assumeutxo: Drop block height from metadata #30598
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
f211e8f to
6a020f0
Compare
|
🚧 At least one of the CI tasks failed. HintsMake sure to run all tests locally, according to the documentation. The failure may happen due to a number of reasons, for example:
Leave a comment here, if you need help tracking down a confusing failure. |
|
Concept ACK |
|
Well, I wrote the code, but for clarity: review ACK 6a020f0 👌 Show signatureSignature: |
|
As expressed in #30516 (comment), I have a slight preference for keeping the block height for informative purposes (showing a block height is just more user friendly than showing block hash, for external tooling) and just verifying it as well (see e.g. #30516 (comment)), but happy to review this PR if there is consensus that we don't need it. |
Ditto. If the user tries to load a snapshot during header sync, we can give an indication of how long they have to wait. If we're already past the expected height, we can say something useful about potential forks. I'll read up on the discussion. Update: longer explanation of why I prefer to keep the height in the metadata: #30514 (comment) |
|
I have closed #30516 so we can move forward with the approach here. Looking forward to get reviews, thanks! |
|
Concept ACK, now that #30516 is history. While I still think having the block height in the meta-data could have potentially been useful for external tooling, not having it is also not terrible: it will be very likely somehow included in the filename of popular distributed snapshots (so users can at least see it), and for tools that don't have access to the block index, it can at least be implicitly determined by tracking the maximum of all UTXO entries' height values (I'll use that approach in #27432 to print out the snapshot's height at least at the end of the conversion, since after this PR gets merged that information is not available anymore before processing all coins). |
The Snapshot format version is updated to 2 to indicate this change.
Co-authored-by: MarcoFalke <*~=`'#}+{/-|&$^_@721217.xyz>
6a020f0 to
00618e8
Compare
Thanks, I fixed that. |
|
The CI failure is known and can be ignored (https://github.com/bitcoin/bitcoin/actions/runs/10310090865/job/28541115356?pr=30598#step:27:229) Only change since my last review is a small style-only cleanup to remove the unused parameter from the constructor. re-ACK 00618e8 🎌 Show signatureSignature: |
| class SnapshotMetadata | ||
| { | ||
| const uint16_t m_version{1}; | ||
| const std::set<uint16_t> m_supported_versions{1}; | ||
| inline static const uint16_t VERSION{2}; |
There was a problem hiding this comment.
I would be fine with keeping the version at 1 since this was never released, the old torrent will probably disappear, and the change here doesn't have backwards compatible support.
There was a problem hiding this comment.
Also why drop m_version? That seems incompatible with the idea of being able to load older versions. Only when creating a snapshot it makes sense to hardcore one version (since we can also create older version snapshots using a previous release if really needed).
There was a problem hiding this comment.
I would be fine with keeping the version at 1
What is the benefit? An unsigned 16-bit integer should have more than enough versions for any need, so incrementing is close to 0-cost, with the minimal benefit that a testing person who happens to have the old metadata will get a nice error message. Even if there was a shortage at some point, re-using 1 at that point in time should be trivially possible for the reasons given by you.
In any case, I am happy to ack either version of VERSION.
There was a problem hiding this comment.
Also why drop m_version?
The field isn't dropped. It is simply renamed from m_version to VERSION, keeping everything else the same.
If there is a need to load older versions in the future, the code can be written then. Also, writing such code seems unrelated to this pull request.
There was a problem hiding this comment.
I will leave this unaddressed for now since either way seems ok and we have 3 acks.
| class SnapshotMetadata | ||
| { | ||
| const uint16_t m_version{1}; | ||
| const std::set<uint16_t> m_supported_versions{1}; | ||
| inline static const uint16_t VERSION{2}; |
There was a problem hiding this comment.
TIL that inline can also be applied to variables since C++17 👀
There was a problem hiding this comment.
Yeah, this fixed https://github.com/bitcoin/bitcoin/runs/28432306724
|
New torrent (untested and seeding might take a while to kick in): Update: I'm able to load the snapshot (and also checked that a version 1 snapshot is rejected) |
| @@ -98,21 +98,20 @@ def expected_error(msg): | |||
| bogus_block_hash = "0" * 64 # Represents any unknown block hash | |||
| # The height is not used for anything critical currently, so we just | |||
There was a problem hiding this comment.
nit: could remove comment
|
ACK 00618e8 |
This was fixed in commit b50554b. Also, address the typo nits from: * bitcoin#29370 (comment) * bitcoin#30598 (comment)
fa04511 doc: Remove outdated nTx faking comment (MarcoFalke) Pull request description: This problematic `nTx` "faking" was removed in commit b50554b. So fix the wrong comment. Also, address the typo nits from: * #29370 (comment) * #30598 (comment) ACKs for top commit: fjahr: ACK fa04511 Tree-SHA512: c918f0b9274be9c347a37d6221915688977a858fb8d2146035718bf17df0bd3b51d67ef12b971556851c0f69f46d26f557c35a5461abeb0683b538b9dc48f5b6
This was fixed in commit b50554babdddf452acaa51bac757736766c70e81. Also, address the typo nits from: * bitcoin/bitcoin#29370 (comment) * bitcoin/bitcoin#30598 (comment)
Summary:
Removing the block height from the assumeutxo snapshot file prevents potential UB (implicit-integer-sign-change) when loading the file. The snapshot file should be considered untrusted input, and its fields should be sanitized or removed if unnecessary.
The Snapshot format version is updated to 2 to indicate this change.
Co-authored-by: MarcoFalke <*~=`'#}+{/-|&$^_@721217.xyz>
This is a backport of [[bitcoin/bitcoin#30598 | core#30598]]
Depends on D18059
Test Plan: `ninja all check-all`
Reviewers: #bitcoin_abc, Fabien
Reviewed By: #bitcoin_abc, Fabien
Differential Revision: https://reviews.bitcoinabc.org/D18060
Fixes #30514 which has more context and shows how the issue can be reproduced. Since the value in question is removed, there is no test to add to reproduce anything.
This is an alternative approach to #30516 with much of the code being suggested there.