typeck: pull satisfaction/dissatisfaction limits into struct

apoelstra · apoelstra · commit f57cac09f4ac · 2025-09-28T23:55:34.000Z
Right now in our ExtData type-checking structure there are four
properties that we measure for satisfactions: maximum witness stack
element count, maximum witness size, maximum scriptsig size, and maximum
number of stack elements during execution.

We measure the same variables for dissatisfaction.

These are always either all present or none present; for some reason we
have consolidated these four values into three separate Option types,
and we debug_assert that either they are all present or none are.
Furthermore, in the one case that we've consolidated stuff, we used a
tuple. So we have a (max witness size, max scriptsig size) pair, and
code comments everywhere explaining which one is .0 and which one is .1.

Pull all these into a struct with named fields, and improve the field
names to be more consistent.

This means that we now have one Option for satisfaction properties, and
one for dissatisfaction properties. No need for debug assertions.

There are two oddities worth highlighting:

1. The `or_d` dissat_data.max_exec_stack_count (line 693) used to have a
   +1 in its formula. I think this was a copy/paste error from or_b. I
   removed it. No tests break.
2. In `threshold` we sum up the satisfaction and dissatisfaction numbers
   for the four variables we're measuring. But for max_exec_stack_count
   I think we should be maxing, not summing. I also fixed this, and
   again no tests break.
diff --git a/src/miniscript/context.rs b/src/miniscript/context.rs
@@ -467,8 +467,7 @@ impl ScriptContext for Legacy {
     }
 
     fn max_satisfaction_size<Pk: MiniscriptKey>(ms: &Miniscript<Pk, Self>) -> Option<usize> {
-        // The scriptSig cost is the second element of the tuple
-        ms.ext.max_sat_size.map(|x| x.1)
+        ms.ext.sat_data.map(|data| data.max_script_sig_size)
     }
 
     fn pk_len<Pk: MiniscriptKey>(pk: &Pk) -> usize {
@@ -595,8 +594,7 @@ impl ScriptContext for Segwitv0 {
     }
 
     fn max_satisfaction_size<Pk: MiniscriptKey>(ms: &Miniscript<Pk, Self>) -> Option<usize> {
-        // The witness stack cost is the first element of the tuple
-        ms.ext.max_sat_size.map(|x| x.0)
+        ms.ext.sat_data.map(|data| data.max_witness_stack_size)
     }
 
     fn pk_len<Pk: MiniscriptKey>(_pk: &Pk) -> usize { 34 }
@@ -688,11 +686,10 @@ impl ScriptContext for Tap {
         // will have it's corresponding 64 bytes signature.
         // sigops budget = witness_script.len() + witness.size() + 50
         // Each signature will cover it's own cost(64 > 50) and thus will will never exceed the budget
-        if let (Some(s), Some(h)) = (ms.ext.exec_stack_elem_count_sat, ms.ext.stack_elem_count_sat)
-        {
-            if s + h > MAX_STACK_SIZE {
+        if let Some(data) = ms.ext.sat_data {
+            if data.max_witness_stack_count + data.max_exec_stack_count > MAX_STACK_SIZE {
                 return Err(ScriptContextError::StackSizeLimitExceeded {
-                    actual: s + h,
+                    actual: data.max_witness_stack_count + data.max_exec_stack_count,
                     limit: MAX_STACK_SIZE,
                 });
             }
@@ -714,8 +711,7 @@ impl ScriptContext for Tap {
     }
 
     fn max_satisfaction_size<Pk: MiniscriptKey>(ms: &Miniscript<Pk, Self>) -> Option<usize> {
-        // The witness stack cost is the first element of the tuple
-        ms.ext.max_sat_size.map(|x| x.0)
+        ms.ext.sat_data.map(|data| data.max_witness_stack_size)
     }
 
     fn sig_type() -> SigType { SigType::Schnorr }
@@ -812,8 +808,9 @@ impl ScriptContext for BareCtx {
     }
 
     fn max_satisfaction_size<Pk: MiniscriptKey>(ms: &Miniscript<Pk, Self>) -> Option<usize> {
-        // The witness stack cost is the first element of the tuple
-        ms.ext.max_sat_size.map(|x| x.1)
+        // For bare outputs the script appears in the scriptpubkey; its cost
+        // is the same as for a legacy scriptsig.
+        ms.ext.sat_data.map(|data| data.max_script_sig_size)
     }
 
     fn pk_len<Pk: MiniscriptKey>(pk: &Pk) -> usize {
diff --git a/src/miniscript/mod.rs b/src/miniscript/mod.rs
@@ -403,8 +403,8 @@ impl<Pk: MiniscriptKey, Ctx: ScriptContext> Miniscript<Pk, Ctx> {
     /// impossible to satisfy
     pub fn max_satisfaction_witness_elements(&self) -> Result<usize, Error> {
         self.ext
-            .stack_elem_count_sat
-            .map(|x| x + 1)
+            .sat_data
+            .map(|data| data.max_witness_stack_count + 1)
             .ok_or(Error::ImpossibleSatisfaction)
     }
 
diff --git a/src/miniscript/types/extra_props.rs b/src/miniscript/types/extra_props.rs

Original file line number	Diff line number	Diff line change
`@@ -467,8 +467,7 @@ impl ScriptContext for Legacy {`
`467`	`467`	`}`
`468`	`468`
`469`	`469`	`fn max_satisfaction_size<Pk: MiniscriptKey>(ms: &Miniscript<Pk, Self>) -> Option<usize> {`
`470`		`- // The scriptSig cost is the second element of the tuple`
`471`		`- ms.ext.max_sat_size.map(\|x\| x.1)`
	`470`	`+ ms.ext.sat_data.map(\|data\| data.max_script_sig_size)`
`472`	`471`	`}`
`473`	`472`
`474`	`473`	`fn pk_len<Pk: MiniscriptKey>(pk: &Pk) -> usize {`
`@@ -595,8 +594,7 @@ impl ScriptContext for Segwitv0 {`
`595`	`594`	`}`
`596`	`595`
`597`	`596`	`fn max_satisfaction_size<Pk: MiniscriptKey>(ms: &Miniscript<Pk, Self>) -> Option<usize> {`
`598`		`- // The witness stack cost is the first element of the tuple`
`599`		`- ms.ext.max_sat_size.map(\|x\| x.0)`
	`597`	`+ ms.ext.sat_data.map(\|data\| data.max_witness_stack_size)`
`600`	`598`	`}`
`601`	`599`
`602`	`600`	`fn pk_len<Pk: MiniscriptKey>(_pk: &Pk) -> usize { 34 }`
`@@ -688,11 +686,10 @@ impl ScriptContext for Tap {`
`688`	`686`	`// will have it's corresponding 64 bytes signature.`
`689`	`687`	`// sigops budget = witness_script.len() + witness.size() + 50`
`690`	`688`	`// Each signature will cover it's own cost(64 > 50) and thus will will never exceed the budget`
`691`		`- if let (Some(s), Some(h)) = (ms.ext.exec_stack_elem_count_sat, ms.ext.stack_elem_count_sat)`
`692`		`- {`
`693`		`- if s + h > MAX_STACK_SIZE {`
	`689`	`+ if let Some(data) = ms.ext.sat_data {`
	`690`	`+ if data.max_witness_stack_count + data.max_exec_stack_count > MAX_STACK_SIZE {`
`694`	`691`	`return Err(ScriptContextError::StackSizeLimitExceeded {`
`695`		`- actual: s + h,`
	`692`	`+ actual: data.max_witness_stack_count + data.max_exec_stack_count,`
`696`	`693`	`limit: MAX_STACK_SIZE,`
`697`	`694`	`});`
`698`	`695`	`}`
`@@ -714,8 +711,7 @@ impl ScriptContext for Tap {`
`714`	`711`	`}`
`715`	`712`
`716`	`713`	`fn max_satisfaction_size<Pk: MiniscriptKey>(ms: &Miniscript<Pk, Self>) -> Option<usize> {`
`717`		`- // The witness stack cost is the first element of the tuple`
`718`		`- ms.ext.max_sat_size.map(\|x\| x.0)`
	`714`	`+ ms.ext.sat_data.map(\|data\| data.max_witness_stack_size)`
`719`	`715`	`}`
`720`	`716`
`721`	`717`	`fn sig_type() -> SigType { SigType::Schnorr }`
`@@ -812,8 +808,9 @@ impl ScriptContext for BareCtx {`
`812`	`808`	`}`
`813`	`809`
`814`	`810`	`fn max_satisfaction_size<Pk: MiniscriptKey>(ms: &Miniscript<Pk, Self>) -> Option<usize> {`
`815`		`- // The witness stack cost is the first element of the tuple`
`816`		`- ms.ext.max_sat_size.map(\|x\| x.1)`
	`811`	`+ // For bare outputs the script appears in the scriptpubkey; its cost`
	`812`	`+ // is the same as for a legacy scriptsig.`
	`813`	`+ ms.ext.sat_data.map(\|data\| data.max_script_sig_size)`
`817`	`814`	`}`
`818`	`815`
`819`	`816`	`fn pk_len<Pk: MiniscriptKey>(pk: &Pk) -> usize {`