Stack Isolation

[erikzhang]

Implement NEP-8: Stack Isolation
neo-project/proposals#22

Close #35

[erikzhang]

@lightszero @localhuman @shargon @anthdm

Can you guys check this PR for your repositories so that:

1. For NeoVM in other language implementations, make sure that they also implement the Stack Isolation (NEP-8) scheme correctly.

2. For each neo compiler, test whether the program they are compiling now can run in NeoVM compatibility mode.

3. If the compiler works well with the compatibility mode, modify the compiler to support the new, more secure stack isolation mode.

[localhuman]

In progress now!

[shargon]

A lot of changes to review, give me a couple of days please

[shargon]

I still reviewing, the first problem that i find is this

PUSH1 (without RET)

Before the update:
Result: HALT, EvaluationStack[]{true};

After the update:
Result: HALT, ResultStack{}

If exists any script like this in all Blockchain, without versioning, is impossible to reconstruct the chain from the beginning

[shargon]

if (index < 0) index = list.Count; ?

[erikzhang]

+=

[shargon]

We want to pass -2 or -3?

[erikzhang]

@shargon

PUSH1 (without RET)

neo-vm/src/neo-vm/ExecutionEngine.cs

Line 976 in f014d93

OpCode opcode = CurrentContext.InstructionPointer >= CurrentContext.Script.Length ? OpCode.RET : (OpCode)CurrentContext.OpReader.ReadByte();

[shargon]

First of all, i love this change :) , but this is other point to consider

Maybe we need to define a new like this class:

class Script
{
public readonly byte[] Data;
public byte[] Hash;
...
}

Because i see a problem on optimization, now and before the change. When we make a CALL we copy all the current script in a new byte array (ExecutionContext) and yield it, but this is not neccessary, because we can use the same ScriptObject, without copy this values and save memory and time per any CALL

I think that in this line https://github.com/neo-project/neo-vm/pull/39/files#diff-c388295e4ed09df607113cde924c9fadR43 .net framework clone the byte array internally

[shargon]

This happens too when we compute the hash of the script, this class would optimize this multiple calls a lot of

[erikzhang]

No, byte array in .net is a reference type, which means it won't be cloned automatically.

[shargon]

But not the hash, this will be calculated in all ExecutionContext right? maybe we can save a lot of calls to SHA256

[erikzhang]

But not the hash, this will be calculated in all ExecutionContext right? maybe we can save a lot of calls to SHA256

You can create a separate issue for it.

[shargon]

Do you have a sample for test the new opcodes? the old part (CALL,RET..) is reviewed and seems perfect!

[erikzhang]

Do you have a sample for test the new opcodes? the old part (CALL,RET..) is reviewed and seems perfect!

No.

[dicarlo2]

Is it possible that this might effect reprocessing the chain? Seems like executions of PushOnly = true scripts might now succeed where before they failed.

[erikzhang]

No. PushOnly will only be used in the verification process, and the verification result of history transactions will not change.

[erikzhang]

Can I merge it now?

[shargon]

I tested the old opcodes and works fine, i need more test with the new opCodes, but it's fine to merge for pre-release

[erikzhang]

I tested the old opcodes and works fine, i need more test with the new opCodes, but it's fine to merge for pre-release

Pre-release has been published to nuget: https://www.nuget.org/packages/Neo.VM/2.3.0-preview1

[shargon]

The compiler is not finished? i would like to test the new opcodes with a real smart contract. The code looks good

[erikzhang]

Compiler is here: https://github.com/neo-project/neo-compiler/pull/109

[erikzhang]

@shargon Any update?

[shargon]

Sorry about my delay, i wasn't see the last notification, im working on it

[erikzhang]

@shargon The compiler issue has been fixed. neo-project/neo-compiler@282604fc4f8ff45a2a7456e073dadb5cf0ef8bbb

[shargon]

Ok, I will try again :)

[shargon]

It works :)

[dicarlo2]

@erikzhang ETA on when this will be live? I want to make sure NEO-ONE is updated.

[localhuman]

I hope we can test this on testnet for a little while before going live 😉

[erikzhang]

Sure, it will be tested on testnet before being merged into neo-project/neo

[shargon]

This is a great upgrade! great work @erikzhang :)