NEP: 8 Title: Stack Isolation for NeoVM Author: Erik Zhang <[email protected]> Type: Standard Status: Final Created: 2017-12-26 Replaces: 4
This NEP proposes that stack isolation of the NeoVM evaluation stack should be carried out to ensure the security of dynamic invocations and provide support for future new features.
Now that NEP-4 (dynamic invocation) has been implemented, but because the NeoVM evaluation stack is not isolated, a dynamically invoked contract may break the caller's stack at runtime, resulting in the contract not being executed as expected.
On the other hand, some features, such as exception handling, also require stack isolation to be implemented.
We need a new set of instructions so that each invocation creates a separate evaluation stack and automatically copies the arguments of the function to the new stack. After the function has finished running, the return value is automatically copied to the caller's stack. In this way, the invoked contract will no longer affect the caller's behavior by modifying with the stack.
We add five new instructions for starting invocations with stack isolation: CALL_I, CALL_E, CALL_ED, CALL_ET, CALL_EDT.
The instruction CALL_I is very similar to the old instruction CALL. The difference is that CALL_I requires an operand behind the instruction for representing the number of parameters and return values to copy.
The instruction CALL_E is very similar to the old instruction APPCALL for static invocations. The difference is that CALL_E requires an operand behind the instruction for representing the number of parameters and return values to copy.
The instruction CALL_ED is very similar to the old instruction APPCALL for dynamic invocations. The difference is that CALL_ED requires an operand behind the instruction for representing the number of parameters and return values to copy.
The instruction CALL_ET is very similar to the instruction CALL_E. The difference is that CALL_ET will start a tail call.
The instruction CALL_EDT is very similar to the instruction CALL_ED. The difference is that CALL_EDT will start a tail call.
All old contracts can be executed correctly in the original instruction set, but no new contracts are proposed to continue using the old instructions. When a new contract requires dynamic invocation, the old instructions should be avoided.