add stack overflow guard in Context::eval_from #623

Kelerchian · 2023-12-14T09:32:55Z

No description provided.

rkuhn

This is the very first baby step, thanks for pioneering! Making Actyx resource-safe regarding user input will be a huge and ongoing effort in the future.

rkuhn · 2023-12-14T10:01:34Z

rust/actyx/ax-core/src/runtime/eval.rs

+            // databank process.
+            if let Some(x) = stacker::remaining_stack() {
+                if x < EVAL_REMAINING_STACK_THRESHOLD {
+                    return Err(anyhow!(


I’d use anyhow::bail! in such cases.

is there any difference between them other than one is a macro-shortcut for the other?

no difference, it is just shorter, so easier to read

ah ok. done

rkuhn · 2023-12-14T10:04:33Z

rust/actyx/ax-core/src/runtime/eval.rs

+// https://github.com/Actyx/Actyx/issues/608
+//
+// see `eval_from` below
+const EVAL_REMAINING_STACK_THRESHOLD: usize = 200000;


This number is huge, but this is because we’re only using it on one particular function call. I’m not saying this needs to be done now, but eventually we should have a remaining stack depth check at the entry of every function call controlled by user input that may be called recursively.

It is indeed huge.
Each recursion of eval_from takes 4800-ish.
(and in this tag case, the stack overflow happens on the very first recursive call (among the 1 other in the same branch and 2 others at a different branch)
But I notice that println! stops at 170_000, there might be something going on or something unaccounted for.

My guess is that it takes ca. 170kB stack space to run one invocation (with all its contained method calls, some of which do not call eval_from recursively). If you place such a check into all methods possibly invoked (also indirectly) by eval_from, you’ll find where the stack space is actually used.

Kelerchian requested review from rkuhn and jmg-duarte December 14, 2023 09:32

Kelerchian force-pushed the ada/608-stackoverflow-temp-mitigation branch 2 times, most recently from 883eb48 to 83102ed Compare December 14, 2023 09:56

rkuhn approved these changes Dec 14, 2023

View reviewed changes

Kelerchian force-pushed the ada/608-stackoverflow-temp-mitigation branch 2 times, most recently from 6982512 to 4ee7c7b Compare December 14, 2023 11:18

add stack overflow guard in Context::eval_from

11542be

Kelerchian force-pushed the ada/608-stackoverflow-temp-mitigation branch from 4ee7c7b to 11542be Compare December 14, 2023 11:20

Kelerchian merged commit f89612f into dev Dec 14, 2023
9 checks passed

Kelerchian deleted the ada/608-stackoverflow-temp-mitigation branch December 14, 2023 14:18

github-actions bot locked and limited conversation to collaborators Dec 14, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add stack overflow guard in Context::eval_from #623

add stack overflow guard in Context::eval_from #623

Kelerchian commented Dec 14, 2023

rkuhn left a comment

rkuhn Dec 14, 2023

Kelerchian Dec 14, 2023

rkuhn Dec 14, 2023

Kelerchian Dec 14, 2023

rkuhn Dec 14, 2023

Kelerchian Dec 14, 2023

rkuhn Dec 14, 2023

add stack overflow guard in Context::eval_from #623

add stack overflow guard in Context::eval_from #623

Conversation

Kelerchian commented Dec 14, 2023

rkuhn left a comment

Choose a reason for hiding this comment

rkuhn Dec 14, 2023

Choose a reason for hiding this comment

Kelerchian Dec 14, 2023

Choose a reason for hiding this comment

rkuhn Dec 14, 2023

Choose a reason for hiding this comment

Kelerchian Dec 14, 2023

Choose a reason for hiding this comment

rkuhn Dec 14, 2023

Choose a reason for hiding this comment

Kelerchian Dec 14, 2023

Choose a reason for hiding this comment

rkuhn Dec 14, 2023

Choose a reason for hiding this comment