Commit graph

92 commits

Author SHA1 Message Date
James O'Beirne
36c201feb7 remove CBlockIndex copy construction
Copy construction of CBlockIndex objects is a footgun because of the
wide use of equality-by-pointer comparison in the code base. There are
also potential lifetime confusions of using copied instances, since
there are recursive pointer references (e.g. pprev).

We can't just delete the copy constructors because they are used for
derived classes (CDiskBlockIndex), so we mark them protected.

Delete move constructors and declare the destructor to satisfy the
"rule of 5."
2022-12-15 14:52:28 -05:00
Pieter Wuille
ed470940cd Add functions to construct locators without CChain
This introduces an insignificant performance penalty, as it means locator
construction needs to use the skiplist-based CBlockIndex::GetAncestor()
function instead of the lookup-based CChain, but avoids the need for
callers to have access to a relevant CChain object.
2022-08-23 16:05:00 -04:00
MacroFake
fa3be799fe
Add time helpers
To be used in the next commit
2022-08-05 14:45:02 +02:00
MacroFake
faab8dceb3
Remove unused SetTip(nullptr) code 2022-08-03 09:21:53 +02:00
Jon Atack
3a61fc56a0 refactor: move CBlockIndex#ToString() from header to implementation
which allows dropping tinyformat.h from the header file.
2022-07-22 12:47:13 +02:00
Jon Atack
57865eb512 CDiskBlockIndex: rename GetBlockHash() to ConstructBlockHash()
and mark the inherited CBlockIndex#GetBlockHash public interface member
as deleted, to disallow calling it in the derived CDiskBlockIndex class.

Here is a failing test on master demonstrating the inconsistent behavior of the
current design: calling the same inherited public interface functions on the
same CDiskBlockIndex object should yield identical behavior.

```diff
diff --git a/src/test/validation_chainstatemanager_tests.cpp b/src/test/validation_chainstatemanager_tests.cpp
index 6dc522b421..dac3840f32 100644
--- a/src/test/validation_chainstatemanager_tests.cpp
+++ b/src/test/validation_chainstatemanager_tests.cpp
@@ -240,6 +240,15 @@ BOOST_FIXTURE_TEST_CASE(chainstatemanager_activate_snapshot, TestChain100Setup)

     const CBlockIndex* tip = chainman.ActiveTip();

     BOOST_CHECK_EQUAL(tip->nChainTx, au_data.nChainTx);

+    // CDiskBlockIndex "is a" CBlockIndex, as it publicly inherits from it.
+    // Test that calling the same inherited interface functions on the same
+    // object yields identical behavior.
+    CDiskBlockIndex index{tip};
+    CBlockIndex *pB = &index;
+    CDiskBlockIndex *pD = &index;
+    BOOST_CHECK_EQUAL(pB->GetBlockHash(), pD->GetBlockHash());
+    BOOST_CHECK_EQUAL(pB->ToString(), pD->ToString());
+
```

The GetBlockHash() test assertion only passes on master because the different
methods invoked by the current design happen to return the same result.  If one
of the two is changed, it fails like the ToString() assertion does.

Redefining inherited non-virtual functions is well-documented as incorrect
design to avoid inconsistent behavior (see Scott Meyers, "Effective C++", Item
36).  Class usage is confusing when the behavior depends on the pointer
definition instead of the object definition (static binding happening where
dynamic binding was expected).  This can lead to unsuspected or hard-to-track
bugs.

Outside of critical hot spots, correctness usually comes before optimisation,
but the current design dates back to main.cpp and it may possibly have been
chosen to avoid the overhead of dynamic dispatch.  This solution does the same:
the class sizes are unchanged and no vptr or vtbl is added.

There are better designs for doing this that use composition instead of
inheritance or that separate the public interface from the private
implementations.  One example of the latter would be a non-virtual public
interface that calls private virtual implementation methods, i.e. the Template
pattern via the Non-Virtual Interface (NVI) idiom.
2022-07-22 12:45:07 +02:00
Jon Atack
99e8ec8721 CDiskBlockIndex: remove unused ToString() class member
and mark its inherited CBlockIndex#ToString public interface member
as deleted, to disallow calling it in the derived CDiskBlockIndex class.
2022-07-22 12:44:16 +02:00
Jon Atack
14aeece462 CBlockIndex: ensure phashBlock is not nullptr before dereferencing
and remove a now-redundant assert preceding a GetBlockHash() caller.

This protects against UB here, and in case of failure (which would
indicate a consensus bug), the debug log will print

bitcoind: chain.h:265: uint256 CBlockIndex::GetBlockHash() const: Assertion `phashBlock != nullptr' failed.
Aborted

instead of

Segmentation fault
2022-07-22 12:42:27 +02:00
Ryan Ofsky
dc1e7ad7a5 Add doc/design/libraries.md 2022-02-15 09:29:53 -05:00
MarcoFalke
b25a752dfd
Merge bitcoin/bitcoin#24146: Avoid integer sanitizer warnings in chain.o
fa832103aa Avoid integer sanitizer warnings in chain.o (MarcoFalke)

Pull request description:

  The two changes make the code more self-documenting and also allow to remove 5 file-wide suppressions for the module

ACKs for top commit:
  PastaPastaPasta:
    utACK fa832103aa
  jonatack:
    ACK fa832103aa

Tree-SHA512: d32a06099c56eed9f69130a3209f989872acc593f849528acd7746ee6caa96688cc32de37e8e59ad5d25dcb8912e341f1a43e50642dadeff6ca7624d0873ad10
2022-01-31 09:23:54 +01:00
Jon Atack
6ea5682784
Guard CBlockIndex::nStatus/nFile/nDataPos/nUndoPos by cs_main
Co-authored-by: Vasil Dimov <vd@FreeBSD.org>
2022-01-25 20:46:52 +01:00
Vasil Dimov
ca47b00577
Require CBlockIndex::IsValid() to hold cs_main 2022-01-25 20:43:31 +01:00
Vasil Dimov
e9f3aa5f6a
Require CBlockIndex::RaiseValidity() to hold cs_main 2022-01-25 20:43:28 +01:00
Vasil Dimov
8ef457cb83
Require CBlockIndex::IsAssumedValid() to hold cs_main 2022-01-25 20:43:25 +01:00
Jon Atack
572393448b
Require CBlockIndex::GetUndoPos() to hold mutex cs_main 2022-01-25 20:43:22 +01:00
Jon Atack
6fd4341c10
Require CBlockIndex::GetBlockPos() to hold mutex cs_main 2022-01-25 20:43:12 +01:00
MarcoFalke
fa832103aa
Avoid integer sanitizer warnings in chain.o 2022-01-25 10:49:46 +01:00
Hennadii Stepanov
f47dda2c58
scripted-diff: Bump copyright headers
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-

Commits of previous years:
* 2020: fa0074e2d8
* 2019: aaaaad6ac9
2021-12-30 19:36:57 +02:00
MarcoFalke
faf2614f60
style: Use 4 spaces for indendation, not 5
Also, other whitespace fixes in the touched file.

Can be trivially reviewed with "--ignore-all-space --word-diff-regex=. -U0".
2021-12-14 12:44:30 +01:00
MarcoFalke
fada66fc2c
Disallow copies of CChain 2021-12-14 12:42:33 +01:00
W. J. van der Laan
c8e68b418f
Merge bitcoin/bitcoin#13875: [doc] nChainTx needs to become a 64-bit earlier due to SegWit
ef72e9bd41 doc: nChainTx needs to become a 64-bit earlier due to SegWit (Sjors Provoost)

Pull request description:

  As of block 597,379 txcount is 460,596,047 (see `chainparams.cpp`), while `uint32` can handle up to 4,294,967,296.

  Pre segwit the [minimum transaction size](https://en.bitcoin.it/wiki/Maximum_transaction_rate) was 166 bytes, so the worst case number of transactions per block was ~6000. As the original source comment for `unsigned int  nChainTx` says, that should last until the year 2030.

  With SegWit the smallest possible transaction is 60 bytes (potentially increased to 65 with a future soft fork, see #15482), without a witness:

  ```
  4 bytes version
      1 byte input count
          36 bytes outpoint
          1 byte scriptSigLen (0x00)
          0 bytes scriptSig
          4 bytes sequence
      1 byte output count
          8 bytes value
          1 byte scriptPubKeyLen
          1 byte scriptPubKey (OP_TRUE)
      4 bytes locktime
  ```

  That puts the maximum number of transactions per block at 16,666 so we might have to deal with this as early as a block 827,450 in early 2024.

  Given that it's a memory-only thing and we want to allow users many years to upgrade, I would suggest fixing this in v0.20 and back-porting it.

ACKs for top commit:
  practicalswift:
    re-ACK ef72e9bd41
  jarolrod:
    ACK ef72e9bd41
  theStack:
    ACK ef72e9bd41

Tree-SHA512: d8509ba7641796cd82af156354ff3a12ff7ec0f7b11215edff6696e95f8ca0e3596f719f3492ac3acb4b0884ac4e5bddc76f107b656bc2ed95a8ef1b2b5d4f71
2021-10-20 15:52:08 +02:00
James O'Beirne
42b2520db9
chain: add BLOCK_ASSUMED_VALID for use with assumeutxo
Instead of (ab)using the existing BLOCK_VALID_* flags to mark CBlockIndex entries which
we haven't yet fully validated (but assume validity for use with UTXO snapshot
loading), introduce a status flag that specifically marks an assumed-valid state.

This state is then removed in RaiseValidity() when the block has actually been
validated.

This distinction will allow us to make the necessary changes to various parts of the
system to facilitate assumeutxo/background chainstate validation but without leaking
details like snapshot height, as we had done previously.

Changes that actually make use of this flag follow in future commits.
2021-09-15 15:46:44 -04:00
MarcoFalke
fa4245d884
doc: Various validation doc fixups
* Rename RewindBlockIndex -> NeedsRedownload (follow-up to commit
  d831e711ca)
* Fix typos
* Inline comments about faking chain data to avoid duplicating them
2021-06-03 13:53:31 +02:00
Sjors Provoost
ef72e9bd41
doc: nChainTx needs to become a 64-bit earlier due to SegWit 2021-02-17 16:35:43 +01:00
James O'Beirne
f6e2da5fb7
simplify ChainstateManager::SnapshotBlockhash() return semantics
Don't return null snapshotblockhash values to avoid caller complexity/confusion.
2021-02-12 07:53:29 -06:00
Carl Dong
df536883d2
chain: Remove UB CChain comparison
It was unused, and had UB
2020-08-27 20:07:27 -04:00
MarcoFalke
fa488f131f
scripted-diff: Bump copyright headers
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-
2020-04-16 13:33:09 -04:00
Pieter Wuille
0e0fa27acb Get rid of VARINT default argument
This removes the need for the GNU C++ extension of variadic macros.
2020-02-10 12:00:10 -08:00
Pieter Wuille
9b66083788 Convert chain to new serialization 2020-01-13 08:24:44 -08:00
MarcoFalke
aaaaad6ac9
scripted-diff: Bump copyright of files changed in 2019
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-
2019-12-30 10:42:20 +13:00
MarcoFalke
fa0467326f
chain: Set all CBlockIndex members to null, remove SetNull helper 2019-10-16 13:06:50 -04:00
MarcoFalke
fa0b910486
[doc] chain: Declare BLOCK_VALID_HEADER reserved 2019-08-05 07:58:58 -04:00
Antoine Riard
765c0b364d refactor: combine Chain::findFirstBlockWithTime/findFirstBlockWithTimeAndHeight
As suggested in #14711, pass height to CChain::FindEarliestAtLeast to
simplify Chain interface by combining findFirstBlockWithTime and
findFirstBlockWithTimeAndHeight into one

Extend findearliestatleast_edge_test in consequence
2019-03-27 18:29:48 -04:00
Jim Posen
65a489e93d scripted-diff: Rename CBlockDiskPos to FlatFilePos.
-BEGIN VERIFY SCRIPT-
sed -i 's/CDiskBlockPos/FlatFilePos/g' $(git ls-files 'src/*.h' 'src/*.cpp')
-END VERIFY SCRIPT-
2019-02-22 17:38:45 -08:00
Jim Posen
d6d8a78f26 Move CDiskBlockPos from chain to flatfile. 2019-02-22 17:38:45 -08:00
Hennadii Stepanov
fb3ce75807
Don't label transactions "Open" while catching up
Since the default `nSequence` is `0xFFFFFFFE` and locktime is enabled,
the checking `wtx.is_final` is meaningless until the syncing has
completed.
2019-01-03 00:10:24 +02:00
MarcoFalke
fa4fc8856b
validation: Add and use HaveTxsDownloaded where appropriate 2018-12-04 10:51:56 -05:00
Jon Layton
8bd98a3846 [trivial] Fix typo in CDiskBlockPos struct's ToString 2018-08-14 18:03:43 -05:00
DrahtBot
eb7daf4d60 Update copyright headers to 2018 2018-07-27 07:15:02 -04:00
Ben Woosley
5b35b92768
Break circular dependency: chain -> pow -> chain
chain.h does not actually depend on the methods defined in pow.h, just its
include of consensus/params.h, which is standalone and can be included instead.

Confirmed by inspection and successful build.
2018-05-14 18:36:39 -07:00
Russell Yanofsky
499d95e278 Add static_assert to prevent VARINT(<signed value>)
Using VARINT with signed types is dangerous because negative values will appear
to serialize correctly, but then deserialize as positive values mod 128.

This commit changes the VARINT macro to trigger an error by default if called
with an signed value, and updates broken uses of VARINT to pass a special flag
that lets them keep working with no change in behavior.
2018-03-15 18:57:55 -05:00
Akira Takizawa
595a7bab23 Increment MIT Licence copyright header year on files modified in 2017 2018-01-03 02:26:56 +09:00
MeshCollider
1a445343f6 scripted-diff: Replace #include "" with #include <> (ryanofsky)
-BEGIN VERIFY SCRIPT-
for f in \
  src/*.cpp \
  src/*.h \
  src/bench/*.cpp \
  src/bench/*.h \
  src/compat/*.cpp \
  src/compat/*.h \
  src/consensus/*.cpp \
  src/consensus/*.h \
  src/crypto/*.cpp \
  src/crypto/*.h \
  src/crypto/ctaes/*.h \
  src/policy/*.cpp \
  src/policy/*.h \
  src/primitives/*.cpp \
  src/primitives/*.h \
  src/qt/*.cpp \
  src/qt/*.h \
  src/qt/test/*.cpp \
  src/qt/test/*.h \
  src/rpc/*.cpp \
  src/rpc/*.h \
  src/script/*.cpp \
  src/script/*.h \
  src/support/*.cpp \
  src/support/*.h \
  src/support/allocators/*.h \
  src/test/*.cpp \
  src/test/*.h \
  src/wallet/*.cpp \
  src/wallet/*.h \
  src/wallet/test/*.cpp \
  src/wallet/test/*.h \
  src/zmq/*.cpp \
  src/zmq/*.h
do
  base=${f%/*}/ relbase=${base#src/} sed -i "s:#include \"\(.*\)\"\(.*\):if test -e \$base'\\1'; then echo \"#include <\"\$relbase\"\\1>\\2\"; else echo \"#include <\\1>\\2\"; fi:e" $f
done
-END VERIFY SCRIPT-
2017-11-16 08:23:01 +13:00
MarcoFalke
2adbddb038
Merge #10749: Use compile-time constants instead of unnamed enumerations (remove "enum hack")
1e65f0f33 Use compile-time constants instead of unnamed enumerations (remove "enum hack") (practicalswift)

Pull request description:

  Use compile-time constants instead of unnamed enumerations (remove "enum hack").

Tree-SHA512: 1b6ebb2755398c5ebab6cce125b1dfc39cbd1504d98d55136b32703fe935c4070360ab3b2f52b1da48ba9f3b01082d204f3d87c92ccb5c8c333731f7f972e128
2017-11-11 18:07:28 -05:00
jjz
061297f0ac Ensure that data types are consistent
1. nStatus of CBlockIndex  is consistent with the definition of Enum(BlockStatus)

2. The BlockHeader is consistent with the type of variable defined in CBlockHeader
2017-09-07 11:17:35 +08:00
practicalswift
64fb0ac016 Declare single-argument (non-converting) constructors "explicit"
In order to avoid unintended implicit conversions.
2017-08-16 16:33:25 +02:00
MarcoFalke
4fb2586661
Merge #10956: Fix typos
9d5e98ff8 Fix typos. (practicalswift)

Pull request description:

  Fix some typos not covered by #10705.

Tree-SHA512: f06e9541f6ae13ef5d6731399b61795997b21a8816abeb1749c93e99a5c47354e6cbd4a3d145f4dc6ef8a13db179799a3121ecbb7288abf3e8d81cdf81500d37
2017-08-16 00:37:18 +02:00
practicalswift
9d5e98ff80 Fix typos. 2017-08-08 17:12:57 +02:00
practicalswift
90d4d89230 scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal instead of the macro NULL
-BEGIN VERIFY SCRIPT-
sed -i 's/\<NULL\>/nullptr/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h src/qt/*/*.cpp src/qt/*/*.h src/wallet/*/*.cpp src/wallet/*/*.h src/support/allocators/*.h
sed -i 's/Prefer nullptr, otherwise SAFECOOKIE./Prefer NULL, otherwise SAFECOOKIE./g' src/torcontrol.cpp
sed -i 's/tor: Using nullptr authentication/tor: Using NULL authentication/g' src/torcontrol.cpp
sed -i 's/METHODS=nullptr/METHODS=NULL/g' src/test/torcontrol_tests.cpp src/torcontrol.cpp
sed -i 's/nullptr certificates/NULL certificates/g' src/qt/paymentserver.cpp
sed -i 's/"nullptr"/"NULL"/g' src/torcontrol.cpp src/test/torcontrol_tests.cpp
-END VERIFY SCRIPT-
2017-08-07 07:36:37 +02:00
practicalswift
1e65f0f339 Use compile-time constants instead of unnamed enumerations (remove "enum hack") 2017-07-26 00:10:30 +02:00