Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Await safety uncertain in swing-store/src/snapStore.js #6230

Closed
erights opened this issue Sep 16, 2022 · 4 comments
Closed

Await safety uncertain in swing-store/src/snapStore.js #6230

erights opened this issue Sep 16, 2022 · 4 comments
Assignees
@mhofman @dckc
Labels
code-style defensive correctness patterns; readability thru consistency technical-debt vaults_triage DO NOT USE

Comments

@erights
Copy link
Member

erights commented Sep 16, 2022

agoric-sdk/packages/swing-store/src/snapStore.js

Line 325 in a1dedea

await unlink(fullPath);

The triage at #6219 currently classifies this as

// TODO FIXME This code should be refactored to make this
// await checkably safe, or to remove it, or to record here
// why it is actually safe.

Git blame shows @mhofman and @dckc as the ones who should probably investigate this, so I'm assigning to them. Feel free to reassign as appropriate of course.
@erights erights added bug Something isn't working security labels Sep 16, 2022
@dckc dckc added code-style defensive correctness patterns; readability thru consistency technical-debt and removed bug Something isn't working security labels Sep 16, 2022
@dckc
Copy link
Member

dckc commented Sep 16, 2022
edited
Loading

I can see how this doesn't clearly match preferred code style, but I don't see evidence of a bug.

If there's a bug, what steps can I take to reproduce it?

@erights erights mentioned this issue Sep 16, 2022
Closed
@erights
Copy link
Member Author

erights commented Sep 16, 2022

I can see how this doesn't clearly match preferred code style, but I don't see evidence of a bug.

The evidence is only that there are pairs of stateful code in the immediately surrounding control flow that

  • may or may not execute in the same turn
  • may be sensitive to the difference.

If there's a bug, what steps can I take to reproduce it?

Look for some way in which the stateful successors of the control flow containing this statement (both the if successor delete call, and the catch clause's delete and push calls) could possibly be sensitive to whether they execute in the same turn as the prior stateful code that may or may not happen in the same turn. If you show that they cannot be sensitive to that, please record your reasoning, add the

    // eslint-disable-next-line @jessie.js/no-nested-await

that reasoning would justify, and make the recorded reason findable from the warning suppression --- either by including it inline, or by recording it elsewhere and then citing it from here.

Or, refactor this code so all this trouble is unnecessary ;)

@erights
Copy link
Member Author

erights commented Sep 16, 2022

In the absence of such a refutation, please don't close the bug. But if you're confident there is no such case anyway, feel free to declare this bug safely postponable until after imminent milestones, and to remove the "security" label.

@erights erights mentioned this issue Sep 16, 2022
Closed
@ivanlei ivanlei added the vaults_triage DO NOT USE label Jan 4, 2023
@erights
Copy link
Member Author

erights commented Apr 15, 2023

With the simpler await safety rule, this issue is obsolete. Closing.

@erights erights closed this as completed Apr 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mhofman mhofman

@dckc dckc

Labels
code-style defensive correctness patterns; readability thru consistency technical-debt vaults_triage DO NOT USE
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mhofman @dckc @erights @Tartuffo @ivanlei