Update from DMOJ (#21)

* executors: add basic autodetection from filename

Ref DMOJ#967

* ci: use Python 3.10 when possible

* Use metaclass to auto-populate Executor.name

* Remove unnecessary executor name declarations

* cptbox: check faccessat2 instead of always denying

* cptbox: automatically generate FreeBSD syscalls

* cptbox: allow ExactDir('/') rule to work

* executors: allow racket to access /

* cptbox: allow statx by default

It used to only be allowed for compilers, but there is no reason why
it should be compiler-only given that other stat syscalls are allowed
for everything.

This will fix the failure with Turing on latest glibc.

* Work around pip bug

* Add executor for Lean 4

* Update README

* Delete errors

* mypy

* Make access rules more sane

* Update docker test

* Remove unnecessary executor name declarations

* cptbox: allow pselect6/pselect6_time64 by default

glibc 2.33+ use these instead of select
Ref: https://sourceware.org/pipermail/glibc-cvs/2020q3/070159.html

Co-authored-by: Tudor Brindus <[email protected]>
Co-authored-by: Quantum <[email protected]>
Co-authored-by: int-y1 <[email protected]>

.docker.test.py

@@ -6,12 +6,12 @@
 from dmoj.executors import get_available
 
 arch = platform.machine()
-ALLOW_FAIL = {'GASARM', 'JAVA9', 'JAVA10', 'OBJC'}
+ALLOW_FAIL = {'GASARM', 'OBJC'}
 EXECUTORS = get_available()
 
 if arch == 'aarch64':
     ALLOW_FAIL -= {'GASARM'}
-    ALLOW_FAIL |= {'D', 'GAS32', 'GAS64', 'NASM', 'NASM64', 'SWIFT', 'TUR'}
+    ALLOW_FAIL |= {'D', 'GAS32', 'GAS64', 'LEAN4', 'NASM', 'NASM64', 'SWIFT', 'TUR'}
 elif arch != 'x86_64':
     raise AssertionError('invalid architecture')
 

.docker/tier1/Dockerfile

@@ -15,6 +15,7 @@ RUN curl --location -o scratch-run.zip $(curl -s https://api.github.com/repos/VN
 RUN mkdir /judge /problems && cd /judge && \
 	curl -L https://github.com/VNOI-Admin/judge-server/archive/"${TAG}".tar.gz | tar -xz --strip-components=1 && \
 	pip3 install -e . && \
+	python3 setup.py develop && \
 	HOME=~judge . ~judge/.profile && \
 	runuser -u judge -w PATH -- dmoj-autoconf -V > /judge-runtime-paths.yml && \
 	echo '  crt_x86_in_lib32: true' >> /judge-runtime-paths.yml && \

.docker/tier2/Dockerfile

@@ -15,6 +15,7 @@ RUN curl --location -o scratch-run.zip $(curl -s https://api.github.com/repos/VN
 RUN mkdir /judge /problems && cd /judge && \
 	curl -L https://github.com/VNOI-Admin/judge-server/archive/"${TAG}".tar.gz | tar -xz --strip-components=1 && \
 	pip3 install -e . && \
+	python3 setup.py develop && \
 	HOME=~judge . ~judge/.profile && \
 	runuser -u judge -w PATH -- dmoj-autoconf -V > /judge-runtime-paths.yml && \
 	echo '  crt_x86_in_lib32: true' >> /judge-runtime-paths.yml && \

.docker/tier3/Dockerfile

@@ -15,6 +15,7 @@ RUN curl --location -o scratch-run.zip $(curl -s https://api.github.com/repos/VN
 RUN mkdir /judge /problems && cd /judge && \
 	curl -L https://github.com/VNOI-Admin/judge-server/archive/"${TAG}".tar.gz | tar -xz --strip-components=1 && \
 	pip3 install -e . && \
+	python3 setup.py develop && \
 	HOME=~judge . ~judge/.profile && \
 	runuser -u judge -w PATH -- dmoj-autoconf -V > /judge-runtime-paths.yml && \
 	echo '  crt_x86_in_lib32: true' >> /judge-runtime-paths.yml && \

.github/workflows/build.yml

@@ -5,10 +5,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v1
-    - name: Set up Python 3.9
+    - name: Set up Python 3.10
       uses: actions/setup-python@v1
       with:
-        python-version: 3.9
+        python-version: '3.10'
     - name: Install Black and Flake8
       run: |
         pip install black==21.8b0 flake8 flake8-future-import flake8-logging-format flake8-import-order flake8-quotes flake8-black
@@ -27,10 +27,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v1
-    - name: Set up Python 3.9
+    - name: Set up Python 3.10
       uses: actions/setup-python@v1
       with:
-        python-version: 3.9
+        python-version: '3.10'
     - name: Install dependencies and mypy
       run: |
         pip install cython mypy types-termcolor types-requests types-PyYAML
@@ -43,10 +43,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v1
-    - name: Set up Python 3.9
+    - name: Set up Python 3.10
       uses: actions/setup-python@v1
       with:
-        python-version: 3.9
+        python-version: '3.10'
     - name: Install build dependencies
       run: pip install cython
     - name: Create sdist
@@ -61,7 +61,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [ 3.6, 3.7, 3.8, 3.9 ]
+        python-version: [ 3.6, 3.7, 3.8, 3.9, '3.10' ]
     steps:
       - uses: actions/checkout@v2
       - name: Download docker image

.github/workflows/update-syscalls.yml

@@ -12,10 +12,10 @@ jobs:
       uses: actions/setup-python@v1
       with:
         python-version: 3.7
-    - name: Update Linux syscalls
+    - name: Update syscalls
       run: |
         cd dmoj/cptbox/syscalls
-        python generate_linux.py
+        python generate.py
     - name: Create pull request
       uses: peter-evans/create-pull-request@v3
       with:

README.md

@@ -58,6 +58,7 @@ The judge can also grade in the languages listed below. These languages are less
 * Haskell
 * INTERCAL
 * Kotlin
+* Lean 4
 * Lua
 * NASM
 * Objective-C

dmoj/commands/submit.py

@@ -1,9 +1,8 @@
 from typing import Optional
 
-from dmoj import judgeenv
+from dmoj import executors, judgeenv
 from dmoj.commands.base_command import Command
 from dmoj.error import InvalidCommandException
-from dmoj.executors import executors
 from dmoj.judge import Submission
 
 
@@ -45,24 +44,18 @@ def execute(self, line: str) -> None:
         memory_limit: int = args.memory_limit
         source_file: Optional[str] = args.source_file
 
-        if language_id not in executors:
+        if language_id not in executors.executors:
             source_file = language_id
             language_id = None  # source file / language id optional
 
         if problem_id not in judgeenv.get_supported_problems():
             raise InvalidCommandException(f"unknown problem '{problem_id}'")
         elif not language_id:
             if source_file:
-                filename, dot, ext = source_file.partition('.')
-                if not ext:
-                    raise InvalidCommandException('invalid file name')
-                else:
-                    # TODO: this should be a proper lookup elsewhere
-                    ext = ext.upper()
-                    language_id = {'PY': 'PY2', 'CPP': 'CPP11', 'JAVA': 'JAVA8'}.get(ext, ext)
+                language_id = executors.from_filename(source_file).Executor.name
             else:
                 raise InvalidCommandException('no language is selected')
-        elif language_id not in executors:
+        elif language_id not in executors.executors:
             raise InvalidCommandException(f"unknown language '{language_id}'")
         elif time_limit <= 0:
             raise InvalidCommandException('--time-limit must be >= 0')

dmoj/cptbox/filesystem_policies.py

@@ -104,9 +104,10 @@ def _finalize_directory_rule(self, node: Dir, rule: Union[ExactDir, RecursiveDir
     # `path` should be a normalized path
     def check(self, path: str) -> bool:
         assert os.path.abspath(path) == path, 'Must pass a normalized, absolute path to check'
+        components = [] if path == '/' else path.split('/')[1:]
 
         node = self.root
-        for component in path.split('/')[1:]:
+        for component in components:
             if isinstance(node, File):
                 return False
             elif node.access_mode == AccessMode.RECURSIVE:

dmoj/cptbox/isolate.py

@@ -50,6 +50,7 @@ def __init__(self, read_fs, write_fs=None, writable=(1, 2)):
                 sys_openat: self.check_file_access_at('openat', is_open=True),
                 sys_open: self.check_file_access('open', 0, is_open=True),
                 sys_faccessat: self.check_file_access_at('faccessat'),
+                sys_faccessat2: self.check_file_access_at('faccessat2'),
                 sys_access: self.check_file_access('access', 0),
                 sys_readlink: self.check_file_access('readlink', 0),
                 sys_readlinkat: self.check_file_access_at('readlinkat'),
@@ -58,6 +59,7 @@ def __init__(self, read_fs, write_fs=None, writable=(1, 2)):
                 sys_lstat: self.check_file_access('lstat', 0),
                 sys_lstat64: self.check_file_access('lstat64', 0),
                 sys_fstatat: self.check_file_access_at('fstatat'),
+                sys_statx: self.check_file_access_at('statx'),
                 sys_tgkill: self.do_kill,
                 sys_kill: self.do_kill,
                 sys_prctl: self.do_prctl,
@@ -70,6 +72,8 @@ def __init__(self, read_fs, write_fs=None, writable=(1, 2)):
                 sys_getpgrp: ALLOW,
                 sys_restart_syscall: ALLOW,
                 sys_select: ALLOW,
+                sys_pselect6: ALLOW,
+                sys_pselect6_time64: ALLOW,
                 sys_newselect: ALLOW,
                 sys_modify_ldt: ALLOW,
                 sys_poll: ALLOW,
@@ -158,13 +162,13 @@ def __init__(self, read_fs, write_fs=None, writable=(1, 2)):
             self.update(
                 {
                     sys_mkdir: ACCESS_EPERM,
-                    sys_obreak: ALLOW,
+                    sys_break: ALLOW,
                     sys_sysarch: ALLOW,
                     sys_sysctl: ALLOW,  # TODO: More strict?
+                    sys_sysctlbyname: ALLOW,  # TODO: More strict?
                     sys_issetugid: ALLOW,
                     sys_rtprio_thread: ALLOW,  # EPERMs when invalid anyway
                     sys_umtx_op: ALLOW,  # http://fxr.watson.org/fxr/source/kern/kern_umtx.c?v=FREEBSD60#L720
-                    sys_nosys: ALLOW,  # what?? TODO: this shouldn't really exist, so why is Python calling it?
                     sys_getcontext: ALLOW,
                     sys_setcontext: ALLOW,
                     sys_pread: ALLOW,
@@ -175,8 +179,6 @@ def __init__(self, read_fs, write_fs=None, writable=(1, 2)):
                     sys_thr_exit: ALLOW,
                     sys_thr_kill: ALLOW,
                     sys_thr_self: ALLOW,
-                    sys__mmap: ALLOW,
-                    sys___mmap: ALLOW,
                     sys_sigsuspend: ALLOW,
                     sys_clock_getcpuclockid2: ALLOW,
                     sys_fstatfs: ALLOW,
@@ -285,6 +287,10 @@ def _file_access_check(
         if normalized.startswith('/proc/self'):
             file = os.path.join(f'/proc/{debugger.tid}', os.path.relpath(file, '/proc/self'))
             projected = '/' + os.path.normpath(file).lstrip('/')
+        elif normalized.startswith(f'/proc/{debugger.tid}/'):
+            # If the child process uses /proc/getpid()/foo, set the normalized path to be /proc/self/foo.
+            # Access rules can more easily check /proc/self.
+            normalized = os.path.join('/proc/self', os.path.relpath(file, f'/proc/{debugger.tid}'))
         real = os.path.realpath(file)
 
         try:

dmoj/cptbox/ptbox.h

@@ -25,7 +25,7 @@
 #include <seccomp.h>
 #endif
 
-#define MAX_SYSCALL             568
+#define MAX_SYSCALL             600
 #define PTBOX_HANDLER_DENY      0
 #define PTBOX_HANDLER_ALLOW     1
 #define PTBOX_HANDLER_CALLBACK  2