security: should non-terminating (non-deterministic) code be caught and reported?

[odeke-em]

While thinking through the expectations and guarantees of Gno, I was thinking about what the VM’s runtime should do and expect then wrote this bit of code https://play.gno.land/p/O4oI9CuhyOv

package hello

func main() {
  for {}
  println("hello world")
}

in which that for loop will never terminate. Gno says it is a fully deterministic variation of the Go programming language but it is also a smart contracting platform. Code that somehow sneaks into a dependency and could run forever would not allow determinism and could consume infinite gas.

Should non-terminating code be detected or according ran against a maximum gas meter?

Kindly cc-ing @moul @petar-dambovaliev @jaekwon

[petar-dambovaliev]

The illustrated code is entirely deterministic. The problem is that the program will never terminate. These are two separate things. Code analysis can't solve this problem. This is a fundamental unsolvable problem in computer science called the halting problem. This problem is solved through gas consumption.

[notJoon]

I agree with @petar-dambovaliev.

Simple infinite loops like in the example can be detected through static analysis. However, when complex conditionals or recursive functions are involved, it is impossible to determine at compile time whether a program will terminate or not.

Even if code enters an infinite loop, execution will eventually be halted due to the out of gas, so it seems sufficient without adding analysis functionality.