fix(tool): prevent pipe buffer deadlock in ShellCommandTool (agentscope-ai#619)

fang-tech · Alexxigang · commit d792df5843e1 · 2026-01-26T00:21:13.000+08:00
## AgentScope-Java Version [The version of AgentScope-Java you are working on, e.g. 1.0.7, check your pom.xml dependency version or run `mvn dependency:tree | grep agentscope-parent:pom`(only mac/linux)] ## Description - Fixed deadlock issue when executing commands with large output (>4-64KB) - Implemented asynchronous stream reading using CompletableFuture to prevent pipe buffer from filling up and blocking child process - Added getOutputWithTimeout() helper method for safe retrieval of async stream reader results with proper timeout and error handling - All existing tests pass without regression close agentscope-ai#617 ## Checklist Please check the following items before code is ready to be reviewed. - [x] Code has been formatted with `mvn spotless:apply` - [x] All tests are passing (`mvn test`) - [x] Javadoc comments are complete and follow project conventions - [x] Related documentation has been updated (e.g. links, examples, etc.) - [x] Code is ready for review
diff --git a/agentscope-core/src/main/java/io/agentscope/core/tool/coding/ShellCommandTool.java b/agentscope-core/src/main/java/io/agentscope/core/tool/coding/ShellCommandTool.java
@@ -21,6 +21,7 @@
 import io.agentscope.core.tool.ToolCallParam;
 import java.io.BufferedReader;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
 import java.time.Duration;
@@ -29,9 +30,16 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.concurrent.Callable;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.ThreadFactory;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
+import java.util.concurrent.atomic.AtomicInteger;
 import java.util.function.Function;
 import java.util.stream.Collectors;
 import org.slf4j.Logger;
@@ -58,6 +66,28 @@ public class ShellCommandTool implements AgentTool {
     private static final Logger logger = LoggerFactory.getLogger(ShellCommandTool.class);
     private static final int DEFAULT_TIMEOUT = 300;
 
+    /**
+     * Shared thread pool for asynchronous stream reading.
+     * Uses cached thread pool for dynamic scaling with 60s idle timeout.
+     * Daemon threads ensure they don't prevent JVM shutdown.
+     */
+    private static final ExecutorService STREAM_READER_POOL =
+            Executors.newCachedThreadPool(
+                    new ThreadFactory() {
+                        private final AtomicInteger counter = new AtomicInteger(0);
+
+                        @Override
+                        public Thread newThread(Runnable r) {
+                            Thread t =
+                                    new Thread(
+                                            r,
+                                            "ShellCommand-StreamReader-"
+                                                    + counter.incrementAndGet());
+                            t.setDaemon(true); // Daemon thread won't prevent JVM shutdown
+                            return t;
+                        }
+                    });
+
     private final Set<String> allowedCommands;
     private final Function<String, Boolean> approvalCallback;
     private final CommandValidator commandValidator;
@@ -337,13 +367,31 @@ private ToolResultBlock executeCommand(String command, int timeoutSeconds) {
         }
 
         Process process = null;
+        Future<String> stdoutFuture = null;
+        Future<String> stderrFuture = null;
+
         try {
             long startTime = System.currentTimeMillis();
             logger.debug("Starting command execution: {}", command);
 
             // Start the process
             process = processBuilder.start();
 
+            // CRITICAL FIX: Start asynchronous stream readers immediately to prevent pipe buffer
+            // deadlock
+            // When a child process writes more data than the pipe buffer can hold (typically
+            // 4-64KB),
+            // it will block waiting for the parent process to read the data. If the parent is
+            // blocked
+            // in waitFor(), this creates a deadlock. By reading streams asynchronously in
+            // background
+            // threads from the thread pool, we ensure the pipe buffers are continuously drained,
+            // preventing the deadlock.
+            stdoutFuture =
+                    STREAM_READER_POOL.submit(new StreamReader(process.getInputStream(), "stdout"));
+            stderrFuture =
+                    STREAM_READER_POOL.submit(new StreamReader(process.getErrorStream(), "stderr"));
+
             // Wait for the process to complete with timeout
             logger.debug("Waiting for process with timeout: {} seconds", timeoutSeconds);
             boolean completed = process.waitFor(timeoutSeconds, TimeUnit.SECONDS);
@@ -359,13 +407,13 @@ private ToolResultBlock executeCommand(String command, int timeoutSeconds) {
                         timeoutSeconds,
                         waitElapsed);
 
-                // Try to capture partial output before terminating
-                String stdout = readStream(process.getInputStream());
-                String stderr = readStream(process.getErrorStream());
-
                 // Terminate the process
                 process.destroyForcibly();
 
+                // Get partial output from async readers with short timeout
+                String stdout = getOutputWithTimeout(stdoutFuture, 1, TimeUnit.SECONDS);
+                String stderr = getOutputWithTimeout(stderrFuture, 1, TimeUnit.SECONDS);
+
                 String timeoutMessage =
                         String.format(
                                 "TimeoutError: The command execution exceeded the timeout of %d"
@@ -384,8 +432,11 @@ private ToolResultBlock executeCommand(String command, int timeoutSeconds) {
 
             // Process completed normally
             int returnCode = process.exitValue();
-            String stdout = readStream(process.getInputStream());
-            String stderr = readStream(process.getErrorStream());
+
+            // Get complete output from async readers
+            // Process has finished, so readers should complete quickly
+            String stdout = getOutputWithTimeout(stdoutFuture, 5, TimeUnit.SECONDS);
+            String stderr = getOutputWithTimeout(stderrFuture, 5, TimeUnit.SECONDS);
 
             logger.debug("Command '{}' completed with return code: {}", command, returnCode);
 
@@ -411,37 +462,40 @@ private ToolResultBlock executeCommand(String command, int timeoutSeconds) {
             // Clean up process resources
             if (process != null && process.isAlive()) {
                 // Destroy the process if still alive
-                // Note: Streams are already closed by try-with-resources in readStream()
+                // Note: Streams are already closed by try-with-resources in StreamReader
                 process.destroyForcibly();
             }
         }
     }
 
     /**
-     * Read all content from an input stream.
+     * Get output from a Future with timeout.
      *
-     * @param inputStream The input stream to read from
-     * @return The content as a string
+     * <p>This helper method safely retrieves the output from an asynchronous stream reader,
+     * with proper timeout and error handling. If the future times out or fails, it will be
+     * cancelled and an empty string will be returned.
+     *
+     * @param future The Future containing the output string
+     * @param timeout The timeout value
+     * @param unit The timeout unit
+     * @return The output string, or empty string if timeout or error occurs
      */
-    private String readStream(java.io.InputStream inputStream) {
-        if (inputStream == null) {
+    private String getOutputWithTimeout(Future<String> future, long timeout, TimeUnit unit) {
+        try {
+            return future.get(timeout, unit);
+        } catch (TimeoutException e) {
+            logger.warn("Timeout waiting for stream reader to complete");
+            future.cancel(true); // Cancel the task
+            return "";
+        } catch (InterruptedException e) {
+            Thread.currentThread().interrupt();
+            logger.warn("Interrupted while waiting for stream reader");
+            future.cancel(true); // Cancel the task
+            return "";
+        } catch (ExecutionException e) {
+            logger.error("Error in stream reader: {}", e.getCause().getMessage(), e.getCause());
             return "";
         }
-
-        StringBuilder output = new StringBuilder();
-        try (BufferedReader reader =
-                new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8))) {
-            String line;
-            while ((line = reader.readLine()) != null) {
-                if (output.length() > 0) {
-                    output.append("\n");
-                }
-                output.append(line);
-            }
-        } catch (IOException e) {
-            logger.error("Error reading stream: {}", e.getMessage(), e);
-        }
-        return output.toString();
     }
 
     /**
@@ -491,4 +545,44 @@ private boolean requestUserApproval(String command) {
             return false;
         }
     }
+
+    /**
+     * Callable task for reading process output streams asynchronously.
+     * This prevents pipe buffer deadlock by continuously draining stdout/stderr.
+     */
+    private static class StreamReader implements Callable<String> {
+        private final InputStream inputStream;
+        private final String streamType;
+
+        StreamReader(InputStream inputStream, String streamType) {
+            this.inputStream = inputStream;
+            this.streamType = streamType;
+        }
+
+        @Override
+        public String call() throws Exception {
+            if (inputStream == null) {
+                return "";
+            }
+
+            logger.debug("StreamReader [{}] started", streamType);
+            StringBuilder output = new StringBuilder();
+            try (BufferedReader reader =
+                    new BufferedReader(
+                            new InputStreamReader(inputStream, StandardCharsets.UTF_8))) {
+                String line;
+                while ((line = reader.readLine()) != null) {
+                    if (output.length() > 0) {
+                        output.append("\n");
+                    }
+                    output.append(line);
+                }
+            } catch (IOException e) {
+                logger.error("Error reading {} stream: {}", streamType, e.getMessage(), e);
+                throw e;
+            }
+            logger.debug("StreamReader [{}] completed, read {} bytes", streamType, output.length());
+            return output.toString();
+        }
+    }
 }
diff --git a/agentscope-core/src/test/java/io/agentscope/core/tool/coding/ShellCommandToolTest.java b/agentscope-core/src/test/java/io/agentscope/core/tool/coding/ShellCommandToolTest.java
@@ -780,4 +780,152 @@ void testConcurrentDescriptionGeneration() throws InterruptedException {
             assertEquals(threadCount, successCount.get());
         }
     }
+
+    @Nested
+    @DisplayName("Buffer Deadlock Fix Tests (Issue #617)")
+    class BufferDeadlockTests {
+
+        @Test
+        @DisplayName("Should handle large output without deadlock using seq command")
+        @EnabledOnOs({OS.LINUX, OS.MAC})
+        void reproducePipeBufferDeadlockWithSeq() {
+            // Generate ~8KB output using seq command, which exceeds typical pipe buffer
+            // (4-8KB)
+            // This command completes in milliseconds with the fix (Apache Commons Exec's
+            // PumpStreamHandler)
+            String command = "seq 1 20000"; // Approximately 8000 bytes
+
+            // Set a reasonable timeout - should complete quickly now
+            Mono<ToolResultBlock> result = tool.executeShellCommand(command, 60);
+
+            StepVerifier.create(result)
+                    .assertNext(
+                            block -> {
+                                String text = extractText(block);
+                                // Expected: Should complete successfully without timeout
+                                // The fix uses PumpStreamHandler to consume output in separate
+                                // threads
+                                assertFalse(
+                                        text.contains("TimeoutError"),
+                                        "Should not timeout with Apache Commons Exec fix, but got: "
+                                                + text);
+                                assertTrue(
+                                        text.contains("<returncode>0</returncode>"),
+                                        "Expected successful execution");
+                                assertTrue(
+                                        text.contains("20000"),
+                                        "Expected output to contain the last number");
+                            })
+                    .verifyComplete();
+        }
+
+        @Test
+        @DisplayName("Should handle large file cat without deadlock")
+        @EnabledOnOs({OS.LINUX, OS.MAC})
+        void reproduceLargeFileCatDeadlock() throws Exception {
+            // Create a temporary large file
+            java.nio.file.Path tempFile = java.nio.file.Files.createTempFile("test_large_", ".txt");
+            try {
+                // Write 20KB of data (far exceeds typical pipe buffer size)
+                StringBuilder content = new StringBuilder();
+                for (int i = 0; i < 2000; i++) {
+                    content.append("Line ")
+                            .append(i)
+                            .append(": ")
+                            .append("Some test content to fill the buffer\n");
+                }
+                java.nio.file.Files.writeString(tempFile, content.toString());
+
+                String command = "cat " + tempFile.toString();
+
+                // Set a reasonable timeout - should complete quickly with the fix
+                Mono<ToolResultBlock> result = tool.executeShellCommand(command, 10);
+
+                StepVerifier.create(result)
+                        .assertNext(
+                                block -> {
+                                    String text = extractText(block);
+                                    // Expected: Should complete successfully and return the file
+                                    // content
+                                    assertFalse(
+                                            text.contains("TimeoutError"),
+                                            "Should not timeout with Apache Commons Exec fix, but"
+                                                    + " got: "
+                                                    + text);
+                                    assertTrue(
+                                            text.contains("<returncode>0</returncode>"),
+                                            "Expected successful execution");
+                                    assertTrue(
+                                            text.contains("Line 1999"),
+                                            "Expected output to contain last line");
+                                })
+                        .verifyComplete();
+            } finally {
+                java.nio.file.Files.deleteIfExists(tempFile);
+            }
+        }
+
+        @Test
+        @DisplayName("Should handle pre-created large test file without deadlock")
+        @EnabledOnOs({OS.LINUX, OS.MAC})
+        void reproduceLargeFileCatDeadlockWithTestResource() {
+            // Use the pre-created test resource file (20KB)
+            String resourcePath =
+                    getClass().getClassLoader().getResource("large_output_test.txt").getPath();
+            String command = "cat " + resourcePath;
+
+            // Set a reasonable timeout - should complete quickly with the fix
+            Mono<ToolResultBlock> result = tool.executeShellCommand(command, 10);
+
+            StepVerifier.create(result)
+                    .assertNext(
+                            block -> {
+                                String text = extractText(block);
+                                // Expected: Should complete successfully and return the file
+                                // content
+                                assertFalse(
+                                        text.contains("TimeoutError"),
+                                        "Should not timeout with Apache Commons Exec fix, but got: "
+                                                + text);
+                                assertTrue(
+                                        text.contains("<returncode>0</returncode>"),
+                                        "Expected successful execution");
+                                assertTrue(
+                                        text.contains("This is test content"),
+                                        "Expected output to contain file content");
+                            })
+                    .verifyComplete();
+        }
+
+        @Test
+        @DisplayName("Should handle yes command piped to head without deadlock")
+        @EnabledOnOs({OS.LINUX, OS.MAC})
+        void reproducePipeBufferDeadlockWithYesCommand() {
+            // Generate large output using yes command
+            // This produces continuous output that will definitely fill the buffer
+            String command = "yes 'This is a test line with some content' | head -n 1000";
+
+            // Set a reasonable timeout - should complete quickly with the fix
+            Mono<ToolResultBlock> result = tool.executeShellCommand(command, 10);
+
+            StepVerifier.create(result)
+                    .assertNext(
+                            block -> {
+                                String text = extractText(block);
+                                // Expected: Should complete successfully without timeout
+                                // PumpStreamHandler consumes output in separate threads
+                                assertFalse(
+                                        text.contains("TimeoutError"),
+                                        "Should not timeout with Apache Commons Exec fix, but got: "
+                                                + text);
+                                assertTrue(
+                                        text.contains("<returncode>0</returncode>"),
+                                        "Expected successful execution");
+                                assertTrue(
+                                        text.contains("This is a test line"),
+                                        "Expected output to contain the repeated line");
+                            })
+                    .verifyComplete();
+        }
+    }
 }
diff --git a/agentscope-core/src/test/resources/large_output_test.txt b/agentscope-core/src/test/resources/large_output_test.txt
