Add risc0 ffi panic catch

Julian Ventura · Julian Ventura · commit 6ff55c65b1c4 · 2024-10-08T12:01:15.000-03:00
diff --git a/operator/pkg/operator.go b/operator/pkg/operator.go
@@ -479,8 +479,9 @@ func (o *Operator) verify(verificationData VerificationData, results chan bool)
 		o.handleVerificationResult(results, verificationResult, err, "SP1 proof verification")
 
 	case common.Risc0:
-		verificationResult := risc_zero.VerifyRiscZeroReceipt(verificationData.Proof,
+		verificationResult, err := risc_zero.VerifyRiscZeroReceipt(verificationData.Proof,
 			verificationData.VmProgramCode, verificationData.PubInput)
+		o.handleVerificationResult(results, verificationResult, err, "RiscZero proof verification")
 
 		o.Logger.Infof("Risc0 proof verification result: %t", verificationResult)
 		results <- verificationResult
diff --git a/operator/risc_zero/lib/risc_zero.h b/operator/risc_zero/lib/risc_zero.h
@@ -1,4 +1,4 @@
 #include <stdbool.h>
 #include <stdint.h>
 
-bool verify_risc_zero_receipt_ffi(unsigned char *inner_receipt_bytes, uint32_t inner_receipt_len, unsigned char *image_id, uint32_t image_id_len, unsigned char *public_input, uint32_t public_input_len);
+int32_t verify_risc_zero_receipt_ffi(unsigned char *inner_receipt_bytes, uint32_t inner_receipt_len, unsigned char *image_id, uint32_t image_id_len, unsigned char *public_input, uint32_t public_input_len);
diff --git a/operator/risc_zero/lib/src/lib.rs b/operator/risc_zero/lib/src/lib.rs
@@ -2,7 +2,7 @@ use log::error;
 use risc0_zkvm::{InnerReceipt, Receipt};
 
 #[no_mangle]
-pub extern "C" fn verify_risc_zero_receipt_ffi(
+extern "C" fn inner_verify_risc_zero_receipt_ffi(
     inner_receipt_bytes: *const u8,
     inner_receipt_len: u32,
     image_id: *const u8,
@@ -43,6 +43,32 @@ pub extern "C" fn verify_risc_zero_receipt_ffi(
     false
 }
 
+#[no_mangle]
+pub extern "C" fn verify_risc_zero_receipt_ffi(
+    inner_receipt_bytes: *const u8,
+    inner_receipt_len: u32,
+    image_id: *const u8,
+    image_id_len: u32,
+    public_input: *const u8,
+    public_input_len: u32,
+) -> i32 {
+    let result = std::panic::catch_unwind(|| {
+        inner_verify_risc_zero_receipt_ffi(
+            inner_receipt_bytes,
+            inner_receipt_len,
+            image_id,
+            image_id_len,
+            public_input,
+            public_input_len,
+        )
+    });
+
+    match result {
+        Ok(v) => v as i32,
+        Err(_) => -1,
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -69,7 +95,7 @@ mod tests {
             public_input,
             PUBLIC_INPUT.len() as u32,
         );
-        assert!(result)
+        assert_eq!(result, 1)
     }
 
     #[test]
@@ -86,7 +112,7 @@ mod tests {
             public_input,
             PUBLIC_INPUT.len() as u32,
         );
-        assert!(!result)
+        assert_eq!(result, 0)
     }
 
     #[test]
@@ -103,6 +129,6 @@ mod tests {
             public_input,
             0,
         );
-        assert!(!result)
+        assert_eq!(result, 0)
     }
 }
diff --git a/operator/risc_zero/risc_zero.go b/operator/risc_zero/risc_zero.go
@@ -7,22 +7,44 @@ package risc_zero
 #include "lib/risc_zero.h"
 */
 import "C"
-import (
-	"unsafe"
-)
+import "unsafe"
+import "fmt"
+
+func VerifyRiscZeroReceipt(innerReceiptBuffer []byte, imageIdBuffer []byte, publicInputBuffer []byte) (isVerified bool, err error) {
+	// Here we define the return value on failure
+	isVerified = false
+	err = nil
 
-func VerifyRiscZeroReceipt(innerReceiptBuffer []byte, imageIdBuffer []byte, publicInputBuffer []byte) bool {
 	if len(innerReceiptBuffer) == 0 || len(imageIdBuffer) == 0 {
-		return false
+		return isVerified, err
 	}
 
+	// This will catch any go panic
+	defer func() {
+		rec := recover()
+		if rec != nil {
+			err = fmt.Errorf("Panic was caught while verifying risc0 proof: %s", rec)
+		}
+	}()
+
 	receiptPtr := (*C.uchar)(unsafe.Pointer(&innerReceiptBuffer[0]))
 	imageIdPtr := (*C.uchar)(unsafe.Pointer(&imageIdBuffer[0]))
 
+	r := (C.int32_t)(0)
+
 	if len(publicInputBuffer) == 0 { // allow empty public input
-		return (bool)(C.verify_risc_zero_receipt_ffi(receiptPtr, (C.uint32_t)(len(innerReceiptBuffer)), imageIdPtr, (C.uint32_t)(len(imageIdBuffer)), nil, (C.uint32_t)(0)))
+		r = (C.int32_t)(C.verify_risc_zero_receipt_ffi(receiptPtr, (C.uint32_t)(len(innerReceiptBuffer)), imageIdPtr, (C.uint32_t)(len(imageIdBuffer)), nil, (C.uint32_t)(0)))
+	} else {
+		publicInputPtr := (*C.uchar)(unsafe.Pointer(&publicInputBuffer[0]))
+		r = (C.int32_t)(C.verify_risc_zero_receipt_ffi(receiptPtr, (C.uint32_t)(len(innerReceiptBuffer)), imageIdPtr, (C.uint32_t)(len(imageIdBuffer)), publicInputPtr, (C.uint32_t)(len(publicInputBuffer))))
 	}
 
-	publicInputPtr := (*C.uchar)(unsafe.Pointer(&publicInputBuffer[0]))
-	return (bool)(C.verify_risc_zero_receipt_ffi(receiptPtr, (C.uint32_t)(len(innerReceiptBuffer)), imageIdPtr, (C.uint32_t)(len(imageIdBuffer)), publicInputPtr, (C.uint32_t)(len(publicInputBuffer))))
+	if r == -1 {
+		err = fmt.Errorf("Panic happened on FFI while verifying risc0 proof")
+		return isVerified, err
+	}
+
+	isVerified = (r == 1)
+
+	return isVerified, err
 }
