ping @sipa . I'm hoping this resembles what you had in mind.

Hum. Wish you had pinged me. Had this half-done already. Oh well -- fully done is better than that.

Untested, quick-review ACK. This is the direction I was headed -- ScriptNum replaces BigNum. Looks good to me.

@jgarzik Ah, I didn't realize you were working on it. I've seen a few discussions lately about outside-access to script verification, and this seemed the logical place to start hacking toward that end.

Do you have anything in the works regarding such libification? If so, I'd definitely prefer not to duplicate the work. Otherwise, I'll keep at it after a short detour for some build-system stuff.

Oh, I (and others) have been talking about the idea of separating script evaluation (and later perhaps the whole of validation) into separate low-dependency libraries. I didn't expect such immediate progress towards that... sorry if that caused some duplicate work.

Approach looks good to me, but this will require very careful inspection and testing.

Agree on the direction and code changes look good on first glace (though as @sipa says, as this affects consensus it will have to be thoroughly scrutinized).

I think we want unit tests for CScriptNum, to ensure their compatibility with CBigNum.

Shouldn't be too hard I think; construct some random and non-random numbers (0, max, min, ...), do some operations on combinations of them, and compare the result with doing the same operation on CBigNum (and serialize/deserialize to vectors).

@sipa Can't believe I didn't think of that, that's very obviously the correct way forward with this.

Great idea, will do.

I threw in a few quick tests as @sipa suggested over the weekend, and there are some significant problems. I'll push up a fixed tomorrow.

Updated, and pretty much rewritten. Lots of tests added, it now conforms to the previous usage of CBigNum as much as possible. See the note in 8ca9e9b about the usage differences.

Code review ACK.

I also tested to make sure the unit tests can fail (ran tests against a script.h with intentionally introduced bugs).

@gavinandresen thanks for the review. Your description above finally helped me put a finger on the overflow subtleties that had been bothering me, so I made a few more changes.
The nMaxNumValue/nMinNumValue were not enough to handle all overflow scenarios, so I split them into OperandValue/TotalValue. Also, the current (possibly overflown) value was not tested on subsequent math operations, so I fixed that and added the tests in script_invalid to check for them.

A quick sanity review of those changes would definitely be appreciated.

Mmm, there are still several details that aren't quite right here. Several tests need to be added for hitting the corner cases. Will keep at it.

Ok, I really think that's everything now, sorry for all the wavering. Thanks to @gmaxwell for gently answering some dumb questions after the tunnel-vision set in.

@gavinandresen I left some uglies in rather than force-pushing. No history before your comment has been rewritten.

Testnet reindexed from scratch to height=208945 after the last set of changes, without issue.

@maaku I have no idea where your comment went.. Github seems to have swallowed it somehow.

In src/script.h:
What about zero-padded bignums? These can be more than 4 bytes in length but still pass CastToBigNum()

We no longer have a CBigNum cast, so there's no way to get a BigNum into a script directly.
But more importantly, see the previous behavior: https://github.com/bitcoin/bitcoin/pull/3965/files#diff-dedcc88d0e66b86a19981e7c175658c2L36

As I see it, CScriptNum does the same thing as before. Am I missing something?

Yeah, right after making that comment I figured I should double-check,
and sure enough it matches the previous behavior. So I deleted the
comment, but I guess you got the notification email. Sorry to waste your
time with it.

On 04/04/2014 03:20 PM, Cory Fields wrote:

@maaku https://github.com/maaku I have no idea where your comment
went.. Github seems to have swallowed it somehow.

|In src/script.h:
What about zero-padded bignums? These can be more than 4 bytes in length but still pass CastToBigNum()
|

We no longer have a CBigNum cast, so there's no way to get a BigNum into
a script directly.
But more importantly, see the previous behavior:
https://github.com/bitcoin/bitcoin/pull/3965/files#diff-dedcc88d0e66b86a19981e7c175658c2L36

As I see it, CScriptNum does the same thing as before. Am I missing
something?

—
Reply to this email directly or view it on GitHub
#3965 (comment).

No worries, thanks for the review. Please point out anything you're unsure of, it's worth the few min it takes me to double-check. :)

ACK.

During the review the only part that had me worried was the setvch() and serialize() implementations, since that's a lot of new consensus-critical code. It looked correct but rather than trust my judgement I performed an exhaustive test of all possible (non-overflow) values. It only took 661m 35.921s to run:

BOOST_AUTO_TEST_CASE(scriptnum_i64_2)
{
    for (int64_t i  = CScriptNum::nMinOperandValue;
                 i <= CScriptNum::nMaxOperandValue; ++i)
    {
        CheckCreateVch(i);
        CheckCreateInt(i);
    }
}

BOOST_AUTO_TEST_CASE(scriptnum_vch)
{
    for (int a = 0; a <= 255; ++a)
    for (int b = 0; b <= 255; ++b)
    for (int c = 0; c <= 255; ++c)
    for (int d = 0; d <= 255; ++d)
    {
        std::vector<unsigned char> vch;
        vch.push_back((unsigned char)a);
        vch.push_back((unsigned char)b);
        vch.push_back((unsigned char)c);
        vch.push_back((unsigned char)d);
        BOOST_CHECK(CBigNum(vch).getint() == CScriptNum(vch).getint());
    }
}

Passed with flying colors. Overflow values were not tested as that would have extended the run time into weeks, the overflow-related parts of the code are uncomplicated, and there is adequate coverage of those edge cases in the tests already.

This eliminates a huge dependency in the script code. Great work Cory.

ACK (my comments about the inclusive/exclusive ranges being unclear in the comments, aside).

I added 80 more script tests for areas of number handling that I thought were under-tested. All passed, I'll pullreq after this is merged so I don't conflict with it. Maaku's tests were great though I had some concern that they didn't test the overflows, so I added a test for the byte-pattern a,x,x,x,b where a={1..255}, b={0..255}, x={0,255} and confirmed that it threw in all the same cases.

One point where I would like a second opinion is that the change changes from throwing runtime_error to throwing the derived scriptnum_error. I don't see any place where this would make a difference. However, most of our confidence in this code comes from unit tests which wouldn't see long-range effects and if the exception change had an effect it would be long range. AFAICT pulltester doesn't test blocks which get rejected due to arithmetic overflows. This should be fixed: perhaps by creating one block for each of our invalid script testcases, and one block with all the valid ones— maybe imported from the JSON. We do sync testnet which has the bulk of the unit tests in it, but perhaps we shouldn't release this until there is some full system test (e.g. blocks over p2p) which checks the invalid cases.

@gmaxwell Thanks for the thorough review. New test-cases are most welcome. If you'd like, I'd be more than happy to split this PR into two so that (your) test-cases can go in first, then the scriptnum changes. That way it's clear that the same cases passed before and after. Reconciling some conflicts is hardly a concern compared to the possibility of introducing a consensus change.

As for the derived throw, I grepped around a bit at the time and found that it could've only been caught by a (...), but it's very possible that I overlooked something. I considered throwing the old type for the sake of compatibility, but I couldn't find any actual usage to speak of.

The code and the tests look very good.

I have one suggested simplification. In the old code, the only place where bounds-checking was done (afaict) was in CastToBigNum, so when converting a byte vector to a number. I don't think there is any need for going beyond that in CScriptNum (where this logic moved to its constructor).

This means the operators themselves don't need bounds checking, and for example operator+= could just be:
inline CScriptNum& operator+=(const CScriptNum& rhs) { m_value += rhs.m_value; }

Hmm, I see the reasoning for wanting to be defensive about unexpectedly large values, as - even though conversion to CScriptNum is protected - you don't want overflows inside the int64_t type.

Such cases would not be script evaluation errors, though, just implementation errors. An assert should suffice, I think?

@sipa: I've now written 4 responses to this and deleted them each in favor of doing more research... ultimately, I agree with you.

As-is, the only thing these operators protect from is something like:

CScript() << CScriptNum(nMaxOperandValue)+1;

Which is incorrect 'protection', because that should be a valid operation.

Does anyone object to this change?

Anyone disagree with removing those bounds checks?

I agree with removing them. The additional boundary testing was what concerned me enough to go write a bunch of additional script tests.

Crazy idea: If we are potentially going to soft-fork script-upgrade in the near future, it might be worth considering just making the soft-fork remove any opcodes that have weird/complicated implementations if they're not in use...

Cleaned up the operators as suggested by @sipa and @gmaxwell . Fixed the tests enough to build, but they need to be cleaned up to remove the old assumptions.

If you guys are reasonably happy with the way it looks, I'll cleanup and squash it down for further review (it's gotten pretty messy with all the fixups).

ACK.

I made a few nits inline, but looks good.

Can you adapt the coding style, though?

Squashed down with the following changes:

• rebased to master.
• replaced busted overflow check with a good one (learned lots in the process).
• added overflow check for operator-(int64_min)
• cleaned up tests to match final constraints.
• Matched coding style (I hope).

@gmaxwell It would be much appreciated if you could run your additional script tests against the latest changes.

Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/b1fdd5475d9040445d7655730f262f214ea87c5f for binaries and test log.
This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/
Contact BlueMatt on freenode if something looks broken.

It indeed passes my additional tests. I've also started a full testnet resync and I'll give it another visual code review tomorrow.

ACK.