Skip to content
This repository has been archived by the owner on Mar 20, 2024. It is now read-only.

instrument each entrypoint function that establishes precondition+postconditions #381

Open
ksolana opened this issue Sep 21, 2023 · 3 comments
Open

instrument each entrypoint function that establishes precondition+postconditions #381

ksolana opened this issue Sep 21, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@ksolana
Copy link
Collaborator

ksolana commented Sep 21, 2023

example:

entry public fun create_and_transfer(to: address, ctx: &mut TxContext) {
        transfer::transfer(create(ctx), to)
}

Preconditions:

We'd need to validate each parameter of create_and_transfer before calling the transfer.

  • is the to address valid. A slightly extended idea would be if we want to block the transfer to an address for some reason?

Postconditions

I think these checks will be in addition to what we'll get by enabling MoveVM checks at runtime.

PS:
@ksolana ksolana added the bug Something isn't working label Sep 21, 2023
@nvjle
Copy link

nvjle commented Sep 21, 2023

I think these checks will be in addition to what we'll get by enabling MoveVM checks at runtime.

Would you elaborate on specifically where you differ from the checks that the MoveVM does (which we would presumably implement in our VM)? It would be useful to simply enumerate what the MoveVM does for parameter/signature verification-- so that we can implement to the degree possible.

In Discord regarding this issue, you mentioned "cross-contract interactions". In the Move Language, it is my understanding that any "interaction"-- which I assume would be a function call (what other kind of external interactions would there be in a Move Language program?)-- are verified in the same way. If you are referring to calling from an existing Solana program into a Move Language program (and vice-versa), I still would assume we'd try to verify parameters/signatures the same way. I think the goal of the new runtime work is to have all programs "interact" the same way, regardless of language.

@nvjle
Copy link

nvjle commented Sep 21, 2023

It is also worth noting that the Move Language provides a fairly sophisticated "specification" sub-language for expressing all sorts of invariant and condition checks ("pre- and post-conditions") in Move programs. These can be statically analyzed by the move-prover. See some examples here move-prover/tests/sources/functional.

@ksolana
Copy link
Collaborator Author

ksolana commented Sep 22, 2023

It would be useful to simply enumerate what the MoveVM does for parameter/signature verification-- so that we can implement to the degree possible.

I think this is the most reasonable path forward as need to do this anyways.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nvjle @ksolana