Hacker News new | ask | show | jobs
by terseus 1865 days ago
I can't believe that people is comparing opening a project in a code editor with running a build script.

The PoC doesn't even open a file, it just opens the directory. It's a pretty big difference, when you execute a build script you _expect_ to run code, when you open a directory in your editor you don't expect any side effect _at all_.

My guess is that since the proc_macros returns a TokenStream, rust-analyzer have no way to know what it provides except running it.

I'm not sure there's a solution for this that doesn't cripple macros in Rust, apart from being able to configure rust-analyzer to ignore the macros, which clearly limit its usefulness.
6 comments
db48x 1864 days ago
More specifically, a proc macro is a Rust function that is compiled and run inside the compiler at build time. With IDEs, LSP and other protocols for having your editor query the compiler (or language runtime, like SLIME/SWANK), the compiler now runs whenever you open your editor.

It’s just not a new problem. Bash does auto–completion on Makefiles, which requires running make and asking it what the make targets are. IDEs can and will run ./configure for you, so that it can find the right include paths. Etc, etc.

Personally, I thought everyone already knew about this. I knew that proc macros would be a risk when I first heard about rls, years ago.

Certainly editors need to confirm with the user that they are ok with starting the compiler when they load a new project, but also we need to use fine–grained security systems like SELinux that can and do prevent programs from accessing things that they’re not supposed to access.

link
Jakobeha 1865 days ago
One potential solution:

- During a session, the first time rust-toolchain encounters a proc macro it must run to analyze, it will first prompt the user and warn them.

- If the user accepts the prompt, rust-toolchain will freely run any proc macros until the next session.

- If the user rejects the prompt, that analysis will be disabled until the next session.

Similar to how VSCode and other apps handle opening links.

link
cogman10 1865 days ago
You'd have to sandbox the analyzer. Let it run arbitrary code but don't let it do IO. That can be pretty tricky to do for a language not designed to be sandboxed.

Safest way would probably be something hilarious like having the analyzer compiled to WASM and ran in node.js.

link
greenshackle2 1865 days ago
By default rust-analyzer also executes Rust build scripts (build.rs) just by opening the project in an IDE, so as far as Rust goes the comparison is apt.

    rust-analyzer.cargo.runBuildScripts (default: true)

    Run build scripts (build.rs) for more precise code analysis.
https://rust-analyzer.github.io/manual.html
link
xfer 1865 days ago
Open it in notepad? You don't install software that automatically build your project and complain that it is doing that.
link
parhamn 1865 days ago
Agreed. The top comments on this thread are wrong, overconfident and silly. Read the article people.
link