delete protected

ocaml-flambda · Jan 10, 2025 · 4cdc141 · 4cdc141
1 parent d2eb6f5
commit 4cdc141
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 163 deletions.
diff --git a/otherlibs/stdlib_alpha/capsule.ml b/otherlibs/stdlib_alpha/capsule.ml
@@ -441,34 +441,6 @@ let create_with_rwlock () =
   let (P name) = Name.make () in
   Rwlock.P { name; rwlock = Rw.create (); poisoned = false }
 
-exception Protected : 'k Mutex.t * (exn, 'k) Data.t -> exn
-
-let reraise_protected name data =
-  let backtrace = get_raw_backtrace () in
-  let exn = (Protected ({ name; mutex = M.create (); poisoned = false }, data)) in
-  raise_with_backtrace exn backtrace
-;;
-
-let protect_local f = exclave_
-  let (P name) = Name.make () in
-  let password = Password.unsafe_mk name in
-  try f (Password.P password) with
-  | Encapsulated (inner, data) as exn ->
-    (match Name.equality_witness name inner with
-     | Some Equal -> reraise_protected name data
-     | None -> reraise exn)
-  | exn -> reraise exn
-
-let protect_portable_local f = exclave_
-  let (P name) = Name.make () in
-  let password = Password.unsafe_mk name in
-  try f (Password.P password) with
-  | Encapsulated (inner, data) as exn ->
-    (match Name.equality_witness name inner with
-     | Some Equal -> reraise_protected name data
-     | None -> reraise_protected name (Data.unsafe_mk exn))
-  | exn -> reraise_protected name (Data.unsafe_mk exn)
-
 let with_password_local f = exclave_
   let (P name) = Name.make () in
   let password = Password.unsafe_mk name in
@@ -479,6 +451,4 @@ let with_password_local f = exclave_
      | None -> reraise exn)
   | exn -> reraise exn
 
-let protect f = (protect_local (fun password -> { global = f password })).global
-let protect_portable f = (protect_portable_local (fun password -> { global = f password })).global
 let with_password f = (with_password_local (fun password -> { global = f password })).global
diff --git a/otherlibs/stdlib_alpha/capsule.mli b/otherlibs/stdlib_alpha/capsule.mli
@@ -563,37 +563,14 @@ exception Encapsulated : 'k Name.t * (exn, 'k) Data.t -> exn
     the data. The [Name.t] can be used to associate the [Data.t] with a
     particular [Password.t] or [Mutex.t]. *)
 
-(* CR-soon mslater: ['k Key.t] instead of ['k Mutex.t]. *)
-exception Protected : 'k Mutex.t * (exn, 'k) Data.t -> exn
-(** If a function passed to [protect] raises an exception, it is wrapped
-    in [Protected] to avoid leaking access to the data. The [Mutex.t] can
-    be used to access the [Data.t]. *)
-
-val protect : (Password.packed @ local -> 'a) @ local -> 'a @@ portable
-(** [protect f] runs [f password] in a fresh capsule represented by [password].
-    If [f] raises an [Encapsulated] exception in the capsule represented by [password],
-    [protect] unwraps the exception and re-raises it as [Protected].
-    If [f] raises any other exception or returns normally, [protect] merges
-    the capsule into the caller's capsule. *)
-
-val protect_portable : (Password.packed @ local -> 'a) @ local portable -> 'a @@ portable
-(** [protect_portable f] runs [f password] in a fresh capsule represented by [password].
-    If [f] returns normally, [protect_portable] merges the capsule into the caller's capsule.
-    If [f] raises an [Encapsulated] exception in the capsule represented by [password],
-    [protect_portable] unwraps the exception and re-raises it as [Protected].
-    If [f] raises any other exception, [protect_portable] re-raises it as [Protected]. *)
-
 val with_password : (Password.packed @ local -> 'a) @ local -> 'a @@ portable
-(** [with_password f] runs [f password] in a fresh capsule represented by [password].
-    If [f] returns normally, [with_password] merges the capsule into the caller's capsule.
-    If [f] raises an [Encapsulated] exception in the capsule represented by [password],
-    [with_password] unwraps the exception and re-raises it directly. *)
-
-val protect_local : (Password.packed @ local -> 'a @ local) @ local -> 'a @ local @@ portable
-(** See [protect]. *)
+(** [with_password f] creates a fresh capsule and applies [f] with the associated [password].
 
-val protect_portable_local : (Password.packed @ local -> 'a @ local) @ local portable -> 'a @ local @@ portable
-(** See [protect_portable]. *)
+    If [f] raises an [Encapsulated] exception in the capsule represented by [password],
+    [with_password] destroys the capsule, unwraps the exception, and re-raises it directly. *)
 
 val with_password_local : (Password.packed @ local -> 'a @ local) @ local -> 'a @ local @@ portable
-(** See [with_password]. *)
+(** See [with_password].
+
+    If [f] returns normally, note that the capsule is not destroyed, and locality still enforces
+    that the password cannot escape. *)
diff --git a/testsuite/tests/capsule-api/data.ml b/testsuite/tests/capsule-api/data.ml
@@ -176,111 +176,9 @@ let () =
   assert (Capsule.Data.project ptr' = 111)
 ;;
 
-(* [protect_portable]. *)
+(* [with_password]. *)
 exception Exn of string
 
-let () =
-  match Capsule.protect_portable (fun _password -> "ok") with
-  | s -> assert (s = "ok")
-  | exception _ -> assert false
-;;
-
-let () =
-  match Capsule.protect_portable (fun _password -> Exn "ok") with
-  | Exn s -> assert (s = "ok")
-  | _ -> assert false
-;;
-
-let () =
-  match Capsule.protect_portable (fun _password -> reraise (Exn "fail")) with
-  | exception (Capsule.Protected (mut, exn)) ->
-    let s = Capsule.Mutex.with_lock mut (fun password ->
-      Capsule.Data.extract password (fun exn ->
-        match exn with
-        | Exn s -> s
-        | _ -> assert false) exn) in
-    assert (s = "fail")
-  | _ -> assert false
-;;
-
-let () =
-  match Capsule.protect_portable (fun (Capsule.Password.P password) ->
-    let data = Capsule.Data.create (fun () -> "fail") in
-    let msg = Capsule.Data.extract password (fun s : string -> s) data in
-    reraise (Exn msg))
-  with
-  | exception (Capsule.Protected (mut, exn)) ->
-    let s = Capsule.Mutex.with_lock mut (fun password ->
-      Capsule.Data.extract password (fun exn ->
-        match exn with
-        | Exn s -> s
-        | _ -> assert false) exn) in
-    assert (s = "fail")
-  | _ -> assert false
-;;
-
-let () =
-  match Capsule.protect_portable (fun (Capsule.Password.P password) ->
-    let data = Capsule.Data.create (fun () -> "fail") in
-    let () = Capsule.Data.extract password (fun s -> reraise (Exn s)) data in
-    ())
-  with
-  | exception (Capsule.Protected (mut, exn)) ->
-    let s = Capsule.Mutex.with_lock mut (fun password ->
-      Capsule.Data.extract password (fun exn ->
-        match exn with
-        | Exn s -> s
-        | _ -> assert false) exn) in
-    assert (s = "fail")
-  | _ -> assert false
-;;
-
-(* [protect]. *)
-let () =
-  match Capsule.protect (fun _password -> "ok") with
-  | s -> assert (s = "ok")
-  | exception _ -> assert false
-;;
-
-let () =
-  match Capsule.protect (fun _password -> Exn "ok") with
-  | Exn s -> assert (s = "ok")
-  | _ -> assert false
-;;
-
-let () =
-  match Capsule.protect (fun _password -> reraise (Exn "fail")) with
-  | exception Exn s -> assert (s = "fail")
-  | _ -> assert false
-;;
-
-let () =
-  match Capsule.protect (fun (Capsule.Password.P password) ->
-    let data = Capsule.Data.create (fun () -> "fail") in
-    let msg = Capsule.Data.extract password (fun s : string -> s) data in
-    reraise (Exn msg))
-  with
-  | exception Exn s -> assert (s = "fail")
-  | _ -> assert false
-;;
-
-let () =
-  match Capsule.protect (fun (Capsule.Password.P password) ->
-    let data = Capsule.Data.create (fun () -> "fail") in
-    let () = Capsule.Data.extract password (fun s -> reraise (Exn s)) data in
-    ())
-  with
-  | exception (Capsule.Protected (mut, exn)) ->
-    let s = Capsule.Mutex.with_lock mut (fun password ->
-      Capsule.Data.extract password (fun exn ->
-        match exn with
-        | Exn s -> s
-        | _ -> assert false) exn) in
-    assert (s = "fail")
-  | _ -> assert false
-;;
-
-(* [with_password]. *)
 let () =
   match Capsule.with_password (fun _password -> "ok") with
   | s -> assert (s = "ok")