design icon indicating copy to clipboard operation
design copied to clipboard

Published 20 hours ago verified publisher icon ewasm

Strict argument handling of log()

Open axic opened this issue 6 years ago • 8 comments

log has a numberOfTopics argument and four topic offsets. Depending on the value of numberOfTopics (0 to 4) the offsets are used or not.

Should the interface ensure that any unused offsets must be strictly set to 0?

axic avatar Aug 10 '18 10:08 axic

I'm all for explicit error condition checking so I say yes.

lrettig avatar Aug 10 '18 13:08 lrettig

@chfast @holiman can you please raise your voices here?

axic avatar Aug 16 '18 16:08 axic

Not sure I understand the full context. So this is during runtime, when a contract calls the log(numberoftopics, o1,o2,o3,o4) or what? Could you examplify ?

holiman avatar Aug 17 '18 12:08 holiman

Yes, during runtime. Currently numberOfTopics controls how many of the topic counters are used. If say numberOfTopics is 2, then topic3 and topic4 are ignored entirely. The question is: should even in that case ewasm enforce that they are set to a known value (such as 0) or not?

axic avatar Aug 17 '18 12:08 axic

So, let me rephrase... If there is an error here, and topics3 is non-zero when it should be -- who have made the error? The compiler? The contract developer?

holiman avatar Aug 17 '18 12:08 holiman

What do you mean by error here? This function has no error reporting.

It can fail if the topic pointers are out of bounds or the the number of topics field is set higher than the validly supplied pointers.

Whether this is the fault of the compiler or the developer depends on the context. We expect that high level DSLs (such as Solidity) would handle this in the compiler and as a result would be a compiler bug. In less tight coupling (such as in system contracts) it is the developers fault.

axic avatar Aug 17 '18 12:08 axic

I think it doesn't make sense to enforce that unused topic pointers are zero. The implementation of log should not be trying to dereference those anyway.

On the other hand, in the case that numberOfTopics is set higher than the number of valid topic pointers passed, it is a dev error and should clearly specify what occurs in the case that log tries to read topic data from an OOB pointer.

jakelang avatar Oct 07 '18 22:10 jakelang

One benefit of requiring them be zero is it could aid static analysers.

An alternative solution is to require all topics to be laid out in linear memory and in that case there would be a single pointer + the numberOfTopics.

Having multiple pointers gives flexibility in arranging the data from the callers side.

axic avatar Oct 18 '18 23:10 axic