-
Notifications
You must be signed in to change notification settings - Fork 279
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] #2511: Restrict FFI types on wasm #2590
[feature] #2511: Restrict FFI types on wasm #2590
Conversation
Codecov Report
@@ Coverage Diff @@
## iroha2-dev #2590 +/- ##
==============================================
- Coverage 67.61% 65.86% -1.75%
==============================================
Files 140 156 +16
Lines 26173 28198 +2025
==============================================
+ Hits 17696 18574 +878
- Misses 8477 9624 +1147
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
@@ -285,12 +285,12 @@ fn return_result() { | |||
unsafe { | |||
assert_eq!( | |||
FfiResult::ExecutionFail, | |||
FfiStruct__fallible_int_output(u8::from(false), output.as_mut_ptr()) | |||
FfiStruct__fallible_int_output(From::from(false), output.as_mut_ptr()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The point of this change, being that it makes the type checker do a better job?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When wasm
feature is active ffi representation of bool
would be u32
not u8
, so I did this so that the test worked in both cases.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
u8
for bool
is problematic. Every operation involving booleans would be extremely slow (which is why it's almost always size_t
)
ffi/derive/src/lib.rs
Outdated
source: Self::Source, | ||
_: &'itm mut <Self as iroha_ffi::owned::TryFromReprCVec<'itm>>::Store, | ||
) -> Result<Vec<Self>, iroha_ffi::FfiResult> { | ||
let slice = source.into_rust().ok_or(iroha_ffi::FfiResult::ArgIsNull)?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given that FfiResult
has a lot more variants, wouldn't it make sense to add FfiResult::ConversionFailed
? There's non-zero overlap between the two, but even if 100% of the failures were because ArgIsNull
, we'd want to be able to handle it differently.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have added FfiResult::ConversionFailed
, however for this particular case FfiResult::ArgIsNull
is fine, because only case in which slice.into_rust()
return None
is when slice
is null
.
332e2a1
to
47bc640
Compare
} | ||
|
||
primitive_impls! {u8, u16, u32, u64, u128, i8, i16, i32, i64} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So what do we do when we actually have a u128
?
Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
47bc640
to
762bbb9
Compare
…dger-iroha#2590) Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
…dger-iroha#2590) Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
…dger-iroha#2590) Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
…dger-iroha#2590) Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
…dger-iroha#2590) Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
…dger-iroha#2590) Signed-off-by: Shanin Roman <shanin1000@yandex.ru> Signed-off-by: BAStos525 <jungle.vas@yandex.ru>
…dger-iroha#2590) Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
…dger-iroha#2590) Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
…dger-iroha#2590) Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
…dger-iroha#2590) Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
…dger-iroha#2590) Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
…dger-iroha#2590) Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
Signed-off-by: Shanin Roman shanin1000@yandex.ru
Description of the Change
wasm
feature toiroha_ffi
crate;PrimitiveRepr
trait to substitute unsupported types with supported ones;Vec
transfer through ff-boundry.Issue
Closes #2511.
Benefits
Protect from various errors (when user can pass u32 where u8 supposed to be).
Possible Drawbacks
More complex implementation.
Usage Examples or Tests [optional]
Alternate Designs [optional]