refactor: prepare for use of non-trapping integrity trait #10795
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Deploying agoric-sdk with
|
| Latest commit: |
4d00b72
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://7372ea51.agoric-sdk.pages.dev |
| Branch Preview URL: | https://markm-prepare-for-non-trappi.agoric-sdk.pages.dev |
This was referenced Jan 4, 2025
9 tasks
mhofman
reviewed
Jan 5, 2025
There was a problem hiding this comment.
This made me realize a broader upgrade hazard which I've described in endojs/endo#2675 (review)
There was a problem hiding this comment.
The change in this file points to a potential future upgrade hazard. It means we cannot simply use the currently deployed code and re-run its transcript on top of a lockdown + liveslots (or an XS engine) that introduces non-trapping behavior. Such a "replay" is one of the option we're still keeping under consideration, especially for the bootstrap vat which cannot be upgraded.
erights
force-pushed
the
markm-prepare-for-non-trapping
branch
from
458c2f6 to
f43c9e5
Compare
erights
force-pushed
the
markm-prepare-for-non-trapping
branch
from
f43c9e5 to
4d00b72
Compare
erights
added a commit
that referenced
this pull request
Jan 6, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
closes: #XXXX
refs: endojs/endo#2679
Description
Does for agoric-sdk what endojs/endo#2679 does for endo
Prepare for anticipated introduction and use of the non-trapping integrity trait as explained at https://github.com/endojs/endo/blob/b12eb434b6672f0ceae41be55aac7f24c4562b7b/packages/ses/docs/preparing-for-stabilize.md
These preparations must work now, before these traits are introduced, and should continue to work after these traits are introduced and used.
Security Considerations
Some things that had been deeply frozen automatically by
hardenare now manually frozen by explicit calls tofreeze. We need to review these carefully to ensure that nothing has inadvertently be left unfrozen as a result of the changes in this PR.Some proxies will become unhardenable, but they will still be hardenable as of now, so mistaken hardenings will not be detected.
Scaling Considerations
For this PR by itself, none. Using the shim-based implementation of the non-trapping trait will have scaling consequences: endojs/endo#2675
Documentation Considerations
https://github.com/endojs/endo/blob/b12eb434b6672f0ceae41be55aac7f24c4562b7b/packages/ses/docs/preparing-for-stabilize.md will need to be reflected in developer docs.
Testing Considerations
Since this PR by itself should be a pure refactor with no observable changes, there is nothing to test at this stage. The testing burden will come with #10796 to see how adequate these preparations were.
Compatibility Considerations
The point. This changes to coding patterns that should be compat both with the current status quo and with #10796
Upgrade Considerations
As a pure refactor, none.