BumpSequence

[MonsieurNicolas]

Resolves #1445 #1532

This commit superseeds #1519 (that only contained the commits related to sequence number processing)

I didn't squash commits on purpose to preserve the timeline wrt various revs of the specification that led to the current implementation.

The first batch of commits updates the way we process sequence numbers

note: I only made a minor adjustment to the last commit compared to #1519

• it moves sequence number processing from the pre-apply stage (where fees are processed) to the actual transaction apply time (protocol v10)
• it also changes the meta format for all versions. generating a "tx level side effect" meta. this field only gets updated starting at protocol 10, but I figured it was better to move to the new meta in all cases to avoid carrying over the complexity in future versions of Horizon (old meta support can be removed later)
• notable change in test code is that we do more validations from applyCheck (previously we were skipping a bunch of validations if the failures were too early)

After that we introduce BumpSequence

The first couple drafts had additional failure modes/conditions on the operation.

The latest one makes BumpSequence extremely simple and instead:

• allows the sequence number to jump to any arbitrary point in the future ; for this to work I implemented support for uint64 sequence numbers in SQL (which only stores signed integers so we "wrap around"). I don't see a better way to do this (other than just not use integers at all and store that column as an base32 string which may be even more confusing and requires a schema migration). The conversion from signed to unsigned may still cause problems but is in C++ a fully specified behavior (bits are the same). @nullstyle any thoughts on this?
• change MergeAccount to fail if recreating the account in the same ledger (for example in a subsequent operation in the same transaction) would lead to an account with a smaller sequence number. For this to work, I had to adjust some tests that were overlooking this fact.

[vogel]

Won't it break catchup complete on current pubnet?

[MonsieurNicolas]

no it won't: what I did here is change the test to be explicit about what is going on by adding an extra closeLedgerOn(*app, 2, 1, 1, 2016); after setting up the original accounts.
the check REQUIRE(a1SeqNum == a1.loadSequenceNumber()) was just misleading because the reason a1SeqNum was not changing was that the setup and the transaction being tested (with all its sub-operations) were occurring during the same ledger.

[vogel]

if we move that 2 lines down we could get rid of line 637

[MonsieurNicolas]

but then it would be seqNumRightAfterMax and not maxSeqNum

[vogel]

In that case maybe remove line 637 and use maxSeqNum + 1 in 638 and 639?

[vogel]

it is bad that we cannot move MANAGE_DATA_NOT_SUPPORTED_YET here as well

[MonsieurNicolas]

yeah MANAGE_DATA_NOT_SUPPORTED_YET should not have been implemented like this in the first place and now we have to keep that behavior to replay old versions of the protocol

[vogel]

What happened to this one?

Another thing that I also realized is that we should also probably make it fail instead of no-op:

in the context of bumpseq being the only operation in a transaction it doesn't matter
if bumpseq is one of several operations in a transaction. it allows to have safe assumptions on the workflow.

[MonsieurNicolas]

Q on "Why bumpSequence doesn't fail when attempting to bump backwards": I am answering in stellar/stellar-protocol#53 as it's not clear that it was dropped.

In the issue, I am also proposing moving SequenceNumber at the protocol layer to int64 across the board as the current approach is just too hacky and unsafe across languages.

@nullstyle any input especially on that last point?

[nullstyle]

@MonsieurNicolas at first take, I think switching to int64 for sequence numbers should be fine. I'll do a little checking around just to further confirm.

[vogel]

cant we just check before loop if modified.size() == 1?

[MonsieurNicolas]

it's a fake iterator, it only implements begin and end

[vogel]

bumping to 0 is OK (always no-op)?

[MonsieurNicolas]

0 is a valid sequence number, so yes

[vogel]

so this is second way to lock account, next to setting master weight to 0, nice!

[MonsieurNicolas]

no it doesn't lock the account, it just cannot be used as source account for a transaction

[vogel]

I think a comment here explaining why this condition exists would be nice

[MonsieurNicolas]

I forgot that I wanted to get rid of this magic across the code base

[MonsieurNicolas]

@vogel I updated that latest commit with your suggestions

[MonsieurNicolas]

(rebased to current master)

[vogel]

r+ f9f9187