search

endojs / endo

Endo is a distributed secure JavaScript sandbox, based on SES
Apache License 2.0
829 stars 72 forks source link

cli,daemon: `endo cancel` does not propagate properly under some circumstances #2074

Open rekmarks opened 8 months ago

rekmarks commented 8 months ago

Describe the bug

As of the current endo feature branch (#2073), endo cancel does not propagate as expected under some circumstances. A common factor seems to be that neither direct nor indirect cancellation works for values running "in" guests. See reproduction steps below.

We may not want to bother solving this until we are threading cancellation through messages and, perhaps, until messages are persisted across restarts.

Steps to reproduce & expected behavior

This transcript uses the diff format. The removed (- / red) lines are the expected behavior, and the added (+ / green) lines are the observed behavior.

endo purge -f

endo make counter.js --name counter
Object [Alleged: Counter] {}

endo mkguest doubler-agent
Object [Alleged: EndoGuest] {}

endo make doubler.js -n doubler -p doubler-agent
Object [Alleged: Doubler] {}

endo resolve 0 counter

endo eval 'E(doubler).incr()' doubler
2

endo eval 'E(doubler).incr()' doubler
4

endo eval 'E(doubler).incr()' doubler
6

// This cancels the counter, which should also cancel the doubler
endo cancel counter

endo eval 'E(doubler).incr()' doubler
- 2
+ 8

endo eval 'E(counter).incr()' counter
- 2
+ 1

endo eval 'E(counter).incr()' counter
- 3
+ 2

endo eval 'E(doubler).incr()' doubler
- 8
+ 10

// This should, naturally, cause the doubler to be cancelled
endo cancel doubler

endo eval 'E(doubler).incr()' doubler
- 10
+ 12

endo cancel doubler-agent

// Here the doubler is finally cancelled.
// The return value is correct given the incorrect state of the counter
endo eval 'E(doubler).incr()' doubler
- 12
+ 6
rekmarks commented 8 months ago

This issue previously referenced a second case, which "may or may not be distinct". As it turns out, it is both distinct and known, and is now tracked in #2021.

rekmarks commented 6 months ago

We observe datalocks about half the time during crossed hellos in #2217, likely on the side that has to drop their existing connection and therefore cancel all dependent formulas. We are likely in one of two situations:

  1. This is a blocker for solving crossed hellos.
  2. There is some other cancellation issue confounding #2217's solution to crossed hellos.