second pass

Author: KRRT7

codeflash/optimization/function_optimizer.py

@@ -3,11 +3,8 @@
 import ast
 import concurrent.futures
 import os
-import re
-import shlex
 import shutil
 import subprocess
-import tempfile
 import time
 import uuid
 from collections import defaultdict
@@ -16,7 +13,6 @@
 
 import isort
 import libcst as cst
-from crosshair.auditwall import SideEffectDetected
 from rich.console import Group
 from rich.panel import Panel
 from rich.syntax import Syntax
@@ -33,14 +29,12 @@
     get_run_tmp_file,
     module_name_from_file_path,
 )
-from codeflash.code_utils.compat import IS_POSIX, SAFE_SYS_EXECUTABLE
 from codeflash.code_utils.config_consts import (
     INDIVIDUAL_TESTCASE_TIMEOUT,
     N_CANDIDATES,
     N_TESTS_TO_GENERATE,
     TOTAL_LOOPING_TIME,
 )
-from codeflash.code_utils.coverage_utils import prepare_coverage_files
 from codeflash.code_utils.formatter import format_code, sort_imports
 from codeflash.code_utils.instrument_existing_tests import inject_profiling_into_existing_test
 from codeflash.code_utils.remove_generated_tests import remove_functions_from_generated_tests
@@ -69,13 +63,13 @@
 from codeflash.result.critic import coverage_critic, performance_gain, quantity_of_tests_critic, speedup_critic
 from codeflash.result.explanation import Explanation
 from codeflash.telemetry.posthog_cf import ph
-from codeflash.verification.codeflash_auditwall import transform_code
+from codeflash.verification._auditwall import SideEffectDetectedError
 from codeflash.verification.concolic_testing import generate_concolic_tests
 from codeflash.verification.equivalence import compare_test_results
 from codeflash.verification.instrument_codeflash_capture import instrument_codeflash_capture
 from codeflash.verification.parse_test_output import parse_test_results
 from codeflash.verification.test_results import TestResults, TestType
-from codeflash.verification.test_runner import execute_test_subprocess, run_behavioral_tests, run_benchmarking_tests
+from codeflash.verification.test_runner import run_behavioral_tests, run_benchmarking_tests
 from codeflash.verification.verification_utils import get_test_file_path
 from codeflash.verification.verifier import generate_tests
 
@@ -853,8 +847,8 @@ def establish_original_code_baseline(
                     enable_coverage=test_framework == "pytest",
                     code_context=code_context,
                 )
-            except SideEffectDetected as e:
-                return Failure(f"Side effect detected in original code: {e}")
+            except SideEffectDetectedError as e:
+                return Failure(f"Side effect detected in original code: {e}, skipping optimization.")
             finally:
                 # Remove codeflash capture
                 self.write_code_and_helpers(

codeflash/verification/_auditwall.py

@@ -0,0 +1,184 @@
+import importlib
+import os
+import sys
+import traceback
+from collections.abc import Generator, Iterable
+from contextlib import contextmanager, suppress
+from types import ModuleType
+from typing import Callable, Optional
+
+
+class SideEffectDetectedError(Exception):
+    pass
+
+
+_BLOCKED_OPEN_FLAGS = os.O_WRONLY | os.O_RDWR | os.O_APPEND | os.O_CREAT | os.O_EXCL | os.O_TRUNC
+
+
+def accept(event: str, args: tuple) -> None:
+    pass
+
+
+def reject(event: str, args: tuple) -> None:
+    msg = f'codeflash has detected: {event}{args}".'
+    raise SideEffectDetectedError(msg)
+
+
+def inside_module(modules: Iterable[ModuleType]) -> bool:
+    files = {m.__file__ for m in modules}
+    return any(frame.f_code.co_filename in files for frame, lineno in traceback.walk_stack(None))
+
+
+def check_open(event: str, args: tuple) -> None:
+    (filename_or_descriptor, mode, flags) = args
+    if filename_or_descriptor in ("/dev/null", "nul"):
+        # (no-op writes on unix/windows)
+        return
+    if flags & _BLOCKED_OPEN_FLAGS:
+        msg = f"codeflash has detected: {event}({', '.join(map(repr, args))})."
+        raise SideEffectDetectedError(msg)
+
+
+def check_msvcrt_open(event: str, args: tuple) -> None:
+    print(args)
+    (handle, flags) = args
+    if flags & _BLOCKED_OPEN_FLAGS:
+        msg = f"codeflash has detected: {event}({', '.join(map(repr, args))})."
+        raise SideEffectDetectedError(msg)
+
+
+_MODULES_THAT_CAN_POPEN: Optional[set[ModuleType]] = None
+
+
+def modules_with_allowed_popen():
+    global _MODULES_THAT_CAN_POPEN
+    if _MODULES_THAT_CAN_POPEN is None:
+        allowed_module_names = ("_aix_support", "ctypes", "platform", "uuid")
+        _MODULES_THAT_CAN_POPEN = set()
+        for module_name in allowed_module_names:
+            with suppress(ImportError):
+                _MODULES_THAT_CAN_POPEN.add(importlib.import_module(module_name))
+    return _MODULES_THAT_CAN_POPEN
+
+
+def check_subprocess(event: str, args: tuple) -> None:
+    if not inside_module(modules_with_allowed_popen()):
+        reject(event, args)
+
+
+def check_sqlite_connect(event: str, args: tuple) -> None:
+    if "codeflash_" in args[0]:
+        accept(event, args)
+    else:
+        reject(event, args)
+
+
+_SPECIAL_HANDLERS = {
+    "open": check_open,
+    "subprocess.Popen": check_subprocess,
+    "msvcrt.open_osfhandle": check_msvcrt_open,
+    "sqlite3.connect": check_sqlite_connect,
+}
+
+
+def make_handler(event: str) -> Callable[[str, tuple], None]:
+    special_handler = _SPECIAL_HANDLERS.get(event)
+    if special_handler:
+        return special_handler
+    # Block certain events
+    if event in (
+        "winreg.CreateKey",
+        "winreg.DeleteKey",
+        "winreg.DeleteValue",
+        "winreg.SaveKey",
+        "winreg.SetValue",
+        "winreg.DisableReflectionKey",
+        "winreg.EnableReflectionKey",
+    ):
+        return reject
+    # Allow certain events.
+    if event in (
+        # These seem not terribly dangerous to allow:
+        "os.putenv",
+        "os.unsetenv",
+        "msvcrt.heapmin",
+        "msvcrt.kbhit",
+        # These involve I/O, but are hopefully non-destructive:
+        "glob.glob",
+        "msvcrt.get_osfhandle",
+        "msvcrt.setmode",
+        "os.listdir",  # (important for Python's importer)
+        "os.scandir",  # (important for Python's importer)
+        "os.chdir",
+        "os.fwalk",
+        "os.getxattr",
+        "os.listxattr",
+        "os.walk",
+        "pathlib.Path.glob",
+        "socket.gethostbyname",  # (FastAPI TestClient uses this)
+        "socket.__new__",  # (FastAPI TestClient uses this)
+        "socket.bind",  # pygls's asyncio needs this on windows
+        "socket.connect",  # pygls's asyncio needs this on windows
+    ):
+        return accept
+    # Block groups of events.
+    event_prefix = event.split(".", 1)[0]
+    if event_prefix in (
+        "os",
+        "fcntl",
+        "ftplib",
+        "glob",
+        "imaplib",
+        "msvcrt",
+        "nntplib",
+        "os",
+        "pathlib",
+        "poplib",
+        "shutil",
+        "smtplib",
+        "socket",
+        "sqlite3",
+        "subprocess",
+        "telnetlib",
+        "urllib",
+        "webbrowser",
+    ):
+        return reject
+    # Allow other events.
+    return accept
+
+
+_HANDLERS: dict[str, Callable[[str, tuple], None]] = {}
+_ENABLED = True
+
+
+def audithook(event: str, args: tuple) -> None:
+    if not _ENABLED:
+        return
+    handler = _HANDLERS.get(event)
+    if handler is None:
+        handler = make_handler(event)
+        _HANDLERS[event] = handler
+    handler(event, args)
+
+
+@contextmanager
+def opened_auditwall() -> Generator:
+    global _ENABLED
+    assert _ENABLED
+    _ENABLED = False
+    try:
+        yield
+    finally:
+        _ENABLED = True
+
+
+def engage_auditwall() -> None:
+    sys.dont_write_bytecode = True  # disable .pyc file writing
+    sys.addaudithook(audithook)
+
+
+def disable_auditwall() -> None:
+    global _ENABLED
+    assert _ENABLED
+    _ENABLED = False

codeflash/verification/codeflash_auditwall.py

@@ -8,7 +8,9 @@ def visit_Module(self, node):
             if isinstance(body_node, (ast.Import, ast.ImportFrom)):
                 last_import_index = i
 
-        new_import = ast.ImportFrom(module="crosshair.auditwall", names=[ast.alias(name="engage_auditwall")], level=0)
+        new_import = ast.ImportFrom(
+            module="codeflash.verification._auditwall", names=[ast.alias(name="engage_auditwall")], level=0
+        )
         function_call = ast.Expr(
             value=ast.Call(func=ast.Name(id="engage_auditwall", ctx=ast.Load()), args=[], keywords=[])
         )

codeflash/verification/test_runner.py

@@ -7,14 +7,13 @@
 from pathlib import Path
 from typing import TYPE_CHECKING
 
-from crosshair.auditwall import SideEffectDetected
-
 from codeflash.cli_cmds.console import logger
 from codeflash.code_utils.code_utils import get_run_tmp_file
 from codeflash.code_utils.compat import IS_POSIX, SAFE_SYS_EXECUTABLE
 from codeflash.code_utils.config_consts import TOTAL_LOOPING_TIME
 from codeflash.code_utils.coverage_utils import prepare_coverage_files
 from codeflash.models.models import TestFiles
+from codeflash.verification._auditwall import SideEffectDetectedError
 from codeflash.verification.codeflash_auditwall import transform_code
 from codeflash.verification.test_results import TestType
 
@@ -90,22 +89,20 @@ def run_behavioral_tests(
             env=pytest_test_env,
             timeout=600,
         )
-
         if auditing_res.returncode != 0:
             line_co = next(
                 (
                     line
                     for line in auditing_res.stderr.splitlines() + auditing_res.stdout.splitlines()
-                    if "crosshair.auditwall.SideEffectDetected" in line
+                    if "codeflash.verification._auditwall.SideEffectDetectedError" in line
                 ),
                 None,
             )
-
             if line_co:
-                match = re.search(r"crosshair\.auditwall\.SideEffectDetected: A(.*) operation was detected\.", line_co)
+                match = re.search(r"codeflash has detected: (.+).", line_co)
                 if match:
                     msg = match.group(1)
-                    raise SideEffectDetected(msg)
+                    raise SideEffectDetectedError(msg)
                 logger.debug(auditing_res.stderr)
             logger.debug(auditing_res.stdout)
 

tests/test_codeflash_capture.py

@@ -457,6 +457,7 @@ def __init__(self, x=2):
                     test_type=test_type,
                     original_file_path=test_path,
                     benchmarking_file_path=test_path_perf,
+                    original_source=test_code,
                 )
             ]
         )
@@ -568,6 +569,7 @@ def __init__(self, *args, **kwargs):
                     test_type=test_type,
                     original_file_path=test_path,
                     benchmarking_file_path=test_path_perf,
+                    original_source=test_code,
                 )
             ]
         )
@@ -681,6 +683,7 @@ def __init__(self, x=2):
                     test_type=test_type,
                     original_file_path=test_path,
                     benchmarking_file_path=test_path_perf,
+                    original_source=test_code,
                 )
             ]
         )
@@ -831,6 +834,7 @@ def another_helper(self):
                     test_type=test_type,
                     original_file_path=test_path,
                     benchmarking_file_path=test_path_perf,
+                    original_source=test_code,
                 )
             ]
         )
@@ -967,6 +971,7 @@ def another_helper(self):
                     test_type=test_type,
                     original_file_path=test_path,
                     benchmarking_file_path=test_path_perf,
+                    original_source=test_code,
                 )
             ]
         )