refactor: 实现模块导入沙箱化并重构 OpImportInit 执行流

ExplodingDragon · ExplodingDragon · commit 4e67e7ea26d8 · 2026-04-01T17:36:13.000+08:00
- **核心重构**：
    - **重构 `OpImportInit`**：废弃通过直接切换父 `session` 字段来“劫持”执行流的旧模式，改为在独立的模块上下文中同步执行导入程序。
    - **引入独立 Module Session**：模块初始化现在拥有独立的 `module session`，父 session 仅在初始化成功后接收产物（Module Value）并同步 `StepCount` 与 `ModuleCache` 状态。
    - **显式 Commit/Rollback 机制**：模块仅在执行成功后才会被写入 `ModuleCache`；若初始化失败（如触发除零异常），会自动从 `LoadingModules` 中移除，确保父 session 不被半初始化状态污染。
- **执行器增强**：
    - 新增 `executeImportedProgram` 与 `buildImportedModuleValue` 私有方法，封装模块执行与导出符号封装逻辑。
    - 统一模块成员（全局变量、函数、常量、结构体）的导出过滤规则（首字母大写）。
- **健壮性与测试**：
    - **新增 E2E 测试**：增加 `module_isolation_test.go`，验证模块初始化失败时不会污染父 session 的缓存与状态。
- **文档**：更新 `TODO.md`，标志着“模块加载沙箱化”核心任务（重构 `OpImportInit`、引入独立 session 及回滚机制）已完成，并标注了关于 `panic` 语义建模的后续计划。
diff --git a/TODO.md b/TODO.md
@@ -125,10 +125,11 @@
 **目标**: 让模块加载、编译产物、执行 IR 真正成为可隔离、可缓存、可序列化的工业化管线。**
 
 ### Q. 模块加载沙箱化
-- [ ] **重构 `OpImportInit`**: 不再通过直接切换当前 session/executor 字段来“劫持”执行流。
-- [ ] **引入独立 module session**: 模块初始化在隔离上下文执行。
-- [ ] **引入显式 commit/rollback 机制**: 模块初始化失败时主 session 状态不被污染。
+- [x] **重构 `OpImportInit`**: import 主路径已改为在独立模块上下文中同步执行并返回模块值，不再直接切换父 `session.Executor/Stack/ValueStack/LHSStack` 劫持执行流。
+- [x] **引入独立 module session**: 脚本模块初始化已在独立 `module session` 中执行，父 session 仅接收成功产物与 step/module 状态回写。
+- [x] **引入显式 commit/rollback 机制**: 模块初始化仅在成功后写入 `ModuleCache`；失败路径会回滚 `LoadingModules`，并保持父 session/module cache 不被半初始化状态污染。
 - [ ] **补充循环依赖、panic、部分初始化场景测试**。
+- [ ] **补记语法约束缺口：`panic` 目前未作为“结束结构”参与语义建模**。这会影响“模块初始化失败即终止/回滚”的静态表达能力；后续需要在语法/语义层明确 `panic` 的终止属性，再回头收紧 import/init failure 与 unreachable/partial-init 相关校验。
 
 ### R. IR/Bytecode 管线统一
 - [ ] **统一 `core/runtime/task.go` 与 `core/compiler/bytecode.go` 的指令集定义**。
diff --git a/core/e2e/module_isolation_test.go b/core/e2e/module_isolation_test.go
@@ -0,0 +1,65 @@
+package e2e
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"testing"
+
+	engine "gopkg.d7z.net/go-mini/core"
+	"gopkg.d7z.net/go-mini/core/ast"
+	"gopkg.d7z.net/go-mini/core/ffigo"
+)
+
+func TestModuleInitFailureDoesNotPolluteParentSession(t *testing.T) {
+	executor := engine.NewMiniExecutor()
+
+	executor.SetLoader(func(path string) (*ast.ProgramStmt, error) {
+		switch path {
+		case "broken":
+			code := `
+			package broken
+
+			var Exported = "partial"
+			var Trigger = 1 / 0
+			`
+			converter := ffigo.NewGoToASTConverter()
+			node, err := converter.ConvertSource("snippet", code)
+			if err != nil {
+				return nil, err
+			}
+			return node.(*ast.ProgramStmt), nil
+		default:
+			return nil, fmt.Errorf("module not found: %s", path)
+		}
+	})
+
+	runtime, err := executor.NewRuntimeByGoCode(`
+	package main
+	import "broken"
+
+	func main() {}
+	`)
+	if err != nil {
+		t.Fatalf("compile failed: %v", err)
+	}
+
+	err = runtime.Execute(context.Background())
+	if err == nil {
+		t.Fatal("expected broken module init to fail")
+	}
+	if !strings.Contains(err.Error(), "division by zero") {
+		t.Fatalf("unexpected execute error: %v", err)
+	}
+
+	session := runtime.LastSession()
+	if session == nil {
+		t.Fatal("expected last session")
+	}
+	if _, ok := session.ModuleCache["broken"]; ok {
+		t.Fatalf("broken module should not be committed into cache: %#v", session.ModuleCache["broken"])
+	}
+	if session.LoadingModules["broken"] {
+		t.Fatal("broken module should not remain in loading set")
+	}
+}
diff --git a/core/runtime/executor.go b/core/runtime/executor.go
@@ -1870,65 +1870,13 @@ func (e *Executor) dispatch(session *StackContext, task Task) error {
 			prog, err := e.Loader(path)
 			if err == nil {
 				session.LoadingModules[path] = true
-				modExecutor, err := NewExecutor(prog)
+				res, err := e.executeImportedProgram(session, path, prog)
+				delete(session.LoadingModules, path)
 				if err != nil {
-					delete(session.LoadingModules, path)
 					return err
 				}
-				modExecutor.Loader = e.Loader
-				modExecutor.routes = e.routes
-
-				modSession := &StackContext{
-					Context:        session.Context,
-					Executor:       modExecutor,
-					Stack:          &Stack{MemoryPtr: make(map[string]*Var), Globals: make(map[string]*Var), Frame: &SlotFrame{}, Scope: "global", Depth: 1},
-					StepLimit:      session.StepLimit,
-					StepCount:      session.StepCount,
-					ModuleCache:    session.ModuleCache,
-					LoadingModules: session.LoadingModules,
-					Debugger:       session.Debugger,
-					ValueStack:     &ValueStack{},
-					LHSStack:       &LHSStack{},
-				}
-
-				// Push Done task to current stack (restore context later)
-				session.TaskStack = append(session.TaskStack, Task{
-					Op: OpImportDone,
-					Data: &ImportData{
-						Path:          path,
-						OldExecutor:   session.Executor,
-						OldStack:      session.Stack,
-						OldTaskStack:  session.TaskStack,
-						OldValueStack: session.ValueStack,
-						OldLHSStack:   session.LHSStack,
-						ModSession:    modSession,
-					},
-				})
-
-				// Switch current session fields
-				session.Executor = modExecutor
-				session.Stack = modSession.Stack
-				session.ValueStack = modSession.ValueStack
-				session.LHSStack = modSession.LHSStack
-				session.UnwindMode = UnwindNone
-
-				// Push Global variables init
-				for i := len(modExecutor.globalInitOrder) - 1; i >= 0; i-- {
-					name := modExecutor.globalInitOrder[i]
-					global, ok := modExecutor.lookupGlobal(name)
-					if !ok {
-						continue
-					}
-					if global == nil || !global.HasInit {
-						continue
-					}
-					session.TaskStack = append(session.TaskStack, Task{Op: OpInitVar, Data: string(name)})
-					session.TaskStack = append(session.TaskStack, cloneTasks(global.InitPlan)...)
-				}
-
-				// Push Main block execution
-				session.TaskStack = append(session.TaskStack, cloneTasks(modExecutor.mainTasks)...)
-
+				session.ModuleCache[path] = res
+				session.ValueStack.Push(res)
 				return nil
 			}
 		}
@@ -1977,73 +1925,7 @@ func (e *Executor) dispatch(session *StackContext, task Task) error {
 		return fmt.Errorf("failed to load module %s", path)
 
 	case OpImportDone:
-		data := task.Data.(*ImportData)
-		path := data.Path
-		modSession := data.ModSession
-		modExec := modSession.Executor.(*Executor)
-
-		delete(session.LoadingModules, path)
-
-		exports := make(map[string]*Var)
-		for name := range modExec.globals {
-			if len(name) > 0 && name[0] >= 'A' && name[0] <= 'Z' {
-				v, err := modSession.Load(string(name))
-				if err == nil {
-					exports[string(name)] = v
-				}
-			}
-		}
-		for name, fn := range modExec.functions {
-			if len(name) > 0 && name[0] >= 'A' && name[0] <= 'Z' {
-				exports[string(name)] = &Var{
-					VType: TypeClosure,
-					Ref: &VMClosure{
-						FunctionType: fn.FunctionType,
-						BodyTasks:    cloneTasks(fn.BodyTasks),
-						UpvalueSlots: nil,
-						UpvalueNames: nil,
-						Context:      modSession,
-					},
-				}
-			}
-		}
-		for name, val := range modExec.consts {
-			if len(name) > 0 && name[0] >= 'A' && name[0] <= 'Z' {
-				exports[name] = NewString(val)
-			}
-		}
-		for name, s := range modExec.metadata.structsByName {
-			if len(name) > 0 && name[0] >= 'A' && name[0] <= 'Z' {
-				exports[string(name)] = &Var{
-					VType: TypeAny,
-					Ref:   cloneRuntimeStructSpec(s),
-				}
-			}
-		}
-
-		// modSession.Stack should remain its own global stack for future member access to module variables
-		// modSession.Stack = session.Stack <--- REMOVED THIS LINE
-
-		// Restore session
-		session.Executor = data.OldExecutor.(ExecutorAPI)
-		session.Stack = data.OldStack
-		session.TaskStack = data.OldTaskStack
-		session.ValueStack = data.OldValueStack
-		session.LHSStack = data.OldLHSStack
-		session.UnwindMode = UnwindNone
-
-		res := &Var{
-			VType: TypeModule,
-			Ref: &VMModule{
-				Name:    path,
-				Data:    exports,
-				Context: modSession,
-			},
-		}
-
-		session.ModuleCache[path] = res
-		session.ValueStack.Push(res)
-		return nil
+		return fmt.Errorf("OpImportDone should not be reached in synchronous import mode")
 	case OpPush:
 		if v, ok := task.Data.(*Var); ok {
 			session.ValueStack.Push(v)
@@ -2711,6 +2593,78 @@ func (e *Executor) GetProgram() *ast.ProgramStmt {
 	return e.program
 }
 
+func (e *Executor) buildImportedModuleValue(path string, modExec *Executor, modSession *StackContext) *Var {
+	exports := make(map[string]*Var)
+	for name := range modExec.globals {
+		if len(name) > 0 && name[0] >= 'A' && name[0] <= 'Z' {
+			v, err := modSession.Load(string(name))
+			if err == nil {
+				exports[string(name)] = v
+			}
+		}
+	}
+	for name, fn := range modExec.functions {
+		if len(name) > 0 && name[0] >= 'A' && name[0] <= 'Z' {
+			exports[string(name)] = &Var{
+				VType: TypeClosure,
+				Ref: &VMClosure{
+					FunctionType: fn.FunctionType,
+					BodyTasks:    cloneTasks(fn.BodyTasks),
+					UpvalueSlots: nil,
+					UpvalueNames: nil,
+					Context:      modSession,
+				},
+			}
+		}
+	}
+	for name, val := range modExec.consts {
+		if len(name) > 0 && name[0] >= 'A' && name[0] <= 'Z' {
+			exports[name] = NewString(val)
+		}
+	}
+	for name, s := range modExec.metadata.structsByName {
+		if len(name) > 0 && name[0] >= 'A' && name[0] <= 'Z' {
+			exports[string(name)] = &Var{
+				VType: TypeAny,
+				Ref:   cloneRuntimeStructSpec(s),
+			}
+		}
+	}
+
+	return &Var{
+		VType: TypeModule,
+		Ref: &VMModule{
+			Name:    path,
+			Data:    exports,
+			Context: modSession,
+		},
+	}
+}
+
+func (e *Executor) executeImportedProgram(parent *StackContext, path string, prog *ast.ProgramStmt) (*Var, error) {
+	modExecutor, err := NewExecutor(prog)
+	if err != nil {
+		return nil, err
+	}
+	modExecutor.Loader = e.Loader
+	modExecutor.StepLimit = e.StepLimit
+	modExecutor.routes = e.routes
+
+	modSession := modExecutor.NewSession(parent.Context, "global")
+	modSession.StepLimit = parent.StepLimit
+	modSession.StepCount = parent.StepCount
+	modSession.ModuleCache = parent.ModuleCache
+	modSession.LoadingModules = parent.LoadingModules
+	modSession.Debugger = parent.Debugger
+
+	if err := modExecutor.InitializeSession(modSession, nil, false); err != nil {
+		parent.StepCount = modSession.StepCount
+		return nil, err
+	}
+	parent.StepCount = modSession.StepCount
+	return e.buildImportedModuleValue(path, modExecutor, modSession), nil
+}
+
 func (e *Executor) ExecuteStmts(session *StackContext, stmts []ast.Stmt) error {
 	oldTasks := session.TaskStack
 	oldValues := session.ValueStack
