Add panic catch on operator calling verify_sp1_proof ffi

Author: Julian Ventura

operator/pkg/operator.go

@@ -475,9 +475,8 @@ func (o *Operator) verify(verificationData VerificationData, results chan bool)
 		results <- verificationResult
 
 	case common.SP1:
-		verificationResult := sp1.VerifySp1Proof(verificationData.Proof, verificationData.VmProgramCode)
-		o.Logger.Infof("SP1 proof verification result: %t", verificationResult)
-		results <- verificationResult
+		verificationResult, err := sp1.VerifySp1Proof(verificationData.Proof, verificationData.VmProgramCode)
+		o.handleVerificationResult(results, verificationResult, err, "SP1 proof verification")
 
 	case common.Risc0:
 		verificationResult := risc_zero.VerifyRiscZeroReceipt(verificationData.Proof,
@@ -491,6 +490,16 @@ func (o *Operator) verify(verificationData VerificationData, results chan bool)
 	}
 }
 
+func (o *Operator) handleVerificationResult(results chan bool, isVerified bool, err error, name string) {
+	if err != nil {
+		o.Logger.Errorf("%v failed %v", name, err)
+		results <- false
+	} else {
+		o.Logger.Infof("%v result: %t", name, isVerified)
+		results <- isVerified
+	}
+}
+
 // VerifyPlonkProofBLS12_381 verifies a PLONK proof using BLS12-381 curve.
 func (o *Operator) verifyPlonkProofBLS12_381(proofBytes []byte, pubInputBytes []byte, verificationKeyBytes []byte) bool {
 	return o.verifyPlonkProof(proofBytes, pubInputBytes, verificationKeyBytes, ecc.BLS12_381)

operator/sp1/lib/sp1.h

@@ -1,5 +1,5 @@
 #include <stdbool.h>
 #include <stdint.h>
 
-bool verify_sp1_proof_ffi(unsigned char *proof_buffer, uint32_t proof_len,
+int32_t verify_sp1_proof_ffi(unsigned char *proof_buffer, uint32_t proof_len,
                           unsigned char *elf_buffer, uint32_t elf_len);

operator/sp1/lib/src/lib.rs

@@ -7,7 +7,7 @@ lazy_static! {
 }
 
 #[no_mangle]
-pub extern "C" fn verify_sp1_proof_ffi(
+extern "C" fn inner_verify_sp1_proof_ffi(
     proof_bytes: *const u8,
     proof_len: u32,
     elf_bytes: *const u8,
@@ -35,6 +35,23 @@ pub extern "C" fn verify_sp1_proof_ffi(
     false
 }
 
+#[no_mangle]
+pub extern "C" fn verify_sp1_proof_ffi(
+    proof_bytes: *const u8,
+    proof_len: u32,
+    elf_bytes: *const u8,
+    elf_len: u32,
+) -> i32 {
+    let result = std::panic::catch_unwind(|| {
+        inner_verify_sp1_proof_ffi(proof_bytes, proof_len, elf_bytes, elf_len)
+    });
+
+    match result {
+        Ok(v) => v as i32,
+        Err(_) => -1,
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -49,7 +66,7 @@ mod tests {
 
         let result =
             verify_sp1_proof_ffi(proof_bytes, PROOF.len() as u32, elf_bytes, ELF.len() as u32);
-        assert!(result)
+        assert_eq!(result, 1)
     }
 
     #[test]
@@ -63,6 +80,6 @@ mod tests {
             elf_bytes,
             ELF.len() as u32,
         );
-        assert!(!result)
+        assert_eq!(result, 0)
     }
 }

operator/sp1/sp1.go

@@ -8,14 +8,35 @@ package sp1
 */
 import "C"
 import "unsafe"
+import "fmt"
 
-func VerifySp1Proof(proofBuffer []byte, elfBuffer []byte) bool {
+func VerifySp1Proof(proofBuffer []byte, elfBuffer []byte) (isVerified bool, err error) {
+	// Here we define the return value on failure
+	isVerified = false
+	err = nil
 	if len(proofBuffer) == 0 || len(elfBuffer) == 0 {
-		return false
+		return isVerified, err
 	}
 
+	// This will catch any go panic
+	defer func() {
+		rec := recover()
+		if rec != nil {
+			err = fmt.Errorf("Panic was caught while verifying sp1 proof: %s", rec)
+		}
+	}()
+
 	proofPtr := (*C.uchar)(unsafe.Pointer(&proofBuffer[0]))
 	elfPtr := (*C.uchar)(unsafe.Pointer(&elfBuffer[0]))
 
-	return (bool)(C.verify_sp1_proof_ffi(proofPtr, (C.uint32_t)(len(proofBuffer)), elfPtr, (C.uint32_t)(len(elfBuffer))))
+	r := (C.int32_t)(C.verify_sp1_proof_ffi(proofPtr, (C.uint32_t)(len(proofBuffer)), elfPtr, (C.uint32_t)(len(elfBuffer))))
+
+	if r == -1 {
+		err = fmt.Errorf("Panic happened on FFI while verifying sp1 proof")
+		return isVerified, err
+	}
+
+	isVerified = true
+
+	return isVerified, err
 }