-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove Policies interface #78
Conversation
ab17498
to
33815cd
Compare
Looks good, but are there any other policies besides CONIKS policies? If not, maybe just call this |
Yes, it makes more sense. |
LGTM (For some reason I thought we had taken care of this in #41, but I guess that was just a renaming). |
@@ -21,10 +21,10 @@ type SignedTreeRoot struct { | |||
PreviousEpoch uint64 | |||
PreviousSTRHash []byte | |||
Signature []byte | |||
Policies Policies | |||
Policies *Policies |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a late night comment, so take it for what it's worth. Is there any chance that changing this to a pointer is going to lead to the Policies in the STR being mutated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's still safe by far. Changing this to pointer absolutely makes the Policies being mutated but it's the same for other fields of slice type.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sort of ... there's an expectation that policies are to be able to be altered between epochs. With this change, we're asking developers to be aware that they need to allocate a new Policies structure each time, rather than manipulate the one they may be retaining since startup. It just feels like a copy is less error prone.
After writing that sentence, I looked at directory.go and saw that we're doing this right,
https://github.com/coniks-sys/coniks-go/blob/master/protocol/directory.go#L43
but still feel uncomfortable with the pointer. Maybe others have an opinion?
Also, I think we have a bug #80
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With this change, we're asking developers to be aware that they need to allocate a new Policies structure each time, rather than manipulate the one they may be retaining since startup
I don't think that we're asking developers to allocate a new Policies struct each time. They just need to allocate a new struct when the policies change, much like when we using the interface. Nevermind, I got your idea.
@masomel @liamsi : What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently, the policies are accessed in the merkletree
package only. Couldn't we even make the field unexported? So we hide the inner workings and still use a pointer here (which was introduced for performance reasons, I guess?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank for the clarification. Then I'm also slightly in favour of making this a "copy" instead of a pointer. Simply because it is slightly more explicit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I fixed it in ceb0a58cdd139cb212c07dccabfb2f07be51520a. But a part of me still feels uncomfortable when considering the memory use between a copy and a pointer, in this case.
Maybe another solution is to ask developers to be aware that they need to allocate a new Policies structure each time, in the documentations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't the overhead massively dominated by the cloned trees in memory? The tradeoff is the potential for a corrupted state, which seems worth it.
Unfortunately, documenting that sort of expectation is unreliable and I would caution to err on the side of programming defensively.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately, documenting that sort of expectation is unreliable and I would caution to err on the side of programming defensively.
Yup, I will take it as a lesson. Thanks!
Btw, what do you think about ceb0a58cdd139cb212c07dccabfb2f07be51520a?
LGTM (no strong opinion on this discussion: #78 (comment)) |
6e242f1
to
ceb0a58
Compare
LGTM. |
@@ -21,12 +21,12 @@ type PAD struct { | |||
snapshots map[uint64]*SignedTreeRoot | |||
loadedEpochs []uint64 // slice of epochs in snapshots | |||
latestSTR *SignedTreeRoot | |||
policies Policies // the current policies in place | |||
policies *Policies // the current policies in place |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pad.policies
is in use, so the same mutation comment applies here.
I think you should revert everything in this patch that isn't strictly about removing the interface, sorry.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pad.policies is in use, so the same mutation comment applies here.
Yup, that's why I have this bug bc36c45e36c9eb51bc7510034ac43f80c44f3b30 (fixed in this commit). Thanks!
I think you should revert everything in this patch that isn't strictly about removing the interface, sorry.
Oops, my bad. I split it into a separate commit (af99421)
Btw, I'm so sorry because of these late commits and response.
} | ||
|
||
// EpochDeadline returns the EpochDeadline of the current policies | ||
// If you want to query the EpochDeadline before the new policies | ||
// is updated, use LatestSTR().Policies.EpochDeadline |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But that's exactly what you want to use in EpochUpdate
.
https://github.com/coniks-sys/coniks-go/blob/master/keyserver/server.go#L192
The timer needs to fire based on LatestSTR
's deadline.
Again, I really think you should revert everything here that isn't about removing the interface. The new test is good to add, but orthogonal.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The timer needs to fire based on LatestSTR's deadline.
Yes, you're completely right.
Again, I really think you should revert everything here that isn't about removing the interface. The new test is good to add, but orthogonal.
I didn't get your idea yet :( What should be removed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for not being clear. Just the UpdatePolicies
stuff. The shallow copy in pad.policies = *policies
is all we were after.
Let me update this, one sec.
@c633 See d0aff9a. If you're happy with that, please merge. Thanks! |
Thanks! |
Remove
Policies
interface and useConiksPolicies
struct instead.