refactor(types): change account id to newtype and deprecate ValidAccountId

[austinabell]

Definitely more involved than I would have liked and it's unclear what is the best way to initialize an AccountId but here is what changes:

• Changes AccountId from a String alias to a newtype which performs the validation, JSON/borsh serialization, and other necessary interactions
• Removes ValidAccountId
  • I was planning on aliasing AccountId for this, but it caused a lot of confusing errors linking to it instead of AccountId, and should probably be removed sooner than later

This is quite a large breaking change, because using String is quite nested within everything, and interactions from ValidAccountId specifically will cause breakages with existing contracts.

closes #446

[matklad]

Suggested change

	pub fn get_status(&self, account_id: AccountId) -> Option::<String> {
	pub fn get_status(&self, account_id: AccountId) -> Option<String> {

Or is the turbofish actually required by the macro?

[austinabell]

It is required, I haven't dug into why specifically it's needed yet

[austinabell]

it's needed because of the metadata macro generation, because it calls Option::<String>::schema_container()

[mikedotexe]

Looks quite thorough. And I believe you'd addressed what Kladov has brought up. My only silly suggestion is to have the one error begin with Invalid instead of In but 🤷🏼

[frol]

Hey-hey! Node Interfaces team is working on a similar thing in nearcore (@miraclx has it in a branch state for now: near/nearcore@master...miraclx:strict-account-id-validity) and even decided to create a separate crate out of it (near-account-id), so we can merge our efforts here.

[austinabell]

Hey-hey! Node Interfaces team is working on a similar thing in nearcore (@miraclx has it in a branch state for now: near/nearcore@master...miraclx:strict-account-id-validity) and even decided to create a separate crate out of it (near-account-id), so we can merge our efforts here.

We can't use that implementation in its current state because it pulls in a few dependencies and uses regex for validation which is too bulky for the SDK (especially since an OKR for the last and upcoming quarter is minimizing contract size)

[austinabell]

Because this is such a breaking change, it'd be great to get input from others.

Also, the primary remaining design decision is if we change the underlying type to Box<[u8]> which on one hand could allow for smaller code sizes but also does not hold up the compiler guarantee that it will always be utf8 bytes. It would also require calling from_utf8 on the bytes for every reference, and I'm not sure how that gets optimized.

[frol]

We can definitely onboard this implementation as I also don't feel very good about pulling the whole regex machinery to validate the account ID format.

Have you measured the difference of Box<[u8]> vs Box<str>?

[austinabell]

We can definitely onboard this implementation as I also don't feel very good about pulling the whole regex machinery to validate the account ID format.

Have you measured the difference of Box<[u8]> vs Box<str>?

The size of memory is the same, not sure about the compiled code (as it depends a lot on the use case). I am also noticing when switching to the Boxed versions that BorshSchema is broken for them. I can look into fixing this if it's possible.

[austinabell]

@frol wrt above near/borsh-rs#36 which is just a benefit to borsh, but would allow these alternatives to be used here (I checked)

[matklad]

Looks good to me, left a whole bunch of nits, but only three serious comments:

• deriving BorshDeserialize for AccountId is wrong
• still not sure that extra conversions are worth it, but don't see anything particularly problematic there
• i don't undrestand the reason for AsRef-ing promise API

[matklad]

Why do we need cross_contract_high_level.wasm and cross_contract_low_level.wasm blobs here, and why they grew by several kbs?

[matklad]

I wonder if these unwraps are to blame for additional bloat?

[austinabell]

I'll check around the code size in a bit. Committing the wasm files was a mistake and how I built them also causes a difference on master. Definitely want to look into making it part of the CI in some way to check differences

[mikedotexe]

Agreed, and as we discussed in this morning's meeting, this is capture in #465

[austinabell]

• deriving BorshDeserialize for AccountId is wrong

Think I've addressed everything else, but curious why you think this is wrong? Any contract using the old AccountId will have the ID borsh serialized as a string, and it would be a state-breaking change when they update the SDK. What would you suggest is a better format? I don't see how string would be a bad borsh format either, or am I missing something about borsh storing more metadata for strings over byte slices?

[matklad]

why you think this is wrong?

It allows creating AccoundId which is not valid

    #[test]
    fn deser_checks_validity() {
        let r1 = "💩".parse::<AccountId>();
        assert!(r1.is_err()); // correct, 💩 is not a valid account name

        let bytes = "💩".try_to_vec().unwrap();
        let r2 = AccountId::try_from_slice(&bytes);
        let acc = r2.unwrap();
        assert_eq!(acc.as_str(), "💩") // BUG, 💩 is treated as a valid account
    }

As a rule of thumb, type's invariants should be checked in every constructor, and deserialization provides an extra constructor.

We shouldn't change serialization format, but we should add an extra validation to deserialization.

[austinabell]

As a rule of thumb, type's invariants should be checked in every constructor, and deserialization provides an extra constructor.

We shouldn't change serialization format, but we should add an extra validation to deserialization.

Ah, of course, oops