Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove pureCopy, ALLOW_IMPLICIT_REMOTABLES #1061

Merged
merged 1 commit into from
Feb 4, 2022
Merged

Remove pureCopy, ALLOW_IMPLICIT_REMOTABLES #1061

merged 1 commit into from
Feb 4, 2022

Conversation

erights
Copy link
Contributor

@erights erights commented Feb 4, 2022
edited
Loading

We are now allowing ourselves to assume a protection we have not yet implemented --- that Passable pass-by-copy composites (CopyArray, CopyRecord, Tagged) cannot be proxies. Enforcing this would mirror the security properties of the proposed Records and Tuples, ensuring that these are only passive pure data that cannot cause side effects or interleave with user code, for example, to mount reentrancy attacks. (Need issue number where this assumption is documented.)

Given that assumption, we no longer need pureCopy nor the contrast between OnlyData and PureData. The name PureData better suggests the strong property that we're allowing ourselves to assume. So we delete all uses of pureCopy and occurrences of OnlyData or replace them with PureData.

This PR also removes the long deprecated ALLOW_IMPLICIT_REMOTABLES flag / environment variable. We have long ago switched it off by default and have gone for a long time without any need to turn it back on. At this point, we won't break anything by removing it.

Agoric/agoric-sdk#4458 should go first, deleting uses of pureCopy which endo will no longer export.

The only use of sameValueZero was in agoric-sdk, so between the two PRs, we're moving it there. The other PR should go first for this reason as well. This PR stops exporting it. Agoric/agoric-sdk#4458 stops importing, instead defining its own.

@erights erights self-assigned this Feb 4, 2022
@erights erights mentioned this pull request Feb 4, 2022
Merged
@erights erights changed the title WIP Remove pureCopy, ALLOW_IMPLICIT_REMOTABLES Remove pureCopy, ALLOW_IMPLICIT_REMOTABLES Feb 4, 2022
@erights erights marked this pull request as ready for review February 4, 2022 06:47
@erights
Copy link
Contributor Author

erights commented Feb 4, 2022

Agoric/agoric-sdk#4458 is merged, so this one should no longer be blocked on that one.

michaelfig
michaelfig approved these changes Feb 4, 2022
View reviewed changes
Copy link
Member

@michaelfig michaelfig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great! Nice simplification.

@erights erights merged commit f08cad9 into master Feb 4, 2022
@erights erights deleted the markm-kill-pureCopy branch February 4, 2022 18:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelfig michaelfig michaelfig approved these changes

@kriskowal kriskowal Awaiting requested review from kriskowal

Assignees

@erights erights

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@erights @michaelfig