-
Notifications
You must be signed in to change notification settings - Fork 159
Non-recursive bound checks for Miniscript fragments #150
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
c74fb84
to
90377d6
Compare
@@ -211,6 +231,8 @@ impl Property for ExtData { | |||
ops_count_nsat: None, | |||
stack_elem_count_sat: Some(1), | |||
stack_elem_count_dissat: Some(1), | |||
max_sat_size: Some((33, 33)), | |||
max_dissat_size: None, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be 33. Same for other hashes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought hashes were not dissatisfiable ? Sipa implemented this https://github.com/sipa/miniscript/blob/027b422495a8ee3ea3fa7787150389bb65d1b9de/bitcoin/script/miniscript.h#L535-L538 and iirc we did too.
There is, however, a mistake on the stack_elem_count_dissat
in this case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Made stack_elem_count_dissat
None, as i really think the mistake is this way around.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that this is wrong in the sipa implementation. We should have that as 33 for reasons in the previous comment. @apoelstra
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, that is bug in the sipa implementation as he explicitly considers them being dissatifyable here:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Heh, good catch. There is definitely no canonical dissatisfaction for an unwrapped hash.
@darosior I think we want the estimation functions to return the worst-case value that is possible under standardness rules. If the fragment is supposed not to be satisfiable (for malleability checks or other reasons) then we should use the d
flag to indicate that. But if we make it imposible to even estimate these values, it will become harder to work with incomplete fragments or other malleable scripts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@darosior I think we want the estimation functions to return the worst-case value that is possible under standardness rules.
Does this mean we want this not to be None even if the dissat is malleable ? If so we could have a dissat cost for virtually all fragments here..
But if we make it imposible to even estimate these values, it will become harder to work with incomplete fragments or other malleable scripts.
Hmm.. That's how it was before this PR though ? Just to be clear (i didn't follow the last IRC discussions very closely): do we want to not ignore malleable dissatisfaction anymore ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this mean we want this not to be None even if the dissat is malleable ? If so we could have a dissat cost for virtually all fragments here..
I don't think there are any non-canonical ones that we are missing here. As you point out, it was a bug in the previous code too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for doing this :) There are some breaking API changes here, but they are worth it for sure.
It looks like one of tests was broken :) . https://github.com/rust-bitcoin/rust-miniscript/pull/150/checks?check_run_id=1226708928 |
21c2a01
to
2a43b86
Compare
2a43b86
to
616ede7
Compare
a64eb7e
to
5881733
Compare
} else { | ||
// The thresh is dissatifiable iff all sub policies are dissatifiable | ||
stack_elem_count_dissat = None; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sucks that we don't have Option::zip
or Option::zip_with
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ack 5881733
Actually can you add a commit which removes |
Added |
Based on the comment from @apoelstra, I will re-review the entire PR assuming we are allowing malleable Miniscripts. I think my first review assumed that we were dealing with malleable miniscripts. |
@@ -217,6 +235,8 @@ impl Property for ExtData { | |||
ops_count_static: 4, | |||
ops_count_sat: Some(4), | |||
ops_count_nsat: None, | |||
stack_elem_count_sat: Some(1), | |||
stack_elem_count_dissat: None, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we allow malleable dissat, this should be Some(1). Same thing for rest of the hashes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that hash fragment is
SIZE <32> EQUALVERIFY SHA256 <h> EQUAL
. So any 32 bit vec will dissat it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left a minor discussion comment about dissatisfying hash fragments.
If that requires more discussion, we can merge this PR and possibly have that as a small followup if it is required.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: the last commit gives a warning about unused std::cmp
Will need rebase on #169 |
This avoids recursion to check Segwit standardness limits. Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
This is inherently bound to the context, and avoids for the caller to set the cost of 1 depending on wether they are using Segwitv0 or Legacy. This also makes it reeturn an Option, as previously for max_witness_elements(). Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
And some other small followups to rust-bitcoin#149 Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
…inal We don't need them anymore Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
86eef9a
to
eb5e04b
Compare
Rebased on master, left a comment in the inner discussion regarding the dissat cost computation. |
@darosior , In case you missed I added a comment here. #150 (comment) . We should have hashes be dissatisfyable |
We discussed it on IRC and you told me it should be part of another PR, so i discarded the patch...
Did i misunderstand something ?
Also, this patch iirc created some new tests failure that i didn't look into. Seemed a good idea to have it as part of another PR since it clearly is a different feature ?
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
Le lundi, novembre 9, 2020 5:36 PM, Sanket Kanjalkar <notifications@github.com> a écrit :
… ***@***.***(https://github.com/darosior) , In case you missed I added a comment here. [#150 (comment)](#150 (comment)) . We should have hashes be dissatisfyable
—
You are receiving this because you were mentioned.
Reply to this email directly, [view it on GitHub](#150 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AFLK3F3OIHJLO3ARJKZ4SITSPAK7XANCNFSM4SIXNRZA).
|
@darosior , I meant we can fix the opcode stuff later. We should fix the stack size and sat cost as they a part of this PR.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ack eb5e04b
We can fix the dissat thing later
Sorry Sanket i never got to answer your comment, pretty busy right now...
|
Sure, no worries :) |
This is based on #149 and keeps track of the maximum number of stack elements and the size used by both a satisfaction and a dissatisfaction directly in the Miniscript fragment extra data.
This avoids the recursive methods currently called each time we check for limits.
TODO:
Moved from TODO to "can be done in a follow-up this one is large enough":