Conversation
alnoki
changed the title
Make the Rust and TS `Price` codecs agree for inputs above the protocol's FX target band, closing two divergences found in the ENG-557 adversarial review. Encode huge-value divergence: `Price::from_value` silently saturated the `f64`->`u64` cast, normalizing e.g. `1e300` into a bogus finite `Price`, while TS `encodePrice` threw. Both forks now reject any value whose `value * 1e7` would overflow `u64` (the exact saturation point), so the reject and accept sets are bit-identical. weightedAverage fidelity: the TS fork rebuilds `fromScaled` on `bigint` so the significand normalization is exact integer math past 2^53 (Gap 1 — `Number(avg)` rounded and flipped the 8th digit), and clamps the weighted products / sum / total at `u128::MAX` to mirror Rust's `saturating_mul` / `saturating_add` (Gap 2). Pin both via conformance: `price_vectors.json` adds huge-value rejects (`1e13`, `1e300`) plus a large-but-valid accept (`1e12`), and `share_vectors.json` adds out-of-band `merge_entry_basis` cases for the precision and saturation paths.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Makes the Rust and TS
Pricecodecs agree for inputs above the protocol's FX target band (~1e-6 .. 1e6), closing two divergences found in the ENG-557 adversarial review (PR #140). Both live in the sharedPricecodec, so they land together.1. Encode huge-value divergence
Price::from_valuesilently saturated thef64→u64cast —(1e300 * 1e7) as u64clamps tou64::MAX, whichfrom_scaledthen normalized into a bogus finitePrice(~1.8e12). TSencodePriceinstead threwRangeError. So the forks rejected different input sets.Fix: both forks now reject any finite value whose
value * 1e7would overflowu64(the exact saturation point,≥ 2^64). Below that boundary both truncate the samef64toward zero and normalize with identical integer arithmetic, so the reject and accept sets are now bit-identical. This fixes the real bug (Rust's silent normalization) without imposing an arbitrary hard1e6cap that would reject structurally-valid prices.2.
weightedAveragefidelity (from ENG-572)Bit-identical to Rust inside the FX band, but two out-of-band gaps in the TS fork:
fromScaled(Number(avg), 14)roundedavg(abigintup tou64::MAX) through an f64 onceavg > 2^53, flipping the 8th significand digit vs Rust's exactu64from_scaled.fromScaledis nowbigint-based and driven from the bigint directly.saturating_mul/saturating_addon thew*vproducts and their sum; TS used plain bigint. Now clamped atu128::MAXto mirror Rust.The shared
bigintfromScaledis what makes #1 and #2 one change.Conformance
price_vectors.json— huge-value rejects (1e13,1e300) + a large-but-valid accept (1e12) pinning the boundary.share_vectors.json— two out-of-bandmerge_entry_basiscases: a precision case (the bigint path yields significand60_000_000; the oldNumber(avg)path produced60_000_001) and au128-saturation case.docs/interface.md§6B — the "deliberately unconformed" note is replaced with the now-agreed contract.Verification
cargo test -p dropset-math-core --tests— 81 unit + 5 price-conformance + 6 share-conformance, all green.pnpm --filter @dropset/sdk test— 13 TS conformance tests green (both forks replay the regenerated vectors).cargo fmt/cargo clippyclean.