Upgrade bitcoin dependency to v0.29.0

[tcharding]

This is going to need a pretty careful review by @sanket1729 and/or @apoelstra to double check all the sequence/lock_time stuff. Even with the new APIs this stuff is non-trivial. This patch changes the current behaviour around logic for these two types. I am unable to work out if current behaviour has bugs in it or if I just don't fully understand it.

Note

Please ignore the branch name, it stale now since this PR upgrades to the newly released bitcoin v0.29.1

[Kixunil]

I found a few mistakes. Disclaimer: didn't do super-deep review.

[Kixunil]

This is actually wrong, a new variant could be added for any reason. To correctly handle the error it needs to be returned.

If this is too much hassle maybe we should improve the API or perhaps commit to never changing TaprootBuilderError and remove #[non_exhaustive]

[tcharding]

This whole error match is strange, every error variant has an unreachable!. To be honest I was mainly just interested in checking that rust-bitcoin worked so I just hacked this up to make it build.

[Kixunil]

They have explanation why it should be OK, so I think it's fine. But it makes me question the whole API. Maybe we should've used typestate instead?

[sanket1729]

I will make a cleanup PR to upstream to cleanup this API

[sanket1729]

Opened rust-bitcoin/rust-bitcoin#1151

[tcharding]

This is fixed now, please check my use of a single unreachable statement @sanket1729

[Kixunil]

time was definitely a better name than n.

[tcharding]

Its a block height or a block time. n is from n OP_CLTV and nLockTime - that's why I used n.

[Kixunil]

n in nLockTime literally means number. It's meaningless. I do see that time is confusing, so lock_time would be better because most people already know it can be height.

[tcharding]

Used lock_time for this field and similarly sequence for SatisfiedConstraint::RelativeTimelock field.

[Kixunil]

Doesn't Hash impl Deref? if it does this shouldn't be needed at all.

[tcharding]

I added this because of the trait bounds on Hash trait (from bitcoin_consensus). Deref doesn't help with that, right? Or am I missing something?

[Kixunil]

I don't see any Hash trait in bitcoin_consensus, I guess you mean bitcoin_hashes. You're right that Deref doesn't help but it's a question if that bound should be there since it's quite burdensome. I'd have to look into it deeper. The first check is will anything break if we remove it?

[tcharding]

I'll investigate this, cheers.

[tcharding]

Please see: rust-bitcoin/bitcoin_hashes#168

[Kixunil]

Did the code originally attempt to check if lock times are actually enabled or something?

[tcharding]

Originally both sequnece and locktime (After and Older) where handled together. When I split them apart I kept the disable check even though it seemed wrong, finally I got the confidence to remove it :)

[apoelstra]

It's not just after vs older -- the original code would look at a u32 which might contain a value that didn't encode any locktime at all.

It's not clear to me that this check can be removed.

[tcharding]

No worries, since this PR is not a merge candidate this bridge doesn't need crossing now. I imagine between @apoelstra and @sanket1729 this will have to be worked out when miniscript upgrades to use rust-bitcoin 0.29.0.

[tcharding]

Flagging this thread, this will need resolving before we can consider upgrading to the newly release version of rust-bitcoin. Sorry to be a drag but I think this is kind of subtle and will need input by @sanket1729 and/or @apoelstra to work it out. I can code up the solution.

[sanket1729]

I feel confident that removing this check is correct. This was just checking something else entirely which was wrong.

This was checking a check on sequence values in script which has no constraints. The only constraint we have is on transaction's sequence, which is different from checking the number encoded in script.

[sanket1729]

@apoelstra are you convinced that this is resolved?

[apoelstra]

Let me re-read this PR.

[tcharding]

Thanks for the review @Kixunil!

[sanket1729]

Mostly ACK. did a round of careful review. Just waiting on reply for comparison FIXME comment

[sanket1729]

nit(here and elsewhere): slightly prefer to use t.to_u32() over t.0

[tcharding]

I think I changed them all.

[sanket1729]

Just making sure that this was a bug that was fixed here

[tcharding]

I believe so but that belief is based on the meaningless-ness of comparing a LockTime to the disable bit of sequence.

[tcharding]

I'm still at a loss as to exactly what the comment means. It should be removed now though, right?

[sanket1729]

I feel confident that removing this check is correct. This was just checking something else entirely which was wrong.

This was checking a check on sequence values in script which has no constraints. The only constraint we have is on transaction's sequence, which is different from checking the number encoded in script.

[sanket1729]

Indeed, sorry I was absent during the review of the initial code. I get it that there was some hesitance in implementing PartialOrd, but why not have a method that returns Optioncmp::Ordering?

We should really not need to check that they are same units here.

[apoelstra]

PartialOrd gives us a method that returns Option<cmp::Ordering>. It's Ord that we couldn't implement, because there is no natural total ordering on timelocks, but which we wanted to implement so that you could use Vec::sort and derive Ord on structures that contain timelocks.

[Kixunil]

I think @sanket1729 means that PartialOrd still allows < and > operators which are foot guns. Maybe this should be a clippy lint.

[tcharding]

Thanks for the review @sanket1729, I'll get back to this soonish, no rush because AFAIU there are a few other crates to upgrade first. Feel free to take this work and use it if you don't want to wait for me.

[LLFourn]

The previous implementation masked the sequence before doing the comparison. How can we justify not doing this here? What if one has the RBF disabled and the other doesn't for example (disabling RBF will always be the highest value unless you mask out that bit).

PS methods on Sequence like is_satisfied_by_height and is_satisfied_by_time would be super useful here.

[tcharding]

How can we justify not doing this here?

Thanks man, you are 100% correct, this code is not the same as the code it replaces - that's my bug.

PS methods on Sequence like is_satisfied_by_height and is_satisfied_by_time would be super useful here.

A relative lock time type is meant to be in the works (not sure if anyone is actively working on it yet) and that type would have these methods you suggest. When Sequence was added relative lock time methods were explicitly out of scope.

[tcharding]

I've reverted these changes, so we now have

        // We need a relative lock time type in rust-bitcoin to clean this up.

        /* If nSequence encodes a relative lock-time, this mask is
         * applied to extract that lock-time from the sequence field. */
        const SEQUENCE_LOCKTIME_MASK: u32 = 0x0000ffff;
        const SEQUENCE_LOCKTIME_TYPE_FLAG: u32 = 0x00400000;

        let mask = SEQUENCE_LOCKTIME_MASK | SEQUENCE_LOCKTIME_TYPE_FLAG;
        let masked_n = n.to_consensus_u32() & mask;
        let masked_seq = self.to_consensus_u32() & mask;
        if masked_n < SEQUENCE_LOCKTIME_TYPE_FLAG && masked_seq >= SEQUENCE_LOCKTIME_TYPE_FLAG {
            false
        } else {
            masked_n <= masked_seq
        }

[tcharding]

Please see #455 which implements this using a new relative::LockTime API.

[LLFourn]

If you introduce a relative locktime type then it should probably be passed in here instead of Sequence.

[tcharding]

Thanks man, I've done that now in the demo PR.

[sanket1729]

I don't think we should wait for relative lock time PR in bitcoin 0.30.0. We would need a version of rust-miniscript that supports bitcoin 0.29.0

[sanket1729]

This is okay, but I would have expected an API like

let cmp_res = t.is_greater_than(n) ; // Any other name.  

match(cmp_res) {
	Some(true),
	Some(false),
	None,
}

Rust miniscript/or any other downstream project should need to know that they should check !t.is_same_unit() before comparing.

Perhaps, something worth looking at 0.30.0

[tcharding]

We could add a method is_satisfied_by_lock in the same manner as relative::LockTime.

[tcharding]

Which would give us the much nicer:

            Policy::After(t) => {
                let t = LockTime::from(t);
                } else if !t.is_satisfied_by_lock(n) {
                    Policy::Unsatisfiable
                } else {
                    Policy::After(t.into())
                }
            }

[tcharding]

rust-bitcoin/rust-bitcoin#1258

[tcharding]

Face palm, we actually provide a patter for this in the rustdocs (double face palm, I even wrote the rustdocs and still forgot to use the correct pattern)

I've updated the PR to be

            Policy::After(t) => {
                let t = LockTime::from(t);
                let is_satisfied_by = match (t, n) {
                    (Blocks(t), Blocks(n)) => t <= n,
                    (Seconds(t), Seconds(n)) => t <= n,
                    _ => false
                };
                if !is_satisfied_by {
                    Policy::Unsatisfiable
                } else {
                    Policy::After(t.into())
                }
            }

[tcharding]

Hey @sanket1729, seems @josediegorobles is pretty keen to use the upcoming release, is there anything else that needs doing before we can consider this PR and get a release out?

[sanket1729]

Hi @tcharding, there is nothing that needs to be done in particular here. I have a few cleanups in mind, but those can wait for 8.1.0 . I will look into preparing a new release this week.

[josediegorobles]

Hi, @sanket1729 by suggestion of @tcharding i started a PR for the release: tcharding#1

What version must be, 7.1.0 or 8.0.0? And what other things must be on the changelog?

[sanket1729]

ACK 24a2498. Reviewed by range-diff from c51595b .

I am waiting on @apoelstra to respond to the comment issue he raised. #450 (comment)

[apoelstra]

nit: there was no need for the |x| here

[apoelstra]

ACK 24a2498

[apoelstra]

@sanket1729 in future before merging can you edit PR descriptions to remove the @ signs before people's names? Otherwise github creates spurious notifications for them.

[sanket1729]

@apoelstra, will take care from next time

[tcharding]

Should I just not put mentions in the PR description? I thought it was only in the commit log (on the actual patch) that mattered?

[apoelstra]

@tcharding no, it matters both on the commits and in the PR description. (Though the PR description is really easy to edit, for anyone with merge permissions, while the commits are a pain.)

[tcharding]

My bad, duly schooled :)

[Kixunil]

@apoelstra are you sure? I was never spuriously notified from PRs. Creation doesn't count as spurious - I consider mentioning explicitly wanting to notify someone.

[apoelstra]

@Kixunil yes, though I believe the reason is that our merge script copies the entire PR description into the merge commit message.

[Kixunil]

Ah, good point! Could the merge script be modified to replace ([:whitespace:])@([a-zA-Z0-9_-]+[:whitespace]]) with \1\2 in PR description?

[apoelstra]

I don't know -- could you open an issue on https://github.com/bitcoin-core/bitcoin-maintainer-tools/ ?

Note that it does currently display an angry warning if there are @s in the PR description, which I always respond to by just editing the PR description and trying again ... maybe they don't want to modify PRs by default but it'd be nice if there was at least a gitconfig flag or something to do it.