The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Ping @hebasto @fanquake @TheCharlatan for buildsystem eyes.
Ping @sipa for crypto concept ACK/NACK.

Also ping @dergoegge for fuzzer interactions ACK/NACK.

Concept ACK

Concept ACK

We only use --with-asm=no for the MSan builds in oss-fuzz but that only applies to secp, so we should be fine on that front.

Our docs (developer-notes.md and fuzzing.md) mention the use of --disable-asm to avoid address sanitizer failures. I've not used --disable-asm in any of my fuzzing and have not observed any ASan failures but they might depend on the specific sha256 optimizations used? Could also just be a relic of the past...

If there is any desire, we can hook DISABLE_OPTIMIZED_SHA256 up to a new configure option that actually does what it says.

I think we're good for now but it probably makes sense if anyone runs into the ASan failures mentioned above.

Our docs (developer-notes.md and fuzzing.md) mention the use of --disable-asm to avoid address sanitizer failures. I've not used --disable-asm in any of my fuzzing and have not observed any ASan failures but they might depend on the specific sha256 optimizations used? Could also just be a relic of the past...

This is macOS specific? It may be good if someone tested or bisected this.

@dergoegge Ah, thanks for the correction. The option does indeed currently pass through to secp, so that bullet-point in my commit message is wrong and I'll update it.

It still forwards just fine with our option removed though, so I don't think that changes anything here.

Guix builds (on x86_64)

My usual fuzz configure for ARM64 macOS is the one in doc/fuzzing.md in the macOS hints for libFuzzer section.

Just tried building (on master) with and without the --disable-asm option and then running FUZZ=random ./src/test/fuzz/fuzz.

The one difference I notice without --disable-asm is this additional entry near the beginning of the fuzz run (after which the fuzzer continues to run):

crc32c/src/crc32c_arm64.cc:101:26: runtime error: load of misaligned address 0x62d000000406 for type 'uint64_t' (aka 'unsigned long long'), which requires 8 byte alignment
0x62d000000406: note: pointer points here
 b9 c5 22 00 01 01  1a 6c 65 76 65 6c 64 62  2e 42 79 74 65 77 69 73  65 43 6f 6d 70 61 72 61  74 6f
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior crc32c/src/crc32c_arm64.cc:101:26 in 

@jonatack see #29178 (we prefer having this broken over reverting the change that introduced it for some reason)

I'm not sure if the random harness would trigger the ASan error, the docs mention sha256 which random does not use afaict. Could you try txorphan or a different harness that does some hashing?

Did you set UBSAN_OPTIONS to include halt_on_error=1? that is likely why it keeps running if you didn't

Concept ACK 0eec878.

@dergoegge Ah, thanks for the correction. The option does indeed currently pass through to secp, so that bullet-point in my commit message is wrong and I'll update it.

Sorry for the back-and-forth, but I confused myself here. --disable-asm doesn't have any effect on libsecp, but --without-asm does. No need to update the PR description.

It still forwards just fine with our option removed though, so I don't think that changes anything here.

I got this wrong but it still accidentally made sense, heh. To be clear, passing --without-asm will still do the same as before, which is to disable asm-optimized libsecp without affecting Core at all. It was never "forwarded" in the sense that we interpreted and copied it to libsecp, rather it passed through untouched and still will.

All that confusion just seems like more justification for removal imo :)

The one difference I notice without --disable-asm is this additional entry near the beginning of the fuzz run (after which the fuzzer continues to run):

@jonatack Since you can reproduce, any interest in testing this theory bitcoin-core/crc32c-subtree#6 (comment) ?

Edit: nevermind. Reproduced and explained here: bitcoin-core/crc32c-subtree#6 (comment)

Concept ACK

Our docs (developer-notes.md and fuzzing.md) mention the use of --disable-asm to avoid address sanitizer failures.

In the libsecp repo, the --with-asm=no option is still required to avoid MSan warnings. If this is a common issue for builtin assembly code, it seems possible that the sha256_sse4.cpp might cause similar issues in the future without an option to disable it.

Maybe gate the sha256_sse4::Transform function with #if !defined(DISABLE_OPTIMIZED_SHA256)?

@fanquake Do you think it's too late for this for v27? It would imply require getting bitcoin-core/crc32c-subtree#6 in, I think.

In the libsecp repo, the --with-asm=no option is still required to avoid MSan warnings.

Can you point to where this is an issue? It looks as though secp has proper __msan_* annotations in place these days.

In the libsecp repo, the --with-asm=no option is still required to avoid MSan warnings.

Can you point to where this is an issue? It looks as though secp has proper __msan_* annotations in place these days.

Sure. For example, bitcoin-core/secp256k1#1169 (comment). It holds for the current libsecp master branch @ bitcoin-core/secp256k1@0653a25 as well.

@fanquake Do you think it's too late for this for v27?

I think it's still possible to do this for v27. It's not clear to me that the other change is strictly a requirement for doing this change?, but I also think that could go in.

In the libsecp repo, the --with-asm=no option is still required to avoid MSan warnings.

Can you point to where this is an issue? It looks as though secp has proper __msan_* annotations in place these days.

Sure. For example, bitcoin-core/secp256k1#1169 (comment). It holds for the current libsecp master branch @ bitcoin-core/secp256k1@0653a25 as well.

Fixed here bitcoin-core/secp256k1#1496 :)

Any other sanitizer false-positives while we're at it? :)

Any other sanitizer false-positives while we're at it? :)

Anything in test/sanitizer_suppressions/* is up for grabs (if it can be fixed)

It would imply require getting bitcoin-core/crc32c-subtree#6 in, I think.

Had another look, and this is correct. We need to merge a fix in the subtree, then do a subtree update here, and then this can be merged, otherwise we'll be left with at least one bug without any workaround. This PR should also be updated to removed the --disable-asm mentions in fuzzing.md and developer-notes.md.

Any other sanitizer false-positives while we're at it? :)

Anything in test/sanitizer_suppressions/* is up for grabs (if it can be fixed)

I think there should be no suppressions related to asm in those files, at least in the code that is compiled as part of Bitcoin Core

I think there should be no suppressions related to asm in those files

I'm just talking about general suppressions, nothing asm specific.

From developer-notes.md:

There are a number of known problems when using the address sanitizer. The
address sanitizer is known to fail in
sha256_sse4::Transform which makes it unusable
unless you also use --disable-asm when running configure. We would like to fix
sanitizer issues, so please send pull requests if you can fix any errors found
by the address sanitizer (or any other sanitizer).

I'm unable to hit this locally. Presumably if it's still an issue we should be able to fix it with some notations.

Does anyone happen to have a test-case for it?

Concept ACK

This now depends on #29493

Want to rebase now?

Rebased and removed RFC from PR title.

I used --disable-asm in order to even be able to build when configured for fuzzing. Otherwise, I get this compiler error:

crypto/sha256_sse4.cpp:44:9: error: expected relocatable expression
   44 |         "shl    $0x6,%2;"
      |         ^
<inline asm>:1:15894: note: instantiated into assembly here

Since crypto/sha256_sse4.cpp is not guarded by DISABLE_OPTIMIZED_SHA256, there's no way for me to compile for fuzzing now.

Otherwise, I get this compiler error:

Can you open a new issue, with the complete config.log / build output?

Since crypto/sha256_sse4.cpp is not guarded by DISABLE_OPTIMIZED_SHA256, there's no way for me to compile for fuzzing now.

Still trying to understand the problem here, but in the meantime I'll PR an addition of the DISABLE_OPTIMIZED_SHA256 guard.