Is the local Python executor guarded against endless loops? #1476

mramendi · 2025-06-24T01:01:58Z

mramendi
Jun 24, 2025

Hello,

We all know models can halucinate weirdly when generating code, and the idea behind https://github.com/huggingface/smolagents/blob/main/src/smolagents/local_python_executor.py is to sandbox that code so it does not do anything dangerous.

However, it seems to me, as far as I could understand the code, that a simple while True: loop would not be caught. There does not seem to be a timeout, resource hogging limit, or anything like that.

Am I misreading this or is this a real area for improvement?

albertvillanova · 2025-06-24T04:55:13Z

albertvillanova
Jun 24, 2025
Maintainer

Hi @mramendi, thanks for raising this!

You're absolutely right that generated code can behave unpredictably, and sandboxing is a key part of mitigating potential risks.

Regarding your specific concern about infinite loops like while True:, it's a valid point, but we do have safeguards in place for that. In particular, the executor enforces a hard limit on the number of iterations for while loops via the constant MAX_WHILE_ITERATIONS = 1_000_000. This means that even an infinite loop like while True: will be forcibly stopped once that threshold is reached.

smolagents/src/smolagents/local_python_executor.py

Lines 386 to 405 in 19eec13

    
           def evaluate_while( 
        
               while_loop: ast.While, 
        
               state: dict[str, Any], 
        
               static_tools: dict[str, Callable], 
        
               custom_tools: dict[str, Callable], 
        
               authorized_imports: list[str], 
        
           ) -> None: 
        
               iterations = 0 
        
               while evaluate_ast(while_loop.test, state, static_tools, custom_tools, authorized_imports): 
        
                   for node in while_loop.body: 
        
                       try: 
        
                           evaluate_ast(node, state, static_tools, custom_tools, authorized_imports) 
        
                       except BreakException: 
        
                           return None 
        
                       except ContinueException: 
        
                           break 
        
                   iterations += 1 
        
                   if iterations > MAX_WHILE_ITERATIONS: 
        
                       raise InterpreterError(f"Maximum number of {MAX_WHILE_ITERATIONS} iterations in While loop exceeded") 
        
               return None

Additionally, there's a broader cap on the total number of allowed operations (MAX_OPERATIONS = 10_000_000) to prevent excessive resource usage.

That said, these are heuristic-based limits and not a substitute for a full resource-isolated execution environment (like using Docker or E2B), so there's always room for improvement. We're continuously exploring ways to make the sandbox more robust.

Thanks again for your careful reading of the code and for pointing this out!

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Is the local Python executor guarded against endless loops? #1476

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Is the local Python executor guarded against endless loops? #1476

Uh oh!

mramendi Jun 24, 2025

Replies: 1 comment

Uh oh!

albertvillanova Jun 24, 2025 Maintainer

mramendi
Jun 24, 2025

albertvillanova
Jun 24, 2025
Maintainer