Stack manipulation opcodes - uncover and cover

[AyAggarwal]

This PR adds two opcodes.
cover: "remove top of stack, and place it down the stack such that N elements are above it",
uncover: "remove the value at depth N in the stack and shift above items down so the Nth deep value is on top of the stack"

[codecov-commenter]

Codecov Report

Merging #2541 (90e3521) into master (58fd804) will increase coverage by 0.04%.
The diff coverage is 84.00%.

@@            Coverage Diff             @@
##           master    #2541      +/-   ##
==========================================
+ Coverage   46.97%   47.01%   +0.04%     
==========================================
  Files         348      348              
  Lines       55716    55766      +50     
==========================================
+ Hits        26172    26220      +48     
+ Misses      26600    26598       -2     
- Partials     2944     2948       +4     

Impacted Files	Coverage Δ
data/transactions/logic/doc.go	82.75% <ø> (ø)
data/transactions/logic/opcodes.go	96.00% <ø> (ø)
data/transactions/logic/assembler.go	81.97% <75.00%> (-0.17%)	⬇️
data/transactions/logic/eval.go	90.70% <100.00%> (+0.09%)	⬆️
ledger/blockqueue.go	82.18% <0.00%> (-2.88%)	⬇️
catchup/service.go	70.31% <0.00%> (ø)
network/wsPeer.go	75.20% <0.00%> (+3.06%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 58fd804...90e3521. Read the comment docs.

[AyAggarwal]

Hello All, the PR build is failing due to "scripts/travis/codegen_verification.sh". Will look into this tomorrow morning (PST)

[jannotti]

I think the shifts can be done clearer and faster with copy()

[jannotti]

Cover, not dig

[jannotti]

Use lower case for locals

[AyAggarwal]

done

[AyAggarwal]

updated to use copy

[jannotti]

I'm realizing there is a tricky issue with these opcodes - normally our assembler and the Check() call try to keep track of the types on the stack. If you push an int, then a bytes, then use +, you will get an error at assembly time. (In the presence of branches, we downgrade this error to a warning).

This can only happen because each opcode (so far) only manipulates the top of the stack. The OpSpec describes that manipulation in terms of types. But these opcodes are different. They manipulate the stack deeply, and potentially change the types of many elements (the element doesn't change, but the type at a particular location does, as they all shift).

We need to figure out how that can be made to work. It might just be that they need their own check function (like the branches have) or it might be that they can explicitly manipulate the type stack during assembly. They might need both, or even more.

First step, let's get a unit test in that shows the problem. Something like:

int 4; byte "john"; int 5; cover 2; pop; +

I think this will not type check, but it is correct (if I haven't messed up).

[jdtzmn]

Mostly good, nice work on this! I left a few comments.

[jdtzmn]

It would be nice to see test cases here that check that other elements are shifted correctly

[AyAggarwal]

will add these

[algochoi]

Good work! Just very minor comments.

Based on the Travis error, maybe try running make sanity on the root folder or go fmt again?

[algochoi]

nit: topIdx

[algochoi]

nit: topIdx

I think Go convention is to camelCase local variables

[algochoi]

nit: I think this should be sv (based on the dig opcode)

[algochoi]

nit: maybe sv (based on the dig opcode)?

[jannotti]

It looks to me like all we need to do to address the type checking is to manipulate the type stack in the assemble function for cover/uncover. Currently they use asmDefault. So they'll need custom assemblers, but it should pretty much just call the default assembler, and manipulate the stack.

[jannotti]

They are byte immediates. Still, it seems as though this double cast is unneeded. I recall seeing it before, messing with it a bit, and for some reason leaving it. I can't see why, right now. In C, I guess something similar would be needed, as char is not defined to be signed or unsigned. But byte is definitely unsigned in Go, and the simple cast to int should preserve the sign because there's room in int for the entire range of byte.

…

On Mon, Jul 19, 2021 at 10:09 AM Jacob Daitzman ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In data/transactions/logic/eval.go <#2541 (comment)>: > @@ -1700,6 +1700,36 @@ func opDig(cx *evalContext) { cx.stack = append(cx.stack, sv) } +func opCover(cx *evalContext) { + depth := int(uint(cx.program[cx.pc+1])) Aren't uint64 immediates required to be non-negative? — You are receiving this because your review was requested. Reply to this email directly, view it on GitHub <#2541 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AADL7TZG4725TJYM6TFF64DTYQW2DANCNFSM5AKLPDSQ> .

[jdtzmn]

nit: fmt.Println

[jdtzmn]

Will the idx here ever be less than 0? Won't that be caught in the opCover function?

[AyAggarwal]

I believe this check occurs first, as jj said below opCover should now be sure that it has the correct size stack

[AyAggarwal]

This is actually because the arrays will create out of bounds error if you don't check here. It doesn't panic though

[jdtzmn]

Could this be shifted more cleanly using copy()?

[jannotti]

It could, but I'm to blame for setting the precedent with dig. We need cleaner helper functions for building these arrays in the type* functions. Then we can also do select, dup, dup.

[jdtzmn]

Agreed. Does it make sense to include those changes in this PR or should it be done in a separate one?

[jannotti]

I think we should do those separately. I'm still mulling over the right interface, but I think I'm imagining two things, one I'm fairly sure about, and one less so.

Fairly sure: the typeCheck functions should check the appropriate depth first, and return early if the stack is short (with an appropriately sized slice to cause checkStack to complain about length). This means the rest of the typeCheck function can assume the stack is deep enough, and it'll be easier to write the code (using copy!) that returns slices that match parts of the existing stack.

Less sure: the interface should be reworked a little so that immediates are parsed early in one place, and supplied in a structured way to the typeCheck and assemble functions. That way it only happens once, and assemble functions are no longer expected to do that parsing or error checking.

[AyAggarwal]

I agree with the first one for sure, the second point is good as well - would that still mean if a program failed in typeCheck it fails during assembly?

[jdtzmn]

This may read better if you move topIdx above idx like so:

topIdx := len(cx.stack - 1)
idx := topIdx - depth

[AyAggarwal]

good point

[jannotti]

This may not be true any more with the changes to checkStack. I think that now opCover is sure to have a big enough stack to work with.

[AyAggarwal]

good point, i'll re visit this

[jannotti]

Can you add one that panics, but just barely? In other words, confirm theres no off-by-one error by uncovering with an argument that's just one too high.

[algorandskiy]

Looks good, one more test request and a minor code style fix

[algorandskiy]

just wondering how did "pop", "dup", "dup2", "dig", "cover", "uncover" end up to be flow control

[jannotti]

I think it's because it used to only be pop and dup so we didn't create a category for stack manipulation.

[algorandskiy]

please add unvcover 0 test as an edge case test

[algorandskiy]

make it the same as prev function

Suggested change

	depth := int(cx.program[cx.pc+1])
	idx := len(cx.stack) - 1 - depth
	// Need to check stack size explicitly here because checkArgs() doesn't understand uncover
	// so we can't expect our stack to be prechecked.
	if idx < 0 {
	cx.err = fmt.Errorf("uncover %d with stack size = %d", depth, len(cx.stack))
	return
	}
	topIdx := len(cx.stack) - 1
	depth := int(cx.program[cx.pc+1])
	topIdx := len(cx.stack) - 1
	idx := topIdx - depth
	// Need to check stack size explicitly here because checkArgs() doesn't understand uncover
	// so we can't expect our stack to be prechecked.
	if idx < 0 {
	cx.err = fmt.Errorf("uncover %d with stack size = %d", depth, len(cx.stack))
	return
	}

[jannotti]

Looks good.