Google Git
Sign in
bazel / bazel / d4f30a671787b8b96824c05df9ba037782cd7f4f
commitd4f30a671787b8b96824c05df9ba037782cd7f4f[log] [tgz]
authorGoogler <brandjon@google.com>Fri May 03 10:57:47 2024 -0700
committerCopybara-Service <copybara-worker@google.com>Fri May 03 10:59:20 2024 -0700
tree1fd0996e746cfc83435c701c63a2262fc133aa49
parent44dd49469d9fe1382892d2eecb87074ed8d2c6cb [diff]
Disallow certain APIs within symbolic macros

Symbolic macros are not permitted to call APIs that depend upon the order in which they are invoked relative to the rest of the package's evaluation. This rules out mutations to package-level state (other than declarations of targets), such as the `package()` callable, as well as accessors like `native.existing_rules()`. This restriction is to enable future lazy evaluation of symbolic macros, as well as general build health.

The disallowed APIs are:
- package(), licenses()
- environment_group()
- glob(), subpackages(),
- existing_rule(), existing_rules()

`glob()` and `subpackages()` aren't really side-effectful, but stylistically their result should be passed in as arguments, to reduce implicit entanglement between a macro definition and the package.

Repo machinery APIs are also disallowed since they make no sense in the context of symbolic macros. These include: `workspace()`, `register_toolchains()`, `register_execution_platforms()`, `bind()`, and repository rule instantiation.

Some of the disallowed APIs are not even currently reachable from symbolic macro implementations, because they are not available under `native` and symbolic macros can't take arbitrary arguments. We don't add tests for these situations but they are still disallowed nonetheless.

Note that this CL only bans `native.existing_rules()` within symbolic macros, not legacy macros. Targets declared in a symbolic macro are visible to legacy macros via `existing_rules()`, but we intend to either change those semantics or deprecate `existing_rules()` entirely in the future.

Code changes:
- PackageFactory#getContext is replaced by Package.Builder#fromOrFail and a new variant, Package.Builder#fromOrFailNoSymbolicMacros. The latter is used by the disallowed APIs to produce a clean error when called inside a symbolic macro.
- MacroClass#executeMacroImplementation now maintains a stack in the Package.Builder of currently executing symbolic macros. This is used by fromOrFailNoSymbolicMacros to determine whether we are inside a symbolic macro.
- Deleted some unused static helpers in TargetDefinitionContext. That class is kind of unnecessary at the moment but may be useful when we move to a lazy macro evaluation implementation.
- Checking for an expected error in SymbolicMacroTest is factored to a helper. Created a new helper specifically for checking errors when accessing a restricted API.

Work toward #19922

PiperOrigin-RevId: 630437890
Change-Id: I010dc5f1cc47866956acc11191a5d0c81aba8a7d
14 files changed
tree: 1fd0996e746cfc83435c701c63a2262fc133aa49
  1. .bazelci/
  2. .github/
  3. examples/
  4. scripts/
  5. site/
  6. src/
  7. third_party/
  8. tools/
  9. .bazelrc
  10. .bazelversion
  11. .gitattributes
  12. .gitignore
  13. AUTHORS
  14. bazel_downloader.cfg
  15. BUILD
  16. CHANGELOG.md
  17. CODE_OF_CONDUCT.md
  18. CODEOWNERS
  19. combine_distfiles.py
  20. combine_distfiles_to_tar.sh
  21. compile.sh
  22. CONTRIBUTING.md
  23. CONTRIBUTORS
  24. distdir.bzl
  25. extensions.bzl
  26. LICENSE
  27. maven_install.json
  28. MODULE.bazel
  29. MODULE.bazel.lock
  30. rbe_extension.bzl
  31. README.md
  32. repositories.bzl
  33. requirements.txt
  34. SECURITY.md
  35. WORKSPACE
  36. WORKSPACE.bzlmod
  37. workspace_deps.bzl
README.md

Bazel

{Fast, Correct} - Choose two

Build and test software of any size, quickly and reliably.

  • Speed up your builds and tests: Bazel rebuilds only what is necessary. With advanced local and distributed caching, optimized dependency analysis and parallel execution, you get fast and incremental builds.

  • One tool, multiple languages: Build and test Java, C++, Android, iOS, Go, and a wide variety of other language platforms. Bazel runs on Windows, macOS, and Linux.

  • Scalable: Bazel helps you scale your organization, codebase, and continuous integration solution. It handles codebases of any size, in multiple repositories or a huge monorepo.

  • Extensible to your needs: Easily add support for new languages and platforms with Bazel's familiar extension language. Share and re-use language rules written by the growing Bazel community.

Getting Started

Documentation

Reporting a Vulnerability

To report a security issue, please email security@bazel.build with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. Our vulnerability management team will respond within 3 working days of your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.

Contributing to Bazel

See CONTRIBUTING.md

Build status