Add minCost parameter #295
Conversation
This is designed to support exact annex padding standardness rule by returning an OVERWEIGHT condition when the computed cost is below some minCost. Setting minCost to 0 effectively nullifies this check. Technically setting the minCost rejects programs that have a computed cost of 0, however there are no Simplicity programs that have a computed cost of 0 since every Simplicity program must contain at least one node, and hence has at least 'overhead' cost, which is 100 milliWU.
| @@ -741,15 +740,17 @@ simplicity_err simplicity_analyseBounds( ubounded *cellsBound, ubounded *UWORDBo | |||
| */ | |||
| return (maxCells < *cellsBound) ? SIMPLICITY_ERR_EXEC_MEMORY | |||
| : (maxCost < *costBound) ? SIMPLICITY_ERR_EXEC_BUDGET | |||
| : (*costBound <= minCost) ? SIMPLICITY_ERR_OVERWEIGHT | |||
There was a problem hiding this comment.
In d2c2de5:
I think we want this <= to be a <. Then both minCost and maxCost are inclusive bounds, which I think is what's implied by their names.
There was a problem hiding this comment.
I'm okay with renaming these fields, but as per the design in #290, the ranges must be non-overlapping:
Notice that the strictness of the inequalities is important if we are being exact. If the rule were instead l <= c <= b then if it were to happen that c were exactly l down to the the exact milliWU, there would be two annex sizes that would support that cost, which would add a small malleability in the allowed size of the annex.
There was a problem hiding this comment.
In the code you allow l == b while in #290 you sorta imply, but don't explicitly say, that l would be b - 1 except that because of encoding edge cases sometimes it'll have to be b - 2.
You could have just as easily used non-strict inequalities, and said that l would be b, except that because of encoding edge cases sometimes it'll have to be b - 1.
If you did that, you would be redefining l, but I think everything would still make sense. And maybe be a bit simpler to understand.
I'm fine with keeping the design as-is, matching #290, but if we do then I definitely think we should rename minCost. It could be called minCostMinusOne, or maxInvalidCost, or something. Hopefully you can think of a less ugly name.
There was a problem hiding this comment.
I allow l == b in the sense that it isn't precondition violating to pass those arguments, however if you do pass arguments such that l == b then there is no code-path that will return SIMPLICTY_OK; it will always at least either return SIMPLICITY_ERR_EXEC_MEMORY or SIMPLICITY_ERR_OVERWEIGHT (or possibly some other error if you have like type errors and such that are found first).
I allow l == b so that degenerate requests can be made without violating my precondition.
That said, I'm happy to drop that precondition and just double check that everything remains sensible when the user passes b < l.
You could have just as easily used non-strict inequalities, and said that l would be b, except that because of encoding edge cases sometimes it'll have to be b - 1.
Unfortunately no. The issues is that the API takes mincosts and maxcosts in terms of WU, but the weight calculations are done in milliWU. Obviously subtracting 1 WU is not the same as subtracting 1 milliWU.
The conversion from WU to milliWU is done on line 386. Maybe I should change variable names to note their units to make this more apparent.
There was a problem hiding this comment.
Ok, I understand!
Can you add a comment explaining that both values are in milliWU, but the granularity of the cost bounds will be in wu, where wu n is represented by the half-open interval (1000 * (n - 1), 1000 * n], and that we therefore check minCost using a strict inequality and maxCost using a <= inequality.
I think that the existing names are fine as long as you provide that intuition pump.
|
In d2c2de5: I'd also like to add a simple test, one which just takes one of the test programs and checks that it's accepted if you set |
|
fixes #290 |
I dismissed this earlier because finding an example program that is exactly a multiple of 1000 milliWU. However, since you bring it up, perhaps it is better for us to find and test such a program now, than for our adversaries to find it later. |
This is designed to support exact annex padding standardness rule by returning an OVERWEIGHT condition when the computed cost is below some minCost.
Setting minCost to 0 effectively nullifies this check.
Technically setting the minCost rejects programs that have a computed cost of 0, however there are no Simplicity programs that have a computed cost of 0 since every Simplicity program must contain at least one node, and hence has at least 'overhead' cost, which is 100 milliWU.