-
Notifications
You must be signed in to change notification settings - Fork 74
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(ses): Tame ModuleSource (#2469)
Refs: #2463, #2252 ## Description In #2463 we introduced ModuleSource to the SES permits, but this interacted catastrophically with the native XS ModuleSource. We reverted this change #2468 to unbreak Agoric SDK integration. This change reintroduces the ModuleSource permits, such that they are compatible with both XS and the `@endo/module-source/shim.js`, which anticipates the introduction of an AbstractModuleSource base class. Because SES can more gracefully tolerate the absence of an permitted [[Proto]] than the presence of a non-permitted [[Proto]], this adjusts the shim to ensure that the AbstractModuleSource shape exists as a side-effect of repairs/taming, before permits are applied. ### Security Considerations Increase in memory safety exposure in native code implementation of ModuleSource where applicable. ### Scaling Considerations None. ### Documentation Considerations This change reintroduces a note in NEWS.md for the next release. ### Testing Considerations The prior regression went unnoticed because we did not yet have CI for XS #2465. With this change, `yarn test:xs` in SES validates the shim on XS. We also test `@endo/module-source/shim.js` in `ses/test/module-source.test.js` on Node.js. ### Compatibility Considerations This change is designed to tolerate either path forward for the language, whether or not it accepts an AbstractModuleSource base class. ### Upgrade Considerations None.
- Loading branch information
Showing
6 changed files
with
110 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
import { | ||
functionPrototype, | ||
getPrototypeOf, | ||
globalThis, | ||
objectPrototype, | ||
setPrototypeOf, | ||
} from './commons.js'; | ||
|
||
export const tameModuleSource = () => { | ||
const newIntrinsics = {}; | ||
|
||
const ModuleSource = globalThis.ModuleSource; | ||
if (ModuleSource !== undefined) { | ||
newIntrinsics.ModuleSource = ModuleSource; | ||
|
||
// We introduce ModuleSource.[[Proto]] === AbstractModuleSource | ||
// and ModuleSource.prototype.[[Proto]] === AbstractModuleSource.prototype | ||
// if that layer is absent because the permitting system can more | ||
// gracefully tolerate the absence of an expected prototype than the | ||
// presence of an unexpected prototype,. | ||
function AbstractModuleSource() { | ||
// no-op safe to super() | ||
} | ||
|
||
const ModuleSourceProto = getPrototypeOf(ModuleSource); | ||
if (ModuleSourceProto === functionPrototype) { | ||
setPrototypeOf(ModuleSource, AbstractModuleSource); | ||
newIntrinsics['%AbstractModuleSource%'] = AbstractModuleSource; | ||
newIntrinsics['%AbstractModuleSourcePrototype%'] = | ||
AbstractModuleSource.prototype; | ||
} else { | ||
newIntrinsics['%AbstractModuleSource%'] = ModuleSourceProto; | ||
newIntrinsics['%AbstractModuleSourcePrototype%'] = | ||
ModuleSourceProto.prototype; | ||
} | ||
|
||
const ModuleSourcePrototype = ModuleSource.prototype; | ||
if (ModuleSourcePrototype !== undefined) { | ||
newIntrinsics['%ModuleSourcePrototype%'] = ModuleSourcePrototype; | ||
|
||
// ModuleSource.prototype.__proto__ should be the | ||
// AbstractModuleSource.prototype. | ||
const ModuleSourcePrototypeProto = getPrototypeOf(ModuleSourcePrototype); | ||
if (ModuleSourcePrototypeProto === objectPrototype) { | ||
setPrototypeOf(ModuleSource.prototype, AbstractModuleSource.prototype); | ||
} | ||
} | ||
} | ||
|
||
return newIntrinsics; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters