feat: add maximum uarch cycle to prevent overflow in collect APIs

edubart · edubart · commit bc432372249a · 2025-09-26T12:55:31.000-03:00
diff --git a/src/clua-cartesi.cpp b/src/clua-cartesi.cpp
@@ -213,6 +213,7 @@ CM_API int luaopen_cartesi(lua_State *L) {
     clua_setintegerfield(L, CM_VERSION_PATCH, "VERSION_PATCH", -1);
     clua_setintegerfield(L, CM_HASH_SIZE, "HASH_SIZE", -1);
     clua_setintegerfield(L, CM_MCYCLE_MAX, "MCYCLE_MAX", -1);
+    clua_setintegerfield(L, CM_UARCH_CYCLE_MAX, "UARCH_CYCLE_MAX", -1);
     clua_setintegerfield(L, CM_TREE_LOG2_WORD_SIZE, "TREE_LOG2_WORD_SIZE", -1);
     clua_setintegerfield(L, CM_TREE_LOG2_PAGE_SIZE, "TREE_LOG2_PAGE_SIZE", -1);
     clua_setintegerfield(L, CM_TREE_LOG2_ROOT_SIZE, "TREE_LOG2_ROOT_SIZE", -1);
@@ -224,6 +225,7 @@ CM_API int luaopen_cartesi(lua_State *L) {
     clua_setintegerfield(L, CM_BREAK_REASON_REACHED_TARGET_MCYCLE, "BREAK_REASON_REACHED_TARGET_MCYCLE", -1);
     clua_setintegerfield(L, CM_UARCH_BREAK_REASON_REACHED_TARGET_CYCLE, "UARCH_BREAK_REASON_REACHED_TARGET_CYCLE", -1);
     clua_setintegerfield(L, CM_UARCH_BREAK_REASON_UARCH_HALTED, "UARCH_BREAK_REASON_UARCH_HALTED", -1);
+    clua_setintegerfield(L, CM_UARCH_BREAK_REASON_CYCLE_OVERFLOW, "UARCH_BREAK_REASON_CYCLE_OVERFLOW", -1);
     clua_setintegerfield(L, CM_ACCESS_LOG_TYPE_ANNOTATIONS, "ACCESS_LOG_TYPE_ANNOTATIONS", -1);
     clua_setintegerfield(L, CM_ACCESS_LOG_TYPE_LARGE_DATA, "ACCESS_LOG_TYPE_LARGE_DATA", -1);
     clua_setintegerfield(L, CM_CMIO_YIELD_COMMAND_AUTOMATIC, "CMIO_YIELD_COMMAND_AUTOMATIC", -1);
diff --git a/src/json-util.cpp b/src/json-util.cpp
@@ -570,6 +570,8 @@ static std::string uarch_interpreter_break_reason_to_name(uarch_interpreter_brea
             return "uarch_halted";
         case R::reached_target_cycle:
             return "reached_target_cycle";
+        case R::cycle_overflow:
+            return "cycle_overflow";
     }
     throw std::domain_error{"invalid uarch interpreter break reason"};
 }
@@ -607,13 +609,14 @@ static interpreter_break_reason interpreter_break_reason_from_name(const std::st
 
 static uarch_interpreter_break_reason uarch_interpreter_break_reason_from_name(const std::string &name) {
     using uibr = uarch_interpreter_break_reason;
-    if (name == "reached_target_cycle") {
-        return uibr::reached_target_cycle;
+    const static std::unordered_map<std::string, uibr> g_uibr_name = {
+        {"reached_target_cycle", uibr::reached_target_cycle}, {"uarch_halted", uibr::uarch_halted},
+        {"cycle_overflow", uibr::cycle_overflow}};
+    auto got = g_uibr_name.find(name);
+    if (got == g_uibr_name.end()) {
+        throw std::domain_error{"invalid uarch interpreter break reason"};
     }
-    if (name == "uarch_halted") {
-        return uibr::uarch_halted;
-    }
-    throw std::domain_error{"invalid uarch interpreter break reason"};
+    return got->second;
 }
 
 static hash_function_type hash_function_from_name(const std::string &name) {
diff --git a/src/jsonrpc-discover.json b/src/jsonrpc-discover.json
@@ -1975,7 +1975,7 @@
       },
       "UarchInterpreterBreakReason": {
         "title": "UarchInterpreterBreakReason",
-        "enum": ["reached_target_cycle", "uarch_halted"]
+        "enum": ["reached_target_cycle", "uarch_halted", "cycle_overflow"]
       },
       "Base64String": {
         "title": "Base64String",
diff --git a/src/machine-c-api.h b/src/machine-c-api.h
@@ -37,6 +37,7 @@ extern "C" {
 #endif
 
 #define CM_MCYCLE_MAX UINT64_MAX
+#define CM_UARCH_CYCLE_MAX UINT64_C(1048576)
 
 // -----------------------------------------------------------------------------
 // API enums and structures
@@ -101,6 +102,7 @@ typedef enum cm_break_reason {
 typedef enum cm_uarch_break_reason {
     CM_UARCH_BREAK_REASON_REACHED_TARGET_CYCLE,
     CM_UARCH_BREAK_REASON_UARCH_HALTED,
+    CM_UARCH_BREAK_REASON_CYCLE_OVERFLOW,
     CM_UARCH_BREAK_REASON_FAILED,
 } cm_uarch_break_reason;
 
diff --git a/src/machine.cpp b/src/machine.cpp
diff --git a/src/uarch-constants.h b/src/uarch-constants.h
@@ -21,6 +21,7 @@
 
 #include "address-range-constants.h"
 #include "address-range-defines.h"
+#include "machine-c-api.h"
 #include "uarch-defines.h"
 
 namespace cartesi {
@@ -40,7 +41,9 @@ enum uarch_state_constants : uint64_t {
     UARCH_STATE_ALIGN_MASK = (UINT64_C(1) << UARCH_STATE_LOG2_SIZE) - 1,     ///< Mask for uarch state alignment
     UARCH_STATE_MASK = ~UARCH_STATE_ALIGN_MASK,                              ///< Mask for uarch state address space
     UARCH_STATE_CHILD_ALIGN_MASK =
-        (UINT64_C(1) << UARCH_STATE_CHILD_LOG2_SIZE) - 1 ///< Mask for uarch state child alignment
+        (UINT64_C(1) << UARCH_STATE_CHILD_LOG2_SIZE) - 1, ///< Mask for uarch state child alignment
+    UARCH_LOG2_MAX_CYCLE = EXPAND_UINT64_C(UARCH_LOG2_MAX_CYCLE_DEF),
+    UARCH_MAX_CYCLE = (UINT64_C(1) << UARCH_LOG2_MAX_CYCLE),
 };
 
 static_assert((UARCH_STATE_START_ADDRESS & UARCH_STATE_ALIGN_MASK) == 0,
@@ -61,6 +64,7 @@ static_assert(UARCH_SHADOW_START_ADDRESS < UARCH_RAM_START_ADDRESS,
     "UARCH_SHADOW_START_ADDRESS must be smaller than UARCH_RAN_START_ADDRESS");
 static_assert((UARCH_SHADOW_LENGTH & (AR_PAGE_SIZE - 1)) == 0, "UARCH_SHADOW_LENGTH must be multiple of AR_PAGE_SIZE");
 static_assert((UARCH_RAM_LENGTH & (AR_PAGE_SIZE - 1)) == 0, "UARCH_RAM_LENGTH must be multiple of AR_PAGE_SIZE");
+static_assert(UARCH_MAX_CYCLE == CM_UARCH_CYCLE_MAX, "CM_UARCH_CYCLE_MAX must be equal to UARCH_MAX_CYCLE");
 
 /// \brief ecall function codes
 enum uarch_ecall_functions : uint64_t {
diff --git a/src/uarch-defines.h b/src/uarch-defines.h
@@ -25,6 +25,9 @@
 /// \brief Log2 size of the entire uarch memory range: shadow and ram
 #define UARCH_STATE_LOG2_SIZE_DEF 22
 
+/// \brief Log2 of the expected maximum uarch cycle
+#define UARCH_LOG2_MAX_CYCLE_DEF 20
+
 // microarchitecture ecall function codes
 #define UARCH_ECALL_FN_HALT_DEF 1            // halt uarch
 #define UARCH_ECALL_FN_PUTCHAR_DEF 2         // putchar
diff --git a/src/uarch-interpret.cpp b/src/uarch-interpret.cpp
@@ -38,11 +38,8 @@ uarch_interpreter_break_reason uarch_interpret(const STATE_ACCESS a, uint64_t cy
                 break;
             case UArchStepStatus::UArchHalted:
                 return uarch_interpreter_break_reason::uarch_halted;
-            // LCOV_EXCL_START
             case UArchStepStatus::CycleOverflow:
-                // Prior condition ensures that this case is unreachable. but linter may complain about missing it
-                return uarch_interpreter_break_reason::reached_target_cycle;
-                // LCOV_EXCL_STOP
+                return uarch_interpreter_break_reason::cycle_overflow;
         }
     }
     return uarch_interpreter_break_reason::reached_target_cycle;
diff --git a/src/uarch-interpret.h b/src/uarch-interpret.h
@@ -21,7 +21,7 @@
 
 namespace cartesi {
 
-enum class uarch_interpreter_break_reason : int { reached_target_cycle, uarch_halted };
+enum class uarch_interpreter_break_reason : int { reached_target_cycle, uarch_halted, cycle_overflow };
 
 // Run the microarchitecture interpreter until cycle hits a target or a fixed point is reached
 template <typename STATE_ACCESS>
diff --git a/src/uarch-step.cpp b/src/uarch-step.cpp
@@ -1098,7 +1098,7 @@ UArchStepStatus uarch_step(const UarchState a) {
     // This must be the first read in order to match the first log access in machine::verify_step_uarch
     uint64 cycle = readCycle(a);
     // do not advance if cycle will overflow
-    if (cycle == UINT64_MAX) {
+    if (cycle >= UARCH_MAX_CYCLE) {
         return UArchStepStatus::CycleOverflow;
     }
     // do not advance if machine is halted
diff --git a/tests/lua/cmio-test.lua b/tests/lua/cmio-test.lua
@@ -108,8 +108,7 @@ if machine_type == "jsonrpc" then
     to_shutdown = jsonrpc.connect_server(remote_address):set_cleanup_call(jsonrpc.SHUTDOWN)
 end
 
--- There is no UINT64_MAX in Lua, so we have to use the signed representation
-local MAX_MCYCLE = -1
+local MAX_MCYCLE = cartesi.MCYCLE_MAX
 
 local function load_machine(name)
     local runtime = {
diff --git a/tests/lua/machine-bind.lua b/tests/lua/machine-bind.lua
@@ -27,9 +27,8 @@ local concurrency_update_hash_tree = util.parse_number(os.getenv("CARTESI_CONCUR
 
 local lua_cmd = arg[-1] .. " -e "
 
--- There is no UINT64_MAX in Lua, so we have to use the signed representation
-local MAX_MCYCLE = -1
-local MAX_UARCH_CYCLE = -1
+local MAX_MCYCLE = cartesi.MCYCLE_MAX
+local MAX_UARCH_CYCLE = cartesi.UARCH_CYCLE_MAX
 
 -- Print help and exit
 local function help()
@@ -688,6 +687,17 @@ do_test("do not advance micro cycle if uarch is halted", function(machine)
     assert(machine:read_reg("uarch_cycle") == 0, "uarch cycle should still be 0")
 end)
 
+do_test("do not advance micro cycle if uarch cycle overflows", function(machine)
+    machine:write_reg("uarch_cycle", cartesi.UARCH_CYCLE_MAX)
+    assert(machine:read_reg("uarch_cycle") == cartesi.UARCH_CYCLE_MAX, "uarch cycle should be 0")
+    local status = machine:run_uarch(cartesi.UARCH_CYCLE_MAX + 1)
+    assert(
+        status == cartesi.UARCH_BREAK_REASON_CYCLE_OVERFLOW,
+        "run_uarch should return UARCH_BREAK_REASON_CYCLE_OVERFLOW"
+    )
+    assert(machine:read_reg("uarch_cycle") == cartesi.UARCH_CYCLE_MAX, "uarch cycle should still be 0")
+end)
+
 do_test("advance micro cycles until halt", function(machine)
     assert(machine:read_reg("uarch_cycle") == 0, "uarch cycle should be 0")
     assert(machine:read_reg("uarch_halt_flag") == 0, "machine should not be halted")
@@ -1812,9 +1822,7 @@ for _, hash_fn in pairs({ "keccak256", "sha256" }) do
             check_error_find(err, "page count is zero")
             -- override page count to overflow
             copy_step_log(filename1, filename2, function(log_data)
-                -- There is no UINT64_MAX in Lua, so we have to use the signed representation
-                local MAX_MCYCLE_COUNT = -1
-                log_data.override_page_count = MAX_MCYCLE_COUNT
+                log_data.override_page_count = cartesi.MCYCLE_MAX
             end)
             _, err = pcall(function()
                 machine:verify_step(root_hash_before, filename2, mcycle_count, bad_hash)
diff --git a/tests/lua/machine-test.lua b/tests/lua/machine-test.lua
@@ -24,8 +24,7 @@ local jsonrpc
 -- run on the same computer and cartesi-jsonrpc-machine execution path
 -- must be provided
 
--- There is no UINT64_MAX in Lua, so we have to use the signed representation
-local MAX_MCYCLE = -1
+local MAX_MCYCLE = cartesi.MCYCLE_MAX
 
 local remote_address
 local test_path = "/tmp/"
diff --git a/tests/lua/mcycle-overflow.lua b/tests/lua/mcycle-overflow.lua
@@ -19,9 +19,8 @@
 local cartesi = require("cartesi")
 local test_util = require("cartesi.tests.util")
 
--- There is no UINT64_MAX in Lua, so we have to use the signed representation
-local MAX_MCYCLE = -1
-local MAX_UARCH_CYCLE = -1
+local MAX_MCYCLE = cartesi.MCYCLE_MAX
+local MAX_UARCH_CYCLE = cartesi.UARCH_CYCLE_MAX
 
 local function build_machine()
     local config = {
diff --git a/tests/lua/spec-collect-hashes.lua b/tests/lua/spec-collect-hashes.lua
@@ -370,13 +370,12 @@ describe("collect hashes", function()
                 expect.equal(machine:read_reg("mcycle"), mcycle_start)
                 expect.equal(machine:get_root_hash(), expected_root_hash)
 
-                expect.equal(machine:collect_uarch_cycle_root_hashes(mcycle_period), {
-                    hashes = {},
-                    reset_indices = {},
-                    break_reason = cartesi.BREAK_REASON_HALTED,
-                })
+                local collected_uarch = machine:collect_uarch_cycle_root_hashes(mcycle_end)
                 expect.equal(machine:read_reg("mcycle"), mcycle_start)
                 expect.equal(machine:get_root_hash(), expected_root_hash)
+                expect.equal(collected_uarch.break_reason, cartesi.BREAK_REASON_HALTED)
+                expect.equal(#collected_uarch.reset_indices, 1)
+                expect.equal(collected_uarch.hashes[collected_uarch.reset_indices[1]], expected_root_hash)
             end)
 
             it("should break as yielded when collecting with a yielded machine", function()
@@ -396,13 +395,12 @@ describe("collect hashes", function()
                 expect.equal(machine:read_reg("mcycle"), mcycle_start)
                 expect.equal(machine:get_root_hash(), expected_root_hash)
 
-                expect.equal(machine:collect_uarch_cycle_root_hashes(mcycle_period), {
-                    hashes = {},
-                    reset_indices = {},
-                    break_reason = cartesi.BREAK_REASON_YIELDED_MANUALLY,
-                })
+                local collected_uarch = machine:collect_uarch_cycle_root_hashes(mcycle_end)
                 expect.equal(machine:read_reg("mcycle"), mcycle_start)
                 expect.equal(machine:get_root_hash(), expected_root_hash)
+                expect.equal(collected_uarch.break_reason, cartesi.BREAK_REASON_YIELDED_MANUALLY)
+                expect.equal(#collected_uarch.reset_indices, 1)
+                expect.equal(collected_uarch.hashes[collected_uarch.reset_indices[1]], expected_root_hash)
             end)
 
             it("should break as halted when collecting up to the same mcycle with a halted machine", function()
@@ -421,13 +419,11 @@ describe("collect hashes", function()
                 expect.equal(machine:read_reg("mcycle"), mcycle_end)
                 expect.equal(machine:get_root_hash(), expected_root_hash)
 
-                expect.equal(machine:collect_uarch_cycle_root_hashes(mcycle_end), {
-                    hashes = {},
-                    reset_indices = {},
-                    break_reason = cartesi.BREAK_REASON_HALTED,
-                })
-                expect.equal(machine:read_reg("mcycle"), mcycle_end)
+                local collected_uarch = machine:collect_uarch_cycle_root_hashes(mcycle_end)
                 expect.equal(machine:get_root_hash(), expected_root_hash)
+                expect.equal(collected_uarch.break_reason, cartesi.BREAK_REASON_HALTED)
+                expect.equal(#collected_uarch.reset_indices, 1)
+                expect.equal(collected_uarch.hashes[collected_uarch.reset_indices[1]], expected_root_hash)
             end)
 
             it("should break as yielded when collecting up to the same mcycle with a yielded machine", function()
@@ -446,13 +442,11 @@ describe("collect hashes", function()
                 expect.equal(machine:read_reg("mcycle"), mcycle_end)
                 expect.equal(machine:get_root_hash(), expected_root_hash)
 
-                expect.equal(machine:collect_uarch_cycle_root_hashes(mcycle_end), {
-                    hashes = {},
-                    reset_indices = {},
-                    break_reason = cartesi.BREAK_REASON_YIELDED_MANUALLY,
-                })
-                expect.equal(machine:read_reg("mcycle"), mcycle_end)
+                local collected_uarch = machine:collect_uarch_cycle_root_hashes(mcycle_end)
                 expect.equal(machine:get_root_hash(), expected_root_hash)
+                expect.equal(collected_uarch.break_reason, cartesi.BREAK_REASON_YIELDED_MANUALLY)
+                expect.equal(#collected_uarch.reset_indices, 1)
+                expect.equal(collected_uarch.hashes[collected_uarch.reset_indices[1]], expected_root_hash)
             end)
 
             it("should collect mcycles during mcycle overflow", function()
@@ -497,12 +491,11 @@ describe("collect hashes", function()
                 expect.equal(#collected_uarch.reset_indices, 2)
                 expect.equal(machine:read_reg("mcycle"), cartesi.MCYCLE_MAX)
 
-                expect.equal(machine:collect_uarch_cycle_root_hashes(cartesi.MCYCLE_MAX), {
-                    hashes = {},
-                    reset_indices = {},
-                    break_reason = cartesi.BREAK_REASON_REACHED_TARGET_MCYCLE,
-                })
-                expect.equal(machine:read_reg("mcycle"), cartesi.MCYCLE_MAX)
+                collected_uarch = machine:collect_uarch_cycle_root_hashes(cartesi.MCYCLE_MAX)
+                expect.equal(machine:get_root_hash(), expected_root_hash)
+                expect.equal(collected_uarch.break_reason, cartesi.BREAK_REASON_REACHED_TARGET_MCYCLE)
+                expect.equal(#collected_uarch.reset_indices, 1)
+                expect.equal(collected_uarch.hashes[collected_uarch.reset_indices[1]], expected_root_hash)
             end)
 
             local add_machine_config = {

Original file line number	Diff line number	Diff line change
`@@ -38,11 +38,8 @@ uarch_interpreter_break_reason uarch_interpret(const STATE_ACCESS a, uint64_t cy`
`38`	`38`	`break;`
`39`	`39`	`case UArchStepStatus::UArchHalted:`
`40`	`40`	`return uarch_interpreter_break_reason::uarch_halted;`
`41`		`- // LCOV_EXCL_START`
`42`	`41`	`case UArchStepStatus::CycleOverflow:`
`43`		`- // Prior condition ensures that this case is unreachable. but linter may complain about missing it`
`44`		`- return uarch_interpreter_break_reason::reached_target_cycle;`
`45`		`- // LCOV_EXCL_STOP`
	`42`	`+ return uarch_interpreter_break_reason::cycle_overflow;`
`46`	`43`	`}`
`47`	`44`	`}`
`48`	`45`	`return uarch_interpreter_break_reason::reached_target_cycle;`
Original file line number	Diff line number	Diff line change
`@@ -1098,7 +1098,7 @@ UArchStepStatus uarch_step(const UarchState a) {`
`1098`	`1098`	`// This must be the first read in order to match the first log access in machine::verify_step_uarch`
`1099`	`1099`	`uint64 cycle = readCycle(a);`
`1100`	`1100`	`// do not advance if cycle will overflow`
`1101`		`- if (cycle == UINT64_MAX) {`
	`1101`	`+ if (cycle >= UARCH_MAX_CYCLE) {`
`1102`	`1102`	`return UArchStepStatus::CycleOverflow;`
`1103`	`1103`	`}`
`1104`	`1104`	`// do not advance if machine is halted`