Add new float host functions and versioning rules

[sappenin]

• Updated §5.8 (Floats) preamble to describe OpaqueFloat as a general-purpose 12-byte buffer (4-byte exponent + 8-byte mantissa), document the rounding_modes values, and drop the IOU-specific framing
• Added six new host functions to §5.8 (all at 1000 gas, consistent with existing float operations)
• Added §5.11 Host Function Versioning Rules, covering the immutability of deployed host functions and the requirement to introduce new function names if buffer layouts change

[sappenin]

Not sure what I think about this rule. E.g., an amendment might change the meaning of a host function, but then again... should that be allowed? Such a thing would likely break existing contracts assuming the previous functionality.

[pwang200]

Yeah, this is hard to think... I think these are the right requirements. I.e. it is essentially append-only. Unfortunately I don't think there is a gate to guard this. The amendment (at least the existing meaning I understand) is not for this. I think the current approach about the float is the right one, "only use exponent and mantissa if want to store the float".

[sappenin]

Brainstorming out loud, here are some possible approaches that might help us version host functions to better ensure correctness.

1. Explicit versioning per host function
Contract authors declare which version they target (e.g. float_set/v1). If rippled introduces float_set/v2, the contract keeps calling v1 until explicitly upgraded. Downside: rippled can never remove old host functions, and it adds overhead for contract authors.

2. Host-function fingerprint
Hash all host-function names+versions into a single fingerprint, stored in each contract (similar to Data). rippled computes and caches its own fingerprint at runtime; if they diverge, the contract enters a permanent-fail mode. This is blunt and could create pain for contract authors who must react to any host-function change — but it enforces correctness. Scoping the fingerprint strictly to host functions (not all amendments) keeps it manageable.

3. "Do nothing for now" is also an option, but feels risky: by the time we need a versioning system, older contracts will have no way to adopt it retroactively.

4. Stable core + versioned extensions: Define a small, frozen set of core host functions (arithmetic, ledger reads, etc.) that are guaranteed never to change. Everything experimental or evolving lives in a separate, explicitly versioned extension namespace. Contracts that only use the core never think about versioning; only contracts using extensions need to care.

5. Runtime capability query: Expose a host function like get_capabilities() -> u64 that returns a bitmask of supported features. Contracts can branch at runtime based on what's available — similar to CPU feature detection (SSE, AVX). This is flexible but pushes complexity into every contract that needs to handle multiple code paths.

[pwang200]

Because a smart escrow should store the mantissa and exponent as separate integers in a contract-defined format if the smart escrow needs to persist the opaque float in the ledger. It needs a way to get the mantissa and exponent, through a new host function:

float_to_mantissa_and_exponent(
 opaque_float_in_buf: i32,
 opaque_float_in_len: i32,
 mantissa_out_buf: i32,
 mantissa_out_len: i32,
 exponent_out_buf: i32,
 exponent_out_len: i32,
)

Does it need a rounding mode? Not, right?

[sappenin]

I think this is probably what we want, but open to other solutions.

[sappenin]

The current "12 byte" serialization does save two bytes as compared to just using STNumber (which is likely 14 bytes). However, if we did just use STNumber bytes, then we might be able to remove the need for float_from_stnumber since an stnumber would be a float.

Thoughts?

[pwang200]

I don't have a strong opinion. My vote is the "12 byte".

[sappenin]

I also lean towards "keep 12" but am noticing that -- in Rust/WASM -- anytime I grab an STNumber, I can't just use it. I need to convert it to an OpaqueFloat. It would instead be nice if the WASM layer just treated those as the same thing, so I can save a host function call.

[sappenin]

@pwang200 I addressed your comment above via e56c1b9

[sappenin]

Do we need float_abs? We can accomplish the same thing checking with float_sign and then float_negate.

[pwang200]

I don't have a strong opinion. My vote is keep it if it is there already. Same for other host functions.

[sappenin]

I think I feel the same (weakly-held opinion). @mvadari chime in here, and if you agree we can resolve this comment and the onle above about float_negate.

[sappenin]

Do we need float_negate? We can accomplish the same things by declaring -1 and then using float_multiply.

[sappenin]

Is float_log necessary?

[pwang200]

the gas costs of the float host functions mismatches with the code:

    WASM_IMPORT_FUNC2(i, floatFromInt, "float_from_int", hfs,                                                  100);
    WASM_IMPORT_FUNC2(i, floatFromUint, "float_from_uint", hfs,                                                130);
    WASM_IMPORT_FUNC2(i, floatFromSTAmount, "float_from_stamount", hfs,                                        150);
    WASM_IMPORT_FUNC2(i, floatFromSTNumber, "float_from_stnumber", hfs,                                        150);
    WASM_IMPORT_FUNC2(i, floatToInt, "float_to_int", hfs,                                                      130);
    WASM_IMPORT_FUNC2(i, floatToMantissaAndExponent, "float_to_mantissa_and_exponent", hfs,                    130);
    WASM_IMPORT_FUNC2(i, floatNegate, "float_negate", hfs,                                                     150);
    WASM_IMPORT_FUNC2(i, floatAbs, "float_abs", hfs,                                                           150);
    WASM_IMPORT_FUNC2(i, floatSet, "float_set", hfs,                                                           100);
    WASM_IMPORT_FUNC2(i, floatCompare, "float_compare", hfs,                                                    80);
    WASM_IMPORT_FUNC2(i, floatAdd, "float_add", hfs,                                                           160);
    WASM_IMPORT_FUNC2(i, floatSubtract, "float_subtract", hfs,                                                 160);
    WASM_IMPORT_FUNC2(i, floatMultiply, "float_multiply", hfs,                                                 300);
    WASM_IMPORT_FUNC2(i, floatDivide, "float_divide", hfs,                                                     300);
    WASM_IMPORT_FUNC2(i, floatRoot, "float_root", hfs,                                                       5'500);
    WASM_IMPORT_FUNC2(i, floatPower, "float_pow", hfs,                                                       5'500);
    WASM_IMPORT_FUNC2(i, floatLog, "float_log", hfs,                                                        12'000);

[sappenin]

Great catch, fixed via 669e9c5

[pwang200]

code used 10^18 ≤ |mantissa| < 10^19

[sappenin]

Good catch. Fixed via 19b88f2

[gip]

Hope you don't mind a comment from the community. I was wondering why out_buf and out_len are required? I thought lengths would remain the same?

From a contract writer perspective, something like fn xfloat_from_int(i64) with default rounding more nearest and other function for fn xfloat_from_int_up(i64)... or at least use an enum for the rounding mode? And xfloat stands for xrpl float.

My 0.02 RLUSD cents