Allow EOF creation transactions #878
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #878 +/- ##
==========================================
+ Coverage 98.26% 98.29% +0.02%
==========================================
Files 131 131
Lines 15701 15968 +267
==========================================
+ Hits 15429 15696 +267
Misses 272 272
Flags with carried forward coverage won't be shown. Click here to find out more.
|
|
So this kinda changes the definition of validation (at least for top-level container), which I'm not very sure is acceptable. (It would mean every client has to implement it in this way) My other idea was something like:
|
Hm, you mean we redo all the previous steps (from |
Yes, I would say it's fine. Or make another variant of |
|
The other approach is in 903dae2. I like it, but it broadens eof.hpp significantly, not sure if this is a problem. I'll give it some more thought later. Or we can just proceed and plan a rewrite of these APIs later? |
|
One thing I've noticed is this.
If we could move these two outside of Otherwise this should be good to review. |
test/state/host.cpp
Outdated
| if (holds_alternative<EOFValidationError>(section_headers_or_error)) | ||
| return {}; // Light early exception. | ||
|
|
||
| const auto header = read_valid_eof1_header(input); |
There was a problem hiding this comment.
it feels hacky to me, we don't read to re-parse the header at this point, we already have all section sizes returned from validate_section_headers() and can sum them up to find the split.
There was a problem hiding this comment.
I wanted to avoid the summing up, which we already handle in two places. BTW, did you see the comment #878 (comment), would this work in your opinion?
In general I would also prefer to take a safe and easy path now and possibly make a more thorough redesign of these validation routines, once we finalize the spec of the validations? There's still a lot of moving parts.
lib/evmone/eof.hpp
Outdated
| #include <vector> | ||
|
|
||
| namespace evmone | ||
| { | ||
| constexpr uint8_t MAGIC[] = {0xef, 0x00}; |
There was a problem hiding this comment.
I didn't realize it will drag along all the constants into the header... What if instead of making validation_section_headers() public as is, we make a public wrapper of it that returns only full container size that we need? maybe like std::variant<size_t, EOFValidationError> validate_eof_section_headers(bytes_view)
There was a problem hiding this comment.
Also MAGIC doesn't have to be in the header in any case, does it?
There was a problem hiding this comment.
re MAGIC - yup, I grabbed too much. Re the fist comment, see my other comment and the idea to use validate_header instead.
pdobacz
force-pushed
the
isc-less-eof
branch
2 times, most recently
from
bf8a791
to
4b3dd12
Compare
|
Okay, another version of. I figured that a new public wrapper of This version needs to rely on #891 so that needs to merge first and then I force push the cherry-picked fix away. |
While working on #878 I noticed the offset calculation in validate_header can overflow the uint16, if the _declared_ sizes of container sections are large. Currently there is no upper limit on container size in validation (there's only the indirect limit imposed by max_initcode_size), so there can be a large container, which has a subcontainer of size 0xffff, and will have it's `data_offset` not fit the uint16. We have 2 tests which happened to run into this, but the problem was masked (the data_offset was just really tiny, despite the container had a huge subcontainer, but it was never used, and the check for stray data wasn't affected by the overflow). I adjust them so (IMO) they still test what they're supposed to test, but not overflow.
|
Looks good now, but there's weird clang-tidy warning now, not sure why. |
test/state/host.cpp
Outdated
| @@ -256,7 +256,7 @@ std::optional<evmc_message> Host::prepare_message(evmc_message msg) | |||
| if (holds_alternative<EOFValidationError>(header_or_error)) | |||
| return {}; // Light early exception. | |||
|
|
|||
| const auto& header = std::get<EOF1Header>(header_or_error); | |||
| const auto header = std::get<EOF1Header>(header_or_error); | |||
There was a problem hiding this comment.
So std::get is actually throwing, I guess that's why the warning.
- The reference shouldn't affect this I think, so would be good to report to clang-tidy if it's possible to reproduce on some minimal example
- To work around we can use
get_if
const auto* header = std::get_if<EOF1Header>(&header_or_error);
if (!header)
return {}; // Light early exception.- I think it makes sense to add
noexcepttoprepare_message()
There was a problem hiding this comment.
But in validate_eof1 a similar pattern is OK, which is what throws me off completely. Thanks for the suggestions, I'll poke around this
First approach to allowing EOF creation transactions, thereby making the creator contract not necessary to deploy first EOF.
Follows the design from ipsilon/eof#78 / ethereum/EIPs#8498
However the validation problem has been resolved differently - it seemed easier to remove the validation rule to never have stray bytes in a container from the main
validation_eofand to put it in the spots where it applies (TXCREATE initcontainer and subcontainers). This way this rule doesn't apply to creation transaction containers.The validation state_tests are broken and should be reworked similar to the validation tests we have here, in light of the above change to validation.
The commit history reflects some interim steps, will be squashed before merging.