-
Notifications
You must be signed in to change notification settings - Fork 35.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Span improvements #18468
Span improvements #18468
Conversation
69b6b54
to
658f020
Compare
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsNo conflicts as of last run. |
Here is one caveat that may not be obvious: whenever you have some iterator/pointer/object that stores objects of type This is implemented - here and in the C++20 |
64c20c9
to
6bc0784
Compare
c31cbe7 Add C++17 test to Travis (Pieter Wuille) 7829685 Add configure option for c++17 (Pieter Wuille) 0fbde48 Support conversion between Spans of compatible types (Pieter Wuille) 7cbfebb Update ax_cxx_compile_stdcxx.m4 (Pieter Wuille) Pull request description: This adds a `--enable-c++17` option to the configure script, fixes the only C++17 incompatibility (with a commit taken from #18468), and adds a Travis test for it. This is all off by default, and release builds remain C++11. It implements the first step of the plan in #16684. ACKs for top commit: elichai: tACK c31cbe7 practicalswift: Tested ACK c31cbe7 hebasto: ACK c31cbe7, tested on Linux Mint 19.3 both C++11 and C++17 modes. Compiled and passed tests locally. Tree-SHA512: a4b00776dbceef9c12abbb404c6bcd48f7916ce24c8c7a14116355f64e817578b7fcddbedd5ce435322319d1e4de43429b68553f4d96d970c308fe3e3e59b9d1
Rebased after #18591 (which included a commit from this PR). |
I was trying to MakeSpan on a prevector today and I realized I needed this PR. Concept ACK. will test and ACK soon. |
Seems to be working well on a branch I'm testing. one spooky thing I ran into was: static std::vector<unsigned char> RandomData()
{
uint256 r = InsecureRand256();
return std::vector<unsigned char>(r.begin(), r.end());
}
auto d = MakeSpan(RandomData());
rb1.insert(d)
BOOST_CHECK(rb1.contains(d));
but this works fine: std::vector<unsigned char> d = RandomData();
rb1.insert(MakeSpan(d));
BOOST_CHECK(rb1.contains(MakeSpan(d))); some weird rvalue voodoo going on? |
I may be wrong, but i think in your first example, the return value of auto d = MakeSpan(RandomData());
// d contains dangling pointers by this line.
rb1.insert(d)
BOOST_CHECK(rb1.contains(d)); MakeSpan takes a universal reference ( because the return value of RandomData() is an Rvalue, it goes out of scope on the first line and therefore is destructed immediately. |
@aminroosta I understand some of those words. thanks! |
Yes, exactly what @aminroosta said. |
c31cbe7 Add C++17 test to Travis (Pieter Wuille) 7829685 Add configure option for c++17 (Pieter Wuille) 0fbde48 Support conversion between Spans of compatible types (Pieter Wuille) 7cbfebb Update ax_cxx_compile_stdcxx.m4 (Pieter Wuille) Pull request description: This adds a `--enable-c++17` option to the configure script, fixes the only C++17 incompatibility (with a commit taken from bitcoin#18468), and adds a Travis test for it. This is all off by default, and release builds remain C++11. It implements the first step of the plan in bitcoin#16684. ACKs for top commit: elichai: tACK c31cbe7 practicalswift: Tested ACK c31cbe7 hebasto: ACK c31cbe7, tested on Linux Mint 19.3 both C++11 and C++17 modes. Compiled and passed tests locally. Tree-SHA512: a4b00776dbceef9c12abbb404c6bcd48f7916ce24c8c7a14116355f64e817578b7fcddbedd5ce435322319d1e4de43429b68553f4d96d970c308fe3e3e59b9d1
Agreed! It is very easy to get things wrong when reasoning about lifetime issues. This is really subtle topic filled with gotchas. The introduction of Personally I'm not convinced that it is a good idea to use As a rule of thumb: if the median reviewer has to think more than five seconds to answer "no" to the question "might there be a life-time issue hiding in this use of Somewhat related: "std::string_view encourages use-after-free; the Core Guidelines Checker doesn't complain" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @sipa, this PR led me to learn more about Span and C++20 std::span
via these resources, among the online ones:
-
C++ std:span: https://en.cppreference.com/w/cpp/container/span
-
Yesterday's Review Club notes/questions/meeting log: https://bitcoincore.reviews/18468
-
The C++ Core Guidelines site seems to be a source of interesting recommendations on when, why, and how to use std::span: https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines. It suggests using
std::span
in a fair number of places/reasons, among others:
- expressing intent
- improved code readability and tool support
- avoiding range errors and array decay to a pointer (losing its size, opening the opportunity for range errors; using span preserves size information)
- going further, avoiding passing arrays as a single pointer, as (pointer, size)-style interfaces are error-prone and a plain pointer (to array) must rely on some convention to allow the callee to determine the size
- potentially doing more at compile time vs run time
- potentially checking/catching run time errors earlier in the code
- abstraction for encapsulating messy constructs, rather than spreading them throughout the code
- reducing the number of function arguments, e.g. from pointer + size to a bounds-checked span representing a range
span<T>
or aspan_p<T>
ideal for designating half-open sequences, as informal/non-explicit ranges are a source of errors- helpful for using abstract classes as interfaces when complete separation of interface and implementation is needed
This PR debug-builds cleanly with gcc and clang, and the fuzzers build and run.
ACK 26acc8d (AFAICT), modulo the various follow-ups suggested above.
@aminroosta Thank you -- I found your link (and the downloadable presentation slides) really informative. |
fab57e2 doc: Mention Span in developer-notes.md (Pieter Wuille) 3502a60 doc: Document Span pitfalls (Pieter Wuille) Pull request description: This is an attempt to document pitfalls with the use of `Span`, following up on comments like #18468 (comment) and #18468 (comment) ACKs for top commit: laanwj: ACK fab57e2 Tree-SHA512: 8f6f277d6d88921852334853c2b7ced97e83d3222ce40c9fe12dfef508945f26269b90ae091439ebffddf03f939797cb28126b2387f77959069ef8909c25ab53
26acc8d Add sanity check asserts to span when -DDEBUG (Pieter Wuille) 2676aea Simplify usage of Span in several places (Pieter Wuille) ab303a1 Add Span constructors for arrays and vectors (Pieter Wuille) bb3d38f Make pointer-based Span construction safer (Pieter Wuille) 1f790a1 Make Span size type unsigned (Pieter Wuille) Pull request description: This improves our Span class by making it closer to the C++20 `std::span` one: * ~~Support conversion between compatible Spans (e.g. `Span<char>` to `Span<const char>`).~~ (done in bitcoin#18591) * Make the size type `std::size_t` rather than `std::ptrdiff_t` (the C++20 one underwent the same change). * Support construction of Spans directly from arrays, `std::string`s, `std::array`s, `std::vector`s, `prevector`s, ... (for all but arrays, this only works for const containers to prevent surprises). And then make use of those improvements in various call sites. I realize the template magic used looks scary, but it's only needed to make overload resultion make the right choices. Note that the operations done on values are all extremely simple: no casts, explicit conversions, or warning-silencing constructions. That should hopefully make it simpler to review. ACKs for top commit: laanwj: Code review ACK 26acc8d promag: Code review ACK 26acc8d. Tree-SHA512: 5a5bd346a140edf782b5b3b3f04d9160c7b9e9def35159814a07780ab1dd352545b88d3cc491e0f80d161f829c49ebfb952fddc9180f1a56f1257aa51f38788a
77c5073 Make Hash[160] consume range-like objects (Pieter Wuille) 02c4cc5 Make CHash256/CHash160 output to Span (Pieter Wuille) 0ef97b1 Make MurmurHash3 consume Spans (Pieter Wuille) e549bf8 Make CHash256 and CHash160 consume Spans (Pieter Wuille) 2a2182c Make script/standard's BaseHash Span-convertible (Pieter Wuille) e63dcc3 Add MakeUCharSpan, to help constructing Span<[const] unsigned char> (Pieter Wuille) 5678250 Make uint256 Span-convertible by adding ::data() (Pieter Wuille) 131a2f0 scripted-diff: rename base_blob::data to m_data (Pieter Wuille) Pull request description: This makes use of the implicit constructions and conversions to Span introduced in #18468 to simplify the hash.h interface: * All functions that take a pointer and a length are changed to take a Span instead. * The Hash() and Hash160() functions are changed to take in "range" objects instead of begin/end iterators. ACKs for top commit: laanwj: re-ACK 77c5073 jonatack: Code review re-ACK 77c5073 per `git range-diff 14ceddd 49fc016 77c5073` Tree-SHA512: 9ec929891b1ddcf30eb14b946ee1bf142eca1442b9de0067ad6a3c181e0c7ea0c99c0e291e7f6e7a18bd7bdf78fe94ee3d5de66e167401674caf91e026269771
77c5073 Make Hash[160] consume range-like objects (Pieter Wuille) 02c4cc5 Make CHash256/CHash160 output to Span (Pieter Wuille) 0ef97b1 Make MurmurHash3 consume Spans (Pieter Wuille) e549bf8 Make CHash256 and CHash160 consume Spans (Pieter Wuille) 2a2182c Make script/standard's BaseHash Span-convertible (Pieter Wuille) e63dcc3 Add MakeUCharSpan, to help constructing Span<[const] unsigned char> (Pieter Wuille) 5678250 Make uint256 Span-convertible by adding ::data() (Pieter Wuille) 131a2f0 scripted-diff: rename base_blob::data to m_data (Pieter Wuille) Pull request description: This makes use of the implicit constructions and conversions to Span introduced in bitcoin#18468 to simplify the hash.h interface: * All functions that take a pointer and a length are changed to take a Span instead. * The Hash() and Hash160() functions are changed to take in "range" objects instead of begin/end iterators. ACKs for top commit: laanwj: re-ACK 77c5073 jonatack: Code review re-ACK 77c5073 per `git range-diff 14ceddd 49fc016 77c5073` Tree-SHA512: 9ec929891b1ddcf30eb14b946ee1bf142eca1442b9de0067ad6a3c181e0c7ea0c99c0e291e7f6e7a18bd7bdf78fe94ee3d5de66e167401674caf91e026269771
Summary: ``` This improves our Span class by making it closer to the C++20 std::span one: - Make the size type std::size_t rather than std::ptrdiff_t (the C++20 one underwent the same change). - Support construction of Spans directly from arrays, std::strings, std::arrays, std::vectors, prevectors, ... (for all but arrays, this only works for const containers to prevent surprises). And then make use of those improvements in various call sites. I realize the template magic used looks scary, but it's only needed to make overload resultion make the right choices. Note that the operations done on values are all extremely simple: no casts, explicit conversions, or warning-silencing constructions. That should hopefully make it simpler to review. ``` Backport of core [[bitcoin/bitcoin#18468 | PR18468]]. Test Plan: ninja all check-all ninja bitcoin-fuzzers ./test/fuzz/test_runner.py <path_to_corpus> Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D9121
partial merge bitcoin#13697, bitcoin#18591, bitcoin#19387, bitcoin#18468: update constructors to match c++20 draft spec
a1f3aed util: make EncodeBase64 consume Spans (furszy) c36754f Add MakeUCharSpan, to help constructing Span<[const] unsigned char> (Pieter Wuille) 1f18199 Make uint256 Span-convertible by adding ::data() (Pieter Wuille) 0067590 Add lifetimebound to attributes for general-purpose usage (Cory Fields) 26eb256 span: add lifetimebound attribute (Cory Fields) 696e91f span: (almost) match std::span's constructor behavior (Cory Fields) da207d4 doc: Mention Span in developer-notes.md (Pieter Wuille) 138053d doc: Document Span pitfalls (Pieter Wuille) e2216d7 Add sanity check asserts to span when -DDEBUG (Pieter Wuille) ebcc978 Add Span constructors for arrays and vectors (Pieter Wuille) 38f105b Make pointer-based Span construction safer (Pieter Wuille) 33d5297 Make Span size type unsigned (Pieter Wuille) 17118e1 Support conversion between Spans of compatible types (Pieter Wuille) f36042f Span front() and back() methods and SpanPopBack function backport (furszy) 1b2e7c8 Add more methods to Span class (Pieter Wuille) Pull request description: Another decouple from #2411. Purely focused on updating the Span sources to be up-to-date with current upstream. Following PRs/commits were back ported: * bitcoin#13697 (only 29943a9) * 2b0fcff (only span changes). * bitcoin#18591 (only 0fbde48). * bitcoin#18468 (without 2676aea). * bitcoin#19367. * bitcoin#19387. * bitcoin#19326 (only 5678250 and e63dcc3 here). * bitcoin#19687 (only e2aa1a5 here, 2bc2071 is inside #2411 and require net related commits that are introduced down the commits line there). Extra side note: Some of the current serialization compiler warnings in master will be fixed with this, other ones are coming down 2411 commits line as they need other previous PRs. ACKs for top commit: random-zebra: Tested ACK a1f3aed Tree-SHA512: 256bc2064724ea6d4f6fac722fafb4ed3e2b4590cdad61bf1e4a5be25e0632bafcff39235ea6ed7badbef4f79dbb4f866356372a1b3c201af23873884baedfea
ecde04a [Consensus] Bump Active Protocol version to 70923 for v5.3 (random-zebra) b63e4f5 Consensus: Add v5.3 enforcement height for testnet. (furszy) f44be94 Only relay IPv4, IPv6, Tor addresses (Pieter Wuille) 015298c fix: tor: Call event_base_loopbreak from the event's callback (furszy) 34ff7a8 Consensus: Add mnb ADDRv2 guard. (furszy) b4515dc GUI: Present v3 onion addresses properly in MNs list. (furszy) 337d43d tests: don't export in6addr_loopback (Vasil Dimov) 2cde8e0 GUI: Do not show the tor v3 onion address in the topbar. (furszy) 0b5f406 Doc: update tor.md with latest upstream information. (furszy) 89df7f2 addrman: ensure old versions don't parse peers.dat (Vasil Dimov) bb90c5c test: add getnetworkinfo network name regression tests (Jon Atack) d8e01b5 rpc: update GetNetworksInfo() to not return unsupported networks (Jon Atack) 57fc7b0 net: update GetNetworkName() with all enum Network cases (Jon Atack) 647d60b tests: Modify rpc_bind to conform to bitcoin#14532 behaviour. (Carl Dong) d4d6729 Allow running rpc_bind.py --nonloopback test without IPv6 (Kristaps Kaupe) 4a034d8 test: Add rpc_bind test to default-run tests (Wladimir J. van der Laan) 61a08af [tests] bind functional test nodes to 127.0.0.1 Prevents OSX firewall (Sjors Provoost) 6a4f1e0 test: Add basic addr relay test (furszy) 78aa61c net: Make addr relay mockable (furszy) ba954ca Send and require SENDADDRV2 before VERACK (Pieter Wuille) 61c2ed4 Bump net protocol version + don't send 'sendaddrv2' to pre-70923 software (furszy) ccd508a tor: make a TORv3 hidden service instead of TORv2 (Vasil Dimov) 6da9a14 net: advertise support for ADDRv2 via new message (furszy) e58d5d0 Migrate to test_large_inv() to Misbehaving logging. (furszy) d496b64 [QA] fix mininode CAddress ser/deser (Jonas Schnelli) cec9567 net: CAddress & CAddrMan: (un)serialize as ADDRv2 Change the serialization of `CAddrMan` to serialize its addresses in ADDRv2/BIP155 format by default. Introduce a new `CAddrMan` format version (3). (furszy) b8c1dda streams update: get rid of nType and nVersion. (furszy) 3eaa273 Support bypassing range check in ReadCompactSize (Pieter Wuille) a237ba4 net: recognize TORv3/I2P/CJDNS networks (Vasil Dimov) 8e50853 util: make EncodeBase32 consume Spans (Sebastian Falbesoner) 1f67e30 net: CNetAddr: add support to (un)serialize as ADDRv2 (Vasil Dimov) 2455420 test: move HasReason so it can be reused (furszy) d41adb4 util: move HasPrefix() so it can be reused (Vasil Dimov) f6f86af Unroll Keccak-f implementation (Pieter Wuille) 45222e6 Implement keccak-f[1600] and SHA3-256 (Pieter Wuille) 08ad06d net: change CNetAddr::ip to have flexible size (furszy) 3337219 net: improve encapsulation of CNetAddr. (furszy) 910d5c4 test: Do not instantiate CAddrDB for static call (Hennadii Stepanov) 6b607ef Drop IsLimited in favor of IsReachable (Ben Woosley) a40711b IsReachable is the inverse of IsLimited (DRY). Includes unit tests (marcaiaf) 8839828 net: don't accept non-left-contiguous netmasks (Vasil Dimov) 5d7f864 rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr) 2a6abd8 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr) 4fdfa45 net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr) 31064a8 net: Minor accumulated cleanups (furszy) 9f9c871 tests: Avoid using C-style NUL-terminated strings as arguments (practicalswift) f6c52a3 tests: Add tests to make sure lookup methods fail on std::string parameters with embedded NUL characters (practicalswift) a751b9b net: Avoid using C-style NUL-terminated strings as arguments in the netbase interface (furszy) f30869d test: add IsRFC2544 tests (Mark Tyneway) ed5abe1 Net: Proper CService deserialization + GetIn6Addr return false if addr isn't an IPv6 addr (furszy) 86d73fb net: save the network type explicitly in CNetAddr (Vasil Dimov) ad57dfc net: document `enum Network` (Vasil Dimov) cb160de netaddress: Update CNetAddr for ORCHIDv2 (Carl Dong) c3c04e4 net: Better misbehaving logging (furszy) 3660487 net: Use C++11 member initialization in protocol (Marco) 082baa3 refactor: Drop unused CBufferedFile::Seek() (Hennadii Stepanov) e2d776a util: CBufferedFile fixes (Larry Ruane) 6921f42 streams: backport OverrideStream class (furszy) Pull request description: Conjunction of a large number of back ports, updates and refactorings that made with the final goal of implementing v3 Onion addresses support (BIP155 https://github.com/bitcoin/bips/blob/master/bip-0155.mediawiki) before the tor v2 addresses EOL, scheduled, by the Tor project, for (1) July 15th: v2 addr support removal from the code base, and (2) October 15th: v2 addr network disable, where **every peer in our network running under Tor will loose the connection and drop the network**. As BIP155 describes, this is introducing a new P2P message to gossip longer node addresses over the P2P network. This is required to support new-generation Onion addresses, I2P, and potentially other networks that have longer endpoint addresses than fit in the 128 bits of the current addr message. In order to achieve the end goal, had to: 1. Create Span class and push it up to latest Bitcoin implementation. 2. Update the whole serialization framework and every object using it up to latest Bitcoin implementation (3-4 years ahead of what we currently are in master). 3. Update the address manager implementing ASN-based bucketing of the network nodes. 4. Update and refactor the netAddress and address manager tests to latest Bitcoin implementation (4 years ahead of what we currently are in master). 5. Several util string, vector, encodings, parsing, hashing backports and more.. Important note: This PR it is not meant to be merged as a standalone PR, will decouple smaller ones moving on. Adding on each sub-PR its own description isolated from this big monster. Second note: This is still a **work-in-progress**, not ready for testing yet. I'm probably missing to mention few PRs that have already adapted to our sources. Just making it public so can decouple the changes, we can start merging them and i can continue working a bit more confortable (rebase a +170 commits separate branch is not fun..). ### List of back ported and adapted PRs: Span and Serialization: ---------------- * bitcoin#12886. * bitcoin#12916. * bitcoin#13558. * bitcoin#13697. (Only Span's commit 29943a9) * bitcoin#17850. * bitcoin#17896. * bitcoin#12752. * bitcoin#16577. * bitcoin#16670. (without faebf62) * bitcoin#17957. * bitcoin#18021. * bitcoin#18087. * bitcoin#18112 (only from 353f376 that we don't support). * bitcoin#18167. * bitcoin#18317. * bitcoin#18591 (only Span's commit 0fbde48) * bitcoin#18468. * bitcoin#19020. * bitcoin#19032. * bitcoin#19367. * bitcoin#19387. Net, NetAddress and AddrMan: ---------------- * bitcoin#7932. * bitcoin#10756. * bitcoin#10765. * bitcoin#12218. * bitcoin#12855. * bitcoin#13532. * bitcoin#13575. * bitcoin#13815. * bitcoin#14532. * bitcoin#15051. * bitcoin#15138. * bitcoin#15689. * bitcoin#16702. * bitcoin#17243. * bitcoin#17345. * bitcoin#17754. * bitcoin#17758. * bitcoin#17812. * bitcoin#18023. * bitcoin#18454. * bitcoin#18512. * bitcoin#19314. * bitcoin#19687 Keys and Addresses encoding: ---------------- * bitcoin#11372. * bitcoin#17511. * bitcoin#17721. Util: ---------------- * bitcoin#9140. * bitcoin#16577. * bitcoin#16889. * bitcoin#19593. Bench: ---------------- * bitcoin#16299. BIP155: ---------------- * bitcoin#19351. * bitcoin#19360. * bitcoin#19534. * bitcoin#19628. * bitcoin#19841. * bitcoin#19845. * bitcoin#19954. * bitcoin#19991 (pending). * bitcoin#19845. * bitcoin#20000 (pending). * bitcoin#20120. * bitcoin#20284. * bitcoin#20564. * bitcoin#21157 (pending). * bitcoin#21564 (pending). * Fully removed v2 onion addr support. * Add hardcoded seeds. * Add release-notes, changes to files.md and every needed documentation. I'm currently working on the PRs marked as "pending", this isn't over, but I'm pretty pretty close :). What a long road.. ACKs for top commit: random-zebra: utACK ecde04a Fuzzbawls: ACK ecde04a Tree-SHA512: 82c95fbda76fce63f96d8a9af7fa9a89cb1e1b302b7891e27118a6103af0be23606bf202c7332fa61908205e6b6351764e2ec23d753f1e2484028f57c2e8b51a
This improves our Span class by making it closer to the C++20
std::span
one:Support conversion between compatible Spans (e.g.(done in Add C++17 build to Travis #18591)Span<char>
toSpan<const char>
).std::size_t
rather thanstd::ptrdiff_t
(the C++20 one underwent the same change).std::string
s,std::array
s,std::vector
s,prevector
s, ... (for all but arrays, this only works for const containers to prevent surprises).And then make use of those improvements in various call sites.
I realize the template magic used looks scary, but it's only needed to make overload resultion make the right choices. Note that the operations done on values are all extremely simple: no casts, explicit conversions, or warning-silencing constructions. That should hopefully make it simpler to review.