Issue #17849 has been updated by schneems (Richard Schneeman).


I've had a conversation with Matz about this and I've been thinking about t=
his issue for a LONG time. The blocker to doing something like this before =
is that due to the halting problem we can never know if an ensure block wil=
l exit or not. In effect, if someone were to use `Thread#safe_raise` (or so=
mething similar) where the exception didn't fire inside an ensure block: It=
 might accidentally end up with your program stuck in an infinite loop. =


My proposal to avoid this would be to add an additional timer (yes, timers =
all the way down) to fire an "overtime" block. For example, you could speci=
fy the program should wait 1 second to clear all ensure blocks, if it doesn=
't then execute some code (such as raising an error or emitting a warning).=
 Here's my stab at an API:

``` ruby
Timeout.safe_timeout(10, overtime: 1, on_overtime: :warn || :error) do
  # ...
end
Timeout.safe_timeout(10, overtime: 1, on_overtime: -> { puts "Overtime reac=
hed} ) do
  # ...
end
```

Here's the twitter thread that's referenced in the prior conversation https=
://mobile.twitter.com/schneems/status/1377340755878965248. =


I've written at length about the problem here https://www.schneems.com/2017=
/02/21/the-oldest-bug-in-ruby-why-racktimeout-might-hose-your-server/

----------------------------------------
Feature #17849: Fix Timeout.timeout so that it can be used in threaded Web =
servers
https://bugs.ruby-lang.org/issues/17849#change-91914

* Author: duerst (Martin D=FCrst)
* Status: Open
* Priority: Normal
----------------------------------------
Making this a separate issue from #17837

Eregon (Benoit Daloze) wrote in https://bugs.ruby-lang.org/issues/17837#not=
e-10 (which is  about timeouts for regular expressions):

> I think fixing Timeout.timeout might be possible.
> The main/major issue is it can trigger within `ensure`, right? Is there a=
nything else?
> We could automatically mask `Thread#raise` within `ensure` so it only hap=
pens after the `ensure` body completes.
> And we could still have a larger "hard timeout" if an `ensure` takes way =
too long (shouldn't happen, but one cannot be sure).
> I recall discussing this with @schneems some time ago on Twitter.





-- =

https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=3Dunsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>