Optimize environment variable slice allocation in ExecuteHandler

[acsoto]

Pre-allocate the slice capacity when merging environment variables in ExecuteHandler.

Previously, append was used on the result of os.Environ(), which could trigger multiple allocations as the slice grew. Since we know the final size (len(os.Environ()) + len(req.Env)), pre-allocating the capacity avoids these unnecessary allocations and copy operations.

[volcano-sh-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign yaozengzeng for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• pkg/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gemini-code-assist]

Summary of Changes

Hello @acsoto, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the performance of the environment variable handling within the ExecuteHandler function. By strategically pre-allocating memory for the environment variable slice, the change significantly reduces the overhead associated with dynamic slice growth, leading to more efficient resource utilization during command execution.

Highlights

• Performance Optimization: The currentEnv slice in the ExecuteHandler function is now pre-allocated to its exact required size, preventing multiple intermediate slice reallocations and data copying.
• Resource Efficiency: This change leads to improved CPU time and memory usage during command execution, specifically a ~21.8% reduction in memory bytes allocated and a slight decrease in CPU operations.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a good performance optimization by pre-allocating the slice for environment variables in the ExecuteHandler. This effectively avoids repeated slice reallocations, leading to reduced memory usage and CPU time as demonstrated by the benchmark results. The change is correct and well-contained. I've added one minor suggestion to make the implementation slightly more idiomatic, but the current approach is also valid.

[Copilot]

Pull request overview

This PR optimizes memory allocation in the ExecuteHandler function by pre-allocating the environment variable slice with the exact required capacity before appending values, reducing memory reallocations during command execution.

Changes:

• Pre-allocate currentEnv slice with capacity len(environ) + len(req.Env) to avoid dynamic growth
• Store os.Environ() result in intermediate variable environ before creating the slice
• Reduce memory allocations and copying during environment variable setup

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 35.82%. Comparing base (845b798) to head (7038877).
⚠️ Report is 23 commits behind head on main.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #179      +/-   ##
==========================================
+ Coverage   35.60%   35.82%   +0.21%     
==========================================
  Files          29       29              
  Lines        2533     2551      +18     
==========================================
+ Hits          902      914      +12     
- Misses       1505     1511       +6     
  Partials      126      126              

Flag	Coverage Δ
unittests	35.82% <100.00%> (+0.21%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[hzxuzhonghu]

I want to know why do we pass os env to the exec cmd. This may expose os settings to malicious code

[acsoto]

Thanks for the valid security concern.

Currently, picod inherits the host environment (os.Environ()) by design to ensure the availability of the underlying toolchain like Python (e.g., PATH, HOME, LANG), as picod acts as an arbitrary command executor.

We should sanitize the environment (e.g., using a whitelist for PATH and other essentials) to prevent secret leakage.

[acsoto]

Replying to @hzxuzhonghu:

You are right about the security risk.

However, simply removing os.Environ() would be a breaking change.

1. exec.Command finds the binary using the host PATH, so Python starts.
2. BUT, the child process would have an empty PATH. If the user's script calls subprocess.run(["ls"]) or os.system(...), it would fail because the child cannot find any system binaries.
3. It also causes issues with LANG (encoding) and HOME (config files).

So we cannot just drop the environment. The proper fix is to implement an allowlist (e.g., PATH, HOME, LANG) instead of passing everything.

Since this PR is strictly for performance optimization, I suggest we merge this to fix the memory allocation issue first. I have opened a separate issue #183 to implement the environment allowlist/sanitization to address the security concern properly.