Re: [racket-users] How to test that a file is syntactically correct, but don't run it

[Matthias Felleisen]

Or check out Shill. It may just be what you want. — Matthias



> On Nov 26, 2016, at 3:45 PM, Alexis King  wrote:
> 
> Many of the other answers here are good, but I want to try and give a
> couple more options and a little more context.
> 
> First of all, in Racket, the phrase “syntactically correct” is a little
> bit vague. It could mean that a program is successfully parsed from text
> to s-expressions, which is the reader step, or it could mean that
> macroexpansion completes successfully. The former definition is the more
> traditional definition of “syntactically correct”, but being able to
> parse an AST means little in a language where the code effectively is
> the AST. For that reason, something like (define) is obviously a “syntax
> error”, but it’s perfectly valid from the reader’s point of view.
> 
> So the question is, which of the two things do you want to check?
> Obviously, checking if macros properly expand is a strictly stronger
> check than checking if the program is properly read.
> 
>  - If you want to check that a program is properly read, you can use
>`raco read` from the command line, or you can use `read` in
>combination with with-module-reading-parameterization from
>syntax/modread to achieve something similar programatically.
> 
>  - If you want to check that a program properly macroexpands, you can
>use `raco expand` from the command line, or you can use `expand` on
>the value produced by the previous step after setting
>current-namespace to (make-base-namespace).
> 
> However, be aware of the implications of both of these things!
> Performing macroexpansion on a program can have arbitrary side-effects.
> It’s perfectly possible to write a macro that will open an HTTP
> connection and send all your private data over the wire. For this
> reason, macroexpansion is no safer than actually running the program, so
> you should do it in a sandbox if you are running arbitrary
> user-submitted code.
> 
> In contrast, the reader step seems safe, but it’s actually not. Due to
> the existence of #lang and #reader, users can supply arbitrary readers
> for their programs, which can also run arbitrary code. If you do not
> need to support arbitrary #lang languages, you could set
> read-accept-reader and read-accept-lang to #f, then do the reading
> yourself, and that would be safe, but then you can’t use
> with-module-reading-parameterization mentioned above.
> 
> If you are going to run either of the two steps above using the
> command-line tools, I would recommend that you run them inside a virtual
> machine with no network access or access to the host filesystem. You
> could also use the programmatic approach and use racket/sandbox, which
> allows restricting what programs can do, but I don’t claim to know how
> strong the security guarantees are that racket/sandbox provides.
> 
> (Of course, if you’re running arbitrary code, anyway, then you are
> probably aware of those things. I just want to make it clear that using
> this as a “safe precheck” is not a valid assumption for future readers
> who might stumble upon this thread.)
> 
> Alexis
> 
>> On Nov 25, 2016, at 17:28, David Storrs  wrote:
>> 
>> As part of my pre-checkin test suite I'd like to be able to check that all 
>> files are syntactically correct, but I don't want to actually execute them 
>> because, e.g. executing 'server.rkt' would start the server and I don't want 
>> that.  Is there a way to do this?  Nothing I see under 'raco help' or the 
>> racket docs suggests a solution.
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Racket Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to racket-users+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Racket Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to racket-users+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [racket-users] How to test that a file is syntactically correct, but don't run it

[Alexis King]

Many of the other answers here are good, but I want to try and give a
couple more options and a little more context.

First of all, in Racket, the phrase “syntactically correct” is a little
bit vague. It could mean that a program is successfully parsed from text
to s-expressions, which is the reader step, or it could mean that
macroexpansion completes successfully. The former definition is the more
traditional definition of “syntactically correct”, but being able to
parse an AST means little in a language where the code effectively is
the AST. For that reason, something like (define) is obviously a “syntax
error”, but it’s perfectly valid from the reader’s point of view.

So the question is, which of the two things do you want to check?
Obviously, checking if macros properly expand is a strictly stronger
check than checking if the program is properly read.

  - If you want to check that a program is properly read, you can use
`raco read` from the command line, or you can use `read` in
combination with with-module-reading-parameterization from
syntax/modread to achieve something similar programatically.

  - If you want to check that a program properly macroexpands, you can
use `raco expand` from the command line, or you can use `expand` on
the value produced by the previous step after setting
current-namespace to (make-base-namespace).

However, be aware of the implications of both of these things!
Performing macroexpansion on a program can have arbitrary side-effects.
It’s perfectly possible to write a macro that will open an HTTP
connection and send all your private data over the wire. For this
reason, macroexpansion is no safer than actually running the program, so
you should do it in a sandbox if you are running arbitrary
user-submitted code.

In contrast, the reader step seems safe, but it’s actually not. Due to
the existence of #lang and #reader, users can supply arbitrary readers
for their programs, which can also run arbitrary code. If you do not
need to support arbitrary #lang languages, you could set
read-accept-reader and read-accept-lang to #f, then do the reading
yourself, and that would be safe, but then you can’t use
with-module-reading-parameterization mentioned above.

If you are going to run either of the two steps above using the
command-line tools, I would recommend that you run them inside a virtual
machine with no network access or access to the host filesystem. You
could also use the programmatic approach and use racket/sandbox, which
allows restricting what programs can do, but I don’t claim to know how
strong the security guarantees are that racket/sandbox provides.

(Of course, if you’re running arbitrary code, anyway, then you are
probably aware of those things. I just want to make it clear that using
this as a “safe precheck” is not a valid assumption for future readers
who might stumble upon this thread.)

Alexis

> On Nov 25, 2016, at 17:28, David Storrs  wrote:
> 
> As part of my pre-checkin test suite I'd like to be able to check that all 
> files are syntactically correct, but I don't want to actually execute them 
> because, e.g. executing 'server.rkt' would start the server and I don't want 
> that.  Is there a way to do this?  Nothing I see under 'raco help' or the 
> racket docs suggests a solution.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Racket Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to racket-users+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [racket-users] How to test that a file is syntactically correct, but don't run it

[luis.osa.gdc]

Some weeks ago, I just had the exact same problem while developing a 
"server.rkt" module with Vim. I use the Syntactic plugin to check syntax, and 
this plugin in turn uses the `racket` executable to find syntax problems.

My solution was to add the args "--load" when executing the module with 
`racket`, e.g. this command checks the syntax but does not run the module:

$ racket --load server.rkt

If using Vim and Syntastic, add this line to your .vimrc:

let g:syntastic_racket_racket_args="--load"

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [racket-users] How to test that a file is syntactically correct, but don't run it

['William J. Bowman' via Racket Users]

raco read or raco expand may be the closest to doing this without doing much 
else. 
https://docs.racket-lang.org/raco/read.html

Is there some way to e.g. hook some of DrRackets syntax checker up to a raco 
check-syntax? That would be convenient in the terminal.

-- 
Sent from my phoneamajig

> On Nov 26, 2016, at 01:28, David Storrs  wrote:
> 
> As part of my pre-checkin test suite I'd like to be able to check that all 
> files are syntactically correct, but I don't want to actually execute them 
> because, e.g. executing 'server.rkt' would start the server and I don't want 
> that.  Is there a way to do this?  Nothing I see under 'raco help' or the 
> racket docs suggests a solution.
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Racket Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to racket-users+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [racket-users] How to test that a file is syntactically correct, but don't run it

[Matthew Butterick]

On Nov 25, 2016, at 5:28 PM, David Storrs  wrote:

> As part of my pre-checkin test suite I'd like to be able to check that all 
> files are syntactically correct, but I don't want to actually execute them 
> because, e.g. executing 'server.rkt' would start the server and I don't want 
> that.  Is there a way to do this?  Nothing I see under 'raco help' or the 
> racket docs suggests a solution.

Perhaps move your code into a `start-server` function, and invoke it with 
`(module+ main (start-server))`? 

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[racket-users] How to test that a file is syntactically correct, but don't run it

[David Storrs]

As part of my pre-checkin test suite I'd like to be able to check that all
files are syntactically correct, but I don't want to actually execute them
because, e.g. executing 'server.rkt' would start the server and I don't
want that.  Is there a way to do this?  Nothing I see under 'raco help' or
the racket docs suggests a solution.

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.