assembler: register inconsistency

shenghaoyuan commented 4 months ago

Hi,

The register checking of assembler should be consistent with that of verifier

dst should be [0,10] or [0,11] !(0..16).contains(&dst) -> dst < 0 || dst > 11 or ...
src should be [0, 9], dst < 0 || src >= 16 -> src < 0 || src > 10

///assembler
    fn insn(opc: u8, dst: i64, src: i64, off: i64, imm: i64) -> Result<Insn, String> {
    if !(0..16).contains(&dst) {
        return Err(format!("Invalid destination register {dst}"));
    }
    if dst < 0 || src >= 16 {
        return Err(format!("Invalid source register {src}"));
    }

///verifier  
    if insn.src > 10 {
        return Err(VerifierError::InvalidSourceRegister(insn_ptr));
    }

    match (insn.dst, store) {
        (0..=9, _) | (10, true) => Ok(()),
        (11, _) if sbpf_version.dynamic_stack_frames() && insn.opc == ebpf::ADD64_IMM => Ok(()),
        (10, false) => Err(VerifierError::CannotWriteR10(insn_ptr)),
        (_, _) => Err(VerifierError::InvalidDestinationRegister(insn_ptr)),
    }

Lichtso commented 3 months ago

The reason that the disassembler has these limits is because that is what the instruction encoding supports and what a compiler could produce. The verifier then narrows it down to what the vm actually supports.

shenghaoyuan commented 3 months ago

@Lichtso THX for your reply. But is there a typo? dst < 0 || src >= 16 should be src < 0 || src >= 16

Lichtso commented 3 months ago

Ah yes you are right, let me fix that

solana-labs / rbpf

assembler: register inconsistency #562