Feature/contract to contract -> master #3397
Conversation
* Three new globals for to help contract-to-contract usability * detritis * Check error * doc comments
| require.Error(t, err) | ||
| require.Contains(t, err.Error(), "greater than protocol supported version") | ||
| _, err = Eval(ops.Program, ep) | ||
| ep, _, _ := makeSampleEnvWithVersion(1) |
There was a problem hiding this comment.
I do not think it is a good idea to use a fake protocol makeSampleTxn in a test checking specific pre-app behavior. I'd rather avoid modifying these backward compact tests at all
There was a problem hiding this comment.
The thing we are checking here is whether the version handling is done properly. So we set the allowed logic version to a known value, and confirm that anything higher is rejected.
If we want to separately test that protocol.ConsensusV23 has a particular version, that seems ok, but why not test that every single consensus version is exactly what it always has been? It certainly doesn't seem like a test for the logic package.
| ep.Proto = &proto | ||
| ep.Ledger = ledger | ||
| ep.TxnGroup = txgroup | ||
| ep, tx, _ := makeSampleEnvWithVersion(1) |
There was a problem hiding this comment.
same as above, can't we let it be as is? especially defaultEvalParams stil lexist and looks like no need to update the test.
There was a problem hiding this comment.
I can't see why we would test that config.Consensus[protocl.ConsensusV23] has a specific logicsig version when what we're trying to see is if fields are properly rejected by having the wrong version. You might as well just require.Equal(t, config.Consensus[protocol.ConsensusV23].LogicVersion, 4)
There was a problem hiding this comment.
ConsensusV23 is pre-app version where teal programs might have v0 and v1, and the test checks if pre-app TEAL programs fail with with rekey set and etc. The new code makes a fake proto with TEAL v1 only, and if fact does not check real scenario.
| if _, ok := cx.Txn.EvalDelta.LocalDeltas[accountIdx]; !ok { | ||
| cx.Txn.EvalDelta.LocalDeltas[accountIdx] = basics.StateDelta{} | ||
| } | ||
| cx.Txn.EvalDelta.LocalDeltas[accountIdx][key] = tv.ToValueDelta() |
There was a problem hiding this comment.
Shouldn't the size of LocalDeltas be capped to config.MaxEvalDeltaAccounts ?
There was a problem hiding this comment.
That's an interesting question, and something I'm still grappling with for allocbounds. I don't think that our code explicitly enforces many of the allocbounds. Instead, the allocbounds are calculated so that they can not be exceeded (they are usually the max across any protocol version, or something even more conservative).
I do think we have a problem if we ever get that wrong (as we've been talking about the last few days). But I don't know if should just sprinkle checks around.
I suppose I would feel safer if I wrote some sort of func (ad ApplyData) checkAllocBounds() that recursively checked them, and invoked it at the end of evaluation. Does that sound reasonable?
There was a problem hiding this comment.
The high level design was to write the code so that it wouldn't have the ability to generate unrealistic sizes of arrays/maps. Then, the msgp allocbound were set to align with these.
I don't believe that we have too many locations that have these issue. I think that it would be less error prone to perform that inline rather than "export" that process. ( i.e. keep the limits next to the variable )
There was a problem hiding this comment.
In that regard, this is true here. The allocbound is huge (2048) but the number of different accounts that can be the accountIdx here is limited to 5. (The number of accounts in the static array, plus one for sender.)
| return | ||
| } | ||
|
|
||
| addr, _, err := cx.accountReference(cx.stack[last]) |
There was a problem hiding this comment.
mutableAccountReference? as the call to ledger.Balance below assumes this is preexisting account, and mutableAccountReference returns non-error only for existing addresses
There was a problem hiding this comment.
mutable only means that the the account being looked up must have an index in the static array (or be the sender so we can use 0). The idea is that we have added some rules to allow access to more accounts, but we have no way to write a LocalDelta unless we have an index. So we can't allow access to those extra accounts for writes. That means we only need mutableAccount() when doing a put or delete.
There was a problem hiding this comment.
I like the change and exceed testing. It might be worth exploring a case of self opting-in and setting own local state when signed with a logic sig.
Another point is to check the old cow ApplyData calculation and the new ApplyData in logic produce roughly the same results (exclude nil vs empty maps and so on).
I'll make another readout of logic.eval and revisit previous questions.
Btw, I found divw and bsqrt are not relevant to this PR but looks like it is too much work to extract it.
| evalDelta.Logs = params.TxnGroup[gi].EvalDelta.Logs | ||
| evalDelta.InnerTxns = params.TxnGroup[gi].EvalDelta.InnerTxns | ||
| } else { | ||
| evalDelta = params.TxnGroup[gi].EvalDelta |
There was a problem hiding this comment.
Since state modification from logic.eval goes into ledger state functions, shouldn't we have a test comparing deltas from logic to what BuildEvalDelta would build?
|
Please consider adding the following test:
|
An app cannot opt its account into itself, because that would require re-entrancy. (To optin into yourself, you'd need to issue an app call to yourself with OnCompletion=OptIn) Is the main idea to see if, when A calls B, if B makes changes, those changes are visible to A? |
|
Looks like we also missing global/local state reads in scenarios like these:
From the code I see it should work but I do not see tests checking this (no add_global_get opcode is on only in old tests). |
* Test current state of inner clear state behavior * First half of clear state fixes. Prevents inner calls in CSP Should also implement the "CSP requires 700 budget and can't spend more than 700 budget" rule, but tests still required. * Match program version. Don't allow downgrade < 6. * partition test * typo Co-authored-by: Michael Diamant <michaeldiamant@users.noreply.github.com> * typo Co-authored-by: Michael Diamant <michaeldiamant@users.noreply.github.com> * Make the default clear_state program match versions to approval * Correct some tests that now need programs present * Fix test to actually test INNER clear state * Add tests for opcode budget and CSPs * Improve tracing for inner app calls * Error now reports what the cost *was* before the attempted inst. * Simplify type switch and maybe kick CI? * Fewer copies during inner processing Co-authored-by: Michael Diamant <michaeldiamant@users.noreply.github.com>
* test for global modifications by various inner apps * CR adjustments to feeCredit * Test local state sharing too. * explain clear state details
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
data/transactions/logic/eval.go
Outdated
| return | ||
| } | ||
|
|
||
| // if deleting a non-existant value, do nothing, matching ledger behavior |
There was a problem hiding this comment.
🚫 [Lint Errors] reported by reviewdog 🐶existant is a misspelling of existent (misspell)
data/transactions/logic/eval.go
Outdated
| @@ -3440,7 +3744,19 @@ func opAppGlobalDel(cx *EvalContext) { | |||
| return | |||
| } | |||
|
|
|||
| err := cx.Ledger.DelGlobal(key) | |||
| // if deleting a non-existant value, do nothing, matching ledger behavior | |||
There was a problem hiding this comment.
🚫 [Lint Errors] reported by reviewdog 🐶existant is a misspelling of existent (misspell)
No description provided.