net: Assume that SetCommonVersion is called at most once per peer #20138

pull MarcoFalke wants to merge 1 commits into bitcoin:master from MarcoFalke:2010-netVersionOnlyOnce changing 2 files +14 −15
  1. MarcoFalke commented at 8:43 PM on October 12, 2020: member

    This restores the check removed in #17785 (review)

    Instead of using error, which was used previously, it uses a newly introduced Assume(). error had several issues:

    • It logs unconditionally to the debug log
    • It doesn't abort the program when the error is hit in tests
  2. MarcoFalke cross-referenced this on Oct 12, 2020 from issue p2p: Unify Send and Receive protocol versions by hebasto
  3. practicalswift commented at 9:04 PM on October 12, 2020: contributor

    Concept ACK

    While touching src/util/check.h, would you mind cherry-picking in 91bdd439987fb3f24f9b841fe88b3cf416b38f48 from #20122 to make Assert(…) usable in all contexts?

  4. MarcoFalke commented at 9:05 PM on October 12, 2020: member

    DABORT_ON_FAILED_ASSUME is taken from #16136 by @practicalswift

  5. MarcoFalke cross-referenced this on Oct 12, 2020 from issue Add an optional extra level of checking: ASSUME(...) - an opt-in side-effect safe assert(...) by practicalswift
  6. DrahtBot added the label Build system on Oct 12, 2020
  7. DrahtBot added the label P2P on Oct 12, 2020
  8. DrahtBot added the label Utils/log/libs on Oct 12, 2020
  9. DrahtBot cross-referenced this on Oct 13, 2020 from issue add static_check_equal for easier to read compiler errors by JeremyRubin
  10. naumenkogs commented at 7:36 AM on October 13, 2020: member

    utACK fa1bcec498074de6f6780dc14e8cacaa6f951bb2

  11. MarcoFalke removed the label Build system on Oct 13, 2020
  12. MarcoFalke force-pushed on Oct 13, 2020
  13. DrahtBot added the label Needs rebase on Oct 13, 2020
  14. MarcoFalke force-pushed on Oct 13, 2020
  15. practicalswift commented at 9:22 AM on October 13, 2020: contributor

    ACK fab93637867217266a810794d179487bb1eb8c69: patch looks correct

  16. naumenkogs commented at 9:49 AM on October 13, 2020: member

    ACK fab9363

  17. DrahtBot removed the label Needs rebase on Oct 13, 2020
  18. DrahtBot commented at 1:58 PM on October 13, 2020: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--174a7506f384e20aa4161008e828411d-->

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #20477 (test/net: Add unit testing of node eviction logic by practicalswift)
    • #19972 ([draft] fuzz/net: Add fuzzing harness for node eviction logic. Make node eviction logic testable. by practicalswift)
    • #18261 (Erlay: bandwidth-efficient transaction relay protocol by naumenkogs)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  19. DrahtBot cross-referenced this on Oct 13, 2020 from issue Make Assert(…) usable in all contexts. Make implicit assumptions explicit. by practicalswift
  20. jnewbery commented at 10:26 AM on October 14, 2020: member

    What's the long-term plan for assert? Should all asserts eventually be changed to:

    • Assert() for fatal errors - always causes the software to terminate
    • Assume() for recoverable errors - only causes the software to terminate if compiled with -enable-debug?

    Is it ok for Assert/Assume condition to have side effects? The reason NDEBUG builds are not allowed is that some of the assert conditions had side effects (#3344)

    Perhaps it'd be a good idea to document this in the developer notes.

    Should Assume() log to debug log (perhaps in a category) if hit in in non-debug build? It means there's a logic bug which should be reported and fixed.

  21. MarcoFalke commented at 11:42 AM on October 14, 2020: member

    Excellent questions!

    • What's the long-term plan for assert?

    assert and Assert do almost the exact same thing and they can be used interchangeably, as long as the code compiles.

    Existing asserts should not be replaced with Assume, because asserts documents fatal checks. For example, the program should not continue when running into UB. (Assert(pindex)->nHeight can not continue if the assert fails, so Assume would be inappropriate).

    • Is it ok for Assert/Assume condition to have side effects?

    Yes, I'd say so. I can't imagine anyone would want to run with asserts disabled, even if none of them had side-effects. For example, the consensus code uses asserts to catch internal logic errors. With those disabled, you might run out of consensus without noticing.

    • Perhaps it'd be a good idea to document this in the developer notes.

    Will look into this.

    • Should Assume() log to debug log (perhaps in a category) if hit in in non-debug build? It means there's a logic bug which should be reported and fixed.

    Correct, there is likely a non-fatal logic bug which should be reported. Though, care should be taken to not turn it into a fatal one. E.g. a remote peer could trigger the Assume and cause an out-of-disk error by writing to the debug log. Also, we should take care to not induce anxiety into users when they hit a non-fatal issue, that generally doesn't affect node operation. A specific debug log category for this could make sense, but I'll leave that for a follow up.

  22. hebasto approved
  23. hebasto commented at 5:23 PM on October 16, 2020: member

    ACK fab93637867217266a810794d179487bb1eb8c69, I have reviewed the code and it looks OK, I agree it can be merged.

  24. jnewbery commented at 3:40 PM on October 27, 2020: member

    The title of this PR should be changed to reflect that fact that most of the changes here are to introduce the Assume() macro, and it looks like the SetCommonVersion change is just an example of how to use Assume().

    I think we should try to get agreement on how assert/Assert/Assume should be used, and document that before merging this.

  25. MarcoFalke cross-referenced this on Oct 27, 2020 from issue util: Add Assume() identity function by MarcoFalke
  26. MarcoFalke commented at 6:30 PM on October 27, 2020: member

    Thanks! Added dev docs and split out, as requested by @jnewbery

    Please review #20255 first

  27. DrahtBot cross-referenced this on Nov 5, 2020 from issue fuzz: Add fuzzing harness for node eviction logic by practicalswift
  28. DrahtBot cross-referenced this on Nov 13, 2020 from issue tests: Add fuzzing harness for CAddrMan by practicalswift
  29. DrahtBot added the label Needs rebase on Nov 13, 2020
  30. MarcoFalke referenced this in commit dca80ffb45 on Dec 4, 2020
  31. net: Assume that SetCommonVersion is called at most once per peer fa0f415709
  32. MarcoFalke force-pushed on Dec 4, 2020
  33. practicalswift commented at 11:25 AM on December 4, 2020: contributor

    cr ACK fa0f4157098ea68169ced44730986d0ed2c3a5aa: patch looks correct

  34. DrahtBot removed the label Needs rebase on Dec 4, 2020
  35. DrahtBot cross-referenced this on Dec 4, 2020 from issue net: Add unit testing of node eviction logic by practicalswift
  36. MarcoFalke removed the label Utils/log/libs on Dec 4, 2020
  37. DrahtBot cross-referenced this on Dec 4, 2020 from issue Erlay: bandwidth-efficient transaction relay protocol by naumenkogs
  38. sidhujag referenced this in commit c67c618af7 on Dec 4, 2020
  39. jnewbery commented at 11:29 AM on December 7, 2020: member

    utACK fa0f4157098ea68169ced44730986d0ed2c3a5aa

  40. MarcoFalke merged this on Dec 7, 2020
  41. MarcoFalke closed this on Dec 7, 2020
  42. MarcoFalke deleted the branch on Dec 7, 2020
  43. sidhujag referenced this in commit 6a7d7717e8 on Dec 7, 2020
  44. MarcoFalke cross-referenced this on Jan 23, 2021 from issue fuzz: Avoid initializing version to less than MIN_PEER_PROTO_VERSION by MarcoFalke
  45. MarcoFalke referenced this in commit 4d5eaf7a90 on Jan 28, 2021
  46. sidhujag referenced this in commit aa277234c6 on Jan 28, 2021
  47. Fabcien referenced this in commit 61bb4c4afc on Jun 15, 2021
  48. bitcoin locked this on Feb 15, 2022
Contributors
MarcoFalkepracticalswiftnaumenkogsDrahtBotjnewberyhebasto
Labels
P2P
Linked (view graph)
#3344 Sanitize assert usage and refuse to compile with NDEBUG.#16136 Add an optional extra level of checking: ASSUME(...) - an opt-in side-effect safe assert(...)#17785 p2p: Unify Send and Receive protocol versions#20122 Make Assert(…) usable in all contexts. Make implicit assumptions explicit.#20255 util: Add Assume() identity function#20995 fuzz: Avoid initializing version to less than MIN_PEER_PROTO_VERSION
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-20 06:54 UTC