-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add operation OP_EVAL for direct execution of opcodes #328
Comments
Do you mean like the |
Just like that... :) if the stack was really isolated, differently from a CALL where the instruction list is maintained (only the instruction counter changes; and the context copied). We would need to copy the "new instruction list" to a "instruction list stack", and after execution, it returns to the original instruction list. Example validating pubkey
|
I think there is a proposal in BIP for There are some discussions on bitcointalk: |
Thinking it over, this is actually some form of dynamic invocation, just more lightweight. |
I'll take a deep look at the discussions Erik, but with one thing in mind: as far as I know, Bitcoin is not Turing-complete, right? That makes a lot of difference in this scenario... without loops, I personally don't see much of use in Bitcoin, but on Neo it's even more important than dynamic invoke (in my opinion). [edit] I was wrong, this is not needed for nep5, only for advanced metaprogramming. |
Ok Erik, took some time to study BIP-12 (OP_EVAL). The intention of Gavin Andresen in 2011 was to create new types of standard "scriptPubKeys" on bitcoin, that is, new ways of spending bitcoin, besides private-public key validation. On 2012 he suceeded to pass BIP-16 (P2SH - pay to script hash), which accomplishes similar behavior found on Neo Verification trigger, so BIP-12 was deemed useless, because everything OP_EVAL did could be done using P2SH. What's the difference from Neo? We really need OP_EVAL, even having Verification trigger. The situation is that we have Turing complete computation, and this abstract allows us to have Turing machines inside turing machines.... so there will be infinitely many more situations that this will be useful. I guess we can write a NEP on it if you want, I will organize my arguments in two points now: (1) one important use case (2) how to implement and how to deal with security/safety concerns. (1) Important use case: automated redeem script inside NEP-5 tokens (2) how to implement delegate int del(int i);
static void Main(string[] args)
{
del myDelegate = x => x * x;
int j = myDelegate(5); //j = 25
} Should become something like:
Question is, how hard is it to code it on C# Neo compiler? xD |
Very dangerous OpCode, i don't like :P |
Agree with @shargon. Also, it is possible to do multisig-like Smart Contracts with the current verification routine. |
@localhuman the proposal is to allow a NEP-5 address to be a multisig, or even to allow more complicated token spending logics that verification allows, but NEP-5 does not (Verification can be nearly abolished together with utxo, we need a programmable alternative inside contracts). The idea is to give control to the token owner in how it should be spent. [edit] I was wrong, you are right my friend @localhuman, nep5 can do anything. @shargon don't be afraid my friend, I thought about it a lot, trust me xD hahhaha if we disallow storage writes completely (and even function CALLs/dynamicInvokes), and execute in a separate stack (such as a regular CALL, but with different "script"), there are no attacks possible (JMP cannot go out of scope, infinite loops will spend gas, recursive behavior is not possible without CALL, no dynamic invoke...), it's very limited, but very powerful anyway. If you are still afraid of the returning elements in the stack, we can create OP_EVAL1, which allows a single element in stack in the end (that's also enough for all use cases I imagined as a regular Lambda function). |
If you want an NEP5 contract to be multisig, you can attach extra script hashes to the TX Attrs and run them all through |
But it's not just MultiSig, it's all different kinds of logic that verification permits today (and we won't have anymore). We cannot predict all of them beforehand... for example, how to enable a time-lock or password-lock contract inside NEP-5? Time-lock is a quite real need for many purposes. The current ICO template does not even allow multisig (I guess it should), but other features will keep failing, and preventing us to abolish utxo. [edit]: I was completely wrong, ignore this comment :) |
@igormcoelho Give me a |
Ok @shargon, as soon as I have time, I'll implement this feature, and store some coins in neocompiler.io network. You will have one week to steal the coins, and if you cannot, you will have to upvote the feature and put a heart in this comment xD |
kkkkkkkkkkkkkkkkkkkkkk, you are the best, @shargon and @igormcoelho. aheuahueahuea |
Maybe you @igormcoelho do the things in a safe way, and use well this OpCode, but this not means that the opCode is safe, you can use a knife for eat meat or for kill people, but give the knife to the people, and maybe someone will be murdered 🔪 |
The question is: is needed? |
I talk about the eval opcode, neo and gas will be a nep5 i think that this is fine, but we don't need the eval opcode for this, right? |
Well, for me its the only way I think @shargon, otherwise we will lose passwordlock, timelock and other elaborate account types. The default nep5 doesnt even support multisig... we need to fix that too. [edit] I was wrong, this is not needed for nep5, please ignore this comment :) |
The default nep5 can support every account types without |
ok @erikzhang , if you say that, I believe :) Anyway, I still think that's useful for giving more power to smart contracts, when I'm able to code that we can discuss if it's worth going on or not. |
@erikzhang, how is the evolution of the idea surrounding the 2 - Recently, we also saw an application that provides the possibility of Quantum Security, in the sense that each Account can choose its desired encryption. Should we proceed with a draft of this new Operation? |
You are right Erik (and @localhuman), NEP-5 can support every possible account type, I took some time to fully understand that. It's such an amazing design, I learn new things every day. Still, this feature is very important for metaprogramming, for games and other mutable rules based contracts. It can be implemented safely,but I prefer to implement safe invocations on NeoVM first , that will help |
If we implement OP_EVAL, I am afraid that the contract to use it in the future will start to worry about endless injection vulnerabilities. |
I am afraid as well but I trust you, @igormcoelho, @shargon, a little bit on me, etc... I believe we can do some encapsulation for isolating it in safe manner, even if we need a dedicated Application Layer for it. |
Is very hard to control what code do you want to |
Nothing is impossible. |
@jsolman , just to clarify this point by point, to leave no misunderstandings here since I'm a huge defender of Neo economic model and I would never propose something do could do harm to it :)
No, it's not a problem. Let's suppose OP_EVAL is fully unconstrained and has zero gas cost, only operations cost (note that we haven't talked about its pricing before on this discussion. we could possibly add expensive GAS cost to OP_EVAL execution, what breaks this argumentation, but let's suppose it's zero). This was the first scenario I considered months ago, which is not good for Neo for two reasons: (1) it's unsafe and possibly lead to many problems; (2) as argued, may give the possibility of someone re-deploying a contract "for free". Ok, number (1) won't happen because we will limit it strongly, so let's talk about (2). If unconstrained OP_EVAL is allowed + storage, someone could indeed code a program which just reads code from storage and executes it, however, keep in mind that possibly zero applications on blockchain could take advantage of that, because it basically says that your software may change constantly (a constant migration) which makes no sense from the "trust" point of view of dApps. Even Migrations are undesired, or unnacceptable, when you design a trustless application. Would you buy a token which is written over an OP_EVAL in a storage? I would never :) On the other hand, OP_EVAL is clearly an interesting feature, as it has been proposed to Bitcoin in its early days... and it was denied. I took some time to understand why, and the reason is that Bitcoin adopted a similar verification scheme that we have on Neo, which is basically an OP_EVAL that returns a boolean. So, we have OP_EVAL already on Neo, and it costs zero (having no storage access, but allowing interop, which is more than I want). The small difference from Verification Scripts to what we want here, is simply the capability to return other values than Bool, and process these values inside an Application (or even Verification). I liked a lot the term "lightweight dynamic invoke" that Erik used, so we could say it's an "interop/call-free lightweight dynamic invoke". Anyway, metaprogramming makes a lot of sense for Neo, much more than Bitcoin (that already has its Turing-incomplete verifications with no storage), and even Ethereum (that has Turing-complete computations with storage, but are bound to Solidity language). On Neo, we can have a beautiful and safe metaprogramming working, on C#, Python, which is very unique. This discussion is quite fruitful, and although we need this feature soon, we will wait to propose an implementation only when community is positive regarding its adoption, or perhaps do not implement it at all, if it's deemed harmful or unnecessary. |
Great description, broda. After a first template Pull Request we gonna be able to discuss further those minor details about safety. |
My two cents:
|
@shargon my guess here is to allow safe execution inside a Turing-incomplete environment: neo-project/neo-vm#151 |
😕 |
Let me close this! Please, I hate this issue! 😂 |
@lock9, this is high priority to us, we are going to do this anyway. |
@shargon, regarding your last comment.
I think that after limiting the Verification (or defining its scope for NEO3) we are going to be able to design the limit encapsulation for this call. |
@jsolman, regarding your last comment, I think that the economic model should be more focus on operations than in the deploy itself, thus, the scope of the |
@vncoelho I don't know anymore brother hahahah I've seen so many complaints everywhere regarding |
How to eval a simple Travelling Salesman Problem regarding two different objective functions?
Maybe as a |
This "EVAL" thing is like non-typed programming languages: they look a good idea at first, but they are not, and sooner than later, you will pay for this bad decision 😂 |
I think that we can close this, many of us are disagree with eval opcode :P , at least i will remove it from the neo3 milestone |
I think that remove from Milestone is plausible, @shargon. |
I finally agree with you, this is a bad idea. |
Vitor, as long as deploy is very cheap without storage, problem is solved for us. Theres no reason for expensive deploys, lets fix that. |
How to implement lambda? |
@igormcoelho could you help to answer Erik? I have no idea |
I think we should compile lambda module as a regular function, and pass its address to function. |
I think that neo-project/neo-vm#190 may be a much better (and beautiful) solution ;) |
Dear all, I've been thinking that a very useful operation would be to have the ability of executing a given list of opcodes directly (inside a smart contract). It would be quite similar to the current
APPCALL
, but instead of calling a hash or interop string, it would be a bytearray of operations. I imagine there must be reasons for not having it now (like preventing the creation of very generic deployed contracts, or security issues when more than one value is returned on stack), but we can discuss what are the issues and possible fixes, possibilities for this operation cost (it could be expensive to disencourage random uses), so let me present the huge advantages :)(1) After seeing the new vision for NEO 3.0, perhaps without UTXO and only NEP-5 assets, I imagine it would be very useful to have "NEP-5 addresses" that perform different types of ownership verification. For example, multisig addresses, time-lock addresses, all of them could possibly be recorded in this "new" NEP-5 as raw contracts, and the verification of withdraw could be directly performed by directly invoking this new
OPCODE_EXECUTE [operation_list]
(pretty much what we have already for UTXO assets)[edit] this is not needed for nep5, only for advanced metaprogramming.
(2) It would natively support pretty much of we have right now, and give much more amazing use cases for NEO... it's like supporting anonimous lambda functions, just imagine that :)
=========
Current proposal is to implement it directly on NeoVM. InteropCalls will be blocked, also method Calls, Dynamic Invoke, or recursive Op_eval. It will be nearly Turing-incomplete (besides the JUMP that will still be allowed).
The text was updated successfully, but these errors were encountered: