Merge branch 'master' into feat/mem-dealloc

.github/workflows/pull-request.yaml

@@ -24,6 +24,7 @@ jobs:
         with:
           types: |
             feat
+            perf
             fix
             chore
             refactor

SECURITY.md

@@ -3,7 +3,7 @@
 ## Supported Versions
 
 - it is recommended to follow the list of known [vulnerabilities](https://github.com/vyperlang/vyper/security/advisories) and stay up-to-date with the latest releases
-  - as of May 2024, the `0.4.0` release is the most secure and the most comprehensively reviewed one and is recommended for use in production environments
+  - as of May 2024, the [`0.4.0`](https://github.com/vyperlang/vyper/releases/tag/v0.4.0) release is the most comprehensively reviewed one and is recommended for use in production environments
 - if a compiler vulnerability is found, a new compiler version with a patch will be released. The vulnerable version itself is not updated (see the examples below).
   - `example1`: suppose `0.4.0` is the latest version and a hypothetical vulnerability is found in `0.4.0`, then a patch will be released in `0.4.1`
   - `example2`: suppose `0.4.0` is the latest version and a hypothetical vulnerability is found both in `0.3.10` and `0.4.0`, then a patch will be released only in `0.4.1`
@@ -26,7 +26,22 @@ we will add an entry to the list of security advisories for posterity and refere
 
 
 ## Bug Bounty Program
-- as of May 2024, Vyper does not have a bug bounty program. It is planned to instantiate one soon.
+- Vyper runs a bug bounty program via the Ethereum Foundation.
+  - Bugs should be reported through the [Ethereum Foundation's bounty program](https://ethereum.org/bug-bounty).
+
+### Scope
+- Rules from the Ethereum Foundation's bug bounty program apply; for any questions please reach out [here](mailto:[email protected]). Here we further clarify the scope of the Vyper bounty program.
+- If a compiler bug affects production code, it is in scope (excluding known issues).
+  - This includes bugs in older compiler versions still used in production.
+- If a compiler bug does not currently affect production but is likely to in the future, it is in scope.
+  - This mainly applies to the latest compiler release (e.g., a new release is available but contracts are not yet deployed with it).
+  - Experimental features (e.g. `--experimental-codegen`) are out of scope, as they are not intended for production and are unlikely to affect production code.
+  - Bugs in older compiler versions are generally out of scope, as they are no longer used for new contracts.
+    - There might be exceptions, e.g., when an L2 doesn't support recent compiler releases. In such cases, it might be reasonable for an older version to be used. It is up to the discretion of the EF & Vyper team to decide if the bug is in scope.
+- If a vulnerability affects multiple contracts, the whitehat is eligible for only one payout (though the severity of the bug may increase).
+- Eligibility for project-specific bounties is independent of this bounty.
+- [Security advisories](https://github.com/vyperlang/vyper/security/advisories) and [known issues](https://github.com/vyperlang/vyper/issues) are not eligible for the bounty program, as they are publicly disclosed and protocols should structure their contracts accordingly.
+- Individuals or organizations contracted or engaged specifically for security development, auditing, or testing of this project are ineligible for the bounty program.
 
 ## Reporting a Vulnerability
 

docs/installing-vyper.rst

@@ -7,50 +7,55 @@ any errors.
 
 .. note::
 
-    The easiest way to experiment with the language is to use the `Remix online compiler <https://remix.ethereum.org>`_.
-    (Activate the vyper-remix plugin in the Plugin manager.)
+    The easiest way to experiment with the language is to use either `Try Vyper! <https://try.vyperlang.org>`_ (maintained by the Vyper team) or the `Remix online compiler <https://remix.ethereum.org>`_ (maintained by the Ethereum Foundation).
+    - To use Try Vyper, go to https://try.vyperlang.org and log in (requires Github login).
+    - To use remix, go to https://remix.ethereum.org and activate the vyper-remix plugin in the Plugin manager.
 
-Docker
-******
 
-Vyper can be downloaded as docker image from `dockerhub <https://hub.docker.com/r/vyperlang/vyper/tags?page=1&ordering=last_updated>`_:
-::
+Standalone
+**********
 
-    docker pull vyperlang/vyper
+The Vyper CLI can be installed with any ``pip`` compatible tool, for example, ``pipx`` or ``uv tool``. If you do not have ``pipx`` or ``uv`` installed, first, go to the respective tool's installation page:
 
-To run the compiler use the ``docker run`` command:
-::
+- https://github.com/pypa/pipx?tab=readme-ov-file
+- https://github.com/astral-sh/uv?tab=readme-ov-file#uv
 
-    docker run -v $(pwd):/code vyperlang/vyper /code/<contract_file.vy>
+Then, the command to install Vyper would be
 
-Alternatively you can log into the docker image and execute vyper on the prompt.
 ::
 
-    docker run -v $(pwd):/code/ -it --entrypoint /bin/bash vyperlang/vyper
-    root@d35252d1fb1b:/code# vyper <contract_file.vy>
+    pipx install vyper
+
+Or,
 
-The normal parameters are also supported, for example:
 ::
 
-    docker run -v $(pwd):/code vyperlang/vyper -f abi /code/<contract_file.vy>
-    [{'name': 'test1', 'outputs': [], 'inputs': [{'type': 'uint256', 'name': 'a'}, {'type': 'bytes', 'name': 'b'}], 'constant': False, 'payable': False, 'type': 'function', 'gas': 441}, {'name': 'test2', 'outputs': [], 'inputs': [{'type': 'uint256', 'name': 'a'}], 'constant': False, 'payable': False, 'type': 'function', 'gas': 316}]
+    uv tool install vyper
 
-.. note::
 
-    If you would like to know how to install Docker, please follow their `documentation <https://docs.docker.com/get-docker/>`_.
+Binaries
+********
+
+Alternatively, prebuilt Vyper binaries for Windows, Mac and Linux are available for download from the GitHub releases page: https://github.com/vyperlang/vyper/releases.
+
 
 PIP
 ***
 
 Installing Python
 =================
 
-Vyper can only be built using Python 3.6 and higher. If you need to know how to install the correct version of python,
+Vyper can only be built using Python 3.10 and higher. If you need to know how to install the correct version of python,
 follow the instructions from the official `Python website <https://wiki.python.org/moin/BeginnersGuide/Download>`_.
 
 Creating a virtual environment
 ==============================
 
+Because pip installations are not isolated by default, this method of
+installation is meant for more experienced Python developers who are using
+Vyper as a library, or want to use it within a Python project with other
+pip dependencies.
+
 It is **strongly recommended** to install Vyper in **a virtual Python
 environment**, so that new packages installed and dependencies built are
 strictly contained in your Vyper project and will not alter or affect your
@@ -76,13 +81,43 @@ Each tagged version of vyper is uploaded to `pypi <https://pypi.org/project/vype
 To install a specific version use:
 ::
 
-    pip install vyper==0.3.7
+    pip install vyper==0.4.0
 
 You can check if Vyper is installed completely or not by typing the following in your terminal/cmd:
 ::
 
     vyper --version
 
+
+Docker
+******
+
+Vyper can be downloaded as docker image from `dockerhub <https://hub.docker.com/r/vyperlang/vyper/tags?page=1&ordering=last_updated>`_:
+::
+
+    docker pull vyperlang/vyper
+
+To run the compiler use the ``docker run`` command:
+::
+
+    docker run -v $(pwd):/code vyperlang/vyper /code/<contract_file.vy>
+
+Alternatively you can log into the docker image and execute vyper on the prompt.
+::
+
+    docker run -v $(pwd):/code/ -it --entrypoint /bin/bash vyperlang/vyper
+    root@d35252d1fb1b:/code# vyper <contract_file.vy>
+
+The normal parameters are also supported, for example:
+::
+
+    docker run -v $(pwd):/code vyperlang/vyper -f abi /code/<contract_file.vy>
+    [{'name': 'test1', 'outputs': [], 'inputs': [{'type': 'uint256', 'name': 'a'}, {'type': 'bytes', 'name': 'b'}], 'constant': False, 'payable': False, 'type': 'function', 'gas': 441}, {'name': 'test2', 'outputs': [], 'inputs': [{'type': 'uint256', 'name': 'a'}], 'constant': False, 'payable': False, 'type': 'function', 'gas': 316}]
+
+.. note::
+
+    If you would like to know how to install Docker, please follow their `documentation <https://docs.docker.com/get-docker/>`_.
+
 nix
 ***
 

docs/types.rst

@@ -359,11 +359,12 @@ A byte array with a max size.
 The syntax being ``Bytes[maxLen]``, where ``maxLen`` is an integer which denotes the maximum number of bytes.
 On the ABI level the Fixed-size bytes array is annotated as ``bytes``.
 
-Bytes literals may be given as bytes strings.
+Bytes literals may be given as bytes strings or as hex strings.
 
 .. code-block:: vyper
 
     bytes_string: Bytes[100] = b"\x01"
+    bytes_string: Bytes[100] = x"01"
 
 .. index:: !string
 

tests/functional/builtins/codegen/test_empty.py

@@ -672,11 +672,11 @@ def test_empty_array_in_event_logging(get_contract, get_logs):
 @external
 def foo():
     log MyLog(
-        b'hellohellohellohellohellohellohellohellohello',
-        empty(int128[2][3]),
-        314159,
-        b'helphelphelphelphelphelphelphelphelphelphelp',
-        empty(uint256[3])
+        arg1=b'hellohellohellohellohellohellohellohellohello',
+        arg2=empty(int128[2][3]),
+        arg3=314159,
+        arg4=b'helphelphelphelphelphelphelphelphelphelphelp',
+        arg5=empty(uint256[3])
     )
     """
 

tests/functional/builtins/codegen/test_raw_call.py

@@ -261,6 +261,12 @@ def __default__():
     assert env.message_call(caller.address, data=sig) == b""
 
 
+def _strip_initcode_suffix(bytecode):
+    bs = bytes.fromhex(bytecode.removeprefix("0x"))
+    to_strip = int.from_bytes(bs[-2:], "big")
+    return bs[:-to_strip].hex()
+
+
 # check max_outsize=0 does same thing as not setting max_outsize.
 # compile to bytecode and compare bytecode directly.
 def test_max_outsize_0():
@@ -276,7 +282,11 @@ def test_raw_call(_target: address):
     """
     output1 = compile_code(code1, output_formats=["bytecode", "bytecode_runtime"])
     output2 = compile_code(code2, output_formats=["bytecode", "bytecode_runtime"])
-    assert output1 == output2
+    assert output1["bytecode_runtime"] == output2["bytecode_runtime"]
+
+    bytecode1 = output1["bytecode"]
+    bytecode2 = output2["bytecode"]
+    assert _strip_initcode_suffix(bytecode1) == _strip_initcode_suffix(bytecode2)
 
 
 # check max_outsize=0 does same thing as not setting max_outsize,
@@ -298,7 +308,11 @@ def test_raw_call(_target: address) -> bool:
     """
     output1 = compile_code(code1, output_formats=["bytecode", "bytecode_runtime"])
     output2 = compile_code(code2, output_formats=["bytecode", "bytecode_runtime"])
-    assert output1 == output2
+    assert output1["bytecode_runtime"] == output2["bytecode_runtime"]
+
+    bytecode1 = output1["bytecode"]
+    bytecode2 = output2["bytecode"]
+    assert _strip_initcode_suffix(bytecode1) == _strip_initcode_suffix(bytecode2)
 
 
 # test functionality of max_outsize=0

tests/functional/codegen/calling_convention/test_default_function.py

@@ -28,7 +28,7 @@ def test_basic_default(env, get_logs, get_contract):
 @external
 @payable
 def __default__():
-    log Sent(msg.sender)
+    log Sent(sender=msg.sender)
     """
     c = get_contract(code)
     env.set_balance(env.deployer, 10**18)
@@ -46,13 +46,13 @@ def test_basic_default_default_param_function(env, get_logs, get_contract):
 @external
 @payable
 def fooBar(a: int128 = 12345) -> int128:
-    log Sent(empty(address))
+    log Sent(sender=empty(address))
     return a
 
 @external
 @payable
 def __default__():
-    log Sent(msg.sender)
+    log Sent(sender=msg.sender)
     """
     c = get_contract(code)
     env.set_balance(env.deployer, 10**18)
@@ -69,7 +69,7 @@ def test_basic_default_not_payable(env, tx_failed, get_contract):
 
 @external
 def __default__():
-    log Sent(msg.sender)
+    log Sent(sender=msg.sender)
     """
     c = get_contract(code)
     env.set_balance(env.deployer, 10**17)
@@ -103,7 +103,7 @@ def test_always_public_2(assert_compile_failed, get_contract):
     sender: indexed(address)
 
 def __default__():
-    log Sent(msg.sender)
+    log Sent(sender=msg.sender)
     """
     assert_compile_failed(lambda: get_contract(code))
 
@@ -119,12 +119,12 @@ def test_zero_method_id(env, get_logs, get_contract, tx_failed):
 @payable
 # function selector: 0x00000000
 def blockHashAskewLimitary(v: uint256) -> uint256:
-    log Sent(2)
+    log Sent(sig=2)
     return 7
 
 @external
 def __default__():
-    log Sent(1)
+    log Sent(sig=1)
     """
     c = get_contract(code)
 
@@ -165,12 +165,12 @@ def test_another_zero_method_id(env, get_logs, get_contract, tx_failed):
 @payable
 # function selector: 0x00000000
 def wycpnbqcyf() -> uint256:
-    log Sent(2)
+    log Sent(sig=2)
     return 7
 
 @external
 def __default__():
-    log Sent(1)
+    log Sent(sig=1)
     """
     c = get_contract(code)
 
@@ -205,12 +205,12 @@ def test_partial_selector_match_trailing_zeroes(env, get_logs, get_contract):
 @payable
 # function selector: 0xd88e0b00
 def fow() -> uint256:
-    log Sent(2)
+    log Sent(sig=2)
     return 7
 
 @external
 def __default__():
-    log Sent(1)
+    log Sent(sig=1)
     """
     c = get_contract(code)
 

tests/functional/codegen/features/decorators/test_private.py

@@ -436,7 +436,7 @@ def i_am_me() -> bool:
 @external
 @nonpayable
 def whoami() -> address:
-    log Addr(self._whoami())
+    log Addr(addr=self._whoami())
     return self._whoami()
     """
 

tests/functional/codegen/features/test_constructor.py

@@ -1,4 +1,7 @@
+import pytest
+
 from tests.evm_backends.base_env import _compile
+from vyper.exceptions import StackTooDeep
 from vyper.utils import method_id
 
 
@@ -166,6 +169,7 @@ def get_foo() -> uint256:
     assert c.get_foo() == 39
 
 
+@pytest.mark.venom_xfail(raises=StackTooDeep, reason="stack scheduler regression")
 def test_nested_dynamic_array_constructor_arg_2(env, get_contract):
     code = """
 foo: int128