Enforce read-only nature of an action with read-only attribute

.gitmodules

@@ -9,6 +9,7 @@
 [submodule "eosio_llvm"]
 	path = eosio_llvm
 	url = https://github.com/eosio/llvm
+	branch = qy-read-only-action
 [submodule "libraries/native/softfloat"]
 	path = libraries/native/softfloat
 	url = https://github.com/EOSIO/berkeley-softfloat-3.git

tests/unit/test_contracts/read_only_tests.cpp

@@ -0,0 +1,48 @@
+#include <eosio/eosio.hpp>
+#include <eosio/privileged.hpp>
+
+using namespace eosio;
+extern "C" __attribute__((weak)) __attribute__((eosio_wasm_import)) void set_resource_limit(int64_t, int64_t, int64_t);
+
+class [[eosio::contract]]  read_only_tests : public contract {
+  public:
+
+      [[eosio::action, eosio::read_only]]
+      void test1( name user, int64_t limit ) {
+         print( "Hello, ", user);
+	      set_resource_limit(user.value, 0, 0);
+      }
+
+      [[eosio::action]]
+      void test2( name user, int64_t limit ) {
+         internal_use_do_not_use::set_resource_limits(user.value, 0, 0, 0);
+      }
+
+      [[eosio::action, eosio::read_only]]
+      void test3( name user, int64_t limit ) {
+         internal_use_do_not_use::set_resource_limits(user.value, 0, 0, 0);
+      }
+
+      [[eosio::action, eosio::read_only]]
+      void test4( name user, int64_t limit ) {
+         foo1(user);
+      }
+
+      [[eosio::action, eosio::read_only]]
+      void test5( name user, int64_t limit ) {
+         foo3(user);
+      }
+
+      void foo1(name user) {
+         foo(user);
+      }
+
+      void foo(name user) {
+         internal_use_do_not_use::set_resource_limits(user.value, 0, 0, 0);
+      }
+
+      void foo3(name user) {
+         set_resource_limit(user.value, 0, 0);
+      }
+
+};

tools/cc/eosio-cpp.cpp.in

@@ -41,7 +41,7 @@ using namespace eosio::cdt;
 
 void handle_empty_abigen(const std::string& contract_name, bool has_o_opt, bool has_contract_opt);
 
-void generate(const std::vector<std::string>& base_options, std::string input, std::string contract_name, const std::vector<std::string>& resource_paths, const std::pair<int, int>& abi_version, bool abigen, bool suppress_ricardian_warning, bool has_o_opt, bool has_contract_opt) {
+void generate(const std::vector<std::string>& base_options, std::string input, std::string contract_name, const std::vector<std::string>& resource_paths, const std::pair<int, int>& abi_version, bool abigen, bool suppress_ricardian_warning, bool has_o_opt, bool has_contract_opt, bool warn_action_read_only) {
    std::vector<std::string> options;
    options.push_back("eosio-cpp");
    options.push_back(input); // don't remove oddity of CommonOptionsParser?
@@ -67,13 +67,14 @@ void generate(const std::vector<std::string>& base_options, std::string input, s
    abigen::get().set_abi_version(std::get<0>(abi_version), std::get<1>(abi_version));
    abigen::get().set_suppress_ricardian_warning(suppress_ricardian_warning);
    codegen::get().set_contract_name(contract_name);
+   codegen::get().set_warn_action_read_only(warn_action_read_only);
 
    int tool_run = -1;
    tool_run = ctool.run(newFrontendActionFactory<eosio_abigen_frontend_action>().get());
    if (tool_run != 0) {
       throw std::runtime_error("abigen error");
    }
-
+   
    if (!abigen::get().is_empty()) {
       std::string abi_s;
       abigen::get().to_json().dump(abi_s);
@@ -136,7 +137,7 @@ int main(int argc, const char **argv) {
             tool_opts.erase(std::remove_if(tool_opts.begin(), tool_opts.end(),
                                            [&](const auto& opt){ return non_tool_opts.count(opt); }),
                             tool_opts.end());
-            generate(tool_opts, input, opts.abigen_contract, opts.abigen_resources, opts.abi_version, opts.abigen, opts.suppress_ricardian_warning, opts.has_o_opt, opts.has_contract_opt);
+            generate(tool_opts, input, opts.abigen_contract, opts.abigen_resources, opts.abi_version, opts.abigen, opts.suppress_ricardian_warning, opts.has_o_opt, opts.has_contract_opt, opts.warn_action_read_only);
 
             auto src = SmallString<64>(input);
             llvm::sys::path::remove_filename(src);

tools/include/compiler_options.hpp.in

@@ -347,7 +347,10 @@ static cl::opt<std::string> contract_name(
     "contract",
     cl::desc("Contract name"),
     cl::cat(EosioCompilerToolCategory));
-
+static cl::opt<bool> warn_action_read_only_opt(
+    "warn-action-read-only",
+    cl::desc("Issue a warning if a read-only action uses a write API and continue compilation"),
+    cl::cat(EosioCompilerToolCategory));
 /// end c/c++ options
 
 /// begin c++ options
@@ -387,6 +390,7 @@ struct Options {
    std::pair<int, int> abi_version;
    bool has_o_opt;
    bool has_contract_opt;
+   bool warn_action_read_only;
 };
 
 static void GetCompDefaults(std::vector<std::string>& copts) {
@@ -548,6 +552,7 @@ static Options CreateOptions(bool add_defaults=true) {
    std::string abigen_contract;
    bool has_o_opt;
    bool has_contract_opt;
+   bool warn_action_read_only;
 
 #ifdef ONLY_LD
    bool abigen = false;
@@ -905,6 +910,14 @@ static Options CreateOptions(bool add_defaults=true) {
       ldopts.emplace_back("-fnative");
    if (fuse_main_opt)
       ldopts.emplace_back("-fuse-main");
+
+   /* TODO */
+   if(warn_action_read_only_opt) {
+      warn_action_read_only = true;
+   } else {
+      warn_action_read_only = false;
+   }
+
 #endif
 
    /* TODO add some way of defaulting these to the current highest version */
@@ -918,8 +931,8 @@ static Options CreateOptions(bool add_defaults=true) {
    }
 
 #ifndef ONLY_LD
-   return {output_fn, inputs, link, abigen, no_missing_ricardian_clause_opt, pp_only, pp_dir, abigen_output, abigen_contract, copts, ldopts, agopts, agresources, debug, fnative_opt, {abi_version_major, abi_version_minor}, has_o_opt, has_contract_opt};
+   return {output_fn, inputs, link, abigen, no_missing_ricardian_clause_opt, pp_only, pp_dir, abigen_output, abigen_contract, copts, ldopts, agopts, agresources, debug, fnative_opt, {abi_version_major, abi_version_minor}, has_o_opt, has_contract_opt, warn_action_read_only};
 #else
-   return {output_fn, {}, link, abigen, no_missing_ricardian_clause_opt, pp_only, pp_dir, abigen_output, abigen_contract, copts, ldopts, agopts, agresources, debug, fnative_opt, {abi_version_major, abi_version_minor}, has_o_opt, has_contract_opt};
+   return {output_fn, {}, link, abigen, no_missing_ricardian_clause_opt, pp_only, pp_dir, abigen_output, abigen_contract, copts, ldopts, agopts, agresources, debug, fnative_opt, {abi_version_major, abi_version_minor}, has_o_opt, has_contract_opt, warn_action_read_only};
 #endif
 }

tools/include/eosio/codegen.hpp

@@ -61,6 +61,7 @@ namespace eosio { namespace cdt {
          llvm::ArrayRef<std::string>           sources;
          size_t                                source_index = 0;
          std::map<std::string, std::string>    tmp_files;
+         bool                                  warn_action_read_only;
 
          using generation_utils::generation_utils;
 
@@ -76,6 +77,10 @@ namespace eosio { namespace cdt {
          void set_abi(std::string s) {
             abi = s;
          }
+
+         void set_warn_action_read_only(bool w) {
+            warn_action_read_only = w;
+         }
    };
 
    class eosio_codegen_visitor : public RecursiveASTVisitor<eosio_codegen_visitor>, public generation_utils {
@@ -88,14 +93,19 @@ namespace eosio { namespace cdt {
          bool apply_was_found = false;
 
       public:
+         using call_map_t = std::map<FunctionDecl*, std::vector<CallExpr*>>;
+
          std::vector<CXXMethodDecl*> action_decls;
          std::vector<CXXMethodDecl*> notify_decls;
+         std::set<CXXMethodDecl*>    read_only_actions;
+         call_map_t                  func_calls;
 
          explicit eosio_codegen_visitor(CompilerInstance *CI)
                : generation_utils(), ci(CI) {
             cg.ast_context = &(CI->getASTContext());
             cg.codegen_ci = CI;
             rewriter.setSourceMgr(CI->getASTContext().getSourceManager(), CI->getASTContext().getLangOpts());
+            get_error_emitter().set_compiler_instance(CI);
          }
 
          void set_main_fid(FileID fid) {
@@ -234,9 +244,12 @@ namespace eosio { namespace cdt {
                   create_action_dispatch(decl);
                }
                cg.actions.insert(full_action_name); // insert the method action, so we don't create the dispatcher twice
+
+               if (decl->isEosioReadOnly()) {
+                  read_only_actions.insert(decl);
+               }
             }
             else if (decl->isEosioNotify()) {
-
                name = generation_utils::get_notify_pair(decl);
                auto first = name.substr(0, name.find("::"));
                if (first != "*")
@@ -265,6 +278,48 @@ namespace eosio { namespace cdt {
             return true;
          }
 
+         void process_function(FunctionDecl *func_decl) {
+            if (func_decl->isThisDeclarationADefinition() && func_decl->hasBody()) {
+               Stmt *stmts = func_decl->getBody();
+               for (auto it = stmts->child_begin(); it != stmts->child_end(); it++) {
+                  if (Stmt *s = *it) {
+                     if (ExprWithCleanups *ec = dyn_cast<ExprWithCleanups>(s)) {
+                        s = ec->getSubExpr();
+                        while (ImplicitCastExpr *ice = dyn_cast<ImplicitCastExpr>(s))
+                           s = ice->getSubExpr();
+                     }
+
+                     if (CallExpr *call = dyn_cast<CallExpr>(s)) {
+                        if (FunctionDecl *fd = call->getDirectCallee()) {
+                           if (func_calls.count(fd) == 0) {
+                              process_function(fd);
+                           }
+                           if (!func_calls[fd].empty()) {
+                              func_calls[func_decl].push_back(call);
+                              break;
+                           }
+                        }
+                     }
+                  }
+               }
+            }
+         }
+
+         virtual bool VisitFunctionDecl(FunctionDecl* func_decl) {
+            SourceManager &sm = get_rewriter().getSourceMgr();
+            if (sm.isInSystemHeader(func_decl->getLocation()) || sm.isInExternCSystemHeader(func_decl->getLocation())) {
+               return true;
+            }
+
+            std::string fn = func_decl->getQualifiedNameAsString();
+            if (func_calls.count(func_decl) == 0 && (is_write_host_func(fn) || is_eosio_wasm_import_write_func(func_decl))) {
+               func_calls[func_decl] = {(CallExpr*)func_decl};
+            } else {
+               process_function(func_decl);
+            }
+            return true;
+         }
+
          virtual bool VisitDecl(clang::Decl* decl) {
             if (auto* fd = dyn_cast<clang::FunctionDecl>(decl)) {
                if (fd->getNameInfo().getAsString() == "apply")
@@ -274,7 +329,7 @@ namespace eosio { namespace cdt {
          }
       };
 
-      class eosio_codegen_consumer : public ASTConsumer {
+      class eosio_codegen_consumer : public ASTConsumer, public generation_utils {
       private:
          eosio_codegen_visitor *visitor;
          std::string main_file;
@@ -295,6 +350,19 @@ namespace eosio { namespace cdt {
                visitor->set_main_fid(fid);
                visitor->set_main_name(main_fe->getName());
                visitor->TraverseDecl(Context.getTranslationUnitDecl());
+
+               for (auto const& ra : visitor->read_only_actions) {
+                  auto it = visitor->func_calls.find(ra);
+                  if (it != visitor->func_calls.end()) {
+                     std::string msg = "read-only action cannot call write host function";
+                     if (cg.warn_action_read_only) {
+                        CDT_WARN("codegen_warning", ra->getLocation(), msg);
+                     } else {
+                        CDT_ERROR("codegen_error", ra->getLocation(), msg);
+                     }
+                  }
+               }
+
                for (auto ad : visitor->action_decls)
                   visitor->create_action_dispatch(ad);