Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: better failure messages when reading too much input #1950

Merged
merged 8 commits into from
Jan 17, 2025
Merged

feat: better failure messages when reading too much input #1950

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
0b2a8f0
feat(ux): better failure messages when reading too much input
nhtyy Jan 17, 2025
0e9581f
fix: panic message read_vec -> read
nhtyy Jan 17, 2025
442e8ab
Update crates/zkvm/entrypoint/src/lib.rs
nhtyy Jan 17, 2025
3a9d255
fix: easier panic message
nhtyy Jan 17, 2025
7a30583
Update crates/zkvm/entrypoint/src/lib.rs
nhtyy Jan 17, 2025
207d139
fix: dont violate semver
nhtyy Jan 17, 2025
839a324
Update crates/zkvm/entrypoint/src/lib.rs
nhtyy Jan 17, 2025
3b5e926
Update crates/core/executor/src/syscalls/hint.rs
nhtyy Jan 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 2 additions & 4 deletions crates/core/executor/src/syscalls/hint.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,8 @@ impl Syscall for HintLenSyscall {
_arg1: u32,
_arg2: u32,
) -> Option<u32> {
panic_if_input_exhausted(ctx);

// Note: This cast could be truncating
ctx.rt.state.input_stream.front().map(|data| data.len() as u32)
// Note: This cast could be truncating on 64bit systems.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm confused by this comment. Is the call below safe?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The length field of a vec is a usize, which is 32 or 64 bit depending on target.

You might have a vec with len here that is greater than 2^32 - 1, but it would fail in the vm (based on the checks done there) and if those werent there, it would fail while reading into uninit memory.

nhtyy marked this conversation as resolved.
Show resolved Hide resolved
Some(ctx.rt.state.input_stream.front().map_or(u32::MAX, |data| data.len() as u32))
}
}

Expand Down
4 changes: 2 additions & 2 deletions crates/zkvm/entrypoint/src/allocators/embedded.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ pub fn init() {
}

pub fn used() -> usize {
critical_section::with(|cs| INNER_HEAP.used())
critical_section::with(|_cs| INNER_HEAP.used())
}

pub fn free() -> usize {
critical_section::with(|cs| INNER_HEAP.free())
critical_section::with(|_cs| INNER_HEAP.free())
}

struct EmbeddedAlloc;
Expand Down
12 changes: 12 additions & 0 deletions crates/zkvm/entrypoint/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ pub struct ReadVecResult {
pub ptr: *mut u8,
pub len: usize,
pub capacity: usize,
pub failed: bool,
}

/// Read a buffer from the input stream.
Expand All @@ -61,6 +62,9 @@ pub struct ReadVecResult {
/// When the `embedded` feature is enabled, the buffer is read into the reserved input region.
///
/// When there is no allocator selected, the program will fail to compile.
///
/// If the input stream is exhausted, the failed flag will be returned as true. In this case, the other outputs from the function are likely incorrect.
nhtyy marked this conversation as resolved.
Show resolved Hide resolved
/// is exhausted.
nhtyy marked this conversation as resolved.
Show resolved Hide resolved
#[no_mangle]
pub extern "C" fn read_vec_raw() -> ReadVecResult {
#[cfg(not(target_os = "zkvm"))]
Expand All @@ -70,6 +74,12 @@ pub extern "C" fn read_vec_raw() -> ReadVecResult {
{
// Get the length of the input buffer.
let len = syscall_hint_len();

// If the length is u32::MAX, then the input stream is exhausted.
if len == usize::MAX {
return ReadVecResult { ptr: std::ptr::null_mut(), len: 0, capacity: 0, failed: true };
}

// Round up to multiple of 4 for whole-word alignment.
let capacity = (len + 3) / 4 * 4;

Expand All @@ -95,6 +105,7 @@ pub extern "C" fn read_vec_raw() -> ReadVecResult {
ptr: ptr as *mut u8,
len,
capacity,
failed: false,
}
} else if #[cfg(feature = "bump")] {
// Allocate a buffer of the required length that is 4 byte aligned.
Expand All @@ -113,6 +124,7 @@ pub extern "C" fn read_vec_raw() -> ReadVecResult {
ptr: ptr as *mut u8,
len,
capacity,
failed: false,
}
} else {
// An allocator must be selected.
Expand Down
32 changes: 27 additions & 5 deletions crates/zkvm/lib/src/io.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,18 @@ impl Write for SyscallWriter {
/// ```ignore
/// let data: Vec<u8> = sp1_zkvm::io::read_vec();
/// ```
#[track_caller]
pub fn read_vec() -> Vec<u8> {
let ReadVecResult { ptr, len, capacity } = unsafe { read_vec_raw() };
// 1. `ptr` was allocated using alloc
// 2. Assume that the allocator in the VM doesn't deallocate in the input space.
// 3. Size and length are correct from above. Length is <= capacity.
Comment on lines -43 to -45
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we keep this comment?

let ReadVecResult { ptr, len, capacity, failed } = unsafe { read_vec_raw() };

if failed {
panic!(
"Tried to read from the input stream, but it was empty @ {} \n
Was the correct data written into SP1Stdin?",
std::panic::Location::caller()
)
}

unsafe { Vec::from_raw_parts(ptr, len, capacity) }
}

Expand All @@ -60,8 +67,23 @@ pub fn read_vec() -> Vec<u8> {
///
/// let data: MyStruct = sp1_zkvm::io::read();
/// ```
#[track_caller]
pub fn read<T: DeserializeOwned>() -> T {
let vec = read_vec();
let ReadVecResult { ptr, len, capacity, failed } = unsafe { read_vec_raw() };

if failed {
panic!(
"Tried to read from the input stream, but it was empty @ {} \n
Was the correct data written into SP1Stdin?",
std::panic::Location::caller()
)
}

// 1. `ptr` was allocated using alloc
// 2. Assume that the allocator in the VM doesn't deallocate in the input space.
// 3. Size and length are correct from above. Length is <= capacity.
let vec = unsafe { Vec::from_raw_parts(ptr, len, capacity) };

bincode::deserialize(&vec).expect("deserialization failed")
}

Expand Down
1 change: 1 addition & 0 deletions crates/zkvm/lib/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,4 +154,5 @@ pub struct ReadVecResult {
pub ptr: *mut u8,
pub len: usize,
pub capacity: usize,
pub failed: bool,
}
Loading