-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
syscall.resolve* removes liveslots+clist entries (sending side) #767
Comments
One test case to keep in mind: while the recipient of a message does not directly get access to the Promise that represents their result, the vat which sent the message could always send it to them. And they might send it elsewhere, and/or subscribe to hear about it's resolution. We think this will work out ok, but we can imagine some improvements or optimizations which might change that, so we should be sure to have a good test case. Alice does: const p1 = bob~.one();
bob~.two(p1); while Bob does : let p;
let pr;
function one() {
pr = makePromise();
return pr.p;
}
function two(p1) {
pr.res(value); // bob resolves one() result
carol~.foo(p1); // bob sends it elsewhere
p1.then(stuff); // wants to hear about resolution
Promise.resolve().then(carol~.bar(p1));
} Bob's liveslots layer will see a The full transcript for bob should look like:
The tricky bit is that the vat is supposed to stop talking about With our current plan, But in our current implementation, Bob's |
Another thing to pay attention to is that |
Chip and I walked through two approaches for retiring the resolver side of these tables, and we're coming around to preferring the second of the two. As a refresher, any number of vats (or none) might have a c-list entry that references a given kernel promise identifier (kpid). If a vat has one, it will only have one: we never have two vpids for the same kpid in a single vat. Zero or one of the referencing vats will be the Decider. The identity of the Decider will move around over time, since vats can transfer their decision-making authority to a given promise by putting that promise ID in the Vats currently notify the kernel (via I'm assuming that we'll follow Dean's recommendation (#745) to remove this syscall and treat any c-list reference to a Our performance goal is to remove any record of the Promise once it is no longer needed. Vats and kernels follow matching rules about when they can use a In the first approach, the vat-kernel rules state that c-list entries are removed during In the second approach, we remove c-list entries during both I think we can assume the vast majority of Promises will be created as the If we go with the second approach, we must start with a test case that sets up Bob as both follower and resolver, and makes sure Bob's
|
Chip and I talked about the second approach and realized that we can make it better by replacing "unsubscribe the deciding vat" to just "don't notify the deciding vat". The kernel already knows which vat is calling So our planned approach is:
This avoids the need to unsubscribe/resubscribe as the decision-making authority wanders from vat to vat. Later, when #745 removes |
The second step of #675 is to remove table entries from the sending side of the Promise resolution format. When a vat calls one of the resolution flavors (
syscall.fulfillToPresence
,syscall.fulfillToData
,syscall.reject
, and the as-yet-unimplementedsyscall.forward
), the liveslots code should first serialize the body of the resolution, which uses thevalToSlot
table to mapPromise
objects intovpid
(vat promise identifier) strings. Then liveslots should delete the entries fromvalToSlot
andslotToVal
(and probably fromimportedPromisesByPromiseID
too). Finally liveslots can invoke the syscall. This allows the vat to uphold its pledge that, once resolved, it will never speak of thevpid
identifier again.The kernel, after translating the slots through the vat's c-list (mapping each
vpid
to akpid
), must delete the c-list entry for the target of the resolution (which may or may not also appear in the body). This lets the kernel uphole its own pledge.Note that the same javascript
Promise
object might be sent out of the Vat again in the future. If so, liveslots will assign it a newvpid
(as thePromise
is not present invalToSlot
), and the kernel will see it as a brand new promise, which just so happens to get resolved on the very next turn.The text was updated successfully, but these errors were encountered: