Fix circular source causing Nushell to crash

[yizhepku]

Description

EngineState now tracks the script currently running, instead of the parent directory of the script. This also provides an easy way to expose the current running script to the user (Issue #12195).

Similarly, StateWorkingSet now tracks scripts instead of directories. parsed_module_files and currently_parsed_pwd are merged into one variable, scripts, which acts like a stack for tracking the current running script (which is on the top of the stack).

Circular import check is added for source operations, in addition to module import. A simple testcase is added for circular source.

User-Facing Changes

It shouldn't have any user facing changes.

[WindSoilder]

parsed_module_files and currently_parsed_pwd are merged into one variable

It seems that CI is failed because of this

[sholderbach]

Do you have some ideas, what needs resolution here?

[sholderbach]

Is this only used for scripts or does it have uses for other kinds of files (modules or config as in #12338 ) else the renaming is probably bad as we still attach some specific semantics in evaluation to scripts.

[yizhepku]

I've renamed it to simply "file". It's less descriptive, but with the comments I've added, it should be fine?

[sholderbach]

Personally I would prefer this to remain an accessor instead of assignment to pub fields, if we intend to do more logic when switching the file.

[yizhepku]

I removed start_in_file() because its usage is inconsistent (only two occurances throughout the entire codebase). We can re-introduce an abstraction later if necessary.

[sholderbach]

Same, we should be accurate with our terminology (defering to @kubouch for the prime expertise on this part of the engine)

[kubouch]

Agreed, we have more files than scripts and the plain name “scripts” doesn't carry the intended meaning for the field (i.e., stack of accessed parsed files).

[yizhepku]

Noted. I didn't think too much on the names initially, and I agree "file" is a much better name than "script".

[yizhepku]

Same as above, I opted for the shorter name "files" hoping that the comments (and IDE tooltips) would be clear enough.

[kubouch]

Instead of “placeholder” I'd choose some different name, like “loading_stdlib”. The identical file could also be parsed to the parse() below.

[kubouch]

Can you refactor the expect() away to reduce potential panic risk?

[yizhepku]

The file stack is explictly designed to contain only absolute paths to files, as an invariant. That said, I think the correct approach would be to enforce this invariant early, instead of failing only when parent is accessed. I'll figure something out.

[yizhepku]

The file stack is explictly designed to contain only absolute paths to files

This might not work as I hoped. The virtual filesystem depends on the fact that a non-existent relative path is accepted. Hmm...

[kubouch]

Same here, no expects please.

[kubouch]

Just some small comments. I like the general idea of using a single stack of files to handle both file-relative current working directory and circular parser access (be it sourced file or imported module). With a few touches, I think this can land.

nu_check is failing because you set the parsed file in the command, then is_circular_import() is triggered when parse_module_file() is called. The solution is probably to remove the setting in nu-check for modules because that will be done in parse_module_file().

[texastoland]

#12338 paused to extend this ✨

[yizhepku]

Thanks for all the feedback, and sorry for the late replies. I had something else to tend to, which was why I saved this PR as a draft. I'm back to working on this now.

[yizhepku]

I'm working on a dedicated FileStack abstraction. Circular import detection happens as part of the push method call, which prevents inconsistent states.

I also wants to enforce the invariant that all paths must be absolute, so that we can safely calculate the current working directory. But it doesn't work with virtual filesystem, which uses a non-existent relative path, so a call to canonicalize() will fail.

Maybe I should just give up the "must be absolute path" part of the invariant? But that would make circular detection unreliable, since two relative paths can resolve to the same file.

Here's what it currently looks like:

/// Files being evaluated, arranged as a stack.
///
/// The current active file is on the top of the stack.
/// When a file source/import another file, the new file is pushed onto the stack.
/// Attempting to add files that are already in the stack (circular source/import) results in an error.
///
/// Paths stored in a stack are always in a canonical, absolute form.
pub struct FileStack(Vec<PathBuf>);

impl FileStack {
    /// Creates an empty stack.
    pub fn new() -> Self {
        Self(vec![])
    }

    /// Adds a file to the stack.
    ///
    /// Relative paths are resolved into absolute paths first.
    ///
    /// If the same file is already present in the stack, returns `ParseError::CircularImport`.
    /// If the path doesn't exist or is not a regular file, returns `ParseError::FileNotFound`.
    pub fn push(&mut self, file: &Path, span: Span) -> Result<(), ParseError> {
        // Canonicalize the path.
        let path = file
            .canonicalize()
            .map_err(|_| ParseError::FileNotFound(file.to_string_lossy().to_string(), span))?;

        // Check if the path points to a regular file.
        if !path.is_file() {
            return Err(ParseError::FileNotFound(
                path.to_string_lossy().to_string(),
                span,
            ));
        }

        // Check for circular import.
        if let Some(i) = self.0.iter().rposition(|p| p == &path) {
            let filenames: Vec<String> = self.0[i..]
                .iter()
                .chain(std::iter::once(&path))
                .map(|p| p.to_string_lossy().to_string())
                .collect();
            let msg = filenames.join("\nuses ");
            return Err(ParseError::CircularImport(msg, span));
        }

        self.0.push(path);
        Ok(())
    }

    /// Removes a file from the stack and returns its path, or None if the stack is empty.
    pub fn pop(&mut self) -> Option<PathBuf> {
        self.0.pop()
    }

    /// Returns the current active file (that is, the file on the top of the stack), or None if the stack is empty.
    pub fn top(&self) -> Option<&Path> {
        self.0.last().map(PathBuf::as_path)
    }

    /// Returns the parent directory of the active file, or None if the stack is empty.
    pub fn current_working_directory(&self) -> Option<&Path> {
        // We maintain the invariant that paths are always absolute, and always points to a regular file.
        // Therefore, `path.parent()` always succeeds, and the unwrap is safe.
        self.0.last().map(|path| path.parent().unwrap())
    }
}

[yizhepku]

I'd like to defend my usage of expect. In my opinion, using expect to check invariants and catch bugs is a good thing. If the invariant is ever broken, there's some serious issues with the code, and it's better to just crash than continue with an inconsistent state. Using expect instead of bubbling up a result also has the advantange that the user can send a stacktrace to us, which helps with debugging.

This topic used to be discussed quite a lot, such as this post, which is an interesting read.

[kubouch]

It used to be that panics would simply kill our REPL which is unacceptable for a shell. Nowadays, we catch a panic, so it's less of a problem, so I guess it's OK. I'd wrap it into some API, like the FileStack. Having random uncommented freestanding expects/unwraps around the codebase can promote bad hygiene.

I like the FileStack API approach better than hacking directly on the working set stack manually. Maybe the FileStack can use the ParserPath instead of PathBuf? The ParserPath was created specifically to abstract over real and virtual paths. Virtual paths can always be considered "absolute" so that should solve your problem (it could have a helper is_absolute() method for example).

One last thing about the FileStack: Instead of canonicalize(), our own nu-path::canonicalize_with() should be used with a provided cwd. Default canonicalize() implicitly uses std::env::current_dir() to expand the path, which results in wrong semantics because we don't use std::env in Nushell at all. Canonicalizing inside the push(), might not be necessary, though. The paths coming from the parser should be already canonicalized, so we could just check if the path is absolute. Either way is fine to me.

[yizhepku]

I'd wrap it into some API, like the FileStack.

I would do that if I could, but sometimes only the caller knows whether an expect/unwrap is safe or not (e.g. pushing paths into a newly-created stack is always safe, but the FileStack doesn't know that).

Canonicalizing inside the push(), might not be necessary, though.

I forgot to mention this, but I decided to drop the invariant that paths must be absolute in the final implementation (that code snippet in the comment above is outdated). Refer to the actual commits instead.

Without canonicalization, the same file might be imported twice under different paths, but we'll catch the circular import eventually, so this shouldn't be a problem.

[IanManske]

Thanks for the PR, it looks good! The comments below have to do with removing a few expects. (The other expects might be a little harder to eliminate, so I'm fine with leaving them in for now.)

[kubouch]

OK, looks good. Thanks!