Revert "Merge pull request ElementsProject#1390 from ElementsProject/simplicity"

This reverts commit 368010a, reversing
changes made to e9a9144.

Author: psgreco

Makefile.am

@@ -195,6 +195,7 @@ LCOV_FILTER_PATTERN = \
 	-p "src/crypto/ctaes" \
 	-p "src/minisketch" \
 	-p "src/secp256k1" \
+	-p "src/simplicity/secp256k1" \
 	-p "depends"
 
 DIR_FUZZ_SEED_CORPUS ?= qa-assets/fuzz_seed_corpus

src/Makefile.elementssimplicity.include

@@ -3,4 +3,4 @@ include simplicity/elements-sources.mk
 LIBELEMENTSSIMPLICITY = libelementssimplicity.la
 noinst_LTLIBRARIES += $(LIBELEMENTSSIMPLICITY)
 libelementssimplicity_la_SOURCES = $(ELEMENTS_SIMPLICITY_LIB_SOURCES_INT) $(ELEMENTS_SIMPLICITY_DIST_HEADERS_INT) $(ELEMENTS_SIMPLICITY_LIB_HEADERS_INT)
-libelementssimplicity_la_CPPFLAGS = $(AM_CPPFLAGS) $(SHANI_CXXFLAGS) $(SANITIZER_CXXFLAGS) -I$(srcdir)/$(ELEMENTS_SIMPLICITY_INCLUDE_DIR_INT)
+libelementssimplicity_la_CPPFLAGS = $(AM_CPPFLAGS) $(SHANI_CXXFLAGS) -I$(srcdir)/$(ELEMENTS_SIMPLICITY_INCLUDE_DIR_INT)

src/script/interpreter.cpp

@@ -2660,8 +2660,7 @@ void PrecomputedTransactionData::Init(const T& txTo, std::vector<CTxOut>&& spent
         }
 
         rawTransaction simplicityRawTx;
-        uint256 rawHash = txTo.GetHash();
-        simplicityRawTx.txid = rawHash.begin();
+        simplicityRawTx.txid = txTo.GetHash().begin();
         simplicityRawTx.input = simplicityRawInput.data();
         simplicityRawTx.numInputs = simplicityRawInput.size();
         simplicityRawTx.output = simplicityRawOutput.data();
@@ -3124,7 +3123,7 @@ bool GenericTransactionSignatureChecker<T>::CheckSimplicity(const valtype& progr
     if (!simplicity_elements_execSimplicity(&error, 0, txdata->m_simplicity_tx_data, nIn, simplicityTapEnv, txdata->m_hash_genesis_block.data(), budget, 0, program.data(), program.size(), witness.data(), witness.size())) {
         assert(!"simplicity_elements_execSimplicity internal error");
     }
-    simplicity_elements_freeTapEnv(simplicityTapEnv);
+    free(simplicityTapEnv);
     switch (error) {
     case SIMPLICITY_NO_ERROR: return set_success(serror);
     case SIMPLICITY_ERR_MALLOC:
@@ -3134,7 +3133,7 @@ bool GenericTransactionSignatureChecker<T>::CheckSimplicity(const valtype& progr
     case SIMPLICITY_ERR_DATA_OUT_OF_RANGE: return set_error(serror, SCRIPT_ERR_SIMPLICITY_DATA_OUT_OF_RANGE);
     case SIMPLICITY_ERR_DATA_OUT_OF_ORDER: return set_error(serror, SCRIPT_ERR_SIMPLICITY_DATA_OUT_OF_ORDER);
     case SIMPLICITY_ERR_FAIL_CODE: return set_error(serror, SCRIPT_ERR_SIMPLICITY_FAIL_CODE);
-    case SIMPLICITY_ERR_RESERVED_CODE: return set_error(serror, SCRIPT_ERR_SIMPLICITY_RESERVED_CODE);
+    case SIMPLICITY_ERR_STOP_CODE: return set_error(serror, SCRIPT_ERR_SIMPLICITY_STOP_CODE);
     case SIMPLICITY_ERR_HIDDEN: return set_error(serror, SCRIPT_ERR_SIMPLICITY_HIDDEN);
     case SIMPLICITY_ERR_BITSTREAM_EOF: return set_error(serror, SCRIPT_ERR_SIMPLICITY_BITSTREAM_EOF);
     case SIMPLICITY_ERR_BITSTREAM_TRAILING_BYTES: return set_error(serror, SCRIPT_ERR_SIMPLICITY_BITSTREAM_TRAILING_BYTES);

src/script/interpreter.h

@@ -222,7 +222,7 @@ struct PrecomputedTransactionData
     template <class T>
     explicit PrecomputedTransactionData(const T& tx);
     ~PrecomputedTransactionData() {
-        simplicity_elements_freeTransaction(m_simplicity_tx_data);
+        free(m_simplicity_tx_data);
     }
 };
 

src/script/script_error.cpp

@@ -140,8 +140,8 @@ std::string ScriptErrorString(const ScriptError serror)
             return SIMPLICITY_ERR_MSG(SIMPLICITY_ERR_DATA_OUT_OF_ORDER);
         case SCRIPT_ERR_SIMPLICITY_FAIL_CODE:
             return SIMPLICITY_ERR_MSG(SIMPLICITY_ERR_FAIL_CODE);
-        case SCRIPT_ERR_SIMPLICITY_RESERVED_CODE:
-            return SIMPLICITY_ERR_MSG(SIMPLICITY_ERR_RESERVED_CODE);
+        case SCRIPT_ERR_SIMPLICITY_STOP_CODE:
+            return SIMPLICITY_ERR_MSG(SIMPLICITY_ERR_STOP_CODE);
         case SCRIPT_ERR_SIMPLICITY_HIDDEN:
             return SIMPLICITY_ERR_MSG(SIMPLICITY_ERR_HIDDEN);
         case SCRIPT_ERR_SIMPLICITY_BITSTREAM_EOF:

src/script/script_error.h

@@ -102,7 +102,7 @@ typedef enum ScriptError_t
     SCRIPT_ERR_SIMPLICITY_DATA_OUT_OF_RANGE,
     SCRIPT_ERR_SIMPLICITY_DATA_OUT_OF_ORDER,
     SCRIPT_ERR_SIMPLICITY_FAIL_CODE,
-    SCRIPT_ERR_SIMPLICITY_RESERVED_CODE,
+    SCRIPT_ERR_SIMPLICITY_STOP_CODE,
     SCRIPT_ERR_SIMPLICITY_HIDDEN,
     SCRIPT_ERR_SIMPLICITY_BITSTREAM_EOF,
     SCRIPT_ERR_SIMPLICITY_BITSTREAM_TRAILING_BYTES,

src/simplicity/ctx8Pruned.c

@@ -270,8 +270,8 @@ const uint32_t ctx8Pruned_cmr[] = {
   0x7f11746fu, 0xb68fdaedu, 0x3cadda80u, 0xc7cd0245u, 0xa341b927u, 0xe98e60f8u, 0x745dc441u, 0xe11ce1a3u
 };
 
-/* The identity hash of the root of the above ctx8Pruned Simplicity expression. */
-const uint32_t ctx8Pruned_ihr[] = {
+/* The identity Merkle root of the above ctx8Pruned Simplicity expression. */
+const uint32_t ctx8Pruned_imr[] = {
   0x8e8742acu, 0x27f42d29u, 0xd87f5229u, 0x02bc0ae2u, 0xbcfc1298u, 0x1641a2ddu, 0x77091830u, 0xb79bf12du
 };
 

src/simplicity/ctx8Pruned.h

@@ -18,8 +18,8 @@ extern const size_t sizeof_ctx8Pruned_witness;
 /* The commitment Merkle root of the above ctx8Pruned Simplicity expression. */
 extern const uint32_t ctx8Pruned_cmr[];
 
-/* The identity hash of the root of the above ctx8Pruned Simplicity expression. */
-extern const uint32_t ctx8Pruned_ihr[];
+/* The identity Merkle root of the above ctx8Pruned Simplicity expression. */
+extern const uint32_t ctx8Pruned_imr[];
 
 /* The annotated Merkle root of the above ctx8Pruned Simplicity expression. */
 extern const uint32_t ctx8Pruned_amr[];

src/simplicity/ctx8Unpruned.c

@@ -260,8 +260,8 @@ const uint32_t ctx8Unpruned_cmr[] = {
   0x7f11746fu, 0xb68fdaedu, 0x3cadda80u, 0xc7cd0245u, 0xa341b927u, 0xe98e60f8u, 0x745dc441u, 0xe11ce1a3u
 };
 
-/* The identity hash of the root of the above ctx8Unpruned Simplicity expression. */
-const uint32_t ctx8Unpruned_ihr[] = {
+/* The identity Merkle root of the above ctx8Unpruned Simplicity expression. */
+const uint32_t ctx8Unpruned_imr[] = {
   0x8e8742acu, 0x27f42d29u, 0xd87f5229u, 0x02bc0ae2u, 0xbcfc1298u, 0x1641a2ddu, 0x77091830u, 0xb79bf12du
 };
 

src/simplicity/ctx8Unpruned.h

@@ -18,8 +18,8 @@ extern const size_t sizeof_ctx8Unpruned_witness;
 /* The commitment Merkle root of the above ctx8Unpruned Simplicity expression. */
 extern const uint32_t ctx8Unpruned_cmr[];
 
-/* The identity hash of the root of the above ctx8Unpruned Simplicity expression. */
-extern const uint32_t ctx8Unpruned_ihr[];
+/* The identity Merkle root of the above ctx8Unpruned Simplicity expression. */
+extern const uint32_t ctx8Unpruned_imr[];
 
 /* The annotated Merkle root of the above ctx8Unpruned Simplicity expression. */
 extern const uint32_t ctx8Unpruned_amr[];

src/simplicity/dag.c

@@ -77,16 +77,16 @@ static sha256_midstate amrIV(tag_t tag) {
   SIMPLICITY_UNREACHABLE;
 }
 
-/* Given the identity hash of a jet specification, return the CMR for a jet that implements that specification.
+/* Given the IMR of a jet specification, return the CMR for a jet that implements that specification.
  *
- * Precondition: uint32_t ih[8]
+ * Precondition: uint32_t imr[8]
  */
-static sha256_midstate mkJetCMR(uint32_t *ih, uint_fast64_t weight) {
+static sha256_midstate mkJetCMR(uint32_t *imr, uint_fast64_t weight) {
   sha256_midstate result = jetIV;
   uint32_t block[16] = {0};
   block[6] = (uint32_t)(weight >> 32);
   block[7] = (uint32_t)weight;
-  memcpy(&block[8], ih, sizeof(uint32_t[8]));
+  memcpy(&block[8], imr, sizeof(uint32_t[8]));
   simplicity_sha256_compression(result.s, block);
 
   return result;
@@ -100,7 +100,7 @@ sha256_midstate simplicity_computeWordCMR(const bitstring* value, size_t n) {
   /* 'stack' is an array of 30 hashes consisting of 8 'uint32_t's each. */
   uint32_t stack[8*30] = {0};
   uint32_t *stack_ptr = stack;
-  sha256_midstate ih = identityIV;
+  sha256_midstate imr = identityIV;
   simplicity_assert(n < 32);
   simplicity_assert((size_t)1 << n == value->len);
   /* Pass 1: Compute the CMR for the expression that writes 'value'.
@@ -135,14 +135,14 @@ sha256_midstate simplicity_computeWordCMR(const bitstring* value, size_t n) {
   /* value->len is a power of 2.*/
   simplicity_assert(stack_ptr == stack + 8);
 
-  /* Pass 2: Compute the identity hash for the expression by adding the type roots of ONE and TWO^(2^n) to the CMR. */
-  simplicity_sha256_compression(ih.s, stack);
+  /* Pass 2: Compute the IMR for the expression by adding the type roots of ONE and TWO^(2^n) to the CMR. */
+  simplicity_sha256_compression(imr.s, stack);
   memcpy(&stack[0], word_type_root[0].s, sizeof(uint32_t[8]));
   memcpy(&stack[8], word_type_root[n+1].s, sizeof(uint32_t[8]));
-  simplicity_sha256_compression(ih.s, stack);
+  simplicity_sha256_compression(imr.s, stack);
 
-  /* Pass 3: Compute the jet's CMR from the specificion's identity hash. */
-  return mkJetCMR(ih.s, ((uint_fast64_t)1 << n));
+  /* Pass 3: Compute the jet's CMR from the specificion's IMR. */
+  return mkJetCMR(imr.s, ((uint_fast64_t)1 << n));
 }
 
 /* Given a well-formed dag[i + 1], such that for all 'j', 0 <= 'j' < 'i',
@@ -192,45 +192,45 @@ void simplicity_computeCommitmentMerkleRoot(dag_node* dag, const uint_fast32_t i
   }
 }
 
-/* Computes the identity hash roots of every subexpression in a well-typed 'dag' with witnesses.
- * 'ihr[i]' is set to the identity hash of the root of the subexpression 'dag[i]'.
- * When 'HIDDEN == dag[i].tag', then 'ihr[i]' is instead set to a hidden root hash for that hidden node.
+/* Computes the identity Merkle roots of every subexpression in a well-typed 'dag' with witnesses.
+ * 'imr[i]' is set to the identity Merkle root of the subexpression 'dag[i]'.
+ * When 'HIDDEN == dag[i].tag', then 'imr[i]' is instead set to a hidden root hash for that hidden node.
  *
- * Precondition: sha256_midstate ihr[len];
+ * Precondition: sha256_midstate imr[len];
  *               dag_node dag[len] and 'dag' is well-typed with 'type_dag' and contains witnesses.
  */
-static void computeIdentityHashRoots(sha256_midstate* ihr, const dag_node* dag, const type* type_dag, const uint_fast32_t len) {
+static void computeIdentityMerkleRoot(sha256_midstate* imr, const dag_node* dag, const type* type_dag, const uint_fast32_t len) {
   /* Pass 1 */
   for (size_t i = 0; i < len; ++i) {
     uint32_t block[16] = {0};
     size_t j = 8;
 
     /* For jets, the first pass identity Merkle root is the same as their commitment Merkle root. */
-    ihr[i] = HIDDEN == dag[i].tag ? dag[i].cmr
+    imr[i] = HIDDEN == dag[i].tag ? dag[i].cmr
            : JET == dag[i].tag ? dag[i].cmr
            : WORD == dag[i].tag ? dag[i].cmr
            : imrIV(dag[i].tag);
     switch (dag[i].tag) {
      case WITNESS:
       simplicity_sha256_bitstring(block, &dag[i].compactValue);
       memcpy(block + 8, type_dag[WITNESS_B(dag, type_dag, i)].typeMerkleRoot.s, sizeof(uint32_t[8]));
-      simplicity_sha256_compression(ihr[i].s, block);
+      simplicity_sha256_compression(imr[i].s, block);
       break;
      case COMP:
      case ASSERTL:
      case ASSERTR:
      case CASE:
      case PAIR:
      case DISCONNECT:
-      memcpy(block + j, ihr[dag[i].child[1]].s, sizeof(uint32_t[8]));
+      memcpy(block + j, imr[dag[i].child[1]].s, sizeof(uint32_t[8]));
       j = 0;
       /*@fallthrough@*/
      case INJL:
      case INJR:
      case TAKE:
      case DROP:
-      memcpy(block + j, ihr[dag[i].child[0]].s, sizeof(uint32_t[8]));
-      simplicity_sha256_compression(ihr[i].s, block);
+      memcpy(block + j, imr[dag[i].child[0]].s, sizeof(uint32_t[8]));
+      simplicity_sha256_compression(imr[i].s, block);
      case IDEN:
      case UNIT:
      case HIDDEN:
@@ -245,16 +245,16 @@ static void computeIdentityHashRoots(sha256_midstate* ihr, const dag_node* dag,
     uint32_t block[16] = {0};
 
     if (HIDDEN == dag[i].tag) {
-      memcpy(block + 8, ihr[i].s, sizeof(uint32_t[8]));
-      ihr[i] = hiddenIV;
-      simplicity_sha256_compression(ihr[i].s, block);
+      memcpy(block + 8, imr[i].s, sizeof(uint32_t[8]));
+      imr[i] = hiddenIV;
+      simplicity_sha256_compression(imr[i].s, block);
     } else {
-      memcpy(block + 8, ihr[i].s, sizeof(uint32_t[8]));
-      ihr[i] = identityIV;
-      simplicity_sha256_compression(ihr[i].s, block);
+      memcpy(block + 8, imr[i].s, sizeof(uint32_t[8]));
+      imr[i] = identityIV;
+      simplicity_sha256_compression(imr[i].s, block);
       memcpy(block, type_dag[dag[i].sourceType].typeMerkleRoot.s, sizeof(uint32_t[8]));
       memcpy(block + 8, type_dag[dag[i].targetType].typeMerkleRoot.s, sizeof(uint32_t[8]));
-      simplicity_sha256_compression(ihr[i].s, block);
+      simplicity_sha256_compression(imr[i].s, block);
     }
   }
 }
@@ -559,30 +559,30 @@ simplicity_err simplicity_fillWitnessData(dag_node* dag, type* type_dag, const u
   return SIMPLICITY_NO_ERROR;
 }
 
-/* Verifies that identity hash of every subexpression in a well-typed 'dag' with witnesses are all unique,
+/* Verifies that identity Merkle roots of every subexpression in a well-typed 'dag' with witnesses are all unique,
  * including that each hidden root hash for every 'HIDDEN' node is unique.
  *
- * if 'ihr' is not NULL, then '*ihr' is set to the identity hash of the root of the 'dag'.
+ * if 'imr' is not NULL, then '*imr' is set to the identity Merkle root of the 'dag'.
  *
  * If malloc fails, returns 'SIMPLICITY_ERR_MALLOC'.
- * If all the identity hahes (and hidden roots) are all unique, returns 'SIMPLICITY_NO_ERROR'.
+ * If all the identity Merkle roots (and hidden roots) are all unique, returns 'SIMPLICITY_NO_ERROR'.
  * Otherwise returns 'SIMPLICITY_ERR_UNSHARED_SUBEXPRESSION'.
  *
  * Precondition: dag_node dag[len] and 'dag' is well-typed with 'type_dag' and contains witnesses.
  */
-simplicity_err simplicity_verifyNoDuplicateIdentityHashes(sha256_midstate* ihr, const dag_node* dag, const type* type_dag, const uint_fast32_t dag_len) {
+simplicity_err simplicity_verifyNoDuplicateIdentityRoots(sha256_midstate* imr, const dag_node* dag, const type* type_dag, const uint_fast32_t dag_len) {
   simplicity_assert(0 < dag_len);
   simplicity_assert(dag_len <= DAG_LEN_MAX);
-  sha256_midstate* ih_buf = simplicity_malloc((size_t)dag_len * sizeof(sha256_midstate));
-  if (!ih_buf) return SIMPLICITY_ERR_MALLOC;
+  sha256_midstate* imr_buf = simplicity_malloc((size_t)dag_len * sizeof(sha256_midstate));
+  if (!imr_buf) return SIMPLICITY_ERR_MALLOC;
 
-  computeIdentityHashRoots(ih_buf, dag, type_dag, dag_len);
+  computeIdentityMerkleRoot(imr_buf, dag, type_dag, dag_len);
 
-  if (ihr) *ihr = ih_buf[dag_len-1];
+  if (imr) *imr = imr_buf[dag_len-1];
 
-  int result = simplicity_hasDuplicates(ih_buf, dag_len);
+  int result = simplicity_hasDuplicates(imr_buf, dag_len);
 
-  simplicity_free(ih_buf);
+  simplicity_free(imr_buf);
 
   switch (result) {
   case -1: return SIMPLICITY_ERR_MALLOC;

src/simplicity/dag.h

@@ -377,17 +377,17 @@ simplicity_err simplicity_verifyCanonicalOrder(dag_node* dag, const uint_fast32_
  */
 simplicity_err simplicity_fillWitnessData(dag_node* dag, type* type_dag, const uint_fast32_t len, bitstream *witness);
 
-/* Verifies that identity hash of every subexpression in a well-typed 'dag' with witnesses are all unique,
+/* Verifies that identity Merkle roots of every subexpression in a well-typed 'dag' with witnesses are all unique,
  * including that each hidden root hash for every 'HIDDEN' node is unique.
  *
- * if 'ihr' is not NULL, then '*ihr' is set to the identity hash of the root of the 'dag'.
+ * if 'imr' is not NULL, then '*imr' is set to the identity Merkle root of the 'dag'.
  *
  * If malloc fails, returns 'SIMPLICITY_ERR_MALLOC'.
- * If all the identity hahes (and hidden roots) are all unique, returns 'SIMPLICITY_NO_ERROR'.
+ * If all the identity Merkle roots (and hidden roots) are all unique, returns 'SIMPLICITY_NO_ERROR'.
  * Otherwise returns 'SIMPLICITY_ERR_UNSHARED_SUBEXPRESSION'.
  *
  * Precondition: dag_node dag[len] and 'dag' is well-typed with 'type_dag' and contains witnesses.
  */
-simplicity_err simplicity_verifyNoDuplicateIdentityHashes(sha256_midstate* ihr, const dag_node* dag, const type* type_dag, const uint_fast32_t dag_len);
+simplicity_err simplicity_verifyNoDuplicateIdentityRoots(sha256_midstate* imr, const dag_node* dag, const type* type_dag, const uint_fast32_t dag_len);
 
 #endif