Skip to content

fix: add null checks and return code validation for KECCAK256#79

Merged
tcrypt25519 merged 5 commits into
keccakfrom
copilot/sub-pr-77
Feb 15, 2026
Merged

fix: add null checks and return code validation for KECCAK256#79
tcrypt25519 merged 5 commits into
keccakfrom
copilot/sub-pr-77

Conversation

Copilot AI commented Feb 15, 2026

Copy link
Copy Markdown

Addresses review feedback on KECCAK256 implementation to add defensive validation and proper error propagation.

Changes

  • Null pointer validation: jet_ops_keccak256 checks ctx for null before dereferencing, returns -1 on null
  • Return code propagation: Caller checks jet_ops_keccak256 return code and branches to ReturnCode::Invalid on error, following call_mem_expand_checked pattern
  • Minimal unsafe scope: Consolidated unsafe operations into small blocks with SAFETY comments per Rust 2024 edition requirements
// Before: return code ignored
bctx.builder.build_call(
    bctx.env.symbols().keccak256(),
    &[ctx.into(), offset.into(), size.into(), result.into()],
    "keccak256",
)?;

// After: check and branch on error
let ret = bctx.builder.build_call(...)?;
let ret_i8 = unsafe { IntValue::new(ret.as_value_ref()) };
let is_ok = bctx.builder.build_int_compare(EQ, ret_i8, zero, "keccak256_ok")?;
bctx.builder.build_conditional_branch(is_ok, ok_block, err_block)?;

Safety documentation clarified: ctx must be valid if non-null (runtime check handles null case), result must always be valid and non-null (UB if null).


💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@semanticdiff-com

semanticdiff-com Bot commented Feb 15, 2026

Copy link
Copy Markdown

Review changes with  SemanticDiff

Changed Files
File Status
  crates/jet_runtime/src/builtins.rs  31% smaller
  crates/jet/src/builder/ops.rs  1% smaller

Copilot AI and others added 4 commits February 15, 2026 21:08
- Add null pointer check for ctx in jet_ops_keccak256
- Check return code from jet_ops_keccak256 and propagate errors via Invalid return code
- Use minimal unsafe scopes with SAFETY comments per Rust 2024 edition requirements

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>
Consolidate multiple unsafe blocks for accessing ctx fields into a single
unsafe block that dereferences ctx once, improving readability while
maintaining the same safety guarantees.

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>
- Clarify safety documentation for ctx parameter (valid if non-null)
- Add SAFETY comment for IntValue::new call for consistency

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>
- Clarify undefined behavior when result pointer is null
- Expand SAFETY comment for IntValue::new to explain the contract

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix keccak256 opcode implementation to match EVM specification fix: add null checks and return code validation for KECCAK256 Feb 15, 2026
Copilot AI requested a review from tcrypt25519 February 15, 2026 21:11
@tcrypt25519
tcrypt25519 marked this pull request as ready for review February 15, 2026 22:00
Copilot AI review requested due to automatic review settings February 15, 2026 22:00

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds defensive validation and proper error propagation to the KECCAK256 implementation, ensuring robust error handling for potential null context pointers and invalid memory ranges. The changes align the KECCAK256 builtin with existing patterns used for memory expansion and other operations that interact with the execution context.

Changes:

  • Added null pointer check in jet_ops_keccak256 before dereferencing the context pointer, returning -1 on null
  • Implemented return code checking in the caller with explicit branching to ReturnCode::Invalid on error, following the call_mem_expand_checked pattern
  • Consolidated unsafe operations into minimal scopes with comprehensive SAFETY comments per Rust 2024 edition requirements

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
crates/jet_runtime/src/builtins.rs Added null pointer validation and memory range checks to jet_ops_keccak256, with minimal unsafe blocks and clear SAFETY documentation
crates/jet/src/builder/ops.rs Added return code checking and error branching logic to keccak256 opcode implementation, mirroring the call_mem_expand_checked pattern

@tcrypt25519
tcrypt25519 merged commit 8e767d4 into keccak Feb 15, 2026
6 checks passed
tcrypt25519 added a commit that referenced this pull request Feb 16, 2026
* fix: keccak.

* fix: add null checks and return code validation for KECCAK256 (#79)

* Initial plan

* fix: add null check and return code validation for KECCAK256

- Add null pointer check for ctx in jet_ops_keccak256
- Check return code from jet_ops_keccak256 and propagate errors via Invalid return code
- Use minimal unsafe scopes with SAFETY comments per Rust 2024 edition requirements

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

* refactor: consolidate unsafe blocks in jet_ops_keccak256

Consolidate multiple unsafe blocks for accessing ctx fields into a single
unsafe block that dereferences ctx once, improving readability while
maintaining the same safety guarantees.

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

* docs: clarify safety requirements and add SAFETY comment

- Clarify safety documentation for ctx parameter (valid if non-null)
- Add SAFETY comment for IntValue::new call for consistency

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

* docs: improve safety documentation clarity

- Clarify undefined behavior when result pointer is null
- Expand SAFETY comment for IntValue::new to explain the contract

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

* chore: CI change 🤖

* docs: validate u32 safety for EVM memory operations (ADR-004) (#80)

* Initial plan

* docs: add ADR-004 explaining why u32 is safe for EVM memory operations

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

* docs: remove line numbers and clarify implemented opcodes in ADR-004

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

---------

Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>
@tcrypt25519 tcrypt25519 linked an issue Feb 16, 2026 that may be closed by this pull request
tcrypt25519 added a commit that referenced this pull request Feb 16, 2026
* fix: keccak.

* fix: add null checks and return code validation for KECCAK256 (#79)

* Initial plan

* fix: add null check and return code validation for KECCAK256

- Add null pointer check for ctx in jet_ops_keccak256
- Check return code from jet_ops_keccak256 and propagate errors via Invalid return code
- Use minimal unsafe scopes with SAFETY comments per Rust 2024 edition requirements

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

* refactor: consolidate unsafe blocks in jet_ops_keccak256

Consolidate multiple unsafe blocks for accessing ctx fields into a single
unsafe block that dereferences ctx once, improving readability while
maintaining the same safety guarantees.

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

* docs: clarify safety requirements and add SAFETY comment

- Clarify safety documentation for ctx parameter (valid if non-null)
- Add SAFETY comment for IntValue::new call for consistency

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

* docs: improve safety documentation clarity

- Clarify undefined behavior when result pointer is null
- Expand SAFETY comment for IntValue::new to explain the contract

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

* chore: CI change 🤖

* docs: validate u32 safety for EVM memory operations (ADR-004) (#80)

* Initial plan

* docs: add ADR-004 explaining why u32 is safe for EVM memory operations

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

* docs: remove line numbers and clarify implemented opcodes in ADR-004

Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>

---------

Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: tcrypt25519 <212655132+tcrypt25519@users.noreply.github.com>
@tcrypt25519
tcrypt25519 deleted the copilot/sub-pr-77 branch February 16, 2026 20:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Fix/complete Keccak op

3 participants