◢███◤      ◢██◤                            ◢██◤                            
     ◢██◤       ◢██◤                            ◢██◤                             
    ◢██◤       ◢██◤                            ◢██◤                              
   ◢██◤       ◢██◤                            ◢██◤                               
  ◢██◤       ◢██◤                            ◢██◤                                
◢███◤       ◢██◤                            ◢██◤                          ◥██◣   
◥███       ◢█████◣    ◢████████◤ ◢███████◤ ◢██◤ ◢██◤                 ◢██◤   ██◣  
 ███      ◢███████◣        ◢██◤ ◢██◤ ◢██◤ ◢███████◤                 ◢██◤    ███  
 ███     ◢██◤  ◢██◤ ◢████████◤ ◢██◤      ◢█████◣                   ◢██◤     ███  
 ███    ◢██◤  ◢██◤ ◢██◤  ███◤ ◢██◤ ◢██◤ ◢██◤◥███◣                 ◢██◤      ███  
 ◥██   ◢██◤  ◢██◤ ◢████████◤ ◢███████◤ ◢██◤  ◥███◣               ◢██◤       ███◣ 
  ◥██◣                                                          ◢██◤       ◢███◤ 
                                 ◢███◤ ◢███◤ ◢██◤  ◢██◤ ◢█████████◤       ◢██◤   
                                ◢█████████◤ ◢██◤  ◢██◤ ◢██◤  ████◤       ◢██◤    
                               ◢██◤◢█◤◢██◤ ◢██◤  ◢██◤ ◢██◤   ███◤       ◢██◤     
                              ◢██◤   ◢██◤ ◢████████◤ ◢█████████◤       ◢██◤      
                             ◢██◤   ◢██◤ ◢████████◤ ◢█████████◤      ◢███◤       

0007
[Request] Reduce Esprima Runtime Usage
gza9ta
We know Esprima is used to validate scripts on upload (makes sense), and also at runtime. The runtime check helps if the rules for what is safe in scripts change -- for example, when comments outside functions were disallowed, esprima was able to catch scripts uploaded under old rules that fail under new. This is GREAT, but esprima is slow and parse is an issue. Reducing Esprima would likely speed parse time and save a lot of server work. My proposal: 1) set a 'rule version' on every script's db entry, initially to 0 2) set a 'rule version' in code, initially to 1 3) on upload, after esprima check, set the db entry's rule version to whatever the code version is 4) on run, if saved version doesn't match code version, run esprima. If saved version does match code version, skip esprima. After a successful esprima run, update saved version 5) any time parse rules change, increment code's version. In effect then: you'd still get esprima every upload (good). And also, you'd get it first run of a script after any rule change (also good). But if it passes after a rule change, that script never will need to be run through esprima again until either the script changes (in which case it'll get run at #up) or the rules do (in which case the bumped code version will trigger a re-check next run). That should drastically cut down on runtime esprima usage without losing the very important ability to force a recheck at runtime **if needed**.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Great idea. Thanks for writing it up!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
One addition to this I just thought of: because of dependencies, you'd have to check every dependency separately. If *any* dependency is too low, either just esprima (and update) it or esprima the whole thing and mark all of the deps as esprima'd. Otherwise you run the risk of * dtr.public calls dtr.private. dtr.private is never called directly, only by dtr.public * both have current versions. * a code version change happens and all scripts need to be esprima'd again * I re-up dtr.public (which JUST checks it, none of the dependencies, since they are stubbed out), getting dtr.public a good version * I run dtr.public, which includes dtr.private. At this point, dtr.private is a version out of date and needs to be checked, but dtr.public has already been checked (by an upload) and is considered safe. SOMEHOW in that run, dtr.private needs to be validated again. That could be done on it's own (probably best, but a mess for a script with a hundred dependencies right after a ver bump), or in composite (riskier but faster).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -