Disallow self.* calls to public functions

docs/installing-vyper.rst

@@ -156,7 +156,7 @@ Additionally, you may try to compile an example contract by running:
     vyper examples/crowdfund.vy
 
 If everything works correctly, you are now able to compile your own smart contracts written in Vyper.
-If any unexpected errors or exceptions are encountered, please feel free create an issue <https://github.com/ethereum/vyper/issues/new>.
+If any unexpected errors or exceptions are encountered, please feel free to `create an issue <https://github.com/ethereum/vyper/issues/new>`_.
 
 .. note::
     If you get the error `fatal error: openssl/aes.h: No such file or directory` in the output of `make`, then run `sudo apt-get install libssl-dev1`, then run `make` again.

docs/structure-of-a-contract.rst

@@ -36,27 +36,52 @@ Functions are the executable units of code within a contract.
     // ...
 
 Function calls can happen internally or externally and have different levels of visibility (see
-:ref:`structure-decorators`) towards other contracts. Functions must be decorated with either
-@public or @private.
+:ref:`structure-decorators`) towards other contracts. Functions must be explicitely declared as public or private.
+
+Public Functions
+----------------
+
+Public functions (decorated with ``@public``) are a part of the contract interface and may be called via transactions or from other contracts. They cannot be called internally.
+
+Public functions in Vyper are equivalent to external functions in Solidity.
+
+Private Functions
+-----------------
+
+Private functions (decorated with ``@private``) are only accessible from other functions within the same contract. They are called via the ``self`` variable:
+
+::
+
+    @private
+    def _times_two(amount: uint256) -> uint256:
+        return amount * 2
+
+    @public
+    def calculate(amount: uint256) -> uint256:
+        return self._times_two(amount)
+
+Private functions do not have access to ``msg.sender`` or ``msg.value``. If you require these values within a private function they must be passed as parameters.
 
 .. _structure-decorators:
 
 Decorators
 ----------
 
-============================= ===========================================
-Decorator                     Description
-============================= ===========================================
-`@public`                     Can be called from external contracts.
-`@private`                    Can only be called within current contract.
-`@constant`                   Does not alter contract state.
-`@payable`                    The contract is open to receive Ether.
-`@nonreentrant(<unique_key>)` Function can only be called once,
-                              both externally and internally. Used to
-                              prevent reentrancy attacks.
-============================= ===========================================
-
-The visibility decorators `@public` or `@private` are mandatory on function declarations, whilst the other decorators(@constant, @payable, @nonreentrant) are optional.
+The following decorators are available:
+
+=============================== ===========================================
+Decorator                       Description
+=============================== ===========================================
+``@public``                     Can only be called externally.
+``@private``                    Can only be called within current contract.
+``@constant``                   Does not alter contract state.
+``@payable``                    The contract is open to receive Ether.
+``@nonreentrant(<unique_key>)`` Function can only be called once,
+                                both externally and internally. Used to
+                                prevent reentrancy attacks.
+=============================== ===========================================
+
+The visibility decorators ``@public`` or ``@private`` are mandatory on function declarations, whilst the other decorators(``@constant``, ``@payable``, ``@nonreentrant``) are optional.
 
 Default function
 ----------------

docs/testing-contracts.rst

@@ -26,7 +26,7 @@ Vyper Contract and Basic Fixtures
 This is the base requirement to load a vyper contract and start testing. The last two fixtures are optional and will be
 discussed later. The rest of this chapter assumes, that you have this code set up in your ``conftest.py`` file.
 Alternatively, you can import the fixtures to ``conftest.py`` or use
-`pytest_plugins <https://docs.pytest.org/en/latest/plugins.html>`_.
+`pytest plugins <https://docs.pytest.org/en/latest/plugins.html>`_.
 
 Load Contract and Basic Tests
 =============================

docs/vyper-by-example.rst

@@ -80,10 +80,8 @@ contract, we are provided with a built-in variable ``msg`` and we can access
 the public address of any method caller with ``msg.sender``. Similarly, the
 amount of ether a user sends can be accessed by calling ``msg.value``.
 
-.. warning:: ``msg.sender`` will change between internal function calls so that
-  if you're calling a function from the outside, it's correct for the first
-  function call. But then, for the function calls after, ``msg.sender`` will
-  reference the contract itself as opposed to the sender of the transaction.
+.. note:: ``msg.sender`` and ``msg.value`` can only be accessed from public
+  functions. If you require these values within a private function they must be passed as parameters.
 
 Here, we first check whether the current time is before the auction's end time
 using the ``assert`` function which takes any boolean statement. We also check
@@ -403,11 +401,9 @@ Let’s move onto the constructor.
   :language: python
   :pyobject: __init__
 
-.. warning:: Both ``msg.sender`` and ``msg.balance`` change between internal
-  function calls so that if you're calling a function from the outside, it's
-  correct for the first function call. But then, for the function calls after,
-  ``msg.sender`` and ``msg.balance`` reference the contract itself as opposed
-  to the sender of the transaction.
+.. note:: ``msg.sender`` and ``msg.value`` can only be accessed from public
+  functions. If you require these values within a private function they must be
+  passed as parameters.
 
 In the constructor, we hard-coded the contract to accept an
 array argument of exactly two proposal names of type ``bytes32`` for the contracts
@@ -427,6 +423,8 @@ Now that the initial setup is done, lets take a look at the functionality.
   :language: python
   :pyobject: giveRightToVote
 
+.. note:: Throughout this contract, we use a pattern where ``@public`` functions return data from ``@private`` functions that have the same name prepended with an underscore. This is because Vyper does not allow calls between public functions within the same contract. The private function handles the logic and allows internal access, while the public function acts as a getter to allow external viewing.
+
 We need a way to control who has the ability to vote. The method
 ``giveRightToVote()`` is a method callable by only the chairperson by taking
 a voter address and granting it the right to vote by incrementing the voter's
@@ -471,13 +469,15 @@ is a read-only function and we benefit by saving gas fees.
 
 .. literalinclude:: ../examples/voting/ballot.vy
   :language: python
-  :pyobject: winningProposal
+  :lines: 153-170
 
-The ``winningProposal()`` method returns the key of proposal in the ``proposals``
+The ``_winningProposal()`` method returns the key of proposal in the ``proposals``
 mapping. We will keep track of greatest number of votes and the winning
 proposal with the variables ``winningVoteCount`` and ``winningProposal``,
 respectively by looping through all the proposals.
 
+``winningProposal()`` is a public function allowing external access to ``_winningProposal()``.
+
 .. literalinclude:: ../examples/voting/ballot.vy
   :language: python
   :pyobject: winnerName
@@ -512,14 +512,16 @@ Let's get started.
   :language: python
   :linenos:
 
+.. note:: Throughout this contract, we use a pattern where ``@public`` functions return data from ``@private`` functions that have the same name prepended with an underscore. This is because Vyper does not allow calls between public functions within the same contract. The private function handles the logic and allows internal access, while the public function acts as a getter to allow external viewing.
+
 The contract contains a number of methods that modify the contract state as
 well as a few 'getter' methods to read it. We first declare several events
 that the contract logs. We then declare our global variables, followed by
 function definitions.
 
 .. literalinclude:: ../examples/stock/company.vy
   :language: python
-  :lines: 7-13
+  :lines: 11-18
 
 We initiate the ``company`` variable to be of type ``address`` that's public.
 The ``totalShares`` variable is of type ``currency_value``, which in this case
@@ -539,16 +541,18 @@ company's address is initialized to hold all shares of the company in the
 
 .. literalinclude:: ../examples/stock/company.vy
   :language: python
-  :pyobject: stockAvailable
+  :lines: 33-44
 
 We will be seeing a few ``@constant`` decorators in this contract—which is
 used to decorate methods that simply read the contract state or return a simple
 calculation on the contract state without modifying it. Remember, reading the
 blockchain is free, writing on it is not. Since Vyper is a statically typed
-language, we see an arrow following the definition of the ``stockAvailable()``
+language, we see an arrow following the definition of the ``_stockAvailable()``
 method, which simply represents the data type which the function is expected
 to return. In the method, we simply key into ``self.holdings`` with the
-company's address and check it's holdings.
+company's address and check it's holdings.  Because ``_stockAvailable()`` is a
+private method, we also include the public ``stockAvailable()`` method to allow
+external access.
 
 Now, lets take a look at a method that lets a person buy stock from the
 company's holding.
@@ -566,10 +570,11 @@ Now that people can buy shares, how do we check someone's holdings?
 
 .. literalinclude:: ../examples/stock/company.vy
   :language: python
-  :pyobject: getHolding
+  :lines: 63-74
 
-The ``getHolding()`` is another ``@constant`` method that takes an ``address``
+The ``_getHolding()`` is another ``@constant`` method that takes an ``address``
 and returns its corresponding stock holdings by keying into ``self.holdings``.
+Again, a public function ``getHolding()`` is included to allow external access.
 
 .. literalinclude:: ../examples/stock/company.vy
   :language: python
@@ -613,11 +618,11 @@ sends its ether to an address.
 
 .. literalinclude:: ../examples/stock/company.vy
   :language: python
-  :pyobject: debt
+  :lines: 129-140
 
 We can also check how much the company has raised by multiplying the number of
-shares the company has sold and the price of each share. We can get this value
-by calling the ``debt()`` method.
+shares the company has sold and the price of each share. Internally, we get
+this value by calling the ``_debt()`` method. Externally it is accessed via ``debt()``.
 
 .. literalinclude:: ../examples/stock/company.vy
   :language: python

examples/stock/company.vy

@@ -30,10 +30,17 @@ def __init__(_company: address, _total_shares: uint256(currency_value),
     # The company holds all the shares at first, but can sell them all.
     self.holdings[self.company] = _total_shares
 
+# Find out how much stock the company holds
+@private
+@constant
+def _stockAvailable() -> uint256(currency_value):
+    return self.holdings[self.company]
+
+# Public function to allow external access to _stockAvailable
 @public
 @constant
 def stockAvailable() -> uint256(currency_value):
-    return self.holdings[self.company]
+    return self._stockAvailable()
 
 # Give some value to the company and get stock in return.
 @public
@@ -44,7 +51,7 @@ def buyStock():
     buy_order: uint256(currency_value) = msg.value / self.price # rounds down
 
     # Check that there are enough shares to buy.
-    assert self.stockAvailable() >= buy_order
+    assert self._stockAvailable() >= buy_order
 
     # Take the shares off the market and give them to the stockholder.
     self.holdings[self.company] -= buy_order
@@ -54,10 +61,16 @@ def buyStock():
     log.Buy(msg.sender, buy_order)
 
 # Find out how much stock any address (that's owned by someone) has.
+@private
+@constant
+def _getHolding(_stockholder: address) -> uint256(currency_value):
+    return self.holdings[_stockholder]
+
+# Public function to allow external access to _getHolding
 @public
 @constant
 def getHolding(_stockholder: address) -> uint256(currency_value):
-    return self.holdings[_stockholder]
+    return self._getHolding(_stockholder)
 
 # Return the amount the company has on hand in cash.
 @public
@@ -71,9 +84,9 @@ def sellStock(sell_order: uint256(currency_value)):
     assert sell_order > 0 # Otherwise, this would fail at send() below,
         # due to an OOG error (there would be zero value available for gas).
     # You can only sell as much stock as you own.
-    assert self.getHolding(msg.sender) >= sell_order
+    assert self._getHolding(msg.sender) >= sell_order
     # Check that the company can pay you.
-    assert self.cash() >= (sell_order * self.price)
+    assert self.balance >= (sell_order * self.price)
 
     # Sell the stock, send the proceeds to the user
     # and put the stock back on the market.
@@ -90,7 +103,7 @@ def sellStock(sell_order: uint256(currency_value)):
 def transferStock(receiver: address, transfer_order: uint256(currency_value)):
     assert transfer_order > 0 # This is similar to sellStock above.
     # Similarly, you can only trade as much stock as you own.
-    assert self.getHolding(msg.sender) >= transfer_order
+    assert self._getHolding(msg.sender) >= transfer_order
 
     # Debit the sender's stock and add to the receiver's address.
     self.holdings[msg.sender] -= transfer_order
@@ -105,7 +118,7 @@ def payBill(vendor: address, amount: wei_value):
     # Only the company can pay people.
     assert msg.sender == self.company
     # Also, it can pay only if there's enough to pay them with.
-    assert self.cash() >= amount
+    assert self.balance >= amount
 
     # Pay the bill!
     send(vendor, amount)
@@ -114,15 +127,21 @@ def payBill(vendor: address, amount: wei_value):
     log.Pay(vendor, amount)
 
 # Return the amount in wei that a company has raised in stock offerings.
+@private
+@constant
+def _debt() -> wei_value:
+    return (self.totalShares - self._stockAvailable()) * self.price
+
+# Public function to allow external access to _debt
 @public
 @constant
 def debt() -> wei_value:
-    return (self.totalShares - self.holdings[self.company]) * self.price
+    return self._debt()
 
 # Return the cash holdings minus the debt of the company.
 # The share debt or liability only is included here,
 # but of course all other liabilities can be included.
 @public
 @constant
 def worth() -> wei_value:
-    return self.cash() - self.debt()
+    return self.balance - self._debt()