Ensure that memory expansion (grow_memory) aborts on failure #177
Comments
|
We have discussed options of disallowing The WebAssembly spec Section 7.2 Implementation Limitations lists many more things. There are some subtle things involving recursion. |
|
In order to ensure non-determinism, I don't think we want OOG. It sounds strange that if we have sufficient gas for a given memory write, some clients may still throw an OOG because they are temporarily low on "physical" memory. |
|
The option to bound Wasm memory with gas would involve the honest majority of miners keeping the gas limit low enough so that their clients can easily handle any amount of Wasm memory that is within the gas limit. EVM uses a similar mechanism. |
|
It is not only the gas limit, but a combination of gas limit and gas price. There are two ways to cause memory allocation systematically fail while still not running out of gas: The variable in option b) can be influenced by the miners without a hard fork, while a) requires a hard fork. |
|
I mentioned in the Gitter channel that long before most systems run out of virtual memory they will thrashing so badly as to be useless. So I'm not sure this problem that is going to happen in practice. |
While the metering "spec" calls for prepending
grow_memorywith a gas check, thegrow_memoryopcode can still return a failure when enough gas is present, but not enough memory is available.@d1m0 has suggested this is an issue.
I propose that instead of only injecting a gas check,
grow_memoryshould be wrapped in a special check which causes a panic (or OOG) on the client.I'm not sure what is the best behaviour (panic, OOG or something else?), but likely leaving it alone is wrong, because that gives an opportunity to the contract developer to check for the return value of
grow_memoryand create diverging behaviours.The text was updated successfully, but these errors were encountered: