Skip to content

Add Account.Storage.limitedToPaths#4452

Draft
turbolent wants to merge 3 commits intomasterfrom
bastian/4314-account-storage-limited-to-paths
Draft

Add Account.Storage.limitedToPaths#4452
turbolent wants to merge 3 commits intomasterfrom
bastian/4314-account-storage-limited-to-paths

Conversation

@turbolent
Copy link
Copy Markdown
Member

@turbolent turbolent commented Mar 13, 2026

Work towards #4314

Description

Add a new function access(Storage) fun limitedToPaths(_ paths: [Path]): auth(Storage) &Account.Storage to Account.Storage, that returns a reference to a new Account.Storage value that restricts all operations to the given paths (allowlist).

  • load/borrow/copy on a non-allowed path return nil
  • check on a non-allowed path returns false
  • type on a non-allowed path returns nil
  • save to a non-allowed path aborts with an error
  • forEachStored/forEachPublic only iterate over allowed paths
  • storagePaths/publicPaths only contain paths that are allowed

Calling limitedToPaths on existing limited storage value returns an even more restricted storage value, i.e. the set of allowed paths is the intersection of the existing and new path sets.

Passing an empty array pf paths blocks all paths (distinct from unlimited).

  • Targeted PR against master branch
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work
  • Code follows the standards mentioned here
  • Updated relevant documentation
  • Re-reviewed Files changed in the Github PR explorer
  • Added appropriate labels

@turbolent turbolent self-assigned this Mar 13, 2026
@turbolent turbolent mentioned this pull request Mar 13, 2026
Open
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 13, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 13, 2026
edited
Loading

Benchstat comparison

  • Base branch: onflow:master
  • Base commit: 6e7bbb2
Results

old.txtnew.txt
time/opdelta
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
ByteArrayTransfer-41.33µs ± 0%1.21µs ± 0%~(p=1.000 n=1+1)
ByteArrayValueToByteSlice-487.2ns ± 0%81.9ns ± 0%~(p=1.000 n=1+1)
ByteSliceToByteArrayValue-4928ns ± 0%980ns ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/bbq/compiler goos:linux goarch:amd64
CompileFungibleTokenTransferTransaction-4129µs ± 0%135µs ± 0%~(p=1.000 n=1+1)
CompileTime-437.5µs ± 0%38.2µs ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/runtime goos:linux goarch:amd64
ContractFunctionInvocation-4409µs ± 0%413µs ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
ContractImport-4216µs ± 0%220µs ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
EMVAddressTransfer-43.46µs ± 0%3.46µs ± 0%~(p=1.000 n=1+1)
Emit-44.53ms ± 0%4.76ms ± 0%~(p=1.000 n=1+1)
EnumTransfer-41.36µs ± 0%1.48µs ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/runtime goos:linux goarch:amd64
ExportType/composite_type-4266ns ± 0%269ns ± 0%~(p=1.000 n=1+1)
ExportType/simple_type-477.7ns ± 0%77.6ns ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
FTTransfer-4176µs ± 0%177µs ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/sema goos:linux goarch:amd64
FlowTokenContract-4618µs ± 0%618µs ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
ImperativeFib-423.1µs ± 0%23.9µs ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
ImperativeFib-424.8µs ± 0%25.1µs ± 0%~(p=1.000 n=1+1)
ImperativeFibNewCompilerNewVM-450.1µs ± 0%49.8µs ± 0%~(p=1.000 n=1+1)
ImperativeFibNewVM-428.3µs ± 0%28.3µs ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
InterpretRecursionFib-42.30ms ± 0%2.28ms ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
InterpreterFTTransfer-4150µs ± 0%149µs ± 0%~(p=1.000 n=1+1)
InterpreterImperativeFib-423.2µs ± 0%23.0µs ± 0%~(p=1.000 n=1+1)
InterpreterNewStruct-465.0µs ± 0%65.8µs ± 0%~(p=1.000 n=1+1)
MethodCall/concrete_type_method_call-442.0µs ± 0%40.9µs ± 0%~(p=1.000 n=1+1)
MethodCall/interface_method_call-466.2µs ± 0%66.8µs ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
NewInterpreter/new_interpreter-4867ns ± 0%867ns ± 0%~(p=1.000 n=1+1)
NewInterpreter/new_sub-interpreter-4323ns ± 0%327ns ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
NewResource-4101µs ± 0%102µs ± 0%~(p=1.000 n=1+1)
NewStruct-443.4µs ± 0%42.0µs ± 0%~(p=1.000 n=1+1)
NewStructRaw-43.22µs ± 0%3.26µs ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/sema goos:linux goarch:amd64
QualifiedIdentifierCreation/One_level-42.49ns ± 0%1.86ns ± 0%~(p=1.000 n=1+1)
QualifiedIdentifierCreation/Three_levels-490.0ns ± 0%82.7ns ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
RecursionFib-41.38ms ± 0%1.41ms ± 0%~(p=1.000 n=1+1)
RuntimeFungibleTokenTransfer-4786µs ± 0%793µs ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/runtime goos:linux goarch:amd64
RuntimeFungibleTokenTransferInterpreter-4635µs ± 0%630µs ± 0%~(p=1.000 n=1+1)
RuntimeFungibleTokenTransferVM-4690µs ± 0%720µs ± 0%~(p=1.000 n=1+1)
RuntimeResourceDictionaryValues-42.69ms ± 0%2.73ms ± 0%~(p=1.000 n=1+1)
RuntimeResourceTracking-410.0ms ± 0%10.1ms ± 0%~(p=1.000 n=1+1)
RuntimeScriptNoop-415.0µs ± 0%15.7µs ± 0%~(p=1.000 n=1+1)
RuntimeVMInvokeContractImperativeFib-440.0µs ± 0%41.3µs ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/sema goos:linux goarch:amd64
SuperTypeInference/arrays-4225ns ± 0%236ns ± 0%~(p=1.000 n=1+1)
SuperTypeInference/composites-491.3ns ± 0%94.0ns ± 0%~(p=1.000 n=1+1)
SuperTypeInference/integers-4319ns ± 0%313ns ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
ValueIsSubtypeOfSemaType-469.3ns ± 0%59.2ns ± 0%~(p=1.000 n=1+1)
 
alloc/opdelta
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
ByteArrayTransfer-41.07kB ± 0%1.08kB ± 0%~(p=1.000 n=1+1)
ByteArrayValueToByteSlice-432.0B ± 0%32.0B ± 0%~(all equal)
ByteSliceToByteArrayValue-4853B ± 0%850B ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/bbq/compiler goos:linux goarch:amd64
CompileFungibleTokenTransferTransaction-482.2kB ± 0%82.2kB ± 0%~(p=1.000 n=1+1)
CompileTime-416.6kB ± 0%16.6kB ± 0%~(all equal)
pkg:github.com/onflow/cadence/runtime goos:linux goarch:amd64
ContractFunctionInvocation-4146kB ± 0%146kB ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
ContractImport-473.5kB ± 0%73.5kB ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
EMVAddressTransfer-42.46kB ± 0%2.45kB ± 0%~(p=1.000 n=1+1)
Emit-41.49MB ± 0%1.50MB ± 0%~(p=1.000 n=1+1)
EnumTransfer-4831B ± 0%868B ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/runtime goos:linux goarch:amd64
ExportType/composite_type-4120B ± 0%120B ± 0%~(all equal)
ExportType/simple_type-40.00B 0.00B ~(all equal)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
FTTransfer-453.4kB ± 0%53.4kB ± 0%~(all equal)
pkg:github.com/onflow/cadence/sema goos:linux goarch:amd64
FlowTokenContract-4223kB ± 0%223kB ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
ImperativeFib-48.30kB ± 0%8.30kB ± 0%~(all equal)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
ImperativeFib-45.34kB ± 0%5.34kB ± 0%~(all equal)
ImperativeFibNewCompilerNewVM-425.7kB ± 0%25.7kB ± 0%~(all equal)
ImperativeFibNewVM-48.07kB ± 0%8.07kB ± 0%~(all equal)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
InterpretRecursionFib-41.19MB ± 0%1.19MB ± 0%~(all equal)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
InterpreterFTTransfer-450.7kB ± 0%50.7kB ± 0%~(p=1.000 n=1+1)
InterpreterImperativeFib-48.29kB ± 0%8.29kB ± 0%~(all equal)
InterpreterNewStruct-424.5kB ± 0%24.4kB ± 0%~(p=1.000 n=1+1)
MethodCall/concrete_type_method_call-49.39kB ± 0%9.35kB ± 0%~(p=1.000 n=1+1)
MethodCall/interface_method_call-416.8kB ± 0%16.8kB ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
NewInterpreter/new_interpreter-4976B ± 0%976B ± 0%~(all equal)
NewInterpreter/new_sub-interpreter-4232B ± 0%232B ± 0%~(all equal)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
NewResource-443.3kB ± 0%43.3kB ± 0%~(all equal)
NewStruct-413.1kB ± 0%12.9kB ± 0%~(p=1.000 n=1+1)
NewStructRaw-41.70kB ± 0%1.70kB ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/sema goos:linux goarch:amd64
QualifiedIdentifierCreation/One_level-40.00B 0.00B ~(all equal)
QualifiedIdentifierCreation/Three_levels-464.0B ± 0%64.0B ± 0%~(all equal)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
RecursionFib-4244kB ± 0%244kB ± 0%~(p=1.000 n=1+1)
RuntimeFungibleTokenTransfer-4247kB ± 0%247kB ± 0%~(p=1.000 n=1+1)
pkg:github.com/onflow/cadence/runtime goos:linux goarch:amd64
RuntimeFungibleTokenTransferInterpreter-4170kB ± 0%171kB ± 0%~(p=1.000 n=1+1)
RuntimeFungibleTokenTransferVM-4192kB ± 0%192kB ± 0%~(p=1.000 n=1+1)
RuntimeResourceDictionaryValues-41.76MB ± 0%1.77MB ± 0%~(p=1.000 n=1+1)
RuntimeResourceTracking-46.99MB ± 0%6.98MB ± 0%~(p=1.000 n=1+1)
RuntimeScriptNoop-48.05kB ± 0%8.07kB ± 0%~(p=1.000 n=1+1)
RuntimeVMInvokeContractImperativeFib-413.3kB ± 0%13.3kB ± 0%~(all equal)
pkg:github.com/onflow/cadence/sema goos:linux goarch:amd64
SuperTypeInference/arrays-472.0B ± 0%72.0B ± 0%~(all equal)
SuperTypeInference/composites-40.00B 0.00B ~(all equal)
SuperTypeInference/integers-40.00B 0.00B ~(all equal)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
ValueIsSubtypeOfSemaType-432.0B ± 0%32.0B ± 0%~(all equal)
 
allocs/opdelta
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
ByteArrayTransfer-47.00 ± 0%7.00 ± 0%~(all equal)
ByteArrayValueToByteSlice-41.00 ± 0%1.00 ± 0%~(all equal)
ByteSliceToByteArrayValue-45.00 ± 0%5.00 ± 0%~(all equal)
pkg:github.com/onflow/cadence/bbq/compiler goos:linux goarch:amd64
CompileFungibleTokenTransferTransaction-4563 ± 0%563 ± 0%~(all equal)
CompileTime-4202 ± 0%202 ± 0%~(all equal)
pkg:github.com/onflow/cadence/runtime goos:linux goarch:amd64
ContractFunctionInvocation-42.42k ± 0%2.42k ± 0%~(all equal)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
ContractImport-41.25k ± 0%1.25k ± 0%~(all equal)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
EMVAddressTransfer-429.0 ± 0%29.0 ± 0%~(all equal)
Emit-440.0k ± 0%40.0k ± 0%~(all equal)
EnumTransfer-413.0 ± 0%13.0 ± 0%~(all equal)
pkg:github.com/onflow/cadence/runtime goos:linux goarch:amd64
ExportType/composite_type-43.00 ± 0%3.00 ± 0%~(all equal)
ExportType/simple_type-40.00 0.00 ~(all equal)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
FTTransfer-41.58k ± 0%1.58k ± 0%~(all equal)
pkg:github.com/onflow/cadence/sema goos:linux goarch:amd64
FlowTokenContract-43.58k ± 0%3.58k ± 0%~(all equal)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
ImperativeFib-4176 ± 0%176 ± 0%~(all equal)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
ImperativeFib-4262 ± 0%262 ± 0%~(all equal)
ImperativeFibNewCompilerNewVM-4470 ± 0%470 ± 0%~(all equal)
ImperativeFibNewVM-4306 ± 0%306 ± 0%~(all equal)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
InterpretRecursionFib-417.7k ± 0%17.7k ± 0%~(all equal)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
InterpreterFTTransfer-41.11k ± 0%1.11k ± 0%~(all equal)
InterpreterImperativeFib-4175 ± 0%175 ± 0%~(all equal)
InterpreterNewStruct-4418 ± 0%418 ± 0%~(all equal)
MethodCall/concrete_type_method_call-4328 ± 0%328 ± 0%~(all equal)
MethodCall/interface_method_call-4488 ± 0%488 ± 0%~(all equal)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
NewInterpreter/new_interpreter-415.0 ± 0%15.0 ± 0%~(all equal)
NewInterpreter/new_sub-interpreter-44.00 ± 0%4.00 ± 0%~(all equal)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
NewResource-4919 ± 0%919 ± 0%~(all equal)
NewStruct-4364 ± 0%364 ± 0%~(all equal)
NewStructRaw-430.0 ± 0%30.0 ± 0%~(all equal)
pkg:github.com/onflow/cadence/sema goos:linux goarch:amd64
QualifiedIdentifierCreation/One_level-40.00 0.00 ~(all equal)
QualifiedIdentifierCreation/Three_levels-42.00 ± 0%2.00 ± 0%~(all equal)
pkg:github.com/onflow/cadence/bbq/vm/test goos:linux goarch:amd64
RecursionFib-413.4k ± 0%13.4k ± 0%~(all equal)
RuntimeFungibleTokenTransfer-44.28k ± 0%4.28k ± 0%~(all equal)
pkg:github.com/onflow/cadence/runtime goos:linux goarch:amd64
RuntimeFungibleTokenTransferInterpreter-43.27k ± 0%3.27k ± 0%~(all equal)
RuntimeFungibleTokenTransferVM-43.73k ± 0%3.73k ± 0%~(all equal)
RuntimeResourceDictionaryValues-436.7k ± 0%36.7k ± 0%~(all equal)
RuntimeResourceTracking-4129k ± 0%129k ± 0%~(all equal)
RuntimeScriptNoop-4114 ± 0%114 ± 0%~(all equal)
RuntimeVMInvokeContractImperativeFib-4424 ± 0%424 ± 0%~(all equal)
pkg:github.com/onflow/cadence/sema goos:linux goarch:amd64
SuperTypeInference/arrays-43.00 ± 0%3.00 ± 0%~(all equal)
SuperTypeInference/composites-40.00 0.00 ~(all equal)
SuperTypeInference/integers-40.00 0.00 ~(all equal)
pkg:github.com/onflow/cadence/interpreter goos:linux goarch:amd64
ValueIsSubtypeOfSemaType-41.00 ± 0%1.00 ± 0%~(all equal)
 

@turbolent turbolent marked this pull request as draft March 13, 2026 21:54
@turbolent turbolent force-pushed the bastian/4314-account-storage-limited-to-paths branch from f85122e to 1a57c69 Compare March 13, 2026 23:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SupunS SupunS Awaiting requested review from SupunS SupunS is a code owner

@RZhang05 RZhang05 Awaiting requested review from RZhang05 RZhang05 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@turbolent turbolent

Labels

Feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@turbolent