Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Await safety not yet fixed in swing-store/src/snapStore.js for unbalanced if #6243

Closed
erights opened this issue Sep 16, 2022 · 1 comment
Closed

Await safety not yet fixed in swing-store/src/snapStore.js for unbalanced if #6243

erights opened this issue Sep 16, 2022 · 1 comment
Assignees
@erights
Labels
bug Something isn't working security vaults_triage DO NOT USE
Milestone
Vaults EVP

Comments

@erights
Copy link
Member

erights commented Sep 16, 2022

agoric-sdk/packages/xsnap/src/replay.js

Lines 221 to 225 in 293f88e

if (running && !['command', 'reply'].includes(kind)) {
// eslint-disable-next-line no-await-in-loop
await running;
running = undefined;
}

The triage currently at #6219 would fix it, with the explanation and code

        // This nested await is safe because "all-branches-balanced".
        //
        // This nested synchronous-throw-impossible await at the top level of
        // the then branch is safe because it is balanced by a
        // synchronous-throw-impossible await at the top level of the else
        // branch. In fact the await in the else branch was introduced for
        // that balance, in order to make this one safe.
        // eslint-disable-next-line @jessie.js/no-nested-await
        await running;
        running = undefined;
      } else {
        // This nested await is safe because "all-branches-balanced".
        //
        // This nested synchronous-throw-impossible await at the top level of
        // the else branch is safe because it is balanced by a
        // synchronous-throw-impossible await at the top level of the then
        // branch. In fact it was introduced for that balance, in order to
        // make the `await` in the then branch safe.
        // eslint-disable-next-line @jessie.js/no-nested-await
        await null;
      }

Most of #6219 consists of commentary or cosmetic code changes, and so can be postponed until after PS0. But this is a safety fix. Whether we should cherry pick it, to get it in before PS0 depends on what the consequences are of not fixing it.

Assigning myself since I have the fix done in #6219 and would do the cherry picking if we decide to do that.

Git blame shows @dckc as the one who should probably investigate this, so I'm assigning to them as well. Feel free to reassign as appropriate of course.
@erights erights added bug Something isn't working security labels Sep 16, 2022
@erights erights changed the title Await safety not yet fixed in swing-store/src/snapStore.js for rename call Await safety not yet fixed in swing-store/src/snapStore.js for unbalanced if Sep 16, 2022
@erights erights mentioned this issue Sep 16, 2022
Closed
@ivanlei ivanlei added the vaults_triage DO NOT USE label Jan 17, 2023
@erights
Copy link
Member Author

erights commented Apr 15, 2023

With the simpler await safety rule, this issue is obsolete. Closing.

@erights erights closed this as completed Apr 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@erights erights

Labels
bug Something isn't working security vaults_triage DO NOT USE
Projects
None yet
Milestone
Vaults EVP
Development

Successfully merging a pull request may close this issue.

fix: triage await safety Agoric/agoric-sdk
4 participants
@dckc @erights @Tartuffo @ivanlei