Merge pull request #2473 from CosmWasm/co/enable-reference-types

chipshort · web-flow · commit b24e6525f3bc · 2025-05-08T19:02:51.000+02:00
Enable reference-types during validation
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -731,7 +731,8 @@ jobs:
 
   contract_hackatom:
     docker:
-      - image: rust:1.81
+      # We compile this contract with the upper bound to detect issues with new Rust versions early
+      - image: rust:1.84.1
     environment:
       RUST_BACKTRACE: 1
     working_directory: ~/cosmwasm/contracts/hackatom
@@ -743,9 +744,9 @@ jobs:
           command: rustc --version; cargo --version; rustup --version
       - restore_cache:
           keys:
-            - cargocache-v2-contract_hackatom-rust:1.81-{{ checksum "Cargo.lock" }}
+            - cargocache-v2-contract_hackatom-rust:1.84.1-{{ checksum "Cargo.lock" }}
       - check_contract:
-          min_version: "2.2"
+          min_version: "3.0"
       - save_cache:
           paths:
             - /usr/local/cargo/registry
@@ -755,7 +756,7 @@ jobs:
             - target/wasm32-unknown-unknown/release/.fingerprint
             - target/wasm32-unknown-unknown/release/build
             - target/wasm32-unknown-unknown/release/deps
-          key: cargocache-v2-contract_hackatom-rust:1.81-{{ checksum "Cargo.lock" }}
+          key: cargocache-v2-contract_hackatom-rust:1.84.1-{{ checksum "Cargo.lock" }}
 
   contract_ibc_callbacks:
     docker:
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -81,6 +81,8 @@ and this project adheres to
 - cosmwasm-vm: Update wasmer to 5.0.6. ([#2472])
 - cosmwasm-std: Add a new `exports` feature which needs to be enabled for the
   primary cosmwasm_std dependency of a contract.
+- cosmwasm-vm: Enable partial reference-type support, enabling contracts
+  compiled with Rust 1.82 or newer to be stored. ([#2473])
 
 ## Fixed
 
@@ -122,6 +124,7 @@ and this project adheres to
 [#2458]: https://github.com/CosmWasm/cosmwasm/pull/2458
 [#2467]: https://github.com/CosmWasm/cosmwasm/pull/2467
 [#2472]: https://github.com/CosmWasm/cosmwasm/pull/2472
+[#2473]: https://github.com/CosmWasm/cosmwasm/pull/2473
 
 ## [2.2.0] - 2024-12-17
 
diff --git a/packages/vm/src/cache.rs b/packages/vm/src/cache.rs
@@ -1730,6 +1730,32 @@ mod tests {
         assert_eq!(restored, HACKATOM);
     }
 
+    #[test]
+    fn func_ref_test() {
+        let wasm = wat::parse_str(
+            r#"(module
+                (type (func))
+                (type (func (param funcref)))
+                (import "env" "abort" (func $f (type 1)))
+                (func (type 0) nop)
+                (export "add_one" (func 0))
+                (export "allocate" (func 0))
+                (export "interface_version_8" (func 0))
+                (export "deallocate" (func 0))
+                (export "memory" (memory 0))
+                (memory 3)
+            )"#,
+        )
+        .unwrap();
+
+        let cache: Cache<MockApi, MockStorage, MockQuerier> =
+            unsafe { Cache::new(make_testing_options()).unwrap() };
+
+        // making sure this doesn't panic
+        let err = cache.store_code(&wasm, true, true).unwrap_err();
+        assert!(err.to_string().contains("FuncRef"));
+    }
+
     #[test]
     fn test_wasm_limits_checked() {
         let tmp_dir = TempDir::new().unwrap();
diff --git a/packages/vm/src/parsed_wasm.rs b/packages/vm/src/parsed_wasm.rs
@@ -77,7 +77,8 @@ impl<'a> ParsedWasm<'a> {
             | WasmFeatures::SATURATING_FLOAT_TO_INT
             | WasmFeatures::SIGN_EXTENSION
             | WasmFeatures::MULTI_VALUE
-            | WasmFeatures::FLOATS;
+            | WasmFeatures::FLOATS
+            | WasmFeatures::REFERENCE_TYPES;
 
         let mut validator = Validator::new_with_features(features);
 
diff --git a/packages/vm/src/wasm_backend/compile.rs b/packages/vm/src/wasm_backend/compile.rs
@@ -20,4 +20,17 @@ mod tests {
         let engine = make_compiling_engine(None);
         assert!(compile(&engine, FLOATY).is_ok());
     }
+
+    #[test]
+    fn reference_types_dont_panic() {
+        const WASM: &str = r#"(module
+            (type $t0 (func (param funcref externref)))
+            (import "" "" (func $hello (type $t0)))
+        )"#;
+
+        let wasm = wat::parse_str(WASM).unwrap();
+        let engine = make_compiling_engine(None);
+        let error = compile(&engine, &wasm).unwrap_err();
+        assert!(error.to_string().contains("FuncRef"));
+    }
 }
diff --git a/packages/vm/src/wasm_backend/gatekeeper.rs b/packages/vm/src/wasm_backend/gatekeeper.rs
@@ -63,6 +63,10 @@ impl Default for Gatekeeper {
         Self::new(GatekeeperConfig {
             allow_floats: true,
             allow_feature_bulk_memory_operations: false,
+            // we allow the reference types proposal during compatibility checking because a subset
+            // of it is required since Rust 1.82, but we don't allow any of the instructions specific
+            // to the proposal here. Especially `table.grow` and `table.fill` can be abused to cause
+            // very long runtime and high memory usage.
             allow_feature_reference_types: false,
             allow_feature_simd: false,
             allow_feature_exception_handling: false,
@@ -444,4 +448,52 @@ mod tests {
             .to_string()
             .contains("Bulk memory operation"));
     }
+
+    #[test]
+    fn bulk_table_operations_not_supported() {
+        // these operations can take a long time with big tables
+        let deterministic = Arc::new(Gatekeeper::default());
+        let mut compiler = make_compiler_config();
+        compiler.push_middleware(deterministic);
+        let store = Store::new(compiler);
+
+        let wasm = wat::parse_str(
+            r#"
+            (module
+                (table 2 funcref)
+                (func (export "test") (param $i i32) (result i32)
+                    ;; grow table to size of $i
+                    ref.null func
+                    local.get $i
+                    table.grow 0))
+            "#,
+        )
+        .unwrap();
+
+        let result = Module::new(&store, wasm);
+        assert!(result
+            .unwrap_err()
+            .to_string()
+            .contains("Reference type operation"));
+
+        let wasm = wat::parse_str(
+            r#"
+            (module
+                (table 1000000 funcref)
+                (func (export "test") (param $i i32)
+                    ;; fill with nulls
+                    i32.const 0
+                    ref.null func
+                    i32.const 1000000
+                    table.fill 0))
+            "#,
+        )
+        .unwrap();
+
+        let result = Module::new(&store, wasm);
+        assert!(result
+            .unwrap_err()
+            .to_string()
+            .contains("Reference type operation"));
+    }
 }
