diff --git a/substrate/bin/node/runtime/src/lib.rs b/substrate/bin/node/runtime/src/lib.rs index 2060086243..45f47f904e 100644 --- a/substrate/bin/node/runtime/src/lib.rs +++ b/substrate/bin/node/runtime/src/lib.rs @@ -734,6 +734,7 @@ impl pallet_contracts::Config for Runtime { type MaxValueSize = MaxValueSize; type WeightPrice = pallet_transaction_payment::Module; type WeightInfo = pallet_contracts::weights::SubstrateWeight; + type ChainExtension = (); } impl pallet_sudo::Config for Runtime { diff --git a/substrate/frame/contracts/fixtures/chain_extension.wat b/substrate/frame/contracts/fixtures/chain_extension.wat new file mode 100644 index 0000000000..db7e83fd96 --- /dev/null +++ b/substrate/frame/contracts/fixtures/chain_extension.wat @@ -0,0 +1,46 @@ +;; Call chain extension by passing through input and output of this contract +(module + (import "seal0" "seal_call_chain_extension" + (func $seal_call_chain_extension (param i32 i32 i32 i32 i32) (result i32)) + ) + (import "seal0" "seal_input" (func $seal_input (param i32 i32))) + (import "seal0" "seal_return" (func $seal_return (param i32 i32 i32))) + (import "env" "memory" (memory 16 16)) + + (func $assert (param i32) + (block $ok + (br_if $ok (get_local 0)) + (unreachable) + ) + ) + + ;; [0, 4) len of input output + (data (i32.const 0) "\02") + + ;; [4, 12) buffer for input + + ;; [12, 16) len of output buffer + (data (i32.const 12) "\02") + + ;; [16, inf) buffer for output + + (func (export "deploy")) + + (func (export "call") + (call $seal_input (i32.const 4) (i32.const 0)) + + ;; the chain extension passes through the input and returns it as output + (call $seal_call_chain_extension + (i32.load8_u (i32.const 4)) ;; func_id + (i32.const 4) ;; input_ptr + (i32.load (i32.const 0)) ;; input_len + (i32.const 16) ;; output_ptr + (i32.const 12) ;; output_len_ptr + ) + + ;; the chain extension passes through the func_id + (call $assert (i32.eq (i32.load8_u (i32.const 4)))) + + (call $seal_return (i32.const 0) (i32.const 16) (i32.load (i32.const 12))) + ) +) diff --git a/substrate/frame/contracts/fixtures/set_rent.wat b/substrate/frame/contracts/fixtures/set_rent.wat index 1c6b512cc7..4abb7ffe9d 100644 --- a/substrate/frame/contracts/fixtures/set_rent.wat +++ b/substrate/frame/contracts/fixtures/set_rent.wat @@ -84,11 +84,11 @@ ) (i32.store (i32.const 128) (i32.const 64)) (call $seal_input - (i32.const 104) - (i32.const 100) + (i32.const 132) + (i32.const 128) ) (call $seal_set_rent_allowance - (i32.const 104) + (i32.const 132) (i32.load (i32.const 128)) ) ) diff --git a/substrate/frame/contracts/src/chain_extension.rs b/substrate/frame/contracts/src/chain_extension.rs new file mode 100644 index 0000000000..662cfb2053 --- /dev/null +++ b/substrate/frame/contracts/src/chain_extension.rs @@ -0,0 +1,393 @@ +// This file is part of Substrate. + +// Copyright (C) 2020 Parity Technologies (UK) Ltd. +// SPDX-License-Identifier: Apache-2.0 + +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +//! A mechanism for runtime authors to augment the functionality of contracts. +//! +//! The runtime is able to call into any contract and retrieve the result using +//! [`bare_call`](crate::Module::bare_call). This already allows customization of runtime +//! behaviour by user generated code (contracts). However, often it is more straightforward +//! to allow the reverse behaviour: The contract calls into the runtime. We call the latter +//! one a "chain extension" because it allows the chain to extend the set of functions that are +//! callable by a contract. +//! +//! In order to create a chain extension the runtime author implements the [`ChainExtension`] +//! trait and declares it in this pallet's [configuration Trait](crate::Config). All types +//! required for this endeavour are defined or re-exported in this module. There is an +//! implementation on `()` which can be used to signal that no chain extension is available. +//! +//! # Security +//! +//! The chain author alone is responsible for the security of the chain extension. +//! This includes avoiding the exposure of exploitable functions and charging the +//! appropriate amount of weight. In order to do so benchmarks must be written and the +//! [`charge_weight`](Environment::charge_weight) function must be called **before** +//! carrying out any action that causes the consumption of the chargeable weight. +//! It cannot be overstated how delicate of a process the creation of a chain extension +//! is. Check whether using [`bare_call`](crate::Module::bare_call) suffices for the +//! use case at hand. +//! +//! # Benchmarking +//! +//! The builtin contract callable functions that pallet-contracts provides all have +//! benchmarks that determine the correct weight that an invocation of these functions +//! induces. In order to be able to charge the correct weight for the functions defined +//! by a chain extension benchmarks must be written, too. In the near future this crate +//! will provide the means for easier creation of those specialized benchmarks. + +use crate::{ + Error, + wasm::{Runtime, RuntimeToken}, +}; +use codec::Decode; +use frame_support::weights::Weight; +use sp_runtime::DispatchError; +use sp_std::{ + marker::PhantomData, + vec::Vec, +}; + +pub use frame_system::Config as SysConfig; +pub use pallet_contracts_primitives::ReturnFlags; +pub use sp_core::crypto::UncheckedFrom; +pub use crate::exec::Ext; +pub use state::Init as InitState; + +/// Result that returns a [`DispatchError`] on error. +pub type Result = sp_std::result::Result; + +/// A trait used to extend the set of contract callable functions. +/// +/// In order to create a custom chain extension this trait must be implemented and supplied +/// to the pallet contracts configuration trait as the associated type of the same name. +/// Consult the [module documentation](self) for a general explanation of chain extensions. +pub trait ChainExtension { + /// Call the chain extension logic. + /// + /// This is the only function that needs to be implemented in order to write a + /// chain extensions. It is called whenever a contract calls the `seal_call_chain_extension` + /// imported wasm function. + /// + /// # Parameters + /// - `func_id`: The first argument to `seal_call_chain_extension`. Usually used to + /// determine which function to realize. + /// - `env`: Access to the remaining arguments and the execution environment. + /// + /// # Return + /// + /// In case of `Err` the contract execution is immediatly suspended and the passed error + /// is returned to the caller. Otherwise the value of [`RetVal`] determines the exit + /// behaviour. + fn call(func_id: u32, env: Environment) -> Result + where + ::AccountId: UncheckedFrom<::Hash> + AsRef<[u8]>; + + /// Determines whether chain extensions are enabled for this chain. + /// + /// The default implementation returns `true`. Therefore it is not necessary to overwrite + /// this function when implementing a chain extension. In case of `false` the deployment of + /// a contract that references `seal_call_chain_extension` will be denied and calling this + /// function will return [`NoChainExtension`](Error::NoChainExtension) without first calling + /// into [`call`](Self::call). + fn enabled() -> bool { + true + } +} + +/// Implementation that indicates that no chain extension is available. +impl ChainExtension for () { + fn call(_func_id: u32, mut _env: Environment) -> Result + where + ::AccountId: UncheckedFrom<::Hash> + AsRef<[u8]>, + { + // Never called since [`Self::enabled()`] is set to `false`. Because we want to + // avoid panics at all costs we supply a sensible error value here instead + // of an `unimplemented!`. + Err(Error::::NoChainExtension.into()) + } + + fn enabled() -> bool { + false + } +} + +/// Determines the exit behaviour and return value of a chain extension. +pub enum RetVal { + /// The chain extensions returns the supplied value to its calling contract. + Converging(u32), + /// The control does **not** return to the calling contract. + /// + /// Use this to stop the execution of the contract when the chain extension returns. + /// The semantic is the same as for calling `seal_return`: The control returns to + /// the caller of the currently executing contract yielding the supplied buffer and + /// flags. + Diverging{flags: ReturnFlags, data: Vec}, +} + +/// Grants the chain extension access to its parameters and execution environment. +/// +/// It uses the typestate pattern to enforce the correct usage of the parameters passed +/// to the chain extension. +pub struct Environment<'a, 'b, E: Ext, S: state::State> { + /// The actual data of this type. + inner: Inner<'a, 'b, E>, + /// `S` is only used in the type system but never as value. + phantom: PhantomData, +} + +/// Functions that are available in every state of this type. +impl<'a, 'b, E: Ext, S: state::State> Environment<'a, 'b, E, S> +where + ::AccountId: UncheckedFrom<::Hash> + AsRef<[u8]>, +{ + /// Charge the passed `amount` of weight from the overall limit. + /// + /// It returns `Ok` when there the remaining weight budget is larger than the passed + /// `weight`. It returns `Err` otherwise. In this case the chain extension should + /// abort the execution and pass through the error. + /// + /// # Note + /// + /// Weight is synonymous with gas in substrate. + pub fn charge_weight(&mut self, amount: Weight) -> Result<()> { + self.inner.runtime.charge_gas(RuntimeToken::ChainExtension(amount)).map(|_| ()) + } + + /// Grants access to the execution environment of the current contract call. + /// + /// Consult the functions on the returned type before re-implementing those functions. + pub fn ext(&mut self) -> &mut E { + self.inner.runtime.ext() + } +} + +/// Functions that are only available in the initial state of this type. +/// +/// Those are the functions that determine how the arguments to the chain extensions +/// should be consumed. +impl<'a, 'b, E: Ext> Environment<'a, 'b, E, state::Init> { + /// Creates a new environment for consumption by a chain extension. + /// + /// It is only available to this crate because only the wasm runtime module needs to + /// ever create this type. Chain extensions merely consume it. + pub(crate) fn new( + runtime: &'a mut Runtime::<'b, E>, + input_ptr: u32, + input_len: u32, + output_ptr: u32, + output_len_ptr: u32, + ) -> Self { + Environment { + inner: Inner { + runtime, + input_ptr, + input_len, + output_ptr, + output_len_ptr, + }, + phantom: PhantomData, + } + } + + /// Use all arguments as integer values. + pub fn only_in(self) -> Environment<'a, 'b, E, state::OnlyIn> { + Environment { + inner: self.inner, + phantom: PhantomData, + } + } + + /// Use input arguments as integer and output arguments as pointer to a buffer. + pub fn prim_in_buf_out(self) -> Environment<'a, 'b, E, state::PrimInBufOut> { + Environment { + inner: self.inner, + phantom: PhantomData, + } + } + + /// Use input and output arguments as pointers to a buffer. + pub fn buf_in_buf_out(self) -> Environment<'a, 'b, E, state::BufInBufOut> { + Environment { + inner: self.inner, + phantom: PhantomData, + } + } +} + +/// Functions to use the input arguments as integers. +impl<'a, 'b, E: Ext, S: state::PrimIn> Environment<'a, 'b, E, S> { + /// The `input_ptr` argument. + pub fn val0(&self) -> u32 { + self.inner.input_ptr + } + + /// The `input_len` argument. + pub fn val1(&self) -> u32 { + self.inner.input_len + } +} + +/// Functions to use the output arguments as integers. +impl<'a, 'b, E: Ext, S: state::PrimOut> Environment<'a, 'b, E, S> { + /// The `output_ptr` argument. + pub fn val2(&self) -> u32 { + self.inner.output_ptr + } + + /// The `output_len_ptr` argument. + pub fn val3(&self) -> u32 { + self.inner.output_len_ptr + } +} + +/// Functions to use the input arguments as pointer to a buffer. +impl<'a, 'b, E: Ext, S: state::BufIn> Environment<'a, 'b, E, S> +where + ::AccountId: UncheckedFrom<::Hash> + AsRef<[u8]>, +{ + /// Reads `min(max_len, in_len)` from contract memory. + /// + /// This does **not** charge any weight. The caller must make sure that the an + /// appropriate amount of weight is charged **before** reading from contract memory. + /// The reason for that is that usually the costs for reading data and processing + /// said data cannot be separated in a benchmark. Therefore a chain extension would + /// charge the overall costs either using `max_len` (worst case approximation) or using + /// [`in_len()`](Self::in_len). + pub fn read(&self, max_len: u32) -> Result> { + self.inner.runtime.read_sandbox_memory( + self.inner.input_ptr, + self.inner.input_len.min(max_len), + ) + } + + /// Reads `min(buffer.len(), in_len) from contract memory. + /// + /// This takes a mutable pointer to a buffer fills it with data and shrinks it to + /// the size of the actual data. Apart from supporting pre-allocated buffers it is + /// equivalent to to [`read()`](Self::read). + pub fn read_into(&self, buffer: &mut &mut [u8]) -> Result<()> { + let len = buffer.len(); + let sliced = { + let buffer = core::mem::take(buffer); + &mut buffer[..len.min(self.inner.input_len as usize)] + }; + self.inner.runtime.read_sandbox_memory_into_buf( + self.inner.input_ptr, + sliced, + )?; + *buffer = sliced; + Ok(()) + } + + /// Reads `in_len` from contract memory and scale decodes it. + /// + /// This function is secure and recommended for all input types of fixed size + /// as long as the cost of reading the memory is included in the overall already charged + /// weight of the chain extension. This should usually be the case when fixed input types + /// are used. Non fixed size types (like everything using `Vec`) usually need to use + /// [`in_len()`](Self::in_len) in order to properly charge the necessary weight. + pub fn read_as(&mut self) -> Result { + self.inner.runtime.read_sandbox_memory_as( + self.inner.input_ptr, + self.inner.input_len, + ) + } + + /// The length of the input as passed in as `input_len`. + /// + /// A chain extension would use this value to calculate the dynamic part of its + /// weight. For example a chain extension that calculates the hash of some passed in + /// bytes would use `in_len` to charge the costs of hashing that amount of bytes. + /// This also subsumes the act of copying those bytes as a benchmarks measures both. + pub fn in_len(&self) -> u32 { + self.inner.input_len + } +} + +/// Functions to use the output arguments as pointer to a buffer. +impl<'a, 'b, E: Ext, S: state::BufOut> Environment<'a, 'b, E, S> +where + ::AccountId: UncheckedFrom<::Hash> + AsRef<[u8]>, +{ + /// Write the supplied buffer to contract memory. + /// + /// If the contract supplied buffer is smaller than the passed `buffer` an `Err` is returned. + /// If `allow_skip` is set to true the contract is allowed to skip the copying of the buffer + /// by supplying the guard value of [`u32::max_value()`] as `out_ptr`. The + /// `weight_per_byte` is only charged when the write actually happens and is not skipped or + /// failed due to a too small output buffer. + pub fn write( + &mut self, + buffer: &[u8], + allow_skip: bool, + weight_per_byte: Option, + ) -> Result<()> { + self.inner.runtime.write_sandbox_output( + self.inner.output_ptr, + self.inner.output_len_ptr, + buffer, + allow_skip, + |len| { + weight_per_byte.map(|w| RuntimeToken::ChainExtension(w.saturating_mul(len.into()))) + }, + ) + } +} + +/// The actual data of an `Environment`. +/// +/// All data is put into this struct to easily pass it around as part of the typestate +/// pattern. Also it creates the opportunity to box this struct in the future in case it +/// gets too large. +struct Inner<'a, 'b, E: Ext> { + /// The runtime contains all necessary functions to interact with the running contract. + runtime: &'a mut Runtime::<'b, E>, + /// Verbatim argument passed to `seal_call_chain_extension`. + input_ptr: u32, + /// Verbatim argument passed to `seal_call_chain_extension`. + input_len: u32, + /// Verbatim argument passed to `seal_call_chain_extension`. + output_ptr: u32, + /// Verbatim argument passed to `seal_call_chain_extension`. + output_len_ptr: u32, +} + +/// Private submodule with public types to prevent other modules from naming them. +mod state { + pub trait State {} + + pub trait PrimIn: State {} + pub trait PrimOut: State {} + pub trait BufIn: State {} + pub trait BufOut: State {} + + pub enum Init {} + pub enum OnlyIn {} + pub enum PrimInBufOut {} + pub enum BufInBufOut {} + + impl State for Init {} + impl State for OnlyIn {} + impl State for PrimInBufOut {} + impl State for BufInBufOut {} + + impl PrimIn for OnlyIn {} + impl PrimOut for OnlyIn {} + impl PrimIn for PrimInBufOut {} + impl BufOut for PrimInBufOut {} + impl BufIn for BufInBufOut {} + impl BufOut for BufInBufOut {} +} diff --git a/substrate/frame/contracts/src/gas.rs b/substrate/frame/contracts/src/gas.rs index 949f970f03..9bb6185e55 100644 --- a/substrate/frame/contracts/src/gas.rs +++ b/substrate/frame/contracts/src/gas.rs @@ -32,7 +32,7 @@ pub type Gas = frame_support::weights::Weight; #[must_use] #[derive(Debug, PartialEq, Eq)] pub enum GasMeterResult { - Proceed, + Proceed(ChargedAmount), OutOfGas, } @@ -40,11 +40,20 @@ impl GasMeterResult { pub fn is_out_of_gas(&self) -> bool { match *self { GasMeterResult::OutOfGas => true, - GasMeterResult::Proceed => false, + GasMeterResult::Proceed(_) => false, } } } +#[derive(Debug, PartialEq, Eq)] +pub struct ChargedAmount(Gas); + +impl ChargedAmount { + pub fn amount(&self) -> Gas { + self.0 + } +} + #[cfg(not(test))] pub trait TestAuxiliaries {} #[cfg(not(test))] @@ -139,17 +148,18 @@ impl GasMeter { self.gas_left = new_value.unwrap_or_else(Zero::zero); match new_value { - Some(_) => GasMeterResult::Proceed, + Some(_) => GasMeterResult::Proceed(ChargedAmount(amount)), None => GasMeterResult::OutOfGas, } } - // Account for not fully used gas. - // - // This can be used after dispatching a runtime call to refund gas that was not - // used by the dispatchable. - pub fn refund(&mut self, gas: Gas) { - self.gas_left = self.gas_left.saturating_add(gas).max(self.gas_limit); + /// Refund previously charged gas back to the gas meter. + /// + /// This can be used if a gas worst case estimation must be charged before + /// performing a certain action. This way the difference can be refundend when + /// the worst case did not happen. + pub fn refund(&mut self, amount: ChargedAmount) { + self.gas_left = self.gas_left.saturating_add(amount.0).min(self.gas_limit) } /// Allocate some amount of gas and perform some work with diff --git a/substrate/frame/contracts/src/lib.rs b/substrate/frame/contracts/src/lib.rs index 1be5b8f448..ad694b0c87 100644 --- a/substrate/frame/contracts/src/lib.rs +++ b/substrate/frame/contracts/src/lib.rs @@ -89,6 +89,8 @@ mod wasm; mod rent; mod benchmarking; mod schedule; + +pub mod chain_extension; pub mod weights; #[cfg(test)] @@ -320,6 +322,9 @@ pub trait Config: frame_system::Config { /// Describes the weights of the dispatchables of this module and is also used to /// construct a default cost schedule. type WeightInfo: WeightInfo; + + /// Type that allows the runtime authors to add new host functions for a contract to call. + type ChainExtension: chain_extension::ChainExtension; } decl_error! { @@ -387,6 +392,10 @@ decl_error! { TooManyTopics, /// The topics passed to `seal_deposit_events` contains at least one duplicate. DuplicateTopics, + /// The chain does not provide a chain extension. Calling the chain extension results + /// in this error. Note that this usually shouldn't happen as deploying such contracts + /// is rejected. + NoChainExtension, } } diff --git a/substrate/frame/contracts/src/tests.rs b/substrate/frame/contracts/src/tests.rs index e9307e14b6..1f069a9b46 100644 --- a/substrate/frame/contracts/src/tests.rs +++ b/substrate/frame/contracts/src/tests.rs @@ -19,6 +19,10 @@ use crate::{ BalanceOf, ContractInfo, ContractInfoOf, GenesisConfig, Module, RawAliveContractInfo, RawEvent, Config, Schedule, gas::Gas, Error, ConfigCache, RuntimeReturnCode, storage::Storage, + chain_extension::{ + Result as ExtensionResult, Environment, ChainExtension, Ext, SysConfig, RetVal, + UncheckedFrom, InitState, ReturnFlags, + }, exec::AccountIdOf, }; use assert_matches::assert_matches; @@ -101,6 +105,85 @@ pub mod test_utils { } } +thread_local! { + static TEST_EXTENSION: sp_std::cell::RefCell = Default::default(); +} + +pub struct TestExtension { + enabled: bool, + last_seen_buffer: Vec, + last_seen_inputs: (u32, u32, u32, u32), +} + +impl TestExtension { + fn disable() { + TEST_EXTENSION.with(|e| e.borrow_mut().enabled = false) + } + + fn last_seen_buffer() -> Vec { + TEST_EXTENSION.with(|e| e.borrow().last_seen_buffer.clone()) + } + + fn last_seen_inputs() -> (u32, u32, u32, u32) { + TEST_EXTENSION.with(|e| e.borrow().last_seen_inputs.clone()) + } +} + +impl Default for TestExtension { + fn default() -> Self { + Self { + enabled: true, + last_seen_buffer: vec![], + last_seen_inputs: (0, 0, 0, 0), + } + } +} + +impl ChainExtension for TestExtension { + fn call(func_id: u32, env: Environment) -> ExtensionResult + where + ::AccountId: UncheckedFrom<::Hash> + AsRef<[u8]>, + { + match func_id { + 0 => { + let mut env = env.buf_in_buf_out(); + let input = env.read(2)?; + env.write(&input, false, None)?; + TEST_EXTENSION.with(|e| e.borrow_mut().last_seen_buffer = input); + Ok(RetVal::Converging(func_id)) + }, + 1 => { + let env = env.only_in(); + TEST_EXTENSION.with(|e| + e.borrow_mut().last_seen_inputs = ( + env.val0(), env.val1(), env.val2(), env.val3() + ) + ); + Ok(RetVal::Converging(func_id)) + }, + 2 => { + let mut env = env.buf_in_buf_out(); + let weight = env.read(2)?[1].into(); + env.charge_weight(weight)?; + Ok(RetVal::Converging(func_id)) + }, + 3 => { + Ok(RetVal::Diverging{ + flags: ReturnFlags::REVERT, + data: vec![42, 99], + }) + }, + _ => { + panic!("Passed unknown func_id to test chain extension: {}", func_id); + } + } + } + + fn enabled() -> bool { + TEST_EXTENSION.with(|e| e.borrow().enabled) + } +} + #[derive(Clone, Eq, PartialEq, Debug)] pub struct Test; parameter_types! { @@ -188,6 +271,7 @@ impl Config for Test { type MaxValueSize = MaxValueSize; type WeightPrice = Self; type WeightInfo = (); + type ChainExtension = TestExtension; } type Balances = pallet_balances::Module; @@ -1933,3 +2017,120 @@ fn instantiate_return_code() { }); } + +#[test] +fn disabled_chain_extension_wont_deploy() { + let (code, _hash) = compile_module::("chain_extension").unwrap(); + ExtBuilder::default().existential_deposit(50).build().execute_with(|| { + let subsistence = ConfigCache::::subsistence_threshold_uncached(); + let _ = Balances::deposit_creating(&ALICE, 10 * subsistence); + TestExtension::disable(); + assert_eq!( + Contracts::put_code(Origin::signed(ALICE), code), + Err("module uses chain extensions but chain extensions are disabled".into()), + ); + }); +} + +#[test] +fn disabled_chain_extension_errors_on_call() { + let (code, hash) = compile_module::("chain_extension").unwrap(); + ExtBuilder::default().existential_deposit(50).build().execute_with(|| { + let subsistence = ConfigCache::::subsistence_threshold_uncached(); + let _ = Balances::deposit_creating(&ALICE, 10 * subsistence); + assert_ok!(Contracts::put_code(Origin::signed(ALICE), code)); + TestExtension::disable(); + assert_ok!( + Contracts::instantiate( + Origin::signed(ALICE), + subsistence, + GAS_LIMIT, + hash.into(), + vec![], + vec![], + ), + ); + let addr = Contracts::contract_address(&ALICE, &hash, &[]); + assert_err_ignore_postinfo!( + Contracts::call( + Origin::signed(ALICE), + addr.clone(), + 0, + GAS_LIMIT, + vec![], + ), + Error::::NoChainExtension, + ); + }); +} + +#[test] +fn chain_extension_works() { + let (code, hash) = compile_module::("chain_extension").unwrap(); + ExtBuilder::default().existential_deposit(50).build().execute_with(|| { + let subsistence = ConfigCache::::subsistence_threshold_uncached(); + let _ = Balances::deposit_creating(&ALICE, 10 * subsistence); + assert_ok!(Contracts::put_code(Origin::signed(ALICE), code)); + assert_ok!( + Contracts::instantiate( + Origin::signed(ALICE), + subsistence, + GAS_LIMIT, + hash.into(), + vec![], + vec![], + ), + ); + let addr = Contracts::contract_address(&ALICE, &hash, &[]); + + // The contract takes a up to 2 byte buffer where the first byte passed is used as + // as func_id to the chain extension which behaves differently based on the + // func_id. + + // 0 = read input buffer and pass it through as output + let result = Contracts::bare_call( + ALICE, + addr.clone(), + 0, + GAS_LIMIT, + vec![0, 99], + ); + let gas_consumed = result.gas_consumed; + assert_eq!(TestExtension::last_seen_buffer(), vec![0, 99]); + assert_eq!(result.exec_result.unwrap().data, vec![0, 99]); + + // 1 = treat inputs as integer primitives and store the supplied integers + Contracts::bare_call( + ALICE, + addr.clone(), + 0, + GAS_LIMIT, + vec![1], + ).exec_result.unwrap(); + // those values passed in the fixture + assert_eq!(TestExtension::last_seen_inputs(), (4, 1, 16, 12)); + + // 2 = charge some extra weight (amount supplied in second byte) + let result = Contracts::bare_call( + ALICE, + addr.clone(), + 0, + GAS_LIMIT, + vec![2, 42], + ); + assert_ok!(result.exec_result); + assert_eq!(result.gas_consumed, gas_consumed + 42); + + // 3 = diverging chain extension call that sets flags to 0x1 and returns a fixed buffer + let result = Contracts::bare_call( + ALICE, + addr.clone(), + 0, + GAS_LIMIT, + vec![3], + ).exec_result.unwrap(); + assert_eq!(result.flags, ReturnFlags::REVERT); + assert_eq!(result.data, vec![42, 99]); + }); +} + diff --git a/substrate/frame/contracts/src/wasm/mod.rs b/substrate/frame/contracts/src/wasm/mod.rs index e150e84d34..e295febb51 100644 --- a/substrate/frame/contracts/src/wasm/mod.rs +++ b/substrate/frame/contracts/src/wasm/mod.rs @@ -34,14 +34,13 @@ mod code_cache; mod prepare; mod runtime; -use self::runtime::Runtime; use self::code_cache::load as load_code; use pallet_contracts_primitives::ExecResult; pub use self::code_cache::save as save_code; #[cfg(feature = "runtime-benchmarks")] pub use self::code_cache::save_raw as save_code_raw; -pub use self::runtime::ReturnCode; +pub use self::runtime::{ReturnCode, Runtime, RuntimeToken}; /// A prepared wasm module ready for execution. #[derive(Clone, Encode, Decode)] diff --git a/substrate/frame/contracts/src/wasm/prepare.rs b/substrate/frame/contracts/src/wasm/prepare.rs index b30feb72ed..e03eb3d39b 100644 --- a/substrate/frame/contracts/src/wasm/prepare.rs +++ b/substrate/frame/contracts/src/wasm/prepare.rs @@ -19,10 +19,11 @@ //! wasm module before execution. It also extracts some essential information //! from a module. -use crate::wasm::env_def::ImportSatisfyCheck; -use crate::wasm::PrefabWasmModule; -use crate::{Schedule, Config}; - +use crate::{ + Schedule, Config, + chain_extension::ChainExtension, + wasm::{PrefabWasmModule, env_def::ImportSatisfyCheck}, +}; use parity_wasm::elements::{self, Internal, External, MemoryType, Type, ValueType}; use pwasm_utils; use sp_std::prelude::*; @@ -355,6 +356,12 @@ impl<'a, T: Config> ContractModule<'a, T> { return Err("module imports `seal_println` but debug features disabled"); } + if !T::ChainExtension::enabled() && + import.field().as_bytes() == b"seal_call_chain_extension" + { + return Err("module uses chain extensions but chain extensions are disabled"); + } + if import_fn_banlist.iter().any(|f| import.field().as_bytes() == *f) || !C::can_satisfy(import.field().as_bytes(), func_ty) { diff --git a/substrate/frame/contracts/src/wasm/runtime.rs b/substrate/frame/contracts/src/wasm/runtime.rs index c8e142d12c..41ab3e390a 100644 --- a/substrate/frame/contracts/src/wasm/runtime.rs +++ b/substrate/frame/contracts/src/wasm/runtime.rs @@ -20,7 +20,7 @@ use crate::{ HostFnWeights, Schedule, Config, CodeHash, BalanceOf, Error, exec::{Ext, StorageKey, TopicOf}, - gas::{Gas, GasMeter, Token, GasMeterResult}, + gas::{Gas, GasMeter, Token, GasMeterResult, ChargedAmount}, wasm::env_def::ConvertibleToWasm, }; use sp_sandbox; @@ -28,7 +28,7 @@ use parity_wasm::elements::ValueType; use frame_system; use frame_support::dispatch::DispatchError; use sp_std::prelude::*; -use codec::{Decode, Encode}; +use codec::{Decode, DecodeAll, Encode}; use sp_runtime::traits::SaturatedConversion; use sp_core::crypto::UncheckedFrom; use sp_io::hashing::{ @@ -126,7 +126,7 @@ impl> From for TrapReason { #[cfg_attr(test, derive(Debug, PartialEq, Eq))] #[derive(Copy, Clone)] -enum RuntimeToken { +pub enum RuntimeToken { /// Charge the gas meter with the cost of a metering block. The charged costs are /// the supplied cost of the block plus the overhead of the metering itself. MeteringBlock(u32), @@ -198,6 +198,10 @@ enum RuntimeToken { HashBlake256(u32), /// Weight of calling `seal_hash_blake2_128` for the given input size. HashBlake128(u32), + /// Weight charged by a chain extension through `seal_call_chain_extension`. + ChainExtension(u64), + /// Weight charged for copying data from the sandbox. + CopyIn(u32), } impl Token for RuntimeToken @@ -256,6 +260,8 @@ where .saturating_add(s.hash_blake2_256_per_byte.saturating_mul(len.into())), HashBlake128(len) => s.hash_blake2_128 .saturating_add(s.hash_blake2_128_per_byte.saturating_mul(len.into())), + ChainExtension(amount) => amount, + CopyIn(len) => s.return_per_byte.saturating_mul(len.into()), } } } @@ -376,6 +382,14 @@ where } } + /// Get a mutable reference to the inner `Ext`. + /// + /// This is mainly for the chain extension to have access to the environment the + /// contract is executing in. + pub fn ext(&mut self) -> &mut E { + self.ext + } + /// Store the reason for a host function triggered trap. /// /// This is called by the `define_env` macro in order to store any error returned by @@ -388,12 +402,12 @@ where /// Charge the gas meter with the specified token. /// /// Returns `Err(HostError)` if there is not enough gas. - fn charge_gas(&mut self, token: Tok) -> Result<(), DispatchError> + pub fn charge_gas(&mut self, token: Tok) -> Result where Tok: Token>, { match self.gas_meter.charge(&self.schedule.host_fn_weights, token) { - GasMeterResult::Proceed => Ok(()), + GasMeterResult::Proceed(amount) => Ok(amount), GasMeterResult::OutOfGas => Err(Error::::OutOfGas.into()) } } @@ -403,7 +417,7 @@ where /// Returns `Err` if one of the following conditions occurs: /// /// - requested buffer is not within the bounds of the sandbox memory. - fn read_sandbox_memory(&self, ptr: u32, len: u32) + pub fn read_sandbox_memory(&self, ptr: u32, len: u32) -> Result, DispatchError> { let mut buf = vec![0u8; len as usize]; @@ -417,7 +431,7 @@ where /// Returns `Err` if one of the following conditions occurs: /// /// - requested buffer is not within the bounds of the sandbox memory. - fn read_sandbox_memory_into_buf(&self, ptr: u32, buf: &mut [u8]) + pub fn read_sandbox_memory_into_buf(&self, ptr: u32, buf: &mut [u8]) -> Result<(), DispatchError> { self.memory.get(ptr, buf).map_err(|_| Error::::OutOfBounds.into()) @@ -429,20 +443,29 @@ where /// /// - requested buffer is not within the bounds of the sandbox memory. /// - the buffer contents cannot be decoded as the required type. - fn read_sandbox_memory_as(&self, ptr: u32, len: u32) + /// + /// # Note + /// + /// It is safe to forgo benchmarking and charging weight relative to `len` for fixed + /// size types (basically everything not containing a heap collection): + /// Despite the fact that we are usually about to read the encoding of a fixed size + /// type, we cannot know the encoded size of that type. We therefore are required to + /// use the length provided by the contract. This length is untrusted and therefore + /// we charge weight relative to the provided size upfront that covers the copy costs. + /// On success this cost is refunded as the copying was already covered in the + /// overall cost of the host function. This is different from `read_sandbox_memory` + /// where the size is dynamic and the costs resulting from that dynamic size must + /// be charged relative to this dynamic size anyways (before reading) by constructing + /// the benchmark for that. + pub fn read_sandbox_memory_as(&mut self, ptr: u32, len: u32) -> Result { + let amount = self.charge_gas(RuntimeToken::CopyIn(len))?; let buf = self.read_sandbox_memory(ptr, len)?; - D::decode(&mut &buf[..]).map_err(|_| Error::::DecodingFailed.into()) - } - - /// Write the given buffer to the designated location in the sandbox memory. - /// - /// Returns `Err` if one of the following conditions occurs: - /// - /// - designated area is not within the bounds of the sandbox memory. - fn write_sandbox_memory(&mut self, ptr: u32, buf: &[u8]) -> Result<(), DispatchError> { - self.memory.set(ptr, buf).map_err(|_| Error::::OutOfBounds.into()) + let decoded = D::decode_all(&mut &buf[..]) + .map_err(|_| DispatchError::from(Error::::DecodingFailed))?; + self.gas_meter.refund(amount); + Ok(decoded) } /// Write the given buffer and its length to the designated locations in sandbox memory and @@ -464,7 +487,7 @@ where /// /// In addition to the error conditions of `write_sandbox_memory` this functions returns /// `Err` if the size of the buffer located at `out_ptr` is too small to fit `buf`. - fn write_sandbox_output( + pub fn write_sandbox_output( &mut self, out_ptr: u32, out_len_ptr: u32, @@ -496,6 +519,15 @@ where Ok(()) } + /// Write the given buffer to the designated location in the sandbox memory. + /// + /// Returns `Err` if one of the following conditions occurs: + /// + /// - designated area is not within the bounds of the sandbox memory. + fn write_sandbox_memory(&mut self, ptr: u32, buf: &[u8]) -> Result<(), DispatchError> { + self.memory.set(ptr, buf).map_err(|_| Error::::OutOfBounds.into()) + } + /// Computes the given hash function on the supplied input. /// /// Reads from the sandboxed input buffer into an intermediate buffer. @@ -1362,4 +1394,37 @@ define_env!(Env, , ctx.charge_gas(RuntimeToken::HashBlake128(input_len))?; Ok(ctx.compute_hash_on_intermediate_buffer(blake2_128, input_ptr, input_len, output_ptr)?) }, + + // Call into the chain extension provided by the chain if any. + // + // Handling of the input values is up to the specific chain extension and so is the + // return value. The extension can decide to use the inputs as primitive inputs or as + // in/out arguments by interpreting them as pointers. Any caller of this function + // must therefore coordinate with the chain that it targets. + // + // # Note + // + // If no chain extension exists the contract will trap with the `NoChainExtension` + // module error. + seal_call_chain_extension( + ctx, + func_id: u32, + input_ptr: u32, + input_len: u32, + output_ptr: u32, + output_len_ptr: u32 + ) -> u32 => { + use crate::chain_extension::{ChainExtension, Environment, RetVal}; + if ::ChainExtension::enabled() == false { + Err(Error::::NoChainExtension)?; + } + let env = Environment::new(ctx, input_ptr, input_len, output_ptr, output_len_ptr); + match ::ChainExtension::call(func_id, env)? { + RetVal::Converging(val) => Ok(val), + RetVal::Diverging{flags, data} => Err(TrapReason::Return(ReturnData { + flags: flags.bits(), + data, + })), + } + }, );