snarkVM icon indicating copy to clipboard operation
snarkVM copied to clipboard
verified publisher icon AleoNet

Sign function call graph when program upgrades are supported

Open vicsn opened this issue 6 months ago • 1 comments

Motivation

This ensures a signed Request can only be used to prove and execute a specific expected call graph, ensuring:

  • a signer is always in exact control of what they're executing.
  • a program upgrade always has a uniform impact on existing Requests: they become invalid.

Test Plan

  • [ ] Add unit tests

vicsn avatar Jun 09 '25 09:06 vicsn

Making a self note. This design allows pinning dependencies of the call graph, however, it does not cover all dependencies. For example, an external mapping read might be to an upgraded program. This is expected semantics; a developer can fix this dependency by manually asserting the edition.

d0cd avatar Jun 11 '25 17:06 d0cd

Is this still relevant/landable now that upgradability already landed?

The changes here will break circuits, so all VKs will need to be resampled for programs with constructors.

raychu86 avatar Jul 29 '25 21:07 raychu86

@vicsn correct me if I missed something, but most, if not all changes have landed with upgradability (with some adjustments).

This PR can be closed.

d0cd avatar Jul 29 '25 21:07 d0cd