Simulate: Make optional signatures an opt-in feature #5335
Conversation
| @@ -51,9 +50,6 @@ type TxnGroupResult struct { | |||
|
|
|||
| // AppBudgetConsumed is the total opcode cost used for this group | |||
| AppBudgetConsumed uint64 | |||
|
|
|||
| // FeeCredit is the fees left over after covering fees for this group | |||
| FeeCredit uint64 | |||
There was a problem hiding this comment.
I discovered this field was unused
There was a problem hiding this comment.
Is this unused even before this PR?
There was a problem hiding this comment.
Yes, I am okay with this being removed - it wasn't being serialized because I wasn't convinced enough that reporting the fee credit would be useful at the moment.
There was a problem hiding this comment.
Ok thanks. This likely will be useful at some point, but until then I'd like to remove it just to keep things clean
cmd/goal/clerk.go
Outdated
| simulateCmd.Flags().BoolVar(&signaturesOptional, "signatures-optional", false, "Allow transactions without signatures to be evaluated as if they had correct signatures") | ||
| simulateCmd.Flags().BoolVar(&liftLogLimits, "lift-log-limits", false, "Lift the limits on log opcode during simulation") |
There was a problem hiding this comment.
I wonder if we should try to get consistency among the "power pack" arguments, like
allow-empty-signatures, and allow-more-logging.
There was a problem hiding this comment.
sure, I think prefixing with allow-* or relax-* both sounds fine with me for consistent cmdline arg name.
We don't want to change internal var names, right?
There was a problem hiding this comment.
I'm open to allow-empty-signatures -- this was almost what I chose to call it anyway.
@jannotti are you suggesting changes for goal and for the REST API definitions? Right now they are the same
There was a problem hiding this comment.
I guess I'm suggesting it as widely as you'd like to make the changes. I can understand not changing the equivalent underlying variables, but also, I guess it would be nice. Same for REST.
There was a problem hiding this comment.
Renamed in 1e1fdbd to allow-empty-signatures and allow-more-logging everywhere
daemon/algod/api/server/v2/utils.go
Outdated
| @@ -391,15 +390,15 @@ func convertSimulationResult(result simulation.Result) PreEncodedSimulateRespons | |||
| var evalOverrides *model.SimulationEvalOverrides | |||
| if result.EvalOverrides != (simulation.ResultEvalOverrides{}) { | |||
| evalOverrides = &model.SimulationEvalOverrides{ | |||
| MaxLogSize: result.EvalOverrides.MaxLogSize, | |||
| MaxLogCalls: result.EvalOverrides.MaxLogCalls, | |||
| SignaturesOptional: trueOrNil(result.EvalOverrides.SignaturesOptional), | |||
There was a problem hiding this comment.
nit: I guess this can be just passing from result.EvalOverrides.SignaturesOptional, for both are *bool with nil considered as false?
There was a problem hiding this comment.
At one point I had thought that our encoder would include values if they were non-nil pointers to zero values. But after local tests it seems that's not the case and that changing this line to SignaturesOptional: &result.EvalOverrides.SignaturesOptional would have the same effect.
Since this is surprising to me, I'd rather leave this code as-is and investigate more whether what I described was ever true, or I'm misremembering something
| @@ -51,9 +50,6 @@ type TxnGroupResult struct { | |||
|
|
|||
| // AppBudgetConsumed is the total opcode cost used for this group | |||
| AppBudgetConsumed uint64 | |||
|
|
|||
| // FeeCredit is the fees left over after covering fees for this group | |||
| FeeCredit uint64 | |||
There was a problem hiding this comment.
Is this unused even before this PR?
ledger/simulation/simulator.go
Outdated
| @@ -111,30 +112,27 @@ var proxySigner = crypto.PrivateKey{ | |||
| // check verifies that the transaction is well-formed and has valid or missing signatures. | |||
| // An invalid transaction group error is returned if the transaction is not well-formed or there are invalid signatures. | |||
| // To make things easier, we support submitting unsigned transactions and will respond whether signatures are missing. | |||
| func (s Simulator) check(hdr bookkeeping.BlockHeader, txgroup []transactions.SignedTxn, debugger logic.EvalTracer) ([]int, error) { | |||
| func (s Simulator) check(hdr bookkeeping.BlockHeader, txgroup []transactions.SignedTxn, signaturesOptional bool, tracer logic.EvalTracer) error { | |||
There was a problem hiding this comment.
nit: I somehow want to negotiate with you on not to add signatureOptional bool argument to s.check signature, for you can infer from tracer.Result's EvalOverrides field about signatureOptional. I point this out for that is how I approach similar problem in lift-log-limits PR, see if it align with your thoughts.
renaming debugger to tracer looks good.
There was a problem hiding this comment.
Good idea, but I don't want to change the tracer argument from logic.EvalTracer to *evalTracer. Because it's defined as the more generic tracer, the test TestSimulateWithTrace is able to work. This test uses the mock tracer to ensure our simulated environment still calls tracer hooks properly.
I did something similar to what you suggested in ea3372e and 4a4fae0 though, which uses the ResultEvalOverrides struct instead of signaturesOptional bool to pass this option. Let me know what you think.
There was a problem hiding this comment.
ouch, didn't see it coming, I thought s.simulateWithTracer is not taking interface, now it seems a bit involved...
There was a problem hiding this comment.
The change in this file is mostly passing groupIndex in TxGroupError to tell if specific txn in group is erroring, or the group itself is ill-formed (under which case id = -1).
|
|
@ahangsu the connection is that without the changes to how simulate handles verification errors, submitting a txn without signatures (and without allow-empty-signatures) would result in an HTTP 400 error, which I think is a bit too severe and less useful. |
Summary
To be more consistent with other simulation add-ons such as higher log limits (#5247), this PR makes it so that simulated transactions must have correct and present signatures by default. Now, if the caller wishes to allow empty signatures, they must explicitly do so by including the
allow-empty-signaturesparameter.The simulation response type has also been revised with this in mind:
would-succeed. Prior to this, this field summarized both whether all transactions succeeded and whether all transactions has valid signatures. Now that empty signatures are not allowed by default, there is not much use inwould-succeed, since it's nearly as easy to see if thefailure-messagefield is present for any transaction group.missing-signaturesfrom each transaction. Since callers must opt into allowing empty signatures and we no longer reportwould-succeed, there's no need to be as explicit about whether transactions are missing signatures. This information can be found by looking at the signed transaction and noticing that no signature fields are present.Additionally, I increased the types of verification errors that simulate can report in its HTTP 200 response. Now for nearly every type of verification error (a notable exception is invalid signatures, which are tricker to pinpoint because we use batch verification), simulate will report this error using the
failure-messageandfailed-atfields. This is nice because were this not the case, submitting a transaction with a missing signature withoutallow-empty-signatureswould result in an HTTP 400 and a not as useful error message.Test Plan
New tests added and existing tests updated