functions that use .call() should be not allowed in view functions #1338
Conversation
|
@xermicus I don't know why there was a special case for Substrate, it may have been wrong or maybe there is a good reason. Do you know if |
|
No I don't know why there was a special case. I'm not aware on why it should not be permitted in |
src/sema/mutability.rs
Outdated
| /// Is the function declared view, payer or default mutability | ||
| can_read_state: bool, | ||
| /// Is the function declared with default or payer mutability |
There was a problem hiding this comment.
You used the question mark on the other questions, but not here. Please, adopt a single notation.
There was a problem hiding this comment.
I've added question marks but I think it questionable whether this improves things.
src/sema/mutability.rs
Outdated
| } | ||
| // We don't know if the external call will write to state, so don't give diagnostic about | ||
| // function may be declared view | ||
| state.may_write_state = true; |
There was a problem hiding this comment.
You've only used may_write_to_state in a single place.
Why didn't you just reuse the does_write_to_state? You could have renamed it to may_write_to_state, as we are doing our best effort in this analysis.
There was a problem hiding this comment.
We need to distinguish between does_write_state and may_write_state. If we have does_write_state then the function cannot be view or pure. If we only have may_write_state and !does_write_state then view is allowed.
There was a problem hiding this comment.
If we don't know, why are we not assume for "the worst" and flag it as a state writing function?
There was a problem hiding this comment.
The problem with that is that you cannot mark functions as view which means you need pay for a transaction in order to call it. You don't want that in many cases. In fact, non-view functions cannot have return values Solana/Anchor so it would not work at all.
There was a problem hiding this comment.
Isn't it the point that you can't mark them as view, if you don't know (e.g. you can't prove to the compiler) whether they are actually view?
There was a problem hiding this comment.
Hopefully the comment I've added makes sense
src/sema/mutability.rs
Outdated
| @@ -27,9 +27,15 @@ pub fn mutability(file_no: usize, ns: &mut Namespace) { | |||
| /// While we recurse through the AST, maintain some state | |||
| struct StateCheck<'a> { | |||
| diagnostics: Vec<Diagnostic>, | |||
| /// Does the function have an expression or statement that reads from state? | |||
There was a problem hiding this comment.
Sorry for this nitpick, but I think using an enum Mutability { Write, Read, None } instead a bunch of bools would make for more idiomatic code overall. The struct could then just have two fields of this enum, like explicit_mutability (explicit is what the contract defines in the code) and implicit_mutability.
I mean its unrelated to this bugfix; I'll just leave it as suggestion if you feel like it
There was a problem hiding this comment.
Great idea, I've re-written it with an enum.
seanyoung
force-pushed
the
view-call
branch
6 times, most recently
from
38bf79a
to
ceda39f
Compare
seanyoung
force-pushed
the
view-call
branch
2 times, most recently
from
d923e5e
to
cfc65d4
Compare
seanyoung
changed the title
…ult mutability Neither option should produce a diagnostic. Fixes hyperledger#997 Signed-off-by: Sean Young <[email protected]>
Functions that modify the state, like the SPL-token
mint_to, are notviewfunctions, but the compiler warns that they can be declared as view.Example:
Warning:
Fixes #997
Another PR will implement staticcall for Solana, which is allowed in view functions.