add u64 overflow prevention

Author: alex-mysten

Cargo.lock

@@ -440,7 +440,7 @@ msim-macros = { git = "https://github.com/MystenLabs/mysten-sim.git", rev = "427
 multiaddr = "0.17.0"
 nexlint = { git = "https://github.com/nextest-rs/nexlint.git", rev = "7ce56bd591242a57660ed05f14ca2483c37d895b" }
 nexlint-lints = { git = "https://github.com/nextest-rs/nexlint.git", rev = "7ce56bd591242a57660ed05f14ca2483c37d895b" }
-nonempty = "0.9.0"
+nonempty = { version = "0.9.0", features = ["serialize"] }
 nonzero_ext = "0.3.0"
 notify = "6.1.1"
 ntest = "0.9.0"

Cargo.toml

@@ -0,0 +1,52 @@
+// Copyright (c) Mysten Labs, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+// Test demonstrating arithmetic overflow protection when withdrawing from address balances.
+// Creates two independent Supply objects, mints 18446744073709551614 (u64::MAX - 1) from each,
+// sends both amounts to address A, then attempts to withdraw both amounts in a single PTB.
+// The withdraw operation fails with arithmetic error because the total exceeds u64::MAX.
+
+//# init --addresses test=0x0 --accounts A B --enable-accumulators --simulator
+
+//# publish --sender A
+module test::large_balance {
+	use sui::balance::{Self, Supply};
+
+	public struct MARKER has drop {}
+
+	public struct SupplyHolder has key, store {
+		id: UID,
+		supply: Supply<MARKER>,
+	}
+
+	public fun create_holder(ctx: &mut TxContext): SupplyHolder {
+		SupplyHolder {
+			id: object::new(ctx),
+			supply: balance::create_supply(MARKER {}),
+		}
+	}
+
+	public fun send_large_balance(holder: &mut SupplyHolder, recipient: address, amount: u64) {
+		let balance = holder.supply.increase_supply(amount);
+		balance::send_funds(balance, recipient);
+	}
+}
+
+//# programmable --sender A --inputs @A
+//> 0: test::large_balance::create_holder();
+//> 1: test::large_balance::create_holder();
+//> TransferObjects([Result(0), Result(1)], Input(0))
+
+//# run test::large_balance::send_large_balance --args object(2,0) @A 18446744073709551614 --sender A
+
+//# create-checkpoint
+
+//# run test::large_balance::send_large_balance --args object(2,1) @A 18446744073709551614 --sender A
+
+//# create-checkpoint
+
+//# programmable --sender A --inputs withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) @B
+//> 0: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(0));
+//> 1: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(1));
+//> 2: sui::balance::join<test::large_balance::MARKER>(Result(0), Result(1));
+//> 3: sui::balance::send_funds<test::large_balance::MARKER>(Result(0), Input(2));

crates/sui-adapter-transactional-tests/tests/address_balances/large_balance_transfer.move

@@ -0,0 +1,54 @@
+---
+source: external-crates/move/crates/move-transactional-test-runner/src/framework.rs
+assertion_line: 817
+---
+processed 8 tasks
+
+init:
+A: object(0,0), B: object(0,1)
+
+task 1, lines 11-33:
+//# publish --sender A
+created: object(1,0)
+mutated: object(0,0)
+gas summary: computation_cost: 1000000, storage_cost: 7311200,  storage_rebate: 0, non_refundable_storage_fee: 0
+
+task 2, lines 35-38:
+//# programmable --sender A --inputs @A
+//> 0: test::large_balance::create_holder();
+//> 1: test::large_balance::create_holder();
+//> TransferObjects([Result(0), Result(1)], Input(0))
+created: object(2,0), object(2,1)
+mutated: object(0,0)
+gas summary: computation_cost: 1000000, storage_cost: 3876000,  storage_rebate: 978120, non_refundable_storage_fee: 9880
+
+task 3, line 40:
+//# run test::large_balance::send_large_balance --args object(2,0) @A 18446744073709551614 --sender A
+mutated: object(0,0), object(2,0)
+unchanged_shared: 0x0000000000000000000000000000000000000000000000000000000000000403
+accumulators_written: (object(3,0), A, sui::balance::Balance<test::large_balance::MARKER>, Merge)
+gas summary: computation_cost: 1000000, storage_cost: 2432000,  storage_rebate: 2407680, non_refundable_storage_fee: 24320
+
+task 4, line 42:
+//# create-checkpoint
+Checkpoint created: 1
+
+task 5, line 44:
+//# run test::large_balance::send_large_balance --args object(2,1) @A 18446744073709551614 --sender A
+mutated: object(0,0), object(2,1)
+unchanged_shared: 0x0000000000000000000000000000000000000000000000000000000000000403
+accumulators_written: (object(3,0), A, sui::balance::Balance<test::large_balance::MARKER>, Merge)
+gas summary: computation_cost: 1000000, storage_cost: 2432000,  storage_rebate: 2407680, non_refundable_storage_fee: 24320
+
+task 6, line 46:
+//# create-checkpoint
+Checkpoint created: 2
+
+task 7, lines 48-52:
+//# programmable --sender A --inputs withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) @B
+//> 0: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(0));
+//> 1: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(1));
+//> 2: sui::balance::join<test::large_balance::MARKER>(Result(0), Result(1));
+//> 3: sui::balance::send_funds<test::large_balance::MARKER>(Result(0), Input(2));
+Error: Transaction Effects Status: Move Primitive Runtime Error. Location: sui::funds_accumulator::withdraw_from_accumulator_address (function index 9) at offset 0. Arithmetic error, stack overflow, max value depth, etc.
+Debug of error: MovePrimitiveRuntimeError(MoveLocationOpt(Some(MoveLocation { module: ModuleId { address: sui, name: Identifier("funds_accumulator") }, function: 9, instruction: 0, function_name: Some("withdraw_from_accumulator_address") }))) at command Some(1)

crates/sui-adapter-transactional-tests/tests/address_balances/large_balance_transfer.snap

@@ -0,0 +1,54 @@
+---
+source: external-crates/move/crates/move-transactional-test-runner/src/framework.rs
+assertion_line: 811
+---
+processed 8 tasks
+
+init:
+A: object(0,0), B: object(0,1)
+
+task 1, lines 11-33:
+//# publish --sender A
+created: object(1,0)
+mutated: object(0,0)
+gas summary: computation_cost: 1000000, storage_cost: 7311200,  storage_rebate: 0, non_refundable_storage_fee: 0
+
+task 2, lines 35-38:
+//# programmable --sender A --inputs @A
+//> 0: test::large_balance::create_holder();
+//> 1: test::large_balance::create_holder();
+//> TransferObjects([Result(0), Result(1)], Input(0))
+created: object(2,0), object(2,1)
+mutated: object(0,0)
+gas summary: computation_cost: 1000000, storage_cost: 3876000,  storage_rebate: 978120, non_refundable_storage_fee: 9880
+
+task 3, line 40:
+//# run test::large_balance::send_large_balance --args object(2,0) @A 18446744073709551614 --sender A
+mutated: object(0,0), object(2,0)
+unchanged_shared: 0x0000000000000000000000000000000000000000000000000000000000000403
+accumulators_written: (object(3,0), A, sui::balance::Balance<test::large_balance::MARKER>, Merge)
+gas summary: computation_cost: 1000000, storage_cost: 2432000,  storage_rebate: 2407680, non_refundable_storage_fee: 24320
+
+task 4, line 42:
+//# create-checkpoint
+Checkpoint created: 1
+
+task 5, line 44:
+//# run test::large_balance::send_large_balance --args object(2,1) @A 18446744073709551614 --sender A
+mutated: object(0,0), object(2,1)
+unchanged_shared: 0x0000000000000000000000000000000000000000000000000000000000000403
+accumulators_written: (object(3,0), A, sui::balance::Balance<test::large_balance::MARKER>, Merge)
+gas summary: computation_cost: 1000000, storage_cost: 2432000,  storage_rebate: 2407680, non_refundable_storage_fee: 24320
+
+task 6, line 46:
+//# create-checkpoint
+Checkpoint created: 2
+
+task 7, lines 48-52:
+//# programmable --sender A --inputs withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) withdraw<sui::balance::Balance<test::large_balance::MARKER>>(18446744073709551614) @B
+//> 0: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(0));
+//> 1: sui::balance::redeem_funds<test::large_balance::MARKER>(Input(1));
+//> 2: sui::balance::join<test::large_balance::MARKER>(Result(0), Result(1));
+//> 3: sui::balance::send_funds<test::large_balance::MARKER>(Result(0), Input(2));
+Error: Transaction Effects Status: Move Primitive Runtime Error. Location: sui::funds_accumulator::withdraw_from_accumulator_address (function index 9) at offset 0. Arithmetic error, stack overflow, max value depth, etc.
+Debug of error: MovePrimitiveRuntimeError(MoveLocationOpt(Some(MoveLocation { module: ModuleId { address: sui, name: Identifier("funds_accumulator") }, function: 9, instruction: 0, function_name: Some("withdraw_from_accumulator_address") }))) at command Some(1)

crates/sui-adapter-transactional-tests/tests/address_balances/[email protected]

@@ -15,6 +15,7 @@ serde_json.workspace = true
 serde_with.workspace = true
 colored.workspace = true
 itertools.workspace = true
+nonempty.workspace = true
 tracing.workspace = true
 bcs.workspace = true
 sui-protocol-config.workspace = true

crates/sui-json-rpc-types/Cargo.toml

@@ -20,6 +20,7 @@ use move_core_types::annotated_value::MoveTypeLayout;
 use move_core_types::identifier::{IdentStr, Identifier};
 use move_core_types::language_storage::{ModuleId, StructTag, TypeTag};
 use mysten_metrics::monitored_scope;
+use nonempty::NonEmpty;
 use sui_json::{SuiJsonValue, primitive_type};
 use sui_types::SUI_FRAMEWORK_ADDRESS;
 use sui_types::accumulator_event::AccumulatorEvent;
@@ -822,7 +823,8 @@ impl From<AccumulatorOperation> for SuiAccumulatorOperation {
 pub enum SuiAccumulatorValue {
     Integer(u64),
     IntegerTuple(u64, u64),
-    EventDigest(Vec<(u64 /* event index in the transaction */, Digest)>),
+    #[schemars(with = "Vec<(u64, Digest)>")]
+    EventDigest(NonEmpty<(u64 /* event index in the transaction */, Digest)>),
 }
 
 impl From<AccumulatorValue> for SuiAccumulatorValue {

crates/sui-json-rpc-types/src/sui_transaction.rs

@@ -7,8 +7,12 @@ use crate::{
     object::{Object, Owner},
 };
 use move_core_types::language_storage::TypeTag;
+use nonempty::NonEmpty;
 use serde::{Deserialize, Serialize};
 
+#[cfg(test)]
+use nonempty::nonempty;
+
 use super::IDOperation;
 
 #[derive(Eq, PartialEq, Clone, Debug, Serialize, Deserialize)]
@@ -87,7 +91,7 @@ pub enum AccumulatorOperation {
 pub enum AccumulatorValue {
     Integer(u64),
     IntegerTuple(u64, u64),
-    EventDigest(Vec<(u64 /* event index in the transaction */, Digest)>),
+    EventDigest(NonEmpty<(u64 /* event index in the transaction */, Digest)>),
 }
 
 /// Accumulator objects are named by an address (can be an account address or a UID)
@@ -149,34 +153,36 @@ impl AccumulatorWriteV1 {
                                 AccumulatorOperation::Split => (merge, split + v as u128),
                             }
                         } else {
-                            mysten_common::debug_fatal!(
+                            mysten_common::fatal!(
                                 "mismatched accumulator value types for same object"
                             );
-                            (merge, split)
                         }
                     });
                 let (amount, operation) = if merge_amount >= split_amount {
                     (merge_amount - split_amount, AccumulatorOperation::Merge)
                 } else {
                     (split_amount - merge_amount, AccumulatorOperation::Split)
                 };
-                let amount_u64 = amount
-                    .try_into()
-                    .expect("accumulator value overflow: merged amount exceeds u64::MAX");
-                (AccumulatorValue::Integer(amount_u64), operation)
+                match amount.try_into() {
+                    Ok(amount_u64) => (AccumulatorValue::Integer(amount_u64), operation),
+                    Err(_) => {
+                        mysten_common::fatal!(
+                            "accumulator value overflow: merged amount {} exceeds u64::MAX",
+                            amount
+                        );
+                    }
+                }
             }
             AccumulatorValue::IntegerTuple(_, _) => {
                 todo!("IntegerTuple netting-out logic not yet implemented")
             }
-            AccumulatorValue::EventDigest(_) => {
-                let mut event_digests = Vec::new();
-                for write in writes {
-                    if let AccumulatorValue::EventDigest(digests) = write.value {
-                        event_digests.extend(digests);
+            AccumulatorValue::EventDigest(first_digests) => {
+                let mut event_digests = first_digests.clone();
+                for write in &writes[1..] {
+                    if let AccumulatorValue::EventDigest(digests) = &write.value {
+                        event_digests.extend(digests.iter().copied());
                     } else {
-                        mysten_common::debug_fatal!(
-                            "mismatched accumulator value types for same object"
-                        );
+                        mysten_common::fatal!("mismatched accumulator value types for same object");
                     }
                 }
                 (
@@ -365,7 +371,7 @@ mod tests {
         let write = AccumulatorWriteV1 {
             address: addr.clone(),
             operation: AccumulatorOperation::Merge,
-            value: AccumulatorValue::EventDigest(vec![(0, digest1), (1, digest2)]),
+            value: AccumulatorValue::EventDigest(nonempty![(0, digest1), (1, digest2)]),
         };
 
         let result = AccumulatorWriteV1::merge(vec![write.clone()]);
@@ -384,17 +390,17 @@ mod tests {
             AccumulatorWriteV1 {
                 address: addr.clone(),
                 operation: AccumulatorOperation::Merge,
-                value: AccumulatorValue::EventDigest(vec![(0, digest1), (1, digest2)]),
+                value: AccumulatorValue::EventDigest(nonempty![(0, digest1), (1, digest2)]),
             },
             AccumulatorWriteV1 {
                 address: addr.clone(),
                 operation: AccumulatorOperation::Merge,
-                value: AccumulatorValue::EventDigest(vec![(2, digest3)]),
+                value: AccumulatorValue::EventDigest(nonempty![(2, digest3)]),
             },
             AccumulatorWriteV1 {
                 address: addr.clone(),
                 operation: AccumulatorOperation::Merge,
-                value: AccumulatorValue::EventDigest(vec![(3, digest4)]),
+                value: AccumulatorValue::EventDigest(nonempty![(3, digest4)]),
             },
         ];
 
@@ -411,31 +417,6 @@ mod tests {
         }
     }
 
-    #[test]
-    fn test_merge_event_digests_empty_list() {
-        let addr = test_accumulator_address();
-        let writes = vec![
-            AccumulatorWriteV1 {
-                address: addr.clone(),
-                operation: AccumulatorOperation::Merge,
-                value: AccumulatorValue::EventDigest(vec![]),
-            },
-            AccumulatorWriteV1 {
-                address: addr.clone(),
-                operation: AccumulatorOperation::Merge,
-                value: AccumulatorValue::EventDigest(vec![]),
-            },
-        ];
-
-        let result = AccumulatorWriteV1::merge(writes);
-        assert_eq!(result.operation, AccumulatorOperation::Merge);
-        if let AccumulatorValue::EventDigest(digests) = result.value {
-            assert_eq!(digests.len(), 0);
-        } else {
-            panic!("Expected EventDigest value");
-        }
-    }
-
     #[test]
     #[should_panic(expected = "All writes must have the same accumulator address")]
     fn test_merge_mismatched_addresses() {

crates/sui-types/src/effects/object_change.rs

@@ -27,6 +27,7 @@ move-trace-format.workspace = true
 move-vm-config.workspace = true
 mysten-common.workspace = true
 mysten-metrics.workspace = true
+nonempty.workspace = true
 
 move-bytecode-verifier = { path = "../../../external-crates/move/crates/move-bytecode-verifier" }
 move-vm-runtime = { path = "../../../external-crates/move/crates/move-vm-runtime" }

sui-execution/latest/sui-adapter/Cargo.toml

@@ -45,6 +45,7 @@ mod checked {
     };
     use move_vm_types::loaded_data::runtime_types::Type;
     use mysten_common::debug_fatal;
+    use nonempty::nonempty;
     use std::{
         borrow::Borrow,
         cell::RefCell,
@@ -1551,7 +1552,7 @@ mod checked {
                             );
                         };
                         let digest = event.digest();
-                        AccumulatorValue::EventDigest(vec![(event_idx, digest)])
+                        AccumulatorValue::EventDigest(nonempty![(event_idx, digest)])
                     }
                 };