Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relax compartment map validation for new, non-behavioral properties #2671

Open
kriskowal opened this issue Dec 26, 2024 · 0 comments
Open

Relax compartment map validation for new, non-behavioral properties #2671

kriskowal opened this issue Dec 26, 2024 · 0 comments
Assignees
@kriskowal
Labels
enhancement New feature or request

Comments

@kriskowal
Copy link
Member

What is the Problem Being Solved?

We cannot currently (2024) add new properties to a compartment map because the compartment map validator does not tolerate any unknown properties. This is a deliberate conservative policy to protect the Agoric blockchain from attacks where the behavior of a contract (an application that has been archived with Endo’s compartment mapper) might vary depending on the version of the contract runtime depending on the presence or absence of a property.

We intend to relax this policy, such that the runtime tolerates any new properties that begin with an underscore, like _sourceSha512 or _sourceDirname. These example properties in particular will allow us to improve the debugging experience, generating better //# sourceMapURL or //# sourceURL comments in the runtime to better converge with source files in a developer IDE.

Any other property addition would require version negotiation to ensure the runtime can effect the intended behavior. For these, we would likely introduce a simple monotonically increasing number version non-optional property.

Description of the Design

We can pre-process compartment maps to omit any properties with the underscore prefix before passing it to either the checker or runtime. This design has the virtue of ensuring that the tolerated properties have no impact on behavior. Some care may be needed to avoid degrading the performance of the initial JSON parse or creation of intermediate object garbage.

Security Considerations

Described above.

Scaling Considerations

Should not impact scale, except insofar as that the runtime might gradually expand to cover all or a range of previous versions.

Test Plan

Cover runtime behavior and validation of compartment maps with or without unknown properties.

Compatibility Considerations

Described above.

Upgrade Considerations

The limitation on new properties will continue after the implementation of this feature until all Agoric blockchains have been upgraded to include this change.
@kriskowal kriskowal added the enhancement New feature or request label Dec 26, 2024
@kriskowal kriskowal self-assigned this Dec 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kriskowal kriskowal

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kriskowal