sui_move_natives_latest/object_runtime/

mod.rs

// Copyright (c) Mysten Labs, Inc.
// SPDX-License-Identifier: Apache-2.0

pub(crate) mod accumulator;
mod fingerprint;
pub(crate) mod object_store;

use crate::object_runtime::object_store::{CacheMetadata, ChildObjectEffect};

use self::object_store::{ChildObjectEffects, ObjectResult};
use super::get_object_id;
use better_any::{Tid, TidAble};
use indexmap::map::IndexMap;
use indexmap::set::IndexSet;
use move_binary_format::errors::{PartialVMError, PartialVMResult};
use move_core_types::{
    account_address::AccountAddress,
    annotated_value::{MoveTypeLayout, MoveValue},
    annotated_visitor as AV,
    language_storage::StructTag,
    runtime_value as R,
    vm_status::StatusCode,
};
use move_vm_runtime::execution::values::{GlobalValue, Value};
use move_vm_runtime::natives::extensions::NativeExtensionMarker;
use object_store::{ActiveChildObject, ChildObjectStore};
use std::{
    collections::{BTreeMap, BTreeSet},
    sync::Arc,
};
use sui_protocol_config::{LimitThresholdCrossed, ProtocolConfig, check_limit_by_meter};
use sui_types::{
    SUI_ACCUMULATOR_ROOT_OBJECT_ID, SUI_ADDRESS_ALIAS_STATE_OBJECT_ID,
    SUI_AUTHENTICATOR_STATE_OBJECT_ID, SUI_BRIDGE_OBJECT_ID, SUI_CLOCK_OBJECT_ID,
    SUI_COIN_REGISTRY_OBJECT_ID, SUI_DENY_LIST_OBJECT_ID, SUI_DISPLAY_REGISTRY_OBJECT_ID,
    SUI_RANDOMNESS_STATE_OBJECT_ID, SUI_SYSTEM_STATE_OBJECT_ID, TypeTag,
    base_types::{MoveObjectType, ObjectID, SequenceNumber, SuiAddress},
    committee::EpochId,
    error::{ExecutionError, VMMemoryLimitExceededSubStatusCode},
    execution::DynamicallyLoadedObjectMetadata,
    execution_status::ExecutionErrorKind,
    id::UID,
    metrics::LimitsMetrics,
    object::{MoveObject, Owner},
    storage::ChildObjectResolver,
};
use tracing::error;

pub use accumulator::*;

pub enum ObjectEvent {
    /// Transfer to a new address or object. Or make it shared or immutable.
    Transfer(Owner, MoveObject),
    /// An object ID is deleted
    DeleteObjectID(ObjectID),
}

type Set<K> = IndexSet<K>;

#[derive(Default)]
pub(crate) struct TestInventories {
    pub(crate) objects: BTreeMap<ObjectID, Value>,
    // address inventories. Most recent objects are at the back of the set
    pub(crate) address_inventories: BTreeMap<SuiAddress, BTreeMap<MoveObjectType, Set<ObjectID>>>,
    // global inventories.Most recent objects are at the back of the set
    pub(crate) shared_inventory: BTreeMap<MoveObjectType, Set<ObjectID>>,
    pub(crate) immutable_inventory: BTreeMap<MoveObjectType, Set<ObjectID>>,
    pub(crate) taken_immutable_values: BTreeMap<MoveObjectType, BTreeMap<ObjectID, Value>>,
    // object has been taken from the inventory
    pub(crate) taken: BTreeMap<ObjectID, Owner>,
    // allocated receiving tickets
    pub(crate) allocated_tickets: BTreeMap<ObjectID, (DynamicallyLoadedObjectMetadata, Value)>,
}

#[derive(Debug)]
pub struct LoadedRuntimeObject {
    pub version: SequenceNumber,
    pub is_modified: bool,
}

pub struct RuntimeResults {
    pub writes: IndexMap<ObjectID, (Owner, MoveObjectType, Value)>,
    pub user_events: Vec<(StructTag, Value)>,
    pub accumulator_events: Vec<MoveAccumulatorEvent>,
    // Loaded child objects, their loaded version/digest and whether they were modified.
    pub loaded_child_objects: BTreeMap<ObjectID, LoadedRuntimeObject>,
    pub created_object_ids: Set<ObjectID>,
    pub deleted_object_ids: Set<ObjectID>,
    pub settlement_input_sui: u64,
    pub settlement_output_sui: u64,
}

#[derive(Default)]
pub(crate) struct ObjectRuntimeState {
    pub(crate) input_objects: BTreeMap<ObjectID, Owner>,
    // new ids from object::new. This does not contain any new-and-subsequently-deleted ids
    new_ids: Set<ObjectID>,
    // contains all ids generated in the txn including any new-and-subsequently-deleted ids
    generated_ids: Set<ObjectID>,
    // ids passed to object::delete
    deleted_ids: Set<ObjectID>,
    // transfers to a new owner (shared, immutable, object, or account address)
    // TODO these struct tags can be removed if type_to_type_tag was exposed in the session
    transfers: IndexMap<ObjectID, (Owner, MoveObjectType, Value)>,
    events: Vec<(StructTag, Value)>,
    accumulator_events: Vec<MoveAccumulatorEvent>,
    // total size of events emitted so far
    total_events_size: u64,
    received: IndexMap<ObjectID, DynamicallyLoadedObjectMetadata>,
    // Used to track SUI conservation in settlement transactions. Settlement transactions
    // gather up withdraws and deposits from other transactions, and record them to accumulator
    // fields. The settlement transaction records the total amount of SUI being disbursed here,
    // so that we can verify that the amount stored in the fields at the end of the transaction
    // is correct.
    settlement_input_sui: u64,
    settlement_output_sui: u64,
    accumulator_merge_totals: BTreeMap<(AccountAddress, TypeTag), u128>,
    accumulator_split_totals: BTreeMap<(AccountAddress, TypeTag), u128>,
}

#[derive(Tid)]
pub struct ObjectRuntime<'a> {
    child_object_store: ChildObjectStore<'a>,
    // inventories for test scenario
    pub(crate) test_inventories: TestInventories,
    // the internal state
    pub(crate) state: ObjectRuntimeState,
    // whether or not this TX is gas metered
    is_metered: bool,

    pub(crate) protocol_config: &'a ProtocolConfig,
    pub(crate) metrics: Arc<LimitsMetrics>,
}

impl<'a> NativeExtensionMarker<'a> for ObjectRuntime<'a> {}

pub enum TransferResult {
    New,
    SameOwner,
    OwnerChanged,
}

pub struct InputObject {
    pub contained_uids: BTreeSet<ObjectID>,
    pub version: SequenceNumber,
    pub owner: Owner,
}

impl TestInventories {
    fn new() -> Self {
        Self::default()
    }
}

impl<'a> ObjectRuntime<'a> {
    pub fn new(
        object_resolver: &'a dyn ChildObjectResolver,
        input_objects: BTreeMap<ObjectID, InputObject>,
        is_metered: bool,
        protocol_config: &'a ProtocolConfig,
        metrics: Arc<LimitsMetrics>,
        epoch_id: EpochId,
    ) -> Self {
        let mut input_object_owners = BTreeMap::new();
        let mut root_version = BTreeMap::new();
        let mut wrapped_object_containers = BTreeMap::new();
        for (id, input_object) in input_objects {
            let InputObject {
                contained_uids,
                version,
                owner,
            } = input_object;
            input_object_owners.insert(id, owner);
            debug_assert!(contained_uids.contains(&id));
            for contained_uid in contained_uids {
                root_version.insert(contained_uid, version);
                if contained_uid != id {
                    let prev = wrapped_object_containers.insert(contained_uid, id);
                    debug_assert!(prev.is_none());
                }
            }
        }
        Self {
            child_object_store: ChildObjectStore::new(
                object_resolver,
                root_version,
                wrapped_object_containers,
                is_metered,
                protocol_config,
                metrics.clone(),
                epoch_id,
            ),
            test_inventories: TestInventories::new(),
            state: ObjectRuntimeState {
                input_objects: input_object_owners,
                new_ids: Set::new(),
                generated_ids: Set::new(),
                deleted_ids: Set::new(),
                transfers: IndexMap::new(),
                events: vec![],
                accumulator_events: vec![],
                total_events_size: 0,
                received: IndexMap::new(),
                settlement_input_sui: 0,
                settlement_output_sui: 0,
                accumulator_merge_totals: BTreeMap::new(),
                accumulator_split_totals: BTreeMap::new(),
            },
            is_metered,
            protocol_config,
            metrics,
        }
    }

    pub fn new_id(&mut self, id: ObjectID) -> PartialVMResult<()> {
        // If metered, we use the metered limit (non system tx limit) as the hard limit
        // This macro takes care of that
        if let LimitThresholdCrossed::Hard(_, lim) = check_limit_by_meter!(
            self.is_metered,
            self.state.new_ids.len(),
            self.protocol_config.max_num_new_move_object_ids(),
            self.protocol_config.max_num_new_move_object_ids_system_tx(),
            self.metrics.excessive_new_move_object_ids
        ) {
            return Err(PartialVMError::new(StatusCode::MEMORY_LIMIT_EXCEEDED)
                .with_message(format!("Creating more than {} IDs is not allowed", lim))
                .with_sub_status(
                    VMMemoryLimitExceededSubStatusCode::NEW_ID_COUNT_LIMIT_EXCEEDED as u64,
                ));
        };

        // remove from deleted_ids for the case in dynamic fields where the Field object was deleted
        // and then re-added in a single transaction. In that case, we also skip adding it
        // to new_ids.
        let was_present = self.state.deleted_ids.shift_remove(&id);
        if !was_present {
            // mark the id as new
            self.state.generated_ids.insert(id);
            self.state.new_ids.insert(id);
        }
        Ok(())
    }

    pub fn delete_id(&mut self, id: ObjectID) -> PartialVMResult<()> {
        // This is defensive because `self.state.deleted_ids` may not indeed
        // be called based on the `was_new` flag
        // Metered transactions don't have limits for now

        if let LimitThresholdCrossed::Hard(_, lim) = check_limit_by_meter!(
            self.is_metered,
            self.state.deleted_ids.len(),
            self.protocol_config.max_num_deleted_move_object_ids(),
            self.protocol_config
                .max_num_deleted_move_object_ids_system_tx(),
            self.metrics.excessive_deleted_move_object_ids
        ) {
            return Err(PartialVMError::new(StatusCode::MEMORY_LIMIT_EXCEEDED)
                .with_message(format!("Deleting more than {} IDs is not allowed", lim))
                .with_sub_status(
                    VMMemoryLimitExceededSubStatusCode::DELETED_ID_COUNT_LIMIT_EXCEEDED as u64,
                ));
        };

        let was_new = self.state.new_ids.shift_remove(&id);
        if !was_new {
            self.state.deleted_ids.insert(id);
        }
        Ok(())
    }

    /// In the new PTB adapter, this function is also used for persisting owners at the end
    /// of the transaction. In which case, we don't check the transfer limits.
    pub fn transfer(
        &mut self,
        owner: Owner,
        ty: MoveObjectType,
        obj: Value,
        end_of_transaction: bool,
    ) -> PartialVMResult<TransferResult> {
        let id: ObjectID = get_object_id(obj.copy_value())?
            .value_as::<AccountAddress>()?
            .into();
        // - An object is new if it is contained in the new ids or if it is one of the objects
        //   created during genesis (the system state object or clock).
        // - Otherwise, check the input objects for the previous owner
        // - If it was not in the input objects, it must have been wrapped or must have been a
        //   child object
        let is_framework_obj = [
            SUI_SYSTEM_STATE_OBJECT_ID,
            SUI_CLOCK_OBJECT_ID,
            SUI_AUTHENTICATOR_STATE_OBJECT_ID,
            SUI_RANDOMNESS_STATE_OBJECT_ID,
            SUI_DENY_LIST_OBJECT_ID,
            SUI_BRIDGE_OBJECT_ID,
            SUI_ACCUMULATOR_ROOT_OBJECT_ID,
            SUI_COIN_REGISTRY_OBJECT_ID,
            SUI_DISPLAY_REGISTRY_OBJECT_ID,
            SUI_ADDRESS_ALIAS_STATE_OBJECT_ID,
        ]
        .contains(&id);
        let transfer_result = if self.state.new_ids.contains(&id) {
            TransferResult::New
        } else if let Some(prev_owner) = self.state.input_objects.get(&id) {
            match (&owner, prev_owner) {
                // don't use == for dummy values in Shared or ConsensusAddressOwner
                (Owner::Shared { .. }, Owner::Shared { .. }) => TransferResult::SameOwner,
                (
                    Owner::ConsensusAddressOwner {
                        owner: new_owner, ..
                    },
                    Owner::ConsensusAddressOwner {
                        owner: old_owner, ..
                    },
                ) if new_owner == old_owner => TransferResult::SameOwner,
                (new, old) if new == old => TransferResult::SameOwner,
                _ => TransferResult::OwnerChanged,
            }
        } else if is_framework_obj {
            // framework objects are always created when they are transferred, but the id is
            // hard-coded so it is not yet in new_ids or generated_ids
            self.state.new_ids.insert(id);
            self.state.generated_ids.insert(id);
            TransferResult::New
        } else {
            TransferResult::OwnerChanged
        };
        // assert!(end of transaction ==> same owner)
        if end_of_transaction
            && !matches!(
                transfer_result,
                TransferResult::New | TransferResult::SameOwner
            )
        {
            return Err(
                PartialVMError::new(StatusCode::UNKNOWN_INVARIANT_VIOLATION_ERROR).with_message(
                    format!(
                        "Untransferred object {} had its owner change or was not new",
                        id
                    ),
                ),
            );
        }

        // Metered transactions don't have limits for now

        if let LimitThresholdCrossed::Hard(_, lim) = check_limit_by_meter!(
            // TODO: is this not redundant? Metered TX implies framework obj cannot be transferred
            // We have higher limits for unmetered transactions and framework obj
            // We don't check the limit for objects whose owner is persisted at the end of the
            // transaction
            self.is_metered && !is_framework_obj && !end_of_transaction,
            self.state.transfers.len(),
            self.protocol_config.max_num_transferred_move_object_ids(),
            self.protocol_config
                .max_num_transferred_move_object_ids_system_tx(),
            self.metrics.excessive_transferred_move_object_ids
        ) {
            return Err(PartialVMError::new(StatusCode::MEMORY_LIMIT_EXCEEDED)
                .with_message(format!("Transferring more than {} IDs is not allowed", lim))
                .with_sub_status(
                    VMMemoryLimitExceededSubStatusCode::TRANSFER_ID_COUNT_LIMIT_EXCEEDED as u64,
                ));
        };

        self.state.transfers.insert(id, (owner, ty, obj));
        Ok(transfer_result)
    }

    pub fn emit_event(&mut self, tag: StructTag, event: Value) -> PartialVMResult<()> {
        if self.state.events.len() >= (self.protocol_config.max_num_event_emit() as usize) {
            return Err(max_event_error(self.protocol_config.max_num_event_emit()));
        }
        self.state.events.push((tag, event));
        Ok(())
    }

    pub fn take_user_events(&mut self) -> Vec<(StructTag, Value)> {
        std::mem::take(&mut self.state.events)
    }

    pub fn emit_accumulator_event(
        &mut self,
        accumulator_id: ObjectID,
        action: MoveAccumulatorAction,
        target_addr: AccountAddress,
        target_ty: TypeTag,
        value: MoveAccumulatorValue,
    ) -> PartialVMResult<()> {
        if let MoveAccumulatorValue::U64(amount) = value {
            let key = (target_addr, target_ty.clone());

            match action {
                MoveAccumulatorAction::Merge => {
                    let current = self
                        .state
                        .accumulator_merge_totals
                        .get(&key)
                        .copied()
                        .unwrap_or(0);
                    let new_total = current + amount as u128;
                    if new_total > u64::MAX as u128 {
                        return Err(PartialVMError::new(StatusCode::ARITHMETIC_ERROR)
                            .with_message(format!(
                                "accumulator merge overflow: total merges {} exceed u64::MAX",
                                new_total
                            )));
                    }
                    self.state.accumulator_merge_totals.insert(key, new_total);
                }
                MoveAccumulatorAction::Split => {
                    let current = self
                        .state
                        .accumulator_split_totals
                        .get(&key)
                        .copied()
                        .unwrap_or(0);
                    let new_total = current + amount as u128;
                    if new_total > u64::MAX as u128 {
                        return Err(PartialVMError::new(StatusCode::ARITHMETIC_ERROR)
                            .with_message(format!(
                                "accumulator split overflow: total splits {} exceed u64::MAX",
                                new_total
                            )));
                    }
                    self.state.accumulator_split_totals.insert(key, new_total);
                }
            }
        }

        let event = MoveAccumulatorEvent {
            accumulator_id,
            action,
            target_addr,
            target_ty,
            value,
        };
        self.state.accumulator_events.push(event);
        Ok(())
    }

    pub(crate) fn child_object_exists(
        &mut self,
        parent: ObjectID,
        child: ObjectID,
    ) -> PartialVMResult<CacheMetadata<bool>> {
        self.child_object_store.object_exists(parent, child)
    }

    pub(crate) fn child_object_exists_and_has_type(
        &mut self,
        parent: ObjectID,
        child: ObjectID,
        child_type: &MoveObjectType,
    ) -> PartialVMResult<CacheMetadata<bool>> {
        self.child_object_store
            .object_exists_and_has_type(parent, child, child_type)
    }

    pub(super) fn receive_object(
        &mut self,
        parent: ObjectID,
        child: ObjectID,
        child_version: SequenceNumber,
        child_layout: &R::MoveTypeLayout,
        child_fully_annotated_layout: &MoveTypeLayout,
        child_move_type: MoveObjectType,
    ) -> PartialVMResult<Option<ObjectResult<CacheMetadata<Value>>>> {
        let Some((value, obj_meta)) = self.child_object_store.receive_object(
            parent,
            child,
            child_version,
            child_layout,
            child_fully_annotated_layout,
            child_move_type,
        )?
        else {
            return Ok(None);
        };
        // NB: It is important that the object only be added to the received set after it has been
        // fully authenticated and loaded.
        if self.state.received.insert(child, obj_meta).is_some() {
            // We should never hit this -- it means that we have received the same object twice which
            // means we have a duplicated a receiving ticket somehow.
            return Err(
                PartialVMError::new(StatusCode::UNKNOWN_INVARIANT_VIOLATION_ERROR).with_message(format!(
                    "Object {child} at version {child_version} already received. This can only happen \
                    if multiple `Receiving` arguments exist for the same object in the transaction which is impossible."
                )),
            );
        }
        Ok(Some(value))
    }

    pub(crate) fn get_or_fetch_child_object(
        &mut self,
        parent: ObjectID,
        child: ObjectID,
        child_layout: &R::MoveTypeLayout,
        child_fully_annotated_layout: &MoveTypeLayout,
        child_move_type: MoveObjectType,
    ) -> PartialVMResult<ObjectResult<CacheMetadata<&mut GlobalValue>>> {
        let res = self.child_object_store.get_or_fetch_object(
            parent,
            child,
            child_layout,
            child_fully_annotated_layout,
            child_move_type,
        )?;
        Ok(match res {
            ObjectResult::MismatchedType => ObjectResult::MismatchedType,
            ObjectResult::Loaded((cache_info, child_object)) => {
                ObjectResult::Loaded((cache_info, &mut child_object.value))
            }
        })
    }

    pub(crate) fn add_child_object(
        &mut self,
        parent: ObjectID,
        child: ObjectID,
        child_move_type: MoveObjectType,
        child_value: Value,
    ) -> PartialVMResult<()> {
        self.child_object_store
            .add_object(parent, child, child_move_type, child_value)
    }

    pub(crate) fn config_setting_unsequenced_read(
        &mut self,
        config_id: ObjectID,
        name_df_id: ObjectID,
        field_setting_layout: &R::MoveTypeLayout,
        field_setting_object_type: &MoveObjectType,
    ) -> Option<Value> {
        match self.child_object_store.config_setting_unsequenced_read(
            config_id,
            name_df_id,
            field_setting_layout,
            field_setting_object_type,
        ) {
            Err(e) => {
                error!(
                    "Failed to read config setting.
                    config_id: {config_id},
                    name_df_id: {name_df_id},
                    field_setting_object_type:  {field_setting_object_type:?},
                    error: {e}"
                );
                None
            }
            Ok(ObjectResult::MismatchedType) | Ok(ObjectResult::Loaded(None)) => None,
            Ok(ObjectResult::Loaded(Some(value))) => Some(value),
        }
    }

    pub(super) fn config_setting_cache_update(
        &mut self,
        config_id: ObjectID,
        name_df_id: ObjectID,
        setting_value_object_type: MoveObjectType,
        value: Option<Value>,
    ) {
        self.child_object_store.config_setting_cache_update(
            config_id,
            name_df_id,
            setting_value_object_type,
            value,
        )
    }

    // returns None if a child object is still borrowed
    pub(crate) fn take_state(&mut self) -> ObjectRuntimeState {
        std::mem::take(&mut self.state)
    }

    pub fn is_deleted(&self, id: &ObjectID) -> bool {
        self.state.deleted_ids.contains(id)
    }

    pub fn is_transferred(&self, id: &ObjectID) -> Option<Owner> {
        self.state
            .transfers
            .get(id)
            .map(|(owner, _, _)| owner.clone())
    }

    pub fn finish(mut self) -> Result<RuntimeResults, ExecutionError> {
        let loaded_child_objects = self.loaded_runtime_objects();
        let child_effects = self.child_object_store.take_effects().map_err(|e| {
            ExecutionError::invariant_violation(format!("Failed to take child object effects: {e}"))
        })?;
        self.state.finish(loaded_child_objects, child_effects)
    }

    pub(crate) fn all_active_child_objects(&self) -> impl Iterator<Item = ActiveChildObject<'_>> {
        self.child_object_store.all_active_objects()
    }

    pub fn loaded_runtime_objects(&self) -> BTreeMap<ObjectID, DynamicallyLoadedObjectMetadata> {
        // The loaded child objects, and the received objects, should be disjoint. If they are not,
        // this is an error since it could lead to incorrect transaction dependency computations.
        debug_assert!(
            self.child_object_store
                .cached_objects()
                .keys()
                .all(|id| !self.state.received.contains_key(id))
        );
        self.child_object_store
            .cached_objects()
            .iter()
            .filter_map(|(id, obj_opt)| {
                obj_opt.as_ref().map(|obj| {
                    (
                        *id,
                        DynamicallyLoadedObjectMetadata {
                            version: obj.version(),
                            digest: obj.digest(),
                            storage_rebate: obj.storage_rebate,
                            owner: obj.owner.clone(),
                            previous_transaction: obj.previous_transaction,
                        },
                    )
                })
            })
            .chain(
                self.state
                    .received
                    .iter()
                    .map(|(id, meta)| (*id, meta.clone())),
            )
            .collect()
    }

    /// A map from wrapped objects to the object that wraps them at the beginning of the
    /// transaction.
    pub fn wrapped_object_containers(&self) -> BTreeMap<ObjectID, ObjectID> {
        self.child_object_store.wrapped_object_containers().clone()
    }

    pub fn record_settlement_sui_conservation(&mut self, input_sui: u64, output_sui: u64) {
        self.state.settlement_input_sui += input_sui;
        self.state.settlement_output_sui += output_sui;
    }

    /// Return the set of all object IDs that were created during this transaction, including any
    /// object IDs that were created and then deleted during the transaction.
    pub fn generated_object_ids(&self) -> BTreeSet<ObjectID> {
        self.state.generated_ids.iter().cloned().collect()
    }
}

pub fn max_event_error(max_events: u64) -> PartialVMError {
    PartialVMError::new(StatusCode::MEMORY_LIMIT_EXCEEDED)
        .with_message(format!(
            "Emitting more than {} events is not allowed",
            max_events
        ))
        .with_sub_status(VMMemoryLimitExceededSubStatusCode::EVENT_COUNT_LIMIT_EXCEEDED as u64)
}

impl ObjectRuntimeState {
    /// Update `state_view` with the effects of successfully executing a transaction:
    /// - Given the effects of child objects, processes the changes in terms of
    ///   object writes/deletes basedon the previous state and the changes to the child objects.
    /// - Process `transfers` and `input_objects` to determine whether the type of change
    ///   (WriteKind) to the object
    /// - Process `deleted_ids` with previously determined information to determine the
    ///   DeleteKind
    /// - Passes through user events
    pub(crate) fn finish(
        mut self,
        loaded_child_objects: BTreeMap<ObjectID, DynamicallyLoadedObjectMetadata>,
        child_object_effects: ChildObjectEffects,
    ) -> Result<RuntimeResults, ExecutionError> {
        let mut loaded_child_objects: BTreeMap<_, _> = loaded_child_objects
            .into_iter()
            .map(|(id, metadata)| {
                (
                    id,
                    LoadedRuntimeObject {
                        version: metadata.version,
                        is_modified: false,
                    },
                )
            })
            .collect();
        self.apply_child_object_effects(&mut loaded_child_objects, child_object_effects);
        let ObjectRuntimeState {
            input_objects: _,
            new_ids,
            generated_ids,
            deleted_ids,
            transfers,
            events: user_events,
            total_events_size: _,
            received,
            accumulator_events,
            settlement_input_sui,
            settlement_output_sui,
            accumulator_merge_totals: _,
            accumulator_split_totals: _,
        } = self;

        // The set of new ids is a subset of the generated ids.
        debug_assert!(new_ids.is_subset(&generated_ids));

        // Check new owners from transfers, reports an error on cycles.
        // TODO can we have cycles in the new system?
        check_circular_ownership(
            transfers
                .iter()
                .map(|(id, (owner, _, _))| (*id, owner.clone())),
        )?;
        // For both written_objects and deleted_ids, we need to mark the loaded child object as modified.
        // These may not be covered in the child object effects if they are taken out in one PT command and then
        // transferred/deleted in a different command. Marking them as modified will allow us properly determine their
        // mutation category in effects.
        // TODO: This could get error-prone quickly: what if we forgot to mark an object as modified? There may be a cleaner
        // sulution.
        let written_objects: IndexMap<_, _> = transfers
            .into_iter()
            .map(|(id, (owner, type_, value))| {
                if let Some(loaded_child) = loaded_child_objects.get_mut(&id) {
                    loaded_child.is_modified = true;
                }
                (id, (owner, type_, value))
            })
            .collect();
        for deleted_id in &deleted_ids {
            if let Some(loaded_child) = loaded_child_objects.get_mut(deleted_id) {
                loaded_child.is_modified = true;
            }
        }

        // Any received objects are viewed as modified. They had to be loaded in order to be
        // received so they must be in the loaded_child_objects map otherwise it's an invariant
        // violation.
        for (received_object, _) in received.into_iter() {
            match loaded_child_objects.get_mut(&received_object) {
                Some(loaded_child) => {
                    loaded_child.is_modified = true;
                }
                None => {
                    return Err(ExecutionError::invariant_violation(format!(
                        "Failed to find received UID {received_object} in loaded child objects."
                    )));
                }
            }
        }

        Ok(RuntimeResults {
            writes: written_objects,
            user_events,
            accumulator_events,
            loaded_child_objects,
            created_object_ids: new_ids,
            deleted_object_ids: deleted_ids,
            settlement_input_sui,
            settlement_output_sui,
        })
    }

    pub fn events(&self) -> &[(StructTag, Value)] {
        &self.events
    }

    pub fn total_events_size(&self) -> u64 {
        self.total_events_size
    }

    pub fn incr_total_events_size(&mut self, size: u64) {
        self.total_events_size += size;
    }

    fn apply_child_object_effects(
        &mut self,
        loaded_child_objects: &mut BTreeMap<ObjectID, LoadedRuntimeObject>,
        child_object_effects: ChildObjectEffects,
    ) {
        for (child, child_object_effect) in child_object_effects {
            let ChildObjectEffect {
                owner: parent,
                ty,
                final_value,
                object_changed,
            } = child_object_effect;

            if object_changed {
                if let Some(loaded_child) = loaded_child_objects.get_mut(&child) {
                    loaded_child.is_modified = true;
                }

                match final_value {
                    None => {
                        // Value was changed and is no longer present, it may have been wrapped,
                        // transferred, or deleted.

                        // If it was transferred, it should not have been deleted
                        // transferred ==> !deleted
                        debug_assert!(
                            !self.transfers.contains_key(&child)
                                || !self.deleted_ids.contains(&child)
                        );
                        // If it was deleted, it should not have been transferred. Additionally,
                        // if it was deleted, it should no longer be marked as new.
                        // deleted ==> !transferred and !new
                        debug_assert!(
                            !self.deleted_ids.contains(&child)
                                || (!self.transfers.contains_key(&child)
                                    && !self.new_ids.contains(&child))
                        );
                    }
                    Some(v) => {
                        // Value was changed (or the owner was changed)

                        // It is still a dynamic field so it should not be transferred or deleted
                        debug_assert!(
                            !self.transfers.contains_key(&child)
                                && !self.deleted_ids.contains(&child)
                        );
                        // If it was loaded, it must have been new. But keep in mind if it was not
                        // loaded, it is not necessarily new since it could have been
                        // input/wrapped/received
                        // loaded ==> !new
                        debug_assert!(
                            !loaded_child_objects.contains_key(&child)
                                || !self.new_ids.contains(&child)
                        );
                        // Mark the mutation of the new value and/or parent.
                        self.transfers
                            .insert(child, (Owner::ObjectOwner(parent.into()), ty, v));
                    }
                }
            } else {
                // The object was not changed.
                // If it was created,
                //   it must now have been moved elsewhere (wrapped or transferred).
                // If it was deleted or transferred,
                //   it must have been an input/received/wrapped object.
                // In either case, the value must now have been moved elsewhere, giving us:
                // (new or deleted or transferred or received) ==> no value
                // which is equivalent to:
                // has value ==> (!deleted and !transferred and !input)
                // If the value is still there, it must have been loaded.
                // Combining these to give us the check:
                // has value ==> (loaded and !deleted and !transferred and !input and !received)
                // which is equivalent to:
                // !(no value) ==> (loaded and !deleted and !transferred and !input and !received)
                debug_assert!(
                    final_value.is_none()
                        || (loaded_child_objects.contains_key(&child)
                            && !self.deleted_ids.contains(&child)
                            && !self.transfers.contains_key(&child)
                            && !self.input_objects.contains_key(&child)
                            && !self.received.contains_key(&child))
                );
                // In any case, if it was not changed, it should not be marked as modified
                debug_assert!(
                    loaded_child_objects
                        .get(&child)
                        .is_none_or(|loaded_child| !loaded_child.is_modified)
                );
            }
        }
    }
}

fn check_circular_ownership(
    transfers: impl IntoIterator<Item = (ObjectID, Owner)>,
) -> Result<(), ExecutionError> {
    let mut object_owner_map = BTreeMap::new();
    for (id, recipient) in transfers {
        object_owner_map.remove(&id);
        match recipient {
            Owner::AddressOwner(_)
            | Owner::Shared { .. }
            | Owner::Immutable
            | Owner::ConsensusAddressOwner { .. } => (),
            Owner::ObjectOwner(new_owner) => {
                let new_owner: ObjectID = new_owner.into();
                let mut cur = new_owner;
                loop {
                    if cur == id {
                        return Err(ExecutionError::from_kind(
                            ExecutionErrorKind::CircularObjectOwnership { object: cur },
                        ));
                    }
                    if let Some(parent) = object_owner_map.get(&cur) {
                        cur = *parent;
                    } else {
                        break;
                    }
                }
                object_owner_map.insert(id, new_owner);
            }
        }
    }
    Ok(())
}

/// WARNING! This function assumes that the bcs bytes have already been validated,
/// and it will give an invariant violation otherwise.
/// In short, we are relying on the invariant that the bytes are valid for objects
/// in storage.  We do not need this invariant for dev-inspect, as the programmable
/// transaction execution will validate the bytes before we get to this point.
pub fn get_all_uids(
    fully_annotated_layout: &MoveTypeLayout,
    bcs_bytes: &[u8],
) -> Result<BTreeSet<ObjectID>, /* invariant violation */ String> {
    let mut ids = BTreeSet::new();
    struct UIDTraversal<'i>(&'i mut BTreeSet<ObjectID>);
    struct UIDCollector<'i>(&'i mut BTreeSet<ObjectID>);

    impl<'b, 'l> AV::Traversal<'b, 'l> for UIDTraversal<'_> {
        type Error = AV::Error;

        fn traverse_struct(
            &mut self,
            driver: &mut AV::StructDriver<'_, 'b, 'l>,
        ) -> Result<(), Self::Error> {
            if driver.struct_layout().type_ == UID::type_() {
                while driver.next_field(&mut UIDCollector(self.0))?.is_some() {}
            } else {
                while driver.next_field(self)?.is_some() {}
            }
            Ok(())
        }
    }

    impl<'b, 'l> AV::Traversal<'b, 'l> for UIDCollector<'_> {
        type Error = AV::Error;
        fn traverse_address(
            &mut self,
            _driver: &AV::ValueDriver<'_, 'b, 'l>,
            value: AccountAddress,
        ) -> Result<(), Self::Error> {
            self.0.insert(value.into());
            Ok(())
        }
    }

    MoveValue::visit_deserialize(
        bcs_bytes,
        fully_annotated_layout,
        &mut UIDTraversal(&mut ids),
    )
    .map_err(|e| format!("Failed to deserialize. {e}"))?;
    Ok(ids)
}