From 50b22de2e95ad4398267f2004e2217e1d4953b0d Mon Sep 17 00:00:00 2001 From: James M Snell Date: Thu, 18 Oct 2018 16:37:24 -0700 Subject: [PATCH] doc, test: document and test vm timeout escapes Using `process.nextTick()` or `Promise`, it is possible to escape the `timeout` set when running code with `vm.runInContext()`, `vm.runInThisContext()`, and `vm.runInNewContext()`. This documents the issue and adds two known_issues tests. Refs: https://github.com/nodejs/node/issues/3020 PR-URL: https://github.com/nodejs/node/pull/23743 Refs: https://github.com/nodejs/node/issues/3020 Reviewed-By: Luigi Pinca Reviewed-By: Tiancheng "Timothy" Gu --- doc/api/vm.md | 32 +++++++++++++++ .../test-vm-timeout-escape-nexttick.js | 41 +++++++++++++++++++ .../test-vm-timeout-escape-promise.js | 39 ++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 test/known_issues/test-vm-timeout-escape-nexttick.js create mode 100644 test/known_issues/test-vm-timeout-escape-promise.js diff --git a/doc/api/vm.md b/doc/api/vm.md index 892f7b97c39a30..1053a37d9025ff 100644 --- a/doc/api/vm.md +++ b/doc/api/vm.md @@ -944,6 +944,38 @@ within which it can operate. The process of creating the V8 Context and associating it with the `sandbox` object is what this document refers to as "contextifying" the `sandbox`. +## Timeout limitations when using process.nextTick(), and Promises + +Because of the internal mechanics of how the `process.nextTick()` queue and +the microtask queue that underlies Promises are implemented within V8 and +Node.js, it is possible for code running within a context to "escape" the +`timeout` set using `vm.runInContext()`, `vm.runInNewContext()`, and +`vm.runInThisContext()`. + +For example, the following code executed by `vm.runInNewContext()` with a +timeout of 5 milliseconds schedules an infinite loop to run after a promise +resolves. The scheduled loop is never interrupted by the timeout: + +```js +const vm = require('vm'); + +function loop() { + while (1) console.log(Date.now()); +} + +vm.runInNewContext( + 'Promise.resolve().then(loop);', + { loop, console }, + { timeout: 5 } +); +``` + +This issue also occurs when the `loop()` call is scheduled using +the `process.nextTick()` function. + +This issue occurs because all contexts share the same microtask and nextTick +queues. + [`Error`]: errors.html#errors_class_error [`URL`]: url.html#url_class_url [`eval()`]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval diff --git a/test/known_issues/test-vm-timeout-escape-nexttick.js b/test/known_issues/test-vm-timeout-escape-nexttick.js new file mode 100644 index 00000000000000..8afe2fb8cebb15 --- /dev/null +++ b/test/known_issues/test-vm-timeout-escape-nexttick.js @@ -0,0 +1,41 @@ +'use strict'; + +// https://github.com/nodejs/node/issues/3020 +// Promises, nextTick, and queueMicrotask allow code to escape the timeout +// set for runInContext, runInNewContext, and runInThisContext + +require('../common'); +const assert = require('assert'); +const vm = require('vm'); + +const NS_PER_MS = 1000000n; + +const hrtime = process.hrtime.bigint; +const nextTick = process.nextTick; + +function loop() { + const start = hrtime(); + while (1) { + const current = hrtime(); + const span = (current - start) / NS_PER_MS; + if (span >= 100n) { + throw new Error( + `escaped timeout at ${span} milliseconds!`); + } + } +} + +assert.throws(() => { + vm.runInNewContext( + 'nextTick(loop); loop();', + { + hrtime, + nextTick, + loop + }, + { timeout: 5 } + ); +}, { + code: 'ERR_SCRIPT_EXECUTION_TIMEOUT', + message: 'Script execution timed out after 5ms' +}); diff --git a/test/known_issues/test-vm-timeout-escape-promise.js b/test/known_issues/test-vm-timeout-escape-promise.js new file mode 100644 index 00000000000000..4452c83cd182e3 --- /dev/null +++ b/test/known_issues/test-vm-timeout-escape-promise.js @@ -0,0 +1,39 @@ +'use strict'; + +// https://github.com/nodejs/node/issues/3020 +// Promises, nextTick, and queueMicrotask allow code to escape the timeout +// set for runInContext, runInNewContext, and runInThisContext + +require('../common'); +const assert = require('assert'); +const vm = require('vm'); + +const NS_PER_MS = 1000000n; + +const hrtime = process.hrtime.bigint; + +function loop() { + const start = hrtime(); + while (1) { + const current = hrtime(); + const span = (current - start) / NS_PER_MS; + if (span >= 100n) { + throw new Error( + `escaped timeout at ${span} milliseconds!`); + } + } +} + +assert.throws(() => { + vm.runInNewContext( + 'Promise.resolve().then(loop); loop();', + { + hrtime, + loop + }, + { timeout: 5 } + ); +}, { + code: 'ERR_SCRIPT_EXECUTION_TIMEOUT', + message: 'Script execution timed out after 5ms' +});