dan/oxc
1
0
Fork 0
mirror of https://github.com/danbulant/oxc synced 2026-05-24 12:21:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
oxc/crates/oxc_minifier
History
overlookmotel f2f31a8d7a
fix(traverse)!: remove unsound APIs (#7514) 
It's essential to `oxc_traverse`'s safety scheme that the user cannot create a `TraverseAncestry`, because they could then substitute it for the one stored in `TraverseCtx`, and cause a buffer underrun when an ancestor gets popped off stack which should never be empty - but it is because user has sneakily swapped it for another one.

Not being able to create a `TraverseAncestry` also requires that user cannot obtain an owned `TraverseCtx` either, because you can obtain an owned `TraverseAncestry` from an owned `TraverseCtx`.

Therefore, it's unsound for `TraverseCtx::new` to be public.

However, it is useful in minifier to be able to re-use the same `TraverseCtx` over and over, which requires having an owned `TraverseCtx`.

To support this use case, introduce `ReusableTraverseCtx`. It is an opaque wrapper around `TraverseCtx`, which prevents accessing the `TraverseCtx` inside it. It's safe for user to own a `ReusableTraverseCtx`, because there's nothing they can do with it except for using it to traverse via `traverse_mut_with_ctx`, which ensures the safety invariants are upheld.

At some point, we'll hopefully be able to reduce the number of passes in the minifier, and so remove the need for `ReusableTraverseCtx`.But in the meantime, this keeps `Traverse`'s API safe from unsound abuse.

Note: Strictly speaking, there is still room to abuse the API and produce UB by initiating a 2nd traversal of a different AST in an `Traverse` visitor, and then `mem::swap` the 2 x `&mut TraverseCtx`s. But this is a completely bizarre thing to do, and would basically require you to write malicious code specifically designed to cause UB, so it's not a real risk in practice. We'd need branded lifetimes to close that hole too.

So this PR doesn't 100% ensure safety in a formal sense, but it at least makes it very hard to trigger UB *by accident*, which was the risk before.
2024-11-28 10:30:53 +08:00
..
examples chore(minifier): add --nospace option to minifier example 2024-10-15 23:49:22 +08:00
src fix(traverse)!: remove unsound APIs (#7514) 2024-11-28 10:30:53 +08:00
tests feat(minifier): minify one child if statement expression (#7230) 2024-11-26 22:48:27 +08:00
Cargo.toml release(crates): v0.38.0 (#7490) 2024-11-26 14:38:47 +08:00
CHANGELOG.md release(crates): v0.37.0 (#7399) 2024-11-21 22:27:55 +08:00
README.md chore(doc): replace main/master to tag/commit to make the url always accessible (#7298) 2024-11-16 21:00:30 +08:00

README.md

Minifier

A JavaScript minifier has three components:

  1. printer
  2. mangler
  3. compressor

Mangler

The mangler implementation is part of the SymbolTable residing in oxc_semantic. It is responsible for shortening variables. Its algorithm should be gzip friendly.

The printer is also responsible for printing out the shortened variable names.

Compressor

The compressor is responsible for rewriting statements and expressions for minimal text output. Terser is a good place to start for learning the fundamentals.

Terser Tests

The fixtures are copied from https://github.com/terser/terser/tree/v5.9.0/test/compress