node: take context as argument to all ConstructNode constructors

In the new GhostCell paradigm it will be impossible for a Type (and
therefore a ConstructNode) to outlive its context. This means that
all the methods which currently return a disembodied ConstructNode
need to accept a context as a parameter.

In effect, this puts "direct constructors" and parsers/decoders of
ConstructNodes on even footing: people doing direct construction of
programs have always needed to create a context and keep track of it,
since the constructors iden(), unit(), witness() and jets all need
one. The other constructors simply copy the context Arc from the
objects.

This design had a couple goals:

* Minimizing pain for users by minimizing the number of places they had
  to pass a context object
* Minimizing errors by using "the correct context object" automatically
  by storing an Arc and cloning it behind the scenes
* Allowing users of decode_expression and ConstructNode::from_str to not
  think about contexts at all.

However, I observe that the "minimizing pain" goal is not that valuable
since this only applies to ConstructNode (since CommitNode and RedeemNode
have complete types in them, and these are much more commonly used than
ConstructNode). Furthermore:

* The current logic actually makes it impossible to decode two expressions
  and then combine them, since they'll have different associated type
  contexts. (I guess nobody has tried this?? They would get a panic.)
* The "minimizing errors" goal we can achieve by GhostCell, at compile
  time and much more thoroughly, and in a way that "feels Rustic" in
  that it levers the existing borrowchecker.

Author: apoelstra

fuzz/fuzz_targets/c_rust_merkle.rs

@@ -7,6 +7,7 @@ fn do_test(data: &[u8]) {
     use simplicity::ffi::tests::{ffi::SimplicityErr, run_program, TestUpTo};
     use simplicity::hashes::sha256::Midstate;
     use simplicity::jet::Elements;
+    use simplicity::types;
     use simplicity::{BitIter, RedeemNode};
 
     // To decode the program length, we first try decoding the program using
@@ -17,7 +18,10 @@ fn do_test(data: &[u8]) {
     // If the program doesn't decode, just use the first byte as a "length".
     let prog_len = {
         let mut iter = BitIter::from(data);
-        match simplicity::decode::decode_expression::<_, Elements>(&mut iter) {
+        match simplicity::decode::decode_expression::<_, Elements>(
+            &types::Context::new(),
+            &mut iter,
+        ) {
             Ok(_) => (iter.n_total_read() + 7) / 8,
             Err(_) => match data.first() {
                 Some(&n) => core::cmp::min(data.len(), n.into()),

src/bit_encoding/decode.rs

@@ -154,6 +154,7 @@ impl<J: Jet> DagLike for (usize, &'_ [DecodeNode<J>]) {
 }
 
 pub fn decode_expression<'brand, I: Iterator<Item = u8>, J: Jet>(
+    ctx: &types::Context<'brand>,
     bits: &mut BitIter<I>,
 ) -> Result<ArcNode<'brand, J>, Error> {
     enum Converted<'brand, J: Jet> {
@@ -173,7 +174,6 @@ pub fn decode_expression<'brand, I: Iterator<Item = u8>, J: Jet>(
     let len = bits.read_natural::<usize>(None)?;
     assert_ne!(len, 0, "impossible to encode 0 in Simplicity");
 
-    let inference_context = types::Context::new();
     let mut nodes = Vec::with_capacity(cmp::min(len, 10_000));
     for _ in 0..len {
         let new_node = decode_node(bits, nodes.len())?;
@@ -191,8 +191,8 @@ pub fn decode_expression<'brand, I: Iterator<Item = u8>, J: Jet>(
         }
 
         let new = match nodes[data.node.0] {
-            DecodeNode::Unit => Node(ArcNode::unit(&inference_context)),
-            DecodeNode::Iden => Node(ArcNode::iden(&inference_context)),
+            DecodeNode::Unit => Node(ArcNode::unit(ctx)),
+            DecodeNode::Iden => Node(ArcNode::iden(ctx)),
             DecodeNode::InjL(i) => Node(ArcNode::injl(converted[i].get()?)),
             DecodeNode::InjR(i) => Node(ArcNode::injr(converted[i].get()?)),
             DecodeNode::Take(i) => Node(ArcNode::take(converted[i].get()?)),
@@ -218,18 +218,16 @@ pub fn decode_expression<'brand, I: Iterator<Item = u8>, J: Jet>(
                 converted[i].get()?,
                 &Some(Arc::clone(converted[j].get()?)),
             )?),
-            DecodeNode::Witness => Node(ArcNode::witness(&inference_context, None)),
-            DecodeNode::Fail(entropy) => Node(ArcNode::fail(&inference_context, entropy)),
+            DecodeNode::Witness => Node(ArcNode::witness(ctx, None)),
+            DecodeNode::Fail(entropy) => Node(ArcNode::fail(ctx, entropy)),
             DecodeNode::Hidden(cmr) => {
                 if !hidden_set.insert(cmr) {
                     return Err(Error::SharingNotMaximal);
                 }
                 Hidden(cmr)
             }
-            DecodeNode::Jet(j) => Node(ArcNode::jet(&inference_context, j)),
-            DecodeNode::Word(ref w) => {
-                Node(ArcNode::const_word(&inference_context, w.shallow_clone()))
-            }
+            DecodeNode::Jet(j) => Node(ArcNode::jet(ctx, j)),
+            DecodeNode::Word(ref w) => Node(ArcNode::const_word(ctx, w.shallow_clone())),
         };
         converted.push(new);
     }
@@ -318,7 +316,8 @@ mod tests {
         let justjet = [0x6d, 0xb8, 0x80];
         // Should be able to decode this as an expression...
         let mut iter = BitIter::from(&justjet[..]);
-        decode_expression::<_, Core>(&mut iter).unwrap();
+        let ctx = types::Context::new();
+        decode_expression::<_, Core>(&ctx, &mut iter).unwrap();
         // ...but NOT as a CommitNode
         let iter = BitIter::from(&justjet[..]);
         CommitNode::<Core>::decode(iter).unwrap_err();

src/node/commit.rs

@@ -252,7 +252,8 @@ impl<J: Jet> CommitNode<J> {
         use crate::decode;
 
         // 1. Decode program with out witnesses.
-        let construct = crate::ConstructNode::decode(bits).map_err(DecodeError::Decode)?;
+        let ctx = types::Context::new();
+        let construct = crate::ConstructNode::decode(&ctx, bits).map_err(DecodeError::Decode)?;
         let program = construct.finalize_types().map_err(DecodeError::Type)?;
         // 2. Do sharing check, using incomplete IHRs
         if program.as_ref().is_shared_as::<MaxSharing<Commit<J>>>() {

src/node/construct.rs

@@ -230,24 +230,28 @@ impl<'brand, J: Jet> ConstructNode<'brand, J> {
     ///
     /// If the serialization contains the witness data, then use [`crate::RedeemNode::decode()`].
     pub fn decode<I: Iterator<Item = u8>>(
+        context: &types::Context<'brand>,
         mut bits: BitIter<I>,
     ) -> Result<Arc<Self>, crate::decode::Error> {
-        let res = crate::decode::decode_expression(&mut bits)?;
+        let res = crate::decode::decode_expression(context, &mut bits)?;
         bits.close()?;
         Ok(res)
     }
 
     #[cfg(feature = "base64")]
-    #[allow(clippy::should_implement_trait)] // returns Arc<Self>
-    pub fn from_str(s: &str) -> Result<Arc<Self>, crate::ParseError> {
+    #[allow(clippy::should_implement_trait)] // returns Arc<Self>, needs tyctx
+    pub fn from_str(
+        context: &types::Context<'brand>,
+        s: &str,
+    ) -> Result<Arc<Self>, crate::ParseError> {
         use crate::base64::engine::general_purpose;
         use crate::base64::Engine as _;
 
         let v = general_purpose::STANDARD
             .decode(s)
             .map_err(crate::ParseError::Base64)?;
         let iter = crate::BitIter::new(v.into_iter());
-        Self::decode(iter)
+        Self::decode(context, iter)
             .map_err(crate::DecodeError::Decode)
             .map_err(crate::ParseError::Decode)
     }

src/node/redeem.rs

@@ -500,7 +500,8 @@ impl<J: Jet> RedeemNode<J> {
         }
 
         // 1. Decode program without witnesses as ConstructNode
-        let construct = crate::ConstructNode::decode(program).map_err(DecodeError::Decode)?;
+        let ctx = types::Context::new();
+        let construct = crate::ConstructNode::decode(&ctx, program).map_err(DecodeError::Decode)?;
         construct
             .set_arrow_to_program()
             .map_err(DecodeError::Type)?;