soroban_env_common/env.rs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406
use soroban_env_macros::generate_call_macro_with_all_host_functions;
use crate::Object;
use super::Symbol;
use super::{
AddressObject, Bool, BytesObject, DurationObject, Error, I128Object, I256Object, I256Val,
I64Object, MapObject, StorageType, StringObject, SymbolObject, TimepointObject, U128Object,
U256Object, U256Val, U32Val, U64Object, U64Val, Val, VecObject, Void,
};
use crate::xdr::{ScErrorCode, ScErrorType};
/// Base trait extended by the [Env](crate::Env) trait, providing various special-case
/// functions that do _not_ simply call across cross the guest/host interface.
pub trait EnvBase: Sized + Clone {
/// The type of error returned from the environment when the environment
/// itself fails "unrecoverably", or at least in a way that the user is not
/// expected to be able to recover from, such as an internal logic error,
/// exceeding the execution budget, or being passed malformed input in a way
/// that the user-facing API does not anticipate or allow for. This type is
/// returned from _all_ environment-interface methods, and will only ever
/// take on two possible concrete types: either `Infallible` (in the
/// `Guest`) or `HostError` (in the `Host`).
///
/// The `Guest` can treat all such errors as impossible-to-observe since
/// they will result in the `Host` _trapping_ the `Guest` before returning
/// an `Error` to it. Such errors still remain present in the `Env` API so
/// that we can use the same API in both scenarios, rather than having to
/// have separate "fallible" or "infallible" environments and separate
/// conversion routines for each (as was attempted in earlier iterations).
///
/// This type is _not_ the same as an error intended to make it to the
/// user-facing API: user-facing errors should return `Ok(Error)` at the
/// environment-interface level, and then either directly handle or escalate
/// the contained `Error` code to the user as a `Error` or `Result<>` of
/// some other type, depending on the API.
type Error: core::fmt::Debug + Into<crate::Error>;
/// Check that a [`Val`] is good according to the current Env. This is a
/// superset of calling `Val::good` as it also checks that if the `Val` is
/// an [`Object`], that the `Object` is good according to
/// [`Self::check_obj_integrity`].
fn check_val_integrity(&self, val: Val) -> Result<(), Self::Error> {
if !val.is_good() {
return Err(self.error_from_error_val(Error::from_type_and_code(
ScErrorType::Value,
ScErrorCode::InvalidInput,
)));
}
if let Ok(obj) = Object::try_from(val) {
self.check_obj_integrity(obj)
} else {
Ok(())
}
}
/// Check that an Object handle is good according to the current Env. For
/// general Val-validity checking one should use Val::good().
fn check_obj_integrity(&self, _obj: Object) -> Result<(), Self::Error> {
Ok(())
}
/// Convert a [`crate::Error`] into [`EnvBase::Error`]. This is similar to adding
/// `+ From<crate::Error>` to the associated type bound for `EnvBase::Error`
/// but it allows us to restrict that conversion in downstream crates, which
/// is desirable to keep "conversions that panic" (as the guest definition
/// of `EnvBase::Error` does) out of the common crate and avoid accidentally
/// triggering them in the host. It also gives the `Env` an opportunity to
/// log or enrich the error with context (both of which happen in `Host`).
fn error_from_error_val(&self, e: crate::Error) -> Self::Error;
/// Reject an error from the environment, turning it into a panic but on
/// terms that the environment controls (eg. enriching or logging it). This
/// should only ever be called by client-side / SDK local-testing code,
/// never in the `Host`.
#[cfg(feature = "testutils")]
fn escalate_error_to_panic(&self, e: Self::Error) -> !;
#[cfg(all(feature = "std", feature = "testutils"))]
#[deprecated(note = "replaced by trace_env_call")]
fn env_call_hook(&self, _fname: &'static str, _args: &[String]) -> Result<(), Self::Error> {
Ok(())
}
#[cfg(all(feature = "std", feature = "testutils"))]
#[deprecated(note = "replaced by trace_env_ret")]
fn env_ret_hook(
&self,
_fname: &'static str,
_res: &Result<String, &Self::Error>,
) -> Result<(), Self::Error> {
Ok(())
}
/// Return true if the environment wants to receive trace calls and and
/// returns using [`Self::trace_env_call`] and [`Self::trace_env_ret`].
#[cfg(feature = "std")]
fn tracing_enabled(&self) -> bool {
false
}
/// A general interface for tracing all env-method calls, intended to
/// be called from macros that do dispatch on all such methods.
#[cfg(feature = "std")]
fn trace_env_call(
&self,
_fname: &'static str,
_args: &[&dyn core::fmt::Debug],
) -> Result<(), Self::Error> {
Ok(())
}
/// A general interface for tracing all env-method returns, intended to
/// be called from macros that do dispatch on all such methods.
#[cfg(feature = "std")]
fn trace_env_ret(
&self,
_fname: &'static str,
_res: &Result<&dyn core::fmt::Debug, &Self::Error>,
) -> Result<(), Self::Error> {
Ok(())
}
/// If `x` is `Err(...)`, ensure as much debug information as possible is
/// attached to that error; in any case return "essentially the same" `x` --
/// either `Ok(...)` or `Err(...)` -- just with extra error context.
///
/// This is called on a best-effort basis while propagating errors in the
/// host, to attach context "as soon as possible", and is necessary because
/// some errors are generated in contexts that do not have access to a Host,
/// and so cannot attach error context at the site of error generation.
fn augment_err_result<T>(&self, x: Result<T, Self::Error>) -> Result<T, Self::Error> {
x
}
/// Used to check two environments are the same, returning Error if not.
fn check_same_env(&self, other: &Self) -> Result<(), Self::Error>;
// Helpers for methods that wish to pass Rust lifetime-qualified _slices_
// into the environment. These are _not_ done via Env trait methods to avoid
// the need to convert, and thus trust (or validate) "raw numbers" coming
// through that interface as "potentially pointers in the same address space
// as the host". This is a bit of a defense-in-depth approach as we _could_
// just accept "numbers as pointers in our address space" on a codepath that
// is sure its input is coming from a "trusted" contract, and arrange enough
// other static safety checks elsewhere in the calling path (eg. in the SDK)
// to ensure that "all callers are trusted" .. but we want to minimize the
// chance of future maintainers accidentally violating such an invariant,
// since getting it wrong would let guest code violate memory safety. So the
// _only_ interface to passing contract pointers to the host is going to be
// in EnvBase, not Env, and as a bonus we get lifetime checking for free.
/// Clone an existing `Bytes` object in the host, replacing the portion of
/// its memory with bytes supplied by `slice`, returning the new object. The
/// replaced portion of the original object's memory begins at `b_pos` and
/// extends for the same length as the new `slice`.
fn bytes_copy_from_slice(
&self,
b: BytesObject,
b_pos: U32Val,
slice: &[u8],
) -> Result<BytesObject, Self::Error>;
/// Copy a slice of bytes from a `Bytes` object in the host into a slice in
/// the caller's memory.
fn bytes_copy_to_slice(
&self,
b: BytesObject,
b_pos: U32Val,
slice: &mut [u8],
) -> Result<(), Self::Error>;
/// Copy a slice of bytes from a `String` object in the host into a slice in
/// the caller's memory.
fn string_copy_to_slice(
&self,
b: StringObject,
b_pos: U32Val,
slice: &mut [u8],
) -> Result<(), Self::Error>;
/// Copy a slice of bytes from a `Symbol` object in the host into the
/// caller's memory.
fn symbol_copy_to_slice(
&self,
b: SymbolObject,
b_pos: U32Val,
mem: &mut [u8],
) -> Result<(), Self::Error>;
/// Form a new `Bytes` host object from a slice of client memory.
fn bytes_new_from_slice(&self, slice: &[u8]) -> Result<BytesObject, Self::Error>;
/// Form a new `String` host object from a slice of client memory.
fn string_new_from_slice(&self, slice: &[u8]) -> Result<StringObject, Self::Error>;
/// Form a new `Symbol` host object from a slice of client memory.
fn symbol_new_from_slice(&self, slice: &[u8]) -> Result<SymbolObject, Self::Error>;
/// Form a new `Map` host object from a slice of symbol-names and a slice of values.
/// Keys must be in sorted order.
fn map_new_from_slices(&self, keys: &[&str], vals: &[Val]) -> Result<MapObject, Self::Error>;
/// Unpack a `Map` host object with a specified set of keys to a slice of
/// `Val`s. Keys must be in sorted order and must match the key set of
/// the unpacked object exactly.
fn map_unpack_to_slice(
&self,
map: MapObject,
keys: &[&str],
vals: &mut [Val],
) -> Result<Void, Self::Error>;
/// Form a new `Vec` host object from a slice of values.
fn vec_new_from_slice(&self, vals: &[Val]) -> Result<VecObject, Self::Error>;
/// Form a new `Vec` host object from a slice of values. The values slice must
/// be the same length as the host object.
fn vec_unpack_to_slice(&self, vec: VecObject, vals: &mut [Val]) -> Result<Void, Self::Error>;
/// Return the index of a `Symbol` in an array of &strs, or error if not found.
fn symbol_index_in_strs(&self, key: Symbol, strs: &[&str]) -> Result<U32Val, Self::Error>;
/// Log a string and set of values as a diagnostic event, if diagnostic
/// events are enabled. When running on host, logs directly; when running on
/// guest, redirects through log_from_linear_memory.
fn log_from_slice(&self, msg: &str, vals: &[Val]) -> Result<Void, Self::Error>;
/// Check the current ledger protocol version against a provided lower
/// bound, error if protocol version is out-of-bound.
fn check_protocol_version_lower_bound(&self, lower_bound: u32) -> Result<(), Self::Error>;
/// Check the current ledger protocol version against a provided upper
/// bound, error if protocol version is out-of-bound.
fn check_protocol_version_upper_bound(&self, upper_bound: u32) -> Result<(), Self::Error>;
}
/// This trait is used by macro-generated dispatch and forwarding functions to
/// check arguments being passed to the Env. The default implementations call
/// through to the Env integrity-checking functions.
pub trait CheckedEnvArg: Sized {
fn check_env_arg<E: crate::Env>(self, _e: &E) -> Result<Self, E::Error> {
Ok(self)
}
}
// If a new host function is added that uses argument types not yet listed
// below, they will have to be added, otherwise this crate will not compile.
impl CheckedEnvArg for i64 {}
impl CheckedEnvArg for u64 {}
impl CheckedEnvArg for StorageType {}
macro_rules! impl_checkedenvarg_for_val_or_wrapper {
($type:ty) => {
impl CheckedEnvArg for $type {
fn check_env_arg<E: crate::Env>(self, e: &E) -> Result<Self, E::Error> {
e.check_val_integrity(Val::from(self.clone()))?;
Ok(self)
}
}
};
}
impl_checkedenvarg_for_val_or_wrapper!(Val);
impl_checkedenvarg_for_val_or_wrapper!(Symbol);
impl_checkedenvarg_for_val_or_wrapper!(AddressObject);
impl_checkedenvarg_for_val_or_wrapper!(BytesObject);
impl_checkedenvarg_for_val_or_wrapper!(DurationObject);
impl_checkedenvarg_for_val_or_wrapper!(TimepointObject);
impl_checkedenvarg_for_val_or_wrapper!(SymbolObject);
impl_checkedenvarg_for_val_or_wrapper!(StringObject);
impl_checkedenvarg_for_val_or_wrapper!(VecObject);
impl_checkedenvarg_for_val_or_wrapper!(MapObject);
impl_checkedenvarg_for_val_or_wrapper!(I64Object);
impl_checkedenvarg_for_val_or_wrapper!(I128Object);
impl_checkedenvarg_for_val_or_wrapper!(I256Object);
impl_checkedenvarg_for_val_or_wrapper!(U64Object);
impl_checkedenvarg_for_val_or_wrapper!(U128Object);
impl_checkedenvarg_for_val_or_wrapper!(U256Object);
impl_checkedenvarg_for_val_or_wrapper!(U64Val);
impl_checkedenvarg_for_val_or_wrapper!(U256Val);
impl_checkedenvarg_for_val_or_wrapper!(I256Val);
impl_checkedenvarg_for_val_or_wrapper!(Void);
impl_checkedenvarg_for_val_or_wrapper!(Bool);
impl_checkedenvarg_for_val_or_wrapper!(Error);
impl_checkedenvarg_for_val_or_wrapper!(U32Val);
///////////////////////////////////////////////////////////////////////////////
// X-macro definition
///////////////////////////////////////////////////////////////////////////////
// The set of host functions need to be statically reflected-on in a variety of
// contexts (both in this crate and elsewhere in the guest and host crates), so
// we define them through an x-macro (a macro that calls a user-provided macro)
// and call the x-macro from all such contexts.
//
// How this macro works:
// - It exports a higher-order "x-macro" called
// call_macro_with_all_host_functions
// - The x-macro takes the name of some callback macro to call
// - The x-macro invokes the callback macro once, passing a single large token
// tree, seen below in the body of the x-macro
//
// To use this macro:
// - Call sites define a callback macro that matches on the token-tree
// - Call sites invoke the x-macro passing their callback macro name
//
// The token-tree being passed is arbitrary, but is chosen to satisfy 3
// criteria:
// - It's relatively easy to read, edit and understand its content
// - It's easy to decompose with pattern-matching in the callback macros
// - It contains everything any callback macro wants to match and use
//
// All callback macros have essentially the same token-tree matcher part,
// only their expansion parts differ.
generate_call_macro_with_all_host_functions!("env.json");
///////////////////////////////////////////////////////////////////////////////
/// X-macro use: defining trait Env
///////////////////////////////////////////////////////////////////////////////
//
// This is a helper macro used only by generate_env_trait below. It consumes
// a token-tree of the form:
//
// {fn $fn_id:ident $args:tt -> $ret:ty}
//
// and produces the the corresponding method declaration to be used in the Env
// trait.
macro_rules! host_function_helper {
{
$($min_proto:literal)?, $($max_proto:literal)?,
$(#[$attr:meta])*
fn $fn_id:ident($($arg:ident:$type:ty),*) -> $ret:ty}
=>
{
$(#[$attr])*
fn $fn_id(&self, $($arg:$type),*) -> Result<$ret, Self::Error>;
};
}
// This is a callback macro that pattern-matches the token-tree passed by the
// x-macro (call_macro_with_all_host_functions) and produces a suite of method
// declarations, which it places in the body of the declaration of the Env
// trait.
macro_rules! generate_env_trait {
{
$(
// This outer pattern matches a single 'mod' block of the token-tree
// passed from the x-macro to this macro. It is embedded in a `$()*`
// pattern-repetition matcher so that it will match all provided
// 'mod' blocks provided.
$(#[$mod_attr:meta])*
mod $mod_id:ident $mod_str:literal
{
$(
// This inner pattern matches a single function description
// inside a 'mod' block in the token-tree passed from the
// x-macro to this macro. It is embedded in a `$()*`
// pattern-repetition matcher so that it will match all such
// descriptions.
$(#[$fn_attr:meta])*
{ $fn_str:literal, $($min_proto:literal)?, $($max_proto:literal)?, fn $fn_id:ident $args:tt -> $ret:ty }
)*
}
)*
}
=> // The part of the macro above this line is a matcher; below is its expansion.
{
// This macro expands to a single item: the Env trait.
/// This trait represents the interface between Host and Guest, used by
/// client contract code and implemented (via [Env](crate::Env)) by the host.
/// It consists of functions that take or return only 64-bit values such
/// as [Val] or [u64].
pub trait Env: EnvBase
{
$(
$(
// This invokes the host_function_helper! macro above
// passing only the relevant parts of the declaration
// matched by the inner pattern above. It is embedded in two
// nested `$()*` pattern-repetition expanders that
// correspond to the pattern-repetition matchers in the
// match section, but we ignore the structure of the 'mod'
// block repetition-level from the outer pattern in the
// expansion, flattening all functions from all 'mod' blocks
// into the Env trait.
host_function_helper!{$($min_proto)?, $($max_proto)?, $(#[$fn_attr])* fn $fn_id $args -> $ret}
)*
)*
}
};
}
// Here we invoke the x-macro passing generate_env_trait as its callback macro.
call_macro_with_all_host_functions! { generate_env_trait }