-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(stdlibs): add math/overflow
#1698
Conversation
overflow
stdlib
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #1698 +/- ##
=======================================
Coverage 48.25% 48.25%
=======================================
Files 408 408
Lines 62338 62338
=======================================
Hits 30081 30081
Misses 29749 29749
Partials 2508 2508 ☔ View full report in Codecov by Sentry. |
How does it compare to https://github.com/gnolang/gno/blob/master/examples/gno.land/p/demo/maths/overflow.gno? Should we remove that from the demo packages if we are making it part of the stdlib? I think it makes sense for it to only exist in one place |
Good point! I didn't realize we had this in the examples. 2 things:
|
Overflow protection seems like such a core feature of a blockchain that the package should be included our standard library, especially if they are used by other parts of the standard library. Perhaps it can live in |
We are using gnolang/overflow to check our coins in tm2 in coin.go, while the examples version package is slightly different - reference the top comment in the I've ported the It would be great if we can get some more eyes on this, since tm2 Bit of a tangent - I'm not sure what the reason for this is, but it seems running |
+1 for math/overflow. I haven't reviewed properly, so wouldn't know to advise yet on which one we should pick. Will try to take a look this week |
I think that, based on this comment in the package implementation, we should go with that code if we want to move it into the standard library. It includes a quotient bug fix and bundles the output of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some notes:
- Slightly out of scope, but please also remove
p/demo/maths/maths.gno
(superseded by packagemath
, not used anywhere) - Remove
gnovm/tests/files/maths_int8.gno
(same as what you added) - Also move
gnovm/tests/maths_int16_long.gno
to this dir, skipping it (t.Skip()
) iftesting.Short()
; you can put it in the same file asoverflow_test.gno
.- Add a comment like:
// XXX: testing.Short always returns true at time of writing, you should manually enable the tests for now
- (Note: this changes nothing from the current behaviour, as
_long
tests are never executed in the CI)
- Add a comment like:
After that, we should be good to merge.
overflow
stdlibmath/overflow
Great effort to address overflow conditions in stdlib. Note also that integer underflow is a concern. I typically see this less often while browsing code in the wild compared to overflow, but back in 2018 Tantikul and Ngamsuriyaroj scanned nearly 40k contracts from Etherscan and found a detection correlation rate between integer overflows and underflows of 0.3 in the same code contracts, so it seems to be a prevalent issue. [paper] For this reason, whenever I'm writing docs that recommend a particular approach to security, I'd rather have people use math/big by default to deal with both vuln classes, and only resort to using the overflow library if efficiency is required and underflows aren't a concern. Alternatively, we could augment this overflow library to also handle underflow conditions and throw an error for either. Thoughts? |
@kristovatlas do note that the package being added does handle the cases of underflow, as well: https://go.dev/play/p/EJy_HjxuUSG Your take on the fact that contracts should use bigints by default is interesting. There is a discussion ongoing on this regard: #764. But, I'm starting to consider that the tradeoff may be worth it if it avoids a whole class of problems, especially within the blockchian context. For what concerns this library, it'd be great if you could double-check the code and help verify especially the change to the Quotient functions (which are the only ones different from the original), and perhaps suggest a better name that conveys this libraries works for underflows, too. Then I suggest we move the conversation to #764 to determine whether we should add full support for bigint as a built-in type :) |
From the PR review call on March 14th, discussing this with @jaekwon:
|
There are currently no tests for u256 on the gnoswap side, so I'll add a test and put it on the p/demo side first :) cc: @r3v4s @dongwon8247 |
I've looked at your comments & suggestions. Can we move forward with this merge? @thehowl, once we merge this, I can update the gnolang/overflow repo to match. |
Sorry, my last comment was a little confusing. I meant that I plan to personally annotate this after merger. It is ready to be merged IMHO |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tests are failing, after that, we should be good to go.
In the |
Trying to fix the tests, I'm running into a weird issue:
So Investigating now. EDIT: for reference, I fixed the import issue by adding the missing constants to cc @Kouteki EDIT: btw, seems that |
Ok, this is the current state: Removed PR should be good to go. |
Co-authored-by: Hariom Verma <hariom18599@gmail.com>
Description
This PR ports over the overflow stdlib to Gno. The addition of this library will enable adding Coin functionality already existing in tm2's coin.go the Coin/Coins in Gno.
The tests pass fully, and the library was simply copy-pasted.
As per the conversation below, this PR also deprecates/removes the
examples/
package foroverflow
, as it makes more sense to haveoverflow
be a part of stdlibs.This will unblock #1696.
cc @thehowl
Contributors' checklist...
BREAKING CHANGE: xxx
message was included in the description