, the stmt match (for directly passing values) is greedy and will match the next ident, too 631 | ($sandcrust:ident, $head:stmt) => { }; 632 | ($sandcrust:ident, $head:stmt, $($tail:tt)+) => { sandcrust_restore_changed_vars!($sandcrust, $($tail)+); }; 633 | ($sandcrust:ident, $head:ident) => { }; 634 | ($sandcrust:ident, $head:ident, $($tail:tt)+) => { sandcrust_restore_changed_vars!($sandcrust, $($tail)+); }; 635 | ($sandcrust:ident, ) => {}; 636 | } 637 | 638 | #[doc(hidden)] 639 | #[macro_export] 640 | #[cfg(feature = "shm")] 641 | macro_rules! sandcrust_restore_changed_vars { 642 | // only restore mut types 643 | ($sandcrust:ident, &mut $head:ident) => { 644 | $head = $sandcrust.restore_var(); 645 | $sandcrust.update_shm_offset(&$head); 646 | }; 647 | ($sandcrust:ident, &mut $head:ident, $($tail:tt)+) => { 648 | $head = $sandcrust.restore_var(); 649 | $sandcrust.update_shm_offset(&$head); 650 | sandcrust_restore_changed_vars!($sandcrust, $($tail)+); 651 | }; 652 | ($sandcrust:ident, &$head:ident) => { }; 653 | ($sandcrust:ident, &$head:ident, $($tail:tt)+) => { sandcrust_restore_changed_vars!($sandcrust, $($tail)+); }; 654 | // actually, the stmt match (for directly passing values) is greedy and will match the next ident, too 655 | ($sandcrust:ident, $head:stmt) => { }; 656 | ($sandcrust:ident, $head:stmt, $($tail:tt)+) => { sandcrust_restore_changed_vars!($sandcrust, $($tail)+); }; 657 | ($sandcrust:ident, $head:ident) => { }; 658 | ($sandcrust:ident, $head:ident, $($tail:tt)+) => { sandcrust_restore_changed_vars!($sandcrust, $($tail)+); }; 659 | ($sandcrust:ident, ) => {}; 660 | } 661 | 662 | 663 | /// Restore potentially changed vars from pipe in the parent after IPC call. 664 | /// 665 | /// Global version - this would be a merge candidate with sandcrust_restore_changed_vars, 666 | /// but inside the function &mut vars need to be dereferenced. 667 | #[doc(hidden)] 668 | #[macro_export] 669 | #[cfg(all(feature = "custom_vec", not(feature = "shm")))] 670 | macro_rules! sandcrust_restore_changed_vars_global { 671 | ($sandcrust:ident, $head:ident : &mut Vec) => { 672 | *$head = $sandcrust.restore_byte_vector(); 673 | }; 674 | ($sandcrust:ident, $head:ident : &mut Vec, $($tail:tt)+) => { 675 | *$head = $sandcrust.restore_byte_vector(); 676 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 677 | }; 678 | ($sandcrust:ident, $head:ident : &mut $var_type:ty) => { 679 | *$head = $sandcrust.restore_var(); 680 | }; 681 | ($sandcrust:ident, $head:ident : &mut $var_type:ty, $($tail:tt)+) => { 682 | *$head = $sandcrust.restore_var(); 683 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 684 | }; 685 | ($sandcrust:ident, $head:ident : &$var_type:ty) => { }; 686 | ($sandcrust:ident, $head:ident : &$var_type:ty, $($tail:tt)+) => { 687 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 688 | }; 689 | ($sandcrust:ident, $head:ident : $var_type:ty, $($tail:tt)+) => { 690 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 691 | }; 692 | ($sandcrust:ident, mut $head:ident : $var_type:ty ) => { }; 693 | ($sandcrust:ident, mut $head:ident : $var_type:ty, $($tail:tt)+) => { 694 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 695 | }; 696 | ($sandcrust:ident, $head:ident : $var_type:ty ) => { }; 697 | ($sandcrust:ident, ) => {}; 698 | } 699 | 700 | #[doc(hidden)] 701 | #[macro_export] 702 | #[cfg(all(feature = "custom_vec", feature = "shm"))] 703 | macro_rules! sandcrust_restore_changed_vars_global { 704 | ($sandcrust:ident, $head:ident : &mut Vec) => { 705 | *$head = $sandcrust.restore_byte_vector(); 706 | }; 707 | ($sandcrust:ident, $head:ident : &mut Vec, $($tail:tt)+) => { 708 | *$head = $sandcrust.restore_byte_vector(); 709 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 710 | }; 711 | ($sandcrust:ident, $head:ident : &mut $var_type:ty) => { 712 | *$head = $sandcrust.restore_var(); 713 | $sandcrust.update_shm_offset($head); 714 | }; 715 | ($sandcrust:ident, $head:ident : &mut $var_type:ty, $($tail:tt)+) => { 716 | *$head = $sandcrust.restore_var(); 717 | $sandcrust.update_shm_offset($head); 718 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 719 | }; 720 | ($sandcrust:ident, $head:ident : &$var_type:ty) => { }; 721 | ($sandcrust:ident, $head:ident : &$var_type:ty, $($tail:tt)+) => { 722 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 723 | }; 724 | ($sandcrust:ident, $head:ident : $var_type:ty, $($tail:tt)+) => { 725 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 726 | }; 727 | ($sandcrust:ident, mut $head:ident : $var_type:ty ) => { }; 728 | ($sandcrust:ident, mut $head:ident : $var_type:ty, $($tail:tt)+) => { 729 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 730 | }; 731 | ($sandcrust:ident, $head:ident : $var_type:ty ) => { }; 732 | ($sandcrust:ident, ) => {}; 733 | } 734 | 735 | #[doc(hidden)] 736 | #[macro_export] 737 | #[cfg(all(not(feature = "shm"), not(feature = "custom_vec")))] 738 | macro_rules! sandcrust_restore_changed_vars_global { 739 | ($sandcrust:ident, $head:ident : &mut $var_type:ty) => { 740 | *$head = $sandcrust.restore_var(); 741 | }; 742 | ($sandcrust:ident, $head:ident : &mut $var_type:ty, $($tail:tt)+) => { 743 | *$head = $sandcrust.restore_var(); 744 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 745 | }; 746 | ($sandcrust:ident, $head:ident : &$var_type:ty) => { }; 747 | ($sandcrust:ident, $head:ident : &$var_type:ty, $($tail:tt)+) => { 748 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 749 | }; 750 | ($sandcrust:ident, $head:ident : $var_type:ty, $($tail:tt)+) => { 751 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 752 | }; 753 | ($sandcrust:ident, mut $head:ident : $var_type:ty ) => { }; 754 | ($sandcrust:ident, mut $head:ident : $var_type:ty, $($tail:tt)+) => { 755 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 756 | }; 757 | ($sandcrust:ident, $head:ident : $var_type:ty ) => { }; 758 | ($sandcrust:ident, ) => {}; 759 | } 760 | 761 | #[doc(hidden)] 762 | #[macro_export] 763 | #[cfg(all(feature = "shm", not(feature = "custom_vec")))] 764 | macro_rules! sandcrust_restore_changed_vars_global { 765 | ($sandcrust:ident, $head:ident : &mut $var_type:ty) => { 766 | *$head = $sandcrust.restore_var(); 767 | $sandcrust.update_shm_offset($head); 768 | }; 769 | ($sandcrust:ident, $head:ident : &mut $var_type:ty, $($tail:tt)+) => { 770 | *$head = $sandcrust.restore_var(); 771 | $sandcrust.update_shm_offset($head); 772 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 773 | }; 774 | ($sandcrust:ident, $head:ident : &$var_type:ty) => { }; 775 | ($sandcrust:ident, $head:ident : &$var_type:ty, $($tail:tt)+) => { 776 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 777 | }; 778 | ($sandcrust:ident, $head:ident : $var_type:ty, $($tail:tt)+) => { 779 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 780 | }; 781 | ($sandcrust:ident, mut $head:ident : $var_type:ty ) => { }; 782 | ($sandcrust:ident, mut $head:ident : $var_type:ty, $($tail:tt)+) => { 783 | sandcrust_restore_changed_vars_global!($sandcrust, $($tail)+); 784 | }; 785 | ($sandcrust:ident, $head:ident : $var_type:ty ) => { }; 786 | ($sandcrust:ident, ) => {}; 787 | } 788 | 789 | 790 | /// Push function arguments to global client in case they have changed since forking. 791 | #[doc(hidden)] 792 | #[macro_export] 793 | #[cfg(not(feature = "custom_vec"))] 794 | macro_rules! sandcrust_push_function_args { 795 | ($sandcrust:ident, $head:ident : &mut $var_type:ty) => { $sandcrust.put_var(&*$head); }; 796 | ($sandcrust:ident, $head:ident : &mut $var_type:ty, $($tail:tt)+) => { 797 | $sandcrust.put_var(&*$head); 798 | sandcrust_push_function_args!($sandcrust, $($tail)+); 799 | }; 800 | ($sandcrust:ident, $head:ident : &$var_type:ty) => { $sandcrust.put_var($head); }; 801 | ($sandcrust:ident, $head:ident : &$var_type:ty, $($tail:tt)+) => { 802 | $sandcrust.put_var($head); 803 | sandcrust_push_function_args!($sandcrust, $($tail)+); 804 | }; 805 | ($sandcrust:ident, $head:ident : $var_type:ty, $($tail:tt)+) => { 806 | $sandcrust.put_var($head); 807 | sandcrust_push_function_args!($sandcrust, $($tail)+); 808 | }; 809 | ($sandcrust:ident, $head:ident : $var_type:ty ) => { 810 | $sandcrust.put_var($head); 811 | }; 812 | ($sandcrust:ident, mut $head:ident : $var_type:ty ) => { $sandcrust.put_var($head); }; 813 | ($sandcrust:ident, mut $head:ident : $var_type:ty, $($tail:tt)+) => { 814 | $sandcrust.put_var($head); 815 | sandcrust_push_function_args!($sandcrust, $($tail)+); 816 | }; 817 | ($sandcrust:ident, ) => {}; 818 | } 819 | 820 | #[doc(hidden)] 821 | #[macro_export] 822 | #[cfg(feature = "custom_vec")] 823 | macro_rules! sandcrust_push_function_args { 824 | ($sandcrust:ident, $head:ident : &mut [u8]) => { $sandcrust.put_byte_vector(&*$head); }; 825 | ($sandcrust:ident, $head:ident : &mut [u8], $($tail:tt)+) => { 826 | $sandcrust.put_byte_vector(&*$head); 827 | sandcrust_push_function_args!($sandcrust, $($tail)+); 828 | }; 829 | ($sandcrust:ident, $head:ident : &[u8]) => { $sandcrust.put_byte_vector($head); }; 830 | ($sandcrust:ident, $head:ident : &[u8], $($tail:tt)+) => { 831 | $sandcrust.put_byte_vector($head); 832 | sandcrust_push_function_args!($sandcrust, $($tail)+); 833 | }; 834 | ($sandcrust:ident, $head:ident : &mut Vec) => { $sandcrust.put_byte_vector(&*$head); }; 835 | ($sandcrust:ident, $head:ident : &mut Vec, $($tail:tt)+) => { 836 | $sandcrust.put_byte_vector(&*$head); 837 | sandcrust_push_function_args!($sandcrust, $($tail)+); 838 | }; 839 | ($sandcrust:ident, $head:ident : &Vec) => { $sandcrust.put_byte_vector($head); }; 840 | ($sandcrust:ident, $head:ident : &Vec, $($tail:tt)+) => { 841 | $sandcrust.put_byte_vector($head); 842 | sandcrust_push_function_args!($sandcrust, $($tail)+); 843 | }; 844 | ($sandcrust:ident, $head:ident : Vec, $($tail:tt)+) => { 845 | $sandcrust.put_byte_vector(&$head); 846 | sandcrust_push_function_args!($sandcrust, $($tail)+); 847 | }; 848 | ($sandcrust:ident, $head:ident : Vec ) => { 849 | $sandcrust.put_byte_vector(&$head); 850 | }; 851 | ($sandcrust:ident, mut $head:ident : Vec, $($tail:tt)+) => { 852 | $sandcrust.put_byte_vector(&$head); 853 | sandcrust_push_function_args!($sandcrust, $($tail)+); 854 | }; 855 | ($sandcrust:ident, mut $head:ident : Vec ) => { 856 | $sandcrust.put_byte_vector(&$head); 857 | }; 858 | ($sandcrust:ident, $head:ident : &mut $var_type:ty) => { $sandcrust.put_var(&*$head); }; 859 | ($sandcrust:ident, $head:ident : &mut $var_type:ty, $($tail:tt)+) => { 860 | $sandcrust.put_var(&*$head); 861 | sandcrust_push_function_args!($sandcrust, $($tail)+); 862 | }; 863 | ($sandcrust:ident, $head:ident : &$var_type:ty) => { $sandcrust.put_var($head); }; 864 | ($sandcrust:ident, $head:ident : &$var_type:ty, $($tail:tt)+) => { 865 | $sandcrust.put_var($head); 866 | sandcrust_push_function_args!($sandcrust, $($tail)+); 867 | }; 868 | ($sandcrust:ident, $head:ident : $var_type:ty, $($tail:tt)+) => { 869 | $sandcrust.put_var($head); 870 | sandcrust_push_function_args!($sandcrust, $($tail)+); 871 | }; 872 | ($sandcrust:ident, $head:ident : $var_type:ty ) => { 873 | $sandcrust.put_var($head); 874 | }; 875 | ($sandcrust:ident, mut $head:ident : $var_type:ty ) => { $sandcrust.put_var($head); }; 876 | ($sandcrust:ident, mut $head:ident : $var_type:ty, $($tail:tt)+) => { 877 | $sandcrust.put_var($head); 878 | sandcrust_push_function_args!($sandcrust, $($tail)+); 879 | }; 880 | ($sandcrust:ident, ) => {}; 881 | } 882 | 883 | 884 | /// Pull function arguments in global client. 885 | #[doc(hidden)] 886 | #[macro_export] 887 | #[cfg(all(not(feature = "custom_vec"), not(feature = "shm")))] 888 | macro_rules! sandcrust_pull_function_args { 889 | ($sandcrust:ident, $head:ident : &mut $var_type:ty) => { 890 | let mut $head: $var_type = $sandcrust.restore_var(); 891 | }; 892 | ($sandcrust:ident, $head:ident : &mut $var_type:ty, $($tail:tt)+) => { 893 | let mut $head: $var_type = $sandcrust.restore_var(); 894 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 895 | }; 896 | ($sandcrust:ident, $head:ident : &$var_type:ty) => { 897 | let $head: $var_type = $sandcrust.restore_var(); 898 | }; 899 | ($sandcrust:ident, $head:ident : &$var_type:ty, $($tail:tt)+) => { 900 | let $head: $var_type = $sandcrust.restore_var(); 901 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 902 | }; 903 | ($sandcrust:ident, $head:ident : $var_type:ty, $($tail:tt)+) => { 904 | let $head: $var_type = $sandcrust.restore_var(); 905 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 906 | }; 907 | ($sandcrust:ident, $head:ident : $var_type:ty ) => { 908 | let $head: $var_type = $sandcrust.restore_var(); 909 | }; 910 | ($sandcrust:ident, mut $head:ident : $var_type:ty ) => { 911 | let mut $head: $var_type = $sandcrust.restore_var(); 912 | }; 913 | ($sandcrust:ident, mut $head:ident : $var_type:ty, $($tail:tt)+) => { 914 | let mut $head: $var_type = $sandcrust.restore_var(); 915 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 916 | }; 917 | ($sandcrust:ident, ) => {}; 918 | } 919 | 920 | #[doc(hidden)] 921 | #[macro_export] 922 | #[cfg(all(feature = "custom_vec", not(feature = "shm")))] 923 | macro_rules! sandcrust_pull_function_args { 924 | ($sandcrust:ident, $head:ident : &mut [u8]) => { 925 | let mut $head: Vec = $sandcrust.restore_byte_vector(); 926 | }; 927 | ($sandcrust:ident, $head:ident : &mut [u8], $($tail:tt)+) => { 928 | let mut $head: Vec = $sandcrust.restore_byte_vector(); 929 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 930 | }; 931 | ($sandcrust:ident, $head:ident : &[u8]) => { 932 | let $head: Vec = $sandcrust.restore_byte_vector(); 933 | }; 934 | ($sandcrust:ident, $head:ident : &[u8], $($tail:tt)+) => { 935 | let $head: Vec = $sandcrust.restore_byte_vector(); 936 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 937 | }; 938 | ($sandcrust:ident, $head:ident : &mut Vec) => { 939 | let mut $head: Vec = $sandcrust.restore_byte_vector(); 940 | }; 941 | ($sandcrust:ident, $head:ident : &mut Vec, $($tail:tt)+) => { 942 | let mut $head: Vec = $sandcrust.restore_byte_vector(); 943 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 944 | }; 945 | ($sandcrust:ident, $head:ident : &Vec) => { 946 | let $head: Vec = $sandcrust.restore_byte_vector(); 947 | }; 948 | ($sandcrust:ident, $head:ident : &Vec, $($tail:tt)+) => { 949 | let $head: Vec = $sandcrust.restore_byte_vector(); 950 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 951 | }; 952 | ($sandcrust:ident, mut $head:ident : Vec) => { 953 | let mut $head: Vec = $sandcrust.restore_byte_vector(); 954 | }; 955 | ($sandcrust:ident, mut $head:ident : Vec, $($tail:tt)+) => { 956 | let mut $head: Vec = $sandcrust.restore_byte_vector(); 957 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 958 | }; 959 | ($sandcrust:ident, $head:ident : Vec) => { 960 | let $head: Vec = $sandcrust.restore_byte_vector(); 961 | }; 962 | ($sandcrust:ident, $head:ident : Vec, $($tail:tt)+) => { 963 | let $head: Vec = $sandcrust.restore_byte_vector(); 964 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 965 | }; 966 | ($sandcrust:ident, $head:ident : &mut $var_type:ty) => { 967 | let mut $head: $var_type = $sandcrust.restore_var(); 968 | }; 969 | ($sandcrust:ident, $head:ident : &mut $var_type:ty, $($tail:tt)+) => { 970 | let mut $head: $var_type = $sandcrust.restore_var(); 971 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 972 | }; 973 | ($sandcrust:ident, $head:ident : &$var_type:ty) => { 974 | let $head: $var_type = $sandcrust.restore_var(); 975 | }; 976 | ($sandcrust:ident, $head:ident : &$var_type:ty, $($tail:tt)+) => { 977 | let $head: $var_type = $sandcrust.restore_var(); 978 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 979 | }; 980 | ($sandcrust:ident, $head:ident : $var_type:ty, $($tail:tt)+) => { 981 | let $head: $var_type = $sandcrust.restore_var(); 982 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 983 | }; 984 | ($sandcrust:ident, $head:ident : $var_type:ty ) => { 985 | let $head: $var_type = $sandcrust.restore_var(); 986 | }; 987 | ($sandcrust:ident, mut $head:ident : $var_type:ty ) => { 988 | let mut $head: $var_type = $sandcrust.restore_var(); 989 | }; 990 | ($sandcrust:ident, mut $head:ident : $var_type:ty, $($tail:tt)+) => { 991 | let mut $head: $var_type = $sandcrust.restore_var(); 992 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 993 | }; 994 | ($sandcrust:ident, ) => {}; 995 | } 996 | 997 | #[doc(hidden)] 998 | #[macro_export] 999 | #[cfg(all(feature = "custom_vec", feature = "shm"))] 1000 | macro_rules! sandcrust_pull_function_args { 1001 | ($sandcrust:ident, $head:ident : &mut [u8]) => { 1002 | let mut $head: Vec = $sandcrust.restore_byte_vector(); 1003 | }; 1004 | ($sandcrust:ident, $head:ident : &mut [u8], $($tail:tt)+) => { 1005 | let mut $head: Vec = $sandcrust.restore_byte_vector(); 1006 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 1007 | }; 1008 | ($sandcrust:ident, $head:ident : &[u8]) => { 1009 | let $head: Vec = $sandcrust.restore_byte_vector(); 1010 | }; 1011 | ($sandcrust:ident, $head:ident : &[u8], $($tail:tt)+) => { 1012 | let $head: Vec = $sandcrust.restore_byte_vector(); 1013 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 1014 | }; 1015 | ($sandcrust:ident, $head:ident : &mut Vec) => { 1016 | let mut $head: Vec = $sandcrust.restore_byte_vector(); 1017 | }; 1018 | ($sandcrust:ident, $head:ident : &mut Vec, $($tail:tt)+) => { 1019 | let mut $head: Vec = $sandcrust.restore_byte_vector(); 1020 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 1021 | }; 1022 | ($sandcrust:ident, $head:ident : &Vec) => { 1023 | let $head: Vec = $sandcrust.restore_byte_vector(); 1024 | }; 1025 | ($sandcrust:ident, $head:ident : &Vec, $($tail:tt)+) => { 1026 | let $head: Vec = $sandcrust.restore_byte_vector(); 1027 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 1028 | }; 1029 | ($sandcrust:ident, mut $head:ident : Vec) => { 1030 | let mut $head: Vec = $sandcrust.restore_byte_vector(); 1031 | }; 1032 | ($sandcrust:ident, mut $head:ident : Vec, $($tail:tt)+) => { 1033 | let mut $head: Vec = $sandcrust.restore_byte_vector(); 1034 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 1035 | }; 1036 | ($sandcrust:ident, $head:ident : Vec) => { 1037 | let $head: Vec = $sandcrust.restore_byte_vector(); 1038 | }; 1039 | ($sandcrust:ident, $head:ident : Vec, $($tail:tt)+) => { 1040 | let $head: Vec = $sandcrust.restore_byte_vector(); 1041 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 1042 | }; 1043 | ($sandcrust:ident, $head:ident : &mut $var_type:ty) => { 1044 | let mut $head: $var_type = $sandcrust.restore_var(); 1045 | $sandcrust.update_shm_offset($head); 1046 | }; 1047 | ($sandcrust:ident, $head:ident : &mut $var_type:ty, $($tail:tt)+) => { 1048 | let mut $head: $var_type = $sandcrust.restore_var(); 1049 | $sandcrust.update_shm_offset($head); 1050 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 1051 | }; 1052 | ($sandcrust:ident, $head:ident : &$var_type:ty) => { 1053 | let $head: $var_type = $sandcrust.restore_var(); 1054 | $sandcrust.update_shm_offset(&$head); 1055 | }; 1056 | ($sandcrust:ident, $head:ident : &$var_type:ty, $($tail:tt)+) => { 1057 | let $head: $var_type = $sandcrust.restore_var(); 1058 | $sandcrust.update_shm_offset(&$head); 1059 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 1060 | }; 1061 | ($sandcrust:ident, $head:ident : $var_type:ty, $($tail:tt)+) => { 1062 | let $head: $var_type = $sandcrust.restore_var(); 1063 | $sandcrust.update_shm_offset(&$head); 1064 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 1065 | }; 1066 | ($sandcrust:ident, $head:ident : $var_type:ty ) => { 1067 | let $head: $var_type = $sandcrust.restore_var(); 1068 | $sandcrust.update_shm_offset(&$head); 1069 | }; 1070 | ($sandcrust:ident, mut $head:ident : $var_type:ty ) => { 1071 | let mut $head: $var_type = $sandcrust.restore_var(); 1072 | $sandcrust.update_shm_offset(&$head); 1073 | }; 1074 | ($sandcrust:ident, mut $head:ident : $var_type:ty, $($tail:tt)+) => { 1075 | let mut $head: $var_type = $sandcrust.restore_var(); 1076 | $sandcrust.update_shm_offset(&$head); 1077 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 1078 | }; 1079 | ($sandcrust:ident, ) => {}; 1080 | } 1081 | 1082 | #[doc(hidden)] 1083 | #[macro_export] 1084 | #[cfg(all(not(feature = "custom_vec"), feature = "shm"))] 1085 | macro_rules! sandcrust_pull_function_args { 1086 | ($sandcrust:ident, $head:ident : &mut $var_type:ty) => { 1087 | let mut $head: $var_type = $sandcrust.restore_var(); 1088 | $sandcrust.update_shm_offset(&$head); 1089 | }; 1090 | ($sandcrust:ident, $head:ident : &mut $var_type:ty, $($tail:tt)+) => { 1091 | let mut $head: $var_type = $sandcrust.restore_var(); 1092 | $sandcrust.update_shm_offset(&$head); 1093 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 1094 | }; 1095 | ($sandcrust:ident, $head:ident : &$var_type:ty) => { 1096 | let $head: $var_type = $sandcrust.restore_var(); 1097 | $sandcrust.update_shm_offset(&$head); 1098 | }; 1099 | ($sandcrust:ident, $head:ident : &$var_type:ty, $($tail:tt)+) => { 1100 | let $head: $var_type = $sandcrust.restore_var(); 1101 | $sandcrust.update_shm_offset(&$head); 1102 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 1103 | }; 1104 | ($sandcrust:ident, $head:ident : $var_type:ty, $($tail:tt)+) => { 1105 | let $head: $var_type = $sandcrust.restore_var(); 1106 | $sandcrust.update_shm_offset(&$head); 1107 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 1108 | }; 1109 | ($sandcrust:ident, $head:ident : $var_type:ty ) => { 1110 | let $head: $var_type = $sandcrust.restore_var(); 1111 | $sandcrust.update_shm_offset(&$head); 1112 | }; 1113 | ($sandcrust:ident, mut $head:ident : $var_type:ty ) => { 1114 | let mut $head: $var_type = $sandcrust.restore_var(); 1115 | $sandcrust.update_shm_offset(&$head); 1116 | }; 1117 | ($sandcrust:ident, mut $head:ident : $var_type:ty, $($tail:tt)+) => { 1118 | let mut $head: $var_type = $sandcrust.restore_var(); 1119 | $sandcrust.update_shm_offset(&$head); 1120 | sandcrust_pull_function_args!($sandcrust, $($tail)+); 1121 | }; 1122 | ($sandcrust:ident, ) => {}; 1123 | } 1124 | 1125 | 1126 | /// Run function, gathering return value if available. 1127 | #[doc(hidden)] 1128 | #[macro_export] 1129 | #[cfg(all(not(feature = "shm"), not(feature = "custom_vec")))] 1130 | macro_rules! sandcrust_run_func_global { 1131 | (has_ret, $has_vec:ident, $sandcrust:ident, $f:ident($($x:tt)*)) => { 1132 | let retval = sandcrust_strip_types!($f($($x)*)); 1133 | $sandcrust.signal_return(); 1134 | sandcrust_push_global($sandcrust); 1135 | sandcrust_store_changed_vars_global!($sandcrust, $($x)*); 1136 | $sandcrust.put_var(&retval); 1137 | $sandcrust.flush_pipe(); 1138 | }; 1139 | (no_ret, no_vec, $sandcrust:ident, $f:ident($($x:tt)*)) => { 1140 | sandcrust_strip_types!($f($($x)*)); 1141 | $sandcrust.signal_return(); 1142 | sandcrust_push_global($sandcrust); 1143 | sandcrust_store_changed_vars_global!($sandcrust, $($x)*); 1144 | $sandcrust.flush_pipe(); 1145 | }; 1146 | } 1147 | 1148 | #[doc(hidden)] 1149 | #[macro_export] 1150 | #[cfg(all(feature = "shm", not(feature = "custom_vec")))] 1151 | macro_rules! sandcrust_run_func_global { 1152 | (has_ret, $has_vec:ident, $sandcrust:ident, $f:ident($($x:tt)*)) => { 1153 | let retval = sandcrust_strip_types!($f($($x)*)); 1154 | $sandcrust.reset_shm_offset(); 1155 | sandcrust_push_global($sandcrust); 1156 | sandcrust_store_changed_vars_global!($sandcrust, $($x)*); 1157 | $sandcrust.put_var(&retval); 1158 | $sandcrust.signal_return(); 1159 | $sandcrust.reset_shm_offset(); 1160 | 1161 | }; 1162 | (no_ret, no_vec, $sandcrust:ident, $f:ident($($x:tt)*)) => { 1163 | sandcrust_strip_types!($f($($x)*)); 1164 | $sandcrust.reset_shm_offset(); 1165 | sandcrust_push_global($sandcrust); 1166 | sandcrust_store_changed_vars_global!($sandcrust, $($x)*); 1167 | $sandcrust.signal_return(); 1168 | }; 1169 | } 1170 | 1171 | #[doc(hidden)] 1172 | #[macro_export] 1173 | #[cfg(all(not(feature = "shm"), feature = "custom_vec"))] 1174 | macro_rules! sandcrust_run_func_global { 1175 | (has_ret, has_vec, $sandcrust:ident, $f:ident($($x:tt)*)) => { 1176 | let retval = sandcrust_strip_types!($f($($x)*)); 1177 | $sandcrust.signal_return(); 1178 | sandcrust_store_changed_vars_global!($sandcrust, $($x)*); 1179 | $sandcrust.put_byte_vector(&retval); 1180 | $sandcrust.flush_pipe(); 1181 | }; 1182 | (has_ret, no_vec, $sandcrust:ident, $f:ident($($x:tt)*)) => { 1183 | let retval = sandcrust_strip_types!($f($($x)*)); 1184 | $sandcrust.signal_return(); 1185 | sandcrust_push_global($sandcrust); 1186 | sandcrust_store_changed_vars_global!($sandcrust, $($x)*); 1187 | $sandcrust.put_var(&retval); 1188 | $sandcrust.flush_pipe(); 1189 | }; 1190 | (no_ret, no_vec, $sandcrust:ident, $f:ident($($x:tt)*)) => { 1191 | sandcrust_strip_types!($f($($x)*)); 1192 | $sandcrust.signal_return(); 1193 | sandcrust_push_global($sandcrust); 1194 | sandcrust_store_changed_vars_global!($sandcrust, $($x)*); 1195 | $sandcrust.flush_pipe(); 1196 | }; 1197 | } 1198 | 1199 | /// Run function, gathering return value if available. 1200 | #[doc(hidden)] 1201 | #[macro_export] 1202 | #[cfg(all(feature = "shm", feature = "custom_vec"))] 1203 | macro_rules! sandcrust_run_func_global { 1204 | (has_ret, has_vec, $sandcrust:ident, $f:ident($($x:tt)*)) => { 1205 | let retval = sandcrust_strip_types!($f($($x)*)); 1206 | $sandcrust.reset_shm_offset(); 1207 | sandcrust_push_global($sandcrust); 1208 | sandcrust_store_changed_vars_global!($sandcrust, $($x)*); 1209 | $sandcrust.put_byte_vector(&retval); 1210 | $sandcrust.signal_return(); 1211 | $sandcrust.reset_shm_offset(); 1212 | 1213 | }; 1214 | (has_ret, no_vec, $sandcrust:ident, $f:ident($($x:tt)*)) => { 1215 | let retval = sandcrust_strip_types!($f($($x)*)); 1216 | $sandcrust.reset_shm_offset(); 1217 | sandcrust_push_global($sandcrust); 1218 | sandcrust_store_changed_vars_global!($sandcrust, $($x)*); 1219 | $sandcrust.put_var(&retval); 1220 | $sandcrust.signal_return(); 1221 | $sandcrust.reset_shm_offset(); 1222 | 1223 | }; 1224 | (no_ret, no_vec, $sandcrust:ident, $f:ident($($x:tt)*)) => { 1225 | sandcrust_strip_types!($f($($x)*)); 1226 | $sandcrust.reset_shm_offset(); 1227 | sandcrust_push_global($sandcrust); 1228 | sandcrust_store_changed_vars_global!($sandcrust, $($x)*); 1229 | $sandcrust.signal_return(); 1230 | }; 1231 | } 1232 | 1233 | #[doc(hidden)] 1234 | #[macro_export] 1235 | #[cfg(not(feature = "shm"))] 1236 | macro_rules! sandcrust_run_func { 1237 | (has_ret, $sandcrust:ident, $f:ident($($x:tt)*)) => { 1238 | let retval = $f($($x)*); 1239 | sandcrust_store_changed_vars!($sandcrust, $($x)*); 1240 | $sandcrust.put_var(&retval); 1241 | $sandcrust.flush_pipe(); 1242 | }; 1243 | (no_ret, $sandcrust:ident, $f:ident($($x:tt)*)) => { 1244 | $f($($x)*); 1245 | sandcrust_store_changed_vars!($sandcrust, $($x)*); 1246 | $sandcrust.flush_pipe(); 1247 | }; 1248 | } 1249 | 1250 | #[doc(hidden)] 1251 | #[macro_export] 1252 | #[cfg(feature = "shm")] 1253 | macro_rules! sandcrust_run_func { 1254 | (has_ret, $sandcrust:ident, $f:ident($($x:tt)*)) => { 1255 | let retval = $f($($x)*); 1256 | $sandcrust.reset_shm_offset(); 1257 | sandcrust_store_changed_vars!($sandcrust, $($x)*); 1258 | $sandcrust.put_var(&retval); 1259 | $sandcrust.signal_return(); 1260 | $sandcrust.reset_shm_offset(); 1261 | 1262 | }; 1263 | (no_ret, $sandcrust:ident, $f:ident($($x:tt)*)) => { 1264 | $f($($x)*); 1265 | $sandcrust.reset_shm_offset(); 1266 | sandcrust_store_changed_vars!($sandcrust, $($x)*); 1267 | $sandcrust.signal_return(); 1268 | }; 1269 | } 1270 | 1271 | 1272 | /// Collect return value in parent, if available. 1273 | #[doc(hidden)] 1274 | #[macro_export] 1275 | #[cfg(all(feature = "custom_vec", not(feature = "shm")))] 1276 | macro_rules! sandcrust_collect_ret { 1277 | (has_ret, has_vec, $rettype:ty , $sandcrust:ident) => {{ 1278 | let retval: $rettype = $sandcrust.restore_byte_vector(); 1279 | retval 1280 | }}; 1281 | (no_ret, no_vec, $rettype:ty, $sandcrust:ident) => { () }; 1282 | (has_ret, no_vec, $rettype:ty, $sandcrust:ident) => {{ 1283 | let retval: $rettype = $sandcrust.restore_var(); 1284 | retval 1285 | }}; 1286 | (no_ret, no_vec, $rettype:ty, $sandcrust:ident) => { () }; 1287 | (has_ret, $sandcrust:ident) => {{ 1288 | let retval = $sandcrust.restore_var(); 1289 | $sandcrust.join_child(); 1290 | retval 1291 | }}; 1292 | (no_ret, $sandcrust:ident) => { 1293 | $sandcrust.join_child(); 1294 | }; 1295 | } 1296 | 1297 | #[doc(hidden)] 1298 | #[macro_export] 1299 | #[cfg(all(feature = "custom_vec", feature = "shm"))] 1300 | macro_rules! sandcrust_collect_ret { 1301 | (has_ret, has_vec, $rettype:ty , $sandcrust:ident) => {{ 1302 | let retval: $rettype = $sandcrust.restore_byte_vector(); 1303 | $sandcrust.reset_shm_offset(); 1304 | retval 1305 | }}; 1306 | (no_ret, no_vec, $rettype:ty, $sandcrust:ident) => { () }; 1307 | (has_ret, no_vec, $rettype:ty, $sandcrust:ident) => {{ 1308 | let retval: $rettype = $sandcrust.restore_var(); 1309 | $sandcrust.reset_shm_offset(); 1310 | retval 1311 | }}; 1312 | (no_ret, no_vec, $rettype:ty, $sandcrust:ident) => { () }; 1313 | (has_ret, $sandcrust:ident) => {{ 1314 | let retval = $sandcrust.restore_var(); 1315 | $sandcrust.reset_shm_offset(); 1316 | $sandcrust.join_child(); 1317 | retval 1318 | }}; 1319 | (no_ret, $sandcrust:ident) => { 1320 | $sandcrust.join_child(); 1321 | }; 1322 | } 1323 | 1324 | #[doc(hidden)] 1325 | #[macro_export] 1326 | #[cfg(all(not(feature = "custom_vec"), not(feature = "shm")))] 1327 | macro_rules! sandcrust_collect_ret { 1328 | (has_ret, has_vec, $rettype:ty , $sandcrust:ident) => {{ 1329 | let retval: $rettype = $sandcrust.restore_var(); 1330 | retval 1331 | }}; 1332 | (no_ret, no_vec, $rettype:ty, $sandcrust:ident) => { () }; 1333 | (has_ret, no_vec, $rettype:ty, $sandcrust:ident) => {{ 1334 | let retval: $rettype = $sandcrust.restore_var(); 1335 | retval 1336 | }}; 1337 | (no_ret, no_vec, $rettype:ty, $sandcrust:ident) => { () }; 1338 | (has_ret, $sandcrust:ident) => {{ 1339 | let retval = $sandcrust.restore_var(); 1340 | $sandcrust.join_child(); 1341 | retval 1342 | }}; 1343 | (no_ret, $sandcrust:ident) => { 1344 | $sandcrust.join_child(); 1345 | }; 1346 | } 1347 | 1348 | #[doc(hidden)] 1349 | #[macro_export] 1350 | #[cfg(all(not(feature = "custom_vec"), feature = "shm"))] 1351 | macro_rules! sandcrust_collect_ret { 1352 | (has_ret, has_vec, $rettype:ty , $sandcrust:ident) => {{ 1353 | let retval: $rettype = $sandcrust.restore_var(); 1354 | $sandcrust.reset_shm_offset(); 1355 | retval 1356 | }}; 1357 | (has_ret, no_vec, $rettype:ty, $sandcrust:ident) => {{ 1358 | let retval: $rettype = $sandcrust.restore_var(); 1359 | $sandcrust.reset_shm_offset(); 1360 | retval 1361 | }}; 1362 | (no_ret, no_vec, $rettype:ty, $sandcrust:ident) => {{ 1363 | $sandcrust.reset_shm_offset(); 1364 | }}; 1365 | (has_ret, $sandcrust:ident) => {{ 1366 | let retval = $sandcrust.restore_var(); 1367 | $sandcrust.join_child(); 1368 | retval 1369 | }}; 1370 | (no_ret, $sandcrust:ident) => { 1371 | $sandcrust.join_child(); 1372 | }; 1373 | } 1374 | 1375 | 1376 | /// Strip argument types from function definition for calling the function. 1377 | /// 1378 | /// Matching hell, but there is nothing else to do because Push Down Accumulation is a necessity 1379 | /// (see https://danielkeep.github.io/tlborm/book/pat-push-down-accumulation.html#incremental-tt-munchers). 1380 | /// Unfortunately, using $body:expr seems to match a single macro defition, but fails to expand in a 1381 | /// subsequent macro. 1382 | #[doc(hidden)] 1383 | #[macro_export] 1384 | macro_rules! sandcrust_strip_types { 1385 | (($head:ident : &mut $var_type:ty, $($tail:tt)+) -> ($f:ident($($body:tt)*))) => (sandcrust_strip_types!(($($tail)+) -> ($f($($body)* &mut $head,)))); 1386 | (($head:ident : &mut $var_type:ty) -> ($f:ident($($body:tt)*))) => ($f($($body)* &mut $head)); 1387 | 1388 | (($head:ident : &$var_type:ty, $($tail:tt)+) -> ($f:ident($($body:tt)*))) => (sandcrust_strip_types!(($($tail)+) -> ($f($($body)* &$head,)))); 1389 | (($head:ident : &$var_type:ty) -> ($f:ident($($body:tt)*))) => ($f($($body)* &$head)); 1390 | 1391 | ((mut $head:ident : $var_type:ty, $($tail:tt)+) -> ($f:ident($($body:tt)*))) => (sandcrust_strip_types!(($($tail)+) -> ($f($($body)* mut $head,)))); 1392 | ((mut $head:ident : $var_type:ty) -> ($f:ident($($body:tt)*))) => ($f($($body)* $head)); 1393 | 1394 | (($head:ident : $var_type:ty, $($tail:tt)+) -> ($f:ident($($body:tt)*))) => (sandcrust_strip_types!(($($tail)+) -> ($f($($body)* $head,)))); 1395 | (($head:ident : $var_type:ty) -> ($f:ident($($body:tt)*))) => ($f($($body)* $head)); 1396 | 1397 | ($f:ident($($tail:tt)+)) => (sandcrust_strip_types!(($($tail)+) -> ($f()))); 1398 | ($f:ident()) => ($f()); 1399 | } 1400 | 1401 | 1402 | /// Internal abstraction for single run with and without return value. 1403 | #[doc(hidden)] 1404 | #[macro_export] 1405 | macro_rules! sandbox_internal { 1406 | ($has_retval:ident, $f:ident($($x:tt)*)) => {{ 1407 | let mut sandcrust = $crate::Sandcrust::new(); 1408 | match sandcrust.fork() { 1409 | Ok($crate::SandcrustForkResult::Parent { child, .. }) => { 1410 | sandcrust_restore_changed_vars!(sandcrust, $($x)*); 1411 | sandcrust.set_child(child); 1412 | }, 1413 | Ok($crate::SandcrustForkResult::Child) => { 1414 | sandcrust.setup_sandbox(); 1415 | sandcrust_run_func!($has_retval, sandcrust, $f($($x)*)); 1416 | #[cfg(not(feature = "shm"))] 1417 | sandcrust.flush_pipe(); 1418 | ::std::process::exit(0); 1419 | } 1420 | Err(e) => panic!("sandcrust: fork() failed with error {}", e), 1421 | }; 1422 | sandcrust_collect_ret!($has_retval, sandcrust) 1423 | }}; 1424 | } 1425 | 1426 | 1427 | /// Create global SandcrustWrapper Trait to update client arguments and run the function. 1428 | #[doc(hidden)] 1429 | #[macro_export] 1430 | #[cfg(not(feature = "shm"))] 1431 | macro_rules! sandcrust_global_create_wrapper { 1432 | ($has_retval:ident, $has_vec:ident, fn $f:ident($($x:tt)*)) => { 1433 | // Fake trait to implement a function to use as a wrapper function. 1434 | // FIXME: ideally this should be done by defining a struct (like SandcrustWrapper) in the macro, 1435 | // but only once (#ifndef bla struct OnlyOnce; #define bla #endif - Style) and just adding 1436 | // a method named $f to it - however I haven't been able to figure out how to check for an 1437 | // existing definition at compile time. 1438 | // Using a trait instead, because traits can be added to a data type defined (once) elsewhere. 1439 | // However, the downside is polluting the trait namespace, potentially colliding with 1440 | // existing traits when wrapping functions such as Clone, Drop, etc. 1441 | // a simple $f_wrapped won't do in any way: https://github.com/rust-lang/rust/issues/12249 1442 | #[allow(non_camel_case_types)] 1443 | trait $f { 1444 | // This doesn't work unfortunately... 1445 | // #[allow(non_snake_case)] 1446 | fn $f(sandcrust: &mut $crate::Sandcrust); 1447 | } 1448 | 1449 | // wrapper function generated to draw the right amount of args from pipe 1450 | // before calling the whole function client-side 1451 | // It would be awesome to bind this to the existing struct Sandcrust, however at the 1452 | // expense of possible function name collisions. 1453 | impl $f for $crate::SandcrustWrapper { 1454 | fn $f(sandcrust: &mut $crate::Sandcrust) { 1455 | // get updated mutable global variables, if any 1456 | sandcrust_pull_global(sandcrust); 1457 | 1458 | sandcrust_pull_function_args!(sandcrust, $($x)*); 1459 | sandcrust_run_func_global!($has_retval, $has_vec, sandcrust, $f($($x)*)); 1460 | } 1461 | } 1462 | }; 1463 | } 1464 | 1465 | 1466 | /// Create global SandcrustWrapper Trait to update client arguments and run the function. 1467 | #[doc(hidden)] 1468 | #[macro_export] 1469 | #[cfg(feature = "shm")] 1470 | macro_rules! sandcrust_global_create_wrapper { 1471 | ($has_retval:ident, $has_vec:ident, fn $f:ident($($x:tt)*)) => { 1472 | // Fake trait to implement a function to use as a wrapper function. 1473 | // FIXME: ideally this should be done by defining a struct (like SandcrustWrapper) in the macro, 1474 | // but only once (#ifndef bla struct OnlyOnce; #define bla #endif - Style) and just adding 1475 | // a method named $f to it - however I haven't been able to figure out how to check for an 1476 | // existing definition at compile time. 1477 | // Using a trait instead, because traits can be added to a data type defined (once) elsewhere. 1478 | // However, the downside is polluting the trait namespace, potentially colliding with 1479 | // existing traits when wrapping functions such as Clone, Drop, etc. 1480 | // a simple $f_wrapped won't do in any way: https://github.com/rust-lang/rust/issues/12249 1481 | #[allow(non_camel_case_types)] 1482 | trait $f { 1483 | // This doesn't work unfortunately... 1484 | // #[allow(non_snake_case)] 1485 | fn $f(sandcrust: &mut $crate::Sandcrust); 1486 | } 1487 | 1488 | // wrapper function generated to draw the right amount of args from pipe 1489 | // before calling the whole function client-side 1490 | // It would be awesome to bind this to the existing struct Sandcrust, however at the 1491 | // expense of possible function name collisions. 1492 | impl $f for $crate::SandcrustWrapper { 1493 | fn $f(sandcrust: &mut $crate::Sandcrust) { 1494 | sandcrust.reset_shm_offset(); 1495 | // get updated mutable global variables, if any 1496 | sandcrust_pull_global(sandcrust); 1497 | 1498 | sandcrust_pull_function_args!(sandcrust, $($x)*); 1499 | sandcrust_run_func_global!($has_retval, $has_vec, sandcrust, $f($($x)*)); 1500 | } 1501 | } 1502 | }; 1503 | } 1504 | 1505 | 1506 | /// Create global funtion definition in place of the original. 1507 | /// 1508 | /// Possibly called by PARENT (and child): 1509 | #[doc(hidden)] 1510 | #[macro_export] 1511 | #[cfg(not(feature = "shm"))] 1512 | macro_rules! sandcrust_global_create_function { 1513 | ($has_retval:ident, $has_vec:ident, fn $f:ident($($x:tt)*) -> $rettype:ty $body:block ) => { 1514 | // as an initialized child, just run function 1515 | if unsafe{SANDCRUST_INITIALIZED_CHILD} { 1516 | $body 1517 | } else { 1518 | let mut sandcrust = SANDCRUST.lock().expect("sandcrust: failed to lock mutex on global object"); 1519 | // potenially completely unintialized, if we're the child on first access, run 1520 | // child loop 1521 | sandcrust.initialize_child(); 1522 | 1523 | // function pointer to newly created method... 1524 | let func: fn(&mut $crate::Sandcrust) = $crate::SandcrustWrapper::$f; 1525 | sandcrust.put_func_ptr(func); 1526 | 1527 | // update any mutable global variables in the child 1528 | sandcrust_push_global(&mut sandcrust); 1529 | sandcrust_push_function_args!(sandcrust, $($x)*); 1530 | sandcrust.flush_pipe(); 1531 | sandcrust.await_return(); 1532 | 1533 | sandcrust_pull_global(&mut sandcrust); 1534 | sandcrust_restore_changed_vars_global!(sandcrust, $($x)*); 1535 | sandcrust_collect_ret!($has_retval, $has_vec, $rettype, sandcrust) 1536 | } 1537 | }; 1538 | } 1539 | 1540 | #[doc(hidden)] 1541 | #[macro_export] 1542 | #[cfg(feature = "shm")] 1543 | macro_rules! sandcrust_global_create_function { 1544 | ($has_retval:ident, $has_vec:ident, fn $f:ident($($x:tt)*) -> $rettype:ty $body:block ) => { 1545 | // as an initialized child, just run function 1546 | if unsafe{SANDCRUST_INITIALIZED_CHILD} { 1547 | $body 1548 | } else { 1549 | let mut sandcrust = SANDCRUST.lock().expect("sandcrust: failed to lock mutex on global object"); 1550 | // potenially completely unintialized, if we're the child on first access, run 1551 | // child loop 1552 | sandcrust.initialize_child(); 1553 | 1554 | // update any mutable global variables in the child 1555 | sandcrust.reset_shm_offset(); 1556 | sandcrust_push_global(&mut sandcrust); 1557 | sandcrust_push_function_args!(sandcrust, $($x)*); 1558 | 1559 | // function pointer to newly created method... 1560 | let func: fn(&mut $crate::Sandcrust) = $crate::SandcrustWrapper::$f; 1561 | // in SHM version, send the function after putting args 1562 | sandcrust.put_func_ptr(func); 1563 | 1564 | sandcrust.await_return(); 1565 | sandcrust.reset_shm_offset(); 1566 | sandcrust_pull_global(sandcrust); 1567 | sandcrust_restore_changed_vars_global!(sandcrust, $($x)*); 1568 | sandcrust_collect_ret!($has_retval, $has_vec, $rettype, sandcrust) 1569 | } 1570 | }; 1571 | } 1572 | 1573 | 1574 | /// Wrap a function. 1575 | /// 1576 | /// # This macro can be used in two major ways: 1577 | /// 1578 | /// * Wrap a function invocation with return value once. 1579 | /// * Wrap function definitions, thereby creating a persistent sandboxed child process that all invocations of the wrapped functions are executed in. 1580 | /// 1581 | /// # Wrap a function invocation with return value once 1582 | /// For this to work, it is generally necessary to specify the return type explicitly as the 1583 | /// instrumentation can not infer it from the invocation. 1584 | /// 1585 | /// ``` 1586 | /// #[macro_use] 1587 | /// extern crate sandcrust; 1588 | /// 1589 | /// fn base_ret() -> i32 { 1590 | /// let ret = 23; 1591 | /// ret 1592 | /// } 1593 | /// 1594 | /// fn main() { 1595 | /// let local_ret: i32 = sandbox!(base_ret()); 1596 | /// } 1597 | /// ``` 1598 | /// # Wrap function definitons 1599 | /// 1600 | /// ``` 1601 | /// #[macro_use] 1602 | /// extern crate sandcrust; 1603 | /// use sandcrust::*; 1604 | /// 1605 | /// sandbox!{ 1606 | /// fn no_ret() { 1607 | /// ; 1608 | /// } 1609 | /// } 1610 | /// 1611 | /// sandbox!{ 1612 | /// fn base_ret() -> i32 { 1613 | /// let ret = 23; 1614 | /// ret 1615 | /// } 1616 | /// } 1617 | /// 1618 | /// fn main() { 1619 | /// no_ret(); 1620 | /// let local_ret = base_ret(); 1621 | /// sandcrust_terminate(); 1622 | /// } 1623 | /// ``` 1624 | #[macro_export] 1625 | macro_rules! sandbox { 1626 | // retval, potentially args 1627 | ($f:ident($($x:tt)*)) => {{ 1628 | sandbox_internal!(has_ret, $f($($x)*)) 1629 | }}; 1630 | // (global-)wrap a function definition, transforming it 1631 | (pub fn $f:ident($($x:tt)*) -> Vec $body:block ) => { 1632 | sandcrust_global_create_wrapper!(has_ret, has_vec, fn $f($($x)*)); 1633 | pub fn $f($($x)*) -> Vec { 1634 | sandcrust_global_create_function!(has_ret, has_vec, fn $f($($x)*) -> Vec $body) 1635 | } 1636 | }; 1637 | (pub fn $f:ident($($x:tt)*) -> $rettype:ty $body:block ) => { 1638 | sandcrust_global_create_wrapper!(has_ret, no_vec, fn $f($($x)*)); 1639 | pub fn $f($($x)*) -> $rettype { 1640 | sandcrust_global_create_function!(has_ret, no_vec, fn $f($($x)*) -> $rettype $body) 1641 | } 1642 | }; 1643 | (pub fn $f:ident($($x:tt)*) $body:block ) => { 1644 | sandcrust_global_create_wrapper!(no_ret, no_vec, fn $f($($x)*)); 1645 | pub fn $f($($x)*) { 1646 | sandcrust_global_create_function!(no_ret, no_vec, fn $f($($x)*) -> i32 $body) 1647 | } 1648 | }; 1649 | (fn $f:ident($($x:tt)*) -> Vec $body:block ) => { 1650 | sandcrust_global_create_wrapper!(has_ret, has_vec, fn $f($($x)*)); 1651 | fn $f($($x)*) -> Vec { 1652 | sandcrust_global_create_function!(has_ret, has_vec, fn $f($($x)*) -> Vec $body) 1653 | } 1654 | }; 1655 | (fn $f:ident($($x:tt)*) -> $rettype:ty $body:block ) => { 1656 | sandcrust_global_create_wrapper!(has_ret, no_vec, fn $f($($x)*)); 1657 | fn $f($($x)*) -> $rettype { 1658 | sandcrust_global_create_function!(has_ret, no_vec, fn $f($($x)*) -> $rettype $body) 1659 | } 1660 | }; 1661 | (fn $f:ident($($x:tt)*) $body:block ) => { 1662 | sandcrust_global_create_wrapper!(no_ret, no_vec, fn $f($($x)*)); 1663 | fn $f($($x)*) { 1664 | sandcrust_global_create_function!(no_ret, no_vec, fn $f($($x)*) -> i32 $body) 1665 | } 1666 | }; 1667 | } 1668 | 1669 | 1670 | /// Wrap a function without a return value once. 1671 | /// 1672 | /// Unfortunately this is a necessary distinction because Rust cannot distinguish between functions 1673 | /// with and without return value from the function call. 1674 | /// 1675 | /// # Examples 1676 | /// ``` 1677 | /// #[macro_use] 1678 | /// extern crate sandcrust; 1679 | /// 1680 | /// use sandcrust::*; 1681 | /// 1682 | /// fn no_ret() { 1683 | /// ; 1684 | /// } 1685 | /// 1686 | /// fn main() { 1687 | /// sandbox_no_ret!(no_ret()); 1688 | /// } 1689 | /// ``` 1690 | #[macro_export] 1691 | macro_rules! sandbox_no_ret { 1692 | ($f:ident($($x:tt)*)) => {{ 1693 | sandbox_internal!(no_ret, $f($($x)*)); 1694 | }}; 1695 | } 1696 | 1697 | 1698 | /// Explicitly initialize the stateful sandbox. 1699 | /// 1700 | /// This is unnecessary during normal use, but useful to set up the sandboxing mechanism at a 1701 | /// defined point in program execution, e.g. before loading senstive data into the address space. 1702 | /// 1703 | /// # Examples 1704 | /// ```no_run 1705 | /// use sandcrust::*; 1706 | /// 1707 | /// sandcrust_init(); 1708 | /// ``` 1709 | pub fn sandcrust_init() { 1710 | let mut sandcrust = SANDCRUST 1711 | .lock() 1712 | .expect("sandcrust: init: failed to lock mutex on global object"); 1713 | if sandcrust.child == -1 { 1714 | sandcrust.respawn(); 1715 | } 1716 | if !unsafe { SANDCRUST_INITIALIZED_CHILD } && sandcrust.child == 0 { 1717 | unsafe { SANDCRUST_INITIALIZED_CHILD = true }; 1718 | sandcrust.run_child_loop(); 1719 | } 1720 | } 1721 | 1722 | 1723 | /// Initialize sandcrust with a custom SHM size. 1724 | #[cfg(feature = "shm")] 1725 | pub fn sandcrust_init_with_shm_size(new_size: usize) { 1726 | #[inline] 1727 | sandcrust_set_shm_size(new_size); 1728 | #[inline] 1729 | sandcrust_init(); 1730 | } 1731 | 1732 | 1733 | /// Set a custom SHM size. 1734 | #[cfg(feature = "shm")] 1735 | pub fn sandcrust_set_shm_size(new_size: usize) { 1736 | let mut size = SANDCRUST_SHM_SIZE 1737 | .lock() 1738 | .expect("sandcrust: failed to lock SANDCRUST_SHM_SIZE"); 1739 | *size = new_size; 1740 | } 1741 | 1742 | 1743 | /// Terminate the global child. 1744 | /// 1745 | /// **Attention** calls to sandboxed functions after child termination will panic if the 1746 | /// "auto_respawn" compile time feature is not enabled. 1747 | /// 1748 | /// # Examples 1749 | /// ```no_run 1750 | /// use sandcrust::*; 1751 | /// 1752 | /// sandcrust_terminate(); 1753 | /// ``` 1754 | pub fn sandcrust_terminate() { 1755 | let mut sandcrust = SANDCRUST 1756 | .lock() 1757 | .expect("sandcrust: terminate: failed to lock mutex on global object"); 1758 | sandcrust.terminate_child(); 1759 | } 1760 | 1761 | 1762 | /// child-side cleanup function that adheres to the wrapper function signature. 1763 | #[allow(unused_variables)] 1764 | fn child_terminate(sandcrust: &mut Sandcrust) { 1765 | ::std::process::exit(0); 1766 | } 1767 | 1768 | 1769 | /// Update mutable global variables. 1770 | /// 1771 | /// The macro takes an extern block of static mut variables and generates functions that push/pull 1772 | /// updates of mutable global variables and shadow the stub function below. 1773 | /// These functions are always called independed from use of the macro (hence the stubs). 1774 | /// 1775 | /// # Examples 1776 | /// ```no_run 1777 | /// #[macro_use] 1778 | /// extern crate sandcrust; 1779 | /// 1780 | /// 1781 | /// sandcrust_wrap_global!{ 1782 | /// #[link(name = "linkname")] 1783 | /// extern { 1784 | /// static mut variable1: i32; 1785 | /// static mut variable2: u8; 1786 | /// } 1787 | /// } 1788 | /// # fn main() { } 1789 | /// ``` 1790 | #[macro_export] 1791 | macro_rules! sandcrust_wrap_global { 1792 | (#[$link_flag:meta] extern { $(static mut $name:ident: $var_type:ty;)+ }) => { 1793 | // re-gengerate the extern block 1794 | #[$link_flag] 1795 | extern { 1796 | $( 1797 | static mut $name: $var_type; 1798 | )+ 1799 | } 1800 | 1801 | fn sandcrust_push_global(sandcrust: &mut $crate::Sandcrust) { 1802 | unsafe { 1803 | $( 1804 | sandcrust.put_var(&$name); 1805 | )+ 1806 | } 1807 | } 1808 | 1809 | fn sandcrust_pull_global(sandcrust: &mut $crate::Sandcrust) { 1810 | $( 1811 | unsafe{ 1812 | $name = sandcrust.restore_var(); 1813 | #[cfg(feature = "shm")] 1814 | sandcrust.update_shm_offset(&$name); 1815 | } 1816 | )+ 1817 | } 1818 | } 1819 | } 1820 | 1821 | 1822 | // Stub function that is overlayed in the sandcrust_wrap_global macro (if used) 1823 | #[doc(hidden)] 1824 | #[inline] 1825 | #[allow(unused_variables)] 1826 | pub fn sandcrust_pull_global(sandcrust: &mut Sandcrust) {} 1827 | 1828 | 1829 | // Stub function that is overlayed in the sandcrust_wrap_global macro (if used) 1830 | #[doc(hidden)] 1831 | #[inline] 1832 | #[allow(unused_variables)] 1833 | pub fn sandcrust_push_global(sandcrust: &mut Sandcrust) {} 1834 | -------------------------------------------------------------------------------- /tests/arg_parse.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_assignments)] 2 | 3 | #[macro_use] 4 | extern crate sandcrust; 5 | 6 | #[cfg(test)] 7 | mod arg_parse { 8 | 9 | fn empty() {} 10 | 11 | #[test] 12 | fn empty_test() { 13 | sandbox_no_ret!(empty()); 14 | } 15 | 16 | 17 | fn by_value_simple(a: i32) { 18 | assert_eq!(a, 1); 19 | } 20 | 21 | #[test] 22 | fn by_value_simple_test() { 23 | let a = 1; 24 | sandbox_no_ret!(by_value_simple(a)); 25 | } 26 | 27 | fn by_value_recursive(a: i32, b: i32) { 28 | assert_eq!(a, 2); 29 | assert_eq!(b, 3); 30 | } 31 | 32 | #[test] 33 | fn by_value_recursive_test() { 34 | let a = 2; 35 | let b = 3; 36 | sandbox_no_ret!(by_value_recursive(a, b)); 37 | } 38 | 39 | fn by_direct_value(a: i32) { 40 | assert_eq!(a, 42); 41 | } 42 | 43 | #[test] 44 | fn by_direct_value_test() { 45 | sandbox_no_ret!(by_direct_value(42)); 46 | } 47 | 48 | fn by_mut_value_simple(mut a: i32) { 49 | a += 1; 50 | assert_eq!(a, 5); 51 | } 52 | 53 | #[test] 54 | fn by_mut_value_simple_test() { 55 | let a = 4; 56 | sandbox_no_ret!(by_mut_value_simple(a)); 57 | } 58 | 59 | fn by_mixed_value_recursive(a: i32, mut b: i32) { 60 | if b > a { 61 | b = a; 62 | } 63 | assert_eq!(b, 5); 64 | } 65 | 66 | #[test] 67 | fn by_mixed_value_recursive_test() { 68 | let a = 5; 69 | let b = 6; 70 | sandbox_no_ret!(by_mixed_value_recursive(a, b)); 71 | } 72 | 73 | fn by_reference_simple(a: &i32) { 74 | assert_eq!(*a, 7); 75 | } 76 | 77 | #[test] 78 | fn by_reference_simple_test() { 79 | let a = 7; 80 | sandbox_no_ret!(by_reference_simple(&a)); 81 | } 82 | 83 | fn by_reference_recursive(a: &i32, b: &i32) { 84 | assert_eq!(*a, 8); 85 | assert_eq!(*b, 9); 86 | } 87 | 88 | #[test] 89 | fn by_reference_recursive_test() { 90 | let a = 8; 91 | let b = 9; 92 | sandbox_no_ret!(by_reference_recursive(&a, &b)); 93 | } 94 | 95 | fn by_mut_reference_simple(a: &mut i32) { 96 | *a += 1; 97 | } 98 | 99 | #[test] 100 | fn by_mut_reference_simple_test() { 101 | let mut a = 10; 102 | sandbox_no_ret!(by_mut_reference_simple(&mut a)); 103 | } 104 | 105 | fn by_mut_reference_recursive(a: &mut i32, b: &mut i32) { 106 | let swap = *a; 107 | *a = *b; 108 | *b = swap; 109 | assert_eq!(*a, 12); 110 | assert_eq!(*b, 11); 111 | } 112 | 113 | #[test] 114 | fn by_mut_reference_recursive_test() { 115 | let mut a = 11; 116 | let mut b = 12; 117 | sandbox_no_ret!(by_mut_reference_recursive(&mut a, &mut b)); 118 | } 119 | } 120 | -------------------------------------------------------------------------------- /tests/arg_parse_global.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_mut)] 2 | 3 | #[macro_use] 4 | extern crate sandcrust; 5 | 6 | 7 | #[cfg(test)] 8 | mod arg_parse_global { 9 | use sandcrust::*; 10 | 11 | sandbox!{fn empty() {}} 12 | 13 | #[test] 14 | fn empty_test() { 15 | empty(); 16 | } 17 | 18 | 19 | sandbox!{ 20 | fn by_value_simple(a: i32) { 21 | assert_eq!(a, 1); 22 | } 23 | } 24 | 25 | #[test] 26 | fn by_value_simple_test() { 27 | let a = 1; 28 | by_value_simple(a); 29 | } 30 | 31 | sandbox!{ 32 | fn by_value_recursive(a: i32, b: i32) { 33 | assert_eq!(a, 2); 34 | assert_eq!(b, 3); 35 | } 36 | } 37 | 38 | #[test] 39 | fn by_value_recursive_test() { 40 | let a = 2; 41 | let b = 3; 42 | by_value_recursive(a, b); 43 | } 44 | 45 | sandbox!{ 46 | fn by_mut_value_simple(mut a: i32) { 47 | a += 1; 48 | assert_eq!(a, 5); 49 | } 50 | } 51 | 52 | #[test] 53 | fn by_mut_value_simple_test() { 54 | let a = 4; 55 | by_mut_value_simple(a); 56 | } 57 | 58 | sandbox!{ 59 | fn by_mixed_value_recursive(a: i32, mut b: i32) { 60 | if b > a { 61 | b = a; 62 | } 63 | assert_eq!(b, 5); 64 | } 65 | } 66 | 67 | #[test] 68 | fn by_mixed_value_recursive_test() { 69 | let a = 5; 70 | let b = 6; 71 | by_mixed_value_recursive(a, b); 72 | } 73 | 74 | sandbox!{ 75 | fn by_reference_simple(a: &i32) { 76 | assert_eq!(*a, 7); 77 | } 78 | } 79 | 80 | #[test] 81 | fn by_reference_simple_test() { 82 | let a = 7; 83 | by_reference_simple(&a); 84 | } 85 | 86 | sandbox!{ 87 | fn by_reference_recursive(a: &i32, b: &i32) { 88 | assert_eq!(*a, 8); 89 | assert_eq!(*b, 9); 90 | } 91 | } 92 | 93 | #[test] 94 | fn by_reference_recursive_test() { 95 | let a = 8; 96 | let b = 9; 97 | by_reference_recursive(&a, &b); 98 | } 99 | 100 | sandbox!{ 101 | fn by_mut_reference_simple(a: &mut i32) { 102 | *a += 1; 103 | } 104 | } 105 | 106 | #[test] 107 | fn by_mut_reference_simple_test() { 108 | let mut a = 10; 109 | by_mut_reference_simple(&mut a); 110 | } 111 | 112 | sandbox!{ 113 | fn by_mut_reference_recursive(a: &mut i32, b: &mut i32) { 114 | let swap = *a; 115 | *a = *b; 116 | *b = swap; 117 | assert_eq!(*a, 12); 118 | assert_eq!(*b, 11); 119 | } 120 | } 121 | 122 | #[test] 123 | fn by_mut_reference_recursive_test() { 124 | let mut a = 11; 125 | let mut b = 12; 126 | by_mut_reference_recursive(&mut a, &mut b); 127 | } 128 | } 129 | -------------------------------------------------------------------------------- /tests/complex_restore.rs: -------------------------------------------------------------------------------- 1 | #[macro_use] 2 | extern crate sandcrust; 3 | 4 | #[cfg(test)] 5 | mod complex_restore { 6 | #[derive(Serialize, Deserialize, PartialEq)] 7 | struct Entity { 8 | x: f32, 9 | y: f32, 10 | } 11 | 12 | #[derive(Serialize, Deserialize, PartialEq)] 13 | struct World { 14 | entities: Vec, 15 | } 16 | 17 | fn complex_struct_vec(world: &mut World) { 18 | world.entities[0] = Entity { 19 | x: 1.0, 20 | ..world.entities[0] 21 | }; 22 | } 23 | 24 | #[test] 25 | fn complex_struct_vec_test() { 26 | let mut world = 27 | World { entities: vec![Entity { x: 0.0, y: 4.0 }, Entity { x: 10.0, y: 20.5 }] }; 28 | let new_world = 29 | World { entities: vec![Entity { x: 1.0, y: 4.0 }, Entity { x: 10.0, y: 20.5 }] }; 30 | sandbox_no_ret!(complex_struct_vec(&mut world)); 31 | assert!(world == new_world) 32 | } 33 | 34 | // make sure the comparison is a useful one 35 | #[test] 36 | #[should_panic(expected = "assertion failed")] 37 | fn complex_struct_vec_test_fail() { 38 | let world = 39 | World { entities: vec![Entity { x: 0.0, y: 4.0 }, Entity { x: 10.0, y: 20.5 }] }; 40 | let new_world = 41 | World { entities: vec![Entity { x: 1.0, y: 4.0 }, Entity { x: 10.0, y: 20.5 }] }; 42 | assert!(world == new_world) 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /tests/deterministic_init.rs: -------------------------------------------------------------------------------- 1 | extern crate sandcrust; 2 | 3 | #[cfg(test)] 4 | mod deterministic_init { 5 | use sandcrust::*; 6 | // initialized the sandbox at a deterministic point 7 | #[test] 8 | fn run_deterministic_init() { 9 | sandcrust_init(); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /tests/deterministic_sandbox_handling.rs: -------------------------------------------------------------------------------- 1 | extern crate sandcrust; 2 | 3 | #[cfg(test)] 4 | mod deterministic_sandbox_handling { 5 | use sandcrust::*; 6 | // initialized the sandbox at a deterministic point 7 | #[test] 8 | fn run_deterministic_init() { 9 | sandcrust_init(); 10 | } 11 | 12 | #[test] 13 | #[cfg(feature = "auto_respawn")] 14 | fn run_deterministic_sandbox_handling() { 15 | sandcrust_init(); 16 | sandcrust_terminate(); 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /tests/mut_global_vars.rs: -------------------------------------------------------------------------------- 1 | #[macro_use] 2 | extern crate sandcrust; 3 | extern crate libc; 4 | 5 | #[cfg(test)] 6 | mod mut_global_vars { 7 | use sandcrust::*; 8 | sandcrust_wrap_global!{ 9 | #[link(name = "readline")] 10 | extern { 11 | static mut rl_readline_version: ::libc::c_int; 12 | } 13 | } 14 | 15 | sandbox!{ 16 | fn check_global(run: i32) { 17 | unsafe { 18 | if run == 1 { 19 | assert_eq!(rl_readline_version, 23); 20 | } else if run == 2 { 21 | assert_eq!(rl_readline_version, 42); 22 | } 23 | } 24 | } 25 | } 26 | 27 | #[test] 28 | fn run_check_global() { 29 | let mut run = 1; 30 | unsafe { 31 | rl_readline_version = 23; 32 | } 33 | check_global(run); 34 | run += 1; 35 | unsafe { 36 | rl_readline_version = 42; 37 | } 38 | check_global(run); 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /tests/retval_restore.rs: -------------------------------------------------------------------------------- 1 | #[macro_use] 2 | extern crate sandcrust; 3 | 4 | #[cfg(test)] 5 | mod retval_restore { 6 | 7 | fn no_ret() {} 8 | 9 | 10 | #[test] 11 | fn no_ret_test() { 12 | sandbox_no_ret!(no_ret()); 13 | } 14 | 15 | fn base_ret() -> i32 { 16 | let ret = 23; 17 | ret 18 | } 19 | 20 | #[test] 21 | fn base_ret_test() { 22 | let local_ret: i32 = sandbox!(base_ret()); 23 | assert_eq!(local_ret, 23); 24 | } 25 | 26 | fn second_base_ret(bla: &mut i32) -> i32 { 27 | let ret = 23; 28 | *bla = 7; 29 | ret 30 | } 31 | 32 | #[test] 33 | fn second_base_ret_test() { 34 | let mut bla = 22; 35 | let local_ret: i32 = sandbox!(second_base_ret(&mut bla)); 36 | assert_eq!(local_ret, 23); 37 | assert_eq!(bla, 7); 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /tests/retval_restore_global.rs: -------------------------------------------------------------------------------- 1 | #[macro_use] 2 | extern crate sandcrust; 3 | 4 | #[cfg(test)] 5 | mod retval_restore_global { 6 | use sandcrust::*; 7 | 8 | sandbox!{ 9 | fn no_ret() { 10 | ; 11 | } 12 | } 13 | 14 | 15 | #[test] 16 | fn no_ret_test() { 17 | no_ret(); 18 | } 19 | 20 | sandbox!{ 21 | fn base_ret() -> i32 { 22 | let ret = 23; 23 | ret 24 | } 25 | } 26 | 27 | #[test] 28 | fn base_ret_test() { 29 | let local_ret = base_ret(); 30 | assert_eq!(local_ret, 23); 31 | } 32 | 33 | sandbox!{ 34 | fn second_base_ret(bla: &mut i32) -> i32 { 35 | let ret = 23; 36 | *bla = 7; 37 | ret 38 | } 39 | } 40 | 41 | #[test] 42 | fn second_base_ret_test() { 43 | let mut bla = 22; 44 | let local_ret = second_base_ret(&mut bla); 45 | assert_eq!(local_ret, 23); 46 | assert_eq!(bla, 7); 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /tests/val_restore.rs: -------------------------------------------------------------------------------- 1 | #[macro_use] 2 | extern crate sandcrust; 3 | 4 | #[cfg(test)] 5 | mod val_restore { 6 | 7 | fn base_inc(a: &mut u8) { 8 | *a += 1; 9 | } 10 | 11 | 12 | #[test] 13 | fn base_test() { 14 | let mut a: u8 = 23; 15 | sandbox_no_ret!(base_inc(&mut a)); 16 | assert_eq!(a, 24); 17 | } 18 | 19 | fn second_to_first(a: &mut i32, b: i32) { 20 | *a = b; 21 | } 22 | 23 | #[test] 24 | fn second_to_first_test() { 25 | let mut a = 23; 26 | let b = 42; 27 | sandbox_no_ret!(second_to_first(&mut a, b)); 28 | assert_eq!(a, 42); 29 | } 30 | 31 | fn first_to_second(a: i32, b: &mut i32) { 32 | *b = a; 33 | } 34 | 35 | #[test] 36 | fn first_to_second_test() { 37 | let a = 23; 38 | let mut b = 42; 39 | sandbox_no_ret!(first_to_second(a, &mut b)); 40 | assert_eq!(b, 23); 41 | } 42 | 43 | fn mult_args_ref_direct_1(a: &i32, b: &mut i32, c: i32) { 44 | *b = a + c; 45 | } 46 | 47 | #[test] 48 | fn mult_args_ref_direct_1_test() { 49 | let a = 1; 50 | let mut b = 2; 51 | let c = 3; 52 | sandbox_no_ret!(mult_args_ref_direct_1(&a, &mut b, c)); 53 | assert_eq!(b, 4); 54 | } 55 | 56 | fn mult_args_ref_direct_2(a: i32, b: &i32, c: &mut i32) { 57 | *c = a + b; 58 | } 59 | 60 | #[test] 61 | fn mult_args_ref_direct_2_test() { 62 | let a = 1; 63 | let b = 2; 64 | let mut c = 7; 65 | sandbox_no_ret!(mult_args_ref_direct_2(a, &b, &mut c)); 66 | assert_eq!(c, 3); 67 | } 68 | 69 | fn mult_args_ref_direct_3(a: &mut i32, b: &i32, c: i32) { 70 | *a = b + c; 71 | } 72 | 73 | #[test] 74 | fn mult_args_ref_direct_3_test() { 75 | let mut a = 1; 76 | let b = 2; 77 | let c = 3; 78 | sandbox_no_ret!(mult_args_ref_direct_3(&mut a, &b, c)); 79 | assert_eq!(a, 5); 80 | } 81 | 82 | fn mult_mut_args_1(a: i32, b: &mut i32, c: &mut i32) { 83 | let d = a + 3; 84 | *c = a; 85 | *b = d; 86 | } 87 | 88 | #[test] 89 | fn mult_mut_args_1_test() { 90 | let a = 1; 91 | let mut b = 2; 92 | let mut c = 3; 93 | sandbox_no_ret!(mult_mut_args_1(a, &mut b, &mut c)); 94 | assert_eq!(b, 4); 95 | assert_eq!(c, 1); 96 | } 97 | 98 | fn mult_mut_args_2(a: &mut i32, b: i32, c: &mut i32) { 99 | let d = b + 3; 100 | *a = d; 101 | *c = b; 102 | } 103 | 104 | #[test] 105 | fn mult_mut_args_2_test() { 106 | let mut a = 1; 107 | let b = 2; 108 | let mut c = 3; 109 | sandbox_no_ret!(mult_mut_args_2(&mut a, b, &mut c)); 110 | assert_eq!(a, 5); 111 | assert_eq!(c, 2); 112 | } 113 | } 114 | -------------------------------------------------------------------------------- /tests/val_restore_ffi.rs: -------------------------------------------------------------------------------- 1 | #[macro_use] 2 | extern crate sandcrust; 3 | extern crate libc; 4 | 5 | #[cfg(test)] 6 | mod val_restore_ffi { 7 | use libc::{c_char, c_int}; 8 | use std::ffi::CString; 9 | 10 | 11 | extern "C" { 12 | fn puts(s: *const c_char) -> c_int; 13 | } 14 | 15 | #[test] 16 | fn puts_test() { 17 | let greeting = CString::new("Hello libc").unwrap(); 18 | unsafe { 19 | let gp = greeting.as_ptr(); 20 | sandbox_no_ret!(puts(gp)); 21 | } 22 | } 23 | } 24 | --------------------------------------------------------------------------------