• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

Mueval/H16-Aug-2016-542381

_cabal_deps/H03-May-2022-21,57312,994

HCAR.texH A D16-Aug-20161.8 KiB3831

LICENSEH A D16-Aug-20161.4 KiB2923

README.mdH A D16-Aug-20165.1 KiB8850

Setup.hsH A D16-Aug-201695 63

build.shH A D16-Aug-2016517 149

cabal.projectH A D03-May-2022370 1211

main.hsH A D16-Aug-2016622 1810

mueval.cabalH A D03-May-20222.1 KiB5445

tests.shH A D16-Aug-20165.8 KiB12276

watchdog.hsH A D16-Aug-20161.6 KiB3122

README.md

1# What
2
3Mueval grew out of my discontent with Lambdabot: it's really neat to be able to run expressions in `#haskell` like this:
4
5    07:53 < ivanm> > filter (\ x -> isLetter x || x == '\t') "asdf$#$     dfs"
6    07:55 < lambdabot>  "asdfdfs"
7
8But Lambdabot is crufty and very difficult to install or run. IMO, we need a replacement or rewrite, but one of the things that make this difficult is that Lambdabot uses `hs-plugins` to get that sort of evaluation functionality, and `hs-plugins` is half the problem. We want some sort of standalone executable which provides that functionality. Now, `ghc -e` is obviously unsuited because there is no sandboxing, so what I've done is basically marry the GHC API (as rendered less sharp-edged by Hint) with a bunch of resource limits and sandboxing (as largely stolen from Lambdabot).
9
10# Examples
11
12The end result is an adorable little program, which you can use like this:
13
14    $ mueval --expression '1*100+1'
15    Expression type: (Num t) => t
16    result: "101"
17
18    $ mueval --expression "filter (\`notElem\` ['A'..'Z']) \"abcXsdzWEE\""
19    Expression type: [Char]
20    result: "\"abcsdz\""
21
22Note that mueval will avoid all the attacks I've been able to test on it:
23
24    $ mueval --expression 'let x = x in x'
25    Expression type: t
26    result: "mueval: Time limit exceeded"
27
28    $ mueval --expression "let foo = readFile \"/etc/passwd\" >>= print in foo"
29    Expression type: IO ()
30    result: "<IO ()>"
31
32    $ mueval --module System.IO.Unsafe --expression "let foo = unsafePerformIO readFile \"/etc/passwd\" in foo"
33    mueval: Unknown or untrusted module supplied! Aborting.
34
35## Loading definitions from files
36
37Like Lambdabot, Mueval is capable of loading a file and its definitions. This is useful to get a kind of persistence. Suppose you have a file `L.hs`, with a function `bar = (+1)` in it; then `mueval --loadfile=L.hs --expression="bar 1"` will evaluate to, as one would expect, `2`.
38
39It's worth noting that definitions and module imports in the loaded *are not* fully checked like the expression is. The resource limits and timeouts still apply, but little else. So if you are dynamically adding functions and module imports, you *must* secure them yourself or accept the loss of security. Currently, all known 'evil' expressions cause Mueval to exit with an error (a non-zero exit code), so my advice is to do something like `mueval --expression foo && echo "\n" >> L.hs && echo foo >> L.hs`. (That is, only accept new expressions which evaluate successfully.)
40
41# Summary
42
43Anyway, it's my hope that this will be useful as an example or useful in itself for people endeavoring to fix the Lambdabot situation or just in safely running code period.
44
45# Getting
46
47You can download Mueval at Hackage: <http://hackage.haskell.org/package/mueval>. Mueval has a public Git repository, at <https://github.com/gwern/mueval>. Contributions & updates are of course welcomed.
48
49# Installing
50
51Mueval depends on a few of the standard libraries, which you should have installed already, and also on the 'Hint' library <http://hackage.haskell.org/package/hint>; Hint is particularly essential as it is the very capable wrapper around the GHC API which Mueval uses. (Without Hint, this would've been much more painful to write). All of this is cabalized, so ideally installation will be as simple as:
52
53    $ cabal install mueval
54
55However, you can still manually download and unpack the Mueval tarball, and do the usual Cabal dance:
56
57    $ runhaskell Setup configure
58    $ runhaskell Setup build
59    $ runhaskell Setup install
60
61# See also
62
63- Chris Done's interactive Haskell REPL website, [Try Haskell!](http://tryhaskell.org/)
64
65# Bugs
66
67Mueval uses a number of techniques for security; particularly problematic seem to be the resource limits, as they have to be specified manually & statically in the source code and so will probably be broken somewhere somewhen. For this reason, they are not enabled by default. Experiment with --rlimits for hours of fun!
68
69Mueval also cannot do qualified imports. This is due to limitations in the GHC API; see <https://ghc.haskell.org/trac/ghc/ticket/1895> & <https://ghc.haskell.org/trac/ghc/ticket/2362>.
70
71As of 2010 or so, compiling Mueval (or any Hint-using executable) with profiling support seems to lead to runtime crashes.
72
73Finally, under GHC 6.10.1 (and higher?), you must run Mueval with `+RTS -N2 -RTS` as otherwise the watchdog threads will not get run and DoS attacks are possible. (Compare `mueval -e "let x = x + 1 in x"` against `mueval -e "let x = x + 1 in x" +RTS -N2 -RTS`.)
74
75# Contributions
76
77So, you've discovered a bug or other infelicity? If you can successfully build & install Mueval, but running it on expressions leads to errors, please send me an email at <gwern@gwern.net>. Include in the email all the output you see if you run the informal test suite:
78
79    $ sh tests.sh
80
81If this script *does not* terminate with a success message, then there's probably something wrong. One of the properties Mueval strives to have is that on every bad expression, it errors out with an exit code of 1, and on every good expression, an exit code of 0.
82
83Also good is making sure `cabal check` and `hlint` are happy; but that's not as important as `tests.sh` passing.
84
85# License
86
87BSD-3.
88