Use signed 256-bit integer for sstore gas refund substate #9746
Conversation
sorpaas
added
A0-pleasereview 🤓
ethcore/src/signed.rs
Outdated
| fn add_assign(&mut self, other: U256) { | ||
| match self.0 { | ||
| Sign::Positive => { | ||
| self.1 += other; |
There was a problem hiding this comment.
should we care about overflows/panics here (and in other cases/SubAssign)?
5chdn
added
the
B9-blocker 🚧
ethcore/src/executive.rs
Outdated
| @@ -1091,7 +1091,8 @@ impl<'a, B: 'a + StateBackend> Executive<'a, B> { | |||
| let schedule = self.schedule; | |||
|
|
|||
| // refunds from SSTORE nonzero -> zero | |||
| let sstore_refunds = substate.sstore_clears_refund; | |||
| assert!(substate.sstore_clears_refund.is_nonnegative(), "On transaction level, sstore clears refund cannot go below zero."); | |||
There was a problem hiding this comment.
Setting to 0 in case of negative plus a trace could be another way to do it.
There was a problem hiding this comment.
I would rather panic here -- our recent experience shows that it's easier to find consensus bug this way, and if negative ever happens (which we do have some informal proof that it shouldn't), then the network is broken anyway!
ethcore/src/signed.rs
Outdated
|
|
||
| /// Representation of a signed 256-bit integer. | ||
| #[derive(Copy, Clone, Eq, PartialEq, Debug)] | ||
| pub struct I256(Sign, U256); |
There was a problem hiding this comment.
I would not call it I256 but U256_And_Signed or anything that shows that we are not on 256bit only.
| @@ -1091,7 +1091,8 @@ impl<'a, B: 'a + StateBackend> Executive<'a, B> { | |||
| let schedule = self.schedule; | |||
|
|
|||
| // refunds from SSTORE nonzero -> zero | |||
| let sstore_refunds = substate.sstore_clears_refund; | |||
| assert!(substate.sstore_clears_refund >= 0, "On transaction level, sstore clears refund cannot go below zero."); | |||
| let sstore_refunds = U256::from(substate.sstore_clears_refund as u64); | |||
There was a problem hiding this comment.
i128::max_value() as u64 == u64::max_value(), and we checked above that it's always non-negative.
|
Seems good using i128, but I would also switch sstore_refund and others usize parameters to explicit u64. |
|
@cheme The issue is that all our gas definitions use |
|
@sorpaas yes it may be to much a change for this pr and is not strictly required (but it is something I am considering for instance if we want at sometime to compile the interpreter to wasm this usize definition is problematic). |
* Add signed refund * Use signed 256-bit integer for sstore gas refund substate * Fix tests * Remove signed mod and use i128 directly * Fix evm test case casting * Fix jsontests ext signature
* Add signed refund * Use signed 256-bit integer for sstore gas refund substate * Fix tests * Remove signed mod and use i128 directly * Fix evm test case casting * Fix jsontests ext signature
* parity-version: mark 2.0.8 stable as critical * Use signed 256-bit integer for sstore gas refund substate (#9746) * Add signed refund * Use signed 256-bit integer for sstore gas refund substate * Fix tests * Remove signed mod and use i128 directly * Fix evm test case casting * Fix jsontests ext signature * Add --force to cargo audit install script (#9735) * heads ref not present for branches beta and stable (#9741) * aura: fix panic on extra_info with unsealed block (#9755) * aura: fix panic when unsealed block passed to extra_info * aura: use hex formatting for EmptyStep hashes * aura: add test for extra_info
* parity-version: mark 2.1.3 beta as critical * Use signed 256-bit integer for sstore gas refund substate (#9746) * Add signed refund * Use signed 256-bit integer for sstore gas refund substate * Fix tests * Remove signed mod and use i128 directly * Fix evm test case casting * Fix jsontests ext signature * Add --force to cargo audit install script (#9735) * heads ref not present for branches beta and stable (#9741) * aura: fix panic on extra_info with unsealed block (#9755) * aura: fix panic when unsealed block passed to extra_info * aura: use hex formatting for EmptyStep hashes * aura: add test for extra_info
While the overall transaction sstore gas refund cannot go below zero, on an individual execution frame it can. This replaces
saturating_subby a signed integer version to fix the issue.