Skip to content

refactor: Drop unsafe AsBytePtr function #27978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
achow101 merged 1 commit into from
Jun 29, 2023
Merged

refactor: Drop unsafe AsBytePtr function #27978

achow101 merged 1 commit into from
Jun 29, 2023

Conversation

@ryanofsky
Copy link
Contributor

@ryanofsky ryanofsky commented Jun 26, 2023
edited
Loading

Replace calls to AsBytePtr with calls to AsBytes or reinterpret_cast. AsBytePtr is just a wrapper around reinterpret_cast. It accepts any type of pointer as an argument and uses reinterpret_cast to cast the argument to a std::byte pointer.

Despite taking any type of pointer as an argument, it is not useful to call AsBytePtr on most types of pointers, because byte representations of most types will be platform specific or undefined. Also, because it is named similarly to the AsBytes function, AsBytePtr looks safer than it actually is. Both AsBytes and AsBytePtr call reinterpret_cast internally and may be unsafe to use with certain types, but AsBytes at least has some type checking and can only be called on Span objects, while AsBytePtr can be called on any pointer argument.

The change was motivated by discussion on #27973 and #27927 and is compatible with those PRs

@DrahtBot
Copy link
Contributor

DrahtBot commented Jun 26, 2023
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Reviews

See the guideline for information on the review process.

Type Reviewers
ACK jonatack, sipa, achow101
Stale ACK MarcoFalke

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

sipa
sipa reviewed Jun 26, 2023
View reviewed changes
@ryanofsky
Copy link
Contributor Author

ryanofsky commented Jun 26, 2023

Updated 3fca8c3 -> 2109a14 (pr/noptr.1 -> pr/noptr.2, compare) using AsBytes and a SpanFromDbt function to avoid reinterpret_cast in a few places

@maflcko
Copy link
Member

maflcko commented Jun 27, 2023

Needs rebase

lgtm ACK 2109a14 🐭

Show signature

Signature:

untrusted comment: signature from minisign secret key on empty file; verify via: minisign -Vm "${path_to_any_empty_file}" -P RWTRmVTMeKV5noAMqVlsMugDDCyyTSbA3Re5AkUrhvLVln0tSaFWglOw -x "${path_to_this_whole_four_line_signature_blob}"
RUTRmVTMeKV5npGrKx1nqXCw5zeVHdtdYURB/KlyA/LMFgpNCs+SkW9a8N95d+U4AP1RJMi+krxU1A3Yux4bpwZNLvVBKy0wLgM=
trusted comment: lgtm ACK 2109a147406247bb654ee5fb8421a8594919fbd5 🐭
s0s73KuMSK4XPfToyrjbfKq/G1uRROhpS1JoQ1ok0h6dsWjvu6s80qPtfU6rWJmBf8In1XqiGmp6oA7r3AdrCQ==

This was referenced Jun 27, 2023
Merged
Closed
@ryanofsky
Copy link
Contributor Author

ryanofsky commented Jun 27, 2023

Rebased 2109a14 -> 650ca0d (pr/noptr.2 -> pr/noptr.3, compare) due to conflict with #27479

jonatack
jonatack reviewed Jun 27, 2023
View reviewed changes
Copy link
Member

@jonatack jonatack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 650ca0d

src/wallet/bdb.h Outdated
{
return {reinterpret_cast<const std::byte*>(dbt.get_data()), dbt.get_size()};
}

Copy link
Member

@jonatack jonatack Jun 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense for SpanFromDbt() to be a static method in src/wallet/bdb.cpp instead, which contains its only callers?

@DrahtBot DrahtBot requested a review from maflcko June 27, 2023 19:53
@ryanofsky @sipa
refactor: Drop unsafe AsBytePtr function
7c85361 
Replace calls to AsBytePtr with direct calls to AsBytes or reinterpret_cast.
AsBytePtr is just a wrapper around reinterpret_cast. It accepts any type of
pointer as an argument and uses reinterpret_cast to cast the argument to a
std::byte pointer.

Despite taking any type of pointer as an argument, it is not useful to call
AsBytePtr on most types of pointers, because byte representations of most types
will be implmentation-specific. Also, because it is named similarly to the
AsBytes function, AsBytePtr looks safer than it actually is. Both AsBytes and
AsBytePtr call reinterpret_cast internally and may be unsafe to use with
certain types, but AsBytes at least has some type checking and can only be
called on Span objects, while AsBytePtr can be called on any pointer argument.

Co-authored-by: Pieter Wuille <[email protected]>
@ryanofsky
Copy link
Contributor Author

ryanofsky commented Jun 28, 2023

Updated 650ca0d -> 7c85361 (pr/noptr.3 -> pr/noptr.4, compare) switching from AsWritableBytes to MakeWritableByteSpan, making SpanFromDbt a static function, and adding a SpanFromBlob function to simplify sqlite code

@jonatack
Copy link
Member

jonatack commented Jun 28, 2023

re-ACK 7c85361

The OP and commit message might need to be updated a bit.

@sipa
Copy link
Member

sipa commented Jun 29, 2023
edited
Loading

utACK 7c85361

I've also changed AsBytes(Span{x}) -> MakeByteSpan(x) and similar where possible in #27993.

@achow101
Copy link
Member

achow101 commented Jun 29, 2023

ACK 7c85361

@achow101 achow101 merged commit 561915f into bitcoin:master Jun 29, 2023
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Jun 30, 2023
@achow101
Merge bitcoin#27978: refactor: Drop unsafe AsBytePtr function
efd2416 
7c85361 refactor: Drop unsafe AsBytePtr function (Ryan Ofsky)

Pull request description:

  Replace calls to `AsBytePtr` with calls to `AsBytes` or `reinterpret_cast`. `AsBytePtr` is just a wrapper around `reinterpret_cast`. It accepts any type of pointer as an argument and uses `reinterpret_cast` to cast the argument to a `std::byte` pointer.

  Despite taking any type of pointer as an argument, it is not useful to call `AsBytePtr` on most types of pointers, because byte representations of most types will be platform specific or undefined. Also, because it is named similarly to the `AsBytes` function, `AsBytePtr` looks safer than it actually is. Both `AsBytes` and `AsBytePtr` call reinterpret_cast internally and may be unsafe to use with certain types, but AsBytes at least has some type checking and can only be called on `Span` objects, while `AsBytePtr` can be called on any pointer argument.

  The change was motivated by discussion on bitcoin#27973 and bitcoin#27927 and is compatible with those PRs

ACKs for top commit:
  jonatack:
    re-ACK 7c85361
  sipa:
    utACK 7c85361
  achow101:
    ACK 7c85361

Tree-SHA512: 200d858b1d4d579f081a7f9a14d488a99713b4918b4564ac3dd5c18578d927dbd6426e62e02f49f04a3fa73ca02ff7109c495cb0b92bec43c27d9b74e2f95757
@bitcoin bitcoin locked and limited conversation to collaborators Jun 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@sipa sipa sipa left review comments

@maflcko maflcko Awaiting requested review from maflcko

+1 more reviewer

@jonatack jonatack jonatack left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Refactoring

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@ryanofsky @DrahtBot @maflcko @jonatack @sipa @achow101