Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Host function protocol gating #1348

Merged
merged 6 commits into from
Feb 26, 2024
Merged

Host function protocol gating #1348

merged 6 commits into from
Feb 26, 2024

Conversation

jayz22
Copy link
Contributor

@jayz22 jayz22 commented Feb 14, 2024
edited
Loading

What

Allow host functions to specify its supported protocol bounds, e.g.

        {
            "name": "test",
            "export": "t",
            "functions": [
                {
                    "export": "_",
                    "name": "dummy0",
                    "args": [],
                    "return": "Val",
                    "docs": "A dummy function taking 0 arguments and performs no-op.                
+                  "min_supported_protocol": 20,
+                   "max_supported_protocol": 21
                }                
            ]
        },

And adds logic (mostly macro generated) that automatically checks and enforces these protocol bounds in various paths:

  • Host running as native. Covered by impl Env for VmCallerEnv.
  • Host running from the guest Wasm contract. Covered by Vm link-time check, as well as the dispatch functions (as a redundant safe guard).

Tests are added in tests/protocol_gate.rs.

For more context, visit the design doc

graydon
graydon approved these changes Feb 24, 2024
View reviewed changes
Copy link
Contributor

@graydon graydon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I pushed a couple minor fixes, looks good overall!

soroban-env-host/src/test/hostile.rs Show resolved Hide resolved
@jayz22 jayz22 marked this pull request as ready for review February 26, 2024 19:36
@jayz22 jayz22 requested review from sisuresh, dmkozh and a team as code owners February 26, 2024 19:36
@graydon graydon added this pull request to the merge queue Feb 26, 2024
Merged via the queue into stellar:main with commit abd977d Feb 26, 2024
13 of 14 checks passed
@graydon graydon deleted the runtime-protocol-gate branch February 26, 2024 20:12
@dmkozh dmkozh mentioned this pull request Feb 26, 2024
Closed
dmkozh
dmkozh reviewed Feb 26, 2024
View reviewed changes
soroban-env-common/env.json
"args": [],
"return": "Val",
"docs": "A dummy function for testing the protocol gating. Takes 0 arguments and performs no-op",
"min_supported_protocol": 19,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this a protocol change? I thought it was only intended for testing. I think it should still be gated by protocol 21, or otherwise we would risk a divergence.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This won't have an effect on protocol because no contract can link to it. It's min and max protocol are both specified as 19. So if a contract tries, it will fail the validation check during the upload (same as linking to a non-existent function today).

The reason this has to be 19 (or any value lower than 20) is because the test includes the case where the ledger protocol version > host function max protocol (see test_host_protocol_gating_for_wasm), and the ledger protocol version cannot be larger than the env version (20, which is compiled in and non-overridable).

Note setting the min_supported_protocol to 21 is using the exact same mechanism for protection against contract built with protocol 20. So effectively this function is always protocol gated out.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, that's clever. Thanks for the explanation.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. I've added a comment to the function docs in #1356

@jayz22 jayz22 mentioned this pull request Feb 27, 2024
Merged
github-merge-queue bot pushed a commit that referenced this pull request Feb 29, 2024
@jayz22
Add a comment for supported protocol versions in `protocol_gated_dumm…
29a3070 
…y` (#1356)

### What

Add this
[explanation](#1348 (comment))
to the doc.

### Why

[TODO: Why this change is being made. Include any context required to
understand the why.]

### Known limitations

[TODO or N/A]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmkozh dmkozh dmkozh left review comments

@graydon graydon graydon approved these changes

@sisuresh sisuresh Awaiting requested review from sisuresh sisuresh is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jayz22 @graydon @dmkozh