Optionally validate entry point at build time

[wisechengyi]

Resolves #508

Problem

Current behavior allows building a pex that cannot execute:

[omerta ~]$ pex requests -e qqqqqqqqqqqq -o test.pex
[omerta ~]$ ./test.pex
Traceback (most recent call last):
  File ".bootstrap/_pex/pex.py", line 367, in execute
  File ".bootstrap/_pex/pex.py", line 293, in _wrap_coverage
  File ".bootstrap/_pex/pex.py", line 325, in _wrap_profiling
  File ".bootstrap/_pex/pex.py", line 410, in _execute
  File ".bootstrap/_pex/pex.py", line 468, in execute_entry
  File ".bootstrap/_pex/pex.py", line 473, in execute_module
  File "/Users/kwilson/Python/CPython-2.7.13/lib/python2.7/runpy.py", line 182, in run_module
    mod_name, loader, code, fname = _get_module_details(mod_name)
  File "/Users/kwilson/Python/CPython-2.7.13/lib/python2.7/runpy.py", line 107, in _get_module_details
    raise error(format(e))
ImportError: No module named qqqqqqqqqqqq

Solution

Verify entry point at build time. E.g. a.b.c:m means we will try to do from a.b.c import m in a separate process.

Result

$ find hello
hello
hello/test.py
hello/tree.py

# Invalid module
$ python bin.py -D hello -e invalid.module  -o x.pex --validate-entry-point
Traceback (most recent call last):
  File "<string>", line 1, in <module>
ImportError: No module named invalid.module
Traceback (most recent call last):
  File "bin.py", line 758, in <module>
    main()
  File "bin.py", line 743, in main
    pex_builder.build(tmp_name, verify_entry_point=options.validate_ep)
  File "/Users/yic/workspace/pex/pex/pex_builder.py", line 529, in build
    self.freeze(bytecode_compile=bytecode_compile, verify_entry_point=verify_entry_point)
  File "/Users/yic/workspace/pex/pex/pex_builder.py", line 514, in freeze
    self._verify_entry_point()
  File "/Users/yic/workspace/pex/pex/pex_builder.py", line 263, in _verify_entry_point
    raise self.InvalidEntryPoint('Failed to:`{}`'.format(import_statement))
pex.pex_builder.InvalidEntryPoint: Failed to:`import invalid.module`

# invalid method
$ python bin.py -D hello -e test:invalid_method  -o x.pex --validate-entry-point
Traceback (most recent call last):
  File "<string>", line 1, in <module>
ImportError: cannot import name invalid_method
Traceback (most recent call last):
  File "bin.py", line 758, in <module>
    main()
  File "bin.py", line 743, in main
    pex_builder.build(tmp_name, verify_entry_point=options.validate_ep)
  File "/Users/yic/workspace/pex/pex/pex_builder.py", line 529, in build
    self.freeze(bytecode_compile=bytecode_compile, verify_entry_point=verify_entry_point)
  File "/Users/yic/workspace/pex/pex/pex_builder.py", line 514, in freeze
    self._verify_entry_point()
  File "/Users/yic/workspace/pex/pex/pex_builder.py", line 263, in _verify_entry_point
    raise self.InvalidEntryPoint('Failed to:`{}`'.format(import_statement))
pex.pex_builder.InvalidEntryPoint: Failed to:`from test import invalid_method`

# without the flag, invalid method still works
$ python bin.py -D hello -e test:invalid_method  -o x.pex 

[wisechengyi]

Hi @kwlzn please kindly take an initial look for sanity. I am still working on tests, so will ping when it's fully ready.

[jsirois]

This will be a useful feature but I think there are a few fundamental issues here to address.

[jsirois]

Since this is a builder, order of building is not guaranteed and you can't verify until after a freeze since not all requirements or files may yet be added.

[wisechengyi]

Any pointer for a better place?

[jsirois]

In freeze, where you know there can be no more code or requirement additions.

[jsirois]

It could also be a/b/c/__init__.py, ... or be a dynamically generated module! I think you really have to try to import the symbol after a freeze to avoid all the corner cases.

[wisechengyi]

Importing the code feels quite sketchy, even out of process, because they could have bad side effect or even security concerns.

How do you feel about putting verifying entry point behind an option, stating that it would only check for static method in

• a/b/c.py
• a/b/c/__init__.py
  and allow people to skip static check by disabling it?

[jsirois]

If validation is opt-in, it seems like import would be the way to go. The user is going to run the pex after all and suffer the side-effects soon anyhow when they do so! Basically, this is forced to be a half measure one way or the other, so the choice comes down to avoiding side-effects at build time (they'll happen at runtime) for the X% of cases that have this pathology, or not supporting Y% of cases that have bizarre dynamic module generation. I'm really not sure what these percentages are or what is the better way to go. Import just seems attractive since it's robust: ie it's what pex does at runtime. Parsing is new logic.

[wisechengyi]

Yeah that's fair. Importing could also get around ast parsing difference between python 2 and 3.

So I am going to do the importing, and then put it behind an option with default disabled.

[wisechengyi]

@jsirois ready for a second round sanity check. test still incoming.

[wisechengyi]

This is the interface pants will call, correct?

changing it in a way to keep backwards compatibility.

[jsirois]

Yes, but see above.

[jsirois]

Looks good, but a cleanup suggestion re subprocess / Executor and a bigger change idea to consider.

[jsirois]

Execution via subprocess was consolidated to Executor, so this code should use that instead of subprocess directly.

A bit more true to the runtime environment the entry point will be executed in would be something like:

with named_temporary_file() as fp:
  fp.write(import_statement)
  fp.close()
  result = PEX(self.chroot().path()).run([fp.name], env={'PEX_INTERPRETER': '1'})
  if result != 0:
    raise self.InvalidEntryPoint('Failed to validate entrypoint {}'.format(entry_point))

This though unfortunately creates a circular PEX <-> PEXBuilder dep. Better I think to lift the check to the PEX constructor which could be plumbed both from pex.bin.pex and from API users (Pants).

[wisechengyi]

Moved the verification step into class PEX(object):

def __init__(self, ..., verify_entry_point=False):

[jsirois]

Yes, but see above.

[jsirois]

It looks like the one non-isort/non-style CI shard failure is legit but not related to this PR.

LGTM mod one latent bug pointed out re not using the builder's interpreter to perform the import check and completion of test work.

[jsirois]

Failure or Failed would make more sense here.

[wisechengyi]

Corrected.

[jsirois]

>100

[wisechengyi]

Corrected.

[jsirois]

'side effects.

[wisechengyi]

Corrected.

[jsirois]

You could be more uniform, more correct and fail faster with:

pex_builder = build_pex(reqs, options, resolver_options_builder)
pex_builder.freeze()
pex = PEX(pex_builder.path(), interpreter=pex_builder.interpreter, verify_entry_point=options.validate_ep)

if options.pex_name is not None:
  ...

As things stand, in the options.pex_name branch, the pex is zipped up before the entrypoint validation which could be wasted work. Worse though is that the builder's custom interpreter, if any, is not used. This could be a problem if the current running interpreter does not match what the built pex needs and syntax differs (a 2/3 split).

[wisechengyi]

Moved things up to fail fast.

[jsirois]

Given comments above re uniformity in performing the validation, I'd make this _private.

[wisechengyi]

Corrected.

[wisechengyi]

looks like PEX.run would ignore -c arg.

$ python '/var/folders/yt/pxdd3gp96530xh_116kskmkh0000gn/T/tmp8rQWfk' -c 'print 123'
hello

executed the entry point (print hello) rather than -c which prints 123.
Going to try

with named_temporary_file() as fp:
  fp.write(import_statement)
  fp.close()
  result = PEX(self.chroot().path()).run([fp.name], env={'PEX_INTERPRETER': '1'})
  if result != 0:
    raise self.InvalidEntryPoint('Failed to validate entrypoint {}'.format(entry_point))

as suggested earlier.

[wisechengyi]

Updated. Tests incoming.

[wisechengyi]

Tests added. Ready for final review.

[jsirois]

Thanks Yi!