Refactor fungible assets

[movekevin]

See commits for the full list of changes.

Remaining work:

1. Add more unit test coverage for fungible_asset and managed_fungible_asset
2. Switch to OptionalAggregator for supply + balance
3. (Considering) Rename FungibleAssetMetadata => something else
4. (Considering) Remove generics in view and entry functions

[davidiw]

Shouldn't seed just be the typeinfo maybe bcs serialized? I don't understand why we want a seed here.

alternatively... could we make an object witness such that I could do the following:

create_deterministic_object(user: &signer, ref: &Witness): ConstructorRef

where Witness is a ref that can be accessed either via ConstructorRef or ExtendRef...

Then an object implementation can expose a function like:
fun generate_account_object(account: &signer): Object<T>

which would create a fully useful object of say a fungible asset

[lightmark]

Seed is used to create a separate but deterministic wallet address for each fungible asset metadata object.

[movekevin]

Yep, an object implementation such as fungible assets might still want to create multiple objects with the same address formula (i.e. type T). In a way, type T allows namespacing objects by module/type.

[davidiw]

I don't think this is particularly needed. We should already be able to create arbitrary objects using the guid or named pattern. The disadvantage of having this is is it effectively becomes a new named variant.

If someone passes in a seed, it will be untrackable without tracking all possible seeds. At which point it doesn't seem different than what we started with... requiring off-chain or on-chain coordination to determine which of possibly any object is the one we're looking for.

[movekevin]

Switched over to using a DeriveRef to generate deterministic object addresses of this form:

hash(owner addr | address of object to derive from | 0xFC) where 0xFC is a new domain separator in object.move

[lightmark]

@gerben-stavenga would add reference support soon.

[davidiw]

oh that would be nice

[lightmark]

I thought we chatted in slack about replacing T with FungibleAssetMetadata

[movekevin]

Yeah but it's still controversial as there can be some improvements we can later on in the adapter layer that might make this reasonable. Let's discuss more in a wider setting

[davidiw]

Ahh... so this is still up for discussion.

considering that we are doing a copy on all these functions anyway (we're passing in the value), it might not be the end of the world to expect that this is coerced to the appropriate type. Perhaps this also creates the opportunity for someone to validate it is of a given type before coercing. Let them have their own error handling if they want it.

Note, we will still need to re-validate exists<T>(object_address(obj)) since an Object<T> just implies it existed at some point.

[movekevin]

Yeah this warrants a deeper discussion on whether the experience can be improved regarding using entry + view functions with Object if it's not clear by the callers what T should be. One example is the explorer's view UI where users can call the view functions of modules.

[davidiw]

I wonder if we can have a default placeholder for Object if called by a view or entry function... i.e., ObjectCore

[movekevin]

Yeah I was thinking exactly this too. We need to think about this a bit more about how to do this though

[lightmark]

I see similar things in current coin.move. But I don't understand the potential use case. Can you share an example in comment?

[movekevin]

In the past, this is really useful because Coin is storable. zero() would allow people to initialize their module's key resources with empty state. It's less useful now that Coin is no longer storable, but it can make the following programming pattern easier:

let all_payments = fungible_asset::zero();
collect_payment_1(&mut all_payments, ...);
collect_payment_2(&mut all_payments, ...);
collect_payment_3(&mut all_payments, ...);

What do you think?

[lightmark]

Then I would prefer a merge_all function in my old PR that takes a vector of fa and merge into 1 using vector::fold. We should make the invariance that zero fa will never be produced to simplify our model

[movekevin]

I removed zero(). You can add merge_all in a follow up PR :)

[davidiw]

this kludges together a primary wallet from an arbitrary wallet... could we please move the primary wallet outside of this context?

it'd be great to have a withdraw that extracts from a signer and another that expects a signer and an object pointer. Similarly a deposit that points to a user's address and another that points to an object.

[davidiw]

I don't think this is particularly needed. We should already be able to create arbitrary objects using the guid or named pattern. The disadvantage of having this is is it effectively becomes a new named variant.

If someone passes in a seed, it will be untrackable without tracking all possible seeds. At which point it doesn't seem different than what we started with... requiring off-chain or on-chain coordination to determine which of possibly any object is the one we're looking for.

[davidiw]

I don't think we need this, the event is emitted from the associated object that can then be used to look up the metadata object. We should only add this if we don't want a layer of indirection.

[movekevin]

Yes that's what I was thinking - saving one layer of indirection. It can make the indexing flow a lot simpler. Will check with @bowenyang007 later on this

[davidiw]

let's clean this up and challenge Bowen.

[movekevin]

Sure. I'll talk to Bowen later

[davidiw]

Ahh... so this is still up for discussion.

considering that we are doing a copy on all these functions anyway (we're passing in the value), it might not be the end of the world to expect that this is coerced to the appropriate type. Perhaps this also creates the opportunity for someone to validate it is of a given type before coercing. Let them have their own error handling if they want it.

Note, we will still need to re-validate exists<T>(object_address(obj)) since an Object<T> just implies it existed at some point.

[davidiw]

why do you need the ref and the address?

[movekevin]

The ref points to the metadata obj while address is the account where the asset is withdrawn from. Address has now been updated to wallet reference (Object)

[lightmark]

but withdraw_with_ref doesn't check. why not put the check here instead?

[movekevin]

this kludges together a primary wallet from an arbitrary wallet... could we please move the primary wallet outside of this context?

it'd be great to have a withdraw that extracts from a signer and another that expects a signer and an object pointer. Similarly a deposit that points to a user's address and another that points to an object.

I've updated the implementation to do exactly this - primary wallet operations are done via primary_wallet module (name's up for negotiation) while the operations in fungible_wallet deal with wallets (Object) directly

[lightmark]

why this is T?

[movekevin]

Same as an earlier comment - I'm just keeping all functions that take Object references consistent and make them generic

[lightmark]

really need a centralized place for those domain separators.

[movekevin]

Where else would they be outside of object?

[lightmark]

resource acct scheme

[movekevin]

Since constants are not public currently. We'll need to provide getter functions which is kinda annoying though

[lightmark]

maybe rename as DeriveRefPod. Support as a resource looks weird.

[movekevin]

Peas in a pod? Let's rename things all in one go in a followup PR

[github-actions]

✅ Forge suite land_blocking success on dc9d6ab41dc743dc356282bb373f1cb1cc3f7bce

performance benchmark with full nodes : 5904 TPS, 6726 ms latency, 10600 ms p99 latency,(!) expired 840 out of 2521920 txns
Test Ok

• Grafana dashboard
• Humio Logs
• Pyroscope Profiling
• Test runner output
• Test run is land-blocking

[github-actions]

✅ Forge suite compat success on testnet_2d8b1b57553d869190f61df1aaf7f31a8fc19a7b ==> dc9d6ab41dc743dc356282bb373f1cb1cc3f7bce

Compatibility test results for testnet_2d8b1b57553d869190f61df1aaf7f31a8fc19a7b ==> dc9d6ab41dc743dc356282bb373f1cb1cc3f7bce (PR)
1. Check liveness of validators at old version: testnet_2d8b1b57553d869190f61df1aaf7f31a8fc19a7b
compatibility::simple-validator-upgrade::liveness-check : 7593 TPS, 5032 ms latency, 7300 ms p99 latency,no expired txns
2. Upgrading first Validator to new version: dc9d6ab41dc743dc356282bb373f1cb1cc3f7bce
compatibility::simple-validator-upgrade::single-validator-upgrade : 4224 TPS, 9814 ms latency, 12600 ms p99 latency,no expired txns
3. Upgrading rest of first batch to new version: dc9d6ab41dc743dc356282bb373f1cb1cc3f7bce
compatibility::simple-validator-upgrade::half-validator-upgrade : 4440 TPS, 8961 ms latency, 11500 ms p99 latency,no expired txns
4. upgrading second batch to new version: dc9d6ab41dc743dc356282bb373f1cb1cc3f7bce
compatibility::simple-validator-upgrade::rest-validator-upgrade : 6799 TPS, 5793 ms latency, 10400 ms p99 latency,no expired txns
5. check swarm health
Compatibility test for testnet_2d8b1b57553d869190f61df1aaf7f31a8fc19a7b ==> dc9d6ab41dc743dc356282bb373f1cb1cc3f7bce passed
Test Ok

• Grafana dashboard
• Humio Logs
• Pyroscope Profiling
• Test runner output
• Test run is land-blocking

[github-actions]

✅ Forge suite framework_upgrade success on aptos-node-v1.3.0_3fc3d42b6cfe27460004f9a0326451bcda840a60 ==> dc9d6ab41dc743dc356282bb373f1cb1cc3f7bce

Compatibility test results for aptos-node-v1.3.0_3fc3d42b6cfe27460004f9a0326451bcda840a60 ==> dc9d6ab41dc743dc356282bb373f1cb1cc3f7bce (PR)
Upgrade the nodes to version: dc9d6ab41dc743dc356282bb373f1cb1cc3f7bce
framework_upgrade::framework-upgrade::full-framework-upgrade : 6520 TPS, 5928 ms latency, 8600 ms p99 latency,no expired txns
5. check swarm health
Compatibility test for aptos-node-v1.3.0_3fc3d42b6cfe27460004f9a0326451bcda840a60 ==> dc9d6ab41dc743dc356282bb373f1cb1cc3f7bce passed
Test Ok

• Grafana dashboard
• Humio Logs
• Pyroscope Profiling
• Test runner output
• Test run is land-blocking

[davidiw]

need some move-e2e-tests and maybe some api tests
missing tests for "primary wallet"
naming is hard

[davidiw]

I thought the plan was the have another method that would wrap FungibleAssetMetadata?

[movekevin]

What do you mean?

[davidiw]

It seems what you'd really want is to use this to create the FungibleAssetMetadata

[movekevin]

Huh? So move FungibleAssetMetadata to this module?

[davidiw]

the lack of test cases...

[movekevin]

Yeah @lightmark will work on those

[davidiw]

should this be user derived?

[movekevin]

It's derived from the user addr + object addr. Do you mean something else?

[davidiw]

create_user_derived_object

[lightmark]

I'd make this friend only for now.

[lightmark]

@davidiw , do we want users to call this to generate un-deletable objects?

[davidiw]

They can't be deleted

[davidiw]

gah, please don't enable auto-merge in the future.