Use native and/or fake harden for performance
#7438
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
michaelfig
force-pushed
the
mfig-native-harden
branch
from
e101525 to
cc731f8
Compare
|
I'll waive the requirement to bump the meter version given we will soon update XS versions anyway. |
michaelfig
force-pushed
the
mfig-native-harden
branch
6 times, most recently
from
3f42157 to
2012ec8
Compare
michaelfig
changed the title
harden for performance
michaelfig
changed the title
harden for performanceharden for performance
michaelfig
force-pushed
the
mfig-native-harden
branch
from
2012ec8 to
2f24746
Compare
michaelfig
force-pushed
the
mfig-endo-2023-04-20
branch
from
b67b0e5 to
b43439c
Compare
michaelfig
force-pushed
the
mfig-native-harden
branch
from
2f24746 to
f02b61d
Compare
Merged
michaelfig
force-pushed
the
mfig-native-harden
branch
from
f02b61d to
a9212c1
Compare
michaelfig
changed the title
harden for performanceharden for performance
erights
reviewed
Apr 21, 2023
The only change to use unsafe harden is in the entry points in the |
mhofman
approved these changes
Apr 21, 2023
| rawSaveSeconds: 0, | ||
| uncompressedSize: 801387, | ||
| uncompressedSize: 724579, |
There was a problem hiding this comment.
Impressive how we reduced the heap snapshot size!
There was a problem hiding this comment.
Yeah, removing the WeakSet of hardened values is probably what caused this shrinkage.
michaelfig
force-pushed
the
mfig-native-harden
branch
from
a9212c1 to
81e9412
Compare
michaelfig
added
the
automerge:no-update
warner
approved these changes
Apr 21, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
closes: #7275, closes: #7367
refs: agoric-labs/xsnap-pub#37 agoric-labs/moddable#8 endojs/endo#1556
Description
Optimise the on-chain use of
hardenglobalThis.hardenunder XS (feat: reenable nativehardenagoric-labs/xsnap-pub#37 and feat: allow callinghardenbeforelockdownagoric-labs/moddable#8)@endo/init/unsafe-fast.jsfor Node.js cosmic-swingset feat(ses): option to fake harden unsafely endojs/endo#1528 feat(init): add@endo/init/unsafe-fast.jsendojs/endo#1552Please note the Git hash updates in this PR, and see that the submodule diffs below are as expected.
Security Considerations
Some softer interface boundaries within the SwingSet kernel (running in Node.js) since
hardenis faked there for performance. We consider this to be an acceptable risk, because the kernel is carefully written, and does not evaluate any externally-supplied code except within a vat worker (which still uses the full, safehardenimplementation).Scaling Considerations
Reduces runtime costs of
harden()underxsnap-workerand within the SwingSet kernel launched byagd start.Documentation Considerations
Testing Considerations