Skip to main content

Module input

rsaeb

Module input 

Source
Expand description

Runtime-input boundary types.

Host bytes enter the interpreter as RuntimeInputSource, then RuntimeInput::validate checks the runtime input contract before storing owned runtime-domain bytes. Execution consumes a RunSeed admitted from validated input and execution limits, so input validation and execution budgets cannot be conflated.

The three public values in this module represent three different states:

  • RuntimeInputSource is a borrowed label for raw host bytes. It has not proven ASCII validity and it owns nothing.
  • RuntimeInput owns bytes after the runtime-input contract has been checked. It still has no step, state, or return-output budget.
  • RunSeed consumes validated input with execution limits and proves that the initial runtime state may be created for exactly one execution.

Admission is deliberately separate from validation. Input construction can fail because the raw bytes are not acceptable runtime input; admission can fail because acceptable input is too large to become the initial state under this run’s execution policy.

use rsaeb::error::RunAdmissionError;
use rsaeb::input::{RunSeed, RuntimeInput, RuntimeInputSource};
use rsaeb::limits::{
    ExecutionLimits, ReturnByteLimit, RuntimeInputByteLimit, RuntimeInputLimits,
    RuntimeStateByteLimit, StepLimit,
};

let input_limits = RuntimeInputLimits::new(RuntimeInputByteLimit::new(8));
let input = RuntimeInput::validate(RuntimeInputSource::from_bytes(b"abcd"), input_limits)?;
let execution_limits = ExecutionLimits::new(
    StepLimit::new(10),
    RuntimeStateByteLimit::new(3),
    ReturnByteLimit::new(8),
);

let Err(error) = RunSeed::admit(input, execution_limits) else {
    return Err("expected run admission to reject the initial state".into());
};

if !matches!(
    error,
    RunAdmissionError::InitialStateTooLarge { attempted_len, .. }
        if attempted_len.get() == 4
) {
    return Err("unexpected admission error".into());
}

Structs§

RunSeed
Run-start witness tying checked input to execution limits.
RuntimeInput
Runtime input admitted after validation.
RuntimeInputSource
Borrowed runtime input source at the validation boundary.