-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor swingset source code to match runtime artifacts #4502
Comments
here's my current plan:
|
That all seems rational. The one thing that looks weirdly non-orthogonal is moving liveSlots stuff to its own directory but leaving devSlots in kernel. Not that there's really that much in devSlots to justify a separate directory, but the non-parallel structure tugs at my OCD. (And I can imagine devSlots growing. Say, if we add some flavor of promise support to devices). |
Hm, yeah, that's kinda weird, but I think it lines up. The important distinction is what bundle each file gets included in: xsnap workers do both The really weird part is that the kernel actually uses a copy of liveslots for |
Part one of the big reorg: move files around, but don't change any contents. refs #4502
Part two of the big reorg: modify imports to point at the updated paths, but do not move any files around. refs #4502
Part one of the big reorg: move files around, but don't change any contents. refs #4502
Part two of the big reorg: modify imports to point at the updated paths, but do not move any files around. refs #4502
Part one of the big reorg: move files around, but don't change any contents. refs #4502
Part two of the big reorg: modify imports to point at the updated paths, but do not move any files around. refs #4502
Part one of the big reorg: move files around, but don't change any contents. Main directories now correspond to the bundles that are created and/or the environments into which they are loaded * everything in `src/kernel/` goes into the kernel bundle and loaded into the kernel Compartment * everything in `src/liveslots/` goes into the liveslots bundle * `src/supervisors/` contains one directory per worker type, whose contents get loaded into the corresponding supervisor bundle and loaded into a child process or Node.js worker thread * `src/vats/` contains one directory per built-in vat * `src/devices/` contains one directory per built-in device All code is free to import from `src/lib/` and from other `@agoric/*` packages within the agoric-sdk monorepo, under the assumption that they match our general style: all modules are pure, none import platform builtins, none import third-party packages (which might violate the other rules). `src/controller/` builds the controller, which is imported by the host application into the start compartment. All imports of platform builtins are under `src/lib-nodejs/` (or, for now, `src/controller/`), and hopefully this will help us improve ocap discipline over time by making the primary "build a swingset" API take a batch of powers instead of importing the platform builtins by itself. refs #4502
Part two of the big reorg: modify imports to point at the updated paths, but do not move any files around. refs #4502
What is the Problem Being Solved?
It's not particularly obvious how the swingset source code maps to the various Compartments and bundles and workers that get used at runtime. We've mused about a better layout, but now I wanted to write up a proposal and implement it.
Swingset is a library, meant to be imported into a host application, which interacts with a "controller". The library consists of several pieces:
fs
andcrypto
)importBundle
to create a new Compartment and evaluate the kernel bundle inside it.xsnap
binary. The kernel/host-app process sends commands over a pipe to evaluate code bundles and process commands. The first bundle evaluated inside the worker is thelockdown
bundle, which establishes a SES environment. The second is thesupervisor
bundle, which installs the command handler. The command handler currently imports liveslots (which is therefore incorporated into the supervisor bundle), but we intend (upgrading liveslots: controller.setLiveslotsBundleID() #4376) to make that a separate bundle and deliver it over the command pipe. Finally the supervisor is instructed to evaluate the vat source bundle, to personalize the worker into a specific vat.test-*.js
file, before importing anything else, the test program is provided with a suitable SES environment that includes adequate mocks for the special vat facilities likeVatData.makeKind
(for virtual objects).Bundles include a copy of all the files transitively imported by their entry-point file. The bundler (Endo) will refuse to follow imports to non-source modules, like Node's builtins (
fs
) or modules that include C/C++ -compiled.so
binary libraries. So if two components reference a common source file, and one component is included in a bundle, that common source file must not import any builtins or compiled modules.Description of the Design
I'm thinking of the following layout:
src/lib/*.js
: small files which are used by multiple places, likeparseVatSlot.js
. These should not import anything (at least not outside oflib/
), and must not import builtins or binary modules. These are safe to use from bundled code.src/kernel/*.js
: files which get included in the kernel bundle. Excludes liveslots and vat-supervisor code. Includes vat-manager code. Includes vat-warehouse.src/supervisor/*.js
: files which get included in the supervisor bundle. Maybe break this out into subdirs for the different worker types.src/liveslots/*.js
: files which get included in the liveslots bundle. Referenceslib/
but nothing else. Includes all the virtual object/collection code.src/builtin-vats-devices/*.js
: code to be bundled into built-in devices and vats: comms, vat-tpsrc/devices/
: code for devices that userspace must enable and configure, not included automaticallyI need to understand
src/vats/network/*.js
and the "plugin manager" to see where they fit. We might need asrc/vats/
if swingset provides source code for vats that must be enabled by the host application.Security Considerations
none I can can think of, probably makes things easier to audit
Test Plan
If the unit tests (which will need a lot of import-path surgery) still work, we'll know this was successful.
cc @FUDCo is there any other housekeeping you'd like to see done while we're tidying up?
The text was updated successfully, but these errors were encountered: