Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce %jinx Hint #62

Merged
merged 4 commits into from
Jul 3, 2024
Merged

Introduce %jinx Hint #62

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
df00904
Create %jinx discussion.
sigilante May 9, 2024
f37dcfb
Revise hint call syntax.
sigilante May 10, 2024
22bad76
Revise jet hint syntax again.
sigilante May 10, 2024
b9c64e5
Update UIP-012X.md
sigilante May 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 57 additions & 0 deletions UIPS/UIP-012X.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
---
title: Computation Timeout Hint
description: Introduce a `%jinx` hint to permit timeout of a computation which may not terminate.
author: ~lagrev-nocfep
status: Draft
type: Standards Track
category: Kernel
created: 2024-05-09
---

## Abstract

We propose adding a `%jinx` hint to terminate computations automatically from the runtime.

```
> ~> %jinx.[~s5] (add 1 3)
4

> ~> %jinx.[~s5] (infinite-loop)
recover: dig: alrm
crud: %belt event failed
call: failed

> ~> %jinx.[~s4] =|(i=@ |-(?:(=(10.000.000 i) i $(i +(i)))))
10.000.000

> ~> %jinx.[~s3| =|(i=@ |-(?:(=(10.000.000 i) i $(i +(i)))))
recover: dig: alrm
crud: %belt event failed
call: failed
```

## Motivation

As a personal server, an Urbit instance may be called upon to evaluate arbitrary code. Per the halting problem, aside from trivial infinite loops we cannot conclude how long an arbitrary expression will take to evaluate—or if it will never complete. In certain environements, it is impossible or inconvenient to interrupt the runtime process. (In particular, interfaces using `%eyre`/HTTP or `%lick` may not be able to send a `SIGINT` to break execution.)

While the subject-oriented programming model provides some security, and userspace permissions will provide more, arbitrary code may result in intentional or inadvertent evaluation of long-running code or non-terminating code.

## Specification

The `%jinx` hint is a dynamic hint accepting a timeout value and an expression. If the expression does not complete within the span of the timeout value, then the runtime should interrupt the process with a `bail` and slog the elapsed time to the console. The timeout value is specified in Urbit fracto-seconds but converted in the runtime to Unix milliseconds.

No changes need to be made to `/sys/hoon` or Arvo. Vere needs to be modified in `nock.c` to handle the hint. The currently unused timeout mechanism in `u3m_soft` will be reactivated with the head of the hint for the timeout and the tail of the hint for the product.

An implementation has been begun in `sigilante/timeout`, PR [#648](https://github.com/urbit/vere/pull/648).

## Backwards Compatibility

This is a new runtime hint. No backward compatibility issues found.

## Security Considerations

This should improve Urbit security for any instance in which arbitrary eval is allowed.

## Copyright

Copyright and related rights waived via [CC0](../LICENSE.md).