Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compile-time code execution: func build() #44633

Closed
manoeldesouza opened this issue Feb 26, 2021 · 4 comments
Closed

Compile-time code execution: func build() #44633

manoeldesouza opened this issue Feb 26, 2021 · 4 comments
Labels
FrozenDueToAge WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.

Comments

@manoeldesouza
Copy link

Summary

Embedding files into a Go executable with "embed" package is a strong feature implemented in version 1.16. In this issue, I propose some evolution of the concept to enable not only embedding files as possible now, but any type of arbitrary code execution at compile time.

Concept

Current capability to embed files is based on a compiler directive which "magically" populates a variable as below:

//go:embed sample.txt
var text string

In this proposal I suggest embedding files would be executed from within a function named func build(). A comparison with "embed" package is below

var text string

func build() {
    content, err := ioutil.ReadFile("sample.txt")
    if err != nil {
        log.Fatal(err) // This becomes a compile-time error
    }

    text = string(content)
}

The func build() would operate similarly as existing with func init(). But while init() is a run-time preliminary execution code, build() would be run at compile-time only and pre-populate global variables.

A build function would enable not only to embed files, but also to apply calculations which would then populate global variables at compile time. Example of use case for such feature would be the calculation of CRC tables, among other big datasets which should be ready by compile time.

Benefits

  • Arbitrary code execution enables developer to express any time of code as build-time execution;
  • Wider use-case then only embedding files;
  • Consistency with other initialization function func init();
  • Prevent run-time impact (delay) with init functions doing preparation work;

Risks / Impacts

This feature may conflict with existing code depending on package-level build() function, being used for different purposes.
@ALTree
Copy link
Member

ALTree commented Feb 26, 2021

One of the core design goals of Go it that even large codebases should compile fast. Arbitrary code execution at compile time is very antithetical to that.

@ianlancetaylor
Copy link
Contributor

Arbitrary code execution at build time would be a security hole when building third party packages. People generally understand that running code from third party packages can be a security risk, and they take appropriate mitigations like running in a container. People are much less likely to understand that merely compiling third party code is a security risk.

@ianlancetaylor ianlancetaylor added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Feb 26, 2021
@gopherbot
Copy link

Timed out in state WaitingForInfo. Closing.

(I am just a bot, though. Please speak up if this is a mistake or you have the requested information.)

@Jictyvoo
Copy link

Arbitrary code execution at build time would be a security hole when building third party packages. People generally understand that running code from third party packages can be a security risk, and they take appropriate mitigations like running in a container. People are much less likely to understand that merely compiling third party code is a security risk.

Maybe compile-time code execution can be behind an environment variable, that allows it or not for third-party packages. And will be allow by default for compiling current package.

@golang golang locked and limited conversation to collaborators Mar 14, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ianlancetaylor @ALTree @gopherbot @Jictyvoo @manoeldesouza