Make Hash independent of char signedness

[laanwj]

Solves an elusive issue with BloomFilterPolicy and interoperability of data files between platforms with signed char (such as x86) and platforms with unsigned char (such as ARM) (see bitcoin/bitcoin#2293).

• Add casts to Hash() to treat chars as unsigned (I think this was intended).
• Add tests for Hash.
• Change name of algoritm in BloomFilterPolicy::Name to make sure that filters are recomputed; this provides forward and backward compatibility. BloomFilterPolicy has the only use of Hash() that is stored to disk.

I suppose we want to take this upstream first, but those that need this can already apply this patch.

[sipa]

Nice debugging!

I wonder whether Hash() was intended to operate on unsigned data. If so, why doesn't it take an unsigned char pointer as input? IIRC, on x86 char is signed.

[laanwj]

@sipa Yes, on x86 char is signed. However at the top of the function it operates on unsigned data (uint32_t, DecodeFixed32). Hence I assume that this is the intent in the bottom part as well.

Changing the type of the parameter is certainly a possibility too but I wanted to limit code impact as much as possible.

[sipa]

Is this new code? 2011 seems a bit in the past...

[laanwj]

Yes, it has new code, but I copied the framework (including the comment) from another _test.cc file.

[laanwj]

Upstream issue https://code.google.com/p/leveldb/issues/detail?id=237

[sipa]

Hmm, what is the behaviour of "filters being recomputed". Does it actively rebuild the bloom filter at load time, or does the filter just fail until the sstable file is rewritten? My guess is the latter, but I haven't verified the code.

If so, I wonder whether effectively disabling bloom filtering for all existing database until files are rewritten will be acceptable upstream. An alternative would be replicating the "buggy" behaviour and making it use signed chars for the padding on every platform.

[laanwj]

I've thought about that, but replicating the buggy behaviour doesn't help, it will create the same problem but in the other direction. There is no way to detect that a database used the wrong hash function.
(well - apart from 'Uses BloomFilterPolicy and is created by leveldb < vXXXX' - but that doesn't tell you whether the database was written with signed or unsigned chars)

So as I see it the only solution is to blanket recompute all bloom filters. Not sure if this requires any manual action, but it indeed seems so, TableBuilder uses a FilterBlockBuilder to build the filter once the table is 'finished'. Seemingly the new function will only be used for new tables, and the filter will be ignored for old tables.

(then again I don't know exactly how the implementation works either... it creates new tables every time the last table is full?)

[sipa]

Tables are immutable. They're created once as the result of a compaction, and used until they are removed through another compactions. Compactions happen when log files grow too large, or periodically to keep performance up.

[laanwj]

Ok, then it's clear: only after the next compaction of a table you'll get filter functionality back for that data.
In our case that would be acceptable, as correctness trumps performance, but indeed it's not clear what upstream is going to do. The ball is in their court now.

[dsnark]

I have tested this patch.

• built bitcoind on ARMv7
• copied in an x86 chainstate

Node was completely borked with connect block errors.

• applied this patch and built on ARMv7
• copied in an x86 chainstate

Loaded the node on ARMv7 with no issues, sync continued and remains stable.

[laanwj]

This is part of leveldb upstream now; see bitcoin/bitcoin#5093