Merge #345: feat: add annex to env

apoelstra · apoelstra · commit b57dba278a6c · 2026-05-10T12:34:55.000Z
c4d6ee6 feat: add serde Serialize support for Cost and NodeBounds (stringhandler) 050f9bd feat(elements): pass taproot annex to C FFI transaction construction (stringhandler) Pull request description: Add the annex to the transaction environment so that it is included in hashes created by jets. This is almost entirely coded by delta1 but is required to add functionality to `hal-simplicity` and can be seen/tested here https://github.com/stringhandler/hal-simplicity/tree/feat/add-annex. ACKs for top commit: apoelstra: ACK c4d6ee6; successfully ran local tests Tree-SHA512: e6620f2f61d8c04d0a46c9a40e373823d36942da7f32ed6015c87af7b49a086fbb5ac913bba90461d5fd03c0d56dc64b361ab99c01ac21023bd374b1088ec145
diff --git a/src/analysis.rs b/src/analysis.rs
@@ -6,6 +6,8 @@ use std::{cmp, fmt};
 use crate::value::Word;
 #[cfg(feature = "elements")]
 use elements::encode::Encodable;
+#[cfg(feature = "serde")]
+use serde::Serialize;
 #[cfg(feature = "elements")]
 use std::{convert::TryFrom, io};
 
@@ -65,6 +67,7 @@ impl From<U32Weight> for bitcoin::Weight {
 /// Programs that are CPU-heavy need to be padded
 /// so that the witness stack provides a large-enough budget.
 #[derive(Copy, Clone, Debug, Eq, PartialEq, Ord, PartialOrd, Hash)]
+#[cfg_attr(feature = "serde", derive(Serialize))]
 pub struct Cost(u32);
 
 impl Cost {
@@ -234,6 +237,7 @@ impl From<Cost> for bitcoin::Weight {
 
 /// Bounds on the resources required by a node during execution on the Bit Machine
 #[derive(Debug, Copy, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
+#[cfg_attr(feature = "serde", derive(Serialize))]
 pub struct NodeBounds {
     /// Upper bound on the required number of cells (bits).
     /// The root additionally requires the bit width of its source and target type (input, output)
diff --git a/src/jet/elements/c_env.rs b/src/jet/elements/c_env.rs
@@ -3,6 +3,7 @@
 //! High level APIs for creating C FFI compatible environment.
 //!
 
+use bitcoin::taproot::TAPROOT_ANNEX_PREFIX;
 use hashes::Hash;
 use std::os::raw::c_uchar;
 
@@ -33,7 +34,6 @@ struct RawOutputData {
 /// passed to the C FFI.
 #[derive(Debug)]
 struct RawInputData {
-    #[allow(dead_code)] // see FIXME below
     pub annex: Option<Vec<c_uchar>>,
     // pegin
     pub genesis_hash: Option<[c_uchar; 32]>,
@@ -73,10 +73,10 @@ fn new_raw_input<'raw>(
     inp: &'raw elements::TxIn,
     in_utxo: &'raw ElementsUtxo,
     inp_data: &'raw RawInputData,
+    annex: *const c_elements::CRawBuffer,
 ) -> c_elements::CRawInput<'raw> {
     c_elements::CRawInput {
-        // FIXME actually pass the annex in; see https://github.com/BlockstreamResearch/simplicity/issues/311 for some difficulty here.
-        annex: core::ptr::null(),
+        annex,
         prev_txid: inp.previous_output.txid.as_ref(),
         pegin: inp_data.genesis_hash.as_ref(),
         issuance: if inp.has_issuance() {
@@ -114,7 +114,7 @@ fn new_tx_data(tx: &elements::Transaction, in_utxos: &[ElementsUtxo]) -> RawTran
     };
     for (inp, in_utxo) in tx.input.iter().zip(in_utxos.iter()) {
         let inp_data = RawInputData {
-            annex: None, // Actually store annex
+            annex: get_annex(&inp.witness).map(|s| s.to_vec()),
             genesis_hash: inp
                 .pegin_data()
                 .map(|x| x.genesis_hash.to_raw_hash().to_byte_array()),
@@ -148,15 +148,28 @@ pub(super) fn new_tx(
 ) -> *mut c_elements::CTransaction {
     let mut raw_inputs = Vec::new();
     let mut raw_outputs = Vec::new();
+
+    // SAFETY: this allocation *must* live until after the `simplicity_mallocTransaction`
+    //  at the bottom of this function. We convert the vector to a boxed slice to ensure
+    //  it cannot be resized, which would potentially trigger a reallocation.
+    let mut raw_annexes = Vec::from_iter((0..tx.input.len()).map(|_| None)).into_boxed_slice();
+
     let txid = tx.txid();
     let tx_data = new_tx_data(tx, in_utxos);
-    for ((inp, in_utxo), inp_data) in tx
-        .input
-        .iter()
+    for (((raw_annex, inp), in_utxo), inp_data) in raw_annexes
+        .iter_mut()
+        .zip(tx.input.iter())
         .zip(in_utxos.iter())
         .zip(tx_data.inputs.iter())
     {
-        let res = new_raw_input(inp, in_utxo, inp_data);
+        *raw_annex = inp_data
+            .annex
+            .as_ref()
+            .map(|annex| c_elements::CRawBuffer::new(annex));
+        let annex_ptr = raw_annex
+            .as_ref()
+            .map_or(core::ptr::null(), |b| b as *const _);
+        let res = new_raw_input(inp, in_utxo, inp_data, annex_ptr);
         raw_inputs.push(res);
     }
     for (out, out_data) in tx.output.iter().zip(tx_data.outputs.iter()) {
@@ -172,10 +185,16 @@ pub(super) fn new_tx(
         version: tx.version,
         locktime: tx.lock_time.to_consensus_u32(),
     };
-    unsafe {
+    let ret = unsafe {
         // SAFETY: this is a FFI call and we constructed its argument correctly.
         c_elements::simplicity_mallocTransaction(&c_raw_tx)
-    }
+    };
+
+    // Explicitly drop raw_annexes so Rust doesn't try any funny business dropping it early.
+    // Drop raw_inputs first since it contains pointers into raw_annexes
+    drop(raw_inputs);
+    drop(raw_annexes);
+    ret
 }
 
 pub(super) fn new_tap_env(
@@ -256,3 +275,13 @@ fn serialize_surjection_proof(surjection_proof: &Option<Box<SurjectionProof>>) -
         .map(|x| x.serialize())
         .unwrap_or_default()
 }
+
+/// If the last item in the witness stack is an annex, return the data following the 0x50 byte.
+fn get_annex(in_witness: &elements::TxInWitness) -> Option<&[u8]> {
+    let last_item = in_witness.script_witness.last()?;
+    if *last_item.first()? == TAPROOT_ANNEX_PREFIX {
+        Some(&last_item[1..])
+    } else {
+        None
+    }
+}
