conformance: wire content-index checks and policy-aware state validation#11
Merged
Merged
Conversation
Close two conformance gaps against the rc.47 corpus, taking the conformance suite from 10 failures to 0 (the two Stage 7 trust vectors are reported as out of scope, not failures). Content index (vectors 230-235): the library already implements the Stage 9b checks in validation::content_index; the conformance runner was calling skip_content_index_check() unconditionally. Wire it instead: manifest vectors that declare content_root run verify_content_index against the served index in extra_files; content vectors verify the index and then compare the document seq and body hash against the committed entry. Add content_index_path and content_root to the harness Context. State undeclared (vectors 220-221): parse_and_verify_transaction now takes an optional manifest state_policy and, when present, cross-checks each state_updates entry against the declared (namespace, key) set via the existing validate_state_updates_against_policy, producing E_STATE_UNDECLARED (plus the policy-relative E_STATE_VALUE_SIZE and E_STATE_TTL). Passing None preserves standalone verification. The conformance runner loads the policy from the manifest referenced by context.previously_verified. The Stage 7 trust-state machine remains out of scope for this crate, so vectors 210-211 are listed in an explicit skip set in the harness and reported with a printed count rather than silently passing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes the two in-scope conformance gaps reported in #10 against the rc.47 corpus (108 vectors). The conformance suite goes from 10 failures to 0; the two Stage 7 trust vectors are reported as out of scope rather than counted as failures.
Changes
Content index (vectors 230-235)
The library already implements the Stage 9b checks in
validation::content_index; the conformance runner was callingskip_content_index_check()unconditionally, so the checks never ran. Wire them instead:content_rootrunverify_content_indexagainst the served index supplied inextra_files.content_root, then compare the documentseqand body hash against the committed entry for its path.content_index_pathandcontent_rootto the harnessContext.No library changes were needed for this part.
State undeclared (vectors 220-221)
parse_and_verify_transactionnow takes an optional manifeststate_policy. WhenSome, eachstate_updatesentry is cross-checked against the declared(namespace, key)set via the existingvalidate_state_updates_against_policy, producingE_STATE_UNDECLARED(plus the policy-relativeE_STATE_VALUE_SIZEandE_STATE_TTL). PassingNonepreserves standalone verification, so a caller that does not have the manifest is unaffected; a caller that does have it gets the check without a separate call it could forget. The conformance runner loads the policy from the manifest referenced bycontext.previously_verified.The two existing transaction call sites that verify in isolation pass
None.Trust (vectors 210-211) left out of scope
The Stage 7 trust-state machine remains out of scope for this crate (documented at the crate root). Rather than leave the suite red or silently pass, these two vectors are listed in an explicit skip set in the harness and reported with a printed count. Removing an id from that set is the natural trigger when the capability lands.
Verification
cargo fmt --all --check: cleancargo clippy --all-targets --locked -- -D warnings(default andtest-utils): cleancargo doc --no-deps --all-features --lockedwith-D warnings: cleancargo test --all-targets --locked(default andtest-utils): all green, no regressionsNote on the corpus pin
CI pins the corpus at the
v1.0-rc.47tag. The 20 new vectors (including 210-211, 220-221, 230-235) are onmainof the spec repo but the tag still points at the 88-vector revision. When the tag is updated to the 108-vector revision, this change is what keeps the conformance job green.