feat: DECOMMISSION_CORE_RESOURCES feature flag

Author: andygolay

aptos-move/framework/aptos-framework/doc/account.md

@@ -23,6 +23,7 @@
 -  [Function `create_account_if_does_not_exist`](#0x1_account_create_account_if_does_not_exist)
 -  [Function `create_account`](#0x1_account_create_account)
 -  [Function `create_account_unchecked`](#0x1_account_create_account_unchecked)
+-  [Function `destroy_account_from`](#0x1_account_destroy_account_from)
 -  [Function `exists_at`](#0x1_account_exists_at)
 -  [Function `get_guid_next_creation_num`](#0x1_account_get_guid_next_creation_num)
 -  [Function `get_sequence_number`](#0x1_account_get_sequence_number)
@@ -616,6 +617,16 @@ This V2 struct adds the <code><a href="chain_id.md#0x1_chain_id">chain_id</a></c
 
 
 
+<a id="0x1_account_DECOMMISSION_CORE_RESOURCES"></a>
+
+Feature flag for decommissioning core resources.
+
+
+<pre><code><b>const</b> <a href="account.md#0x1_account_DECOMMISSION_CORE_RESOURCES">DECOMMISSION_CORE_RESOURCES</a>: u64 = 222;
+</code></pre>
+
+
+
 <a id="0x1_account_DERIVE_RESOURCE_ACCOUNT_SCHEME"></a>
 
 Scheme identifier used when hashing an account's address together with a seed to derive the address (not the
@@ -943,7 +954,16 @@ is returned. This way, the caller of this function can publish additional resour
     // there cannot be an <a href="account.md#0x1_account_Account">Account</a> resource under new_addr already.
     <b>assert</b>!(!<b>exists</b>&lt;<a href="account.md#0x1_account_Account">Account</a>&gt;(new_address), <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_already_exists">error::already_exists</a>(<a href="account.md#0x1_account_EACCOUNT_ALREADY_EXISTS">EACCOUNT_ALREADY_EXISTS</a>));
 
-    // NOTE: @core_resources gets created via a `create_account` call, so we do not <b>include</b> it below.
+    // Check <b>if</b> the feature flag for decommissioning core resources is enabled.
+    <b>if</b> (get_decommission_core_resources_enabled()) {
+        // Assert separately for the core resources <b>address</b> <b>if</b> the feature flag is enabled.
+        <b>assert</b>!(
+            new_address != @0xa550c18,
+            <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_invalid_argument">error::invalid_argument</a>(<a href="account.md#0x1_account_ECANNOT_RESERVED_ADDRESS">ECANNOT_RESERVED_ADDRESS</a>)
+        );
+    };
+
+    // Assert for other reserved addresses.
     <b>assert</b>!(
         new_address != @vm_reserved && new_address != @aptos_framework && new_address != @aptos_token,
         <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_invalid_argument">error::invalid_argument</a>(<a href="account.md#0x1_account_ECANNOT_RESERVED_ADDRESS">ECANNOT_RESERVED_ADDRESS</a>)
@@ -1007,6 +1027,48 @@ is returned. This way, the caller of this function can publish additional resour
 
 
 
+</details>
+
+<a id="0x1_account_destroy_account_from"></a>
+
+## Function `destroy_account_from`
+
+Destroy the Account resource from a given account.
+Used to destroy the core resources account on mainnet.
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="account.md#0x1_account_destroy_account_from">destroy_account_from</a>(<a href="account.md#0x1_account">account</a>: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, from: <b>address</b>)
+</code></pre>
+
+
+
+<details>
+<summary>Implementation</summary>
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="account.md#0x1_account_destroy_account_from">destroy_account_from</a>(<a href="account.md#0x1_account">account</a>: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, from: <b>address</b>) <b>acquires</b> <a href="account.md#0x1_account_Account">Account</a> {
+    <a href="system_addresses.md#0x1_system_addresses_assert_aptos_framework">system_addresses::assert_aptos_framework</a>(<a href="account.md#0x1_account">account</a>);
+
+    <b>let</b> <a href="account.md#0x1_account_Account">Account</a> {
+        authentication_key: _,
+        sequence_number: _,
+        guid_creation_num: _,
+        coin_register_events,
+        key_rotation_events,
+        rotation_capability_offer,
+        signer_capability_offer,
+    } = <b>move_from</b>&lt;<a href="account.md#0x1_account_Account">Account</a>&gt;(from);
+
+    <a href="event.md#0x1_event_destroy_handle">event::destroy_handle</a>&lt;<a href="account.md#0x1_account_CoinRegisterEvent">CoinRegisterEvent</a>&gt;(coin_register_events);
+    <a href="event.md#0x1_event_destroy_handle">event::destroy_handle</a>&lt;<a href="account.md#0x1_account_KeyRotationEvent">KeyRotationEvent</a>&gt;(key_rotation_events);
+
+    <b>let</b> <a href="account.md#0x1_account_CapabilityOffer">CapabilityOffer</a> { for: _ } = rotation_capability_offer;
+    <b>let</b> <a href="account.md#0x1_account_CapabilityOffer">CapabilityOffer</a> { for: _ } = signer_capability_offer;
+}
+</code></pre>
+
+
+
 </details>
 
 <a id="0x1_account_exists_at"></a>

aptos-move/framework/aptos-framework/sources/account.move

@@ -5,6 +5,9 @@ module aptos_framework::account {
     use std::option::{Self, Option};
     use std::signer;
     use std::vector;
+    use std::features::get_decommission_core_resources_enabled;
+    #[test_only]
+    use std::features::change_feature_flags_for_testing;
     use aptos_framework::chain_id;
     use aptos_framework::create_signer::create_signer;
     use aptos_framework::event::{Self, EventHandle};
@@ -130,6 +133,9 @@ module aptos_framework::account {
     /// whose address matches an existing address of a MultiEd25519 wallet.
     const DERIVE_RESOURCE_ACCOUNT_SCHEME: u8 = 255;
 
+    /// Feature flag for decommissioning core resources.
+    const DECOMMISSION_CORE_RESOURCES: u64 = 222;
+
     /// Account already exists
     const EACCOUNT_ALREADY_EXISTS: u64 = 1;
     /// Account does not exist
@@ -170,6 +176,8 @@ module aptos_framework::account {
     const ENO_SIGNER_CAPABILITY_OFFERED: u64 = 19;
     // This account has exceeded the allocated GUIDs it can create. It should be impossible to reach this number for real applications.
     const EEXCEEDED_MAX_GUID_CREATION_NUM: u64 = 20;
+    // A required feature flag is not enabled.
+    const EFLAG_NOT_ENABLED: u64 = 21;
 
     /// Explicitly separate the GUID space between Object and Account to prevent accidental overlap.
     const MAX_GUID_CREATION_NUM: u64 = 0x4000000000000;
@@ -199,9 +207,18 @@ module aptos_framework::account {
         // there cannot be an Account resource under new_addr already.
         assert!(!exists<Account>(new_address), error::already_exists(EACCOUNT_ALREADY_EXISTS));
 
-        // NOTE: @core_resources gets created via a `create_account` call, so we do not include it below.
+        // Check if the feature flag for decommissioning core resources is enabled.
+        if (get_decommission_core_resources_enabled()) {
+            // Assert separately for the core resources address if the feature flag is enabled.
+            assert!(
+                new_address != @0xa550c18,
+                error::invalid_argument(ECANNOT_RESERVED_ADDRESS)
+            );
+        };
+
+        // Assert for other reserved addresses.
         assert!(
-            new_address != @vm_reserved && new_address != @aptos_framework && new_address != @aptos_token && new_address != @0xa550c18,
+            new_address != @vm_reserved && new_address != @aptos_framework && new_address != @aptos_token,
             error::invalid_argument(ECANNOT_RESERVED_ADDRESS)
         );
 
@@ -245,6 +262,12 @@ module aptos_framework::account {
     public fun destroy_account_from(account: &signer, from: address) acquires Account {
         system_addresses::assert_aptos_framework(account);
 
+        // Assert that the feature flag for decommissioning core resources is enabled
+        assert!(
+            std::features::get_decommission_core_resources_enabled(),
+            EFLAG_NOT_ENABLED
+        );
+
         let Account {
             authentication_key: _,
             sequence_number: _,
@@ -976,10 +999,13 @@ module aptos_framework::account {
     }
 
     #[test(aptos_framework = @aptos_framework, from = @0xdead)]
-    public entry fun test_destroy_account_from(
+    public entry fun test_destroy_account_from_with_flag_enabled(
         aptos_framework: &signer,
         from: &signer,
     ) acquires Account {
+        // Enable the feature flag for testing
+        std::features::change_feature_flags_for_testing(aptos_framework, vector[222], vector[]);
+
         // Ensure the Account resource exists under the from account
         if (!exists<Account>(signer::address_of(from))) {
             create_account(signer::address_of(from));
@@ -995,6 +1021,27 @@ module aptos_framework::account {
         assert!(!exists<Account>(signer::address_of(from)), 2);
     }
 
+    #[test(aptos_framework = @aptos_framework, from = @0xdead)]
+    #[expected_failure(abort_code = 21, location = Self)]
+    public entry fun test_destroy_account_from_with_flag_disabled(
+        aptos_framework: &signer,
+        from: &signer,
+    ) acquires Account {
+        // Disable the feature flag for testing
+        std::features::change_feature_flags_for_testing(aptos_framework, vector[], vector[222]);
+
+        // Ensure the Account resource exists under the from account
+        if (!exists<Account>(signer::address_of(from))) {
+            create_account(signer::address_of(from));
+        };
+
+        // Confirm it now exists
+        assert!(exists<Account>(signer::address_of(from)), 1);
+
+        // Attempt to destroy the Account resource (should fail)
+        destroy_account_from(aptos_framework, signer::address_of(from));
+    }
+
     #[test_only]
     struct DummyResource has key {}
 
@@ -1574,9 +1621,22 @@ module aptos_framework::account {
         assert!(!event::was_event_emitted_by_handle(eventhandle, &event), 3);
     }
 
-    #[test]
+    #[test(framework = @0x1)]
     #[expected_failure(abort_code = 65541, location = Self)]
-    public entry fun test_cannot_create_account_at_core_resources_address() {
+    public entry fun test_cannot_create_account_at_core_resources_address_with_feature_flag(framework: signer) {
+        // Enable the feature flag for testing
+        change_feature_flags_for_testing(&framework, vector[222], vector[]);
+
+        // Attempt to create an account at the core resources address
+        create_account(@0xa550c18);
+    }
+
+    #[test(framework = @0x1)]
+    public entry fun test_can_create_account_at_core_resources_address_without_feature_flag(framework: signer) {
+        // Disable the feature flag for testing
+        change_feature_flags_for_testing(&framework, vector[], vector[222]);
+
+        // Attempt to create an account at the core resources address
         create_account(@0xa550c18);
     }
 }

aptos-move/framework/aptos-framework/sources/genesis.move

@@ -531,7 +531,6 @@ module aptos_framework::genesis {
 
     /// Expected to fail after post-l1-merge release; it's okay because we will not regenesis.
     #[test(aptos_framework = @0x1, root = @0xabcd)]
-    #[expected_failure(abort_code = 65541, location = aptos_framework::account)]
     fun test_create_root_account(aptos_framework: &signer) {
         use aptos_framework::aggregator_factory;
         use aptos_framework::object;

aptos-move/framework/move-stdlib/doc/features.md

@@ -135,6 +135,8 @@ return true.
 -  [Function `abort_native_bridge_enabled`](#0x1_features_abort_native_bridge_enabled)
 -  [Function `get_governed_gas_pool_feature`](#0x1_features_get_governed_gas_pool_feature)
 -  [Function `governed_gas_pool_enabled`](#0x1_features_governed_gas_pool_enabled)
+-  [Function `get_decommission_core_resources_feature`](#0x1_features_get_decommission_core_resources_feature)
+-  [Function `get_decommission_core_resources_enabled`](#0x1_features_get_decommission_core_resources_enabled)
 -  [Function `change_feature_flags`](#0x1_features_change_feature_flags)
 -  [Function `change_feature_flags_internal`](#0x1_features_change_feature_flags_internal)
 -  [Function `change_feature_flags_for_next_epoch`](#0x1_features_change_feature_flags_for_next_epoch)
@@ -427,6 +429,16 @@ Lifetime: transient
 
 
 
+<a id="0x1_features_DECOMMISSION_CORE_RESOURCES"></a>
+
+Lifetime: transient
+
+
+<pre><code><b>const</b> <a href="features.md#0x1_features_DECOMMISSION_CORE_RESOURCES">DECOMMISSION_CORE_RESOURCES</a>: u64 = 222;
+</code></pre>
+
+
+
 <a id="0x1_features_DEFAULT_TO_CONCURRENT_FUNGIBLE_BALANCE"></a>
 
 Whether to default new Fungible Store to the concurrent variant.
@@ -3331,6 +3343,52 @@ Whether the Governed Gas Pool is enabled.
 
 
 
+</details>
+
+<a id="0x1_features_get_decommission_core_resources_feature"></a>
+
+## Function `get_decommission_core_resources_feature`
+
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_decommission_core_resources_feature">get_decommission_core_resources_feature</a>(): u64
+</code></pre>
+
+
+
+<details>
+<summary>Implementation</summary>
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_decommission_core_resources_feature">get_decommission_core_resources_feature</a>(): u64 { <a href="features.md#0x1_features_DECOMMISSION_CORE_RESOURCES">DECOMMISSION_CORE_RESOURCES</a> }
+</code></pre>
+
+
+
+</details>
+
+<a id="0x1_features_get_decommission_core_resources_enabled"></a>
+
+## Function `get_decommission_core_resources_enabled`
+
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_decommission_core_resources_enabled">get_decommission_core_resources_enabled</a>(): bool
+</code></pre>
+
+
+
+<details>
+<summary>Implementation</summary>
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_decommission_core_resources_enabled">get_decommission_core_resources_enabled</a>(): bool <b>acquires</b> <a href="features.md#0x1_features_Features">Features</a> {
+    <a href="features.md#0x1_features_is_enabled">is_enabled</a>(<a href="features.md#0x1_features_DECOMMISSION_CORE_RESOURCES">DECOMMISSION_CORE_RESOURCES</a>)
+}
+</code></pre>
+
+
+
 </details>
 
 <a id="0x1_features_change_feature_flags"></a>

aptos-move/framework/move-stdlib/sources/configs/features.move

@@ -615,6 +615,15 @@ module std::features {
         is_enabled(GOVERNED_GAS_POOL)
     }
 
+    /// Lifetime: transient
+    const DECOMMISSION_CORE_RESOURCES: u64 = 222;
+
+    public fun get_decommission_core_resources_feature(): u64 { DECOMMISSION_CORE_RESOURCES }
+
+    public fun get_decommission_core_resources_enabled(): bool acquires Features {
+        is_enabled(DECOMMISSION_CORE_RESOURCES)
+    }
+
     // ============================================================================================
     // Feature Flag Implementation