[oil-language] Disallow POSIX shell arithmetic

With a new option

    shopt -u parse_sh_arith

It was already disallowed in most places with

    shopt -u parse_dparen
    shopt -u parse_sh_assign

The remaining places are the static:

    echo $(( a[i] ))
    echo ${a[i]}

And the dynamic:

    unset a[i]
    printf -v a[i]
    ${!ref}
    declare -n not fully implemented

Follow-up to #1450.

With test/lint fix.

doc/oil-help-topics.md

@@ -181,6 +181,7 @@ X [External Lang] BEGIN   END   when (awk)
                   parse_dollar (-u)      Is $ allowed for \$?  Maybe $/d+/
                   parse_dparen (-u)      Is (( legacy arithmetic allowed?
                   parse_ignored (-u)     Parse, but ignore, certain redirects
+                  parse_sh_arith (-u)    Is legacy shell arithmetic allowed?
                   parse_sh_assign (-u)   Are legacy a=b and PATH=. cmd allowed?
                   parse_sloppy_case (-u) Case patterns look like (*.py) not *.py)
                   X copy_env (-u)        Use $[ENV->PYTHONPATH] when false

frontend/option_def.py

@@ -173,6 +173,7 @@ def DoneWithImplementedOptions(self):
     ('parse_dollar', True),
     ('parse_ignored', True),
 
+    ('parse_sh_arith', True),     # disallow all shell arithmetic, $(( )) etc.
     ('parse_sh_assign', True),    # disallow x=y and PYTHONPATH=y
     ('parse_dparen', True),       # disallow bash's ((
     ('parse_bare_word', True),    # 'case bare' and 'for x in bare'

osh/builtin_assign.py

@@ -433,6 +433,8 @@ def Run(self, cmd_val):
 # TODO:
 # - It would make more sense to treat no args as an error (bash doesn't.)
 #   - Should we have strict builtins?  Or just make it stricter?
+# - Typed args: unset (mylist[0]) is like Python's del
+#   - It has the same word as 'setvar', which makes sense
 
 class Unset(vm._Builtin):
 

osh/sh_expr_eval.py

@@ -201,6 +201,12 @@ def ParseLValue(self, s, span_id):
 
     It uses the arith parser, so it behaves like the LHS of (( a[i] = x ))
     """
+    if not self.parse_ctx.parse_opts.parse_sh_arith():
+      # Do something simpler for Oil
+      if not match.IsValidVarName(s):
+        e_die('Invalid variable name %r (parse_sh_arith is off)' % s, loc.Span(span_id))
+      return lvalue.Named(s, span_id)
+
     a_parser = self.parse_ctx.MakeArithParser(s)
 
     with alloc.ctx_Location(self.arena, source.ArgvWord('dynamic place', span_id)):
@@ -211,6 +217,9 @@ def ParseLValue(self, s, span_id):
         # Exception for builtins 'unset' and 'printf'
         e_usage('got invalid place expression', span_id=span_id)
 
+    # Note: we parse '1+2', and then it becomes a runtime error because it's
+    # not a valid place.  Could be a parse error.
+
     if self.exec_opts.eval_unsafe_arith():
       lval = self.arith_ev.EvalArithLhs(anode, span_id)
     else:

osh/tdop.py

@@ -330,5 +330,29 @@ def ParseUntil(self, rbp):
 
   def Parse(self):
     # type: () -> arith_expr_t
+
     self.Next()  # may raise ParseError
+
+    if not self.parse_opts.parse_sh_arith():
+      # Affects:
+      #    echo $(( x ))
+      #    ${a[i]} which should be $[a[i]] -- could have better error
+      #
+      # Note: sh_expr_eval.UnsafeArith has a dynamic e_die() check
+      #
+      # Doesn't affect:
+      #    printf -v x         # unsafe_arith.ParseLValue
+      #    unset x             # unsafe_arith.ParseLValue
+      #    ${!ref}             # unsafe_arith.ParseVarRef
+      #    declare -n          # not fully implemented yet
+      #
+      #    a[i+1]=             # parse_sh_assign
+      #
+      #    (( a = 1 ))         # parse_dparen
+      #    for (( i = 0; ...   # parse_dparen
+
+      p_die(
+          "POSIX shell arithmetic isn't allowed (parse_sh_arith)",
+          loc.Word(self.cur_word))
+
     return self.ParseUntil(0)