[fastx adapter] making move execution work end-to-end #88
Conversation
sblackshear
requested review from
huitseeker,
lxfind,
patrickkuo,
gdanezis and
oxade
sblackshear
force-pushed
the
use_new_move_vm_api
branch
from
2e70390 to
68f99f8
Compare
sblackshear
changed the title
sblackshear
force-pushed
the
use_new_move_vm_api
branch
4 times, most recently
from
24b17d1 to
0b46af2
Compare
| for (mut obj, new_contents) in mutable_refs { | ||
| match &mut obj.data { | ||
| Data::Move(m) => m.contents = new_contents, | ||
| _ => unreachable!(), |
There was a problem hiding this comment.
Is this unreachable or is this an API invariant violation? Should a panic here involve a message?
Also, consider using pre, perhaps.
There was a problem hiding this comment.
- It is unreachable--we checked earlier than
mutable_refsonly had Move objects. Will change topanicwith an appropriate message. prelooks very interesting/useful. But I am trying to weigh the risk/reward of adding this as a dep in a system that's currently pretty dependency-minimal--thoughts on that?
There was a problem hiding this comment.
pre is:
- pretty darn safe, because it's itself small, it disappears at release and is dependency-minimal,
- really useful when you're committed to using a specific set of preconditions that should be enforced by callers, rather than a one-off.
So it may be just early (in this PR), if you do have a battery invariants in mind, or pre may not be for you if you don't.
| } | ||
| // any object left in `by_value_objects` is an input passed by value that was not transferred or frozen. | ||
| // this means that either the object was (1) deleted from the FastX system altogether, or | ||
| // (2) wrapped inside another object that is in the FastX object pool |
There was a problem hiding this comment.
Remind me: what's the logic for deleting wrapped objects in this case?
There was a problem hiding this comment.
A wrapped object was either:
- Passed in via
by_value_objectsand not subsequently transferred - Created by the transaction and subsequently transferred or deleted
- In case (1), the wrapped object will be present in
by_value_objectsand thus deleted from the object pool here. - In case (2), the wrapped object was never in the object pool, so there's no need to delete it.
| } | ||
| } | ||
| debug_assert!( | ||
| by_value_objects.len() + mutable_ref_objects.len() + num_immutable_objects == num_objects |
| @@ -0,0 +1,30 @@ | |||
| /// Test CTURD object basics (create, transfer, update, read, delete) | |||
There was a problem hiding this comment.
💩 ?
(nit : consider a different acronym)
There was a problem hiding this comment.
Lol, this was the most memorable one I could think of
There was a problem hiding this comment.
CRUD is a well-known acronym in databases, so that CRUDT, TCRUD would ring a bell.
| @@ -118,6 +142,11 @@ impl TransactionDigest { | |||
| SequenceNumber::new(), | |||
| ) | |||
| } | |||
|
|
|||
| // for testing | |||
There was a problem hiding this comment.
Would do this, but then it can't be used outside of the base_types crate (unless there is a way to allow this?)
There was a problem hiding this comment.
True, the only way to allow this is with a feature, which dependent crates would have to activate when appropriate. Sigh.
There was a problem hiding this comment.
Probably makes sense for us to do this eventually because we have several functions that look like this... but in a future PR
Good call + will do! |
sblackshear
force-pushed
the
use_new_move_vm_api
branch
from
2a2e158 to
84b86b0
Compare
Using the new VM API in diem/diem@346301f to make the Move-powered execution work as intended. At a high level: - The adapter takes some FastX objects, some pure values (e.g., addresses), and a Move function to call as input as input - It takes extracts a Move value from each object and type-checks the objects against the function signature - It invokes the function on the Move values and pure values - It processes the effects produced from executing the function to update the input objects, as well as updating the store with freshly created and deleted objects. This is intricate logic that will need much more testing in time. But wanted to get this functionality out as early as possible to unblock the client workstream, which will need to send `MoveCall` orders and observe their effects.
sblackshear
force-pushed
the
use_new_move_vm_api
branch
from
84b86b0 to
1d83bd5
Compare
| old_object.next_sequence_number = sequence_number; | ||
| old_object | ||
| } else { | ||
| Object::new_move(move_obj, recipient, SequenceNumber::new()) |
There was a problem hiding this comment.
One Q: where (would|does)a the sequence number management that happens during the creation of an object from an unwrap live?
@huitseeker : this is it--same code path as object creation.
There was a problem hiding this comment.
Worth noting that this is (as @gdanezis pointed out in the preso this morning) completely unsafe if sequence numbers are used for replay prevention (as they are today ...).
But it is fine in the (future, proposed world) where keys in the order_lock map are (ObjectId, TxDigest) (or a commitment to this pair).
There was a problem hiding this comment.
#98 for much more detail on this.
|
I'm going to go ahead and land this because there are a few outstanding PR's that are tough to review by virtue of being based on it. Happy to address any/all other comments async! |
Using the new VM API in diem/diem@346301f to make the Move-powered execution work as intended. At a high level:
This is intricate logic that will need much more testing in time. But wanted to get this functionality out as early as possible to unblock the client workstream, which will need to send
MoveCallorders and observe their effects.