Merge pull request #6315 from raymondliu0711/feature/merge_master_to_develop

Merge master into develop

Author: CodeNinjaEvan

.github/workflows/codeql.yml

@@ -33,7 +33,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -46,7 +46,7 @@ jobs:
     # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -59,6 +59,6 @@ jobs:
     #     ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/math-check.yml

@@ -0,0 +1,93 @@
+name: Check Math Usage
+
+on:
+  push:
+    branches: [ 'master', 'release_**' ]
+  pull_request:
+    branches: [ 'develop', 'release_**' ]
+  workflow_dispatch:
+
+jobs:
+  check-math:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Check for java.lang.Math usage
+        id: check-math
+        shell: bash
+        run: |
+          echo "Checking for java.lang.Math usage..."
+          
+          touch math_usage.txt
+          
+          while IFS= read -r file; do
+            filename=$(basename "$file")
+            if [[ "$filename" == "StrictMathWrapper.java" || "$filename" == "MathWrapper.java" ]]; then
+              continue
+            fi
+          
+            perl -0777 -ne '
+              s/"([^"\\]|\\.)*"//g;
+              s/'\''([^'\''\\]|\\.)*'\''//g;
+              s!/\*([^*]|\*[^/])*\*/!!g;
+              s!//[^\n]*!!g;
+              $hasMath = 0;
+              $hasMath = 1 if /^[\s]*import[\s]+java\.lang\.Math\b/m;
+              $hasMath = 1 if /\bjava\s*\.\s*lang\s*\.\s*Math\s*\./;
+              $hasMath = 1 if /(?<![\w\.])(?<!Strict)Math\s*\./;
+              print "$ARGV\n" if $hasMath;
+            ' "$file" >> math_usage.txt
+          done < <(find . -type f -name "*.java")
+          
+          sort -u math_usage.txt -o math_usage.txt
+          
+          if [ -s math_usage.txt ]; then
+            echo "❌ Error: Forbidden Math usage found in the following files:"
+            cat math_usage.txt
+            echo "math_found=true" >> $GITHUB_OUTPUT
+            echo "Please use org.tron.common.math.StrictMathWrapper instead of direct Math usage."
+          else
+            echo "✅ No forbidden Math usage found"
+            echo "math_found=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Upload findings
+        if: steps.check-math.outputs.math_found == 'true'
+        uses: actions/upload-artifact@v4
+        with:
+          name: math-usage-report
+          path: math_usage.txt
+
+      - name: Create comment
+        if: github.event_name == 'pull_request' && steps.check-math.outputs.math_found == 'true'
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const fs = require('fs');
+            const findings = fs.readFileSync('math_usage.txt', 'utf8');
+            const body = `### ❌ Math Usage Detection Results
+            
+            Found forbidden usage of \`java.lang.Math\` in the following files:
+            
+            \`\`\`
+            ${findings}
+            \`\`\`
+            
+            **Please review if this usage is intended.**
+            > [!CAUTION]
+            > Note: You should use \`org.tron.common.math.StrictMathWrapper\`.
+            > If you need to use \`java.lang.Math\`, please provide a justification.
+            `;
+            
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: body
+            });
+
+      - name: Fail if Math usage found
+        if: steps.check-math.outputs.math_found == 'true'
+        run: exit 1

actuator/src/main/java/org/tron/core/actuator/AbstractActuator.java

@@ -2,9 +2,14 @@
 
 import com.google.protobuf.Any;
 import com.google.protobuf.GeneratedMessageV3;
+import org.tron.common.math.Maths;
+import org.tron.common.utils.Commons;
 import org.tron.common.utils.ForkController;
 import org.tron.core.ChainBaseManager;
+import org.tron.core.capsule.AccountCapsule;
 import org.tron.core.capsule.TransactionCapsule;
+import org.tron.core.exception.BalanceInsufficientException;
+import org.tron.core.store.AccountStore;
 import org.tron.protos.Protocol.Transaction.Contract;
 import org.tron.protos.Protocol.Transaction.Contract.ContractType;
 
@@ -63,4 +68,61 @@ public AbstractActuator setForkUtils(ForkController forkController) {
     return this;
   }
 
+  public long addExact(long x, long y) {
+    return Maths.addExact(x, y, this.disableJavaLangMath());
+  }
+
+  public long addExact(int x, int y) {
+    return Maths.addExact(x, y, this.disableJavaLangMath());
+  }
+
+  public long floorDiv(long x, long y) {
+    return Maths.floorDiv(x, y, this.disableJavaLangMath());
+  }
+
+  public long floorDiv(long x, int y) {
+    return this.floorDiv(x, (long) y);
+  }
+
+  public long multiplyExact(long x, long y) {
+    return Maths.multiplyExact(x, y, this.disableJavaLangMath());
+  }
+
+  public long multiplyExact(long x, int y) {
+    return this.multiplyExact(x, (long) y);
+  }
+
+  public int multiplyExact(int x, int y) {
+    return Maths.multiplyExact(x, y, this.disableJavaLangMath());
+  }
+
+  public long subtractExact(long x, long y) {
+    return Maths.subtractExact(x, y, this.disableJavaLangMath());
+  }
+
+  public int min(int a, int b) {
+    return Maths.min(a, b, this.disableJavaLangMath());
+  }
+
+  public long min(long a, long b) {
+    return Maths.min(a, b, this.disableJavaLangMath());
+  }
+
+  public void adjustBalance(AccountStore accountStore, byte[] accountAddress, long amount)
+      throws BalanceInsufficientException {
+    AccountCapsule account = accountStore.getUnchecked(accountAddress);
+    this.adjustBalance(accountStore, account, amount);
+  }
+
+  /**
+   * judge balance.
+   */
+  public void adjustBalance(AccountStore accountStore, AccountCapsule account, long amount)
+      throws BalanceInsufficientException {
+    Commons.adjustBalance(accountStore, account, amount, this.disableJavaLangMath());
+  }
+
+  boolean disableJavaLangMath() {
+    return chainBaseManager.getDynamicPropertiesStore().disableJavaLangMath();
+  }
 }

actuator/src/main/java/org/tron/core/actuator/AccountPermissionUpdateActuator.java

@@ -8,7 +8,6 @@
 import java.util.Objects;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
-import org.tron.common.utils.Commons;
 import org.tron.common.utils.DecodeUtil;
 import org.tron.core.capsule.AccountCapsule;
 import org.tron.core.capsule.TransactionResultCapsule;
@@ -52,11 +51,11 @@ public boolean execute(Object object) throws ContractExeException {
           accountPermissionUpdateContract.getActivesList());
       accountStore.put(ownerAddress, account);
 
-      Commons.adjustBalance(accountStore, ownerAddress, -fee);
+      adjustBalance(accountStore, ownerAddress, -fee);
       if (chainBaseManager.getDynamicPropertiesStore().supportBlackHoleOptimization()) {
         chainBaseManager.getDynamicPropertiesStore().burnTrx(fee);
       } else {
-        Commons.adjustBalance(accountStore, accountStore.getBlackhole(), fee);
+        adjustBalance(accountStore, accountStore.getBlackhole(), fee);
       }
 
       result.setStatus(fee, code.SUCESS);
@@ -111,7 +110,7 @@ private boolean checkPermission(Permission permission) throws ContractValidateEx
         throw new ContractValidateException("key's weight should be greater than 0");
       }
       try {
-        weightSum = Math.addExact(weightSum, key.getWeight());
+        weightSum = addExact(weightSum, key.getWeight());
       } catch (ArithmeticException e) {
         throw new ContractValidateException(e.getMessage());
       }

actuator/src/main/java/org/tron/core/actuator/AssetIssueActuator.java

@@ -24,7 +24,6 @@
 import java.util.List;
 import java.util.Objects;
 import lombok.extern.slf4j.Slf4j;
-import org.tron.common.utils.Commons;
 import org.tron.common.utils.DecodeUtil;
 import org.tron.core.capsule.AccountCapsule;
 import org.tron.core.capsule.AssetIssueCapsule;
@@ -84,11 +83,11 @@ public boolean execute(Object result) throws ContractExeException {
             .put(assetIssueCapsuleV2.createDbV2Key(), assetIssueCapsuleV2);
       }
 
-      Commons.adjustBalance(accountStore, ownerAddress, -fee);
+      adjustBalance(accountStore, ownerAddress, -fee);
       if (dynamicStore.supportBlackHoleOptimization()) {
         dynamicStore.burnTrx(fee);
       } else {
-        Commons.adjustBalance(accountStore, accountStore.getBlackhole(), fee);//send to blackhole
+        adjustBalance(accountStore, accountStore.getBlackhole(), fee);//send to blackhole
       }
       AccountCapsule accountCapsule = accountStore.get(ownerAddress);
       List<FrozenSupply> frozenSupplyList = assetIssueContract.getFrozenSupplyList();

actuator/src/main/java/org/tron/core/actuator/CreateAccountActuator.java

@@ -6,7 +6,6 @@
 import com.google.protobuf.InvalidProtocolBufferException;
 import java.util.Objects;
 import lombok.extern.slf4j.Slf4j;
-import org.tron.common.utils.Commons;
 import org.tron.common.utils.DecodeUtil;
 import org.tron.common.utils.StringUtil;
 import org.tron.core.capsule.AccountCapsule;
@@ -48,13 +47,12 @@ public boolean execute(Object result)
       accountStore
           .put(accountCreateContract.getAccountAddress().toByteArray(), accountCapsule);
 
-      Commons
-          .adjustBalance(accountStore, accountCreateContract.getOwnerAddress().toByteArray(), -fee);
+      adjustBalance(accountStore, accountCreateContract.getOwnerAddress().toByteArray(), -fee);
       // Add to blackhole address
       if (dynamicStore.supportBlackHoleOptimization()) {
         dynamicStore.burnTrx(fee);
       } else {
-        Commons.adjustBalance(accountStore, accountStore.getBlackhole(), fee);
+        adjustBalance(accountStore, accountStore.getBlackhole(), fee);
       }
       ret.setStatus(fee, code.SUCESS);
     } catch (BalanceInsufficientException | InvalidProtocolBufferException e) {

actuator/src/main/java/org/tron/core/actuator/DelegateResourceActuator.java

@@ -15,7 +15,6 @@
 import java.util.Arrays;
 import java.util.Objects;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.ArrayUtils;
 import org.tron.common.utils.DecodeUtil;
 import org.tron.common.utils.StringUtil;
 import org.tron.core.capsule.AccountCapsule;
@@ -162,7 +161,8 @@ public boolean validate() throws ContractValidateException {
         }
         long netUsage = (long) (accountNetUsage * TRX_PRECISION * ((double)
             (dynamicStore.getTotalNetWeight()) / dynamicStore.getTotalNetLimit()));
-        long v2NetUsage = getV2NetUsage(ownerCapsule, netUsage);
+        long v2NetUsage = getV2NetUsage(ownerCapsule, netUsage,
+            this.disableJavaLangMath());
         if (ownerCapsule.getFrozenV2BalanceForBandwidth() - v2NetUsage < delegateBalance) {
           throw new ContractValidateException(
               "delegateBalance must be less than or equal to available FreezeBandwidthV2 balance");
@@ -175,7 +175,8 @@ public boolean validate() throws ContractValidateException {
 
         long energyUsage = (long) (ownerCapsule.getEnergyUsage() * TRX_PRECISION * ((double)
             (dynamicStore.getTotalEnergyWeight()) / dynamicStore.getTotalEnergyCurrentLimit()));
-        long v2EnergyUsage = getV2EnergyUsage(ownerCapsule, energyUsage);
+        long v2EnergyUsage = getV2EnergyUsage(ownerCapsule, energyUsage,
+            this.disableJavaLangMath());
         if (ownerCapsule.getFrozenV2BalanceForEnergy() - v2EnergyUsage < delegateBalance) {
           throw new ContractValidateException(
                   "delegateBalance must be less than or equal to available FreezeEnergyV2 balance");

actuator/src/main/java/org/tron/core/actuator/ExchangeCreateActuator.java

@@ -9,7 +9,6 @@
 import java.util.Arrays;
 import java.util.Objects;
 import lombok.extern.slf4j.Slf4j;
-import org.tron.common.utils.Commons;
 import org.tron.common.utils.DecodeUtil;
 import org.tron.common.utils.StringUtil;
 import org.tron.core.capsule.AccountCapsule;
@@ -121,7 +120,7 @@ public boolean execute(Object object) throws ContractExeException {
       if (dynamicStore.supportBlackHoleOptimization()) {
         dynamicStore.burnTrx(fee);
       } else {
-        Commons.adjustBalance(accountStore, accountStore.getBlackhole(), fee);
+        adjustBalance(accountStore, accountStore.getBlackhole(), fee);
       }
       ret.setExchangeId(id);
       ret.setStatus(fee, code.SUCESS);

actuator/src/main/java/org/tron/core/actuator/ExchangeInjectActuator.java

@@ -71,14 +71,14 @@ public boolean execute(Object object) throws ContractExeException {
 
       if (Arrays.equals(tokenID, firstTokenID)) {
         anotherTokenID = secondTokenID;
-        anotherTokenQuant = Math
-            .floorDiv(Math.multiplyExact(secondTokenBalance, tokenQuant), firstTokenBalance);
+        anotherTokenQuant = floorDiv(multiplyExact(
+            secondTokenBalance, tokenQuant), firstTokenBalance);
         exchangeCapsule.setBalance(firstTokenBalance + tokenQuant,
             secondTokenBalance + anotherTokenQuant);
       } else {
         anotherTokenID = firstTokenID;
-        anotherTokenQuant = Math
-            .floorDiv(Math.multiplyExact(firstTokenBalance, tokenQuant), secondTokenBalance);
+        anotherTokenQuant = floorDiv(multiplyExact(
+            firstTokenBalance, tokenQuant), secondTokenBalance);
         exchangeCapsule.setBalance(firstTokenBalance + anotherTokenQuant,
             secondTokenBalance + tokenQuant);
       }

actuator/src/main/java/org/tron/core/actuator/ExchangeWithdrawActuator.java

@@ -76,16 +76,12 @@ public boolean execute(Object object) throws ContractExeException {
       BigInteger bigTokenQuant = new BigInteger(String.valueOf(tokenQuant));
       if (Arrays.equals(tokenID, firstTokenID)) {
         anotherTokenID = secondTokenID;
-//        anotherTokenQuant = Math
-//            .floorDiv(Math.multiplyExact(secondTokenBalance, tokenQuant), firstTokenBalance);
         anotherTokenQuant = bigSecondTokenBalance.multiply(bigTokenQuant)
             .divide(bigFirstTokenBalance).longValueExact();
         exchangeCapsule.setBalance(firstTokenBalance - tokenQuant,
             secondTokenBalance - anotherTokenQuant);
       } else {
         anotherTokenID = firstTokenID;
-//        anotherTokenQuant = Math
-//            .floorDiv(Math.multiplyExact(firstTokenBalance, tokenQuant), secondTokenBalance);
         anotherTokenQuant = bigFirstTokenBalance.multiply(bigTokenQuant)
             .divide(bigSecondTokenBalance).longValueExact();
         exchangeCapsule.setBalance(firstTokenBalance - anotherTokenQuant,
@@ -210,8 +206,6 @@ public boolean validate() throws ContractValidateException {
     BigDecimal bigSecondTokenBalance = new BigDecimal(String.valueOf(secondTokenBalance));
     BigDecimal bigTokenQuant = new BigDecimal(String.valueOf(tokenQuant));
     if (Arrays.equals(tokenID, firstTokenID)) {
-//      anotherTokenQuant = Math
-//          .floorDiv(Math.multiplyExact(secondTokenBalance, tokenQuant), firstTokenBalance);
       anotherTokenQuant = bigSecondTokenBalance.multiply(bigTokenQuant)
           .divideToIntegralValue(bigFirstTokenBalance).longValueExact();
       if (firstTokenBalance < tokenQuant || secondTokenBalance < anotherTokenQuant) {
@@ -230,8 +224,6 @@ public boolean validate() throws ContractValidateException {
       }
 
     } else {
-//      anotherTokenQuant = Math
-//          .floorDiv(Math.multiplyExact(firstTokenBalance, tokenQuant), secondTokenBalance);
       anotherTokenQuant = bigFirstTokenBalance.multiply(bigTokenQuant)
           .divideToIntegralValue(bigSecondTokenBalance).longValueExact();
       if (secondTokenBalance < tokenQuant || firstTokenBalance < anotherTokenQuant) {

actuator/src/main/java/org/tron/core/actuator/MarketCancelOrderActuator.java

@@ -23,7 +23,6 @@
 import com.google.protobuf.InvalidProtocolBufferException;
 import java.util.Objects;
 import lombok.extern.slf4j.Slf4j;
-import org.tron.common.utils.Commons;
 import org.tron.common.utils.DecodeUtil;
 import org.tron.core.capsule.AccountCapsule;
 import org.tron.core.capsule.MarketOrderCapsule;
@@ -100,7 +99,7 @@ public boolean execute(Object object) throws ContractExeException {
       if (dynamicStore.supportBlackHoleOptimization()) {
         dynamicStore.burnTrx(fee);
       } else {
-        Commons.adjustBalance(accountStore, accountStore.getBlackhole(), fee);
+        adjustBalance(accountStore, accountStore.getBlackhole(), fee);
       }
       // 1. return balance and token
       MarketUtils