Skip to content

fix: enhance task preparation and execution in run.sh for better priority handling#33940

Open
tomchon wants to merge 4 commits into
3.3.6from
fix/run-case-thread-failed
Open

fix: enhance task preparation and execution in run.sh for better priority handling#33940
tomchon wants to merge 4 commits into
3.3.6from
fix/run-case-thread-failed

Conversation

@tomchon

@tomchon tomchon commented Dec 15, 2025

Copy link
Copy Markdown
Contributor

Description

Issue(s)

  • Close/close/Fix/fix/Resolve/resolve: Issue Link

Checklist

Please check the items in the checklist if applicable.

  • Is the user manual updated?
  • Are the test cases passed and automated?
  • Is there no significant decrease in test coverage?

@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello @tomchon, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant enhancement to the run.sh script by implementing a priority-based task execution mechanism. It refactors how tasks are prepared and consumed, ensuring that critical tasks are processed first by a dedicated thread, thereby improving the overall efficiency and control of the parallel test execution system.

Highlights

  • Task Prioritization: The run.sh script now supports task prioritization, separating tasks into high-priority and normal-priority queues.
  • Task File Generation: The prepare_cases function has been updated to generate two distinct task files: one for high-priority tasks (lines starting with numbers, sorted numerically descending) and another for normal-priority tasks (other lines).
  • Thread-Specific Task Consumption: The run_thread function has been modified such that the first execution thread (index=0) will prioritize consuming tasks from the high-priority queue before moving to normal tasks. All other threads will exclusively process tasks from the normal-priority queue.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a priority-based task handling system by splitting tasks into high-priority and normal-priority queues. The changes in prepare_cases correctly separate the tasks, and run_thread is updated to process them. My review identifies a few areas for improvement. I've suggested optimizing a grep pipeline for better performance. More critically, I've pointed out a major performance bottleneck where a single lock file serializes task fetching across all threads, undermining the goal of parallel execution. I've also raised a design consideration about dedicating only a single thread to high-priority tasks and suggested an alternative for better resource utilization.

Comment thread tests/parallel_test/run.sh Outdated
Comment thread tests/parallel_test/run.sh Outdated
Comment thread tests/parallel_test/run.sh

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refactors the task preparation and execution logic in the parallel test runner to implement priority-based task handling. The changes split tasks into high-priority (prefixed with numbers) and normal-priority tasks, allowing specific threads to process high-priority tasks first.

Key changes:

  • Modified task preparation to generate separate task files for high and normal priority tasks
  • Updated task execution to allow threads on the first host (index=0) to process high-priority tasks before normal tasks
  • Introduced separate lock files for coordinating access to each task queue

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tests/parallel_test/run.sh
Comment thread tests/parallel_test/run.sh
Comment thread tests/parallel_test/run.sh
Comment on lines +405 to +407
flock -x "$lock_file" -c "echo -e \"${hosts[index]} ret:${ret} ${line}\n ${web_server}/$test_log_dir/${case_file}.txt\" >>${failed_case_file}"
else
flock -x "$lock_file" -c "echo -e \"${hosts[index]} ret:${ret} ${line}\n log file: ${case_log_file}\" >>${failed_case_file}"

Copilot AI Dec 16, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The value of line read from the task file is interpolated directly into the shell snippet passed to flock -c (echo -e "... ${line} ..."), so any shell metacharacters, $() or backticks in the task file will be executed on the local host when a test fails. In this repository tdgpt_cases.task is provided by the repo and used in the GitHub Actions workflow, so a malicious PR author can gain code execution on the self‑hosted runner by embedding shell syntax in a task line that triggers the ret != 0 branch. To fix this, avoid passing untrusted task text into -c strings (write logs using the current shell without -c, or ensure the message is safely escaped/printf’d so it cannot be interpreted as shell code).

Suggested change
flock -x "$lock_file" -c "echo -e \"${hosts[index]} ret:${ret} ${line}\n ${web_server}/$test_log_dir/${case_file}.txt\" >>${failed_case_file}"
else
flock -x "$lock_file" -c "echo -e \"${hosts[index]} ret:${ret} ${line}\n log file: ${case_log_file}\" >>${failed_case_file}"
{
flock -x "$lock_file"
printf "%s ret:%s %s\n %s/%s/%s.txt\n" "${hosts[index]}" "$ret" "$line" "$web_server" "$test_log_dir" "$case_file" >>"${failed_case_file}"
}
else
{
flock -x "$lock_file"
printf "%s ret:%s %s\n log file: %s\n" "${hosts[index]}" "$ret" "$line" "$case_log_file" >>"${failed_case_file}"
}

Copilot uses AI. Check for mistakes.
if ! is_local_host "${hosts[index]}"; then
$cmd >>"$case_log_file" 2>&1
else
bash -c "$cmd" >>"$case_log_file" 2>&1

Copilot AI Dec 16, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

case_cmd from the task file is embedded into cmd and then executed either as $cmd or via bash -c "$cmd", relying only on surrounding quotes for safety; if a task’s caseCommand contains quotes or shell metacharacters (e.g. "; curl ... | bash;"), it can break out of the intended argument and execute arbitrary commands on the CI host before run_container.sh is invoked. Because tdgpt_cases.task is under version control and used in .github/workflows/tdgpt-test.yml, an attacker can craft a malicious task line in a PR to achieve remote code execution on the self‑hosted runner. This should be hardened by treating the remote invocation as an argument vector (no bash -c on a constructed string) and ensuring the -c payload is passed as a single argument without further shell interpretation of task‑controlled data.

Suggested change
bash -c "$cmd" >>"$case_log_file" 2>&1
read -ra cmd_array <<< "$cmd"
"${cmd_array[@]}" >>"$case_log_file" 2>&1

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants