Refactor metadata validation

[iamyulong]

Summary

Refactor metadata validation, particularly checking length before validating URLs.

[github-actions]

Docker tags
docker.io/radixdlt/private-scrypto-builder:65eb26454d

[github-actions]

Benchmark for 65eb264

Click to view benchmark

Test	Base	PR	%
costing::bench_prepare_wasm	44.3±0.29ms	45.0±0.09ms	+1.58%
costing::decode_encoded_i8_array_to_manifest_raw_value	19.3±0.02ms	19.3±0.01ms	0.00%
costing::decode_encoded_i8_array_to_manifest_value	41.6±0.15ms	41.6±0.28ms	0.00%
costing::decode_encoded_tuple_array_to_manifest_raw_value	70.3±0.04ms	73.5±0.06ms	+4.55%
costing::decode_encoded_tuple_array_to_manifest_value	101.7±0.21ms	98.6±0.33ms	-3.05%
costing::decode_encoded_u8_array_to_manifest_raw_value	32.0±0.09µs	32.0±0.12µs	0.00%
costing::decode_encoded_u8_array_to_manifest_value	41.6±0.06ms	41.6±0.23ms	0.00%
costing::decode_rpd_to_manifest_raw_value	14.5±0.02µs	14.9±0.02µs	+2.76%
costing::decode_rpd_to_manifest_value	11.0±0.01µs	10.8±0.02µs	-1.82%
costing::deserialize_wasm	1209.1±4.65µs	1210.7±2.92µs	+0.13%
costing::execute_transaction_creating_big_vec_substates	694.6±6.82ms	696.8±8.00ms	+0.32%
costing::execute_transaction_reading_big_vec_substates	583.4±1.22ms	605.1±2.27ms	+3.72%
costing::instantiate_flash_loan	859.4±256.53µs	998.0±1293.74µs	+16.13%
costing::instantiate_radiswap	1002.9±1039.06µs	915.5±546.95µs	-8.71%
costing::spin_loop	17.9±0.04ms	18.2±0.05ms	+1.68%
costing::spin_loop_v2	2.6±0.00s	2.7±0.00s	+3.85%
costing::spin_loop_v3	630.3±11.62ms	617.7±2.90ms	-2.00%
costing::validate_sbor_payload	29.6±0.07µs	29.2±0.04µs	-1.35%
costing::validate_sbor_payload_bytes	252.2±2.61ns	241.5±0.59ns	-4.24%
costing::validate_secp256k1	76.6±0.05µs	76.6±0.08µs	0.00%
costing::validate_wasm	33.4±0.03ms	34.1±0.04ms	+2.10%
decimal::add/0	8.4±0.00ns	8.4±0.00ns	0.00%
decimal::add/rust-native	9.9±0.01ns	9.9±0.01ns	0.00%
decimal::add/wasmi	214.9±0.22ns	217.6±0.23ns	+1.26%
decimal::add/wasmi-call-native	2.1±0.01µs	2.1±0.00µs	0.00%
decimal::div/0	165.4±0.08ns	164.0±0.19ns	-0.85%
decimal::from_string/0	161.7±0.16ns	163.4±0.15ns	+1.05%
decimal::mul/0	127.1±0.07ns	125.9±0.11ns	-0.94%
decimal::mul/rust-native	121.3±0.09ns	122.8±0.18ns	+1.24%
decimal::mul/wasmi	11.5±0.13µs	11.1±0.14µs	-3.48%
decimal::mul/wasmi-call-native	2.2±0.00µs	2.2±0.01µs	0.00%
decimal::pow/0	579.1±0.02ns	574.3±0.41ns	-0.83%
decimal::pow/rust-native	576.3±0.30ns	573.5±0.36ns	-0.49%
decimal::pow/wasmi	57.3±0.05µs	57.2±0.80µs	-0.17%
decimal::pow/wasmi-call-native	3.2±0.01µs	3.2±0.00µs	0.00%
decimal::root/0	8.1±0.01µs	8.0±0.01µs	-1.23%
decimal::sub/0	8.2±0.00ns	8.2±0.00ns	0.00%
decimal::to_string/0	439.1±0.60ns	439.9±0.20ns	+0.18%
large_transaction_processing::prepare	2.5±0.00ms	2.5±0.00ms	0.00%
large_transaction_processing::prepare_and_decompile	6.2±0.04ms	6.1±0.02ms	-1.61%
large_transaction_processing::prepare_and_decompile_and_recompile	31.7±0.10ms	25.0±1.25ms	-21.14%
metadata_validation::validate_urls	4.8±0.02µs	N/A	N/A
precise_decimal::add/0	8.8±0.02ns	8.8±0.03ns	0.00%
precise_decimal::add/rust-native	10.8±0.08ns	11.1±0.54ns	+2.78%
precise_decimal::add/wasmi	276.1±0.87ns	274.9±0.65ns	-0.43%
precise_decimal::add/wasmi-call-native	2.8±0.00µs	2.8±0.00µs	0.00%
precise_decimal::div/0	279.3±0.61ns	278.8±0.29ns	-0.18%
precise_decimal::from_string/0	203.3±0.23ns	201.9±0.54ns	-0.69%
precise_decimal::mul/0	321.1±0.18ns	320.3±0.57ns	-0.25%
precise_decimal::mul/rust-native	276.3±0.42ns	294.8±1.79ns	+6.70%
precise_decimal::mul/wasmi	32.8±0.20µs	33.2±0.28µs	+1.22%
precise_decimal::mul/wasmi-call-native	3.1±0.00µs	3.2±0.01µs	+3.23%
precise_decimal::pow/0	1676.9±4.57ns	1672.8±3.72ns	-0.24%
precise_decimal::pow/rust-native	1316.1±1.18ns	1313.4±1.09ns	-0.21%
precise_decimal::pow/wasmi	163.7±1.55µs	162.4±0.60µs	-0.79%
precise_decimal::pow/wasmi-call-native	5.4±0.02µs	5.3±0.01µs	-1.85%
precise_decimal::root/0	56.3±0.05µs	57.5±0.07µs	+2.13%
precise_decimal::sub/0	8.9±0.00ns	9.0±0.11ns	+1.12%
precise_decimal::to_string/0	690.7±1.00ns	691.6±0.81ns	+0.13%
schema::validate_payload	379.4±0.40µs	381.1±0.36µs	+0.45%
transaction::radiswap	4.7±0.02ms	4.8±0.02ms	+2.13%
transaction::transfer	1817.6±3.30µs	1809.2±7.16µs	-0.46%
transaction_validation::validate_manifest	43.2±0.05µs	43.3±0.14µs	+0.23%
transaction_validation::verify_bls_2KB	1019.3±27.47µs	1002.0±10.54µs	-1.70%
transaction_validation::verify_bls_32B	1020.3±28.64µs	1061.2±26.10µs	+4.01%
transaction_validation::verify_ecdsa	74.5±0.05µs	74.6±0.03µs	+0.13%
transaction_validation::verify_ed25519	42.5±0.11µs	42.3±0.08µs	-0.47%

[dhedey]

Nice! A couple of questions I'd like discussing before merge, but looks good :)

[dhedey]

Is this commented-out code intended to be deleted? :)

[dhedey]

Ahh no it's explaining how the below was generated, my bad! All good.

Perhaps we could have a comment here briefly explaining that? But only if you feel like it, no worries, I was just being slow.

[iamyulong]

Will some add notes.

[dhedey]

MINOR: This is always, valid, right? So we should probably just unwrap() here - otherwise greedy allocation of a string might slow down the test a little.

[iamyulong]

Happy to unwrap.

[dhedey]

This will require temporarily using , regenerate to update the VersionedLocalTransactionExecution.

[iamyulong]

Will do.

[dhedey]

We can't remove these error variants as it breaks the error deserialization of historic receipts in the node (until we fix that to store historic schemas - which I really want to do one day soon ;))

Even if they're unused, we need to keep them for now I'm afraid.

[iamyulong]

You're right. Thought we had that error to string conversion already.

[dhedey]

We do have error to string conversion, but to save space, it happens on the API at response serving time; and uses the current RuntimeError. I'd like to store some historic schemas at each protocol update in the node so we can convert with these old schemas whilst still updating the errors.

[dhedey]

How confident are we that these refactors are 100% backwards-compatible across Cuttlefish in terms of protocol-visible changes? e.g. we're changing which errors we return (which I think is safe I think assuming we only error in the same cases). And e.g. we aren't making any sys-calls/billing in the middle, which seems safe?

I see we've replaced some encode unwraps with e.g. MetadataKeyValidationError::InvalidValue - I guess we don't actually assume this to be hit, and indeed if it unwrapped previously, it shouldn't introduce any issues?

[iamyulong]

How confident are we that these refactors are 100% backwards-compatible across Cuttlefish in terms of protocol-visible changes

I did check this thoroughly. As far I can tell, there is only error code difference which should not affect consensus, but would appreciate another pair of eyes.

I see we've replaced some encode unwraps with e.g. MetadataKeyValidationError::InvalidValue - I guess we don't actually assume this to be hit, and indeed if it unwrapped previously, it shouldn't introduce any issues?

This is right, considering MetadataInit often comes from an sbor-encoded inputs.

Keeping it in the validation logic so it's self-contained and no need to make assumption about sbor-able.

[dhedey]

Sounds great. And yes, I agree that I think it's safe, so I'm happy with this.

[dhedey]

Can we perhaps make it not pub?

Perhaps we should make it not pub and rename it to init_system_struct_from_pre_validated_data or something?

And then we can re-expose some higher-level pub method which validates and then inits?

[iamyulong]

Will make it non-public.