From 47e732717f08e27d6aa62bcabbb2a13e7a56c884 Mon Sep 17 00:00:00 2001 From: Anatoly Yakovenko Date: Fri, 29 Jun 2018 06:27:25 -0700 Subject: [PATCH] more notes --- rfcs/rfc-001-smart-contracts-engine.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rfcs/rfc-001-smart-contracts-engine.md b/rfcs/rfc-001-smart-contracts-engine.md index 7c7dce4e90..b0ff842d24 100644 --- a/rfcs/rfc-001-smart-contracts-engine.md +++ b/rfcs/rfc-001-smart-contracts-engine.md @@ -54,6 +54,10 @@ For 3, every load and store that is relative can be checked to be within the exp For 4, Fully linked PIC ELF with just a single RX segment. Effectively we are linking a shared object with `-fpic -target bpf` and with a linker script to collect everything into a single RX segment. Writable globals are not supported. +### Address Checks + +The interface to the module takes a `&mut Vec>` in rust, or a `int sz, void* data[sz], int szs[sz]` in `C`. Given the module's bytecode, for each method, we need to analyze the bounds on load and stores into each buffer the module uses. This check needs to be done `on chain`, and after those bounds are computed we can verify that the user supplied array of buffers will not cause a memory fault. For load and stores that we cannot analyze, we can replace with a `safe_load` and `safe_store` instruction that will check the table for access. + ## Loader The loader is our first smart contract. The job of this contract is to load the actual program with its own instance data. The loader will verify the bytecode and that the object implements the expected entry points.