-
Notifications
You must be signed in to change notification settings - Fork 211
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
functions that use .call() should be not allowed in view functions #1338
Conversation
@xermicus I don't know why there was a special case for Substrate, it may have been wrong or maybe there is a good reason. Do you know if |
No I don't know why there was a special case. I'm not aware on why it should not be permitted in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
src/sema/mutability.rs
Outdated
/// Is the function declared view, payer or default mutability | ||
can_read_state: bool, | ||
/// Is the function declared with default or payer mutability |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You used the question mark on the other questions, but not here. Please, adopt a single notation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added question marks but I think it questionable whether this improves things.
src/sema/mutability.rs
Outdated
} | ||
// We don't know if the external call will write to state, so don't give diagnostic about | ||
// function may be declared view | ||
state.may_write_state = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You've only used may_write_to_state
in a single place.
Why didn't you just reuse the does_write_to_state
? You could have renamed it to may_write_to_state
, as we are doing our best effort in this analysis.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to distinguish between does_write_state
and may_write_state
. If we have does_write_state
then the function cannot be view
or pure
. If we only have may_write_state
and !does_write_state
then view
is allowed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we don't know, why are we not assume for "the worst" and flag it as a state writing function?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The problem with that is that you cannot mark functions as view
which means you need pay for a transaction in order to call it. You don't want that in many cases. In fact, non-view
functions cannot have return values Solana/Anchor so it would not work at all.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't it the point that you can't mark them as view
, if you don't know (e.g. you can't prove to the compiler) whether they are actually view?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hopefully the comment I've added makes sense
src/sema/mutability.rs
Outdated
@@ -27,9 +27,15 @@ pub fn mutability(file_no: usize, ns: &mut Namespace) { | |||
/// While we recurse through the AST, maintain some state | |||
struct StateCheck<'a> { | |||
diagnostics: Vec<Diagnostic>, | |||
/// Does the function have an expression or statement that reads from state? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for this nitpick, but I think using an enum Mutability { Write, Read, None }
instead a bunch of bools would make for more idiomatic code overall. The struct could then just have two fields of this enum, like explicit_mutability
(explicit is what the contract defines in the code) and implicit_mutability
.
I mean its unrelated to this bugfix; I'll just leave it as suggestion if you feel like it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great idea, I've re-written it with an enum.
38bf79a
to
ceda39f
Compare
d923e5e
to
cfc65d4
Compare
…ult mutability Neither option should produce a diagnostic. Fixes hyperledger#997 Signed-off-by: Sean Young <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks a lot cleanier now, thanks!
Functions that modify the state, like the SPL-token
mint_to
, are notview
functions, but the compiler warns that they can be declared as view.Example:
Warning:
Fixes #997
Another PR will implement staticcall for Solana, which is allowed in view functions.