-
Notifications
You must be signed in to change notification settings - Fork 215
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(swingset): add controller.terminateVat(vatID, reason) #9253
Conversation
Deploying agoric-sdk with Cloudflare Pages
|
Security ConsiderationsThe new API is powerful, and uses a trivially-forgeable Scaling ConsiderationsAs noted in the docstring, unless a Documentation ConsiderationsNothing here should be visible to userspace developers. The primary audience of this new feature is a specialized cosmic-swingset upgrade handler, which can call it during some future chain upgrade, to initiate deletion of the then-unused large price-feed vats, after they have been replaced by others. It's entirely possible that userspace will have a way to delete these vats by then, and we won't need the host-app to do it. Testing ConsiderationsIf/when we write that future upgrade handler to invoke this, we will need some kind of main-fork test to make sure it can initiate termination correctly. That will be part of the PR which modifies cosmic-swingset. Upgrade Considerationsnone |
2d621ee
to
98c3e10
Compare
c3299e5
to
a31549a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This all seems reasonable, even though I'm not sure in which (non-test) circumstance we'd want to use this mechanism as I'd expect us to use bootstrap powers instead to terminate a vat during some core proposal.
Yeah, it wasn't 100% clear to me that the mainnet bootstrap vat has access to the necessary |
a31549a
to
13ea1dc
Compare
98c3e10
to
c17ff90
Compare
13ea1dc
to
bb79f9e
Compare
c17ff90
to
0f847c7
Compare
bb79f9e
to
c9bd283
Compare
0f847c7
to
07b3d93
Compare
c9bd283
to
cbbc252
Compare
c2d78a5
to
e45f10a
Compare
dab29e7
to
b422019
Compare
e45f10a
to
89a6312
Compare
89a6312
to
27286db
Compare
b07a058
to
a2f0a21
Compare
27286db
to
1a38cf2
Compare
a2f0a21
to
fa87abe
Compare
1a38cf2
to
e05394d
Compare
e05394d
to
4fdb16e
Compare
fa87abe
to
4ad9689
Compare
4fdb16e
to
6c53a99
Compare
0140249
to
71ede77
Compare
794a9c2
to
2990dfb
Compare
71ede77
to
06ccc1f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice and compact!—although I do wish the testing was more self-contained; I'll have to see about DX improvements for bootstrap-relay.js.
|
||
terminateVat(vatID, reasonCD) { | ||
insistCapData(reasonCD); | ||
assert(reasonCD.slots.length === 0, 'no slots allowed in reason'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know how strict we should be about assert patterns, but this is the convention AIUI:
assert(reasonCD.slots.length === 0, 'no slots allowed in reason'); | |
reasonCD.slots.length === 0 || Fail`no slots allowed in reason`; |
packages/SwingSet/test/external-termination/external-termination.test.js
Outdated
Show resolved
Hide resolved
86b55f5
to
f76a341
Compare
af1555e
to
164ed8b
Compare
f76a341
to
b3c1d8c
Compare
47fe6e9
to
cbbb00d
Compare
53da414
to
52e0840
Compare
cbbb00d
to
fc2718e
Compare
52e0840
to
c9b014a
Compare
fc2718e
to
3648e55
Compare
c9b014a
to
5b67afe
Compare
3648e55
to
1dcb1d2
Compare
5b67afe
to
fba6e3a
Compare
1dcb1d2
to
9ac2ef0
Compare
This new API allows the host application to terminate any vat for which is knows the VatID (which must be gleaned manually from logs or the database). This might be useful if the normal vat code is unable or unwilling to terminate the vat, or if you need to trigger termination at some specific point in time. closes #8687
fba6e3a
to
693b367
Compare
This new API allows the host application to terminate any vat for which is knows the VatID (which must be gleaned manually from logs or the database). This might be useful if the normal vat code is unable or unwilling to terminate the vat, or if you need to trigger termination at some specific point in time.
closes #8687