In the Java grade, the implementation of predicates used to create unique
temporary files and directories was not secure, due to the underlying Java API
methods not setting permissions correctly. Alternative methods were added in
Java 7, but we currently use the older insecure methods. This change switches
the Java implementations of temporary file and directory creation over to the
newer methods.
We have long provided a Mercury wrapper for secure temporary file / directory
creation in the extras/java_extra_libs. That will be redundant after this change
and I will remove it in a separate change.
library/io.file.m:
Use the secure temporary file and directory creation methods introduced
in Java 7.
Mention that for make_temp_directory/6, the Java implementation will now
ignore the Suffix argument.
Delete some that was used to generated temp file names; its use of
java.util.Random probably wasn't particularly secure either.
This reduces the size of io.m a bit. The other reason for moving the
code is to allow modules that occur in a dependency cycle with io.m
to read results from io.error_util.trans_opt, whereas they may have
been prevented from reading io.trans_opt.
library/io.m:
library/io.error_util.m:
Move is_error, throw_on_error and other similar predicates to a
new undocumented submodule of io.m.
Also move the support functions/predicates used by those predicates.
Make io.make_io_error_from_system_error and
io.make_io_error_from_windows_error call the implementations in
io.error_util.m.
library/MODULES_UNDOC:
library/library.m:
List the new submodule as undocumented.
library/benchmarking.m:
library/bitmap.m:
library/dir.m:
library/io.call_system.m:
library/io.file.m:
Import the new submodule.
library/io.file.m:
Change the C# implementation of remove_file to delete empty
directories.
Document that remove_file may delete empty directories.
library/io.m:
Update comment.
Make the following improvements to io.file.m for Java and C#.
The changes to throwing more specific exception types is because
the exception objects can now be inspected by the user through io.m.
remove_file [C#]:
Note down a difference in behaviour.
remove_file [Java]:
Change error message to look a bit more conventional
(beginning with capital letter).
rename_file [C#]:
Don't need to check if the file exists before calling Move().
Note down differences in behaviour.
rename_file [Java]:
Throw FileNotFoundException if the old file does not exist.
Adjust error messages.
check_file_accessibility [Java]:
Throw FileNotFoundException if the file does not exist.
Throw IOException if an access check fails.
check_file_accessibility [C#]:
Implement more directly using foreign code.
Call EnumerateFileSystemEntries to check if we can read from a
directory, which might be a bit faster than GetFileSystemEntries.
Don't try to set the last access time to check for write access to
a directory. That doesn't always work, e.g. it suggests I can't
write to /tmp.
Throw IOException instead System.Exception.
Document limitations.
file_modification_time [C#]:
Also return file modification time for directories.
file_modification_time [Java]:
Code style.
make_temp_file [Java]:
Return specific error message if temp file already exists
(unlikely).
Catch all exceptions, not only IOExceptions.
make_temp_directory [C#]:
Change error message, which included an unnecessary error code
(it would always be FFFFFFFF since mkdir() returns -1 on error).
Throw more specific exceptions.
make_temp_directory [Java]:
Catch exceptions just in case.
Implement the error handling proposals from February 2022 on the
mercury-users list, and August 2022 on the mercury-reviews list.
We add io.system_error to the public interface of io.m
and document what its foreign representation is for each backend.
We allow io.error to optionally contain an io.system_error value,
and provide predicates to retrieve the io.system_error from an io.error.
The user may then inspect the system error via foreign code.
We also provide a predicate that takes an io.error and returns a name
for the system error it contains (if any). This makes it relatively easy
for Mercury programs to check for specific error conditions.
By returning platform-specific (actually, implementation-dependent)
error names, we are pushing the responsibility of mapping strings to
error conditions onto the application programmer. On the other hand, it
is not practical for us to map all possible system-specific error codes
to some common set of values. We could do it for a small set of common
error codes/exceptions, perhaps.
The standard library will construct io.error values containing
io.system_errors. However, we do not yet provide a facility for user
code to do the same.
library/io.m:
Move io.system_error to the public interface.
Change the internal representation of io.error to support containing
a io.system_error. An io.system_error may originate from an errno
value or a Windows system error code; the constructor distinguishes
those cases.
Add predicates to retrieve a system_error from io.error.
Add predicate to return the name of the system error in an io.error.
Replace make_err_msg with make_io_error_from_system_error.
Replace make_maybe_win32_err_msg with
make_io_error_from_maybe_win32_error.
Delete ML_make_err_msg and ML_make_win32_err_msg macros.
browser/listing.m:
library/bitmap.m:
library/dir.m:
library/io.call_system.m:
library/io.environment.m:
library/io.file.m:
library/io.text_read.m:
mdbcomp/program_representation.m:
Conform to changes.
Leave comments for followup work.
tools/generate_errno_name:
tools/generate_windows_error_name:
Add scripts to generate mercury_errno_name.c and
mercury_windows_error_name.c.
runtime/Mmakefile:
runtime/mercury_errno_name.c:
runtime/mercury_errno_name.h:
runtime/mercury_windows_error_name.c:
runtime/mercury_windows_error_name.h:
Add MR_errno_name() and MR_win32_error_name() functions,
used by io.m to convert error codes to string names.
tests/hard_coded/null_char.exp:
Update expected output.
library/io.file.m:
Do not allow the body of the C# version of do_make_temp_directory/8 to be
duplicated. If duplication occurs across module boundaries we may end with
undefined references. (Admittedly, it's a fairly unlikely candidate for
such an optimization.)
Document why we have using directives for various namespaces.
compiler/mlds_to_cs_stmt.m:
Keep warnings disabled on all components of the implementation
of a foreign_proc *except* the component actually written by users.
Specifically, we want to keep "declared/assigned but not used" warnings
disabled in the code that (a) declares and then (b) initializes
the input arguments of a foreign_proc that the foreign_proc's body
ignores.
library/io.file.m:
Turn the warnings off for a piece of code that ignores the details
of an exception.
library/io.environment.m:
library/io.file.m:
Fully qualify entities in foreign_procs that may be inlined
across module boundaries.
library/io.m:
Move the definition of the private class StreamPipe from here ...
library/io.call_system.m:
... to here where it is actually used.
library/io.environment.m:
Fully qualify a call to a foreign_exported Mercury predicate in order to
avoid an error if its containing foreign_proc is inlined across module
boundaries.
library/io.file.m:
Fully qualify some foreign_exported enum constants for the same reason.
Add missing using directives.
Add a missing definition needed by Mono.
library/io.m:
Delete trailing whitespace.
Delete code moved to io.file.m.
library/io.call_system.m:
Move the code in the "system access predicates" section of io.m
to this new module.
library/io.environment.m:
Move the predicates dealing with environment variables in io.m
to this new module.
library/io.m:
Delete the code moved to the new modules.
Leave behind in io.m "forwarding predicates", predicates that do nothing
except call the moved predicates in the new modules, to provide backward
compatibility. But do mark the forwarding predicates as obsolete,
to tell people to update their (at their leisure, since the obsoleteness
warning can be turned off).
Also leave behind in io.m the definitions of the types used
by some parameters of some of the moved predicates.
library/MODULES_DOC:
List the new modules among the documented modules.
library/library.m:
List the new modules, including io.file.m (added in a previous change)
among the documented standard library modules.
NEWS:
Announce the changes.
browser/browse.m:
browser/interactive_query.m:
compiler/fact_table.m:
compiler/handle_options.m:
compiler/make.module_target.m:
compiler/mercury_compile_main.m:
compiler/module_cmds.m:
compiler/optimize.m:
compiler/options_file.m:
deep_profiler/conf.m:
deep_profiler/mdprof_cgi.m:
deep_profiler/mdprof_test.m:
library/io.file.m:
mdbcomp/trace_counts.m:
ssdb/ssdb.m:
tests/general/environment.m:
tests/hard_coded/closeable_channel_test.m:
tests/hard_coded/setenv.m:
tests/hard_coded/system_sort.m:
Call the moved predicates directly in their new modules,
not indirectly through io.m.
library/io.file.m:
library/io.m:
Move two sections of io.m, the "file handling predicates" section
and the "handling temporary files" section to the new submodule io.file.m.
Leave behind in io.m "forwarding predicates", predicates that do nothing
except call the moved predicates in io.file.m, to provide backward
compatibility. But do mark the forwarding predicates as obsolete,
to tell people to update their (at their leisure, since the obsoleteness
warning can be turned off).
Also leave behind in io.m the definitions of the two types used
by some parameters of some of the moved predicates. Document the reason
why this is done.
library/MODULES_DOC:
List the new module among the documented modules.
NEWS:
Announce the changes.
browser/browse.m:
browser/interactive_query.m:
browser/listing.m:
compiler/analysis.file.m:
compiler/compile_target_code.m:
compiler/export.m:
compiler/fact_table.m:
compiler/file_util.m:
compiler/handle_options.m:
compiler/make.build.m:
compiler/make.module_dep_file.m:
compiler/make.module_target.m:
compiler/make.program_target.m:
compiler/make.util.m:
compiler/mercury_compile_main.m:
compiler/module_cmds.m:
compiler/parse_module.m:
compiler/passes_aux.m:
compiler/prog_event.m:
compiler/recompilation.check.m:
compiler/write_deps_file.m:
compiler/write_module_interface_files.m:
deep_profiler/conf.m:
deep_profiler/mdprof_cgi.m:
library/dir.m:
mdbcomp/program_representation.m:
ssdb/ssdb.m:
Call the file operation predicates directly in io.file.m, not indirectly
through io.m.
In two modules, add a #include of fcntl.h in C code. These modules contain
C code that needs this #include, but until now, they got it via a copy
in an automatically generated C header file of a foreign_decl pragma
in io.m that contained that #include. This diff moves that foreign_decl
to io.file.m, removing that crutch.
tests/debugger/browser_test.m:
tests/hard_coded/bit_buffer_test.m:
tests/hard_coded/bitmap_test.m:
tests/hard_coded/construct_bug.m:
tests/hard_coded/dir_fold.m:
tests/hard_coded/dir_test.m:
tests/hard_coded/read_binary_int16.m:
tests/hard_coded/read_binary_int32.m:
tests/hard_coded/read_binary_int64.m:
tests/hard_coded/read_binary_uint16.m:
tests/hard_coded/read_binary_uint32.m:
tests/hard_coded/read_binary_uint64.m:
tests/hard_coded/read_bitmap_size.m:
tests/hard_coded/remove_file.m:
tests/hard_coded/write_binary.m:
tests/hard_coded/write_binary_int8.m:
tests/hard_coded/write_binary_multibyte_int.m:
tests/hard_coded/write_binary_uint8.m:
Call the file operation predicates directly in io.file.m, not indirectly
through io.m.
