[move] implement resource groups#6040
Merged
Merged
Conversation
da5f99c to
9e96b65
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
9e96b65 to
b0fd8af
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
CapCap
reviewed
Jan 2, 2023
CapCap
reviewed
Jan 2, 2023
movekevin
reviewed
Jan 4, 2023
Contributor
|
Are there more unit tests we can add to test the changeset conversions and resource group operation grouping in session? This would allow testing more edge cases than what the e2e test can cover. |
movekevin
reviewed
Jan 4, 2023
movekevin
left a comment
Contributor
There was a problem hiding this comment.
I wonder if there should be some limit on how big a resource group can get. By arbitrarily grouping resources into a resource group, especially with cross-module grouping, a resource group can get very large.
zekun000
reviewed
Jan 4, 2023
Contributor
assuming rockdsb allows reading arbitrary byte offsets of values, we could potentially change the key to be something like |
zekun000
reviewed
Jan 19, 2023
Contributor
There was a problem hiding this comment.
I guess what @msmouse wanted is to always call this and decide which access path to use?
msmouse
reviewed
Jan 19, 2023
Contributor
There was a problem hiding this comment.
Is this slow? It can damage API performance whenever non-existent resources are requested? -- it's the best if we can cache the metadata and ensure it's cached.
msmouse
approved these changes
Jan 19, 2023
msmouse
left a comment
Contributor
There was a problem hiding this comment.
Trusting you to fix the cache.
Thank you boss for making this reality.
* A resource group allows multiple resources to occupy the same slot in storage * Hides resource groups in the Move Resolver layer so that storage need not know explicitly about them * Added a new wrapper around the move resolver, so that the VM could be injected for re-use of the VM's metadata cache that includes resource groups * Tests that verify the lifetime of resource groups
* verify at compilation time that scope is correct * verify during module initialization that scope is correct
* individual resource reads just move to the move resolver, which is seamless * all account resources require expansion -- this can result in adding too more than the limit -- but resources in a group are somewhat limited in size
Oh the ways to analyze resource groups... this checks for compatible upgrades: Perform upgrade checks on resource grups only -- this doesn't validate that the contents are correct. * Acquire all relevant pieces of metadata * Verify that there are no duplicate attributes, though this should be handled upstream, so this becomes more an invariant, duplicate check. * Ensure that each member has a membership and it does not change * Ensure that each group has a scope and that it does not become more restrictive
This adds a clean path to better support around ResourceGroups on the storage side without having to retrofit the containers. From a security persepective, it means one does not have to reason about the possibility of data existing in a slot prior to resource groups.
The original approach separated upgrade compatibility from resource group intrinsics. This resulted in evaluating modules twice. Interestingly enough, this didn't reduce the code much.
namely this reproduces the checks done in the compiler
3ea4a2e to
69cb47d
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
The existing interface here is a bit of a mess: * We have an adapter that pretends we can have different types of VMs * We only really have Move and everything in this codebase knows it * There are typed parameters everywhere, so it isn't possible to seamlessly use trait objects, so everything needs to be explicit * sessions expect references, references cannot be easily moved after kicking off a session, so the SessionExt cannot house the resolver / storage
69cb47d to
dac888e
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Contributor
✅ Forge suite
|
Contributor
✅ Forge suite
|
lightmark
reviewed
Jan 23, 2023
| .collect::<Result<_>>()?; | ||
| .collect::<Result<Vec<(StructTag, Vec<u8>)>>>()?; | ||
|
|
||
| // We should be able to do an unwrap here, otherwise the above db read would fail. |
Contributor
There was a problem hiding this comment.
It seem state_view_at_version just never fail.
| struct_tag: &StructTag, | ||
| ) -> Result<Option<Vec<u8>>, VMError>; | ||
|
|
||
| fn get_any_resource( |
Contributor
There was a problem hiding this comment.
api only? not for vm, right?
| // The use of this implies that we could theoretically call unwrap with no consequences, | ||
| // but using unwrap means the code panics if someone can come up with an attack. | ||
| let common_error = PartialVMError::new(StatusCode::UNKNOWN_INVARIANT_VIOLATION_ERROR) | ||
| .finish(Location::Undefined); |
Contributor
There was a problem hiding this comment.
Location is undefined? I thought it would be in StructTag::module
Comment on lines
+221
to
+224
| let data = source_data.insert(struct_tag, data); | ||
| if data.is_some() { | ||
| return Err(common_error); | ||
| } |
| match self { | ||
| ResourceGroupScope::Global => "global", | ||
| ResourceGroupScope::Address => "address", | ||
| ResourceGroupScope::Module => "module_", |
| } | ||
| })?; | ||
|
|
||
| // Every struct contains the "dummy_field". |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The following remains incomplete: