Check specific validation error in miner tests

[Sjors]

Problem

BOOST_CHECK_THROW merely checks that some std::runtime_error is
thrown, but not which one.

Here's an example of how this can cause a test to pass when a developer
introduces a consensus bug. The test for the sigops limit assumes
that CreateNewBlock fails with bad-blk-sigops. However it can
also fail with bad-txns-vout-negative, if a naive developer lowers
BLOCKSUBSIDY to 1*COIN.

Solution

BOOST_CHECK_EXCEPTION allows an additional predicate function. This
commit uses this for all exceptions that are checked for in
miner_tets.cpp:

• bad-blk-sigops
• bad-cb-multiple
• bad-txns-inputs-missingorspent
• block-validation-failed

If the function throws a different error, the test will fail. Although the message produced by Boost is a bit confusing, it does show which error was actually thrown. Here's what the above 1*COIN bug would result in:

Other considerations

A more elegant solution in my opinion would be to subclass std::runtime_error for each INVALID_TRANSACTION type, but this would involve touching consensus code.

I put the predicates in test_bitcoin.h because I assume they can be reused in other test files. However serialize_tests.cpp also uses BOOST_CHECK_EXCEPTION and it defines the predicate in the test file itself.

Instead of four IsRejectInvalidReasonX(std::runtime_error const& e) functions, I'd prefer something reusable like bool IsRejectInvalidReason(String reason)(std::runtime_error const& e), which would be used like BOOST_CHECK_EXCEPTION(functionThatThrows(), std::runtime_error, IsRejectInvalidReason("bad-blk-sigops"). I couldn't figure out how to do that in C++.

[luke-jr]

Most of the rejection reasons are not standardised, and we only care that it fails. It might make the most sense to check that it's a consensus_rule_violation exception or such, but I'm not sure checking the specific string is useful.

Your example is invalid, because for the bad-blk-sigops test, we would not care what the outcome is if the subsidy is broken. Instead, the subsidy should be tested separately, not implicitly.

[sdaftuar]

Concept ACK. I think in general checking for the specific error we expect makes it less likely that we inadvertently introduce a bug in the tests; certainly this kind of thing has cropped up in the functional test suite, where bugs introduced into a test harness cause the test to not actually be testing anything, or to be testing the wrong thing.

IMO the downside (in general) to additional specificity is that it adds overhead when making changes to the consensus code rejection reasons, because now all the tests that were hardcoded for a particular reason need updating. This patch seems pretty small though, and I don't think that should be much of a concern here. In fact I think we largely already do similar reject-reason-pattern-matching in the functional tests as well.

[Sjors]

I'll see what I can do about Travis failing on everything but OSX. It's throwing multiple definition of IsRejectInvalidReason in a bunch of places.

I agree the example isn't great. I did actually run into it while trying an extremely high value for MAX_BLOCK_SIGOPS_COST (250x) in an experiment. In attempt to make the test pass, I increased the transaction generation loops from 1001 to 250001, which obviously(?) took forever to run. I then tried fewer loops to get a sense of performance. To my surprise the test passed for some seemingly random intermediate value. Once I found the actual error message I realized it was an error in the modified test; it just ran out of coins somewhere in the loop. Lowering the coinbase reward in the test was an easier way to reproduce that specific error.

[Sjors]

I pushed a few improvements, apparently to the satisfaction of Travis:

1. moved changes from test_bitcoin.h to testutil.h, which seems more appropriate
2. instead of one function for each validation error type, there's now a class CheckRejectInvalid whose constructor takes a string
3. #define for validation error strings so they're all in one place. That should make later refactoring easier and also prevent typos.

So now each test looks like this:

BOOST_CHECK_EXCEPTION(
    functionThatThrows(),
    std::runtime_error,
    CheckRejectInvalid(REJECT_INVALID_BAD_CB_MULTIPLE)
);

Unfortunately as a result of this change, when a test throws a different exception, it no longer shows what that exception was. I don't know why. However, this is easy for a developer to debug: just put BOOST_CHECK(functionThatThrows()) above the failing BOOST_CHECK_EXCEPTION and run the test again.

[Sjors]

@sipa and @morcos worked on miner_tests.cpp earlier this year.

@morcos since you refactored CreateNewBlock in late 2015 (#6898), could you check that I picked the right specific validation errors? Just to make sure the tests weren't already misbehaving.

[maflcko]

Maybe move all of this to the cpp?

[Sjors]

@MarcoFalke since #11234 just snatched testutil.h out from under me, I moved everything into miner_test.cpp.

There are a lot of other tests that use BOOST_CHECK_THROW without checking the precise error, so it might make sense to revert #11234 at some point.

[maflcko]

Please squash your commits according to https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md#squashing-commits

[Sjors]

Done, as well as rebased to latest master.

[Sjors]

I pushed again to fix commit message and code comment (it was saying "BOOST_CHECK_THROW" instead of "BOOST_CHECK_EXCEPTION" in two places).

[Sjors]

The p2p-segwit.py test failed in one environment. Random time-out? All machines passed on my previous force push.

[meshcollider]

@Sjors probably just an unrelated failure, Travis does that sometimes. I've restarted that test for you.

[promag]

Agree with better testing the exception.

[promag]

IMO inline these strings.

[Sjors]

I used #define to make it (slightly) easier to find all occurrences in the codebase if these rejection reasons ever need to be renamed. It also helps against typos, although typos would be immediately obvious when you run the test.

Happy to change it to inline if nobody objects.

[promag]

The test will fail if there is a typo. Having inline is good because a rename forces you to update the relevant tests and double check everything related.

[Sjors]

Using inline now.

[promag]

Move down near other boost includes (try to keep it sorted too).

[Sjors]

I got rid of this dependency.

[promag]

CheckRejectInvalid(const std::string& reason) : m_reason(reason) {}

[Sjors]

Thanks. If it wasn't obvious, I'm not terribly familiar with C++. :-)

[Sjors]

Done, and renamed the private variable from reason to m_reason

[promag]

Use std::string::find?

[Sjors]

That should indeed help with #8670.

[Sjors]

Done

[promag]

Nit, const std::runtime_error& e.

[Sjors]

Done

[promag]

IMO this sounds better:

..., std::runtime_error, HasReason("bad-blk-sigops"));

[Sjors]

I renamed CheckRejectInvalid to HasReason; seems more readable indeed.

[maflcko]

µnit: Can be const

[Sjors]

Done (Github needs a check-mark emoticon)

[Sjors]

I believe I addressed all code style issued raised. Rebased to latest master. I also signed the commit this time.

[Sjors]

@JeremyRubin it would be great to get your feedback on this PR, given that you're working on these validation errors. I was able to cherry-pick my commit on top of your #11523 without a problem.

[JeremyRubin]

Concept Ack!

I would think one improvement might be if the strings were not to be literals (as Luke points out, they aren't standardized). I think it's ok for now though.

[Sjors]

@JeremyRubin the downside of squashing commits is you can't see history :-) I actually used #define REJECT_INVALID_BAD_CB_MULTIPLE "invalid_bad_cb_multiple" in an earlier version, but switched back to literal strings based on @promag's feedback.

[sipa]

Concept ACK

[maflcko]

utACK 59d0ede514f7754ad4df11ffe11f27e2ea63bf3e

[Sjors]

Rebased to account for #11389.