Contributing

Contributing to RestrictedPython

Todos

(The original entry is located in /home/docs/checkouts/readthedocs.org/user_builds/restrictedpython/checkouts/latest/docs/roadmap/index.rst, line 14.)

Todo

Resolve Discussion in https://github.com/zopefoundation/RestrictedPython/pull/39#issuecomment-283074699

compile_restricted optional params flags and dont_inherit will not work as expected with the current implementation.

stephan-hof did propose a solution, should be discussed and if approved implemented.

(The original entry is located in /home/docs/checkouts/readthedocs.org/user_builds/restrictedpython/checkouts/latest/docs/roadmap/index.rst, line 21.)

Todo

Describe Guards and predefined guard methods in details

(The original entry is located in /home/docs/checkouts/readthedocs.org/user_builds/restrictedpython/checkouts/latest/docs/usage/policy.rst, line 28.)

Todo

Describe full_write_guard more in detail and how it works.

(The original entry is located in /home/docs/checkouts/readthedocs.org/user_builds/restrictedpython/checkouts/latest/docs/usage/policy.rst, line 42.)

Understanding How RestrictedPython works internally

RestrictedPython is a classic approach of compiler construction to create a limited subset of an existing programming language.

Defining a programming language requires a regular grammar (Chomsky 3 / EBNF) definition. This grammar will be implemented in an abstract syntax tree (AST), which will be passed on to a code generator to produce a machine-readable version.

Code generation

As Python is a platform independent programming language, this machine readable version is a byte code which will be translated on the fly by an interpreter into machine code. This machine code then gets executed on the specific CPU architecture, with the standard operating system restrictions.

The byte code produced must be compatible with the execution environment that the Python interpreter is running in, so we do not generate the byte code directly from compile_restricted and the other compile_restricted_* methods manually, it may not match what the interpreter expects.

Thankfully, the Python compile() function introduced the capability to compile ast.AST code into byte code in Python 2.6, so we can return the platform-independent AST and keep byte code generation delegated to the interpreter.

ast module (Abstract Syntax Trees)

The ast module consists of four areas:

  • AST (Basis of all Nodes) + all node class implementations
  • NodeVisitor and NodeTransformer (tool to consume and modify the AST)
  • Helper methods
    • parse
    • walk
    • dump
  • Constants
    • PyCF_ONLY_AST

NodeVisitor & NodeTransformer

A NodeVisitor is a class of a node / AST consumer, it reads the data by stepping through the tree without modifying it. In contrast, a NodeTransformer (which inherits from a NodeVisitor) is allowed to modify the tree and nodes.