Merge #895: miniscript: rewrite satisfier to be non-recursive

a662453 satisfy: add regression test for timelock tracking in or_i satisfaction (Andrew Poelstra)
c491ae5 miniscript/satisfy: rewrite satifier to be non-recursive (Andrew Poelstra)
ffbf415 miniscript/satisfy: move multi/multi_a into submodule (Andrew Poelstra)
3214b70 miniscript/satisfy: move the rest of the terminals into their own module (Andrew Poelstra)
fe0d153 miniscript/satisfy: move pk_k logic into helper function (Andrew Poelstra)
e372b12 miniscript/satisfy: use Miniscript instead of Terminal in API (Andrew Poelstra)
171bd33 rename miniscript/satisfy.rs to miniscript/satisfy/mod.rs (Andrew Poelstra)

Pull request description:

  Currently the `Miniscript::satisfy` function is implemented by the function `Satisfaction::satisfy_helper` which is mutually recursive with the function `Satisfaction::dissatisfy_helper`. There are a few issues with this:
  
  1. Rust does not handle recursion well, and this may stack overflow.
  2. We need to fish several parameters (closures for computing min/thresh based on whether we allow malleability; the Taproot leaf hash which might be garbage for non-Taproot outputs; a boolean indicating whether we are hassig) through every single recursive call, which results in a *lot* of noise and makes the code very hard to maintain. (In particular, I want to fix the Taproot leaf hash thing, but without rewriting the satisfier, this requires changing several dozen call sites.)
  3. The logic is very hard to follow and mixes somewhat-complicated recursion logic with actual satisfaction logic, which might be wrong (there is one logic change I made related to timelocks; I have a FIXME to find a test case for this because I am pretty sure the old logic was wrong.)
  
  So I rewrote the whole function. I haven't benchmarked but I suspect the new one is a little slower, though it is asymptotically the same. The slowness comes from using heap-based rather than stack-based recursion, and also because the old algorithm could sometimes skip computing dissatisfactions while this one never does. I think the increase in code clarity justifies the loss of performance (if there is one).
  
  See the last commit message for more details.


ACKs for top commit:
  trevarj:
    ACK a662453
  apoelstra:
    On a662453 successfully ran local tests
  tcharding:
    ACK a662453


Tree-SHA512: b017fa5774b9bb4fc1a2d985e40c0fb41bf9cb055a53dded12cb2392effab046dc727f7d0558b74a6034db1cd1dce45e995d6d00f1382def677a6c5b01c9e5f9

Author: apoelstra

src/miniscript/mod.rs

@@ -464,7 +464,7 @@ impl<Pk: MiniscriptKey, Ctx: ScriptContext> Miniscript<Pk, Ctx> {
     {
         // Only satisfactions for default versions (0xc0) are allowed.
         let satisfaction = satisfy::Satisfaction::satisfy(
-            &self.node,
+            self,
             &satisfier,
             self.ty.mall.safe,
             &self.leaf_hash_internal(),
@@ -482,7 +482,7 @@ impl<Pk: MiniscriptKey, Ctx: ScriptContext> Miniscript<Pk, Ctx> {
         Pk: ToPublicKey,
     {
         let satisfaction = satisfy::Satisfaction::satisfy_mall(
-            &self.node,
+            self,
             &satisfier,
             self.ty.mall.safe,
             &self.leaf_hash_internal(),
@@ -511,7 +511,7 @@ impl<Pk: MiniscriptKey, Ctx: ScriptContext> Miniscript<Pk, Ctx> {
         Pk: ToPublicKey,
     {
         satisfy::Satisfaction::build_template(
-            &self.node,
+            self,
             provider,
             self.ty.mall.safe,
             &self.leaf_hash_internal(),
@@ -527,7 +527,7 @@ impl<Pk: MiniscriptKey, Ctx: ScriptContext> Miniscript<Pk, Ctx> {
         Pk: ToPublicKey,
     {
         satisfy::Satisfaction::build_template_mall(
-            &self.node,
+            self,
             provider,
             self.ty.mall.safe,
             &self.leaf_hash_internal(),