Fix script locating bug when called via spawn / exec as a callee

Author: xxuejie

Cargo.lock

@@ -4,6 +4,7 @@ resolver = "2"
 members = [
   "contracts/hybrid-sphincs-all-in-one-lock",
   "contracts/sphincs-all-in-one-lock",
+  "contracts/spawn-exec-test-runner",
   "crates/ckb-fips205-utils",
   "crates/fuzzing-corpus-generator",
   "crates/intermediate-source-generator",

Cargo.toml

@@ -119,7 +119,7 @@ generate:
 			--destination $(DESTINATION); \
 		GENERATED_DIR=$$(ls -dt $(DESTINATION)/* | head -n 1); \
 		if [ -f "$$GENERATED_DIR/.cargo-generate/tests.rs" ]; then \
-			cat $$GENERATED_DIR/.cargo-generate/tests.rs >> tests/src/tests.rs; \
+			# cat $$GENERATED_DIR/.cargo-generate/tests.rs >> tests/src/tests.rs; \
 			rm -rf $$GENERATED_DIR/.cargo-generate/; \
 		fi; \
 		sed "s,@@INSERTION_POINT@@,@@INSERTION_POINT@@\n  \"$$GENERATED_DIR\"\,," Cargo.toml > Cargo.toml.new; \
@@ -130,7 +130,7 @@ generate:
 			--destination $(DESTINATION) \
 			--name $(CRATE); \
 		if [ -f "$(DESTINATION)/$(CRATE)/.cargo-generate/tests.rs" ]; then \
-			cat $(DESTINATION)/$(CRATE)/.cargo-generate/tests.rs >> tests/src/tests.rs; \
+			# cat $(DESTINATION)/$(CRATE)/.cargo-generate/tests.rs >> tests/src/tests.rs; \
 			rm -rf $(DESTINATION)/$(CRATE)/.cargo-generate/; \
 		fi; \
 		sed '/@@INSERTION_POINT@@/s/$$/\n  "$(DESTINATION)\/$(CRATE)",/' Cargo.toml > Cargo.toml.new; \

Makefile

@@ -223,12 +223,36 @@ int multisig_preliminary_check(WitnessArgsType *witness_args,
 int main(int argc, char *argv[]) {
   int err = CKB_SUCCESS;
 
-  /* Extract current script's data first, so we can reclaim buffer set aside
-   for loading script to be used later */
-  uint8_t code_hash[BLAKE2B_BLOCK_SIZE];
-  uint8_t hash_type;
   uint8_t expected_multisig_hash[BLAKE2B_BLOCK_SIZE];
-  CHECK(extract_script(code_hash, &hash_type, expected_multisig_hash));
+  size_t cell_dep_index = (size_t)-1;
+  {
+    /* Extract current script's data first, so we can reclaim buffer set aside
+     for loading script to be used later */
+    uint8_t code_hash[BLAKE2B_BLOCK_SIZE];
+    uint8_t hash_type;
+    CHECK(extract_script(code_hash, &hash_type, expected_multisig_hash));
+
+    /*
+     * 2 solutions exist to locate the cell dep containing quantum resistant
+     * lock:
+     *
+     * * When current script is the entrypoint script, we will use run
+     *   ckb_look_for_dep_with_hash2 with current script's code_hash and
+     *   hash_type to figure the cell dep.
+     * * When the quantum script is invoked via spawn or exec, we will expect
+     *   that `argv[0]` contains a 64-bit little endian cell dep index in zero
+     *   escaping.
+     */
+    if (argc > 0) {
+      size_t decoded_length = 0;
+      CHECK2(zero_escape_decode_cstring_in_place(argv[0], &decoded_length) == 0,
+             ERROR_SPHINCSPLUS_ARGV);
+      CHECK2(decoded_length == 8, ERROR_SPHINCSPLUS_ARGV);
+      cell_dep_index = *((size_t *)argv[0]);
+    } else {
+      CHECK(ckb_look_for_dep_with_hash2(code_hash, hash_type, &cell_dep_index));
+    }
+  }
 
   /* The first witness in current script group contains signatures to validate
    */
@@ -337,9 +361,11 @@ int main(int argc, char *argv[]) {
               .argv = (const char **)argv,
               .process_id = &spawned_processes[param_index],
               .inherited_fds = inherited_fds};
-          CHECK(ckb_spawn_cell(
-              code_hash, hash_type, *all_params[param_index]->offset_ptr,
-              *all_params[param_index]->length_ptr, &spawn_args));
+          size_t offset = *all_params[param_index]->offset_ptr;
+          size_t length = *all_params[param_index]->length_ptr;
+          size_t bounds = (offset << 32) | length;
+          CHECK(ckb_spawn(cell_dep_index, CKB_SOURCE_CELL_DEP, 0, bounds,
+                          &spawn_args));
         }
         /* Sends data location to the leaf process */
         {
@@ -406,8 +432,11 @@ int main(int argc, char *argv[]) {
         ERROR_SPHINCSPLUS_ENCODING);
 
     char *argv[] = {(char *)escaped};
-    CHECK(ckb_exec_cell(code_hash, hash_type, *params->offset_ptr,
-                        *params->length_ptr, 1, (const char **)argv));
+    size_t offset = *params->offset_ptr;
+    size_t length = *params->length_ptr;
+    size_t bounds = (offset << 32) | length;
+    CHECK(ckb_exec(cell_dep_index, CKB_SOURCE_CELL_DEP, 0, bounds, 1,
+                   (const char **)argv));
     ckb_exit(ERROR_SPHINCSPLUS_UNEXPECTED);
   }
 

contracts/c-sphincs-all-in-one-lock/ckb-sphincsplus-root-lock.c

@@ -27,6 +27,7 @@ use ckb_std::{
     assert_eq,
     asserts::{expect_result, unwrap_option},
     ckb_constants::Source,
+    env::argv,
     high_level, syscalls,
 };
 use core::ffi::CStr;
@@ -49,6 +50,7 @@ pub enum Error {
     PipeCreationFailure,
     SpawnFailure,
     IOFailure,
+    Argv,
 }
 
 impl From<Error> for i8 {
@@ -113,21 +115,28 @@ pub fn program_entry() -> i8 {
         &current_script.args().raw_data(),
         &actual_script_args_hash[..]
     );
-    let cell_index = expect_result(
-        Error::Syscall,
-        high_level::look_for_dep_with_hash2(
-            &current_script.code_hash().raw_data(),
-            if current_script.hash_type().as_slice()[0]
-                == core::convert::Into::<u8>::into(ScriptHashType::Type)
-            {
-                ScriptHashType::Type
-            } else {
-                // It does not really matter which dataN is used
-                ScriptHashType::Data2
-            },
-        ),
-        "look for current script",
-    );
+    let cell_index = if let Some(argv0) = argv().first() {
+        let mut argv0 = argv0.to_bytes().to_vec();
+        let decoded = unwrap_option(Error::Argv, zero_decode_in_place(&mut argv0));
+        assert_eq!(Error::Argv, decoded.len(), 8);
+        u64::from_le_bytes(decoded.try_into().unwrap()) as usize
+    } else {
+        expect_result(
+            Error::Syscall,
+            high_level::look_for_dep_with_hash2(
+                &current_script.code_hash().raw_data(),
+                if current_script.hash_type().as_slice()[0]
+                    == core::convert::Into::<u8>::into(ScriptHashType::Type)
+                {
+                    ScriptHashType::Type
+                } else {
+                    // It does not really matter which dataN is used
+                    ScriptHashType::Data2
+                },
+            ),
+            "look for current script",
+        )
+    };
 
     match parsed_param_id {
         ParsedParamId::Single(param_id) => {
@@ -285,6 +294,28 @@ pub fn program_entry() -> i8 {
     0
 }
 
+pub fn zero_decode_in_place(buf: &mut [u8]) -> Option<&[u8]> {
+    let mut wrote = 0;
+    let mut i = 0;
+
+    while i < buf.len() {
+        if buf[i] == 0xFE {
+            if i + 1 >= buf.len() {
+                return None;
+            }
+            buf[wrote] = buf[i + 1].wrapping_add(1);
+            wrote += 1;
+            i += 2;
+        } else {
+            buf[wrote] = buf[i];
+            wrote += 1;
+            i += 1;
+        }
+    }
+
+    Some(&buf[0..wrote])
+}
+
 pub struct ZeroEncoder<'a> {
     i: usize,
     buf: &'a mut [u8],

contracts/hybrid-sphincs-all-in-one-lock/src/main.rs

@@ -0,0 +1,2 @@
+/build
+/target

contracts/spawn-exec-test-runner/.gitignore

@@ -0,0 +1,11 @@
+[package]
+name = "spawn-exec-test-runner"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+ckb-std = "0.17.0"
+
+[features]
+library = []
+native-simulator = ["library", "ckb-std/native-simulator"]

contracts/spawn-exec-test-runner/Cargo.toml

@@ -0,0 +1,80 @@
+# We cannot use $(shell pwd), which will return unix path format on Windows,
+# making it hard to use.
+cur_dir = $(dir $(abspath $(firstword $(MAKEFILE_LIST))))
+
+TOP := $(cur_dir)
+# RUSTFLAGS that are likely to be tweaked by developers. For example,
+# while we enable debug logs by default here, some might want to strip them
+# for minimal code size / consumed cycles.
+CUSTOM_RUSTFLAGS := -C debug-assertions
+# RUSTFLAGS that are less likely to be tweaked by developers. Most likely
+# one would want to keep the default values here.
+FULL_RUSTFLAGS := -C target-feature=+zba,+zbb,+zbc,+zbs,-a $(CUSTOM_RUSTFLAGS)
+# Additional cargo args to append here. For example, one can use
+# make test CARGO_ARGS="-- --nocapture" so as to inspect data emitted to
+# stdout in unit tests
+CARGO_ARGS :=
+MODE := release
+# Tweak this to change the clang version to use for building C code. By default
+# we use a bash script with some heuristics to find clang in current system.
+CLANG := $(shell $(TOP)/scripts/find_clang)
+AR := $(subst clang,llvm-ar,$(CLANG))
+OBJCOPY := $(subst clang,llvm-objcopy,$(CLANG))
+# When this is set to some value, the generated binaries will be copied over
+BUILD_DIR :=
+# Generated binaries to copy. By convention, a Rust crate's directory name will
+# likely match the crate name, which is also the name of the final binary.
+# However if this is not the case, you can tweak this variable. As the name hints,
+# more than one binary is supported here.
+BINARIES := $(notdir $(shell pwd))
+
+ifeq (release,$(MODE))
+	MODE_ARGS := --release
+endif
+
+default: build test
+
+build:
+	RUSTFLAGS="$(FULL_RUSTFLAGS)" TARGET_CC="$(CLANG)" TARGET_AR="$(AR)" \
+		cargo build --target=riscv64imac-unknown-none-elf $(MODE_ARGS) $(CARGO_ARGS)
+	@set -eu; \
+	if [ "x$(BUILD_DIR)" != "x" ]; then \
+		for binary in $(BINARIES); do \
+			echo "Copying binary $$binary to build directory"; \
+			cp $(TOP)/target/riscv64imac-unknown-none-elf/$(MODE)/$$binary $(TOP)/$(BUILD_DIR); \
+			cp $(TOP)/$(BUILD_DIR)/$$binary $(TOP)/$(BUILD_DIR)/$$binary.debug; \
+			$(OBJCOPY) --strip-debug --strip-all $(TOP)/$(BUILD_DIR)/$$binary; \
+		done \
+	fi
+
+# test, check, clippy and fmt here are provided for completeness,
+# there is nothing wrong invoking cargo directly instead of make.
+test:
+	cargo test $(CARGO_ARGS)
+
+check:
+	cargo check $(CARGO_ARGS)
+
+clippy:
+	cargo clippy $(CARGO_ARGS)
+
+fmt:
+	cargo fmt $(CARGO_ARGS)
+
+# Arbitrary cargo command is supported here. For example:
+#
+# make cargo CARGO_CMD=expand CARGO_ARGS="--ugly"
+#
+# Invokes:
+# cargo expand --ugly
+CARGO_CMD :=
+cargo:
+	cargo $(CARGO_CMD) $(CARGO_ARGS)
+
+clean:
+	cargo clean
+
+prepare:
+	rustup target add riscv64imac-unknown-none-elf
+
+.PHONY: build test check clippy fmt cargo clean prepare

contracts/spawn-exec-test-runner/Makefile

@@ -0,0 +1,9 @@
+# spawn-exec-test-runner
+
+An example calling quantum resistant lock via spawn / exec syscall. It serves both as an example, and as a test runner for the quantum resistant lock.
+
+The example script here always assume that the quantum resistant lock resides at cell dep index 1 of current script. However in a more complicated case, a ckb-std [API](https://docs.rs/ckb-std/latest/ckb_std/high_level/fn.look_for_dep_with_hash2.html) is likely to be used to locate the actual cell dep index for the quantum resistant lock.
+
+*This contract was bootstrapped with [ckb-script-templates].*
+
+[ckb-script-templates]: https://github.com/cryptape/ckb-script-templates

contracts/spawn-exec-test-runner/README.md

@@ -0,0 +1,9 @@
+#![cfg_attr(not(feature = "library"), no_std)]
+#![allow(special_module_name)]
+#![allow(unused_attributes)]
+#[cfg(feature = "library")]
+mod main;
+#[cfg(feature = "library")]
+pub use main::program_entry;
+
+extern crate alloc;