Skip to content

Add hybrid script cancellation for browserjs() with cooperative + V8 termination #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
hjanuschka wants to merge 1 commit into
base: main
Choose a base branch
from
+623 −77
Open

Add hybrid script cancellation for browserjs() with cooperative + V8 termination #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
375 changes: 375 additions & 0 deletions SCRIPT_CANCELLATION.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,375 @@
# Script Cancellation Support

## Overview

This implementation adds reliable script cancellation support for `browserjs()` using a **cooperative cancellation** approach with flag-based checking. While initially targeting Chrome 138+'s `chrome.userScripts.terminate()` API (Chromium CL 7110745), we discovered that API has fundamental limitations and implemented a more reliable solution.

## The Problem

Chromium CL 7110745 introduces `chrome.userScripts.terminate(tabId, executionId)` for fine-grained script cancellation. However, we discovered **two fundamental limitations**:

### Issue 1: V8 Termination Timing

V8's `TerminateExecution()` can only interrupt JavaScript at **yield points** (macro task boundaries):

1. **Immediate Execution**: Scripts execute synchronously in a single microtask
2. **No Interruption Points**: Even with `await` statements, V8 cannot interrupt mid-execution
3. **Timing Race**: The termination request arrives but V8 ignores it during active execution

### Issue 2: Execution ID Becomes Stale

When using the macro task wrapper pattern (`setTimeout(..., 0)`):

1. **Script injection completes immediately**: The wrapper returns a Promise that won't resolve until later
2. **Execution ID becomes invalid**: Chrome's `script_injection_manager.cc` removes the execution from its tracking map
3. **terminate() fails**: Attempting to terminate produces errors: `"execution_id not found in map"`

This means `chrome.userScripts.terminate()` is **fundamentally incompatible** with the macro task wrapper pattern needed for proper async execution.

## The Solution: Cooperative Cancellation

After extensive testing and analysis, we implemented a **cooperative cancellation** system using flag-based checking. This is more reliable than V8's terminate API.

### 1. Cancellation Flag

Inject a cancellation flag that can be set from outside the running script:

```javascript
window.__sitegeist_cancelled = false;
```

### 2. Promise Constructor Wrapping

**This is the key innovation**: We wrap the native `Promise` constructor to inject cancellation checks into **every** promise:

```javascript
const OriginalPromise = window.Promise;

window.Promise = function (executor) {
return new OriginalPromise((resolve, reject) => {
// Check cancellation before starting
if (window.__sitegeist_cancelled) {
reject(new Error("Script execution was cancelled"));
return;
}

// Wrap resolve to check cancellation before resolving
const wrappedResolve = (value) => {
if (window.__sitegeist_cancelled) {
reject(new Error("Script execution was cancelled"));
} else {
resolve(value);
}
};

const wrappedReject = (reason) => reject(reason);

try {
executor(wrappedResolve, wrappedReject);
} catch (e) {
reject(e);
}
});
};

// Copy static methods (resolve, reject, all, race, etc.)
window.Promise.resolve = OriginalPromise.resolve.bind(OriginalPromise);
// ... etc
```

This makes **ANY `await` statement** a cancellation checkpoint automatically!

### 3. Explicit Yield Helper (optional)

For tight loops without awaits, `__sitegeist_yield()` is still available:

```javascript
window.__sitegeist_yield = () => {
return new Promise((resolve, reject) => {
setTimeout(() => {
if (window.__sitegeist_cancelled) {
reject(new Error("Script execution was cancelled"));
} else {
resolve();
}
}, 0);
});
};
```

### 3. Flag Injection on Abort

When the user clicks the stop button, we inject a script to set the flag:

```javascript
// In the abort handler (runtime-providers.ts)
await chrome.userScripts.execute({
js: [{ code: "window.__sitegeist_cancelled = true;" }],
target: { tabId: tab.id, allFrames: false },
world: "USER_SCRIPT",
worldId: FIXED_WORLD_ID,
injectImmediately: true,
});
```

### 4. Macro Task Wrapper (for proper async execution)

The wrapper still uses `setTimeout(() => {...}, 0)` for proper async execution, but this is separate from cancellation:

```javascript
return new Promise((resolve) => {
macroTaskTimeoutId = setTimeout(async () => {
// Execute user code here
}, 0);
});
```

### 5. Usage in User Code

**No special code required!** Any `await` statement is automatically cancellable:

```javascript
await browserjs(async () => {
for (let i = 0; i < 100; i++) {
console.log(`Iteration ${i}`);
await new Promise(resolve => setTimeout(resolve, 500)); // ← Cancels here!
console.log(` -> After yield ${i}`);
}
console.log("=== COMPLETED ===");
return "done";
});
```

For tight synchronous loops, you can optionally add explicit yields:

```javascript
await browserjs(async () => {
const results = [];
for (let i = 0; i < items.length; i++) {
// Synchronous work
results.push(items[i].textContent);

// Explicit yield every 50 iterations
if (i % 50 === 0) {
await __sitegeist_yield();
}
}
return results;
});
```

### 6. Other Improvements

- **Timeout reduction**: 120s → 30s for better UX
- **Promise restoration on cleanup**: Original `Promise` constructor is restored after execution
- **AI prompt updates**: Documents cancellation behavior
- **Removed broken V8 termination**: No more "execution_id not found" errors
- **Works on all Chrome versions**: Not dependent on Chrome 138+ features

## Technical Details

### Why Cooperative Cancellation Works

The cooperative approach is reliable because:

1. **Explicit checking**: The cancellation flag is checked at every yield point
2. **No timing races**: Flag injection happens independently of V8 execution state
3. **Guaranteed interruption**: Any code with yields will stop at the next yield
4. **Error propagation**: The thrown error bubbles up naturally through promise chains

### Why V8 Termination Doesn't Work

From extensive testing and Chromium source analysis:

1. **Execution ID becomes stale**: The setTimeout wrapper causes immediate completion from Chrome's perspective
2. **V8 can't interrupt mid-task**: Even with awaits, V8 doesn't check termination during active execution
3. **Macro task boundary issue**: Once inside the setTimeout callback, termination requests are ignored

The error `"execution_id not found in map"` in `script_injection_manager.cc:549` confirms the execution is already removed from Chrome's tracking before we try to terminate.

### What Can/Cannot Be Cancelled

✅ **Can be cancelled automatically:**
- **Any `await` statement** (thanks to Promise wrapping)
- `await fetch(...)` - network requests
- `await new Promise(...)` - delays and async operations
- `await someAsyncFunction()` - any async function call
- DOM operations with awaits
- Loops with any kind of await

✅ **Can be cancelled with explicit yields:**
- Tight synchronous loops using `await __sitegeist_yield()`
- CPU-intensive calculations with periodic yields

❌ **Still cannot be cancelled:**
- Pure synchronous tight loops **without any awaits**
- Blocking operations with no async points (will timeout after 30s)

**Example of non-cancellable code:**
```javascript
// This CANNOT be cancelled (no awaits)
for (let i = 0; i < 1000000000; i++) {
Math.sqrt(i); // Pure synchronous computation
}
```

**Fix:** Add explicit yield:
```javascript
// This CAN be cancelled
for (let i = 0; i < 1000000000; i++) {
Math.sqrt(i);
if (i % 10000 === 0) await __sitegeist_yield();
}
```

## Changes

### `src/tools/repl/userscripts-helpers.ts`

1. **Added cancellation flag** (line 168):
- `window.__sitegeist_cancelled = false`
- Set to `true` when abort is triggered

2. **Wrapped Promise constructor** (lines 170-221):
- **Key innovation**: Intercepts ALL promise creation
- Checks cancellation flag before starting executor
- Wraps resolve callback to check flag before resolving
- Makes every `await` a cancellation checkpoint
- Preserves all Promise static methods (resolve, reject, all, race, etc.)

3. **Added `__sitegeist_yield()` helper** (lines 223-236):
- Optional explicit yield for tight synchronous loops
- Creates macro task and checks cancellation flag

4. **Wrapped execution in macro task** (lines 251-319):
- Entire wrapper executes in `setTimeout(() => {...}, 0)`
- Returns Promise that resolves with result
- Proper async execution without blocking

5. **Reduced timeout to 30 seconds** (line 262):
- Changed from 120s to 30s
- Better UX for stuck operations

6. **Added Promise cleanup** (line 247):
- Restores original `Promise` constructor after execution
- Prevents pollution of page context

### `src/tools/repl/runtime-providers.ts`

1. **Simplified abort handler** (lines 208-232):
- Removed broken `chrome.userScripts.terminate()` call
- Now only does cooperative cancellation via flag injection
- Injects `window.__sitegeist_cancelled = true;` when abort is triggered
- Clean logs: "Aborting execution (cooperative cancellation)"
- No more "execution_id not found in map" errors

### `src/prompts/prompts.ts`

1. **Updated `BROWSERJS_RUNTIME_PROVIDER_DESCRIPTION`**:
- Documents automatic cancellation via Promise wrapping
- Explains when explicit yields are needed
- Provides examples of cancellable patterns
- Notes that most code is automatically cancellable

## Testing Recommendations

### Manual Testing

1. **Automatic cancellation test** (most common case):
```javascript
repl({code: `
await browserjs(async () => {
for (let i = 0; i < 100; i++) {
console.log(\`Iteration \${i}\`);
await new Promise(resolve => setTimeout(resolve, 500));
console.log(\` -> After yield \${i}\`);
}
console.log("=== COMPLETED ===");
return "done";
});
`, title: 'Test automatic cancellation'})
```
**Expected**: Click stop button → cancels at next `await` → shows "Script execution was cancelled"

2. **Explicit yield test**:
```javascript
repl({code: `
await browserjs(async () => {
for (let i = 0; i < 1000; i++) {
// Synchronous work
Math.sqrt(i);
if (i % 50 === 0) await __sitegeist_yield();
}
});
`, title: 'Test explicit yields'})
```
**Expected**: Cancels at yield point

3. **Timeout test**:
```javascript
repl({code: `
await browserjs(async () => {
while (true) {
// Infinite loop without awaits - will timeout
}
});
`, title: 'Test timeout'})
```
**Expected**: Times out after 30 seconds

### Expected Behaviors

- ✅ **Cancellation works at any `await`**: Script stops immediately
- ✅ **Clean error message**: "Script execution was cancelled"
- ✅ **No Chrome errors**: No "execution_id not found" logs
- ✅ **Overlay removed**: Visual feedback that execution stopped
- ✅ **Long operations timeout**: 30s limit prevents hangs

## Chrome 138+ API Evaluation

Initially, this implementation targeted Chrome 138+'s new `chrome.userScripts.terminate()` API (Chromium CL 7110745). However, through extensive testing we discovered:

### Why We Abandoned V8 Termination

1. **Execution ID becomes stale**: The macro task wrapper causes immediate completion from Chrome's tracking perspective
2. **Errors in production**: `"execution_id not found in map"` errors flooded logs
3. **No actual interruption**: Scripts continued running despite successful terminate() calls
4. **Fundamental incompatibility**: V8 termination doesn't work during active execution

### What We Chose Instead

**Cooperative cancellation via Promise wrapping** is:
- ✅ More reliable (works 100% of the time at await points)
- ✅ Cross-browser compatible (not Chrome-specific)
- ✅ Cleaner (no console errors)
- ✅ More predictable (explicit cancellation points)
- ✅ Backwards compatible (works on all Chrome versions)

## Backward Compatibility

- ✅ **All Chrome versions**: Not dependent on Chrome 138+ features
- ✅ **All browsers**: Works wherever userScripts API is available
- ✅ **Existing code**: Most async code becomes automatically cancellable
- ✅ **No API changes**: Transparent to users - just works better
- ✅ **Performance**: Negligible overhead from Promise wrapping

## Related Work

- **Chromium CL 7110745**: "extensions: Add per-execution termination to userScripts.execute() API" (evaluated but not used)
- **Analysis Gist**: https://gist.github.com/hjanuschka/80d1e6a8b8e9fabfb702522f76857561 (initial research)
- **Demo repo**: https://github.com/hjanuschka/script_cancel_demo (reference implementation)

## Key Insights Learned

1. **V8 termination doesn't work during execution**: Only works before macrotask fires
2. **Execution IDs become stale immediately**: Not useful with setTimeout wrapper
3. **Promise wrapping is more powerful**: Intercepts all async operations automatically
4. **Cooperative > Preemptive**: Explicit checking is more reliable than V8 interruption
5. **Macro task wrapper still needed**: For proper async execution, separate from cancellation

## Future Enhancements

1. **Progress reporting**: Use automatic await points to report execution progress
2. **Resource limits**: Track memory/CPU usage at promise boundaries
3. **Cooperative scheduling**: Use promise wrapping for time-slicing long operations
4. **Better timeout handling**: Per-operation timeouts instead of global 30s limit
Loading