Remove Policies interface #78
Conversation
vqhuy
force-pushed
the
policies
branch
2 times, most recently
from
ab17498
to
33815cd
Compare
|
Looks good, but are there any other policies besides CONIKS policies? If not, maybe just call this |
|
Yes, it makes more sense. |
|
LGTM (For some reason I thought we had taken care of this in #41, but I guess that was just a renaming). |
| @@ -21,10 +21,10 @@ type SignedTreeRoot struct { | |||
| PreviousEpoch uint64 | |||
| PreviousSTRHash []byte | |||
| Signature []byte | |||
| Policies Policies | |||
| Policies *Policies | |||
There was a problem hiding this comment.
This is a late night comment, so take it for what it's worth. Is there any chance that changing this to a pointer is going to lead to the Policies in the STR being mutated?
There was a problem hiding this comment.
I think it's still safe by far. Changing this to pointer absolutely makes the Policies being mutated but it's the same for other fields of slice type.
There was a problem hiding this comment.
Sort of ... there's an expectation that policies are to be able to be altered between epochs. With this change, we're asking developers to be aware that they need to allocate a new Policies structure each time, rather than manipulate the one they may be retaining since startup. It just feels like a copy is less error prone.
After writing that sentence, I looked at directory.go and saw that we're doing this right,
https://github.com/coniks-sys/coniks-go/blob/master/protocol/directory.go#L43
but still feel uncomfortable with the pointer. Maybe others have an opinion?
Also, I think we have a bug #80
There was a problem hiding this comment.
With this change, we're asking developers to be aware that they need to allocate a new Policies structure each time, rather than manipulate the one they may be retaining since startup
I don't think that we're asking developers to allocate a new Policies struct each time. They just need to allocate a new struct when the policies change, much like when we using the interface. Nevermind, I got your idea.
@masomel @liamsi : What do you think?
There was a problem hiding this comment.
Currently, the policies are accessed in the merkletree package only. Couldn't we even make the field unexported? So we hide the inner workings and still use a pointer here (which was introduced for performance reasons, I guess?)
There was a problem hiding this comment.
Thank for the clarification. Then I'm also slightly in favour of making this a "copy" instead of a pointer. Simply because it is slightly more explicit.
There was a problem hiding this comment.
I fixed it in ceb0a58cdd139cb212c07dccabfb2f07be51520a. But a part of me still feels uncomfortable when considering the memory use between a copy and a pointer, in this case.
Maybe another solution is to ask developers to be aware that they need to allocate a new Policies structure each time, in the documentations.
There was a problem hiding this comment.
Isn't the overhead massively dominated by the cloned trees in memory? The tradeoff is the potential for a corrupted state, which seems worth it.
Unfortunately, documenting that sort of expectation is unreliable and I would caution to err on the side of programming defensively.
There was a problem hiding this comment.
Unfortunately, documenting that sort of expectation is unreliable and I would caution to err on the side of programming defensively.
Yup, I will take it as a lesson. Thanks!
Btw, what do you think about ceb0a58cdd139cb212c07dccabfb2f07be51520a?
|
LGTM (no strong opinion on this discussion: #78 (comment)) |
vqhuy
force-pushed
the
policies
branch
2 times, most recently
from
6e242f1
to
ceb0a58
Compare
LGTM. |
| @@ -21,12 +21,12 @@ type PAD struct { | |||
| snapshots map[uint64]*SignedTreeRoot | |||
| loadedEpochs []uint64 // slice of epochs in snapshots | |||
| latestSTR *SignedTreeRoot | |||
| policies Policies // the current policies in place | |||
| policies *Policies // the current policies in place | |||
There was a problem hiding this comment.
pad.policies is in use, so the same mutation comment applies here.
I think you should revert everything in this patch that isn't strictly about removing the interface, sorry.
There was a problem hiding this comment.
pad.policies is in use, so the same mutation comment applies here.
Yup, that's why I have this bug bc36c45e36c9eb51bc7510034ac43f80c44f3b30 (fixed in this commit). Thanks!
I think you should revert everything in this patch that isn't strictly about removing the interface, sorry.
Oops, my bad. I split it into a separate commit (af99421)
Btw, I'm so sorry because of these late commits and response.
| } | ||
|
|
||
| // EpochDeadline returns the EpochDeadline of the current policies | ||
| // If you want to query the EpochDeadline before the new policies | ||
| // is updated, use LatestSTR().Policies.EpochDeadline |
There was a problem hiding this comment.
But that's exactly what you want to use in EpochUpdate.
https://github.com/coniks-sys/coniks-go/blob/master/keyserver/server.go#L192
The timer needs to fire based on LatestSTR's deadline.
Again, I really think you should revert everything here that isn't about removing the interface. The new test is good to add, but orthogonal.
There was a problem hiding this comment.
The timer needs to fire based on LatestSTR's deadline.
Yes, you're completely right.
Again, I really think you should revert everything here that isn't about removing the interface. The new test is good to add, but orthogonal.
I didn't get your idea yet :( What should be removed?
There was a problem hiding this comment.
Sorry for not being clear. Just the UpdatePolicies stuff. The shallow copy in pad.policies = *policies is all we were after.
Let me update this, one sec.
|
@c633 See d0aff9a. If you're happy with that, please merge. Thanks! |
|
Thanks! |
Remove
Policiesinterface and useConiksPoliciesstruct instead.