pallet-revive: Statically verify imports on code deployment #6759
Conversation
|
/cmd prdoc --audience runtime_dev |
| /// The API version that this contract operates under. | ||
| /// | ||
| /// This determines which host functions are available to the contract. This | ||
| /// prevents that new host functions become available to already deployed contracts. | ||
| api_version: u16, | ||
| /// The behaviour version that this contract operates under. | ||
| /// | ||
| /// Whenever any observeable change (with the exception of weights) are made we need | ||
| /// to make sure that already deployed contracts will not be affected. We do this by | ||
| /// exposing the old behaviour depending on the set behaviour version of the contract. | ||
| /// | ||
| /// As of right now this is a reserved field that is always set to 0. | ||
| behaviour_version: u16, | ||
| behaviour_version: u32, |
There was a problem hiding this comment.
Doesn't need migration. Everything was set to zero and we just widen behavior_version to cover both fields.
There was a problem hiding this comment.
We would need a migration if keeping it u16. By widening it the encoded format of the structure stays the same.
athei
requested review from
xermicus and
pgherveou
and removed request for
xermicus
| #[polkavm_derive::polkavm_import] | ||
| extern "C" { | ||
| pub fn set_code_hash(); | ||
| } |
There was a problem hiding this comment.
shouldn't we make a dedicated unstable api just for test so that this does not fail when this becomes stable
There was a problem hiding this comment.
Yeah that is a good idea. But we will cross the bridge once we get there.
| /// The API version that this contract operates under. | ||
| /// | ||
| /// This determines which host functions are available to the contract. This | ||
| /// prevents that new host functions become available to already deployed contracts. | ||
| api_version: u16, | ||
| /// The behaviour version that this contract operates under. | ||
| /// | ||
| /// Whenever any observeable change (with the exception of weights) are made we need | ||
| /// to make sure that already deployed contracts will not be affected. We do this by | ||
| /// exposing the old behaviour depending on the set behaviour version of the contract. | ||
| /// | ||
| /// As of right now this is a reserved field that is always set to 0. | ||
| behaviour_version: u16, | ||
| behaviour_version: u32, |
|
All GitHub workflows were cancelled due to failure one of the required jobs. |
Previously, we failed at runtime if an unknown or unstable host function was called. This requires us to keep track of when a host function was added and when a code was deployed. We used the
api_versionto track at which API version each code was deployed. This made sure that when a new host function was added that old code won't have access to it. This is necessary as otherwise the behavior of a contract that made calls to this previously non existent host function would change from "trap" to "do something".In this PR we remove the API version. Instead, we statically verify on upload that no non-existent host function is ever used in the code. This will allow us to add new host function later without needing to keep track when they were added.
This simplifies the code and also gives an immediate feedback if unknown host functions are used.