refactor: Remove pre-C++20 code, fs::path cleanup #29040
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. |
DrahtBot
changed the title
maflcko
force-pushed
the
2312-fs-cleanup-
branch
from
f6ab8af to
3007bd6
Compare
|
Concept ACK.
Does it happen on the master branch? |
maflcko
force-pushed
the
2312-fs-cleanup-
branch
from
3007bd6 to
0d66eea
Compare
vasild
left a comment
vasild
left a comment
There was a problem hiding this comment.
Almost ACK 0d66eea93f1e115b2e9e00ee2e89cd967f826d22, modulo the comment below about the u8string() method.
The operator accepts a const& reference, so no copy or move is needed. See https://en.cppreference.com/w/cpp/filesystem/path/append
Also, add missing includes: #include <system_error> // for error_code #include <type_traits> // for is_same #include <cerrno> // for errno
Treating std::string as UTF-8 is deprecated in std::filesystem::path since C++20. However, it makes this codebase easier to read and maintain to retain the ability for std::string to hold UTF-8.
`ArgsManager::m_cached_blocks_path` is protected by
`ArgsManager::cs_args` and returning a reference to it after releasing
the mutex is unsafe.
To resolve this, return a copy of the path. This has some performance
penalty which is presumably ok, given that paths are a few 100s bytes
at most and `GetBlocksDirPath()` is not called often.
This silences the following (clang 18):
```
common/args.cpp:288:31: error: returning variable 'm_cached_blocks_path' by reference requires holding mutex 'cs_args' [-Werror,-Wthread-safety-reference-return]
288 | if (!path.empty()) return path;
| ^
```
Do the same with
`ArgsManager::GetDataDir()`,
`ArgsManager::GetDataDirBase()` and
`ArgsManager::GetDataDirNet()`.
maflcko
force-pushed
the
2312-fs-cleanup-
branch
from
0d66eea to
856c887
Compare
vasild
left a comment
vasild
left a comment
There was a problem hiding this comment.
ACK 856c887
I realized that this discussion #29040 (comment) is not a blocker for this PR because it merely removes a comment and changes const auto to const u8string which is noop, just a style thing.
|
It wasn't written by me, so I not setting the prefix. This makes it easier for me to (fuzzily) recall which commits were authored by me and whose weren't, by just looking at the prefix. |
|
I pushed a commit, but it is not a scripted-diff. |
ryanofsky
left a comment
ryanofsky
left a comment
There was a problem hiding this comment.
Code review ACK facdafaea8cfc2a37e55173d0500794c80b28f7f.
Only change since last review is a new commit renaming the fs::path::u8string method.
vasild
left a comment
vasild
left a comment
There was a problem hiding this comment.
ACK facdafaea8cfc2a37e55173d0500794c80b28f7f
To verify that nothing has been forgotten in the last commit which renames fs::path::u8string() to fs::path::utf8string() I added std::u8string u8string() const = delete;. The only call to that function is in BOOST_CHECK(fs::path(str8).u8string() == str8); which I guess is intentional.
maflcko
force-pushed
the
2312-fs-cleanup-
branch
from
facdafa to
6666713
Compare
This should not be needed, because the two functions return different and incompatible types, so any oversight should result in a compile failure as-is. |
|
@vasild FWIW, Bitcoin Core used to use json-spirit before the introduction of UniValue. The motivating argument was being able to access the string representation of numeric value (because when amounts are passed as JSON "numbers", we don't want to roundtrip through |
There was a problem hiding this comment.
Code review ACK 6666713. Just documentation change since last review.
To clarify and clean things up more, we could also document the fs::path::utf8string() method and fs::u8path() function as being inverses of each other, and maybe rename fs::u8path to fs::utf8path for consistency. I don't think either of these things are necessary though, just thoughts for improvement.
I think it is nice that it shadows the deprecated "constructor", but I am happy to review a follow-up. (Can be a scripted-diff, because no use of the deprecated |
|
ACK 6666713 |
… releasing the mutex that guards it 32a9f13 wallet: avoid returning a reference to vMasterKey after releasing the mutex that guards it (Vasil Dimov) Pull request description: `CWallet::GetEncryptionKey()` would return a reference to the internal `CWallet::vMasterKey`, guarded by `CWallet::cs_wallet`, which is unsafe. Returning a copy would be a shorter solution, but could have security implications of the master key remaining somewhere in the memory even after `CWallet::Lock()` (the current calls to `CWallet::GetEncryptionKey()` are safe, but that is not future proof). So, instead of `EncryptSecret(m_storage.GetEncryptionKey(), ...)` change the `GetEncryptionKey()` method to provide the encryption key to a given callback: `m_storage.WithEncryptionKey([](const CKeyingMaterial& k) { EncryptSecret(k, ...); })` This silences the following (clang 18): ``` wallet/wallet.cpp:3520:12: error: returning variable 'vMasterKey' by reference requires holding mutex 'cs_wallet' [-Werror,-Wthread-safety-reference-return] 3520 | return vMasterKey; | ^ ``` --- _Previously this PR modified both ArgsManager and wallet code. But the ArgsManager commit 856c887 was merged in #29040 so now this only affects wallet code. The previous PR description was:_ Avoid this unsafe pattern from `ArgsManager` and `CWallet`: ```cpp class A { Mutex mutex; Foo member GUARDED_BY(mutex); const Foo& Get() { LOCK(mutex); return member; } // callers of `Get()` will have access to `member` without owning the mutex. ``` ACKs for top commit: achow101: ACK 32a9f13 ryanofsky: Code review ACK 32a9f13. This seems like a potentially real race condition, and the fix here is pretty simple. furszy: ACK 32a9f13 Tree-SHA512: 133da84691642afc1a73cf14ad004a7266cb4be1a6a3ec634d131dca5dbcdef52522c1d5eb04f5b6c4e06e1fc3e6ac57315f8fe1e207b464ca025c2b4edefdc1
…h cleanup It fixes return reference to const variable under mutex which is not a good idea
…y after releasing the mutex that guards it 32a9f13 wallet: avoid returning a reference to vMasterKey after releasing the mutex that guards it (Vasil Dimov) Pull request description: `CWallet::GetEncryptionKey()` would return a reference to the internal `CWallet::vMasterKey`, guarded by `CWallet::cs_wallet`, which is unsafe. Returning a copy would be a shorter solution, but could have security implications of the master key remaining somewhere in the memory even after `CWallet::Lock()` (the current calls to `CWallet::GetEncryptionKey()` are safe, but that is not future proof). So, instead of `EncryptSecret(m_storage.GetEncryptionKey(), ...)` change the `GetEncryptionKey()` method to provide the encryption key to a given callback: `m_storage.WithEncryptionKey([](const CKeyingMaterial& k) { EncryptSecret(k, ...); })` This silences the following (clang 18): ``` wallet/wallet.cpp:3520:12: error: returning variable 'vMasterKey' by reference requires holding mutex 'cs_wallet' [-Werror,-Wthread-safety-reference-return] 3520 | return vMasterKey; | ^ ``` --- _Previously this PR modified both ArgsManager and wallet code. But the ArgsManager commit bitcoin@856c887 was merged in bitcoin#29040 so now this only affects wallet code. The previous PR description was:_ Avoid this unsafe pattern from `ArgsManager` and `CWallet`: ```cpp class A { Mutex mutex; Foo member GUARDED_BY(mutex); const Foo& Get() { LOCK(mutex); return member; } // callers of `Get()` will have access to `member` without owning the mutex. ``` ACKs for top commit: achow101: ACK 32a9f13 ryanofsky: Code review ACK 32a9f13. This seems like a potentially real race condition, and the fix here is pretty simple. furszy: ACK 32a9f13 Tree-SHA512: 133da84691642afc1a73cf14ad004a7266cb4be1a6a3ec634d131dca5dbcdef52522c1d5eb04f5b6c4e06e1fc3e6ac57315f8fe1e207b464ca025c2b4edefdc1
…itcoin#28774 - lock annotations 1db9e6a Merge bitcoin#19979: Replace LockAssertion with AssertLockHeld, remove LockAssertion (MarcoFalke) d0a4198 Merge bitcoin#21598: refactor: Remove negative lock annotations from globals (MarcoFalke) 55114a6 Merge bitcoin#19668: Do not hide compile-time thread safety warnings (MarcoFalke) 898282d Merge bitcoin#28774: wallet: avoid returning a reference to vMasterKey after releasing the mutex that guards it (Ava Chow) 6d45284 fix: add missing lock annotation for ContextualCheckBlock and related TODO (Konstantin Akimov) 846ebab fix: fixes for orphange's locks and cs_main (Konstantin Akimov) 002580c fix: add ignoring safety-annotation for llmq/signing_shares due to template lambdas (Konstantin Akimov) 502d6ae fix: add multiple missing annotation about locks for dash specific code (Konstantin Akimov) a219a8b partial Merge bitcoin#29040: refactor: Remove pre-C++20 code, fs::path cleanup (Konstantin Akimov) 042e8a4 fix: drop unneded lock assert in net.cpp for m_nodes_mutex (Konstantin Akimov) Pull request description: ## What was done? These 4 backports improve noticeable implementation of thread-safety analysis by moving many possible warnings to compilation level. There's a lot of fixes for annotations after that! ## How Has This Been Tested? Build with clang: ``` CC=clang CXX=clang++ ./configure --prefix=$(pwd)/depends/x86_64-pc-linux-gnu --enable-suppress-external-warnings --enable-debug --enable-stacktraces --enable-werror --enable-crash-hooks --enable-maintainer-mode ``` ## Breaking Changes n/a ## Checklist: - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas - [x] I have added or updated relevant unit/integration/functional/e2e tests - [x] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone ACKs for top commit: UdjinM6: utACK 1db9e6a PastaPastaPasta: utACK 1db9e6a Tree-SHA512: 42a73e423f311689babc366b58a92f024556cf63af93357cfa0715c471efc1491d02ed9e7ba19b23efcdf423ab5bd051a24da2ad64c32e4b6db132a05f6669c1
8 participants
This: