mirror of
https://github.com/danbulant/oxc
synced 2026-05-24 12:21:58 +00:00
f2f31a8d7a
It's essential to `oxc_traverse`'s safety scheme that the user cannot create a `TraverseAncestry`, because they could then substitute it for the one stored in `TraverseCtx`, and cause a buffer underrun when an ancestor gets popped off stack which should never be empty - but it is because user has sneakily swapped it for another one. Not being able to create a `TraverseAncestry` also requires that user cannot obtain an owned `TraverseCtx` either, because you can obtain an owned `TraverseAncestry` from an owned `TraverseCtx`. Therefore, it's unsound for `TraverseCtx::new` to be public. However, it is useful in minifier to be able to re-use the same `TraverseCtx` over and over, which requires having an owned `TraverseCtx`. To support this use case, introduce `ReusableTraverseCtx`. It is an opaque wrapper around `TraverseCtx`, which prevents accessing the `TraverseCtx` inside it. It's safe for user to own a `ReusableTraverseCtx`, because there's nothing they can do with it except for using it to traverse via `traverse_mut_with_ctx`, which ensures the safety invariants are upheld. At some point, we'll hopefully be able to reduce the number of passes in the minifier, and so remove the need for `ReusableTraverseCtx`.But in the meantime, this keeps `Traverse`'s API safe from unsound abuse. Note: Strictly speaking, there is still room to abuse the API and produce UB by initiating a 2nd traversal of a different AST in an `Traverse` visitor, and then `mem::swap` the 2 x `&mut TraverseCtx`s. But this is a completely bizarre thing to do, and would basically require you to write malicious code specifically designed to cause UB, so it's not a real risk in practice. We'd need branded lifetimes to close that hole too. So this PR doesn't 100% ensure safety in a formal sense, but it at least makes it very hard to trigger UB *by accident*, which was the risk before. |
||
|---|---|---|
| .. | ||
| oxc | ||
| oxc_allocator | ||
| oxc_ast | ||
| oxc_ast_macros | ||
| oxc_cfg | ||
| oxc_codegen | ||
| oxc_data_structures | ||
| oxc_diagnostics | ||
| oxc_ecmascript | ||
| oxc_estree | ||
| oxc_isolated_declarations | ||
| oxc_language_server | ||
| oxc_linter | ||
| oxc_macros | ||
| oxc_mangler | ||
| oxc_minifier | ||
| oxc_module_lexer | ||
| oxc_parser | ||
| oxc_prettier | ||
| oxc_regular_expression | ||
| oxc_semantic | ||
| oxc_sourcemap | ||
| oxc_span | ||
| oxc_syntax | ||
| oxc_transformer | ||
| oxc_traverse | ||
| oxc_wasm | ||