feat(ocap-kernel): Prevent overriding endowment names#619
Conversation
grypez
force-pushed
the
grypez/use-kernel-platforms
branch
from
88f8f25 to
5017064
Compare
grypez
force-pushed
the
grypez/object-key-disjoint-union
branch
from
d3d2a33 to
e84ffcd
Compare
grypez
force-pushed
the
grypez/object-key-disjoint-union
branch
from
e84ffcd to
199d7e3
Compare
| for (const obj of objects) { | ||
| for (const key of Reflect.ownKeys(obj)) { | ||
| if (keys.has(key)) { | ||
| const originalIndex = keys.get(key); |
There was a problem hiding this comment.
| for (const obj of objects) { | |
| for (const key of Reflect.ownKeys(obj)) { | |
| if (keys.has(key)) { | |
| const originalIndex = keys.get(key); | |
| objects.forEach((obj, originalIndex) => { | |
| for (const key of Reflect.ownKeys(obj)) { | |
| if (keys.has(key)) { |
I guess this is simpler?
There was a problem hiding this comment.
Ah no you are using the collidingIndex. But I'm not so sure why we need that and not simply do something like
const seen = new Map<PropertyKey, number>();
const out: Record<PropertyKey, unknown> = Object.create(null);
objects.forEach((obj, idx) => {
for (const key of Reflect.ownKeys(obj)) {
if (seen.has(key)) {
throw new Error(
`Duplicate key "${String(key)}" found in entries ${seen.get(key)} and ${idx}`
);
}
seen.set(key, idx);
}
Object.defineProperties(out, Object.getOwnPropertyDescriptors(obj));
});
return out There was a problem hiding this comment.
In this case the index is used to differentiate between an internal error and a user error where the VatSupervisor uses the function.
grypez
force-pushed
the
grypez/object-key-disjoint-union
branch
from
650c260 to
996a6f3
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
| }; | ||
| throw new DuplicateEndowmentError(String(key), collidingIndex === 1); | ||
| } | ||
| // Otherwise, just rethrow the error. |
There was a problem hiding this comment.
Bug: Endowment Collision Classification Error
The DuplicateEndowmentError.isInternal flag is incorrectly determined. It currently only checks if collidingIndex === 1, which misclassifies internal endowment collisions. Since workerEndowments, platformEndowments, and lsEndowments are all internal sources, any collision between them should be marked as internal. The classification needs to consider both originalIndex and collidingIndex to accurately reflect internal conflicts.
2 participants
This PR ensures that the various sources of vat namespace endowments do not provide colliding names, causing the VatSupervisor to throw an error instead in this case.