Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create CommunicationError::DerefErr to avoid panics #418

Merged
merged 6 commits into from
Jun 11, 2020

Conversation

webmaster128
Copy link
Member

Closes #416

@webmaster128 webmaster128 requested a review from reuvenpo June 10, 2020 12:20
Copy link
Contributor

@reuvenpo reuvenpo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this PR a lot. It's cleaner and better than my original idea in #416.

packages/vm/src/errors.rs Show resolved Hide resolved
DerefErr {
/// the position in a Wasm linear memory
offset: u32,
msg: String,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need this message field?
All the messages written here are basically the same, and basicall say the same thing as the name of the variant plus the offset field.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, we need it for a lot of important context information in read_region/write_region as described in https://github.com/CosmWasm/cosmwasm/pull/418/files#r438383917. Those two need different context information than the Region deref.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think i see your point. You want to make sure that the pointers are dereferencable in different contexts, and you want to be able to later debug what exactly went wrong

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this case it is not me debugging this but it is other people who build standard libraries for contract development in other languages that need to get Region handling right. Once this job is done, you hardly see this error again.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See also #419

Copy link
Member

@ethanfrey ethanfrey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Love removing panics!

@@ -83,11 +83,11 @@ pub fn read_region(ctx: &Ctx, ptr: u32, max_length: usize) -> VmResult<Vec<u8>>
}
Ok(result)
}
None => panic!(
None => Err(CommunicationError::deref_err(region.offset, format!(
"Error dereferencing region {:?} in wasm memory of size {}. This typically happens when the given pointer does not point to a Region struct.",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need all this text? It will be embedded inside:
The Wasm memory address {} provided by the contract could not be dereferenced: {}

We can simplify the wording here. (But I like returning this types error over a panic)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can try compress the text slightly, but this text and the debug info are is very helpful. When you read a Region it almost always succeeds, since you can read any 12 bytes into a Region, even if you got completely broken data.

Now you try to read the region and get some error. Most likely the deref that returns the error is not the problem but the Region you read before was garbage. E.g. when you should read a 12 MB Region but the Wasm memory is only 1 MB long. Or when you are supposed to read a Region with length > capacity. This is why I add so context here and the helper text. Even a stacktrace is probably way less helpful.

"Error dereferencing region" however is wrong since the Region was dereferenced before. It must be "Tried to access memory of region {:?} in wasm memory of size {}. This typically happens when the given Region pointer does not point to a valid Region struct."

Ok(())
},
None => panic!(
None => Err(CommunicationError::deref_err(region.offset, format!(
"Error dereferencing region {:?} in wasm memory of size {}. This typically happens when the given pointer does not point to a Region struct.",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here with verbage

packages/vm/src/memory.rs Show resolved Hide resolved
@webmaster128 webmaster128 merged commit 96869b2 into master Jun 11, 2020
@webmaster128 webmaster128 deleted the create-deref-error branch June 11, 2020 10:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

cosmwasm_vm::memory::read_region panics on ptr == 0
3 participants