fix(interactive): avoid nested tokio runtime panic in tab completion#1224
Merged
fix(interactive): avoid nested tokio runtime panic in tab completion#1224
Conversation
complete_path() called handle.block_on() from within the single-thread tokio runtime driving the REPL, causing "Cannot start a runtime from within a runtime" panic on tab press. Spawn a helper thread with its own runtime to drive async VFS read_dir instead.
Add 28 new tests covering: - complete_path unit tests: basic match, dirs with trailing slash, no match, nonexistent dirs, nested paths, absolute paths, hidden files, multiple matches sorting, mixed files/dirs - Runtime safety: current_thread and multi_thread runtimes, concurrent completion from 8 threads, 50-iteration stress test - Security (TM-ESC/TM-INJ/TM-UNI/TM-DOS): path traversal stays in VFS, no host filesystem or /proc leak, shell metacharacters in filenames, unicode filenames, deeply nested paths, very long filenames, large directory (200 entries), symlink safety, empty partial input - Integration: cd changes completion scope, mkdir+complete, variable and alias visibility in state, rm removes from completion, script-created files appear in completion
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
complete_path()callinghandle.block_on()from within the single-thread tokio runtime, which caused an abort ("Cannot start a runtime from within a runtime") when pressing tab for file completion (e.g.jq aa<TAB>)current_threadruntime to drive async VFSread_dir, avoiding nestedblock_onWhat
The interactive shell runs on a single-threaded tokio runtime. Rustyline calls
Completer::complete()synchronously during tab completion. The old code calledhandle.block_on(self.fs.read_dir(&dir))from that synchronous callback — nestingblock_oninside the already-running runtime, which panics with an abort.Why
Users hitting tab after any command argument (e.g.
jq aa<TAB>) got an immediate abort with no recovery. This made the interactive shell unusable for file completion.How
Replace
handle.block_on()withstd::thread::spawn+ a freshcurrent_threadruntime on the spawned thread. The thread overhead is negligible for interactive tab completion. The codebase already had a comment warning about this exact pattern for theValidatorimpl (line 365-367) but the same mistake existed in theCompleter.Test coverage (28 new tests)
complete_path unit tests (10): basic match, directory trailing slash, no match, nonexistent dir, nested paths, absolute paths, hidden files, sorted results, mixed files/dirs, empty partial
Runtime safety (4): current_thread runtime, multi_thread runtime, 8-thread concurrent completion, 50-iteration stress test
Security tests (8): path traversal stays in VFS (TM-ESC), no host filesystem leak (TM-ESC), no /proc leak (TM-INF), shell metacharacters in filenames (TM-INJ), unicode filenames (TM-UNI), deeply nested paths (TM-DOS), very long filenames (TM-DOS), large directory with 200 entries (TM-DOS), symlink safety
Integration tests (6): cd changes completion scope, mkdir+complete, variable/alias visibility in state, rm removes from completion, script-created batch files visible