-
Notifications
You must be signed in to change notification settings - Fork 11.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[fastx programmability] allowing objects to own other objects #99
Comments
Could we further require that the owner object was earlier in the list of objects? This makes the implementation a little simpler. |
Yes, I think that is a very sensible restriction. |
Ok, from the authority.rs perspective this change is not that difficult: We change the ownership check to check that each objects is either owned by the signer, OR another object already checked. So we just need to keep a hashset of checked object-Ids. |
After thinking about the interaction with immutable objects a bit, I think the story is slightly more complicated (but still workable). To lead with an example involving end-user
Moving away to the example and back to the conceptual level, the property we need to ensure is that:
|
This feature dazzles me with its power, but it also scares me a bit in the complexity that it creates:
Thus, my recommendation is that we take our time in designing adding this feature (and more specifically, not try to get it in for the GDC milestone). As part of the GDC prep work, we will work on a number of concrete use-cases and see where the current programming model hits its limits. I think that will help us see more precisely when this feature is needed and (perhaps) introduce a simpler, but equally expressive version of it. E.g., one idea is that:
But just a thought--the use-cases should drive the path forward. |
I have a few questions regarding this:
|
@lxfind I think the key to point 1 is:
When a client is about to execute an order in fastx it knows exactly what the result of the execution is. It does not execute the order to perform the computation. It executes the order to change the global state, and convince others through fastx of the result of the computation. So you are right that the client would track all objects on the map. Then run the insert or remove, or whatever mutable operation on the map. Then record which specific branches/leaves are mutated, and then create an order that only refer to this small (O(logN) hopefully) subset. At the end of all this it has managed to convince the world of the correctness of a transition in a collection, with an O(logN) length order and O(logN) writes, rather than O(N) writes (if it re-writes the whole collection in an object). Now to the point of whether we can implement all this in a different way: I think that by restricting transfer (as we do in move modules) we can still implement maps -- we define a module that makes branches/leaves of a BTree for example, and does not allow them to be transferred. Then their mutation is subject to the module logic, so inserts / removes are correct. Is that right @lxfind / @sblackshear ? I think the only downside of this is ... you cannot transfer such structure :( . Whereas if the branches / leaves `belong' to a root BTree structure if you transfer this root structure you end up transferring the rest of the tree as well. |
Had an offline chat with Sam. So the name "Map" is not quite accurate here. It's rather called "Bundle", which contains a collection of objects, and its main purpose would be that it's convenient to transfer a bundle simply by transferring the root object. |
Ok, now objects can own other objects. There are still things to design but this is done. Thanks @lxfind ! |
Step 1: fleshing out addresses and authenticators
Today, every object has an
owner: FastPayAddress
field, where aFastPayAddress
is just a 32 byte public key. In the future, an address should be the hash of an authenticator, e.g.A transaction will also need to include an
authenticator
for the sender instead of an address.Step 2: expand tx authentication logic to cover the new authenticator types
Today, that logic lives here. This should be extended to
owner
address of each input objectPubKey
variant, it should match the hash of the pubkey in the tx'sauthenticator
Object(id)
variant,id
should also be an input to the transactionStep 3: expose Move primitive for transferring an object to another object
This (almost) already exists here. The semantics are much the same as
Transfer::transfer
: switch the object'sowner
field to the givenObjectID
.Step 4: define collection types and other code that use this new primitive in interesting ways. E.g.
The text was updated successfully, but these errors were encountered: