Skip to content

Releases: onflow/atree

v0.16.1

Choose a tag to compare

@turbolent turbolent released this 02 Jul 16:03
82da486

What's Changed

New Contributors

Full Changelog: v0.16.0...v0.16.1

v0.16.0

Choose a tag to compare

@turbolent turbolent released this 09 Apr 23:00
b51f976

This release focused on reviewing, documenting, and refactoring code to proactively reduce false-positive security bug reports we are likely to receive in the future. There is more potential for reviewing and refactoring, but we wanted to release worthwhile improvements now.

The most notable changes are:

  • The NewStorableSlab() function has one more parameter storableSize that is used by other code in this release..
  • The NewStorableSlab function enforces a limit of ~4.2 GB for a single StorableSlab (for perspective, the largest is 7.3 MB on mainnet and regular slabs have a median size of than 1 KB). See details.

We thank @fxamacker for all her great efforts! 🙇

What's Changed

  • Remove unused function in storage.go by @fxamacker in #646
  • Refactor and fix several issues by @fxamacker in #647
  • Add slab size overflow guard during decoding by @fxamacker in #648
  • Add more defensive checks when decoding data by @fxamacker in #649
  • Document code that is underflow/overflow safe by @fxamacker in #650
  • Add maxThreshold to enforce size invariants by @fxamacker in #651
  • Document encoding code that is truncation safe to prevent security bug reports by @fxamacker in #652
  • Document more code that is underflow/overflow safe to prevent false-positive security reports by @fxamacker in #653
  • Limit storable size in NewStorableSlab() by @fxamacker in #654

Full Changelog: v0.15.0...v0.16.0

v0.15.0

Choose a tag to compare

@fxamacker fxamacker released this 31 Mar 20:06
99dd205

What's Changed

This release uses the latest stream-mode branch of fxamacker/cbor. For more details, see (cbor v2.9.1 release notes).

Dependabot

🔎 Details...

  • Bump github/codeql-action from 4.32.6 to 4.34.1 by @dependabot[bot] in #639
  • Bump codecov/codecov-action from 5.5.2 to 6.0.0 by @dependabot[bot] in #640
  • Bump github/codeql-action from 4.34.1 to 4.35.0 by @dependabot[bot] in #641
  • Bump actions/setup-go from 6.3.0 to 6.4.0 by @dependabot[bot] in #642
  • Bump github/codeql-action from 4.35.0 to 4.35.1 by @dependabot[bot] in #643

Full Changelog: v0.14.0...v0.15.0

v0.14.0

Choose a tag to compare

@fxamacker fxamacker released this 11 Mar 02:50
704305f

This release allows client software to copy arrays and maps up to 2x faster using half the memory allocations. Optimized functions added in this release can benefit EVM, FVM, and FCM.

For example, the open yield vault transaction indirectly uses Cadence's Transfer() about 2900 times. More than 1800 of those 2900 Transfer() calls can use the new optimized functions added to Atree.

Specifically, cadence.ArrayValue.Transfer() using the new atree.Array.CopyNonRefSimple() is 2x faster and uses half as many memory allocations for byte arrays. Enums are copied about 1.5x faster.

The new functions provided by this release are:

  • Array.CopyNonRefSimple()
  • Array.CanCopyNonRefSimple()
  • OrderedMap.CopyNonRefSimple()
  • OrderedMap.CanCopyNonRefSimple()

What's Changed

  • Add support for faster copying of array and map by @fxamacker in #633
  • Implement Iterator interfaces for LoadedValueIterator by @fxamacker in #635

CI / GitHub Actions and Chores

🔎 Details...

  • Bump github/codeql-action from 4.32.4 to 4.32.5 by @dependabot[bot] in #631
  • Bump github/codeql-action from 4.32.5 to 4.32.6 by @dependabot[bot] in #634

Full Changelog: v0.13.0...v0.14.0

v0.13.0

Choose a tag to compare

@fxamacker fxamacker released this 02 Mar 15:18
b264ff6

This release adds two functions that can speedup array conversions by 13.7x with 8x less memory use. For example, cadence.ByteArrayValueToByteSlice() using the new atree.ByteArrayToByteSlice() is:

  • 13.7 times faster 🚀
  • 8 times less memory use (bytes/op)
  • 8 times fewer memory allocations (allocs/op)

Array conversions currently done in onflow/cadence can be optimized by using these new functions from atree:

  • atree.ByteArrayToByteSlice()
  • atree.ByteSliceToByteArray()

What's Changed

  • Add two new functions to optimize atree array and Go []byte conversions by @fxamacker in #629

Atree Security Policy

The guidelines in Atree Security Policy is updated based on experience with the bug bounties since October 2025.

  • Add more guidelines for security disclosures by @fxamacker in #592
  • Add "Flow Rewards" section to Atree Security Policy by @fxamacker in #620

CI / GitHub Actions and Chores

🔎 Details...

Thanks @turbolent for porting v0.12.1 to main branch!

Full Changelog: v0.12.0...v0.13.0

v0.12.1

Choose a tag to compare

@turbolent turbolent released this 29 Jan 16:05

This release adds a defensive check to prevent inserting a new element if the array already has MaxUInt32 (4.29+ billion) number of elements. In practice, arrays that need to reach 4 billion elements would require minimum of 4+ GB storage, so they would have run into some limits already enforced by client software (e.g., onflow/cadence and onflow/flow-go).

Please refer to Atree's Security Policy for more details:

Security reports should not evaluate Atree as a standalone component, because Atree relies on some limits and security guarantees provided by other components, i.e. in the Cadence programming language and the Flow node software.

Changes

Full Changelog: v0.12.0...v0.12.1

v0.12.0

Choose a tag to compare

@fxamacker fxamacker released this 07 Nov 14:12
e354664

What's Changed

There are no changes that affect behavior on testnet or mainnet.

  • Change slab size related variables from uint64 to uint32 by @fxamacker in #586
  • Bump Go and linter versions and update the code by @fxamacker in #582
  • Bump fxamacker/cbor to feature/stream-mode based on v2.9.0 by @fxamacker in #590
  • Update "Guidelines for Responsible Disclosure" in SECURITY.md by @fxamacker in #589
  • Remove unused storage function FixLoadedBrokenReferences by @fxamacker in #588
  • Add parallelism to tests to reduce atree test duration (64m -> 31m) by @fxamacker in #584

CI / GitHub Actions and Docs

🔎 Details...
  • Bump github/codeql-action from 3.30.6 to 4.30.7 by @dependabot[bot] in #581
  • Bump github/codeql-action from 4.30.7 to 4.30.8 by @dependabot[bot] in #585
  • Bump github/codeql-action from 4.30.8 to 4.30.9 by @dependabot[bot] in #591
  • Bump github/codeql-action from 4.30.9 to 4.31.0 by @dependabot[bot] in #593
  • Bump github/codeql-action from 4.31.0 to 4.31.2 by @dependabot[bot] in #594

Full Changelog: v0.11.0...v0.12.0

v0.11.0

Choose a tag to compare

@fxamacker fxamacker released this 07 Oct 17:07
4041265

What's Changed

There are no changes that affect behavior on testnet or mainnet.

This release focused on two features that are currently only used for debugging client software:

  • Add support for iterating over map data slab elements by @turbolent in #577
  • Return more data from String() for debugging by @fxamacker in #560

CI / GitHub Actions and Docs

🔎 Details...

New Contributors

Full Changelog: v0.10.1...v0.11.0

v0.10.1

Choose a tag to compare

@fxamacker fxamacker released this 22 Aug 18:40
3bbc228

What's Changed

This release is to bump lukechampine.com/blake3 from 1.4.0 to 1.4.1 because 1.4.0 was retraced by the author. However, lukechampine.com/blake3 is only by unit tests so this doesn't change anything.

The only other change outside of CI is effectively a lint (no change in behavior of the code):

CI / GitHub Actions

🔎 Details...
  • Bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in #545
  • Bump codecov/codecov-action from 5.4.0 to 5.4.2 by @dependabot[bot] in #546
  • Bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in #547
  • Bump github/codeql-action from 3.28.16 to 3.28.17 by @dependabot[bot] in #548
  • Bump lukechampine.com/blake3 from 1.4.0 to 1.4.1 by @dependabot[bot] in #549
  • Bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot[bot] in #550
  • Bump codecov/codecov-action from 5.4.2 to 5.4.3 by @dependabot[bot] in #551
  • Bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot[bot] in #552
  • Bump github/codeql-action from 3.28.18 to 3.28.19 by @dependabot[bot] in #553
  • Bump github/codeql-action from 3.28.19 to 3.29.0 by @dependabot[bot] in #554
  • Bump github/codeql-action from 3.29.0 to 3.29.1 by @dependabot[bot] in #555
  • Bump github/codeql-action from 3.29.1 to 3.29.2 by @dependabot[bot] in #556
  • Bump github/codeql-action from 3.29.2 to 3.29.4 by @dependabot[bot] in #559
  • Bump github/codeql-action from 3.29.4 to 3.29.5 by @dependabot[bot] in #561
  • Bump github/codeql-action from 3.29.7 to 3.29.8 by @dependabot[bot] in #562
  • Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #563
  • Bump github/codeql-action from 3.29.8 to 3.29.9 by @dependabot[bot] in #564
  • Bump github/codeql-action from 3.29.9 to 3.29.10 by @dependabot[bot] in #565
  • Bump codecov/codecov-action from 5.4.3 to 5.5.0 by @dependabot[bot] in #566
  • Bump github/codeql-action from 3.29.10 to 3.29.11 by @dependabot[bot] in #567

Full Changelog: v0.10.0...v0.10.1

v0.10.0

Choose a tag to compare

@fxamacker fxamacker released this 07 Apr 22:07
c53605f

Atree v0.10.0 was refactored to reduce tech debt and it uses the updated features/stream-mode branch of fxamacker/cbor v2.8.

Notable issues resolved:

  • #464 Refactor and reduce technical debt. This helps us add new features, maintain, and optimize (e.g., Lazy Decoding).
  • #539 and flow-go#7221 Update to newer feature/stream-mode branch in fxamacker/cbor from 2.4 to 2.8. This resolves build issue for external projects that depend on fxamacker/cbor 2.5 or newer versions.

Other changes needed by this release are at fxamacker/cbor:

What's Changed

Upgrade to fxamacker/cbor v2.8

  • Bump fxamacker/cbor to latest feature/stream-mode by @fxamacker in #542

We ran extensive tests to check backward compatibility, etc. #539 (comment) before merging the version bump to main branches.

Refactor to reduce tech debt

  • Remove old test files by @fxamacker in #475
  • Rename and export SlabIDLength and related constants by @fxamacker in #478
  • Replace SlabID{...} with NewSlabID() in tests by @fxamacker in #479
  • Use NewDefaultDigesterBuilder() in tests by @fxamacker in #480
  • Export PersistentSlabStorage funcs in export_test.go by @fxamacker in #481
  • Avoid using unexported SlabID fields in tests by @fxamacker in #484
  • Avoid creating ArrayDataSlab directly in tests by @fxamacker in #490
  • Avoid using unexported OrderedMap fields in tests by @fxamacker in #489
  • Avoid using unexported Array fields in tests by @fxamacker in #488
  • Avoid using unexported constants in tests by @fxamacker in #485
  • Avoid creating ArrayMetaDataSlab directly in tests by @fxamacker in #495
  • Avoid using MapDataSlab & MapMetaDataSlab in tests by @fxamacker in #497
  • Rename vars to reduce confusion (sizes vs counts) by @fxamacker in #498
  • Avoid using unexported mutableValueNotifier in tests by @fxamacker in #499
  • Use helper functions to compute array sizes in tests by @fxamacker in #500
  • Use helper funcs to compute map byte sizes in tests by @fxamacker in #501
  • Decouple non-test and test code by @fxamacker in #503
  • Move test util funcs to test_utils package for reuse by smoke tests by @fxamacker in #504
  • Rename cmd/stress to cmd/smoke (it only contains smoke tests) by @fxamacker in #505
  • Refactor smoke test to reduce duplicate code by @fxamacker in #506
  • Split array.go into smaller files and group related functions by @fxamacker in #508
  • Split map.go into smaller files and group related functions by @fxamacker in #509
  • Split storable.go & typeinfo.go into smaller files by @fxamacker in #510
  • Split storage.go into smaller files by @fxamacker in #511
  • Replace panic("not reachable") with panic(NewUnreachableError()) by @turbolent in #512
  • Split array_debug.go and map_debug.go into smaller files by @fxamacker in #513
  • Replace empty interface with any by @fxamacker in #514
  • Refactor array test & validation code to use range loops by @fxamacker in #515
  • Improve consistency of variable names in array tests by @fxamacker in #516
  • Refactor map tests & validation to use range loops by @fxamacker in #519
  • Improve consistency of variable names in map tests by @fxamacker in #520
  • Refactor non-test code to use range loops by @fxamacker in #521
  • Fix some misspelled words in docs/comments by @leopardracer in #529
  • Simplify and lint test code to improve maintainability and fix flakey test by @fxamacker in #522
  • Use go1.21 slices package functions in tests by @fxamacker in #524
  • Refactor to simplify merging child slabs in array by @fxamacker in #525
  • Refactor to simplify rebalancing child slabs in array by @fxamacker in #526
  • Refactor to simplify merging child slabs in map by @fxamacker in #527
  • Refactor to simplify rebalancing child slabs in map by @fxamacker in #528
  • Refactor ArrayMetaDataSlab.SplitChildSlab() to improve readability by @fxamacker in #530
  • Use go1.21 slices package in array by @fxamacker in #531
  • Use go1.21 slices package in map by @fxamacker in #532
  • Use go1.21 clear() instead of loops to clear elements by @fxamacker in #533
  • Simplify slab operations and reduce risks such as memory leaks, etc. by @fxamacker in #534
  • Fix smoke test memory usage by @fxamacker in #536

Other Changes

New Contributors

Full Changelog: v0.9.0...v0.10.0