Disallow self.* calls to public functions

docs/installing-vyper.rst

@@ -156,7 +156,7 @@ Additionally, you may try to compile an example contract by running:
     vyper examples/crowdfund.vy
 
 If everything works correctly, you are now able to compile your own smart contracts written in Vyper.
-If any unexpected errors or exceptions are encountered, please feel free create an issue <https://github.com/ethereum/vyper/issues/new>.
+If any unexpected errors or exceptions are encountered, please feel free to `create an issue <https://github.com/ethereum/vyper/issues/new>`_.
 
 .. note::
     If you get the error `fatal error: openssl/aes.h: No such file or directory` in the output of `make`, then run `sudo apt-get install libssl-dev1`, then run `make` again.

docs/structure-of-a-contract.rst

@@ -36,27 +36,52 @@ Functions are the executable units of code within a contract.
     // ...
 
 Function calls can happen internally or externally and have different levels of visibility (see
-:ref:`structure-decorators`) towards other contracts. Functions must be decorated with either
-@public or @private.
+:ref:`structure-decorators`) towards other contracts. Functions must be explicitely declared as public or private.
+
+Public Functions
+----------------
+
+Public functions (decorated with ``@public``) are a part of the contract interface and may be called via transactions or from other contracts. They cannot be called internally.
+
+Public functions in Vyper are equivalent to external functions in Solidity.
+
+Private Functions
+-----------------
+
+Private functions (decorated with ``@private``) are only accessible from other functions within the same contract. They are called via the ``self`` variable:
+
+::
+
+    @private
+    def _times_two(amount: uint256) -> uint256:
+        return amount * 2
+
+    @public
+    def calculate(amount: uint256) -> uint256:
+        return self._times_two(amount)
+
+Private functions do not have access to ``msg.sender`` or ``msg.value``. If you require these values within a private function they must be passed as parameters.
 
 .. _structure-decorators:
 
 Decorators
 ----------
 
-============================= ===========================================
-Decorator                     Description
-============================= ===========================================
-`@public`                     Can be called from external contracts.
-`@private`                    Can only be called within current contract.
-`@constant`                   Does not alter contract state.
-`@payable`                    The contract is open to receive Ether.
-`@nonreentrant(<unique_key>)` Function can only be called once,
-                              both externally and internally. Used to
-                              prevent reentrancy attacks.
-============================= ===========================================
-
-The visibility decorators `@public` or `@private` are mandatory on function declarations, whilst the other decorators(@constant, @payable, @nonreentrant) are optional.
+The following decorators are available:
+
+=============================== ===========================================
+Decorator                       Description
+=============================== ===========================================
+``@public``                     Can only be called externally.
+``@private``                    Can only be called within current contract.
+``@constant``                   Does not alter contract state.
+``@payable``                    The contract is open to receive Ether.
+``@nonreentrant(<unique_key>)`` Function can only be called once,
+                                both externally and internally. Used to
+                                prevent reentrancy attacks.
+=============================== ===========================================
+
+The visibility decorators ``@public`` or ``@private`` are mandatory on function declarations, whilst the other decorators(``@constant``, ``@payable``, ``@nonreentrant``) are optional.
 
 Default function
 ----------------

docs/testing-contracts.rst

@@ -26,7 +26,7 @@ Vyper Contract and Basic Fixtures
 This is the base requirement to load a vyper contract and start testing. The last two fixtures are optional and will be
 discussed later. The rest of this chapter assumes, that you have this code set up in your ``conftest.py`` file.
 Alternatively, you can import the fixtures to ``conftest.py`` or use
-`pytest_plugins <https://docs.pytest.org/en/latest/plugins.html>`_.
+`pytest plugins <https://docs.pytest.org/en/latest/plugins.html>`_.
 
 Load Contract and Basic Tests
 =============================

docs/vyper-by-example.rst

@@ -80,10 +80,8 @@ contract, we are provided with a built-in variable ``msg`` and we can access
 the public address of any method caller with ``msg.sender``. Similarly, the
 amount of ether a user sends can be accessed by calling ``msg.value``.
 
-.. warning:: ``msg.sender`` will change between internal function calls so that
-  if you're calling a function from the outside, it's correct for the first
-  function call. But then, for the function calls after, ``msg.sender`` will
-  reference the contract itself as opposed to the sender of the transaction.
+.. note:: ``msg.sender`` and ``msg.value`` can only be accessed from public
+  functions. If you require these values within a private function they must be passed as parameters.
 
 Here, we first check whether the current time is before the auction's end time
 using the ``assert`` function which takes any boolean statement. We also check
@@ -403,11 +401,9 @@ Let’s move onto the constructor.
   :language: python
   :pyobject: __init__
 
-.. warning:: Both ``msg.sender`` and ``msg.balance`` change between internal
-  function calls so that if you're calling a function from the outside, it's
-  correct for the first function call. But then, for the function calls after,
-  ``msg.sender`` and ``msg.balance`` reference the contract itself as opposed
-  to the sender of the transaction.
+.. note:: ``msg.sender`` and ``msg.value`` can only be accessed from public
+  functions. If you require these values within a private function they must be
+  passed as parameters.
 
 In the constructor, we hard-coded the contract to accept an
 array argument of exactly two proposal names of type ``bytes32`` for the contracts
@@ -427,6 +423,8 @@ Now that the initial setup is done, lets take a look at the functionality.
   :language: python
   :pyobject: giveRightToVote
 
+.. note:: Throughout this contract, we use a pattern where ``@public`` functions return data from ``@private`` functions that have the same name prepended with an underscore. This is because Vyper does not allow calls between public functions within the same contract. The private function handles the logic and allows internal access, while the public function acts as a getter to allow external viewing.
+
 We need a way to control who has the ability to vote. The method
 ``giveRightToVote()`` is a method callable by only the chairperson by taking
 a voter address and granting it the right to vote by incrementing the voter's

examples/stock/company.vy

@@ -44,7 +44,7 @@ def buyStock():
     buy_order: uint256(currency_value) = msg.value / self.price # rounds down
 
     # Check that there are enough shares to buy.
-    assert self.stockAvailable() >= buy_order
+    assert self.holdings[self.company] >= buy_order
 
     # Take the shares off the market and give them to the stockholder.
     self.holdings[self.company] -= buy_order
@@ -71,9 +71,9 @@ def sellStock(sell_order: uint256(currency_value)):
     assert sell_order > 0 # Otherwise, this would fail at send() below,
         # due to an OOG error (there would be zero value available for gas).
     # You can only sell as much stock as you own.
-    assert self.getHolding(msg.sender) >= sell_order
+    assert self.holdings[msg.sender] >= sell_order
     # Check that the company can pay you.
-    assert self.cash() >= (sell_order * self.price)
+    assert self.balance >= (sell_order * self.price)
 
     # Sell the stock, send the proceeds to the user
     # and put the stock back on the market.
@@ -90,7 +90,7 @@ def sellStock(sell_order: uint256(currency_value)):
 def transferStock(receiver: address, transfer_order: uint256(currency_value)):
     assert transfer_order > 0 # This is similar to sellStock above.
     # Similarly, you can only trade as much stock as you own.
-    assert self.getHolding(msg.sender) >= transfer_order
+    assert self.holdings[msg.sender] >= transfer_order
 
     # Debit the sender's stock and add to the receiver's address.
     self.holdings[msg.sender] -= transfer_order
@@ -105,24 +105,33 @@ def payBill(vendor: address, amount: wei_value):
     # Only the company can pay people.
     assert msg.sender == self.company
     # Also, it can pay only if there's enough to pay them with.
-    assert self.cash() >= amount
+    assert self.balance >= amount
 
     # Pay the bill!
     send(vendor, amount)
 
     # Log the payment event.
     log.Pay(vendor, amount)
 
+
 # Return the amount in wei that a company has raised in stock offerings.
+@private
+@constant
+def _debt() -> wei_value:
+    return (self.totalShares - self.holdings[self.company]) * self.price
+
+
+# Public function to call _debt
 @public
 @constant
 def debt() -> wei_value:
-    return (self.totalShares - self.holdings[self.company]) * self.price
+    return self._debt()
+
 
 # Return the cash holdings minus the debt of the company.
 # The share debt or liability only is included here,
 # but of course all other liabilities can be included.
 @public
 @constant
 def worth() -> wei_value:
-    return self.cash() - self.debt()
+    return self.balance - self._debt()

examples/voting/ballot.vy

@@ -25,16 +25,28 @@ chairperson: public(address)
 int128Proposals: public(int128)
 
 
+@private
+@constant
+def _delegated(addr: address) -> bool:
+    return self.voters[addr].delegate != ZERO_ADDRESS
+
+
 @public
 @constant
 def delegated(addr: address) -> bool:
-    return self.voters[addr].delegate != ZERO_ADDRESS
+    return self._delegated(addr)
+
+
+@private
+@constant
+def _directlyVoted(addr: address) -> bool:
+    return self.voters[addr].voted and (self.voters[addr].delegate == ZERO_ADDRESS)
 
 
 @public
 @constant
 def directlyVoted(addr: address) -> bool:
-    return self.voters[addr].voted and (self.voters[addr].delegate == ZERO_ADDRESS)
+    return self._directlyVoted(addr)
 
 
 # Setup global variables
@@ -62,16 +74,16 @@ def giveRightToVote(voter: address):
     self.voters[voter].weight = 1
     self.voterCount += 1
 
-# Used by `delegate` below, and can be called by anyone.
-@public
-def forwardWeight(delegate_with_weight_to_forward: address):
-    assert self.delegated(delegate_with_weight_to_forward)
+# Used by `delegate` below, callable externally via `forwardWeight`
+@private
+def _forwardWeight(delegate_with_weight_to_forward: address):
+    assert self._delegated(delegate_with_weight_to_forward)
     # Throw if there is nothing to do:
     assert self.voters[delegate_with_weight_to_forward].weight > 0
 
     target: address = self.voters[delegate_with_weight_to_forward].delegate
     for i in range(4):
-        if self.delegated(target):
+        if self._delegated(target):
             target = self.voters[target].delegate
             # The following effectively detects cycles of length <= 5,
             # in which the delegation is given back to the delegator.
@@ -92,13 +104,18 @@ def forwardWeight(delegate_with_weight_to_forward: address):
     self.voters[delegate_with_weight_to_forward].weight = 0
     self.voters[target].weight += weight_to_forward
 
-    if self.directlyVoted(target):
+    if self._directlyVoted(target):
         self.proposals[self.voters[target].vote].voteCount += weight_to_forward
         self.voters[target].weight = 0
 
     # To reiterate: if target is also a delegate, this function will need
     # to be called again, similarly to as above.
 
+# Public function to call _forwardWeight
+@public
+def forwardWeight(delegate_with_weight_to_forward: address):
+    self._forwardWeight(delegate_with_weight_to_forward)
+
 # Delegate your vote to the voter `to`.
 @public
 def delegate(to: address):
@@ -115,7 +132,7 @@ def delegate(to: address):
 
     # This call will throw if and only if this delegation would cause a loop
         # of length <= 5 that ends up delegating back to the delegator.
-    self.forwardWeight(msg.sender)
+    self._forwardWeight(msg.sender)
 
 # Give your vote (including votes delegated to you)
 # to proposal `proposals[proposal].name`.
@@ -135,9 +152,9 @@ def vote(proposal: int128):
 
 # Computes the winning proposal taking all
 # previous votes into account.
-@public
+@private
 @constant
-def winningProposal() -> int128:
+def _winningProposal() -> int128:
     winning_vote_count: int128 = 0
     winning_proposal: int128 = 0
     for i in range(2):
@@ -146,10 +163,16 @@ def winningProposal() -> int128:
             winning_proposal = i
     return winning_proposal
 
+@public
+@constant
+def winningProposal() -> int128:
+    return self._winningProposal()
+
+
 # Calls winningProposal() function to get the index
 # of the winner contained in the proposals array and then
 # returns the name of the winner
 @public
 @constant
 def winnerName() -> bytes32:
-    return self.proposals[self.winningProposal()].name
+    return self.proposals[self._winningProposal()].name

tests/parser/features/decorators/test_private.py

@@ -153,7 +153,7 @@ def set_greeting(_greeting: bytes[20]):
     if a + b + c + d + 3 == 1337:
         self.greeting = _greeting
 
-@public
+@private
 @constant
 def construct(greet: bytes[20]) -> bytes[40]:
     return concat(self.greeting, greet)

tests/parser/features/external_contracts/test_self_call_struct.py

@@ -9,7 +9,7 @@ def test_call_to_self_struct(w3, get_contract):
     e1: decimal
     e2: timestamp
 
-@public
+@private
 @constant
 def get_my_struct(_e1: decimal, _e2: timestamp) -> MyStruct:
     return MyStruct({e1: _e1, e2: _e2})