Skip to content
This repository was archived by the owner on Jan 9, 2026. It is now read-only.
This repository was archived by the owner on Jan 9, 2026. It is now read-only.

Modref equality in capability guards fail equality check #1279

Closed
Closed
Modref equality in capability guards fail equality check#1279
@sirlensalot

Description

@sirlensalot
sirlensalot
opened on Aug 14, 2023

Issue description

Using modrefs in capability guards fails when trying to require the cap because the equality check for the modref value fails.

Steps to reproduce/Expected behavior

The following test should succeed but fails in the success case.

(interface ops
  (defun op1:bool (a:string b:integer))
  (defun op2:bool (c:string d:bool))
  )


(module caller G
  (defcap G () true)
  (defschema dep
      callee:module{ops})
  (deftable deps:{dep})
  (defcap OP1 (a:string b:integer m:module{ops})
    @managed
    true)
  (defcap OP2 (c:string d:bool m:module{ops})
    @managed
    true)
  (defun op1-guard (a:string b:integer m:module{ops})
    (create-capability-guard (OP1 a b m)))
  (defun op2-guard (c:string d:bool m:module{ops})
    (create-capability-guard (OP2 c d m)))
  (defun callees:[module{ops}] ()
     (map (compose (read deps) (at 'callee)) (keys deps)))
  (defun call-op1 (a:string b:integer)
    (map (lambda (m:module{ops})
           (install-capability (OP1 a b m))
           (with-capability (OP1 a b m)
             (m::op1 a b)))
         (callees)))
  (defun call-op2 (c:string d:bool)
    (map (lambda (m:module{ops})
           (install-capability (OP2 c d m))
           (with-capability (OP2 c d m)
             (m::op2 c d)))
         (callees)))
)
(create-table deps)


(module callee-A G
  (defcap G () true)
  (implements ops)
  (defun op1:bool (a:string b:integer)
    (enforce-guard (op1-guard a b callee-A))
    true)
  (defun op2:bool (c:string d:bool)
    (enforce-guard (op2-guard c d callee-A))
    false)

  )

(module callee-B G
  (defcap G () true)
  (implements ops)
  (defun op1:bool (a:string b:integer)
    ;; out-of-band call to callee-A
    (callee-A.op1 a b)
    false)
  (defun op2:bool (c:string d:bool)
    (enforce-guard (op2-guard c d callee-B))
    true)
  )

(insert deps "callee-A" { 'callee: callee-A })
(insert deps "callee-B" { 'callee: callee-B })
(expect-failure
   "out-of-band call fails"
   "Capability not acquired"
   (call-op1 "hello" 2))
(expect
   "normal case succeeds for both callees"
   [false true]
   (call-op2 "goodbye" false))

Debug Information

This is because infos are not being elided from modrefs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions