Audit findings — executor
Scope: reliability · Severity range: Low–Low
Source: codebase audit
reliability
| Severity |
File:Line |
Symptom |
Suggested fix |
| Low |
internal/executor/executor.go:76 |
On FailFast cancel(), a goroutine scheduled-but-not-started leaves results[idx] at zero-value Result{} (ExitCode 0, no error, Cancelled: false) — indistinguishable from clean success. |
Pre-initialize each slot to Result{Target: target, Cancelled: true} before the goroutine is dispatched. |
Root cause: Cancellation is sampled at two discrete checkpoints; there is no atomic "never executed" marker for goroutines that lose the race between cancel() and their first checkpoint.
Reasoning chain: 1. FailFast calls cancel() (lines 92-93). 2. Goroutines past lines 76-81 run to completion; one not yet scheduled never writes its slot. 3. Zero-value Result{} presents as ExitCode 0 / nil error / Cancelled: false. 4. allOK callers count the slot as a successful run.
Counter-evidence considered: wg.Wait() guarantees every goroutine writes something, but only the pre-semaphore branch sets Cancelled: true; the narrow post-start/pre-write window still leaves a zero-value slot. Low probability → Low severity, but genuine.
Provenance
Filed by workflow-audit-emit-issues from an in-session codebase audit.
Re-running re-files — check for duplicates before confirming.
Audit findings — executor
reliability
internal/executor/executor.go:76FailFastcancel(), a goroutine scheduled-but-not-started leavesresults[idx]at zero-valueResult{}(ExitCode 0, no error,Cancelled: false) — indistinguishable from clean success.Result{Target: target, Cancelled: true}before the goroutine is dispatched.Root cause: Cancellation is sampled at two discrete checkpoints; there is no atomic "never executed" marker for goroutines that lose the race between
cancel()and their first checkpoint.Reasoning chain: 1.
FailFastcallscancel()(lines 92-93). 2. Goroutines past lines 76-81 run to completion; one not yet scheduled never writes its slot. 3. Zero-valueResult{}presents as ExitCode 0 / nil error /Cancelled: false. 4.allOKcallers count the slot as a successful run.Counter-evidence considered:
wg.Wait()guarantees every goroutine writes something, but only the pre-semaphore branch setsCancelled: true; the narrow post-start/pre-write window still leaves a zero-value slot. Low probability → Low severity, but genuine.Provenance
Filed by
workflow-audit-emit-issuesfrom an in-session codebase audit.Re-running re-files — check for duplicates before confirming.