cerc-io/lighthouse
16
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Use checked arithmetic in types and state proc (#1009)

Browse Source
This commit is contained in:
Michael Sproul 2020-04-20 12:35:11 +10:00 committed by GitHub
parent 50ef0d7fbf
commit 32074f0d09
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
49 changed files with 525 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.github/workflows/test-suite.yml vendored
View File

@ -65,3 +65,10 @@ jobs:
- uses: actions/checkout@v1
- name: Typecheck benchmark code without running it
run: make check-benches
clippy:
runs-on: ubuntu-latest
needs: cargo-fmt
steps:
- uses: actions/checkout@v1
- name: Lint code for quality and style with Clippy
run: make lint

8
Cargo.lock generated
View File

@ -226,6 +226,7 @@ dependencies = [
"proto_array_fork_choice 0.1.0",
"rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)",
"rayon 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
"safe_arith 0.1.0",
"serde 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_derive 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_json 1.0.44 (registry+https://github.com/rust-lang/crates.io-index)",
@ -2498,6 +2499,7 @@ dependencies = [
"lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
"quickcheck 0.9.2 (registry+https://github.com/rust-lang/crates.io-index)",
"quickcheck_macros 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)",
"safe_arith 0.1.0",
]
[[package]]
@ -3524,6 +3526,10 @@ name = "ryu"
version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
[[package]]
name = "safe_arith"
version = "0.1.0"
[[package]]
name = "safemem"
version = "0.3.3"
@ -3941,6 +3947,7 @@ dependencies = [
"log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
"merkle_proof 0.1.0",
"rayon 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
"safe_arith 0.1.0",
"serde 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_derive 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_yaml 0.8.11 (registry+https://github.com/rust-lang/crates.io-index)",
@ -4543,6 +4550,7 @@ dependencies = [
"rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)",
"rand_xorshift 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
"rayon 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
"safe_arith 0.1.0",
"serde 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_derive 1.0.104 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_json 1.0.44 (registry+https://github.com/rust-lang/crates.io-index)",

1
Cargo.toml
View File

@ -16,6 +16,7 @@ members = [
"eth2/utils/lighthouse_metrics",
"eth2/utils/merkle_proof",
"eth2/utils/int_to_bytes",
"eth2/utils/safe_arith",
"eth2/utils/serde_hex",
"eth2/utils/slot_clock",
"eth2/utils/ssz",

5
Makefile
View File

@ -41,6 +41,11 @@ test: test-release
# Runs the entire test suite, downloading test vectors if required.
test-full: cargo-fmt test-release test-debug test-ef
# Lints the code for bad style and potentially unsafe arithmetic using Clippy.
# Clippy lints are opt-in per-crate for now, which is why we allow all by default.
lint:
cargo clippy --all -- -A clippy::all
# Runs the makefile in the `ef_tests` repo.
#
# May download and extract an archive of test vectors from the ethereum

1
beacon_node/beacon_chain/Cargo.toml
View File

@ -42,6 +42,7 @@ rand = "0.7.2"
proto_array_fork_choice = { path = "../../eth2/proto_array_fork_choice" }
lru = "0.4.3"
tempfile = "3.1.0"
safe_arith = { path = "../../eth2/utils/safe_arith" }
[dev-dependencies]
lazy_static = "1.4.0"

10
beacon_node/beacon_chain/src/eth1_chain.rs
View File

@ -45,6 +45,14 @@ pub enum Error {
///
/// The eth1 caches are stale, or a junk value was voted into the chain.
UnknownPreviousEth1BlockHash,
/// An arithmetic error occurred.
ArithError(safe_arith::ArithError),
}
impl From<safe_arith::ArithError> for Error {
fn from(e: safe_arith::ArithError) -> Self {
Self::ArithError(e)
}
}
#[derive(Encode, Decode, Clone)]
@ -369,7 +377,7 @@ impl<T: EthSpec, S: Store<T>> Eth1ChainBackend<T, S> for CachingEth1Backend<T, S
_spec: &ChainSpec,
) -> Result<Vec<Deposit>, Error> {
let deposit_index = state.eth1_deposit_index;
let deposit_count = if let Some(new_eth1_data) = get_new_eth1_data(state, eth1_data_vote) {
let deposit_count = if let Some(new_eth1_data) = get_new_eth1_data(state, eth1_data_vote)? {
new_eth1_data.deposit_count
} else {
state.eth1_data.deposit_count

3
beacon_node/genesis/src/eth1_genesis_service.rs
View File

@ -383,7 +383,8 @@ impl Eth1GenesisService {
.map_err(|e| format!("Error whilst processing deposit: {:?}", e))
})?;
process_activations(&mut local_state, spec);
process_activations(&mut local_state, spec)
.map_err(|e| format!("Error whilst processing activations: {:?}", e))?;
let is_valid = is_valid_genesis_state(&local_state, spec);
trace!(

1
eth2/state_processing/Cargo.toml
View File

@ -27,6 +27,7 @@ eth2_ssz = "0.1.2"
eth2_ssz_types = { path = "../utils/ssz_types" }
merkle_proof = { path = "../utils/merkle_proof" }
log = "0.4.8"
safe_arith = { path = "../utils/safe_arith" }
tree_hash = "0.1.0"
tree_hash_derive = "0.2"
types = { path = "../types" }

3
eth2/state_processing/src/common/deposit_data_tree.rs
View File

@ -1,6 +1,7 @@
use eth2_hashing::hash;
use int_to_bytes::int_to_bytes32;
use merkle_proof::{MerkleTree, MerkleTreeError};
use safe_arith::SafeArith;
use types::Hash256;
/// Emulates the eth1 deposit contract merkle tree.
@ -46,7 +47,7 @@ impl DepositDataTree {
/// Add a deposit to the merkle tree.
pub fn push_leaf(&mut self, leaf: Hash256) -> Result<(), MerkleTreeError> {
self.tree.push_leaf(leaf, self.depth)?;
self.mix_in_length += 1;
self.mix_in_length.increment()?;
Ok(())
}
}

11
eth2/state_processing/src/common/get_base_reward.rs
View File

@ -1,4 +1,5 @@
use integer_sqrt::IntegerSquareRoot;
use safe_arith::SafeArith;
use types::*;
/// Returns the base reward for some validator.
@ -14,10 +15,10 @@ pub fn get_base_reward<T: EthSpec>(
if total_active_balance == 0 {
Ok(0)
} else {
Ok(
state.get_effective_balance(index, spec)? * spec.base_reward_factor
/ total_active_balance.integer_sqrt()
/ spec.base_rewards_per_epoch,
)
Ok(state
.get_effective_balance(index, spec)?
.safe_mul(spec.base_reward_factor)?
.safe_div(total_active_balance.integer_sqrt())?
.safe_div(spec.base_rewards_per_epoch)?)
}
}

12
eth2/state_processing/src/common/slash_validator.rs
View File

@ -1,4 +1,5 @@
use crate::common::initiate_validator_exit;
use safe_arith::SafeArith;
use std::cmp;
use types::{BeaconStateError as Error, *};
@ -27,18 +28,21 @@ pub fn slash_validator<T: EthSpec>(
let validator_effective_balance = state.get_effective_balance(slashed_index, spec)?;
state.set_slashings(
epoch,
state.get_slashings(epoch)? + validator_effective_balance,
state
.get_slashings(epoch)?
.safe_add(validator_effective_balance)?,
)?;
safe_sub_assign!(
state.balances[slashed_index],
validator_effective_balance / spec.min_slashing_penalty_quotient
validator_effective_balance.safe_div(spec.min_slashing_penalty_quotient)?
);
// Apply proposer and whistleblower rewards
let proposer_index = state.get_beacon_proposer_index(state.slot, spec)?;
let whistleblower_index = opt_whistleblower_index.unwrap_or(proposer_index);
let whistleblower_reward = validator_effective_balance / spec.whistleblower_reward_quotient;
let proposer_reward = whistleblower_reward / spec.proposer_reward_quotient;
let whistleblower_reward =
validator_effective_balance.safe_div(spec.whistleblower_reward_quotient)?;
let proposer_reward = whistleblower_reward.safe_div(spec.proposer_reward_quotient)?;
safe_add_assign!(state.balances[proposer_index], proposer_reward);
safe_add_assign!(

16
eth2/state_processing/src/genesis.rs
View File

@ -1,5 +1,6 @@
use super::per_block_processing::{errors::BlockProcessingError, process_deposit};
use crate::common::DepositDataTree;
use safe_arith::SafeArith;
use tree_hash::TreeHash;
use types::DEPOSIT_TREE_DEPTH;
use types::*;
@ -14,8 +15,9 @@ pub fn initialize_beacon_state_from_eth1<T: EthSpec>(
deposits: Vec<Deposit>,
spec: &ChainSpec,
) -> Result<BeaconState<T>, BlockProcessingError> {
let genesis_time =
eth1_timestamp - eth1_timestamp % spec.min_genesis_delay + 2 * spec.min_genesis_delay;
let genesis_time = eth1_timestamp
.safe_sub(eth1_timestamp.safe_rem(spec.min_genesis_delay)?)?
.safe_add(2.safe_mul(spec.min_genesis_delay)?)?;
let eth1_data = Eth1Data {
// Temporary deposit root
deposit_root: Hash256::zero(),
@ -37,7 +39,7 @@ pub fn initialize_beacon_state_from_eth1<T: EthSpec>(
process_deposit(&mut state, &deposit, spec, true)?;
}
process_activations(&mut state, spec);
process_activations(&mut state, spec)?;
// Now that we have our validators, initialize the caches (including the committees)
state.build_all_caches(spec)?;
@ -60,11 +62,14 @@ pub fn is_valid_genesis_state<T: EthSpec>(state: &BeaconState<T>, spec: &ChainSp
/// Activate genesis validators, if their balance is acceptable.
///
/// Spec v0.11.1
pub fn process_activations<T: EthSpec>(state: &mut BeaconState<T>, spec: &ChainSpec) {
pub fn process_activations<T: EthSpec>(
state: &mut BeaconState<T>,
spec: &ChainSpec,
) -> Result<(), Error> {
for (index, validator) in state.validators.iter_mut().enumerate() {
let balance = state.balances[index];
validator.effective_balance = std::cmp::min(
balance - balance % spec.effective_balance_increment,
balance.safe_sub(balance.safe_rem(spec.effective_balance_increment)?)?,
spec.max_effective_balance,
);
if validator.effective_balance == spec.max_effective_balance {
@ -72,4 +77,5 @@ pub fn process_activations<T: EthSpec>(state: &mut BeaconState<T>, spec: &ChainS
validator.activation_epoch = T::genesis_epoch();
}
}
Ok(())
}

2
eth2/state_processing/src/lib.rs
View File

@ -1,3 +1,5 @@
#![deny(clippy::integer_arithmetic)]
#[macro_use]
mod macros;

29
eth2/state_processing/src/per_block_processing.rs
View File

@ -1,6 +1,7 @@
use crate::common::{initiate_validator_exit, slash_validator};
use errors::{BlockOperationError, BlockProcessingError, HeaderInvalid, IntoWithIndex};
use rayon::prelude::*;
use safe_arith::{ArithError, SafeArith};
use signature_sets::{block_proposal_signature_set, get_pubkey_from_state, randao_signature_set};
use std::convert::TryInto;
use tree_hash::TreeHash;
@ -239,7 +240,7 @@ pub fn process_eth1_data<T: EthSpec>(
state: &mut BeaconState<T>,
eth1_data: &Eth1Data,
) -> Result<(), Error> {
if let Some(new_eth1_data) = get_new_eth1_data(state, eth1_data) {
if let Some(new_eth1_data) = get_new_eth1_data(state, eth1_data)? {
state.eth1_data = new_eth1_data;
}
@ -248,14 +249,14 @@ pub fn process_eth1_data<T: EthSpec>(
Ok(())
}
/// Returns `Some(eth1_data)` if adding the given `eth1_data` to `state.eth1_data_votes` would
/// Returns `Ok(Some(eth1_data))` if adding the given `eth1_data` to `state.eth1_data_votes` would
/// result in a change to `state.eth1_data`.
///
/// Spec v0.11.1
pub fn get_new_eth1_data<T: EthSpec>(
state: &BeaconState<T>,
eth1_data: &Eth1Data,
) -> Option<Eth1Data> {
) -> Result<Option<Eth1Data>, ArithError> {
let num_votes = state
.eth1_data_votes
.iter()
@ -263,10 +264,10 @@ pub fn get_new_eth1_data<T: EthSpec>(
.count();
// The +1 is to account for the `eth1_data` supplied to the function.
if 2 * (num_votes + 1) > T::SlotsPerEth1VotingPeriod::to_usize() {
Some(eth1_data.clone())
if num_votes.safe_add(1)?.safe_mul(2)? > T::SlotsPerEth1VotingPeriod::to_usize() {
Ok(Some(eth1_data.clone()))
} else {
None
Ok(None)
}
}
@ -318,7 +319,8 @@ pub fn process_attester_slashings<T: EthSpec>(
) -> Result<(), BlockProcessingError> {
// Verify the `IndexedAttestation`s in parallel (these are the resource-consuming objects, not
// the `AttesterSlashing`s themselves).
let mut indexed_attestations: Vec<&_> = Vec::with_capacity(attester_slashings.len() * 2);
let mut indexed_attestations: Vec<&_> =
Vec::with_capacity(attester_slashings.len().safe_mul(2)?);
for attester_slashing in attester_slashings {
indexed_attestations.push(&attester_slashing.attestation_1);
indexed_attestations.push(&attester_slashing.attestation_2);
@ -432,8 +434,13 @@ pub fn process_deposits<T: EthSpec>(
.par_iter()
.enumerate()
.try_for_each(|(i, deposit)| {
verify_deposit_merkle_proof(state, deposit, state.eth1_deposit_index + i as u64, spec)
.map_err(|e| e.into_with_index(i))
verify_deposit_merkle_proof(
state,
deposit,
state.eth1_deposit_index.safe_add(i as u64)?,
spec,
)
.map_err(|e| e.into_with_index(i))
})?;
// Update the state in series.
@ -459,7 +466,7 @@ pub fn process_deposit<T: EthSpec>(
.map_err(|e| e.into_with_index(deposit_index))?;
}
state.eth1_deposit_index += 1;
state.eth1_deposit_index.increment()?;
// Ensure the state's pubkey cache is fully up-to-date, it will be used to check to see if the
// depositing validator already exists in the registry.
@ -495,7 +502,7 @@ pub fn process_deposit<T: EthSpec>(
exit_epoch: spec.far_future_epoch,
withdrawable_epoch: spec.far_future_epoch,
effective_balance: std::cmp::min(
amount - amount % spec.effective_balance_increment,
amount.safe_sub(amount.safe_rem(spec.effective_balance_increment)?)?,
spec.max_effective_balance,
),
slashed: false,

2
eth2/state_processing/src/per_block_processing/block_signature_verifier.rs
View File

@ -1,3 +1,5 @@
#![allow(clippy::integer_arithmetic)]
use super::signature_sets::{Error as SignatureSetError, Result as SignatureSetResult, *};
use crate::common::get_indexed_attestation;

20
eth2/state_processing/src/per_block_processing/errors.rs
View File

@ -1,9 +1,10 @@
use super::signature_sets::Error as SignatureSetError;
use merkle_proof::MerkleTreeError;
use safe_arith::ArithError;
use types::*;
/// The error returned from the `per_block_processing` function. Indicates that a block is either
/// invalid, or we were unable to determine it's validity (we encountered an unexpected error).
/// invalid, or we were unable to determine its validity (we encountered an unexpected error).
///
/// Any of the `...Error` variants indicate that at some point during block (and block operation)
/// verification, there was an error. There is no indication as to _where_ that error happened
@ -48,6 +49,7 @@ pub enum BlockProcessingError {
SignatureSetError(SignatureSetError),
SszTypesError(ssz_types::Error),
MerkleTreeError(MerkleTreeError),
ArithError(ArithError),
}
impl From<BeaconStateError> for BlockProcessingError {
@ -68,6 +70,12 @@ impl From<ssz_types::Error> for BlockProcessingError {
}
}
impl From<ArithError> for BlockProcessingError {
fn from(e: ArithError) -> Self {
BlockProcessingError::ArithError(e)
}
}
impl From<BlockOperationError<HeaderInvalid>> for BlockProcessingError {
fn from(e: BlockOperationError<HeaderInvalid>) -> BlockProcessingError {
match e {
@ -75,6 +83,7 @@ impl From<BlockOperationError<HeaderInvalid>> for BlockProcessingError {
BlockOperationError::BeaconStateError(e) => BlockProcessingError::BeaconStateError(e),
BlockOperationError::SignatureSetError(e) => BlockProcessingError::SignatureSetError(e),
BlockOperationError::SszTypesError(e) => BlockProcessingError::SszTypesError(e),
BlockOperationError::ArithError(e) => BlockProcessingError::ArithError(e),
}
}
}
@ -101,6 +110,7 @@ macro_rules! impl_into_block_processing_error_with_index {
BlockOperationError::BeaconStateError(e) => BlockProcessingError::BeaconStateError(e),
BlockOperationError::SignatureSetError(e) => BlockProcessingError::SignatureSetError(e),
BlockOperationError::SszTypesError(e) => BlockProcessingError::SszTypesError(e),
BlockOperationError::ArithError(e) => BlockProcessingError::ArithError(e),
}
}
}
@ -130,6 +140,7 @@ pub enum BlockOperationError<T> {
BeaconStateError(BeaconStateError),
SignatureSetError(SignatureSetError),
SszTypesError(ssz_types::Error),
ArithError(ArithError),
}
impl<T> BlockOperationError<T> {
@ -155,6 +166,12 @@ impl<T> From<ssz_types::Error> for BlockOperationError<T> {
}
}
impl<T> From<ArithError> for BlockOperationError<T> {
fn from(e: ArithError) -> Self {
BlockOperationError::ArithError(e)
}
}
#[derive(Debug, PartialEq, Clone)]
pub enum HeaderInvalid {
ProposalSignatureInvalid,
@ -265,6 +282,7 @@ impl From<BlockOperationError<IndexedAttestationInvalid>>
BlockOperationError::BeaconStateError(e) => BlockOperationError::BeaconStateError(e),
BlockOperationError::SignatureSetError(e) => BlockOperationError::SignatureSetError(e),
BlockOperationError::SszTypesError(e) => BlockOperationError::SszTypesError(e),
BlockOperationError::ArithError(e) => BlockOperationError::ArithError(e),
}
}
}

3
eth2/state_processing/src/per_block_processing/verify_deposit.rs
View File

@ -3,6 +3,7 @@ use crate::per_block_processing::signature_sets::{
deposit_pubkey_signature_message, deposit_signature_set,
};
use merkle_proof::verify_merkle_proof;
use safe_arith::SafeArith;
use tree_hash::TreeHash;
use types::*;
@ -59,7 +60,7 @@ pub fn verify_deposit_merkle_proof<T: EthSpec>(
verify_merkle_proof(
leaf,
&deposit.proof[..],
spec.deposit_contract_tree_depth as usize + 1,
spec.deposit_contract_tree_depth.safe_add(1)? as usize,
deposit_index as usize,
state.eth1_data.deposit_root,
),

33
eth2/state_processing/src/per_epoch_processing.rs
View File

@ -1,4 +1,5 @@
use errors::EpochProcessingError as Error;
use safe_arith::SafeArith;
use tree_hash::TreeHash;
use types::*;
@ -90,7 +91,11 @@ pub fn process_justification_and_finalization<T: EthSpec>(
state.previous_justified_checkpoint = state.current_justified_checkpoint.clone();
state.justification_bits.shift_up(1)?;
if total_balances.previous_epoch_target_attesters() * 3 >= total_balances.current_epoch() * 2 {
if total_balances
.previous_epoch_target_attesters()
.safe_mul(3)?
>= total_balances.current_epoch().safe_mul(2)?
{
state.current_justified_checkpoint = Checkpoint {
epoch: previous_epoch,
root: *state.get_block_root_at_epoch(previous_epoch)?,
@ -98,7 +103,11 @@ pub fn process_justification_and_finalization<T: EthSpec>(
state.justification_bits.set(1, true)?;
}
// If the current epoch gets justified, fill the last bit.
if total_balances.current_epoch_target_attesters() * 3 >= total_balances.current_epoch() * 2 {
if total_balances
.current_epoch_target_attesters()
.safe_mul(3)?
>= total_balances.current_epoch().safe_mul(2)?
{
state.current_justified_checkpoint = Checkpoint {
epoch: current_epoch,
root: *state.get_block_root_at_epoch(current_epoch)?,
@ -152,17 +161,19 @@ pub fn process_final_updates<T: EthSpec>(
}
// Update effective balances with hysteresis (lag).
let hysteresis_increment = spec.effective_balance_increment / spec.hysteresis_quotient;
let downward_threshold = hysteresis_increment * spec.hysteresis_downward_multiplier;
let upward_threshold = hysteresis_increment * spec.hysteresis_upward_multiplier;
let hysteresis_increment = spec
.effective_balance_increment
.safe_div(spec.hysteresis_quotient)?;
let downward_threshold = hysteresis_increment.safe_mul(spec.hysteresis_downward_multiplier)?;
let upward_threshold = hysteresis_increment.safe_mul(spec.hysteresis_upward_multiplier)?;
for (index, validator) in state.validators.iter_mut().enumerate() {
let balance = state.balances[index];
if balance + downward_threshold < validator.effective_balance
|| validator.effective_balance + upward_threshold < balance
if balance.safe_add(downward_threshold)? < validator.effective_balance
|| validator.effective_balance.safe_add(upward_threshold)? < balance
{
validator.effective_balance = std::cmp::min(
balance - balance % spec.effective_balance_increment,
balance.safe_sub(balance.safe_rem(spec.effective_balance_increment)?)?,
spec.max_effective_balance,
);
}
@ -175,7 +186,11 @@ pub fn process_final_updates<T: EthSpec>(
state.set_randao_mix(next_epoch, *state.get_randao_mix(current_epoch)?)?;
// Set historical root accumulator
if next_epoch.as_u64() % (T::SlotsPerHistoricalRoot::to_u64() / T::slots_per_epoch()) == 0 {
if next_epoch
.as_u64()
.safe_rem(T::SlotsPerHistoricalRoot::to_u64().safe_div(T::slots_per_epoch())?)?
== 0
{
let historical_batch = state.historical_batch();
state
.historical_roots

98
eth2/state_processing/src/per_epoch_processing/apply_rewards.rs
View File

@ -1,6 +1,7 @@
use super::super::common::get_base_reward;
use super::validator_statuses::{TotalBalances, ValidatorStatus, ValidatorStatuses};
use super::Error;
use safe_arith::SafeArith;
use types::*;
@ -13,21 +14,21 @@ pub struct Delta {
impl Delta {
/// Reward the validator with the `reward`.
pub fn reward(&mut self, reward: u64) {
self.rewards += reward;
pub fn reward(&mut self, reward: u64) -> Result<(), Error> {
self.rewards = self.rewards.safe_add(reward)?;
Ok(())
}
/// Penalize the validator with the `penalty`.
pub fn penalize(&mut self, penalty: u64) {
self.penalties += penalty;
pub fn penalize(&mut self, penalty: u64) -> Result<(), Error> {
self.penalties = self.penalties.safe_add(penalty)?;
Ok(())
}
}
impl std::ops::AddAssign for Delta {
/// Use wrapping addition as that is how it's defined in the spec.
fn add_assign(&mut self, other: Delta) {
self.rewards += other.rewards;
self.penalties += other.penalties;
/// Combine two deltas.
fn combine(&mut self, other: Delta) -> Result<(), Error> {
self.reward(other.rewards)?;
self.penalize(other.penalties)
}
}
@ -56,9 +57,10 @@ pub fn process_rewards_and_penalties<T: EthSpec>(
get_proposer_deltas(&mut deltas, state, validator_statuses, spec)?;
// Apply the deltas, over-flowing but not under-flowing (saturating at 0 instead).
// Apply the deltas, erroring on overflow above but not on overflow below (saturating at 0
// instead).
for (i, delta) in deltas.iter().enumerate() {
state.balances[i] += delta.rewards;
state.balances[i] = state.balances[i].safe_add(delta.rewards)?;
state.balances[i] = state.balances[i].saturating_sub(delta.penalties);
}
@ -91,7 +93,8 @@ fn get_proposer_deltas<T: EthSpec>(
return Err(Error::ValidatorStatusesInconsistent);
}
deltas[inclusion.proposer_index].reward(base_reward / spec.proposer_reward_quotient);
deltas[inclusion.proposer_index]
.reward(base_reward.safe_div(spec.proposer_reward_quotient)?)?;
}
}
@ -123,9 +126,9 @@ fn get_attestation_deltas<T: EthSpec>(
base_reward,
finality_delay,
spec,
);
)?;
deltas[index] += delta;
deltas[index].combine(delta)?;
}
Ok(())
@ -140,7 +143,7 @@ fn get_attestation_delta<T: EthSpec>(
base_reward: u64,
finality_delay: u64,
spec: &ChainSpec,
) -> Delta {
) -> Result<Delta, Error> {
let mut delta = Delta::default();
// Is this validator eligible to be rewarded or penalized?
@ -149,7 +152,7 @@ fn get_attestation_delta<T: EthSpec>(
|| (validator.is_slashed && !validator.is_withdrawable_in_current_epoch);
if !is_eligible {
return delta;
return Ok(delta);
}
// Handle integer overflow by dividing these quantities by EFFECTIVE_BALANCE_INCREMENT
@ -157,59 +160,78 @@ fn get_attestation_delta<T: EthSpec>(
// - increment = EFFECTIVE_BALANCE_INCREMENT
// - reward_numerator = get_base_reward(state, index) * (attesting_balance // increment)
// - rewards[index] = reward_numerator // (total_balance // increment)
let total_balance_ebi = total_balances.current_epoch() / spec.effective_balance_increment;
let total_attesting_balance_ebi =
total_balances.previous_epoch_attesters() / spec.effective_balance_increment;
let matching_target_balance_ebi =
total_balances.previous_epoch_target_attesters() / spec.effective_balance_increment;
let matching_head_balance_ebi =
total_balances.previous_epoch_head_attesters() / spec.effective_balance_increment;
let total_balance_ebi = total_balances
.current_epoch()
.safe_div(spec.effective_balance_increment)?;
let total_attesting_balance_ebi = total_balances
.previous_epoch_attesters()
.safe_div(spec.effective_balance_increment)?;
let matching_target_balance_ebi = total_balances
.previous_epoch_target_attesters()
.safe_div(spec.effective_balance_increment)?;
let matching_head_balance_ebi = total_balances
.previous_epoch_head_attesters()
.safe_div(spec.effective_balance_increment)?;
// Expected FFG source.
// Spec:
// - validator index in `get_unslashed_attesting_indices(state, matching_source_attestations)`
if validator.is_previous_epoch_attester && !validator.is_slashed {
delta.reward(base_reward * total_attesting_balance_ebi / total_balance_ebi);
delta.reward(
base_reward
.safe_mul(total_attesting_balance_ebi)?
.safe_div(total_balance_ebi)?,
)?;
// Inclusion speed bonus
let proposer_reward = base_reward / spec.proposer_reward_quotient;
let max_attester_reward = base_reward - proposer_reward;
let proposer_reward = base_reward.safe_div(spec.proposer_reward_quotient)?;
let max_attester_reward = base_reward.safe_sub(proposer_reward)?;
let inclusion = validator
.inclusion_info
.expect("It is a logic error for an attester not to have an inclusion delay.");
delta.reward(max_attester_reward / inclusion.delay);
delta.reward(max_attester_reward.safe_div(inclusion.delay)?)?;
} else {
delta.penalize(base_reward);
delta.penalize(base_reward)?;
}
// Expected FFG target.
// Spec:
// - validator index in `get_unslashed_attesting_indices(state, matching_target_attestations)`
if validator.is_previous_epoch_target_attester && !validator.is_slashed {
delta.reward(base_reward * matching_target_balance_ebi / total_balance_ebi);
delta.reward(
base_reward
.safe_mul(matching_target_balance_ebi)?
.safe_div(total_balance_ebi)?,
)?;
} else {
delta.penalize(base_reward);
delta.penalize(base_reward)?;
}
// Expected head.
// Spec:
// - validator index in `get_unslashed_attesting_indices(state, matching_head_attestations)`
if validator.is_previous_epoch_head_attester && !validator.is_slashed {
delta.reward(base_reward * matching_head_balance_ebi / total_balance_ebi);
delta.reward(
base_reward
.safe_mul(matching_head_balance_ebi)?
.safe_div(total_balance_ebi)?,
)?;
} else {
delta.penalize(base_reward);
delta.penalize(base_reward)?;
}
// Inactivity penalty
if finality_delay > spec.min_epochs_to_inactivity_penalty {
// All eligible validators are penalized
delta.penalize(spec.base_rewards_per_epoch * base_reward);
delta.penalize(spec.base_rewards_per_epoch.safe_mul(base_reward)?)?;
// Additionally, all validators whose FFG target didn't match are penalized extra
if !validator.is_previous_epoch_target_attester {
delta.penalize(
validator.current_epoch_effective_balance * finality_delay
/ spec.inactivity_penalty_quotient,
);
validator
.current_epoch_effective_balance
.safe_mul(finality_delay)?
.safe_div(spec.inactivity_penalty_quotient)?,
)?;
}
}
@ -218,5 +240,5 @@ fn get_attestation_delta<T: EthSpec>(
// This function only computes the delta for a single validator, so it cannot also return a
// delta for a validator.
delta
Ok(delta)
}

7
eth2/state_processing/src/per_epoch_processing/errors.rs
View File

@ -18,6 +18,7 @@ pub enum EpochProcessingError {
BeaconStateError(BeaconStateError),
InclusionError(InclusionError),
SszTypesError(ssz_types::Error),
ArithError(safe_arith::ArithError),
}
impl From<InclusionError> for EpochProcessingError {
@ -38,6 +39,12 @@ impl From<ssz_types::Error> for EpochProcessingError {
}
}
impl From<safe_arith::ArithError> for EpochProcessingError {
fn from(e: safe_arith::ArithError) -> EpochProcessingError {
EpochProcessingError::ArithError(e)
}
}
#[derive(Debug, PartialEq)]
pub enum InclusionError {
/// The validator did not participate in an attestation in this period.

14
eth2/state_processing/src/per_epoch_processing/process_slashings.rs
View File

@ -1,3 +1,4 @@
use safe_arith::SafeArith;
use types::{BeaconStateError as Error, *};
/// Process slashings.
@ -13,12 +14,17 @@ pub fn process_slashings<T: EthSpec>(
for (index, validator) in state.validators.iter().enumerate() {
if validator.slashed
&& epoch + T::EpochsPerSlashingsVector::to_u64() / 2 == validator.withdrawable_epoch
&& epoch + T::EpochsPerSlashingsVector::to_u64().safe_div(2)?
== validator.withdrawable_epoch
{
let increment = spec.effective_balance_increment;
let penalty_numerator = validator.effective_balance / increment
* std::cmp::min(sum_slashings * 3, total_balance);
let penalty = penalty_numerator / total_balance * increment;
let penalty_numerator = validator
.effective_balance
.safe_div(increment)?
.safe_mul(std::cmp::min(sum_slashings.safe_mul(3)?, total_balance))?;
let penalty = penalty_numerator
.safe_div(total_balance)?
.safe_mul(increment)?;
safe_sub_assign!(state.balances[index], penalty);
}

29
eth2/state_processing/src/per_epoch_processing/validator_statuses.rs
View File

@ -1,4 +1,5 @@
use crate::common::get_attesting_indices;
use safe_arith::SafeArith;
use types::*;
/// Sets the boolean `var` on `self` to be true if it is true on `other`. Otherwise leaves `self`
@ -198,12 +199,16 @@ impl ValidatorStatuses {
if validator.is_active_at(state.current_epoch()) {
status.is_active_in_current_epoch = true;
total_balances.current_epoch += effective_balance;
total_balances
.current_epoch
.safe_add_assign(effective_balance)?;
}
if validator.is_active_at(state.previous_epoch()) {
status.is_active_in_previous_epoch = true;
total_balances.previous_epoch += effective_balance;
total_balances
.previous_epoch
.safe_add_assign(effective_balance)?;
}
statuses.push(status);
@ -275,19 +280,29 @@ impl ValidatorStatuses {
let validator_balance = state.get_effective_balance(index, spec)?;
if v.is_current_epoch_attester {
self.total_balances.current_epoch_attesters += validator_balance;
self.total_balances
.current_epoch_attesters
.safe_add_assign(validator_balance)?;
}
if v.is_current_epoch_target_attester {
self.total_balances.current_epoch_target_attesters += validator_balance;
self.total_balances
.current_epoch_target_attesters
.safe_add_assign(validator_balance)?;
}
if v.is_previous_epoch_attester {
self.total_balances.previous_epoch_attesters += validator_balance;
self.total_balances
.previous_epoch_attesters
.safe_add_assign(validator_balance)?;
}
if v.is_previous_epoch_target_attester {
self.total_balances.previous_epoch_target_attesters += validator_balance;
self.total_balances
.previous_epoch_target_attesters
.safe_add_assign(validator_balance)?;
}
if v.is_previous_epoch_head_attester {
self.total_balances.previous_epoch_head_attesters += validator_balance;
self.total_balances
.previous_epoch_head_attesters
.safe_add_assign(validator_balance)?;
}
}
}

1
eth2/types/Cargo.toml
View File

@ -23,6 +23,7 @@ log = "0.4.8"
merkle_proof = { path = "../utils/merkle_proof" }
rayon = "1.2.0"
rand = "0.7.2"
safe_arith = { path = "../utils/safe_arith" }
serde = "1.0.102"
serde_derive = "1.0.102"
slog = "2.5.2"

60
eth2/types/src/beacon_state.rs
View File

@ -7,6 +7,7 @@ use compare_fields_derive::CompareFields;
use eth2_hashing::hash;
use int_to_bytes::{int_to_bytes4, int_to_bytes8};
use pubkey_cache::PubkeyCache;
use safe_arith::{ArithError, SafeArith};
use serde_derive::{Deserialize, Serialize};
use ssz::ssz_encode;
use ssz_derive::{Decode, Encode};
@ -75,6 +76,10 @@ pub enum Error {
deposit_count: u64,
deposit_index: u64,
},
/// An arithmetic operation occurred which would have overflowed or divided by 0.
///
/// This represents a serious bug in either the spec or Lighthouse!
ArithError(ArithError),
}
/// Control whether an epoch-indexed field can be indexed at the next epoch or not.
@ -411,7 +416,7 @@ impl<T: EthSpec> BeaconState<T> {
let mut i = 0;
loop {
let candidate_index = indices[compute_shuffled_index(
i % indices.len(),
i.safe_rem(indices.len())?,
indices.len(),
seed,
spec.shuffle_round_count,
@ -419,17 +424,19 @@ impl<T: EthSpec> BeaconState<T> {
.ok_or(Error::UnableToShuffle)?];
let random_byte = {
let mut preimage = seed.to_vec();
preimage.append(&mut int_to_bytes8((i / 32) as u64));
preimage.append(&mut int_to_bytes8(i.safe_div(32)? as u64));
let hash = hash(&preimage);
hash[i % 32]
hash[i.safe_rem(32)?]
};
let effective_balance = self.validators[candidate_index].effective_balance;
if effective_balance * MAX_RANDOM_BYTE
>= spec.max_effective_balance * u64::from(random_byte)
if effective_balance.safe_mul(MAX_RANDOM_BYTE)?
>= spec
.max_effective_balance
.safe_mul(u64::from(random_byte))?
{
return Ok(candidate_index);
}
i += 1;
i.increment()?;
}
}
@ -476,8 +483,8 @@ impl<T: EthSpec> BeaconState<T> {
///
/// Spec v0.11.1
fn get_latest_block_roots_index(&self, slot: Slot) -> Result<usize, Error> {
if (slot < self.slot) && (self.slot <= slot + self.block_roots.len() as u64) {
Ok(slot.as_usize() % self.block_roots.len())
if slot < self.slot && self.slot <= slot + self.block_roots.len() as u64 {
Ok(slot.as_usize().safe_rem(self.block_roots.len())?)
} else {
Err(BeaconStateError::SlotOutOfBounds)
}
@ -529,7 +536,7 @@ impl<T: EthSpec> BeaconState<T> {
let len = T::EpochsPerHistoricalVector::to_u64();
if current_epoch < epoch + len && epoch <= allow_next_epoch.upper_bound_of(current_epoch) {
Ok(epoch.as_usize() % len as usize)
Ok(epoch.as_usize().safe_rem(len as usize)?)
} else {
Err(Error::EpochOutOfBounds)
}
@ -543,7 +550,9 @@ impl<T: EthSpec> BeaconState<T> {
///
/// Spec v0.11.1
pub fn update_randao_mix(&mut self, epoch: Epoch, signature: &Signature) -> Result<(), Error> {
let i = epoch.as_usize() % T::EpochsPerHistoricalVector::to_usize();
let i = epoch
.as_usize()
.safe_rem(T::EpochsPerHistoricalVector::to_usize())?;
let signature_hash = Hash256::from_slice(&hash(&ssz_encode(signature)));
@ -573,8 +582,8 @@ impl<T: EthSpec> BeaconState<T> {
///
/// Spec v0.11.1
fn get_latest_state_roots_index(&self, slot: Slot) -> Result<usize, Error> {
if (slot < self.slot) && (self.slot <= slot + Slot::from(self.state_roots.len())) {
Ok(slot.as_usize() % self.state_roots.len())
if slot < self.slot && self.slot <= slot + self.state_roots.len() as u64 {
Ok(slot.as_usize().safe_rem(self.state_roots.len())?)
} else {
Err(BeaconStateError::SlotOutOfBounds)
}
@ -628,7 +637,9 @@ impl<T: EthSpec> BeaconState<T> {
if current_epoch < epoch + T::EpochsPerSlashingsVector::to_u64()
&& epoch <= allow_next_epoch.upper_bound_of(current_epoch)
{
Ok(epoch.as_usize() % T::EpochsPerSlashingsVector::to_usize())
Ok(epoch
.as_usize()
.safe_rem(T::EpochsPerSlashingsVector::to_usize())?)
} else {
Err(Error::EpochOutOfBounds)
}
@ -687,20 +698,20 @@ impl<T: EthSpec> BeaconState<T> {
// == 0`.
let mix = {
let i = epoch + T::EpochsPerHistoricalVector::to_u64() - spec.min_seed_lookahead - 1;
self.randao_mixes[i.as_usize() % self.randao_mixes.len()]
self.randao_mixes[i.as_usize().safe_rem(self.randao_mixes.len())?]
};
let domain_bytes = int_to_bytes4(spec.get_domain_constant(domain_type));
let epoch_bytes = int_to_bytes8(epoch.as_u64());
const NUM_DOMAIN_BYTES: usize = 4;
const NUM_EPOCH_BYTES: usize = 8;
const MIX_OFFSET: usize = NUM_DOMAIN_BYTES + NUM_EPOCH_BYTES;
const NUM_MIX_BYTES: usize = 32;
let mut preimage = [0; NUM_DOMAIN_BYTES + NUM_EPOCH_BYTES + NUM_MIX_BYTES];
preimage[0..NUM_DOMAIN_BYTES].copy_from_slice(&domain_bytes);
preimage[NUM_DOMAIN_BYTES..NUM_DOMAIN_BYTES + NUM_EPOCH_BYTES]
.copy_from_slice(&epoch_bytes);
preimage[NUM_DOMAIN_BYTES + NUM_EPOCH_BYTES..].copy_from_slice(mix.as_bytes());
preimage[NUM_DOMAIN_BYTES..MIX_OFFSET].copy_from_slice(&epoch_bytes);
preimage[MIX_OFFSET..].copy_from_slice(mix.as_bytes());
Ok(Hash256::from_slice(&hash(&preimage)))
}
@ -734,9 +745,10 @@ impl<T: EthSpec> BeaconState<T> {
pub fn get_churn_limit(&self, spec: &ChainSpec) -> Result<u64, Error> {
Ok(std::cmp::max(
spec.min_per_epoch_churn_limit,
self.committee_cache(RelativeEpoch::Current)?
.active_validator_count() as u64
/ spec.churn_limit_quotient,
(self
.committee_cache(RelativeEpoch::Current)?
.active_validator_count() as u64)
.safe_div(spec.churn_limit_quotient)?,
))
}
@ -766,7 +778,7 @@ impl<T: EthSpec> BeaconState<T> {
) -> Result<u64, Error> {
validator_indices.iter().try_fold(0_u64, |acc, i| {
self.get_effective_balance(*i, spec)
.and_then(|bal| Ok(bal + acc))
.and_then(|bal| Ok(acc.safe_add(bal)?))
})
}
@ -1072,3 +1084,9 @@ impl From<tree_hash::Error> for Error {
Error::TreeHashError(e)
}
}
impl From<ArithError> for Error {
fn from(e: ArithError) -> Error {
Error::ArithError(e)
}
}

6
eth2/types/src/beacon_state/committee_cache.rs
View File

@ -1,3 +1,5 @@
#![allow(clippy::integer_arithmetic)]
use super::BeaconState;
use crate::*;
use core::num::NonZeroUsize;
@ -43,7 +45,7 @@ impl CommitteeCache {
}
let committees_per_slot =
T::get_committee_count_per_slot(active_validator_indices.len(), spec) as u64;
T::get_committee_count_per_slot(active_validator_indices.len(), spec)? as u64;
let seed = state.get_seed(epoch, Domain::BeaconAttester, spec)?;
@ -56,7 +58,7 @@ impl CommitteeCache {
.ok_or_else(|| Error::UnableToShuffle)?;
// The use of `NonZeroUsize` reduces the maximum number of possible validators by one.
if state.validators.len() > usize::max_value() - 1 {
if state.validators.len() == usize::max_value() {
return Err(Error::TooManyValidators);
}

6
eth2/types/src/beacon_state/exit_cache.rs
View File

@ -1,4 +1,5 @@
use super::{BeaconStateError, ChainSpec, Epoch, Validator};
use safe_arith::SafeArith;
use serde_derive::{Deserialize, Serialize};
use std::collections::HashMap;
@ -50,7 +51,10 @@ impl ExitCache {
/// Must only be called once per exiting validator.
pub fn record_validator_exit(&mut self, exit_epoch: Epoch) -> Result<(), BeaconStateError> {
self.check_initialized()?;
*self.exits_per_epoch.entry(exit_epoch).or_insert(0) += 1;
self.exits_per_epoch
.entry(exit_epoch)
.or_insert(0)
.increment()?;
Ok(())
}

1
eth2/types/src/beacon_state/pubkey_cache.rs
View File

@ -23,6 +23,7 @@ impl PubkeyCache {
///
/// The added index must equal the number of validators already added to the map. This ensures
/// that an index is never skipped.
#[allow(clippy::integer_arithmetic)]
pub fn insert(&mut self, pubkey: PublicKeyBytes, index: ValidatorIndex) -> bool {
if index == self.len {
self.map.insert(pubkey, index);

4
eth2/types/src/beacon_state/tree_hash_cache.rs
View File

@ -1,3 +1,5 @@
#![allow(clippy::integer_arithmetic)]
use super::Error;
use crate::{BeaconState, EthSpec, Hash256, Unsigned, Validator};
use cached_tree_hash::{int_log, CacheArena, CachedTreeHash, TreeHashCache};
@ -195,7 +197,7 @@ impl ValidatorsListTreeHashCache {
/// This function makes assumptions that the `validators` list will only change in accordance
/// with valid per-block/per-slot state transitions.
fn recalculate_tree_hash_root(&mut self, validators: &[Validator]) -> Result<Hash256, Error> {
let mut list_arena = std::mem::replace(&mut self.list_arena, CacheArena::default());
let mut list_arena = std::mem::take(&mut self.list_arena);
let leaves = self
.values

15
eth2/types/src/chain_spec.rs
View File

@ -238,10 +238,10 @@ impl ChainSpec {
/*
* Gwei values
*/
min_deposit_amount: u64::pow(2, 0) * u64::pow(10, 9),
max_effective_balance: u64::pow(2, 5) * u64::pow(10, 9),
ejection_balance: u64::pow(2, 4) * u64::pow(10, 9),
effective_balance_increment: u64::pow(2, 0) * u64::pow(10, 9),
min_deposit_amount: u64::pow(2, 0).saturating_mul(u64::pow(10, 9)),
max_effective_balance: u64::pow(2, 5).saturating_mul(u64::pow(10, 9)),
ejection_balance: u64::pow(2, 4).saturating_mul(u64::pow(10, 9)),
effective_balance_increment: u64::pow(2, 0).saturating_mul(u64::pow(10, 9)),
/*
* Initial Values
@ -522,6 +522,7 @@ impl Default for YamlConfig {
/// Spec v0.11.1
impl YamlConfig {
#[allow(clippy::integer_arithmetic)]
pub fn from_spec<T: EthSpec>(spec: &ChainSpec) -> Self {
Self {
// ChainSpec
@ -557,7 +558,7 @@ impl YamlConfig {
proposer_reward_quotient: spec.proposer_reward_quotient,
inactivity_penalty_quotient: spec.inactivity_penalty_quotient,
min_slashing_penalty_quotient: spec.min_slashing_penalty_quotient,
genesis_fork_version: spec.genesis_fork_version.clone(),
genesis_fork_version: spec.genesis_fork_version,
safe_slots_to_update_justified: spec.safe_slots_to_update_justified,
domain_beacon_proposer: spec.domain_beacon_proposer,
domain_beacon_attester: spec.domain_beacon_attester,
@ -642,7 +643,7 @@ impl YamlConfig {
effective_balance_increment: self.effective_balance_increment,
genesis_slot: Slot::from(self.genesis_slot),
bls_withdrawal_prefix_byte: self.bls_withdrawal_prefix,
milliseconds_per_slot: self.seconds_per_slot * 1000,
milliseconds_per_slot: self.seconds_per_slot.saturating_mul(1000),
min_attestation_inclusion_delay: self.min_attestation_inclusion_delay,
min_seed_lookahead: Epoch::from(self.min_seed_lookahead),
max_seed_lookahead: Epoch::from(self.max_seed_lookahead),
@ -662,7 +663,7 @@ impl YamlConfig {
domain_deposit: self.domain_deposit,
domain_voluntary_exit: self.domain_voluntary_exit,
boot_nodes: chain_spec.boot_nodes.clone(),
genesis_fork_version: self.genesis_fork_version.clone(),
genesis_fork_version: self.genesis_fork_version,
eth1_follow_distance: self.eth1_follow_distance,
..*chain_spec
})

14
eth2/types/src/eth_spec.rs
View File

@ -1,4 +1,5 @@
use crate::*;
use safe_arith::SafeArith;
use serde_derive::{Deserialize, Serialize};
use ssz_types::typenum::{
Unsigned, U0, U1, U1024, U1099511627776, U128, U16, U16777216, U2, U2048, U32, U4, U4096, U64,
@ -63,16 +64,21 @@ pub trait EthSpec: 'static + Default + Sync + Send + Clone + Debug + PartialEq {
/// the `active_validator_count` during the slot's epoch.
///
/// Spec v0.11.1
fn get_committee_count_per_slot(active_validator_count: usize, spec: &ChainSpec) -> usize {
fn get_committee_count_per_slot(
active_validator_count: usize,
spec: &ChainSpec,
) -> Result<usize, Error> {
let slots_per_epoch = Self::SlotsPerEpoch::to_usize();
std::cmp::max(
Ok(std::cmp::max(
1,
std::cmp::min(
spec.max_committees_per_slot,
active_validator_count / slots_per_epoch / spec.target_committee_size,
active_validator_count
.safe_div(slots_per_epoch)?
.safe_div(spec.target_committee_size)?,
),
)
))
}
/// Returns the minimum number of validators required for this spec.

2
eth2/types/src/lib.rs
View File

@ -2,6 +2,8 @@
// Required for big type-level numbers
#![recursion_limit = "128"]
// Clippy lint set up
#![deny(clippy::integer_arithmetic)]
#[macro_use]
pub mod test_utils;

9
eth2/types/src/slot_epoch.rs
View File

@ -14,7 +14,6 @@ use crate::test_utils::TestRandom;
use crate::SignedRoot;
use rand::RngCore;
use serde_derive::{Deserialize, Serialize};
use slog;
use ssz::{ssz_encode, Decode, DecodeError, Encode};
use std::cmp::{Ord, Ordering};
use std::fmt;
@ -38,7 +37,7 @@ impl Slot {
}
pub fn epoch(self, slots_per_epoch: u64) -> Epoch {
Epoch::from(self.0 / slots_per_epoch)
Epoch::from(self.0) / Epoch::from(slots_per_epoch)
}
pub fn max_value() -> Slot {
@ -77,8 +76,8 @@ impl Epoch {
let start = self.start_slot(slots_per_epoch);
let end = self.end_slot(slots_per_epoch);
if (slot >= start) && (slot <= end) {
Some(slot.as_usize() - start.as_usize())
if slot >= start && slot <= end {
slot.as_usize().checked_sub(start.as_usize())
} else {
None
}
@ -110,7 +109,7 @@ impl<'a> Iterator for SlotIter<'a> {
} else {
let start_slot = self.epoch.start_slot(self.slots_per_epoch);
let previous = self.current_iteration;
self.current_iteration += 1;
self.current_iteration = self.current_iteration.checked_add(1)?;
Some(start_slot + previous)
}
}

25
eth2/types/src/slot_epoch_macros.rs
View File

@ -107,20 +107,21 @@ macro_rules! impl_math_between {
fn div(self, rhs: $other) -> $main {
let rhs: u64 = rhs.into();
if rhs == 0 {
panic!("Cannot divide by zero-valued Slot/Epoch")
}
$main::from(self.0 / rhs)
$main::from(
self.0
.checked_div(rhs)
.expect("Cannot divide by zero-valued Slot/Epoch"),
)
}
}
impl DivAssign<$other> for $main {
fn div_assign(&mut self, rhs: $other) {
let rhs: u64 = rhs.into();
if rhs == 0 {
panic!("Cannot divide by zero-valued Slot/Epoch")
}
self.0 = self.0 / rhs
self.0 = self
.0
.checked_div(rhs)
.expect("Cannot divide by zero-valued Slot/Epoch");
}
}
@ -129,7 +130,11 @@ macro_rules! impl_math_between {
fn rem(self, modulus: $other) -> $main {
let modulus: u64 = modulus.into();
$main::from(self.0 % modulus)
$main::from(
self.0
.checked_rem(modulus)
.expect("Cannot divide by zero-valued Slot/Epoch"),
)
}
}
};
@ -234,7 +239,7 @@ macro_rules! impl_ssz {
}
fn tree_hash_packing_factor() -> usize {
32 / 8
32usize.wrapping_div(8)
}
fn tree_hash_root(&self) -> tree_hash::Hash256 {

1
eth2/types/src/test_utils/builders/testing_beacon_state_builder.rs
View File

@ -2,7 +2,6 @@ use super::super::{generate_deterministic_keypairs, KeypairsFile};
use crate::test_utils::{AttestationTestTask, TestingPendingAttestationBuilder};
use crate::*;
use bls::get_withdrawal_credentials;
use dirs;
use log::debug;
use rayon::prelude::*;
use std::path::{Path, PathBuf};

2
eth2/types/src/test_utils/builders/testing_deposit_builder.rs
View File

@ -36,7 +36,7 @@ impl TestingDepositBuilder {
let mut secret_key = keypair.sk.clone();
match test_task {
DepositTestTask::BadPubKey => pubkeybytes = PublicKeyBytes::from(new_key.pk.clone()),
DepositTestTask::BadPubKey => pubkeybytes = PublicKeyBytes::from(new_key.pk),
DepositTestTask::InvalidPubKey => {
// Creating invalid public key bytes
let mut public_key_bytes: Vec<u8> = vec![0; 48];

2
eth2/types/src/test_utils/builders/testing_proposer_slashing_builder.rs
View File

@ -50,7 +50,7 @@ impl TestingProposerSlashingBuilder {
message: BeaconBlockHeader {
parent_root: hash_2,
slot: slot_2,
..signed_header_1.message.clone()
..signed_header_1.message
},
signature: Signature::empty_signature(),
};

2
eth2/types/src/test_utils/mod.rs
View File

@ -1,3 +1,5 @@
#![allow(clippy::integer_arithmetic)]
#[macro_use]
mod macros;
mod builders;

8
eth2/types/src/tree_hash_impls.rs
View File

@ -32,12 +32,10 @@ impl CachedTreeHash<TreeHashCache> for Validator {
// Fields pubkey and withdrawal_credentials are constant
if (i == 0 || i == 1) && cache.initialized {
None
} else if process_field_by_index(self, i, leaf, !cache.initialized) {
Some(i)
} else {
if process_field_by_index(self, i, leaf, !cache.initialized) {
Some(i)
} else {
None
}
None
}
})
.collect();

1
eth2/types/src/utils/serde_utils.rs
View File

@ -1,4 +1,3 @@
use hex;
use serde::de::Error;
use serde::{Deserialize, Deserializer, Serializer};

4
eth2/utils/bls/src/aggregate_public_key.rs
View File

@ -19,9 +19,7 @@ impl AggregatePublicKey {
pub fn from_bytes(bytes: &[u8]) -> Result<Self, DecodeError> {
let pubkey = RawAggregatePublicKey::from_bytes(&bytes).map_err(|_| {
DecodeError::BytesInvalid(
format!("Invalid AggregatePublicKey bytes: {:?}", bytes).to_string(),
)
DecodeError::BytesInvalid(format!("Invalid AggregatePublicKey bytes: {:?}", bytes))
})?;
Ok(AggregatePublicKey(pubkey))

4
eth2/utils/cached_tree_hash/src/cache.rs
View File

@ -164,8 +164,8 @@ impl TreeHashCache {
fn lift_dirty(dirty_indices: &[usize]) -> SmallVec8<usize> {
let mut new_dirty = SmallVec8::with_capacity(dirty_indices.len());
for i in 0..dirty_indices.len() {
new_dirty.push(dirty_indices[i] / 2)
for index in dirty_indices {
new_dirty.push(index / 2)
}
new_dirty.dedup();

1
eth2/utils/cached_tree_hash/src/cache_arena.rs
View File

@ -89,6 +89,7 @@ impl<T: Encode + Decode> CacheArena<T> {
/// To reiterate, the given `range` should be relative to the given `alloc_id`, not
/// `self.backing`. E.g., if the allocation has an offset of `20` and the range is `0..1`, then
/// the splice will translate to `self.backing[20..21]`.
#[allow(clippy::comparison_chain)]
fn splice_forgetful<I: IntoIterator<Item = T>>(
&mut self,
alloc_id: usize,

1
eth2/utils/merkle_proof/Cargo.toml
View File

@ -8,6 +8,7 @@ edition = "2018"
ethereum-types = "0.8.0"
eth2_hashing = "0.1.0"
lazy_static = "1.4.0"
safe_arith = { path = "../safe_arith" }
[dev-dependencies]
quickcheck = "0.9.0"

9
eth2/utils/merkle_proof/src/lib.rs
View File

@ -1,6 +1,7 @@
use eth2_hashing::{hash, hash32_concat, ZERO_HASHES};
use ethereum_types::H256;
use lazy_static::lazy_static;
use safe_arith::ArithError;
const MAX_TREE_DEPTH: usize = 32;
const EMPTY_SLICE: &[H256] = &[];
@ -38,6 +39,8 @@ pub enum MerkleTreeError {
Invalid,
// Incorrect Depth provided
DepthTooSmall,
// Overflow occurred
ArithError,
}
impl MerkleTree {
@ -232,6 +235,12 @@ fn merkle_root_from_branch(leaf: H256, branch: &[H256], depth: usize, index: usi
H256::from_slice(&merkle_root)
}
impl From<ArithError> for MerkleTreeError {
fn from(_: ArithError) -> Self {
MerkleTreeError::ArithError
}
}
#[cfg(test)]
mod tests {
use super::*;

9
eth2/utils/safe_arith/Cargo.toml Normal file
View File

@ -0,0 +1,9 @@
[package]
name = "safe_arith"
version = "0.1.0"
authors = ["Michael Sproul <michael@sigmaprime.io>"]
edition = "2018"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]

161
eth2/utils/safe_arith/src/lib.rs Normal file
View File

@ -0,0 +1,161 @@
//! Library for safe arithmetic on integers, avoiding overflow and division by zero.
/// Error representing the failure of an arithmetic operation.
#[derive(Debug, PartialEq, Eq, Clone, Copy)]
pub enum ArithError {
Overflow,
DivisionByZero,
}
type Result<T> = std::result::Result<T, ArithError>;
macro_rules! assign_method {
($name:ident, $op:ident, $doc_op:expr) => {
assign_method!($name, $op, Self, $doc_op);
};
($name:ident, $op:ident, $rhs_ty:ty, $doc_op:expr) => {
#[doc = "Safe variant of `"]
#[doc = $doc_op]
#[doc = "`."]
fn $name(&mut self, other: $rhs_ty) -> Result<()> {
*self = self.$op(other)?;
Ok(())
}
};
}
/// Trait providing safe arithmetic operations for built-in types.
pub trait SafeArith: Sized + Copy {
const ZERO: Self;
const ONE: Self;
/// Safe variant of `+` that guards against overflow.
fn safe_add(&self, other: Self) -> Result<Self>;
/// Safe variant of `-` that guards against overflow.
fn safe_sub(&self, other: Self) -> Result<Self>;
/// Safe variant of `*` that guards against overflow.
fn safe_mul(&self, other: Self) -> Result<Self>;
/// Safe variant of `/` that guards against division by 0.
fn safe_div(&self, other: Self) -> Result<Self>;
/// Safe variant of `%` that guards against division by 0.
fn safe_rem(&self, other: Self) -> Result<Self>;
/// Safe variant of `<<` that guards against overflow.
fn safe_shl(&self, other: u32) -> Result<Self>;
/// Safe variant of `>>` that guards against overflow.
fn safe_shr(&self, other: u32) -> Result<Self>;
assign_method!(safe_add_assign, safe_add, "+=");
assign_method!(safe_sub_assign, safe_sub, "-=");
assign_method!(safe_mul_assign, safe_mul, "*=");
assign_method!(safe_div_assign, safe_div, "/=");
assign_method!(safe_rem_assign, safe_rem, "%=");
assign_method!(safe_shl_assign, safe_shl, u32, "<<=");
assign_method!(safe_shr_assign, safe_shr, u32, ">>=");
/// Mutate `self` by adding 1, erroring on overflow.
fn increment(&mut self) -> Result<()> {
self.safe_add_assign(Self::ONE)
}
}
macro_rules! impl_safe_arith {
($typ:ty) => {
impl SafeArith for $typ {
const ZERO: Self = 0;
const ONE: Self = 1;
fn safe_add(&self, other: Self) -> Result<Self> {
self.checked_add(other).ok_or(ArithError::Overflow)
}
fn safe_sub(&self, other: Self) -> Result<Self> {
self.checked_sub(other).ok_or(ArithError::Overflow)
}
fn safe_mul(&self, other: Self) -> Result<Self> {
self.checked_mul(other).ok_or(ArithError::Overflow)
}
fn safe_div(&self, other: Self) -> Result<Self> {
self.checked_div(other).ok_or(ArithError::DivisionByZero)
}
fn safe_rem(&self, other: Self) -> Result<Self> {
self.checked_rem(other).ok_or(ArithError::DivisionByZero)
}
fn safe_shl(&self, other: u32) -> Result<Self> {
self.checked_shl(other).ok_or(ArithError::Overflow)
}
fn safe_shr(&self, other: u32) -> Result<Self> {
self.checked_shr(other).ok_or(ArithError::Overflow)
}
}
};
}
impl_safe_arith!(u8);
impl_safe_arith!(u16);
impl_safe_arith!(u32);
impl_safe_arith!(u64);
impl_safe_arith!(usize);
impl_safe_arith!(i8);
impl_safe_arith!(i16);
impl_safe_arith!(i32);
impl_safe_arith!(i64);
impl_safe_arith!(isize);
#[cfg(test)]
mod test {
use super::*;
#[test]
fn basic() {
let x = 10u32;
let y = 11;
assert_eq!(x.safe_add(y), Ok(x + y));
assert_eq!(y.safe_sub(x), Ok(y - x));
assert_eq!(x.safe_mul(y), Ok(x * y));
assert_eq!(x.safe_div(y), Ok(x / y));
assert_eq!(x.safe_rem(y), Ok(x % y));
assert_eq!(x.safe_shl(1), Ok(x << 1));
assert_eq!(x.safe_shr(1), Ok(x >> 1));
}
#[test]
fn mutate() {
let mut x = 0u8;
x.increment().unwrap();
x.increment().unwrap();
assert_eq!(x, 2);
x.safe_sub_assign(1).unwrap();
assert_eq!(x, 1);
x.safe_shl_assign(1).unwrap();
assert_eq!(x, 2);
x.safe_mul_assign(3).unwrap();
assert_eq!(x, 6);
x.safe_div_assign(4).unwrap();
assert_eq!(x, 1);
x.safe_shr_assign(1).unwrap();
assert_eq!(x, 0);
}
#[test]
fn errors() {
assert!(u32::max_value().safe_add(1).is_err());
assert!(u32::min_value().safe_sub(1).is_err());
assert!(u32::max_value().safe_mul(2).is_err());
assert!(u32::max_value().safe_div(0).is_err());
assert!(u32::max_value().safe_rem(0).is_err());
assert!(u32::max_value().safe_shl(32).is_err());
assert!(u32::max_value().safe_shr(32).is_err());
}
}

1
eth2/utils/serde_hex/src/lib.rs
View File

@ -1,4 +1,3 @@
use hex;
use hex::ToHex;
use serde::de::{self, Visitor};
use std::fmt;

2
eth2/utils/ssz_derive/src/lib.rs
View File

@ -86,6 +86,7 @@ pub fn ssz_encode_derive(input: TokenStream) -> TokenStream {
let field_types_f = field_types_a.clone();
let output = quote! {
#[allow(clippy::integer_arithmetic)]
impl #impl_generics ssz::Encode for #name #ty_generics #where_clause {
fn is_ssz_fixed_len() -> bool {
#(
@ -221,6 +222,7 @@ pub fn ssz_decode_derive(input: TokenStream) -> TokenStream {
}
let output = quote! {
#[allow(clippy::integer_arithmetic)]
impl #impl_generics ssz::Decode for #name #ty_generics #where_clause {
fn is_ssz_fixed_len() -> bool {
#(

28
eth2/utils/tree_hash/src/merkle_hasher.rs
View File

@ -274,22 +274,20 @@ impl MerkleHasher {
loop {
if let Some(root) = self.root {
break Ok(root);
} else if let Some(node) = self.half_nodes.last() {
let right_child = node.id * 2 + 1;
self.process_right_node(right_child, self.zero_hash(right_child));
} else if self.next_leaf == 1 {
// The next_leaf can only be 1 if the tree has a depth of one. If have been no
// leaves supplied, assume a root of zero.
break Ok(Hash256::zero());
} else {
if let Some(node) = self.half_nodes.last() {
let right_child = node.id * 2 + 1;
self.process_right_node(right_child, self.zero_hash(right_child));
} else if self.next_leaf == 1 {
// The next_leaf can only be 1 if the tree has a depth of one. If have been no
// leaves supplied, assume a root of zero.
break Ok(Hash256::zero());
} else {
// The only scenario where there are (a) no half nodes and (b) a tree of depth
// two or more is where no leaves have been supplied at all.
//
// Once we supply this first zero-hash leaf then all future operations will be
// triggered via the `process_right_node` branch.
self.process_left_node(self.next_leaf, self.zero_hash(self.next_leaf))
}
// The only scenario where there are (a) no half nodes and (b) a tree of depth
// two or more is where no leaves have been supplied at all.
//
// Once we supply this first zero-hash leaf then all future operations will be
// triggered via the `process_right_node` branch.
self.process_left_node(self.next_leaf, self.zero_hash(self.next_leaf))
}
}
}