Specification of Dynamic views

Specification of Dynamic views

Summary

We propose read-only access from a contract to another. A Michelson instruction VIEW_EXEC is added.

Abstract

Currently, we can fetch data from another contract synchronously thanks to the onchain views feature provides since the update of the Hangzhou's protocol. This, however, benefits to no contract who was originated before it.

In this proposal, we propose to add a new view instruction, this view takes a lambda term of type s -> a as input, where s is the storage type of the target contract, and a is a value type derivable from s. By providing a proper lambda function, a contract could read anything from the target contract storage at will.

Specification

To this aim, an extend Michelson primitive is introduced: the VIEW_EXEC instruction.

The type of VIEW_EXEC is:

:: lambda 'storage_ty 'return : address : 'S -> option 'return : 'S

lambda 'storage_ty 'return: The lambda that we apply to the target contract's storage 'storage_ty to retreive a value 'return.
address: The target contract address. If a contract address containing an entrypoint address%entrypoint, only the address part will be taken.
option 'return: The value retrieved from the target contract. Returns None if failed.

The semantics of VIEW_EXEC is:

> VIEW_EXEC / code: addr : S => Some v : S
    iff 
        code / s : []  =>  v : [] 
    where
        addr is the address of the target contract with storage s  
       
> VIEW_EXEC / _ : _ : S => None : S 
       otherwise

VIEW_EXEC will return None if:

Contract with address addr:
- is nonexistent.
- the storage type does not match the argument type of the lambda ('storage_ty).
Lambda function:
- code results in runtime failure

Example

Suppose we have a contract that looks like below:

# contract_a
parameter unit ;
storage int ; # int 2
code { CDR;
       NIL operation;
       PAIR
}

Suppose we want to write contract_b that fetches the int in the storage of contract_a and increment it.

Using the new VIEW_EXEC instruction, we can write:

# contract_b
parameter address ;
storage int ;
code { 
      CAR; # address
      LAMBDA int int { PUSH int 1; ADD } ;
      VIEW_EXEC ; # result: Some (int 3)
      ASSERT_SOME ;
      NIL operation ;
      PAIR ;
     }

Properties

VIEW_EXEC has the same properties as VIEW, namely they are:

read-only: they may depend on the storage of the contract but cannot modify it nor emit operations,
synchronous: the result is immediately available on the stack of the contract

UnlikeVIEW,VIEW_EXEC has:

no name,
no input and output arguments,
lambda function in a stack. In lambda output (type 'return), the following types are forbidden: ticket, operation, big_map and sapling_state.
~~- current proposal does not accept recursively calling a lambda (for simplicity, light computation for node via RPC, gas cost, etc.).~~

Alternative approach

The specification and test suits of this approach can be found at: specification of VIEW_APPLY

Test cases

The details of tests can be found at this: IV. Test suits for VIEW_EXEC.

Implementations

Appendix

Lin Oshitani

2022/09/21 15:35:38

I would suggest replacing this with a more concrete project goal since people might not have context about previous proposals or what "universal view instruction" means. Something like "enable contracts to fetch necessary information from other contracts without relying on their on-chain views" (you would probably have a better idea of how to phrase it :)). (Edited)

2022/09/26 01:02:41

that looks like below: ``` # con

Nit: It's irrelevant. We should avoid to say this. It might give an impression that new view works only on contract without onchian views. (Edited)

2022/09/26 01:05:30

need? (Edited)

2022/09/26 01:50:24

### E

there are also some Michelson instruction should be forbidden in such lambda (Edited)

Kim Quyen Ly

2022/09/26 02:17:02

Do you mean about the : SELF, TRANSFER_TOKENS, CREATE_CONTRACT, SET_DELEGATE?

2022/09/26 02:52:06

yep. since we disallow OPERATION to be returned (Edited)

2022/09/26 04:13:44

Do we want to mentioned it here? because if `operation` stand for those instruction returns? (Edited)

2022/09/26 04:14:07

I include those instructions in tests. (Edited)

2022/09/27 06:42:36

### Examp

why it is forbidden? (Edited)

Tom Jack

2022/10/03 07:12:57

ght computation for node via RPC, gas cost, etc.).

These reasons don't seem to make sense. There will be arbitrary code in the lambda anyway. We cannot ensure termination. If the implementation for Lambda_rec is difficult -- one would hope it is not -- then that can be a good reason to forbid it. But it's preferable to support Lambda_rec if possible. (Edited)

2022/10/03 07:27:05

To be clear, support for Lambda_rec does not seem very important. A user writing Michelson directly is very unlikely to actually have a _reason_ to use a recursive lambda here. But it is good to avoid special case runtime failures when possible. Lambda_rec has type lambda and so one expects it to work in all the places a lambda is allowed. (Edited)

2022/10/03 07:27:20

Hypothetical example: until very recently, _every_ function in JSLigo was compiled as a recursive lambda, and _would_ have been translated to LAMBDA_REC -- if we had implemented support for it. (Edited)

Specification of Dynamic views

Summary

Abstract

Specification

Example

Properties

Alternative approach

Test cases

Implementations

Appendix

Read more

Run a DAC infra on Kubernetes

Onboarding DAC

Alcotezt

Marigold Proto Dev