feat(3p/nix): add --trace-file-access to nix-instantiate
This builds on edef's work with depot-scan by adding a dedicated flag to the command. We piggyback on upstream's restricted-mode implementation, the checkSourcePath function. Change-Id: I52bb613549f40dbca1e8caa036635910c1a3d6d0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1654 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
This commit is contained in:
parent
6a128fc162
commit
68b5306c56
4 changed files with 49 additions and 0 deletions
|
@ -39,6 +39,7 @@
|
|||
</arg>
|
||||
<arg><option>--add-root</option> <replaceable>path</replaceable></arg>
|
||||
<arg><option>--indirect</option></arg>
|
||||
<arg><option>--<arg>no</arg>trace-file-access</option></arg>
|
||||
<group>
|
||||
<arg choice='plain'><option>--expr</option></arg>
|
||||
<arg choice='plain'><option>-E</option></arg>
|
||||
|
@ -131,6 +132,13 @@ input.</para>
|
|||
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term><option>--<arg>no</arg>trace-file-access</option></term>
|
||||
<listitem><para>While instantiating the expression, the evaluator will
|
||||
print the full path to any files it reads with the prefix
|
||||
<envar>trace-file-access: </envar> to the standard error.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry><term><option>--json</option></term>
|
||||
|
||||
<listitem><para>When used with <option>--eval</option>, print the resulting
|
||||
|
@ -253,6 +261,10 @@ $ nix-instantiate --eval --xml --strict -E 'rec { x = "foo"; y = x; }'
|
|||
|
||||
</refsection>
|
||||
|
||||
<refsection><title>Conformance</title>
|
||||
<para>The <option>--trace-file-access</option> option is a nonstandard
|
||||
extension added by Tvix in 2020.</para>
|
||||
</refsection>
|
||||
|
||||
<refsection condition="manpage"><title>Environment variables</title>
|
||||
|
||||
|
|
15
third_party/nix/src/libexpr/eval.cc
vendored
15
third_party/nix/src/libexpr/eval.cc
vendored
|
@ -379,6 +379,7 @@ EvalState::EvalState(const Strings& _searchPath, const ref<Store>& store)
|
|||
EvalState::~EvalState() = default;
|
||||
|
||||
Path EvalState::checkSourcePath(const Path& path_) {
|
||||
TraceFileAccess(path_);
|
||||
if (!allowedPaths) {
|
||||
return path_;
|
||||
}
|
||||
|
@ -1819,6 +1820,20 @@ void EvalState::printStats() {
|
|||
}
|
||||
}
|
||||
|
||||
void EvalState::TraceFileAccess(const Path& realPath) {
|
||||
if (file_access_trace_fn.has_value()) {
|
||||
if (last_traced_file != realPath) {
|
||||
(*file_access_trace_fn)(realPath);
|
||||
// Basic deduplication.
|
||||
last_traced_file = std::string(realPath);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void EvalState::EnableFileAccessTracing(std::function<void(const Path&)> fn) {
|
||||
file_access_trace_fn = fn;
|
||||
}
|
||||
|
||||
size_t valueSize(const Value& v) {
|
||||
traceable_flat_hash_set<const Bindings*> seenBindings;
|
||||
traceable_flat_hash_set<const Env*> seenEnvs;
|
||||
|
|
8
third_party/nix/src/libexpr/eval.hh
vendored
8
third_party/nix/src/libexpr/eval.hh
vendored
|
@ -284,6 +284,10 @@ class EvalState : public gc {
|
|||
|
||||
void realiseContext(const PathSet& context);
|
||||
|
||||
/* File access tracing. */
|
||||
void TraceFileAccess(const Path& path);
|
||||
void EnableFileAccessTracing(std::function<void(const Path&)> fn);
|
||||
|
||||
private:
|
||||
unsigned long nrEnvs = 0;
|
||||
unsigned long nrValuesInEnvs = 0;
|
||||
|
@ -299,6 +303,10 @@ class EvalState : public gc {
|
|||
|
||||
bool countCalls;
|
||||
|
||||
std::optional<std::function<void(const Path&)>> file_access_trace_fn =
|
||||
std::nullopt;
|
||||
Path last_traced_file = "";
|
||||
|
||||
typedef std::map<Symbol, size_t> PrimOpCalls;
|
||||
PrimOpCalls primOpCalls;
|
||||
|
||||
|
|
|
@ -96,6 +96,7 @@ static int _main(int argc, char** argv) {
|
|||
bool findFile = false;
|
||||
bool evalOnly = false;
|
||||
bool parseOnly = false;
|
||||
bool traceFileAccess = false;
|
||||
OutputKind outputKind = okPlain;
|
||||
bool xmlOutputSourceLocation = true;
|
||||
bool strict = false;
|
||||
|
@ -143,6 +144,14 @@ static int _main(int argc, char** argv) {
|
|||
repair = Repair;
|
||||
} else if (*arg == "--dry-run") {
|
||||
settings.readOnlyMode = true;
|
||||
} else if (*arg == "--trace-file-access") {
|
||||
traceFileAccess = true;
|
||||
} else if (*arg == "--trace-file-access=true") {
|
||||
traceFileAccess = true;
|
||||
} else if (*arg == "--trace-file-access=false") {
|
||||
traceFileAccess = false;
|
||||
} else if (*arg == "--notrace-file-access") {
|
||||
traceFileAccess = false;
|
||||
} else if (*arg != "" && arg->at(0) == '-') {
|
||||
return false;
|
||||
} else {
|
||||
|
@ -161,6 +170,11 @@ static int _main(int argc, char** argv) {
|
|||
|
||||
auto state = std::make_unique<EvalState>(myArgs.searchPath, store);
|
||||
state->repair = repair;
|
||||
if (traceFileAccess) {
|
||||
state->EnableFileAccessTracing([](const Path& path) {
|
||||
std::cerr << "trace: depot-scan: " << path << "\n";
|
||||
});
|
||||
}
|
||||
|
||||
Bindings& autoArgs = *myArgs.getAutoArgs(*state);
|
||||
|
||||
|
|
Loading…
Reference in a new issue