Enforce read-only nature of an action with read-only attribute #1068
Conversation
bogniq
force-pushed
the
qy-read-only-action
branch
from
0ea28d5
to
17c82b0
Compare
…sio"_n, user can use other account then.
bogniq
force-pushed
the
qy-read-only-action
branch
from
16b86a6
to
e4beb61
Compare
.gitmodules
Outdated
| @@ -9,6 +9,7 @@ | |||
| [submodule "eosio_llvm"] | |||
| path = eosio_llvm | |||
| url = https://github.com/eosio/llvm | |||
| branch = qy-read-only-action | |||
There was a problem hiding this comment.
This branch should be the 'eosio' branch of llvm. So, please make a PR to LLVM to the branch 'eosio' and then update this.
There was a problem hiding this comment.
EOSIO/llvm#29 was just created, which updates clang to the head of its 'eosio' branch (with read-only attribute added). The branch setting here will be removed after the LLVM PR is merged.
tools/include/eosio/codegen.hpp
Outdated
|
|
||
| virtual bool VisitFunctionDecl(FunctionDecl* func_decl) { | ||
| SourceManager &sm = get_rewriter().getSourceMgr(); | ||
| if (sm.isInSystemHeader(func_decl->getLocation()) || sm.isInExternCSystemHeader(func_decl->getLocation())) { |
There was a problem hiding this comment.
This is a fine short circuit. But, we do have a few places in our C++ and C headers where we have some extern C <writable_host_functions> to supply the underlying bases for libc. This will more than likely miss those calls.
There was a problem hiding this comment.
This system header checking is deleted in the new commit:
eosio.cdt/tools/include/eosio/codegen.hpp
Lines 383 to 384 in ef00c9d
|
|
||
| inline bool is_write_host_func( const std::string& t ) { | ||
| static const std::set<std::string> write_host_funcs = | ||
| { |
There was a problem hiding this comment.
I would recommend only using the C name for looking for these host functions.
I.e. instead of eosio::internal_use_do_not_use::set_resource_limits, just look for the stripped name of set_resource_limits and if it is a extern-C function or a regular C function.
The reason for this, is that as you can see, you have to duplicate some of these, also the C++ namespaced names are purely decorative and just supplying context for the smart contract developer. You should still only have one set_resource_limits per smart contract.
There was a problem hiding this comment.
Fixed. (Method is_eosio_wasm_import_write_func is also removed, because when using C name to find write host functions, the updated is_write_host_func method can also handle the "eosio_wasm_import" functions. Please let me know if I missed anything. Thanks!)
eosio.cdt/tools/include/eosio/gen.hpp
Lines 688 to 726 in ef00c9d
Change Description
This PR adds checking of
eosio:read_onlyattribute for actions. Currently, it only supports checking for direct calls and some ways of indirect calls of specific write host functions.If compiler option
--warn-action-read-onlyis used, even if some read-only action calls write host functions, the contract compilation still continues but will output warning messages. Otherwise, the compilation will stop and output error messages.API Changes
Documentation Additions