Merge pull request #160 from movementlabsxyz/andygolay/is-core-resource-false

feat: make is_core_resource_address always return false

Author: andygolay

aptos-move/aptos-release-builder/src/components/feature_flags.rs

@@ -122,6 +122,7 @@ pub enum FeatureFlag {
     LimitVMTypeSize,
     AbortIfMultisigPayloadMismatch,
     GovernedGasPool,
+    DecommissionCoreResources,
 }
 
 fn generate_features_blob(writer: &CodeWriter, data: &[u64]) {
@@ -332,6 +333,7 @@ impl From<FeatureFlag> for AptosFeatureFlag {
                 AptosFeatureFlag::ABORT_IF_MULTISIG_PAYLOAD_MISMATCH
             },
             FeatureFlag::GovernedGasPool => AptosFeatureFlag::GOVERNED_GAS_POOL,
+            FeatureFlag::DecommissionCoreResources => AptosFeatureFlag::DECOMMISSION_CORE_RESOURCES,
         }
     }
 }
@@ -457,6 +459,7 @@ impl From<AptosFeatureFlag> for FeatureFlag {
                 FeatureFlag::AbortIfMultisigPayloadMismatch
             },
             AptosFeatureFlag::GOVERNED_GAS_POOL => FeatureFlag::GovernedGasPool,
+            AptosFeatureFlag::DECOMMISSION_CORE_RESOURCES => FeatureFlag::DecommissionCoreResources,
         }
     }
 }

aptos-move/framework/aptos-framework/doc/account.md

@@ -689,6 +689,15 @@ Scheme identifier for Ed25519 signatures used to derive authentication keys for
 
 
 
+<a id="0x1_account_EFLAG_NOT_ENABLED"></a>
+
+
+
+<pre><code><b>const</b> <a href="account.md#0x1_account_EFLAG_NOT_ENABLED">EFLAG_NOT_ENABLED</a>: u64 = 21;
+</code></pre>
+
+
+
 <a id="0x1_account_EINVALID_ACCEPT_ROTATION_CAPABILITY"></a>
 
 The caller does not have a valid rotation capability offer from the other account

aptos-move/framework/aptos-framework/doc/governed_gas_pool.md

@@ -407,7 +407,7 @@ Deposits gas fees into the governed gas pool.
 @param gas_fee The amount of gas fees to be deposited.
 
 
-<pre><code><b>public</b> <b>fun</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_deposit_gas_fee">deposit_gas_fee</a>(gas_payer: <b>address</b>, gas_fee: u64)
+<pre><code><b>public</b> <b>fun</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_deposit_gas_fee">deposit_gas_fee</a>(_gas_payer: <b>address</b>, _gas_fee: u64)
 </code></pre>
 
 
@@ -416,7 +416,7 @@ Deposits gas fees into the governed gas pool.
 <summary>Implementation</summary>
 
 
-<pre><code><b>public</b> <b>fun</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_deposit_gas_fee">deposit_gas_fee</a>(gas_payer: <b>address</b>, gas_fee: u64) <b>acquires</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_GovernedGasPool">GovernedGasPool</a> {
+<pre><code><b>public</b> <b>fun</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_deposit_gas_fee">deposit_gas_fee</a>(_gas_payer: <b>address</b>, _gas_fee: u64) <b>acquires</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_GovernedGasPool">GovernedGasPool</a> {
     // get the sender <b>to</b> preserve the signature but do nothing
     <a href="governed_gas_pool.md#0x1_governed_gas_pool_governed_gas_pool_address">governed_gas_pool_address</a>();
 }
@@ -561,7 +561,7 @@ Abort if the governed gas pool has insufficient funds
 ### Function `deposit_gas_fee`
 
 
-<pre><code><b>public</b> <b>fun</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_deposit_gas_fee">deposit_gas_fee</a>(gas_payer: <b>address</b>, gas_fee: u64)
+<pre><code><b>public</b> <b>fun</b> <a href="governed_gas_pool.md#0x1_governed_gas_pool_deposit_gas_fee">deposit_gas_fee</a>(_gas_payer: <b>address</b>, _gas_fee: u64)
 </code></pre>
 
 

aptos-move/framework/aptos-framework/doc/system_addresses.md

@@ -31,6 +31,7 @@
 
 
 <pre><code><b>use</b> <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error">0x1::error</a>;
+<b>use</b> <a href="../../aptos-stdlib/../move-stdlib/doc/features.md#0x1_features">0x1::features</a>;
 <b>use</b> <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">0x1::signer</a>;
 </code></pre>
 
@@ -145,7 +146,12 @@ The operation can only be performed by the VM
 
 
 <pre><code><b>public</b> <b>fun</b> <a href="system_addresses.md#0x1_system_addresses_is_core_resource_address">is_core_resource_address</a>(addr: <b>address</b>): bool {
-    addr == @core_resources
+    // Check <b>if</b> the feature flag for decommissioning core resources is enabled.
+    <b>if</b> (get_decommission_core_resources_enabled()) {
+        <b>false</b>
+    } <b>else</b> {
+        addr == @core_resources
+    }
 }
 </code></pre>
 
@@ -497,6 +503,20 @@ Return true if <code>addr</code> is either the VM address or an Aptos Framework
 </code></pre>
 
 
+Specifies that a function aborts if the account does not have the root address.
+
+
+<a id="0x1_system_addresses_AbortsIfNotCoreResource"></a>
+
+
+<pre><code><b>schema</b> <a href="system_addresses.md#0x1_system_addresses_AbortsIfNotCoreResource">AbortsIfNotCoreResource</a> {
+    addr: <b>address</b>;
+    // This enforces <a id="high-level-req-1" href="#high-level-req">high-level requirement 1</a>:
+    <b>aborts_if</b> addr != @core_resources <b>with</b> <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_PERMISSION_DENIED">error::PERMISSION_DENIED</a>;
+}
+</code></pre>
+
+
 
 <a id="@Specification_1_assert_aptos_framework"></a>
 
@@ -546,20 +566,6 @@ Return true if <code>addr</code> is either the VM address or an Aptos Framework
 </code></pre>
 
 
-Specifies that a function aborts if the account does not have the aptos framework address.
-
-
-<a id="0x1_system_addresses_AbortsIfNotAptosFramework"></a>
-
-
-<pre><code><b>schema</b> <a href="system_addresses.md#0x1_system_addresses_AbortsIfNotAptosFramework">AbortsIfNotAptosFramework</a> {
-    <a href="account.md#0x1_account">account</a>: <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>;
-    // This enforces <a id="high-level-req-2" href="#high-level-req">high-level requirement 2</a>:
-    <b>aborts_if</b> <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer_address_of">signer::address_of</a>(<a href="account.md#0x1_account">account</a>) != @aptos_framework <b>with</b> <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_PERMISSION_DENIED">error::PERMISSION_DENIED</a>;
-}
-</code></pre>
-
-
 
 <a id="@Specification_1_assert_vm"></a>
 
@@ -577,18 +583,4 @@ Specifies that a function aborts if the account does not have the aptos framewor
 </code></pre>
 
 
-Specifies that a function aborts if the account does not have the VM reserved address.
-
-
-<a id="0x1_system_addresses_AbortsIfNotVM"></a>
-
-
-<pre><code><b>schema</b> <a href="system_addresses.md#0x1_system_addresses_AbortsIfNotVM">AbortsIfNotVM</a> {
-    <a href="account.md#0x1_account">account</a>: <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>;
-    // This enforces <a id="high-level-req-3" href="#high-level-req">high-level requirement 3</a>:
-    <b>aborts_if</b> <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer_address_of">signer::address_of</a>(<a href="account.md#0x1_account">account</a>) != @vm_reserved <b>with</b> <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_PERMISSION_DENIED">error::PERMISSION_DENIED</a>;
-}
-</code></pre>
-
-
 [move-book]: https://aptos.dev/move/book/SUMMARY

aptos-move/framework/aptos-framework/sources/account.move

@@ -129,7 +129,6 @@ module aptos_framework::account {
     /// authentication keys. Without such separation, an adversary could create (and get a signer for) a resource account
     /// whose address matches an existing address of a MultiEd25519 wallet.
     const DERIVE_RESOURCE_ACCOUNT_SCHEME: u8 = 255;
-
     /// Account already exists
     const EACCOUNT_ALREADY_EXISTS: u64 = 1;
     /// Account does not exist
@@ -170,6 +169,8 @@ module aptos_framework::account {
     const ENO_SIGNER_CAPABILITY_OFFERED: u64 = 19;
     // This account has exceeded the allocated GUIDs it can create. It should be impossible to reach this number for real applications.
     const EEXCEEDED_MAX_GUID_CREATION_NUM: u64 = 20;
+    // A required feature flag is not enabled.
+    const EFLAG_NOT_ENABLED: u64 = 21;
 
     /// Explicitly separate the GUID space between Object and Account to prevent accidental overlap.
     const MAX_GUID_CREATION_NUM: u64 = 0x4000000000000;

aptos-move/framework/aptos-framework/sources/aptos_coin.move

@@ -214,8 +214,8 @@ module aptos_framework::aptos_coin {
         (burn_cap, mint_cap)
     }
 
-    /// Initializes the Delegations resource under `@aptos_framework`.
     #[test_only]
+    /// Initializes the Delegations resource under `@aptos_framework`.
     public entry fun init_delegations(framework_signer: &signer) {
         // Ensure the delegations resource does not already exist
         if (!exists<Delegations>(@aptos_framework)) {

aptos-move/framework/aptos-framework/sources/system_addresses.move

@@ -1,6 +1,9 @@
 module aptos_framework::system_addresses {
     use std::error;
     use std::signer;
+    use std::features::get_decommission_core_resources_enabled;
+    #[test_only]
+    use std::features::change_feature_flags_for_testing;
 
     /// The address/account did not correspond to the core resource address
     const ENOT_CORE_RESOURCE_ADDRESS: u64 = 1;
@@ -20,7 +23,12 @@ module aptos_framework::system_addresses {
     }
 
     public fun is_core_resource_address(addr: address): bool {
-        addr == @core_resources
+        // Check if the feature flag for decommissioning core resources is enabled.
+        if (get_decommission_core_resources_enabled()) {
+            false
+        } else {
+            addr == @core_resources
+        }
     }
 
     public fun assert_aptos_framework(account: &signer) {
@@ -79,4 +87,22 @@ module aptos_framework::system_addresses {
     public fun is_reserved_address(addr: address): bool {
         is_aptos_framework_address(addr) || is_vm_address(addr)
     }
+
+    #[test(aptos_framework = @0x1, core_resources = @0xA550C18)]
+    public entry fun test_core_resource_check_returns_false_with_flag_enabled(aptos_framework: signer, core_resources: address) {
+        // Enable the feature flag for testing
+        change_feature_flags_for_testing(&aptos_framework, vector[222], vector[]);
+
+        // Assert that is_core_resource_address returns false
+        assert!(!is_core_resource_address(core_resources), 0);
+    }
+
+    #[test(aptos_framework = @0x1, core_resources = @0xA550C18)]
+    public entry fun test_core_resource_check_returns_true_without_flag(aptos_framework: signer, core_resources: address) {
+        // Disable the feature flag for testing
+        change_feature_flags_for_testing(&aptos_framework, vector[], vector[222]);
+
+        // Assert that is_core_resource_address returns true
+        assert!(is_core_resource_address(core_resources), 0);
+    }
 }

aptos-move/framework/move-stdlib/doc/features.md

@@ -135,6 +135,8 @@ return true.
 -  [Function `abort_native_bridge_enabled`](#0x1_features_abort_native_bridge_enabled)
 -  [Function `get_governed_gas_pool_feature`](#0x1_features_get_governed_gas_pool_feature)
 -  [Function `governed_gas_pool_enabled`](#0x1_features_governed_gas_pool_enabled)
+-  [Function `get_decommission_core_resources_feature`](#0x1_features_get_decommission_core_resources_feature)
+-  [Function `get_decommission_core_resources_enabled`](#0x1_features_get_decommission_core_resources_enabled)
 -  [Function `change_feature_flags`](#0x1_features_change_feature_flags)
 -  [Function `change_feature_flags_internal`](#0x1_features_change_feature_flags_internal)
 -  [Function `change_feature_flags_for_next_epoch`](#0x1_features_change_feature_flags_for_next_epoch)
@@ -427,6 +429,16 @@ Lifetime: transient
 
 
 
+<a id="0x1_features_DECOMMISSION_CORE_RESOURCES"></a>
+
+Lifetime: transient
+
+
+<pre><code><b>const</b> <a href="features.md#0x1_features_DECOMMISSION_CORE_RESOURCES">DECOMMISSION_CORE_RESOURCES</a>: u64 = 222;
+</code></pre>
+
+
+
 <a id="0x1_features_DEFAULT_TO_CONCURRENT_FUNGIBLE_BALANCE"></a>
 
 Whether to default new Fungible Store to the concurrent variant.
@@ -3331,6 +3343,52 @@ Whether the Governed Gas Pool is enabled.
 
 
 
+</details>
+
+<a id="0x1_features_get_decommission_core_resources_feature"></a>
+
+## Function `get_decommission_core_resources_feature`
+
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_decommission_core_resources_feature">get_decommission_core_resources_feature</a>(): u64
+</code></pre>
+
+
+
+<details>
+<summary>Implementation</summary>
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_decommission_core_resources_feature">get_decommission_core_resources_feature</a>(): u64 { <a href="features.md#0x1_features_DECOMMISSION_CORE_RESOURCES">DECOMMISSION_CORE_RESOURCES</a> }
+</code></pre>
+
+
+
+</details>
+
+<a id="0x1_features_get_decommission_core_resources_enabled"></a>
+
+## Function `get_decommission_core_resources_enabled`
+
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_decommission_core_resources_enabled">get_decommission_core_resources_enabled</a>(): bool
+</code></pre>
+
+
+
+<details>
+<summary>Implementation</summary>
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_decommission_core_resources_enabled">get_decommission_core_resources_enabled</a>(): bool <b>acquires</b> <a href="features.md#0x1_features_Features">Features</a> {
+    <a href="features.md#0x1_features_is_enabled">is_enabled</a>(<a href="features.md#0x1_features_DECOMMISSION_CORE_RESOURCES">DECOMMISSION_CORE_RESOURCES</a>)
+}
+</code></pre>
+
+
+
 </details>
 
 <a id="0x1_features_change_feature_flags"></a>

aptos-move/framework/move-stdlib/sources/configs/features.move

@@ -615,6 +615,15 @@ module std::features {
         is_enabled(GOVERNED_GAS_POOL)
     }
 
+    /// Lifetime: transient
+    const DECOMMISSION_CORE_RESOURCES: u64 = 222;
+
+    public fun get_decommission_core_resources_feature(): u64 { DECOMMISSION_CORE_RESOURCES }
+
+    public fun get_decommission_core_resources_enabled(): bool acquires Features {
+        is_enabled(DECOMMISSION_CORE_RESOURCES)
+    }
+
     // ============================================================================================
     // Feature Flag Implementation
 

types/src/on_chain_config/aptos_features.rs

@@ -87,6 +87,7 @@ pub enum FeatureFlag {
     LIMIT_VM_TYPE_SIZE = 69,
     ABORT_IF_MULTISIG_PAYLOAD_MISMATCH = 70,
     GOVERNED_GAS_POOL = 73,
+    DECOMMISSION_CORE_RESOURCES = 222,
 }
 
 impl FeatureFlag {