Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

sandboxing/running python code line by line

I'd love to be able to do something like these two are doing:

Inventing on principle @18:20 , Live ClojureScript Game Editor

If you don't wanna check the videos, my problem is this:

Say I had this code:

....
xs = []
for x in xrange(10):
    xs.append(x)
...

I'd like to make an environment where I can execute the code, statement for statement and watch/trace the locals/globals as they change. Maybe give it a list of vars to keep track of in the locals/globals dictionaries. Like stepping through the code and saving the state info.

Optimally I'd like to save every state and it's associated context-data (locals/globals) so I can verify predicates for instance.

I'd like to do something like Bret Victor's binarySearch example Inventing on principle @18:20

Am I making sense? I find it complicated to explain in text, but the videos showcase what I want to try :)

Thanks for your time


What I've tried/read/googled:

  • code.InteractiveConsole / code.InteractiveInterpreter
  • the livecoding module: seems to work for pure functional/stateless code
  • exec / eval magic: seems that I can't get as fine grained control as I'd like.
  • the trace module doesn't seem to be the way either.
  • Python eval(compile(...), sandbox), globals go in sandbox unless in def, why? <-- This is close to what I want, but it compiles the whole string/code block and runs it in one step. If I could run a file like this, but check the locals between every line/statement..
  • run python source code line by line <-- This is not what I want
  • How do Ruby and Python implement their interactive consoles? <-- This topic suggests that I look into the code module some more

My next step would be looking into ast and compiling the code and running it bit-by-bit, but I really need some guidance.. Should I look more into reflection and the inspect-module??

I've used the Spin model checker before, but it uses its own DSL and I'd just love to do the modelling in the implementation language, in this case python.

Oh and BTW I know about the security implications of sandboxing code, but I'm not trying to make a secure execution environment, I'm trying to make a very interactive environment, aiming for crude model checking or predicate assertion for instance.

like image 745
Morten Jensen Avatar asked Mar 12 '12 16:03

Morten Jensen


People also ask

What does sandbox mean in Python?

A "Sandboxed Python" would let you permit or forbid modules, limit execution slices, permit or deny network traffic, constrain filesystem access to a particular directory (floated as "/"), and so on. It is also referred to as RestrictedExecution, a topic brought up by Mitch Kapor at PyCon and noted on his blog.


1 Answers

After my initial success with sys.settrace(), I ended up switching to the ast module (abstract syntax trees). I parse the code I want to analyse and then insert new calls after each assignment to report on the variable name and its new value. I also insert calls to report on loop iterations and function calls. Then I execute the modified tree.

        tree = parse(source)

        visitor = TraceAssignments()
        new_tree = visitor.visit(tree)
        fix_missing_locations(new_tree)

        code = compile(new_tree, PSEUDO_FILENAME, 'exec')

        self.environment[CONTEXT_NAME] = builder
        exec code in self.environment

I'm working on a live coding tool like Bret Victor's, and you can see my working code on GitHub, and some examples of how it behaves in the test. You can also find links to a demo video, tutorial, and downloads from the project page.

like image 185
Don Kirkby Avatar answered Sep 28 '22 08:09

Don Kirkby