Need to find elegant fix for this - the scheduler is complex and fixing a tiny minor kinda non-bug might introduce real bugs.
To evaluate
Scheduler: fix Lookup/Agenda consistency for deferred named tasks
When service_task cannot execute a named task (preimage unavailable or temporarily overweight), the task returns to the Agenda for future resolution. Previously the Lookup entry was removed eagerly before the outcome was known, leaving the task unreachable by name -- cancel_named and reschedule_named would both fail with NotFound.
This is a concrete problem for reversible-transfers: if a transfer finalization task is deferred due to block weight pressure, cancel_transfer calls cancel_named which fails, and the transfer executes unhindered despite the user's cancellation attempt.
Changes:
service_task: Lookup is now only removed on terminal outcomes (successful dispatch, permanently overweight). Tasks that return to the Agenda keep their Lookup and preimage reference intact.
do_cancel_named: Returns NotFound when the Lookup points to an empty or out-of-range Agenda slot, instead of silently succeeding and emitting a false Canceled event.
Docs: Added known-limitation section for stranded tasks when preimage is unavailable.
Need to find elegant fix for this - the scheduler is complex and fixing a tiny minor kinda non-bug might introduce real bugs.
To evaluate
Scheduler: fix Lookup/Agenda consistency for deferred named tasks
When service_task cannot execute a named task (preimage unavailable or temporarily overweight), the task returns to the Agenda for future resolution. Previously the Lookup entry was removed eagerly before the outcome was known, leaving the task unreachable by name -- cancel_named and reschedule_named would both fail with NotFound.
This is a concrete problem for reversible-transfers: if a transfer finalization task is deferred due to block weight pressure, cancel_transfer calls cancel_named which fails, and the transfer executes unhindered despite the user's cancellation attempt.
Changes:
service_task: Lookup is now only removed on terminal outcomes (successful dispatch, permanently overweight). Tasks that return to the Agenda keep their Lookup and preimage reference intact.
do_cancel_named: Returns NotFound when the Lookup points to an empty or out-of-range Agenda slot, instead of silently succeeding and emitting a false Canceled event.
Docs: Added known-limitation section for stranded tasks when preimage is unavailable.