Merge branch 'master' into koz/secp256k1

.github/workflows/benchmark.yml

@@ -18,7 +18,8 @@ jobs:
        #
        # Check for '/benchmark' comments on a PR
        #
-      - uses: khan/pull-request-comment-trigger@master
+       # Pinning a particular commit to avoid https://github.com/Khan/pull-request-comment-trigger/issues/22
+      - uses: khan/pull-request-comment-trigger@edab8d9ba7759221187ef7120592a6fbfada0d18
         id: find-comment
         with:
           trigger: '/benchmark'

CONTRIBUTING.adoc

@@ -42,11 +42,9 @@ From here you can build the project packages directly with `cabal`.
 
 NOTE: You may need to run `cabal update` so that `cabal` knows about the index state xref:update-index-state[we have pinned].
 
-For `stack`, you may want to use the Nix integration and point it at `shell.nix`, which will make sure you at least get the right GHC.
-
 [WARNING]
 ====
-You can also use `cabal` and `stack` outside the `nix-shell` environment to build the project.
+You can also use `cabal` outside the `nix-shell` environment to build the project.
 _However_ there are two caveats:
 
 * You may get different versions of packages.
@@ -136,19 +134,17 @@ You need to do a few things when adding a new package, in the following order:
 
 . Add the cabal file for the new package.
 . Add the package to link:cabal.project[`cabal.project`].
-. Add the package to link:stack.yaml[`stack.yaml`].
 . Update the xref:update-generated[package set].
 . Update the `xref:update-hie[hie-*.yaml` files].
 . Check that you can run `nix build -f default.nix plutus.haskell.projectPackages.<package name>` successfully.
 
 [[update-haskell-pins]]
 === How to update our pinned Haskell dependencies
 
-We have pinned versions of some Haskell packages specified via the usual `source-repository-package` (Cabal) and `extra-dep` (Stack) mechanisms.
+We have pinned versions of some Haskell packages specified via the usual `source-repository-package` (Cabal) mechanism.
 
 These can be managed normally, but ensure that:
 
-* The specifications remain in sync between `cabal.project` and `stack.yaml`.
 * You update the xref:update-generated[package set].
 * If it is an `source-repository-package`/`extra-dep` from Git, you update the `sha256` mapping in `nix/haskell.nix`.
 For the moment you have to do this by hand, using the following command to get the sha: `nix-prefetch-git --quiet <repo-url> <rev> | jq .sha256`, or by just getting it wrong and trying to build it, in which case Nix will give you the right value.

README.adoc

@@ -152,7 +152,6 @@ You can build some of the Haskell packages without Nix, but this is not recommen
 If you use Nix, these tools are provided for you via `shell.nix`, and you do *not* need to install them yourself.
 
 * If you want to build our Haskell packages with https://www.haskell.org/cabal/[`cabal`], then install it.
-* If you want to build our Haskell packages with https://haskellstack.org/[`stack`], then install it.
 * If you want to build our Agda code, then install https://github.com/agda/agda[Agda] and the https://github.com/agda/agda-stdlib[standard library].
 
 [[building-with-nix]]

default.nix

@@ -14,7 +14,6 @@
     pkgs = import sources.nixpkgs { inherit system; };
     sourcesOverride = {
       hackage = sources.hackage-nix;
-      stackage = sources.stackage-nix;
     };
   }
 , packages ? import ./nix { inherit system sources crossSystem config sourcesOverride haskellNix checkMaterialization enableHaskellProfiling; }

doc/reference/builtin-parameters.csv

@@ -116,10 +116,10 @@ remainderInteger,remainderInteger-cpu-arguments-model-arguments-slope,Linear mod
 remainderInteger,remainderInteger-memory-arguments-intercept,Linear model intercept for the memory calculation (argument sizes on or below diagonal)
 remainderInteger,remainderInteger-memory-arguments-minimum,Constant memory cost (argument sizes above diagonal)
 remainderInteger,remainderInteger-memory-arguments-slope,Linear model coefficient for the memory calculation (argument sizes on or below diagonal)
-serialiseData,serialiseData-cpu-arguments-intercept,TODO
-serialiseData,serialiseData-cpu-arguments-slope,TODO
-serialiseData,serialiseData-memory-arguments-intercept,TODO
-serialiseData,serialiseData-memory-arguments-slope,TODO
+serialiseData,serialiseData-cpu-arguments-intercept,Linear model intercept for the CPU calculation
+serialiseData,serialiseData-cpu-arguments-slope,Linear model coefficient for the CPU calculation
+serialiseData,serialiseData-memory-arguments-intercept,Linear model intercept for the memory calculation
+serialiseData,serialiseData-memory-arguments-slope,Linear model coefficient for the memory calculation
 sha2_256,sha2_256-cpu-arguments-intercept,Linear model intercept for the CPU calculation
 sha2_256,sha2_256-cpu-arguments-slope,Linear model coefficient for the CPU calculation
 sha2_256,sha2_256-memory-arguments,Constant memory cost

doc/reference/common-weaknesses/hard-limits.rst

@@ -0,0 +1,72 @@
+Hard limits
+===========
+
+Many resources on Cardano are limited in some fashion. At a high level, limits can be enforced in two ways:
+
+- *Hard limits*: these are limits which cannot be breached. Typically, these are implemented with specific thresholds, where exceeding the threshold causes a hard failure.
+- *Soft limits*: these are limits which *can* be breached, but where there is a significant disincentive to do so. One way of implementing a soft limit is to have sharply increasing costs to using the resource beyond the soft limit.
+
+Hard limits are clear, easy to specify, and provide hard guarantees for the protocol, but they have the disadvantage that there is no way to evade the limit.
+This means that there is a discontinuity at the limit: beforehand you can always do more by paying more, but after the limit there is nothing you can do.
+
+Currently, these resources on Cardano have hard limits:
+
+- Transaction size
+- Block size
+- UTXO size
+- Script execution units
+
+If an application *requires* a transaction that exceeds one of these limits, then the application will be stuck unless the limit is increased or removed.
+This is most common when scripts are involved, since a script can require a very particular shape of transaction, regardless of whether this exceeds limits.
+
+Examples:
+
+- A script requires providing a datum which is extremely large and exceeds the transaction size limit.
+- A script which locks an output needs more execution units than the limit.
+- A script requires creating a single output containing a very large amount of tokens, which exceeds the output size limit.
+
+Risks
+~~~~~
+
+This is typically an issue for applications that work with user-supplied data, or data that can grow in an unbounded way over time.
+This can result in data which itself becomes large, or which requires a large amount of resources to process.
+
+For example:
+
+- Managing an arbitrary collection of assets (unbounded over time).
+- Allowing user-specified payloads in datums (user-supplied unbounded data).
+
+Script size should not itself be a risk (since scripts and their sizes should generally be known ahead of time), but large scripts can reduce the amount of space available for other uses, heightening the risk of hitting a limit.
+
+Solutions
+~~~~~~~~~
+
+In the long run, hard limits may be increased, removed, or turned into soft limits.
+
+In the mean time, there are some approaches that developers can use to reduce the risk.
+
+Careful testing
+---------------
+
+It is important to test as many of the execution paths of your application as possible.
+This is important for correctness, but also to ensure that there are not unexpected cases where script resource usage spikes.
+
+Bounding data usage
+-------------------
+
+Carefully consider whether your application may rely on unbounded data, and try to avoid that.
+For example, if your application needs to manage a large quantity of assets, try to split them across multiple UTXOs instead of relying on a single UTXO to hold them all.
+
+Providing datums when creating outputs
+--------------------------------------
+
+Datum size issues are most likely to be discovered when an output is spent, because the datum is provided only as a hash on the output.
+Insisting that the datum is provided in the transaction that creates the output can reveal that it is too big earlier in the process, allowing another path to be taken.
+Depending on the application, this may still prevent it from progressing, if there is only one way to move forwards.
+
+If `CIP-32 <https://cips.cardano.org/cips/cip32/>`_ is implemented, this can be done conveniently by using inline datums, although that also risks hitting the output size limit.
+
+Reducing script size costs through reference inputs
+---------------------------------------------------
+
+If `CIP-33 <https://cips.cardano.org/cips/cip33/>`_ is implemented, then the contribution of scripts to transaction size can be massively reduced by using a reference script instead of including the entire script.

doc/reference/common-weaknesses/index.rst

@@ -9,3 +9,4 @@ This section provides a listing of common *weaknesses* in Plutus applications.
    :titlesonly:
 
    double-satisfaction
+   hard-limits

flake.nix

@@ -45,10 +45,6 @@
       url = "github:michaelpj/sphinxcontrib-haddock";
       flake = false;
     };
-    stackage-nix = {
-      url = "github:input-output-hk/stackage.nix";
-      flake = false;
-    };
   };
 
   outputs = _: { };

nix/pkgs/haskell/haskell.nix

@@ -73,7 +73,7 @@ let
           plutus-metatheory.package.buildable = false;
           # These need R
           plutus-core.components.benchmarks.cost-model-test.buildable = lib.mkForce false;
-          plutus-core.components.benchmarks.update-cost-model.buildable = lib.mkForce false;
+          plutus-core.components.exes.generate-cost-model.buildable = lib.mkForce false;
         };
       })
       ({ pkgs, ... }:
@@ -173,7 +173,7 @@ let
       })
     ] ++ lib.optional enableHaskellProfiling {
       enableLibraryProfiling = true;
-      enableExecutableProfiling = true;
+      enableProfiling = true;
     };
   });