Add miden-package crate with Package type to represent a compiled Miden program/library.
#1544
Conversation
greenhat
changed the title
miden-package crate with Package type to represent a compiled Miden program/library.miden-package crate with Package type to represent a compiled Miden program/library.
greenhat
force-pushed
the
greenhat/miden-package
branch
4 times, most recently
from
76a4b7e to
9ff342e
Compare
greenhat
force-pushed
the
greenhat/miden-package
branch
from
9ff342e to
7c9b95b
Compare
greenhat
changed the base branch from
next
to
greenhat/library-deser-uncheck-exports
greenhat
force-pushed
the
greenhat/library-deser-uncheck-exports
branch
from
1ca8581 to
3581727
Compare
greenhat
force-pushed
the
greenhat/miden-package
branch
7 times, most recently
from
41b5f5d to
c5ff6f0
Compare
greenhat
force-pushed
the
greenhat/miden-package
branch
6 times, most recently
from
211f34c to
84ea102
Compare
greenhat
changed the base branch from
next
to
greenhat/i1547-mastforest-add-advicemap
greenhat
changed the title
miden-package crate with Package type to represent a compiled Miden program/library.miden-package crate with Package type to represent a compiled Miden program/library.
greenhat
force-pushed
the
greenhat/i1547-mastforest-add-advicemap
branch
from
eda4a01 to
006e03a
Compare
greenhat
force-pushed
the
greenhat/miden-package
branch
2 times, most recently
from
5ec902e to
d6419ca
Compare
greenhat
force-pushed
the
greenhat/i1547-mastforest-add-advicemap
branch
from
006e03a to
92f3309
Compare
assembly/src/ast/procedure/name.rs
Outdated
| let proc_name = | ||
| ProcedureName::new_unchecked(Ident::new_unchecked(Span::unknown(Arc::from(str)))); |
There was a problem hiding this comment.
This would allow deserialization of arbitrary strings as procedure names, right? (e.g., strings with control or unprintable characters etc.) Would this not be a problem?
Should we enforce at least some kind of validation (e.g., maybe against the alphabet used on line 371 below)?
There was a problem hiding this comment.
Good point! Since it's an unchecked user input, I suppose there is a chance to use it for some sort of attack. I cannot come up with any, but I'd feel safer if we have at least some validation here. This should be a different (more relaxed) validation from the one we use when parsing the MASM source code. @bitwalker What do you think?
There was a problem hiding this comment.
I relaxed the validation rules in the Ident (used in LibraryPath) and ProcedureName in new constructors and used them in the deserialization instead of the new_unchecked ones.
The validation on MASM source code parsing is implemented in the lexer and does not use the checked constructors (it calls new_unchecked). So the existing checked constructors are the different (from lexer's) kind of validation to be used everywhere else.
assembly/src/library/path.rs
Outdated
| Ok((ns, rest)) => { | ||
| let module_id = Ident::new_unchecked(Span::new( | ||
| SourceSpan::default(), | ||
| Arc::from(rest.to_string()), | ||
| )); | ||
| LibraryPath::new_from_components(ns, [module_id]) | ||
| }, | ||
| Err(_) => { | ||
| let module_id = Ident::new_unchecked(Span::new( | ||
| SourceSpan::default(), | ||
| Arc::from(path.to_string()), | ||
| )); | ||
| LibraryPath::new_from_components(LibraryNamespace::Anon, [module_id]) | ||
| }, |
There was a problem hiding this comment.
Similar comment as above. I think we discussed this previously, but I don't remember why we are skipping validation rather than updating validation rules to support the newly required formats.
There was a problem hiding this comment.
AFAIR, the reason was that validation that we have now is for the MASM source code parsing, and technically, we can allow any characters in the identifiers in the compiled code. @bitwalker correct me if I'm wrong.
But from the "validate any user input" point of view, it makes sense to create and use another, more relaxed type of validation here and in ProcedureName (see my comment above).
There was a problem hiding this comment.
Done. See my comment above - #1544 (comment)
Co-authored-by: Philippe Laferrière <[email protected]>
Co-authored-by: Philippe Laferrière <[email protected]>
Co-authored-by: Philippe Laferrière <[email protected]>
Co-authored-by: Philippe Laferrière <[email protected]>
Co-authored-by: Philippe Laferrière <[email protected]>
Co-authored-by: Philippe Laferrière <[email protected]>
There was a problem hiding this comment.
Looks good! Thank you! I left some comments inline. The main ones are about:
- Potentially adding some validation to library path deserialization.
- Using
Serializable/Deserializableinstead ofserde. - Not including functionality that assumes downstream crates (i.e.,
miden-base).
| @@ -0,0 +1,31 @@ | |||
| [package] | |||
| name = "miden-package" | |||
There was a problem hiding this comment.
I'm wondering if we should make it a bit more specific. Maybe miden-vm-package or miden-code-package (though, not sure if I like these better than just miden-package).
There was a problem hiding this comment.
I got so much used to miden-package so I'm biased here. :) In general, if we plan to have another "packages" (account?) giving it a more specific name makes sense.
|
@bobbinth @plafer Thank you for the review! I've addressed all notes, implemented easy ones, and I am converting this PR to draft to work on:
|
instead of `bitcode` and `serde`
Implement `Serializable/Deserializable` and `Arbitrary`(proptest) for `QualifiedProcedureName`. Add serialization roundtrip tests for `LibraryPath` and `ProcedureName`.
greenhat
force-pushed
the
greenhat/miden-package
branch
from
915c093 to
a93f3a2
Compare
| pub use self::{ | ||
| dep::{ | ||
| resolver::{ | ||
| DependencyResolver, LocalResolvedDependency, MemDependencyResolverByDigest, | ||
| ResolvedDependency, | ||
| }, | ||
| Dependency, DependencyName, | ||
| }, | ||
| package::{MastArtifact, Package, PackageExport, PackageManifest}, | ||
| }; |
There was a problem hiding this comment.
Question: should we re-export such things as Digest, Program, MastForest etc. from here is that this crate is more "self-contained"?
There was a problem hiding this comment.
I'd say "yes". I can imagine miden-package crate being used for some sort of package analysis without relaying on the rest of VM crates.
package/src/package.rs
Outdated
| ///// Parses a package from the provided bytes | ||
| //pub fn read_from_bytes<B>(bytes: B) -> Result<Self, Report> | ||
| //where | ||
| // B: AsRef<[u8]>, | ||
| //{ | ||
| // use alloc::borrow::Cow; | ||
| // | ||
| // let bytes = bytes.as_ref(); | ||
| // | ||
| // let bytes = bytes | ||
| // .strip_prefix(Self::MAGIC) | ||
| // .ok_or_else(|| Report::msg("invalid package: missing header"))?; | ||
| // let bytes = bytes.strip_prefix(Self::FORMAT_VERSION).ok_or_else(|| { | ||
| // Report::msg(format!( | ||
| // "invalid package: incorrect version, expected '1.0', got '{}'", | ||
| // bytes.get(0..4).map(String::from_utf8_lossy).unwrap_or(Cow::Borrowed("")), | ||
| // )) | ||
| // })?; | ||
| // | ||
| // bitcode::deserialize(bytes).map_err(Report::msg) | ||
| //} | ||
| // | ||
| ///// Serializes the package into a byte array | ||
| //pub fn write_to_bytes(&self) -> Result<Vec<u8>, Report> { | ||
| // let mut bytes = Vec::new(); | ||
| // bytes.extend_from_slice(Self::MAGIC); | ||
| // bytes.extend_from_slice(Self::FORMAT_VERSION); | ||
| // let mut data = bitcode::serialize(self).map_err(Report::msg)?; | ||
| // bytes.append(&mut data); | ||
| // Ok(bytes) | ||
| //} |
There was a problem hiding this comment.
Is this meant to be commented-out?
There was a problem hiding this comment.
Yes, I missed it. Thanks for spotting this!
In my defense, I planned to give this PR a "polish" before marking it ready and asking for another round of reviews. 🙂
package/src/package.rs
Outdated
| pub fn digest(&self) -> Digest { | ||
| self.mast.digest() | ||
| } |
There was a problem hiding this comment.
nit: let's add a doc comment here.
package/src/tests.rs
Outdated
There was a problem hiding this comment.
Should this test be moved under src/package/serialization?
package/src/package.rs
Outdated
There was a problem hiding this comment.
Should this file be moved to src/package/mod.rs?
package/src/package.rs
Outdated
| pub struct Package { | ||
| /// Name of the package | ||
| pub name: String, | ||
| /// The MAST artifact ([Program] or [Library]) of the package | ||
| pub mast: MastArtifact, | ||
| /// The package manifest, containing the set of exported procedures and their signatures, | ||
| /// if known. | ||
| pub manifest: PackageManifest, | ||
| } |
There was a problem hiding this comment.
Probably not for this PR, but where would we put custom metadata? Here, I'm thinking about the storage layout metadata we'd need to instantiate account components.
There was a problem hiding this comment.
I'm thinking, either directly in Package or in PackageManifest.
constructors in deserialization.
greenhat
force-pushed
the
greenhat/miden-package
branch
from
223c95f to
37fe048
Compare
This PR adds
miden-packagecrate withPackagetype ported from the compiler's ad-hoc implementation to represent a compiled Miden program/library.Please consider reviewing this PR commit-by-commit. I crafted the commits to be focused on a single change and show the evolution of the implementation.
The reasons for the new crate are explained in 0xPolygonMiden/compiler#376
The compiler's PR that uses
miden-packagefrom this PR is 0xPolygonMiden/compiler#349