Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

backport: Merge bitcoin/bitcoin#23418, 25144, 25480, 25492 #6519

Open
wants to merge 4 commits into
base: develop
Choose a base branch
from

Conversation

vijaydasmp
Copy link

bitcoin backports

@vijaydasmp vijaydasmp force-pushed the Jan_2025_03 branch 4 times, most recently from ecb05bf to fb70100 Compare January 4, 2025 15:27
@vijaydasmp vijaydasmp changed the title backport : Merge bitcoin/bitcoin#23418, 25144,25480,25492,24836 backport: Merge bitcoin/bitcoin#23418, 25144,25480,25492,24836 Jan 5, 2025
@vijaydasmp vijaydasmp force-pushed the Jan_2025_03 branch 5 times, most recently from a2257de to 3941a52 Compare January 9, 2025 14:41
@vijaydasmp vijaydasmp force-pushed the Jan_2025_03 branch 2 times, most recently from f391a48 to fea3f61 Compare January 15, 2025 13:53
…tion RPC

fa07f84 Fix signed integer overflow in prioritisetransaction RPC (MarcoFalke)
fa52cf8 refactor: Replace feeDelta by m_modified_fee (MarcoFalke)

Pull request description:

  Signed integer overflow is UB in theory, but not in practice. Still,
  it would be nice to avoid this UB to allow Bitcoin Core to be
  compiled with sanitizers such as `-ftrapv` or ubsan.

  It is impossible to predict when and if an overflow occurs, since
  the overflow caused by a prioritisetransaction RPC might only be
  later hit when descendant txs are added to the mempool.
  Since it is impossible to predict reliably, leave it up to the user
  to use the RPC endpoint responsibly, considering their mempool
  limits and usage patterns.

  Fixes: bitcoin#20626
  Fixes: bitcoin#20383
  Fixes: bitcoin#19278
  Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34146 / https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47132

  ## Steps to reproduce

  Build the code without the changes in this pull.

  Make sure to pass the sanitizer flag:

  ```
  ./autogen.sh && ./configure --with-sanitizers=signed-integer-overflow && make clean && make -j $(nproc)
  ```

  ### Reproduce on RPC

  ```
  ./src/bitcoind -chain=regtest -noprinttoconsole &
  ./src/bitcoin-cli -chain=regtest prioritisetransaction 00000000deadbeef00000000deadbeef00000000deadbeef00000000deadbeef 0 9123456789123456789
  ./src/bitcoin-cli -chain=regtest prioritisetransaction 00000000deadbeef00000000deadbeef00000000deadbeef00000000deadbeef 0 9123456789123456789
  |> txmempool.cpp:920:15: runtime error: signed integer overflow: 9123456789123456789 + 9123456789123456789 cannot be represented in type 'long int'

  ./src/bitcoin-cli -chain=regtest stop
  ```

  ### By fuzzing

  ```
  wget https://github.com/bitcoin/bitcoin/files/8921302/clusterfuzz-testcase-minimized-validation_load_mempool-5599531390074880.bin.txt
  FUZZ=validation_load_mempool ./src/test/fuzz/fuzz ./clusterfuzz-testcase-minimized-validation_load_mempool-5599531390074880.bin.txt
  |> txmempool.cpp:920:15: runtime error: signed integer overflow: 7214801925397553184 + 2314885530818453536 cannot be represented in type 'long int'
  |> validation_load_mempool: succeeded against 1 files in 0s.

ACKs for top commit:
  vasild:
    ACK fa07f84
  dunxen:
    ACK fa07f84
  LarryRuane:
    ACK fa07f84

Tree-SHA512: 4a357950af55a49c9113da0a50c2e743c5b752f0514dd8d16cd92bfde2f77dd0ef56aa98452626df6f7f7a5b51d1227021f6bc94091201a179f0d488ee32a0df
@vijaydasmp vijaydasmp force-pushed the Jan_2025_03 branch 2 times, most recently from 7227b85 to 4bf1a22 Compare January 18, 2025 14:11
MacroFake and others added 3 commits January 18, 2025 21:25
fa8aa0a Pass Peer& to Misbehaving() (MacroFake)

Pull request description:

  `Misbehaving` has several coding related issues (ignoring the conceptual issues here for now):
  * It is public, but it is not supposed to be called from outside of net_processing. Fix that by making it private and creating a public `UnitTestMisbehaving` method for unit testing only.
  * It doesn't do anything if a `nullptr` is passed. It would be less confusing to just skip the call instead. Fix that by passing `Peer&` to `Misbehaving()`.
  * It calls `GetPeerRef`, causing `!m_peer_mutex` lock annotations to be propagated. This is harmless, but verbose. Fix it by removing the no longer needed call to `GetPeerRef` and the no longer needed lock annotations.

ACKs for top commit:
  vasild:
    ACK fa8aa0a
  w0xlt:
    Code Review ACK bitcoin@fa8aa0a

Tree-SHA512: e60a6b317f2b826f9e0724285d00b632d3e2a91ded9fa5ba01c80766c5d39270b719be234c01302d46eaba600910032693836aa116ff05ee1b590c7530881cd3
…ble>

fa956e7 Replace CountSecondsDouble with Ticks<SecondsDouble> (MacroFake)

Pull request description:

  Seems odd to have two ways to say exactly the same thing when one is sufficient.

ACKs for top commit:
  fanquake:
    ACK fa956e7
  shaavan:
    ACK fa956e7
  w0xlt:
    ACK bitcoin@fa956e7

Tree-SHA512: b599470e19b693da1ed1102d1e86b08cb03adaddf2048752b6d050fdf86055be117ff0ae10b6953d03e00eaaf7b0cfa350137968b67d6c5b3ca68c5aa50ca6aa
d8f8f78 util: remove MSVC warning pragmas (fanquake)

Pull request description:

  4786 - I don't think this exists any more?
  4805 - Is already defined (globally) there.

  Dropped 4717 and 4804, as it seems they are no-longer supressing
  anything.

  See:
  https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warnings-c4000-c5999.

ACKs for top commit:
  hebasto:
    ACK d8f8f78, build [log](https://api.cirrus-ci.com/v1/task/6088784285532160/logs/build.log) is free of warnings.

Tree-SHA512: c8ac4585799996960ea099b2c5337e7bb577152eec2e9543cc459c56f42f7a36fc4dcd7faec2fa4ac159a4ae27859650ccfd96bbf94b94dbd1cbea638560a24f
@vijaydasmp vijaydasmp changed the title backport: Merge bitcoin/bitcoin#23418, 25144,25480,25492,24836 backport: Merge bitcoin/bitcoin#23418, 25144, 25480, 25492 Jan 19, 2025
@vijaydasmp vijaydasmp marked this pull request as ready for review January 19, 2025 04:03
Copy link

coderabbitai bot commented Jan 19, 2025

Walkthrough

The pull request introduces a series of modifications across multiple files in the codebase, focusing on three primary areas: peer management, transaction memory pool handling, and testing infrastructure. The changes include refactoring the misbehavior tracking mechanism in peer management, updating fee calculation methods in the transaction memory pool, and removing specific compiler warning suppressions.

The peer management changes involve replacing the Misbehaving method with a new UnitTestMisbehaving approach, which appears to be designed to provide more controlled misbehavior tracking during unit testing. In the transaction memory pool, there are updates to fee management logic, including renaming methods, introducing safer fee calculation techniques, and modifying how modified fees are tracked. Additionally, some preprocessor directives for compiler warnings have been removed, and certain utility functions like CountSecondsDouble have been eliminated.

These modifications aim to improve code clarity, testing capabilities, and potentially address specific performance or safety considerations in the system's core components.

Finishing Touches

  • 📝 Generate Docstrings (Beta)

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
src/rpc/net.cpp (1)

231-231: LGTM: Completed modernization of time handling

The change completes the consistent update of time handling across all ping-related measurements.

These changes are part of a broader improvement in time handling across the codebase, moving towards type-safe chrono-based time calculations. This reduces the risk of time-related bugs and improves code maintainability.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4c166e1 and 3847b1a.

📒 Files selected for processing (13)
  • src/llmq/dkgsessionhandler.cpp (1 hunks)
  • src/llmq/instantsend.cpp (1 hunks)
  • src/llmq/signing.cpp (1 hunks)
  • src/llmq/signing_shares.cpp (1 hunks)
  • src/net_processing.cpp (27 hunks)
  • src/net_processing.h (1 hunks)
  • src/rpc/net.cpp (1 hunks)
  • src/test/denialofservice_tests.cpp (4 hunks)
  • src/txmempool.cpp (7 hunks)
  • src/txmempool.h (2 hunks)
  • src/util/system.cpp (0 hunks)
  • src/util/time.h (0 hunks)
  • test/sanitizer_suppressions/ubsan (1 hunks)
💤 Files with no reviewable changes (2)
  • src/util/time.h
  • src/util/system.cpp
✅ Files skipped from review due to trivial changes (1)
  • src/llmq/signing_shares.cpp
🔇 Additional comments (31)
src/rpc/net.cpp (3)

225-225: LGTM: Improved time handling using modern C++ chrono

The change from CountSecondsDouble to Ticks<SecondsDouble> represents a move towards more type-safe time handling using the C++ chrono library.


228-228: LGTM: Consistent time handling for minimum ping time

The change maintains consistency with the modern time handling approach.


225-231: Verify complete migration of time handling methods

Let's verify that all instances of CountSecondsDouble have been migrated to the new Ticks<SecondsDouble> approach in the codebase.

✅ Verification successful

Time handling migration successfully completed

The codebase shows complete adoption of Ticks<SecondsDouble> with no remaining instances of CountSecondsDouble, confirming successful migration of the time handling methods.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for any remaining instances of CountSecondsDouble
echo "Checking for remaining CountSecondsDouble usage..."
rg "CountSecondsDouble" --type cpp

# Search for consistent usage of Ticks<SecondsDouble>
echo "Verifying Ticks<SecondsDouble> usage..."
rg "Ticks<SecondsDouble>" --type cpp

Length of output: 685

src/txmempool.cpp (5)

104-104: LGTM: Member variable initialization

The initialization of m_modified_fee with nFee in the constructor is correct and matches the new fee handling approach.


458-458: LGTM: Consistent use of SaturatingAdd for fee updates

The use of SaturatingAdd is consistently applied to both descendant and ancestor fee updates, maintaining the overflow protection throughout the codebase.

Also applies to: 467-467


1465-1468: LGTM: Fee delta handling with overflow protection

The changes correctly apply SaturatingAdd to fee delta calculations and properly update the modified fees through the mempool entry modification mechanism.


515-516: Verify assumption about fee modification state

The code assumes that the initial fee matches the modified fee. While this is likely true for new entries, we should verify this assumption holds in all code paths.

✅ Verification successful

Assumption about fee modification state is valid

The assumption is correct by design. The code makes this assertion right after inserting a new entry and applying any potential fee delta from PrioritiseTransaction, which are the only two operations that could affect the fees at this point.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Look for places where fees might be modified before reaching this point
rg -B 5 'GetModifiedFee|UpdateModifiedFee' src/

Length of output: 9042


112-116: Verify overflow protection in fee updates

The use of SaturatingAdd for fee updates provides protection against integer overflow, which is important for fee calculations. The changes look correct but we should verify that all fee-related calculations are consistently using this protection.

✅ Verification successful

Fee calculations have appropriate overflow protection

The codebase consistently uses proper overflow protection for fee calculations:

  • Consensus-critical paths validate fees using MoneyRange checks
  • Memory pool modifications use SaturatingAdd
  • Transaction validation enforces fee range limits
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any remaining direct fee additions that might need overflow protection
rg -A 2 '\+= .*[Ff]ee' src/

Length of output: 4250


Script:

#!/bin/bash
# Check for MoneyRange usage near fee calculations
rg -B 2 -A 2 'MoneyRange.*fee|fee.*MoneyRange' src/

# Check for other potential overflow protections
rg -B 2 -A 2 'Saturating(Add|Sub).*fee|fee.*Saturating(Add|Sub)' src/

Length of output: 2694

src/net_processing.cpp (11)

635-635: LGTM: Unit test misbehavior handling

The UnitTestMisbehaving method provides a clean way to test misbehavior handling in unit tests while maintaining encapsulation of the actual implementation.


676-681: Improved misbehavior tracking with peer reference

The new Misbehaving method signature using Peer& provides better encapsulation and direct access to peer state. This change improves code organization and maintainability.


740-740: LGTM: Updated SendBlockTransactions signature

The addition of the Peer& parameter to SendBlockTransactions aligns with the pattern of direct peer state access.


3494-3495: LGTM: Consistent error handling in message processing

The error handling in message processing is consistent, using the misbehavior tracking system uniformly across different message types.

Also applies to: 3500-3502


Line range hint 3983-3996: LGTM: Address rate limiting with token bucket

The implementation of address rate limiting using a token bucket approach is well-designed and properly handles the time-based token accumulation.


4086-4086: LGTM: Consistent inventory size checks

The size checks for INV and GETDATA messages are consistent and use appropriate misbehavior scores.

Also applies to: 4193-4193


4706-4706: LGTM: Block validation error handling

The error handling for invalid compact blocks and block transactions is appropriate and uses consistent misbehavior scores.

Also applies to: 4832-4832


5101-5101: LGTM: Bloom filter validation

The validation of bloom filter size and data is thorough and uses appropriate misbehavior scores for violations.

Also applies to: 5137-5137


Line range hint 5166-5175: LGTM: Masternode message validation

The validation of masternode-related messages is comprehensive and uses appropriate misbehavior scores for different types of violations.

Also applies to: 5197-5197, 5213-5213, 5220-5220


3628-3634: Verify devnet version check error handling

The devnet version check error handling looks correct but we should verify the misbehavior scores are appropriate for different scenarios.

✅ Verification successful

Misbehavior scores for devnet version mismatches are appropriately calibrated

The different scores (100 for outbound, 1 for inbound) are well-reasoned:

  • Higher score for outbound prevents wasteful reconnection attempts to wrong networks
  • Lower score for inbound allows honest mistakes without immediate harsh penalties
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for consistency in devnet version handling
rg -B 5 'devnet' src/

Length of output: 70141


1781-1802: Verify thread safety of misbehavior tracking

The misbehavior tracking implementation looks correct but we should verify the thread safety of the score updates and disconnection logic.

✅ Verification successful

Thread safety implementation is correct and comprehensive

The misbehavior tracking implementation demonstrates proper thread safety through:

  • Dedicated mutex (m_misbehavior_mutex) protecting all misbehavior state
  • Consistent lock usage across all access points
  • Clear thread safety annotations using GUARDED_BY
  • No potential deadlock scenarios
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for potential race conditions in peer state access
ast-grep --pattern 'm_misbehavior_score' src/
ast-grep --pattern 'm_should_discourage' src/

Length of output: 423


Script:

#!/bin/bash
# Search for misbehavior related variables and mutex with context
rg -A 3 -B 3 "m_misbehavior_score" src/
rg -A 3 -B 3 "m_should_discourage" src/
rg -A 3 -B 3 "m_misbehavior_mutex" src/

Length of output: 8267

test/sanitizer_suppressions/ubsan (1)

3-6: Documentation improvement for suppression pattern format.

The comment now uses a more generic format sanitize-type:ClassName::MethodName instead of a specific example, making it clearer how to add new suppressions.

src/net_processing.h (1)

122-123: Method renamed to clarify its testing purpose.

The Misbehaving method has been replaced with UnitTestMisbehaving, making it explicit that this method is intended for unit testing scenarios. This change improves code clarity and separates test functionality from production code.

src/test/denialofservice_tests.cpp (4)

353-353: Updated test for peer discouragement threshold.

Test now uses UnitTestMisbehaving to verify peer discouragement at threshold, aligning with the new testing approach.


372-372: Updated tests for incremental misbehavior.

Tests now use UnitTestMisbehaving to verify:

  1. Below-threshold misbehavior (no discouragement)
  2. Reaching threshold through multiple violations

Also applies to: 380-380


403-403: Updated test for non-IP peer handling.

Test now uses UnitTestMisbehaving to verify discouragement behavior for non-IP peers (e.g., onion addresses).


449-449: Updated test for ban time functionality.

Test now uses UnitTestMisbehaving to verify the ban time implementation.

src/llmq/dkgsessionhandler.cpp (1)

113-113: Updated misbehavior reporting method.

The method now uses UnitTestMisbehaving to report peer misbehavior, maintaining consistency with the test-focused approach adopted across the codebase.

src/llmq/signing.cpp (1)

583-583: Verify the impact of switching to UnitTestMisbehaving.

The change from Misbehaving to UnitTestMisbehaving alters how peer misbehavior is handled. This appears to be part of a broader refactor to improve testing capabilities, but we should ensure this doesn't affect production behavior.

Let's verify if this change is consistently applied across the codebase:

✅ Verification successful

The change to UnitTestMisbehaving is a safe refactor

The switch from Misbehaving to UnitTestMisbehaving is part of a consistent pattern across the codebase where UnitTestMisbehaving is the public interface method that internally calls the private Misbehaving implementation. This change improves encapsulation without altering the underlying behavior.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any remaining direct usage of Misbehaving
rg "Misbehaving\(" --type cpp

# Check for new UnitTestMisbehaving usage
rg "UnitTestMisbehaving\(" --type cpp

Length of output: 5967

src/txmempool.h (3)

116-116: LGTM! Improved member variable naming.

The change from feeDelta to m_modified_fee follows better naming conventions with the m_ prefix for member variables and provides a more descriptive name.


145-145: LGTM! Simplified fee access.

The updated GetModifiedFee() implementation directly returns m_modified_fee instead of calculating it on the fly, which is more efficient.


153-154: LGTM! Improved method naming.

The change from UpdateFeeDelta to UpdateModifiedFee better reflects the method's purpose and maintains consistency with the new member variable name.

src/llmq/instantsend.cpp (1)

941-941: Verify consistent behavior with UnitTestMisbehaving.

Similar to the change in signing.cpp, this replaces Misbehaving with UnitTestMisbehaving. We should ensure this change maintains the same penalty score (20) and behavior.

Let's verify the penalty scores are consistent:

✅ Verification successful

Penalty score of 20 is correct and intentionally different

The lower penalty score in instantsend.cpp is a deliberate design choice, as indicated by the code comment: the peer might simply be unlucky due to quorum changes, so a less harsh penalty is appropriate compared to clear protocol violations that receive 100 points.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check all UnitTestMisbehaving calls and their scores
rg "UnitTestMisbehaving.*\(\w+,\s*(\d+)\)" --type cpp

Length of output: 282


Script:

#!/bin/bash
# Get context around UnitTestMisbehaving calls
echo "=== signing.cpp ==="
rg "UnitTestMisbehaving.*\(\w+,\s*(\d+)\)" src/llmq/signing.cpp -B 5 -A 5
echo -e "\n=== instantsend.cpp ==="
rg "UnitTestMisbehaving.*\(\w+,\s*(\d+)\)" src/llmq/instantsend.cpp -B 5 -A 5
echo -e "\n=== signing_shares.cpp ==="
rg "UnitTestMisbehaving.*\(\w+,\s*(\d+)\)" src/llmq/signing_shares.cpp -B 5 -A 5

# Also check for any comments mentioning misbehaving scores
echo -e "\n=== Comments about misbehaving ==="
rg "misbehav\w+" src/llmq/ -i --type cpp

Length of output: 2943

@@ -110,7 +110,7 @@ bool CDKGPendingMessages::HasSeen(const uint256& hash) const
void CDKGPendingMessages::Misbehaving(const NodeId from, const int score, PeerManager& peerman)
{
if (from == -1) return;
peerman.Misbehaving(from, score);
peerman.UnitTestMisbehaving(from, score);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

25144: I don't like this approach, we need to find a better way

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants