Skip to content

feat: enforce additive-only storage layout changes for PDPVerifier#263

Open
Chaitu-Tatipamula wants to merge 6 commits intoFilOzone:mainfrom
Chaitu-Tatipamula:main
Open

feat: enforce additive-only storage layout changes for PDPVerifier#263
Chaitu-Tatipamula wants to merge 6 commits intoFilOzone:mainfrom
Chaitu-Tatipamula:main

Conversation

@Chaitu-Tatipamula
Copy link
Copy Markdown
Contributor

@Chaitu-Tatipamula Chaitu-Tatipamula commented Mar 24, 2026
edited
Loading

Summary

Implements storage slot safety for the PDPVerifier upgradable contract
by enforcing that storage layout changes are strictly additive,
preventing storage collision bugs during contract upgrades.

Resolves #258

What's Checked

Scenario Detected
❌ Removing existing storage slots Yes
❌ Changing the slot number of an existing variable Yes
❌ Inserting new slots in the middle (shifting existing slots) Yes
✅ Appending new slots at the end Allowed

Changes

  • tools/generate_storage_layout.sh: Script to generate
    PDPVerifierLayout.sol from contract source using forge inspect
  • tools/check_storage_layout.sh: Validates that storage layout
    changes only add new slots at the end; flags destructive changes like
    removed slots, moved slots, or inserted slots
  • src/PDPVerifierLayout.sol: Generated file with 17 storage slots
    (must be committed and kept in sync)
  • Makefile: Added gen, check-layout, clean-gen targets for
    managing storage layout
  • .github/workflows/check-storage-layout.yml: New CI workflow to
    verify storage layout on all pushes/PRs
  • .github/workflows/makefile.yml: Added storage layout check to
    existing CI

Usage

make gen              # Generate/rebuild storage layout
make check-layout     # Check for destructive changes (runs in CI)
make clean-gen        # Clean generated files

@Chaitu-Tatipamula Chaitu-Tatipamula force-pushed the main branch 4 times, most recently from cd8e935 to 4f8bf8c Compare March 24, 2026 09:14
@rjan90 rjan90 added this to FOC Apr 13, 2026
@github-project-automation github-project-automation bot moved this to 📌 Triage in FOC Apr 13, 2026
@rjan90 rjan90 moved this from 📌 Triage to 🔎 Awaiting review in FOC Apr 13, 2026
@rjan90 rjan90 moved this to 🔎 Awaiting review in PDP Apr 13, 2026
@rjan90 rjan90 added this to the M4.2: mainnet GA milestone Apr 13, 2026
rjan90
rjan90 reviewed Apr 13, 2026
View reviewed changes
Makefile
Comment on lines +90 to +93
.PHONY: check-layout
check-layout:
@echo "Checking storage layout for destructive changes..."
@bash tools/check_storage_layout.sh No newline at end of file
Copy link
Copy Markdown
Contributor

@rjan90 rjan90 Apr 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check-layout only validates the checked-in PDPVerifierLayout.sol; it never regenerates it from src/PDPVerifier.sol. That means CI can pass with a stale layout file. Please make this check rebuild the layout first and fail if the regenerated output differs from the committed file, then run the additive-only validation.

rjan90
rjan90 reviewed Apr 13, 2026
View reviewed changes
tools/check_storage_layout.sh Outdated
Comment on lines +168 to +174
if ! git show "$BASE_REF:$FULL_LAYOUT_FILE" > "$TEMP_BASE_LAYOUT" 2>/dev/null; then
echo "Warning: Could not retrieve base layout, assuming new file"
if validate_layout_format "$LAYOUT_FILE"; then
echo "Storage layout format validated"
exit 0
else
exit 1
Copy link
Copy Markdown
Contributor

@rjan90 rjan90 Apr 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This fallback is too permissive for CI: when the base ref or base layout cannot be loaded, the script warns and exits successfully after format-only validation. That downgrades the safety check to a no-op. Please make missing base refs a hard failure in CI, and only skip comparison when the layout file truly does not exist yet on the base branch.

rjan90
rjan90 requested changes Apr 13, 2026
View reviewed changes
.github/workflows/makefile.yml
Comment on lines +38 to +41
- name: Check storage layout
run: |
export PATH="/home/runner/.config/.foundry/bin:$PATH";
make check-layout;
Copy link
Copy Markdown
Contributor

@rjan90 rjan90 Apr 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This new step depends on the PR base ref, but the workflow doesn’t fetch it, so the check can silently degrade in shallow clones. Please either set fetch-depth: 0 on checkout or explicitly fetch ${{ github.base_ref }} before make check-layout.

@github-project-automation github-project-automation bot moved this from 🔎 Awaiting review to ⌨️ In Progress in FOC Apr 13, 2026
@Chaitu-Tatipamula
fix(ci): address PR review feedback on storage layout checks
f903628 
- Update Makefile 'check-layout' to regenerate layouts and enforce git diff check
- Restructure check_storage_layout.sh CI fallback to strictly fail
- Transition script to use precise JSON metadata layout validation
- Ensure 'fetch-depth: 0' in Github Actions for full historical diffing
- Auto-generate PDPVerifierLayout.json snapshot
@Chaitu-Tatipamula
fix(ci): canonicalize layout json types resolving against dictionary
13a0e02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rjan90 rjan90 Awaiting requested review from rjan90

Requested changes must be addressed to merge this pull request.

Assignees

@Chaitu-Tatipamula Chaitu-Tatipamula

Labels

None yet

Projects

FOC
Status: ⌨️ In Progress
PDP
Status: 🔎 Awaiting review

Milestone

M4.2: mainnet GA

Development

Successfully merging this pull request may close these issues.

Setup *ServiceLayout.sol and enforce that we only make additions

2 participants

@Chaitu-Tatipamula @rjan90