lambdust 0.1.1

A Scheme dialect with gradual typing and effect systems
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544

//! Dynamic evaluation engine with sandboxing and security.
//!
//! This module provides safe dynamic evaluation of code strings with
//! comprehensive security controls, resource limits, and execution contexts.

use super::security::{SecurityManager, SecurityContext, Permission, ResourceUsage};
use crate::eval::{Value, Environment, Evaluator};
use crate::lexer::Lexer;
use crate::parser::Parser;
use crate::diagnostics::{Error, Result};
use crate::ast::Program;
use std::collections::HashMap;
use std::sync::{Arc, RwLock};
use std::rc::Rc;
use std::time::{Duration, Instant};

/// Execution context for dynamic evaluation.
#[derive(Debug, Clone)]
pub struct ExecutionContext {
    /// Principal executing the code
    pub principal: String,
    /// Environment for evaluation
    pub environment: Rc<Environment>,
    /// Security context
    pub security_context: SecurityContext,
    /// Execution limits
    pub limits: ExecutionLimits,
    /// Context metadata
    pub metadata: HashMap<String, Value>,
}

/// Execution limits for dynamic evaluation.
#[derive(Debug, Clone)]
pub struct ExecutionLimits {
    /// Maximum execution time
    pub time_limit: Option<Duration>,
    /// Maximum memory usage
    pub memory_limit: Option<usize>,
    /// Maximum stack depth
    pub stack_depth_limit: Option<usize>,
    /// Maximum number of evaluation steps
    pub step_limit: Option<usize>,
}

/// Result of dynamic evaluation.
#[derive(Debug, Clone)]
pub struct EvaluationResult {
    /// The resulting value
    pub value: Value,
    /// Execution statistics
    pub stats: ExecutionStats,
    /// Any warnings generated
    pub warnings: Vec<String>,
    /// Security violations (if any)
    pub security_violations: Vec<String>,
}

/// Execution statistics.
#[derive(Debug, Clone)]
pub struct ExecutionStats {
    /// Total execution time
    pub execution_time: Duration,
    /// Number of evaluation steps
    pub steps: usize,
    /// Memory used
    pub memory_used: usize,
    /// Maximum stack depth reached
    pub max_stack_depth: usize,
    /// Number of allocations
    pub allocations: usize,
}

/// Sandbox environment for safe code execution.
#[derive(Debug)]
pub struct SandboxEnvironment {
    /// Base environment (restricted)
    base_environment: Rc<Environment>,
    /// Security manager
    security_manager: SecurityManager,
    /// Allowed primitives
    allowed_primitives: Vec<String>,
    /// Resource monitoring
    resource_monitor: ResourceMonitor,
}

/// Resource monitor for tracking usage.
#[derive(Debug)]
pub struct ResourceMonitor {
    /// Current resource usage
    usage: Arc<RwLock<ResourceUsage>>,
    /// Start time of execution
    start_time: Instant,
}

impl ResourceMonitor {
    /// Creates a new resource monitor.
    pub fn new() -> Self {
        Self {
            usage: Arc::new(RwLock::new(ResourceUsage::default())),
            start_time: Instant::now(),
        }
    }

    /// Records an allocation.
    pub fn record_allocation(&self, size: usize) {
        let mut usage = self.usage.write().unwrap();
        usage.allocations += 1;
        usage.memory_used += size;
    }

    /// Records a stack frame.
    pub fn record_stack_frame(&self) {
        let mut usage = self.usage.write().unwrap();
        usage.stack_depth += 1;
    }

    /// Removes a stack frame.
    pub fn remove_stack_frame(&self) {
        let mut usage = self.usage.write().unwrap();
        usage.stack_depth = usage.stack_depth.saturating_sub(1);
    }

    /// Updates execution time.
    pub fn update_execution_time(&self) {
        let mut usage = self.usage.write().unwrap();
        usage.execution_time = self.start_time.elapsed();
    }

    /// Gets current resource usage.
    pub fn get_usage(&self) -> ResourceUsage {
        self.usage.read().unwrap().clone()
    }
}

impl SandboxEnvironment {
    /// Creates a new sandbox environment.
    pub fn new() -> Self {
        let base_env = Rc::new(Environment::new(None, 0));
        
        // Install only safe primitives
        let safe_primitives = vec![
            "+", "-", "*", "/", "=", "<", ">", "<=", ">=",
            "cons", "car", "cdr", "list", "length",
            "null?", "pair?", "number?", "string?", "symbol?",
            "not", "and", "or",
        ];

        for _primitive in &safe_primitives {
            // Install safe versions of primitives
            // (actual implementation would install restricted versions)
        }

        Self {
            base_environment: base_env,
            security_manager: SecurityManager::default(),
            allowed_primitives: safe_primitives.into_iter().map(String::from).collect(),
            resource_monitor: ResourceMonitor::new(),
        }
    }

    /// Creates a sandbox with custom security policy.
    pub fn with_policy(policy_name: &str) -> Result<Self> {
        let sandbox = Self::new();
        let _context = sandbox.security_manager.create_context("sandbox".to_string(), policy_name)?;
        Ok(sandbox)
    }

    /// Checks if a primitive is allowed.
    pub fn is_primitive_allowed(&self, name: &str) -> bool {
        self.allowed_primitives.contains(&name.to_string())
    }

    /// Gets the base environment.
    pub fn environment(&self) -> &Rc<Environment> {
        &self.base_environment
    }

    /// Gets the security manager.
    pub fn security_manager(&self) -> &SecurityManager {
        &self.security_manager
    }

    /// Gets mutable access to the security manager.
    pub fn security_manager_mut(&mut self) -> &mut SecurityManager {
        &mut self.security_manager
    }
}

/// Security policy for dynamic evaluation.
#[derive(Debug, Clone)]
pub struct SecurityPolicy {
    /// Name of the policy
    pub name: String,
    /// Maximum execution time
    pub max_execution_time: Option<Duration>,
    /// Maximum memory usage
    pub max_memory: Option<usize>,
    /// Allowed operations
    pub allowed_operations: Vec<String>,
    /// Forbidden operations
    pub forbidden_operations: Vec<String>,
    /// Resource limits
    pub resource_limits: HashMap<String, usize>,
}

impl SecurityPolicy {
    /// Creates a restrictive security policy.
    pub fn restrictive() -> Self {
        Self {
            name: "restrictive".to_string(),
            max_execution_time: Some(Duration::from_secs(1)),
            max_memory: Some(64 * 1024), // 64KB
            allowed_operations: vec![
                "arithmetic".to_string(),
                "comparison".to_string(),
                "list-operations".to_string(),
            ],
            forbidden_operations: vec![
                "file-io".to_string(),
                "network".to_string(),
                "system".to_string(),
                "eval".to_string(),
            ],
            resource_limits: {
                let mut limits = HashMap::new();
                limits.insert("max-allocations".to_string(), 100);
                limits.insert("max-stack-depth".to_string(), 20);
                limits
            },
        }
    }

    /// Creates a permissive security policy.
    pub fn permissive() -> Self {
        Self {
            name: "permissive".to_string(),
            max_execution_time: Some(Duration::from_secs(30)),
            max_memory: Some(1024 * 1024), // 1MB  
            allowed_operations: vec!["*".to_string()], // Allow all
            forbidden_operations: vec![],
            resource_limits: {
                let mut limits = HashMap::new();
                limits.insert("max-allocations".to_string(), 10000);
                limits.insert("max-stack-depth".to_string(), 1000);
                limits
            },
        }
    }
}

/// Main dynamic evaluator.
#[derive(Debug)]
pub struct DynamicEvaluator {
    /// Security manager
    security_manager: SecurityManager,
    /// Active execution contexts
    contexts: HashMap<String, ExecutionContext>,
    /// Sandbox environments
    sandboxes: HashMap<String, SandboxEnvironment>,
    /// Default security policy
    default_policy: SecurityPolicy,
}

impl DynamicEvaluator {
    /// Creates a new dynamic evaluator.
    pub fn new() -> Self {
        Self {
            security_manager: SecurityManager::default(),
            contexts: HashMap::new(),
            sandboxes: HashMap::new(),
            default_policy: SecurityPolicy::restrictive(),
        }
    }

    /// Creates a dynamic evaluator with a specific security manager.
    pub fn with_security(security_manager: SecurityManager) -> Self {
        Self {
            security_manager,
            contexts: HashMap::new(),
            sandboxes: HashMap::new(),
            default_policy: SecurityPolicy::restrictive(),
        }
    }

    /// Evaluates a code string in a sandbox.
    pub fn eval_string(
        &mut self,
        code: &str,
        principal: &str,
        policy_name: Option<&str>,
    ) -> Result<EvaluationResult> {
        let start_time = Instant::now();
        let mut stats = ExecutionStats {
            execution_time: Duration::from_secs(0),
            steps: 0,
            memory_used: 0,
            max_stack_depth: 0,
            allocations: 0,
        };

        // Create or get execution context
        let context = self.get_or_create_context(principal, policy_name)?;
        
        // Check permission to evaluate
        if !self.security_manager.check_permission(principal, &Permission::Eval)? {
            return Err(Box::new(Error::runtime_error(
                "Permission denied: eval not allowed".to_string(),
                None,
            )));
        }

        // Parse the code
        let program = self.parse_code(code)?;

        // Create sandboxed evaluator
        let mut evaluator = self.create_sandboxed_evaluator(&context)?;

        // Evaluate with limits
        let value = self.evaluate_with_limits(&mut evaluator, &program, &context.limits, &mut stats, principal)?;

        stats.execution_time = start_time.elapsed();

        Ok(EvaluationResult {
            value,
            stats,
            warnings: vec![],
            security_violations: vec![],
        })
    }

    /// Evaluates code in a specific environment.
    pub fn eval_in_environment(
        &mut self,
        code: &str,
        environment: Rc<Environment>,
        principal: &str,
    ) -> Result<EvaluationResult> {
        // Create temporary context with custom environment
        let security_context = self.security_manager.create_context(
            principal.to_string(),
            "restrictive"
        )?;

        let context = ExecutionContext {
            principal: principal.to_string(),
            environment,
            security_context,
            limits: ExecutionLimits {
                time_limit: Some(Duration::from_secs(5)),
                memory_limit: Some(256 * 1024),
                stack_depth_limit: Some(50),
                step_limit: Some(1000),
            },
            metadata: HashMap::new(),
        };

        let start_time = Instant::now();
        let mut stats = ExecutionStats {
            execution_time: Duration::from_secs(0),
            steps: 0,
            memory_used: 0,
            max_stack_depth: 0,
            allocations: 0,
        };

        let program = self.parse_code(code)?;
        let mut evaluator = Evaluator::with_environment(context.environment.clone());
        let value = self.evaluate_with_limits(&mut evaluator, &program, &context.limits, &mut stats, principal)?;

        stats.execution_time = start_time.elapsed();

        Ok(EvaluationResult {
            value,
            stats,
            warnings: vec![],
            security_violations: vec![],
        })
    }

    /// Creates a new sandbox for a principal.
    pub fn create_sandbox(&mut self, principal: &str, policy_name: &str) -> Result<()> {
        let sandbox = SandboxEnvironment::with_policy(policy_name)?;
        self.sandboxes.insert(principal.to_string(), sandbox);
        Ok(())
    }

    /// Gets or creates an execution context.
    fn get_or_create_context(
        &mut self,
        principal: &str,
        policy_name: Option<&str>
    ) -> Result<ExecutionContext> {
        if let Some(context) = self.contexts.get(principal) {
            return Ok(context.clone());
        }

        let policy_name = policy_name.unwrap_or("restrictive");
        let security_context = self.security_manager.create_context(
            principal.to_string(),
            policy_name
        )?;

        // Create or get sandbox
        if !self.sandboxes.contains_key(principal) {
            self.create_sandbox(principal, policy_name)?;
        }

        let sandbox = self.sandboxes.get(principal).unwrap();
        let context = ExecutionContext {
            principal: principal.to_string(),
            environment: sandbox.environment().clone(),
            security_context,
            limits: ExecutionLimits {
                time_limit: Some(Duration::from_secs(5)),
                memory_limit: Some(256 * 1024),
                stack_depth_limit: Some(50),
                step_limit: Some(1000),
            },
            metadata: HashMap::new(),
        };

        self.contexts.insert(principal.to_string(), context.clone());
        Ok(context)
    }

    /// Parses code string into a program.
    fn parse_code(&self, code: &str) -> Result<Program> {
        let mut lexer = Lexer::new(code, None);
        let tokens = lexer.tokenize()?;
        let mut parser = Parser::new(tokens);
        parser.parse()
    }

    /// Creates a sandboxed evaluator.
    fn create_sandboxed_evaluator(&self, context: &ExecutionContext) -> Result<Evaluator> {
        Ok(Evaluator::with_environment(context.environment.clone()))
    }

    /// Evaluates a program with resource limits.
    fn evaluate_with_limits(
        &self,
        evaluator: &mut Evaluator,
        program: &Program,
        limits: &ExecutionLimits,
        stats: &mut ExecutionStats,
        principal: &str,
    ) -> Result<Value> {
        let start_time = Instant::now();
        let mut step_count = 0;

        for expr in &program.expressions {
            // Check time limit
            if let Some(time_limit) = limits.time_limit {
                if start_time.elapsed() > time_limit {
                    return Err(Box::new(Error::runtime_error(
                        "Execution time limit exceeded".to_string(),
                        Some(expr.span),
                    )));
                }
            }

            // Check step limit
            if let Some(step_limit) = limits.step_limit {
                if step_count >= step_limit {
                    return Err(Box::new(Error::runtime_error(
                        "Execution step limit exceeded".to_string(),
                        Some(expr.span),
                    )));
                }
            }

            // Evaluate expression
            // Get the context environment
            let env = self.contexts.get(principal)
                .map(|ctx| ctx.environment.clone())
                .unwrap_or_else(|| Rc::new(Environment::new(None, 0)));
            let result = evaluator.eval(expr, env)?;
            step_count += 1;

            // Update stats
            stats.steps = step_count;
            stats.execution_time = start_time.elapsed();

            // For the last expression, return its value
            if expr == program.expressions.last().unwrap() {
                return Ok(result);
            }
        }

        Ok(Value::Unspecified)
    }

    /// Installs dynamic evaluation primitives.
    pub fn install_primitives(&self, _env: &Rc<Environment>) -> Result<()> {
        // Would install primitives like eval, compile, etc.
        Ok(())
    }

    /// Gets the security manager.
    pub fn security_manager(&self) -> &SecurityManager {
        &self.security_manager
    }
}

impl Default for DynamicEvaluator {
    fn default() -> Self {
        Self::new()
    }
}

impl Default for SandboxEnvironment {
    fn default() -> Self {
        Self::new()
    }
}

impl Default for ExecutionLimits {
    fn default() -> Self {
        Self {
            time_limit: Some(Duration::from_secs(10)),
            memory_limit: Some(1024 * 1024),
            stack_depth_limit: Some(100),
            step_limit: Some(10000),
        }
    }
}

impl Default for ExecutionStats {
    fn default() -> Self {
        Self {
            execution_time: Duration::from_secs(0),
            steps: 0,
            memory_used: 0,
            max_stack_depth: 0,
            allocations: 0,
        }
    }
}

impl Default for ResourceMonitor {
    fn default() -> Self {
        Self::new()
    }
}