Revert "Add contract spec type for hash (#182)" #184
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This reverts commit 2ba4049.
dmkozh
approved these changes
Apr 22, 2024
jayz22
approved these changes
Apr 22, 2024
This was referenced May 6, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What
Revert "Add contract spec type for hash (#182)"
Why
The Hash type in the SDK is the first time we're adding a type that behaves anything like it does. It's a type that provides some guarantees, and so it can't be used anywhere where those guarantees can't be provided. This means the type really can't be used anywhere at contract boundaries, with the exception being the
__check_authfunction which is only invocable by the environment itself when auth is being performed.For that reason the Hash type can't ever show up as a contract function input, and so there's no reason for it to show up in the spec as an input. Even though technically it is an input for the
__check_authfunction we don't make any of the types of that function included in the spec types because there's no utility in doing so since other contracts can't construct and call the function.In stellar/rs-soroban-sdk#1246 (comment) I suggested that the Hash type would need to be included in the spec because a contract may wish to return the type from a function. The reason for this suggestion is because it will indeed be possible for someone to return the type from a function, and it would be inconvenient to introduce a compile error for this and require them to convert it to a Bytes. It just feels like one of those arbitrary errors. I meant well with trying to address this but I realise now this introduces a dangerous specification. If we include Hash into the spec someone can write a contract that looks like it guarantees to return a hash, but the system can't support that guarantee and anyone can write a contract that returns a fixed or random Bytes value with the spec saying it's a Hash when it isn't. i.e. This idea was a mistake on my part. To address my earlier concern we can simply map
Hash<N>toBytesN<N>when mapping SDK types to spec types.Notes
This is a breaking change from a raw semver perspective, however I think we can make it for a couple reasons:
The contract spec types, like the overlay types, are not considered part of the protocol and are largely out of scope of any strict compatibility guarantee within a protocol version. We should actually document this compatibility guarantee though, just making it up like this on the spot even with precedence or logic is not the way we should be making decisions like this.
This is a bug fix and should be included in a patch release. I requested Hash be added to the spec, but it was a mistake and no code will have ever been released that uses it.