Simplicity bindings

[uncomputable]

Exposes part of Simplicity's C API in Rust. At the moment, one can decode Simplicity DAGs from bytes, and one can access test programs with hardcoded bytes and their correct Merkle roots.

Todo

• Discussion: use minimal set of necessary C files instead of entire library?
• Discussion: use C test files?
• test CMRs and IMRs against C [postponed to later PR due to outdated jets]
• Make sure that FFI is safe and that pointers are freed

[uncomputable]

Please check if this is the way we should expose C bindings, @apoelstra, @sanket1729. I mimicked secp256k1-sys with important differences:

1. There is no renaming / tagging of functions.
2. The crate is called simplicity_sys, since hyphens are not allowed in crate identifiers.

[apoelstra]

In cdee8cb:

I don't think we need this array (or these files, for that matter).

[apoelstra]

Ah -- you have unit tests in -sys that use them. In this case I think you could gate this array with #[cfg(test)] so that it's not built when simplicity-sys is used as a dependency.

[uncomputable]

We could reduce the built files to a minimum. For instance, in order to construct C-DAGs from binary, we definitely need decodeMallocDag() from dag.c.

[uncomputable]

The point of this PR is to expose (1) a way to decode DAGs from bytes in C, and (2) test programs with hardcoded bytes and Merkle roots. This is why we need test_files. My original plan was to test Rust against C, but this has to be done in a future PR due to outdated jets.

[apoelstra]

In 8e45d76:

This entire function needs to be marked unsafe, or better, you need to tie the lifetime of bytes to the Bitstream type (perhaps with one of the types in std::marker). As written it takes an array bytes and then returns an object pointing into bytes' data which might outlive bytes.

[uncomputable]

I updated Bitstream to Bitstream<'a> where 'a is the lifetime of &bytes.

[apoelstra]

In 8e45d76:

This makes me a little nervous. Rust has a union keyword. Could you use that?

[uncomputable]

DagNode now uses unions, namely AuxTypes [1] and IndicesChildrenWitness [2].

[apoelstra]

Regarding "should we try to minimize the set of C", I vote no. The whole C library is super small; better to use the whole thing to make review easier. Link-time optimization will strip unused symbols from the final binaries.

Done reviewing 8e45d76. Overall this looks great!

[uncomputable]

Do we have to explicitly free the DAG in the destructor of DagNode? In the C code, the DAG is freed after use.

[apoelstra]

Yep, you need to free dag in the Drop impl of DagNode. Good catch.

[apoelstra]

In 213c697:

This comment doesn't make sense to me. At some point you do need to fclose file, don't you?

[uncomputable]

Bitstream<'a> lives at most as long as &'a bytes. According to man pages, fmemopen does not open a file descriptor, nor does a read-only stream have any buffers that need to be flushed. fclose simply closes file descriptors and flushes. If I understand correctly, this means that the FILE pointer in the stream can safely be dropped without freeing it.

That being said, not freeing a FILE pointer is probably bad practice. I will add a destructor.

[apoelstra]

I'm sure that you need to actually call fclose at some point in this source file.

Otherwise, the lifetime stuff looks like it's been fixed.

[apoelstra]

Actually, on further reading I don't know. I can't find a citation either way. It is surprising that there is no descriptor and that fileno will just fail.

[apoelstra]

Briefly reviewed 213c697. (Only changes from the last review were in the final commit; I think we'll need a bit more iteration on this one.)

[uncomputable]

I updated how DAGs are represented, and added free and fclose for each allocation and opened stream.

Because Drop now tries to free a DAG when it goes out of scope, we cannot do pointer addition to index the DAG and return a struct of the same type. The fact that DAGs are not their root node is confusing in the first place, so I decided to hide that from the user completely: A DAG has exactly one CMR, namely its root CMR. In future PRs, we can add the notion of DAG nodes, whose lifetime will depend on that of their parent DAG.

[uncomputable]

@apoelstra This should be ready to be merged. Sorry for the many force pushes.

[apoelstra]

In a0faaf2:

nit: this 'a shouldn't be there. I'm not sure why the compiler doesn't warn about this.

[apoelstra]

Could you also rebase onto master? This currently doesn't have #23 which is making it hard for me to test locally.

[apoelstra]

ACK 190a669

[sanket1729]

high level review ACK. Left a couple questions

[sanket1729]

Where are we testing the decoding works?

[uncomputable]

I assume that the values from C are correct (within C's context, using its functions). Testing Rust against C is currently not feasible, due to outdated jets, because these tests will fail.

[sanket1729]

We should also test that calculation for cmr from SCHNORR0 from rust-simplicity is same as C simplicity. What we are testing here is that is the value exported from C is correctly calculated from C.

[uncomputable]

I agree; this was my original intention of this PR. Unfortunately, outdated jets etc. make it so the Rust CMR is almost always different than the C CMR (for the same program). Rust's SCHNORR0 and C's SCHNORR0 are also very different programs, the later using jets and being much smaller. In a later PR, I will replace src/test_progs in Rust with tests that use the FFI once there is a prospect that these tests will succeed.

[apoelstra]

ACK 66135ce

[sanket1729]

utACK 66135ce. The build script seems fragile. We should have some vendoring-like script that updates the underlying library when anything changes.

[apoelstra]

Let's merge this for now. We can improve things later to write a revendoring script that will do codegen and maybe symbol renaming, but for now this is something we've wanted for a while.