[tarantool-patches] Re: [PATCH v3 6/6] box: introduce Lua persistent functions
Kirill Shcherbatov
kshcherbatov at tarantool.org
Wed Jun 19 18:51:08 MSK 2019
>> The new box.schema.func.create interface is:
>> box.schema.func.create('funcname', <setuid = true|FALSE>,
>> <if_not_exists = true|FALSE>, <language = LUA|c>,
>> <body = string ('')>, <is_deterministic = true|FALSE>,
>> <is_sandboxed = true|FALSE>)
>
> Why is FALSE written in CAPS? :)
It is default values.
>> + _ = box.space._func:replace({v.id, v.owner, v.name, v.setuid,
>> + v[5] or 'LUA', '', false, false,
>
> Why not v.language?
It was a bug in previous Tarantool version: _func:format() lacks of language field name.
===========================================================
Closes #4182
Needed for #1260
@TarantoolBot document
Title: Persistent Lua functions
Now Tarantool supports 'persistent' Lua functions.
Such functions are stored in snapshot and are available after
restart.
To create a persistent Lua function, specify a function body
in box.schema.func.create call:
e.g. body = "function(a, b) return a + b end"
A Lua persistent function may be 'sandboxed'. The 'sandboxed'
function is executed in isolated environment:
a. only limited set of Lua functions and modules are available:
-assert -error -pairs -ipairs -next -pcall -xpcall -type
-print -select -string -tonumber -tostring -unpack -math -utf8;
b. global variables are forbidden
Finally, the new 'is_deterministic' flag allows to mark a
registered function as deterministic, i.e. the function that
can produce only one result for a given list of parameters.
The new box.schema.func.create interface is:
box.schema.func.create('funcname', <setuid = true|FALSE>,
<if_not_exists = true|FALSE>, <language = LUA|c>,
<body = string ('')>, <is_deterministic = true|FALSE>,
<is_sandboxed = true|FALSE>)
Example:
lua_code = [[function(a, b) return a + b end]]
box.schema.func.create('sum', {body = lua_code,
is_deterministic = true, is_sandboxed = true})
box.func.sum
---
- is_sandboxed: true
is_deterministic: true
id: 2
setuid: false
body: function(a, b) return a + b end
name: sum
language: LUA
...
box.func.sum:call({1, 3})
---
- 4
...
---
src/box/alter.cc | 54 ++++++---
src/box/bootstrap.snap | Bin 4475 -> 4532 bytes
src/box/func.c | 7 +-
src/box/func_def.c | 8 ++
src/box/func_def.h | 20 +++-
src/box/lua/call.c | 216 ++++++++++++++++++++++++++++++++++-
src/box/lua/schema.lua | 12 +-
src/box/lua/upgrade.lua | 25 +++-
src/box/schema_def.h | 4 +
test/box-py/bootstrap.result | 6 +-
test/box/access_misc.result | 6 +-
test/box/function1.result | 191 +++++++++++++++++++++++++++++--
test/box/function1.test.lua | 67 ++++++++++-
13 files changed, 582 insertions(+), 34 deletions(-)
diff --git a/src/box/alter.cc b/src/box/alter.cc
index 33f9b0a71..532a24cef 100644
--- a/src/box/alter.cc
+++ b/src/box/alter.cc
@@ -2537,31 +2537,49 @@ func_def_get_ids_from_tuple(struct tuple *tuple, uint32_t *fid, uint32_t *uid)
static struct func_def *
func_def_new_from_tuple(struct tuple *tuple)
{
- uint32_t len;
- const char *name = tuple_field_str_xc(tuple, BOX_FUNC_FIELD_NAME,
- &len);
- if (len > BOX_NAME_MAX)
+ uint32_t field_count = tuple_field_count(tuple);
+ uint32_t name_len, body_len;
+ const char *name, *body;
+ name = tuple_field_str_xc(tuple, BOX_FUNC_FIELD_NAME, &name_len);
+ if (name_len > BOX_NAME_MAX) {
tnt_raise(ClientError, ER_CREATE_FUNCTION,
tt_cstr(name, BOX_INVALID_NAME_MAX),
"function name is too long");
- identifier_check_xc(name, len);
- struct func_def *def = (struct func_def *) malloc(func_def_sizeof(len));
+ }
+ identifier_check_xc(name, name_len);
+ if (field_count > BOX_FUNC_FIELD_BODY) {
+ body = tuple_field_str_xc(tuple, BOX_FUNC_FIELD_BODY,
+ &body_len);
+ } else {
+ body = NULL;
+ body_len = 0;
+ }
+ uint32_t def_sz = func_def_sizeof(name_len, body_len);
+ struct func_def *def =
+ (struct func_def *) malloc(def_sz);
if (def == NULL)
- tnt_raise(OutOfMemory, func_def_sizeof(len), "malloc", "def");
+ tnt_raise(OutOfMemory, def_sz, "malloc", "def");
auto def_guard = make_scoped_guard([=] { free(def); });
func_def_get_ids_from_tuple(tuple, &def->fid, &def->uid);
if (def->fid > BOX_FUNCTION_MAX) {
tnt_raise(ClientError, ER_CREATE_FUNCTION,
- tt_cstr(name, len), "function id is too big");
+ tt_cstr(name, name_len), "function id is too big");
}
- memcpy(def->name, name, len);
- def->name[len] = 0;
- def->name_len = len;
- if (tuple_field_count(tuple) > BOX_FUNC_FIELD_SETUID)
+ memcpy(def->name, name, name_len);
+ def->name[name_len] = 0;
+ def->name_len = name_len;
+ if (body_len > 0) {
+ def->body = def->name + name_len + 1;
+ memcpy(def->body, body, body_len);
+ def->body[body_len] = 0;
+ } else {
+ def->body = NULL;
+ }
+ if (field_count > BOX_FUNC_FIELD_SETUID)
def->setuid = tuple_field_u32_xc(tuple, BOX_FUNC_FIELD_SETUID);
else
def->setuid = false;
- if (tuple_field_count(tuple) > BOX_FUNC_FIELD_LANGUAGE) {
+ if (field_count > BOX_FUNC_FIELD_LANGUAGE) {
const char *language =
tuple_field_cstr_xc(tuple, BOX_FUNC_FIELD_LANGUAGE);
def->language = STR2ENUM(func_language, language);
@@ -2573,6 +2591,16 @@ func_def_new_from_tuple(struct tuple *tuple)
/* Lua is the default. */
def->language = FUNC_LANGUAGE_LUA;
}
+ if (field_count > BOX_FUNC_FIELD_BODY) {
+ def->is_deterministic =
+ tuple_field_bool_xc(tuple,
+ BOX_FUNC_FIELD_IS_DETERMINISTIC);
+ def->is_sandboxed =
+ tuple_field_bool_xc(tuple,
+ BOX_FUNC_FIELD_IS_SANDBOXED);
+ } else {
+ def->is_deterministic = false;
+ }
def_guard.is_active = false;
return def;
}
diff --git a/src/box/bootstrap.snap b/src/box/bootstrap.snap
index 56943ef7e7d0fe0e3dbb5d346544e2c78c3dc154..fb313d66eaa965afb373ef7820804365309886bd 100644
diff --git a/src/box/func.c b/src/box/func.c
index c57027809..d7c35cf68 100644
--- a/src/box/func.c
+++ b/src/box/func.c
@@ -416,8 +416,13 @@ static struct func_vtab func_c_vtab;
static struct func *
func_c_new(struct func_def *def)
{
- (void) def;
assert(def->language == FUNC_LANGUAGE_C);
+ if (def->body != NULL || def->is_sandboxed) {
+ diag_set(ClientError, ER_CREATE_FUNCTION, def->name,
+ "body and is_sandboxed options are not compatible "
+ "with C language");
+ return NULL;
+ }
struct func_c *func = (struct func_c *) malloc(sizeof(struct func_c));
if (func == NULL) {
diag_set(OutOfMemory, sizeof(*func), "malloc", "func");
diff --git a/src/box/func_def.c b/src/box/func_def.c
index 2b135e2d7..73e493786 100644
--- a/src/box/func_def.c
+++ b/src/box/func_def.c
@@ -14,7 +14,15 @@ func_def_cmp(struct func_def *def1, struct func_def *def2)
return def1->setuid - def2->setuid;
if (def1->language != def2->language)
return def1->language - def2->language;
+ if (def1->is_deterministic != def2->is_deterministic)
+ return def1->is_deterministic - def2->is_deterministic;
+ if (def1->is_sandboxed != def2->is_sandboxed)
+ return def1->is_sandboxed - def2->is_sandboxed;
if (strcmp(def1->name, def2->name) != 0)
return strcmp(def1->name, def2->name);
+ if ((def1->body != NULL) != (def2->body != NULL))
+ return def1->body - def2->body;
+ if (def1->body != NULL && strcmp(def1->body, def2->body) != 0)
+ return strcmp(def1->body, def2->body);
return 0;
}
diff --git a/src/box/func_def.h b/src/box/func_def.h
index 866d425a1..12f807f0e 100644
--- a/src/box/func_def.h
+++ b/src/box/func_def.h
@@ -58,11 +58,24 @@ struct func_def {
uint32_t fid;
/** Owner of the function. */
uint32_t uid;
+ /** Definition of the persistent function. */
+ char *body;
/**
* True if the function requires change of user id before
* invocation.
*/
bool setuid;
+ /**
+ * Whether this function is deterministic (can produce
+ * only one result for a given list of parameters).
+ */
+ bool is_deterministic;
+ /**
+ * Whether the routine must be initialized with isolated
+ * sandbox where only a limited number if functions is
+ * available.
+ */
+ bool is_sandboxed;
/**
* The language of the stored function.
*/
@@ -79,10 +92,13 @@ struct func_def {
* for a function of length @a a name_len.
*/
static inline size_t
-func_def_sizeof(uint32_t name_len)
+func_def_sizeof(uint32_t name_len, uint32_t body_len)
{
/* +1 for '\0' name terminating. */
- return sizeof(struct func_def) + name_len + 1;
+ size_t sz = sizeof(struct func_def) + name_len + 1;
+ if (body_len > 0)
+ sz += body_len + 1;
+ return sz;
}
/** Compare two given function definitions. */
diff --git a/src/box/lua/call.c b/src/box/lua/call.c
index f98ab42ac..4d83f53ac 100644
--- a/src/box/lua/call.c
+++ b/src/box/lua/call.c
@@ -300,6 +300,7 @@ struct execute_lua_ctx {
uint32_t name_len;
};
struct mpstream *stream;
+ int lua_ref;
};
struct port *args;
};
@@ -328,6 +329,24 @@ execute_lua_call(lua_State *L)
return lua_gettop(L);
}
+static int
+execute_lua_call_by_ref(lua_State *L)
+{
+ struct execute_lua_ctx *ctx =
+ (struct execute_lua_ctx *) lua_topointer(L, 1);
+ lua_settop(L, 0); /* clear the stack to simplify the logic below */
+
+ lua_rawgeti(L, LUA_REGISTRYINDEX, ctx->lua_ref);
+
+ /* Push the rest of args (a tuple). */
+ int top = lua_gettop(L);
+ port_dump_lua(ctx->args, L, true);
+ int arg_count = lua_gettop(L) - top;
+
+ lua_call(L, arg_count, LUA_MULTRET);
+ return lua_gettop(L);
+}
+
static int
execute_lua_eval(lua_State *L)
{
@@ -536,22 +555,168 @@ box_lua_eval(const char *expr, uint32_t expr_len,
struct func_lua {
/** Function object base class. */
struct func base;
+ /**
+ * For a persistent function: a reference to the
+ * function body. Otherwise LUA_REFNIL.
+ */
+ int lua_ref;
};
static struct func_vtab func_lua_vtab;
+static struct func_vtab func_persistent_lua_vtab;
+
+static const char *default_sandbox_exports[] = {
+ "assert", "error", "ipairs", "math", "next", "pairs", "pcall", "print",
+ "select", "string", "table", "tonumber", "tostring", "type", "unpack",
+ "xpcall", "utf8",
+};
+
+/**
+ * Assemble a new sandbox with given exports table on the top of
+ * a given Lua stack. All modules in exports list are copying
+ * deeply to ensure the immutability of this system object.
+ */
+static int
+prepare_lua_sandbox(struct lua_State *L, const char *exports[],
+ int export_count)
+{
+ lua_createtable(L, export_count, 0);
+ if (export_count == 0)
+ return 0;
+ int rc = -1;
+ const char *deepcopy = "table.deepcopy";
+ int luaL_deepcopy_func_ref = LUA_REFNIL;
+ int ret = box_lua_find(L, deepcopy, deepcopy + strlen(deepcopy));
+ if (ret < 0)
+ goto end;
+ luaL_deepcopy_func_ref = luaL_ref(L, LUA_REGISTRYINDEX);
+ assert(luaL_deepcopy_func_ref != LUA_REFNIL);
+ for (int i = 0; i < export_count; i++) {
+ uint32_t name_len = strlen(exports[i]);
+ ret = box_lua_find(L, exports[i], exports[i] + name_len);
+ if (ret < 0)
+ goto end;
+ switch (lua_type(L, -1)) {
+ case LUA_TTABLE:
+ lua_rawgeti(L, LUA_REGISTRYINDEX,
+ luaL_deepcopy_func_ref);
+ lua_insert(L, -2);
+ lua_call(L, 1, 1);
+ break;
+ case LUA_TFUNCTION:
+ break;
+ default:
+ unreachable();
+ }
+ lua_setfield(L, -2, exports[i]);
+ }
+ rc = 0;
+end:
+ luaL_unref(tarantool_L, LUA_REGISTRYINDEX, luaL_deepcopy_func_ref);
+ return rc;
+}
+
+/**
+ * Assemble a Lua function object by user-defined function body.
+ */
+static int
+func_persistent_lua_load(struct func_lua *func)
+{
+ int rc = -1;
+ int top = lua_gettop(tarantool_L);
+ struct region *region = &fiber()->gc;
+ size_t region_svp = region_used(region);
+ const char *load_pref = "return ";
+ uint32_t load_str_sz =
+ strlen(load_pref) + strlen(func->base.def->body) + 1;
+ char *load_str = region_alloc(region, load_str_sz);
+ if (load_str == NULL) {
+ diag_set(OutOfMemory, load_str_sz, "region", "load_str");
+ return -1;
+ }
+ sprintf(load_str, "%s%s", load_pref, func->base.def->body);
+
+ /*
+ * Perform loading of the persistent Lua function
+ * in a new sandboxed Lua thread. The sandbox is
+ * required to guarantee the safety of executing
+ * an arbitrary user-defined code
+ * (e.g. body = 'fiber.yield()').
+ */
+ struct lua_State *coro_L = lua_newthread(tarantool_L);
+ if (!func->base.def->is_sandboxed) {
+ /*
+ * Keep an original env to apply for non-sandboxed
+ * persistent function. It is required because
+ * built object inherits parent env.
+ */
+ lua_getfenv(tarantool_L, -1);
+ lua_insert(tarantool_L, -2);
+ }
+ if (prepare_lua_sandbox(tarantool_L, NULL, 0) != 0)
+ unreachable();
+ lua_setfenv(tarantool_L, -2);
+ int coro_ref = luaL_ref(tarantool_L, LUA_REGISTRYINDEX);
+ if (luaL_loadstring(coro_L, load_str) != 0 ||
+ lua_pcall(coro_L, 0, 1, 0) != 0) {
+ diag_set(ClientError, ER_LOAD_FUNCTION, func->base.def->name,
+ luaT_tolstring(coro_L, -1, NULL));
+ goto end;
+ }
+ if (!lua_isfunction(coro_L, -1)) {
+ diag_set(ClientError, ER_LOAD_FUNCTION, func->base.def->name,
+ "given body doesn't define a function");
+ goto end;
+ }
+ lua_xmove(coro_L, tarantool_L, 1);
+ if (func->base.def->is_sandboxed) {
+ if (prepare_lua_sandbox(tarantool_L, default_sandbox_exports,
+ nelem(default_sandbox_exports)) != 0) {
+ diag_set(ClientError, ER_LOAD_FUNCTION,
+ func->base.def->name,
+ diag_last_error(diag_get())->errmsg);
+ goto end;
+ }
+ } else {
+ lua_insert(tarantool_L, -2);
+ }
+ lua_setfenv(tarantool_L, -2);
+ func->lua_ref = luaL_ref(tarantool_L, LUA_REGISTRYINDEX);
+ rc = 0;
+end:
+ lua_settop(tarantool_L, top);
+ region_truncate(region, region_svp);
+ luaL_unref(tarantool_L, LUA_REGISTRYINDEX, coro_ref);
+ return rc;
+}
struct func *
func_lua_new(struct func_def *def)
{
- (void) def;
assert(def->language == FUNC_LANGUAGE_LUA);
+ if (def->is_sandboxed && def->body == NULL) {
+ diag_set(ClientError, ER_CREATE_FUNCTION, def->name,
+ "is_sandboxed option may be set only for persistent "
+ "Lua function (when body option is set)");
+ return NULL;
+ }
struct func_lua *func =
(struct func_lua *) malloc(sizeof(struct func_lua));
if (func == NULL) {
diag_set(OutOfMemory, sizeof(*func), "malloc", "func");
return NULL;
}
- func->base.vtab = &func_lua_vtab;
+ if (def->body != NULL) {
+ func->base.def = def;
+ func->base.vtab = &func_persistent_lua_vtab;
+ if (func_persistent_lua_load(func) != 0) {
+ free(func);
+ return NULL;
+ }
+ } else {
+ func->lua_ref = LUA_REFNIL;
+ func->base.vtab = &func_lua_vtab;
+ }
return &func->base;
}
@@ -576,6 +741,42 @@ static struct func_vtab func_lua_vtab = {
.destroy = func_lua_destroy,
};
+static void
+func_persistent_lua_unload(struct func_lua *func)
+{
+ luaL_unref(tarantool_L, LUA_REGISTRYINDEX, func->lua_ref);
+}
+
+static void
+func_persistent_lua_destroy(struct func *base)
+{
+ assert(base != NULL && base->def->language == FUNC_LANGUAGE_LUA &&
+ base->def->body != NULL);
+ assert(base->vtab == &func_persistent_lua_vtab);
+ struct func_lua *func = (struct func_lua *) base;
+ func_persistent_lua_unload(func);
+ free(func);
+}
+
+static inline int
+func_persistent_lua_call(struct func *base, struct port *args, struct port *ret)
+{
+ assert(base != NULL && base->def->language == FUNC_LANGUAGE_LUA &&
+ base->def->body != NULL);
+ assert(base->vtab == &func_persistent_lua_vtab);
+ struct func_lua *func = (struct func_lua *)base;
+ struct execute_lua_ctx ctx;
+ ctx.lua_ref = func->lua_ref;
+ ctx.args = args;
+ return box_process_lua(execute_lua_call_by_ref, &ctx, ret);
+
+}
+
+static struct func_vtab func_persistent_lua_vtab = {
+ .call = func_persistent_lua_call,
+ .destroy = func_persistent_lua_destroy,
+};
+
static int
lbox_module_reload(lua_State *L)
{
@@ -669,6 +870,17 @@ lbox_func_new(struct lua_State *L, struct func *func)
lua_pushstring(L, "language");
lua_pushstring(L, func_language_strs[func->def->language]);
lua_settable(L, top);
+ lua_pushstring(L, "is_deterministic");
+ lua_pushboolean(L, func->def->is_deterministic);
+ lua_settable(L, top);
+ if (func->def->body != NULL) {
+ lua_pushstring(L, "body");
+ lua_pushstring(L, func->def->body);
+ lua_settable(L, top);
+ lua_pushstring(L, "is_sandboxed");
+ lua_pushboolean(L, func->def->is_sandboxed);
+ lua_settable(L, top);
+ }
/* Bless func object. */
lua_getfield(L, LUA_GLOBALSINDEX, "box");
diff --git a/src/box/lua/schema.lua b/src/box/lua/schema.lua
index 9c3ee063c..9d8df54dc 100644
--- a/src/box/lua/schema.lua
+++ b/src/box/lua/schema.lua
@@ -2138,7 +2138,9 @@ box.schema.func.create = function(name, opts)
opts = opts or {}
check_param_table(opts, { setuid = 'boolean',
if_not_exists = 'boolean',
- language = 'string'})
+ language = 'string', body = 'string',
+ is_deterministic = 'boolean',
+ is_sandboxed = 'boolean', opts = 'table'})
local _func = box.space[box.schema.FUNC_ID]
local _vfunc = box.space[box.schema.VFUNC_ID]
local func = _vfunc.index.name:get{name}
@@ -2148,10 +2150,14 @@ box.schema.func.create = function(name, opts)
end
return
end
- opts = update_param_table(opts, { setuid = false, language = 'lua'})
+ opts = update_param_table(opts, { setuid = false, language = 'lua',
+ body = '', is_deterministic = false,
+ is_sandboxed = false, opts = setmap{}})
opts.language = string.upper(opts.language)
opts.setuid = opts.setuid and 1 or 0
- _func:auto_increment{session.euid(), name, opts.setuid, opts.language}
+ _func:auto_increment{session.euid(), name, opts.setuid, opts.language,
+ opts.body, opts.is_deterministic, opts.is_sandboxed,
+ opts.opts}
end
box.schema.func.drop = function(name, opts)
diff --git a/src/box/lua/upgrade.lua b/src/box/lua/upgrade.lua
index 3385b8e17..f2edf86df 100644
--- a/src/box/lua/upgrade.lua
+++ b/src/box/lua/upgrade.lua
@@ -326,7 +326,8 @@ local function initial_1_7_5()
-- create "box.schema.user.info" function
log.info('create function "box.schema.user.info" with setuid')
- _func:replace{1, ADMIN, 'box.schema.user.info', 1, 'LUA'}
+ _func:replace{1, ADMIN, 'box.schema.user.info', 1, 'LUA',
+ '', false, false, MAP}
-- grant 'public' role access to 'box.schema.user.info' function
log.info('grant execute on function "box.schema.user.info" to public')
@@ -820,10 +821,32 @@ local function create_vcollation_space()
box.space[box.schema.VCOLLATION_ID]:format(format)
end
+local function upgrade_func_to_2_2_1()
+ log.info("Update _func format")
+ local _func = box.space[box.schema.FUNC_ID]
+ local format = {}
+ format[1] = {name='id', type='unsigned'}
+ format[2] = {name='owner', type='unsigned'}
+ format[3] = {name='name', type='string'}
+ format[4] = {name='setuid', type='unsigned'}
+ format[5] = {name='language', type='string'}
+ format[6] = {name='body', type='string'}
+ format[7] = {name='is_deterministic', type='boolean'}
+ format[8] = {name='is_sandboxed', type='boolean'}
+ format[9] = {name='opts', type='map'}
+ for _, v in box.space._func:pairs() do
+ _ = box.space._func:replace({v.id, v.owner, v.name, v.setuid,
+ v[5] or 'LUA', '', false, false,
+ setmap({})})
+ end
+ _func:format(format)
+end
+
local function upgrade_to_2_2_1()
upgrade_sequence_to_2_2_1()
upgrade_ck_constraint_to_2_2_1()
create_vcollation_space()
+ upgrade_func_to_2_2_1()
end
--------------------------------------------------------------------------------
diff --git a/src/box/schema_def.h b/src/box/schema_def.h
index 88b5502b8..ac2b3bfef 100644
--- a/src/box/schema_def.h
+++ b/src/box/schema_def.h
@@ -167,6 +167,10 @@ enum {
BOX_FUNC_FIELD_NAME = 2,
BOX_FUNC_FIELD_SETUID = 3,
BOX_FUNC_FIELD_LANGUAGE = 4,
+ BOX_FUNC_FIELD_BODY = 5,
+ BOX_FUNC_FIELD_IS_DETERMINISTIC = 6,
+ BOX_FUNC_FIELD_IS_SANDBOXED = 7,
+ BOX_FUNC_FIELD_OPTS = 8,
};
/** _collation fields. */
diff --git a/test/box-py/bootstrap.result b/test/box-py/bootstrap.result
index b20dc41e5..5ca7f3740 100644
--- a/test/box-py/bootstrap.result
+++ b/test/box-py/bootstrap.result
@@ -53,7 +53,9 @@ box.space._space:select{}
'type': 'string'}, {'name': 'opts', 'type': 'map'}, {'name': 'parts', 'type': 'array'}]]
- [296, 1, '_func', 'memtx', 0, {}, [{'name': 'id', 'type': 'unsigned'}, {'name': 'owner',
'type': 'unsigned'}, {'name': 'name', 'type': 'string'}, {'name': 'setuid',
- 'type': 'unsigned'}]]
+ 'type': 'unsigned'}, {'name': 'language', 'type': 'string'}, {'name': 'body',
+ 'type': 'string'}, {'name': 'is_deterministic', 'type': 'boolean'}, {'name': 'is_sandboxed',
+ 'type': 'boolean'}, {'name': 'opts', 'type': 'map'}]]
- [297, 1, '_vfunc', 'sysview', 0, {}, [{'name': 'id', 'type': 'unsigned'}, {'name': 'owner',
'type': 'unsigned'}, {'name': 'name', 'type': 'string'}, {'name': 'setuid',
'type': 'unsigned'}]]
@@ -152,7 +154,7 @@ box.space._user:select{}
...
box.space._func:select{}
---
-- - [1, 1, 'box.schema.user.info', 1, 'LUA']
+- - [1, 1, 'box.schema.user.info', 1, 'LUA', '', false, false, {}]
...
box.space._priv:select{}
---
diff --git a/test/box/access_misc.result b/test/box/access_misc.result
index 53d366106..e7a6f0984 100644
--- a/test/box/access_misc.result
+++ b/test/box/access_misc.result
@@ -793,7 +793,9 @@ box.space._space:select()
'type': 'string'}, {'name': 'opts', 'type': 'map'}, {'name': 'parts', 'type': 'array'}]]
- [296, 1, '_func', 'memtx', 0, {}, [{'name': 'id', 'type': 'unsigned'}, {'name': 'owner',
'type': 'unsigned'}, {'name': 'name', 'type': 'string'}, {'name': 'setuid',
- 'type': 'unsigned'}]]
+ 'type': 'unsigned'}, {'name': 'language', 'type': 'string'}, {'name': 'body',
+ 'type': 'string'}, {'name': 'is_deterministic', 'type': 'boolean'}, {'name': 'is_sandboxed',
+ 'type': 'boolean'}, {'name': 'opts', 'type': 'map'}]]
- [297, 1, '_vfunc', 'sysview', 0, {}, [{'name': 'id', 'type': 'unsigned'}, {'name': 'owner',
'type': 'unsigned'}, {'name': 'name', 'type': 'string'}, {'name': 'setuid',
'type': 'unsigned'}]]
@@ -829,7 +831,7 @@ box.space._space:select()
...
box.space._func:select()
---
-- - [1, 1, 'box.schema.user.info', 1, 'LUA']
+- - [1, 1, 'box.schema.user.info', 1, 'LUA', '', false, false, {}]
...
session = nil
---
diff --git a/test/box/function1.result b/test/box/function1.result
index 99006926e..3630f7ede 100644
--- a/test/box/function1.result
+++ b/test/box/function1.result
@@ -16,7 +16,10 @@ c = net.connect(os.getenv("LISTEN"))
box.schema.func.create('function1', {language = "C"})
---
...
-box.space._func:replace{2, 1, 'function1', 0, 'LUA'}
+function setmap(tab) return setmetatable(tab, { __serialize = 'map' }) end
+---
+...
+box.space._func:replace{2, 1, 'function1', 0, 'LUA', '', false, false, setmap({})}
---
- error: function does not support alter
...
@@ -59,10 +62,11 @@ c:call('function1.args', { 15 })
...
box.func["function1.args"]
---
-- language: C
+- is_deterministic: false
+ id: 2
setuid: false
name: function1.args
- id: 2
+ language: C
...
box.func["function1.args"]:call()
---
@@ -368,10 +372,11 @@ func:drop()
...
func
---
-- language: LUA
+- is_deterministic: false
+ id: 2
setuid: false
name: divide
- id: 2
+ language: LUA
...
func.drop()
---
@@ -424,10 +429,11 @@ func:drop()
...
func
---
-- language: C
+- is_deterministic: false
+ id: 2
setuid: false
name: function1.divide
- id: 2
+ language: C
...
func:drop()
---
@@ -510,6 +516,177 @@ box.schema.func.drop('secret_leak')
box.schema.func.drop('secret')
---
...
+--
+-- gh-4182: Introduce persistent Lua functions.
+--
+test_run:cmd("setopt delimiter ';'")
+---
+- true
+...
+body = [[function(tuple)
+ if type(tuple.address) ~= 'string' then
+ return nil, 'Invalid field type'
+ end
+ local t = tuple.address:upper():split()
+ for k,v in pairs(t) do t[k] = v end
+ return t
+ end
+]]
+test_run:cmd("setopt delimiter ''");
+---
+...
+box.schema.func.create('addrsplit', {body = body, language = "C"})
+---
+- error: 'Failed to create function ''addrsplit'': body and is_sandboxed options are
+ not compatible with C language'
+...
+box.schema.func.create('addrsplit', {is_sandboxed = true, language = "C"})
+---
+- error: 'Failed to create function ''addrsplit'': body and is_sandboxed options are
+ not compatible with C language'
+...
+box.schema.func.create('addrsplit', {is_sandboxed = true})
+---
+- error: 'Failed to create function ''addrsplit'': is_sandboxed option may be set
+ only for persistent Lua function (when body option is set)'
+...
+box.schema.func.create('invalid', {body = "function(tuple) ret tuple"})
+---
+- error: 'Failed to dynamically load function ''invalid'': [string "return function(tuple)
+ ret tuple"]:1: ''='' expected near ''tuple'''
+...
+box.schema.func.create('addrsplit', {body = body, is_deterministic = true})
+---
+...
+box.schema.user.grant('guest', 'execute', 'function', 'addrsplit')
+---
+...
+conn = net.connect(box.cfg.listen)
+---
+...
+conn:call('addrsplit', {{address = "Moscow Dolgoprudny"}})
+---
+- ['MOSCOW', 'DOLGOPRUDNY']
+...
+box.func.addrsplit:call({{address = "Moscow Dolgoprudny"}})
+---
+- - MOSCOW
+ - DOLGOPRUDNY
+...
+conn:close()
+---
+...
+box.snapshot()
+---
+- ok
+...
+test_run:cmd("restart server default")
+test_run = require('test_run').new()
+---
+...
+test_run:cmd("push filter '(.builtin/.*.lua):[0-9]+' to '\\1'")
+---
+- true
+...
+net = require('net.box')
+---
+...
+conn = net.connect(box.cfg.listen)
+---
+...
+conn:call('addrsplit', {{address = "Moscow Dolgoprudny"}})
+---
+- ['MOSCOW', 'DOLGOPRUDNY']
+...
+box.func.addrsplit:call({{address = "Moscow Dolgoprudny"}})
+---
+- - MOSCOW
+ - DOLGOPRUDNY
+...
+conn:close()
+---
+...
+box.schema.user.revoke('guest', 'execute', 'function', 'addrsplit')
+---
+...
+box.func.addrsplit:drop()
+---
+...
+-- Test sandboxed functions.
+test_run:cmd("setopt delimiter ';'")
+---
+- true
+...
+body = [[function(number)
+ math.abs = math.log
+ return math.abs(number)
+ end]]
+test_run:cmd("setopt delimiter ''");
+---
+...
+box.schema.func.create('monkey', {body = body, is_sandboxed = true})
+---
+...
+box.func.monkey:call({1})
+---
+- 0
+...
+math.abs(1)
+---
+- 1
+...
+box.func.monkey:drop()
+---
+...
+sum = 0
+---
+...
+function inc_g(val) sum = sum + val end
+---
+...
+box.schema.func.create('call_inc_g', {body = "function(val) inc_g(val) end"})
+---
+...
+box.func.call_inc_g:call({1})
+---
+...
+assert(sum == 1)
+---
+- true
+...
+box.schema.func.create('call_inc_g_safe', {body = "function(val) inc_g(val) end", is_sandboxed = true})
+---
+...
+box.func.call_inc_g_safe:call({1})
+---
+- error: '[string "return function(val) inc_g(val) end"]:1: attempt to call global
+ ''inc_g'' (a nil value)'
+...
+assert(sum == 1)
+---
+- true
+...
+box.func.call_inc_g:drop()
+---
+...
+box.func.call_inc_g_safe:drop()
+---
+...
+-- Test persistent function assemble corner cases
+box.schema.func.create('compiletime_tablef', {body = "{}"})
+---
+- error: 'Failed to dynamically load function ''compiletime_tablef'': given body doesn''t
+ define a function'
+...
+box.schema.func.create('compiletime_call_inc_g', {body = "inc_g()"})
+---
+- error: 'Failed to dynamically load function ''compiletime_call_inc_g'': [string
+ "return inc_g()"]:1: attempt to call global ''inc_g'' (a nil value)'
+...
+assert(sum == 1)
+---
+- true
+...
test_run:cmd("clear filter")
---
- true
diff --git a/test/box/function1.test.lua b/test/box/function1.test.lua
index 25966b915..b77ebe06b 100644
--- a/test/box/function1.test.lua
+++ b/test/box/function1.test.lua
@@ -7,7 +7,8 @@ net = require('net.box')
c = net.connect(os.getenv("LISTEN"))
box.schema.func.create('function1', {language = "C"})
-box.space._func:replace{2, 1, 'function1', 0, 'LUA'}
+function setmap(tab) return setmetatable(tab, { __serialize = 'map' }) end
+box.space._func:replace{2, 1, 'function1', 0, 'LUA', '', false, false, setmap({})}
box.schema.user.grant('guest', 'execute', 'function', 'function1')
_ = box.schema.space.create('test')
_ = box.space.test:create_index('primary')
@@ -180,4 +181,68 @@ box.schema.user.revoke('guest', 'execute', 'function', 'secret_leak')
box.schema.func.drop('secret_leak')
box.schema.func.drop('secret')
+--
+-- gh-4182: Introduce persistent Lua functions.
+--
+test_run:cmd("setopt delimiter ';'")
+body = [[function(tuple)
+ if type(tuple.address) ~= 'string' then
+ return nil, 'Invalid field type'
+ end
+ local t = tuple.address:upper():split()
+ for k,v in pairs(t) do t[k] = v end
+ return t
+ end
+]]
+test_run:cmd("setopt delimiter ''");
+box.schema.func.create('addrsplit', {body = body, language = "C"})
+box.schema.func.create('addrsplit', {is_sandboxed = true, language = "C"})
+box.schema.func.create('addrsplit', {is_sandboxed = true})
+box.schema.func.create('invalid', {body = "function(tuple) ret tuple"})
+box.schema.func.create('addrsplit', {body = body, is_deterministic = true})
+box.schema.user.grant('guest', 'execute', 'function', 'addrsplit')
+conn = net.connect(box.cfg.listen)
+conn:call('addrsplit', {{address = "Moscow Dolgoprudny"}})
+box.func.addrsplit:call({{address = "Moscow Dolgoprudny"}})
+conn:close()
+box.snapshot()
+test_run:cmd("restart server default")
+test_run = require('test_run').new()
+test_run:cmd("push filter '(.builtin/.*.lua):[0-9]+' to '\\1'")
+net = require('net.box')
+conn = net.connect(box.cfg.listen)
+conn:call('addrsplit', {{address = "Moscow Dolgoprudny"}})
+box.func.addrsplit:call({{address = "Moscow Dolgoprudny"}})
+conn:close()
+box.schema.user.revoke('guest', 'execute', 'function', 'addrsplit')
+box.func.addrsplit:drop()
+
+-- Test sandboxed functions.
+test_run:cmd("setopt delimiter ';'")
+body = [[function(number)
+ math.abs = math.log
+ return math.abs(number)
+ end]]
+test_run:cmd("setopt delimiter ''");
+box.schema.func.create('monkey', {body = body, is_sandboxed = true})
+box.func.monkey:call({1})
+math.abs(1)
+box.func.monkey:drop()
+
+sum = 0
+function inc_g(val) sum = sum + val end
+box.schema.func.create('call_inc_g', {body = "function(val) inc_g(val) end"})
+box.func.call_inc_g:call({1})
+assert(sum == 1)
+box.schema.func.create('call_inc_g_safe', {body = "function(val) inc_g(val) end", is_sandboxed = true})
+box.func.call_inc_g_safe:call({1})
+assert(sum == 1)
+box.func.call_inc_g:drop()
+box.func.call_inc_g_safe:drop()
+
+-- Test persistent function assemble corner cases
+box.schema.func.create('compiletime_tablef', {body = "{}"})
+box.schema.func.create('compiletime_call_inc_g', {body = "inc_g()"})
+assert(sum == 1)
+
test_run:cmd("clear filter")
--
2.21.0
More information about the Tarantool-patches
mailing list