miner: clamp options instead of asserting #33222
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code Coverage & BenchmarksFor details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33222. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. |
|
This makes sense for v30.0, I think, if we're going to be shipping mining interface support (#31802 or variation thereof). |
There was a problem hiding this comment.
ACK 7392b8b
but I think in this case, just correcting to reasonable values is acceptable.
I agree. I generally support logging in situations like this, so that we at least give the user a chance to see something unexpected is happening without being unergonomic, but I think it's also fine as-is. We generally don't log for clamping, as far as I can tell.
|
@Sjors maybe you have thoughts on this? It would probably be good if we set default field values in the capnp file: bitcoin/src/ipc/capnp/mining.capnp Lines 40 to 41 in 8333aa5 that match the c++ defaults: Lines 40 to 49 in 8333aa5 Note just directly changing defaults in the .capnp file would not be backwards compatible. It would cause problems if a client using the current version of the .capnp file connected to a server using a .capnp file with new defaults, or vice versa. But maybe it would ok to do now if miners are not mixing different releases of Sjors node and client? (It would also be possible to change defaults in a backwards compatible way adding new fields and renaming the old ones, or adding a new struct and renaming the old one.) |
|
ACK 7392b8b I also prefer throwing an error to the caller, but clamping is fine.
For the time being I don't think we should hardcode these values in the Instead I think we should document the In Stratum v2 the values are set via the
|
Makes sense, if we want flexibility to change the defaults over time, they should not be set in the .capnp file. Not setting them causes capnp to use 0 as the default. However, in case 0 is a valid value for either of these options, we may want to set a different, invalid default value like -1 so the server can detect whether the client set the option, and use its own default if the client hasn't filled it in. For c++ clients this doesn't matter, but for python and rust clients and any client not using the c++ struct, this could be important and prevent bugs. |
|
ACK 7392b8b |
In that case perhaps it's better if we do hardcode defaults, especially if we can pick safe ones. |
The
BlockAssembler::ClampOptionsfunction currently doesn't actually clamp most of the provided settings, but asserts that some are in range. This made sense while it was a purely internal interface.However, with the mining IPC interface exposed in #30510, these options are now externally accessible, and it is not entirely intuitive how to set them. In particular, calling
Mining::createNewBlockwith a default-constructedBlockCreateOptionswill right now instantly crash the bitcoin node.This isn't a security issue, as the IPC interface is considered trusted, but it is highly unexpected I think, and rather unergonomical to have the node crash while developing against the interface.
An alternative would be exposing a way for the interface to return a failure, but I think in this case, just correcting to reasonable values is acceptable.