-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dag-cbor: add ability to validate input without fully deserializing #158
Comments
Based on https://github.com/filecoin-project/FIPs/pull/483/files#r1013446172 comment, it sounds being more than syntactical validation, e.g. key ordering. I guess using the Serde code path wouldn't add much overhead, if the deserialized values are dropped (I assume something like that is possible, I haven't tried). If a custom validation function is added, it should be benchmark against a Serde version, to see if the performance justifies having a separate code with potentially introduces bugs. |
@vmx How would a serde path work here? This is a dynamic data structure whose schema we don't know. |
@raulk: You can deserialize to an |
Yes I know, but validating the whole input would imply deserialising into ipld::Ipld, which uses owned data, so it's not zero-copy syntactical validation? |
Here's a PR: #159 I'm working on removing the recursion. I have some ideas. |
Correct. Though I think zero-copy should be possible with Serde, it's just not implemented in |
@Stebalien hinted that deserializing into IgnoredAny may do the trick here. |
Unfortunately, we've found that that doesn't quite work as upstream (cbor4ii) doesn't validate minimality. |
We already kind of patch upstream in serde_ipld_dag_cbor, could it be integrated there? I'd surely be interested in pushing as much as possible upstream. |
To implement filecoin-project/FIPs#483 securely in the FVM, we need to validate that entry values are well-formed DAG-CBOR payloads. All we need is to perform syntatical validation without incurring in any serde costs/overheads.
The text was updated successfully, but these errors were encountered: