Unify claimtrie tests, add some additional root hash checks #181
2 changed files with 598 additions and 59 deletions
|
@ -1,39 +1,116 @@
|
|||
Developer Notes
|
||||
===============
|
||||
|
||||
<!-- markdown-toc start -->
|
||||
**Table of Contents**
|
||||
|
||||
- [Developer Notes](#developer-notes)
|
||||
- [Coding Style](#coding-style)
|
||||
- [Doxygen comments](#doxygen-comments)
|
||||
- [Development tips and tricks](#development-tips-and-tricks)
|
||||
- [Compiling for debugging](#compiling-for-debugging)
|
||||
- [Compiling for gprof profiling](#compiling-for-gprof-profiling)
|
||||
- [debug.log](#debuglog)
|
||||
- [Testnet and Regtest modes](#testnet-and-regtest-modes)
|
||||
- [DEBUG_LOCKORDER](#debug_lockorder)
|
||||
- [Valgrind suppressions file](#valgrind-suppressions-file)
|
||||
- [Compiling for test coverage](#compiling-for-test-coverage)
|
||||
- [Locking/mutex usage notes](#lockingmutex-usage-notes)
|
||||
- [Threads](#threads)
|
||||
- [Ignoring IDE/editor files](#ignoring-ideeditor-files)
|
||||
- [Development guidelines](#development-guidelines)
|
||||
- [General Bitcoin Core](#general-bitcoin-core)
|
||||
- [Wallet](#wallet)
|
||||
- [General C++](#general-c)
|
||||
- [C++ data structures](#c-data-structures)
|
||||
- [Strings and formatting](#strings-and-formatting)
|
||||
- [Variable names](#variable-names)
|
||||
- [Threads and synchronization](#threads-and-synchronization)
|
||||
- [Source code organization](#source-code-organization)
|
||||
- [GUI](#gui)
|
||||
- [Subtrees](#subtrees)
|
||||
- [Git and GitHub tips](#git-and-github-tips)
|
||||
- [Scripted diffs](#scripted-diffs)
|
||||
- [RPC interface guidelines](#rpc-interface-guidelines)
|
||||
|
||||
<!-- markdown-toc end -->
|
||||
|
||||
Coding Style
|
||||
---------------
|
||||
|
||||
Various coding styles have been used during the history of the codebase,
|
||||
and the result is not very consistent. However, we're now trying to converge to
|
||||
a single style, so please use it in new code. Old code will be converted
|
||||
gradually.
|
||||
- Basic rules specified in src/.clang-format. Use a recent clang-format-3.5 to format automatically.
|
||||
- Braces on new lines for namespaces, classes, functions, methods.
|
||||
a single style, which is specified below. When writing patches, favor the new
|
||||
style over attempting to mimic the surrounding style, except for move-only
|
||||
commits.
|
||||
|
||||
Do not submit patches solely to modify the style of existing code.
|
||||
|
||||
- **Indentation and whitespace rules** as specified in
|
||||
[src/.clang-format](/src/.clang-format). You can use the provided
|
||||
[clang-format-diff script](/contrib/devtools/README.md#clang-format-diffpy)
|
||||
tool to clean up patches automatically before submission.
|
||||
- Braces on new lines for classes, functions, methods.
|
||||
- Braces on the same line for everything else.
|
||||
- 4 space indentation (no tabs) for every block except namespaces.
|
||||
- No indentation for public/protected/private or for namespaces.
|
||||
- No indentation for `public`/`protected`/`private` or for `namespace`.
|
||||
- No extra spaces inside parenthesis; don't do ( this )
|
||||
- No space after function names; one space after if, for and while.
|
||||
- No space after function names; one space after `if`, `for` and `while`.
|
||||
- If an `if` only has a single-statement `then`-clause, it can appear
|
||||
on the same line as the `if`, without braces. In every other case,
|
||||
braces are required, and the `then` and `else` clauses must appear
|
||||
correctly indented on a new line.
|
||||
|
||||
- **Symbol naming conventions**. These are preferred in new code, but are not
|
||||
required when doing so would need changes to significant pieces of existing
|
||||
code.
|
||||
- Variable and namespace names are all lowercase, and may use `_` to
|
||||
separate words (snake_case).
|
||||
- Class member variables have a `m_` prefix.
|
||||
- Global variables have a `g_` prefix.
|
||||
- Constant names are all uppercase, and use `_` to separate words.
|
||||
- Class names, function names and method names are UpperCamelCase
|
||||
(PascalCase). Do not prefix class names with `C`.
|
||||
- Test suite naming convention: The Boost test suite in file
|
||||
`src/test/foo_tests.cpp` should be named `foo_tests`. Test suite names
|
||||
must be unique.
|
||||
|
||||
- **Miscellaneous**
|
||||
- `++i` is preferred over `i++`.
|
||||
- `nullptr` is preferred over `NULL` or `(void*)0`.
|
||||
- `static_assert` is preferred over `assert` where possible. Generally; compile-time checking is preferred over run-time checking.
|
||||
- `enum class` is preferred over `enum` where possible. Scoped enumerations avoid two potential pitfalls/problems with traditional C++ enumerations: implicit conversions to int, and name clashes due to enumerators being exported to the surrounding scope.
|
||||
|
||||
Block style example:
|
||||
```c++
|
||||
namespace foo
|
||||
{
|
||||
int g_count = 0;
|
||||
|
||||
namespace foo {
|
||||
class Class
|
||||
{
|
||||
bool Function(char* psz, int n)
|
||||
std::string m_name;
|
||||
|
||||
public:
|
||||
bool Function(const std::string& s, int n)
|
||||
{
|
||||
// Comment summarising what this section of code does
|
||||
for (int i = 0; i < n; i++) {
|
||||
for (int i = 0; i < n; ++i) {
|
||||
int total_sum = 0;
|
||||
// When something fails, return early
|
||||
if (!Something())
|
||||
return false;
|
||||
if (!Something()) return false;
|
||||
...
|
||||
if (SomethingElse(i)) {
|
||||
total_sum += ComputeSomething(g_count);
|
||||
} else {
|
||||
DoSomething(m_name, total_sum);
|
||||
}
|
||||
}
|
||||
|
||||
// Success return is usually at the end
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
} // namespace foo
|
||||
```
|
||||
|
||||
Doxygen comments
|
||||
|
@ -95,57 +172,146 @@ Not OK (used plenty in the current source, but not picked up):
|
|||
A full list of comment syntaxes picked up by doxygen can be found at http://www.stack.nl/~dimitri/doxygen/manual/docblocks.html,
|
||||
but if possible use one of the above styles.
|
||||
|
||||
Documentation can be generated with `make docs` and cleaned up with `make clean-docs`.
|
||||
|
||||
Development tips and tricks
|
||||
---------------------------
|
||||
|
||||
**compiling for debugging**
|
||||
### Compiling for debugging
|
||||
|
||||
Run configure with the --enable-debug option, then make. Or run configure with
|
||||
CXXFLAGS="-g -ggdb -O0" or whatever debug flags you need.
|
||||
Run configure with `--enable-debug` to add additional compiler flags that
|
||||
produce better debugging builds.
|
||||
|
||||
**debug.log**
|
||||
### Compiling for gprof profiling
|
||||
|
||||
Run configure with the `--enable-gprof` option, then make.
|
||||
|
||||
### debug.log
|
||||
|
||||
If the code is behaving strangely, take a look in the debug.log file in the data directory;
|
||||
error and debugging messages are written there.
|
||||
|
||||
The -debug=... command-line option controls debugging; running with just -debug or -debug=1 will turn
|
||||
The `-debug=...` command-line option controls debugging; running with just `-debug` or `-debug=1` will turn
|
||||
on all categories (and give you a very large debug.log file).
|
||||
|
||||
The Qt code routes qDebug() output to debug.log under category "qt": run with -debug=qt
|
||||
The Qt code routes `qDebug()` output to debug.log under category "qt": run with `-debug=qt`
|
||||
to see it.
|
||||
|
||||
**testnet and regtest modes**
|
||||
### Testnet and Regtest modes
|
||||
|
||||
Run with the -testnet option to run with "play bitcoins" on the test network, if you
|
||||
Run with the `-testnet` option to run with "play bitcoins" on the test network, if you
|
||||
are testing multi-machine code that needs to operate across the internet.
|
||||
|
||||
If you are testing something that can run on one machine, run with the -regtest option.
|
||||
In regression test mode, blocks can be created on-demand; see qa/rpc-tests/ for tests
|
||||
that run in -regtest mode.
|
||||
If you are testing something that can run on one machine, run with the `-regtest` option.
|
||||
In regression test mode, blocks can be created on-demand; see [test/functional/](/test/functional) for tests
|
||||
that run in `-regtest` mode.
|
||||
|
||||
**DEBUG_LOCKORDER**
|
||||
### DEBUG_LOCKORDER
|
||||
|
||||
Bitcoin Core is a multithreaded application, and deadlocks or other multithreading bugs
|
||||
can be very difficult to track down. Compiling with -DDEBUG_LOCKORDER (configure
|
||||
CXXFLAGS="-DDEBUG_LOCKORDER -g") inserts run-time checks to keep track of which locks
|
||||
are held, and adds warnings to the debug.log file if inconsistencies are detected.
|
||||
Bitcoin Core is a multi-threaded application, and deadlocks or other
|
||||
multi-threading bugs can be very difficult to track down. The `--enable-debug`
|
||||
configure option adds `-DDEBUG_LOCKORDER` to the compiler flags. This inserts
|
||||
run-time checks to keep track of which locks are held, and adds warnings to the
|
||||
debug.log file if inconsistencies are detected.
|
||||
|
||||
### Valgrind suppressions file
|
||||
|
||||
Valgrind is a programming tool for memory debugging, memory leak detection, and
|
||||
profiling. The repo contains a Valgrind suppressions file
|
||||
([`valgrind.supp`](https://github.com/bitcoin/bitcoin/blob/master/contrib/valgrind.supp))
|
||||
which includes known Valgrind warnings in our dependencies that cannot be fixed
|
||||
in-tree. Example use:
|
||||
|
||||
```shell
|
||||
$ valgrind --suppressions=contrib/valgrind.supp src/test/test_bitcoin
|
||||
$ valgrind --suppressions=contrib/valgrind.supp --leak-check=full \
|
||||
--show-leak-kinds=all src/test/test_bitcoin --log_level=test_suite
|
||||
$ valgrind -v --leak-check=full src/bitcoind -printtoconsole
|
||||
```
|
||||
|
||||
### Compiling for test coverage
|
||||
|
||||
LCOV can be used to generate a test coverage report based upon `make check`
|
||||
execution. LCOV must be installed on your system (e.g. the `lcov` package
|
||||
on Debian/Ubuntu).
|
||||
|
||||
To enable LCOV report generation during test runs:
|
||||
|
||||
```shell
|
||||
./configure --enable-lcov
|
||||
make
|
||||
make cov
|
||||
|
||||
# A coverage report will now be accessible at `./test_bitcoin.coverage/index.html`.
|
||||
```
|
||||
|
||||
**Sanitizers**
|
||||
|
||||
Bitcoin can be compiled with various "sanitizers" enabled, which add
|
||||
instrumentation for issues regarding things like memory safety, thread race
|
||||
conditions, or undefined behavior. This is controlled with the
|
||||
`--with-sanitizers` configure flag, which should be a comma separated list of
|
||||
sanitizers to enable. The sanitizer list should correspond to supported
|
||||
`-fsanitize=` options in your compiler. These sanitizers have runtime overhead,
|
||||
so they are most useful when testing changes or producing debugging builds.
|
||||
|
||||
Some examples:
|
||||
|
||||
```bash
|
||||
# Enable both the address sanitizer and the undefined behavior sanitizer
|
||||
./configure --with-sanitizers=address,undefined
|
||||
|
||||
# Enable the thread sanitizer
|
||||
./configure --with-sanitizers=thread
|
||||
```
|
||||
|
||||
If you are compiling with GCC you will typically need to install corresponding
|
||||
"san" libraries to actually compile with these flags, e.g. libasan for the
|
||||
address sanitizer, libtsan for the thread sanitizer, and libubsan for the
|
||||
undefined sanitizer. If you are missing required libraries, the configure script
|
||||
will fail with a linker error when testing the sanitizer flags.
|
||||
|
||||
The test suite should pass cleanly with the `thread` and `undefined` sanitizers,
|
||||
but there are a number of known problems when using the `address` sanitizer. The
|
||||
address sanitizer is known to fail in
|
||||
[sha256_sse4::Transform](/src/crypto/sha256_sse4.cpp) which makes it unusable
|
||||
unless you also use `--disable-asm` when running configure. We would like to fix
|
||||
sanitizer issues, so please send pull requests if you can fix any errors found
|
||||
by the address sanitizer (or any other sanitizer).
|
||||
|
||||
Not all sanitizer options can be enabled at the same time, e.g. trying to build
|
||||
with `--with-sanitizers=address,thread` will fail in the configure script as
|
||||
these sanitizers are mutually incompatible. Refer to your compiler manual to
|
||||
learn more about these options and which sanitizers are supported by your
|
||||
compiler.
|
||||
|
||||
Additional resources:
|
||||
|
||||
* [AddressSanitizer](https://clang.llvm.org/docs/AddressSanitizer.html)
|
||||
* [LeakSanitizer](https://clang.llvm.org/docs/LeakSanitizer.html)
|
||||
* [MemorySanitizer](https://clang.llvm.org/docs/MemorySanitizer.html)
|
||||
* [ThreadSanitizer](https://clang.llvm.org/docs/ThreadSanitizer.html)
|
||||
* [UndefinedBehaviorSanitizer](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html)
|
||||
* [GCC Instrumentation Options](https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html)
|
||||
* [Google Sanitizers Wiki](https://github.com/google/sanitizers/wiki)
|
||||
* [Issue #12691: Enable -fsanitize flags in Travis](https://github.com/bitcoin/bitcoin/issues/12691)
|
||||
|
||||
Locking/mutex usage notes
|
||||
-------------------------
|
||||
|
||||
The code is multi-threaded, and uses mutexes and the
|
||||
LOCK/TRY_LOCK macros to protect data structures.
|
||||
`LOCK` and `TRY_LOCK` macros to protect data structures.
|
||||
|
||||
Deadlocks due to inconsistent lock ordering (thread 1 locks cs_main
|
||||
and then cs_wallet, while thread 2 locks them in the opposite order:
|
||||
result, deadlock as each waits for the other to release its lock) are
|
||||
a problem. Compile with -DDEBUG_LOCKORDER to get lock order
|
||||
inconsistencies reported in the debug.log file.
|
||||
Deadlocks due to inconsistent lock ordering (thread 1 locks `cs_main` and then
|
||||
`cs_wallet`, while thread 2 locks them in the opposite order: result, deadlock
|
||||
as each waits for the other to release its lock) are a problem. Compile with
|
||||
`-DDEBUG_LOCKORDER` (or use `--enable-debug`) to get lock order inconsistencies
|
||||
reported in the debug.log file.
|
||||
|
||||
Re-architecting the core code so there are better-defined interfaces
|
||||
between the various components is a goal, with any necessary locking
|
||||
done by the components (e.g. see the self-contained CKeyStore class
|
||||
and its cs_KeyStore lock for example).
|
||||
done by the components (e.g. see the self-contained `CBasicKeyStore` class
|
||||
and its `cs_KeyStore` lock for example).
|
||||
|
||||
Threads
|
||||
-------
|
||||
|
@ -170,12 +336,8 @@ Threads
|
|||
|
||||
- DumpAddresses : Dumps IP addresses of nodes to peers.dat.
|
||||
|
||||
- ThreadFlushWalletDB : Close the wallet.dat file if it hasn't been used in 500ms.
|
||||
|
||||
- ThreadRPCServer : Remote procedure call handler, listens on port 8332 for connections and services them.
|
||||
|
||||
- BitcoinMiner : Generates bitcoins (if wallet is enabled).
|
||||
|
||||
- Shutdown : Does an orderly shutdown of everything.
|
||||
|
||||
Ignoring IDE/editor files
|
||||
|
@ -240,7 +402,7 @@ Wallet
|
|||
|
||||
- *Rationale*: In RPC code that conditionally uses the wallet (such as
|
||||
`validateaddress`) it is easy to forget that global pointer `pwalletMain`
|
||||
can be NULL. See `qa/rpc-tests/disablewallet.py` for functional tests
|
||||
can be nullptr. See `test/functional/disablewallet.py` for functional tests
|
||||
exercising the API with `-disablewallet`
|
||||
|
||||
- Include `db_cxx.h` (BerkeleyDB header) only when `ENABLE_WALLET` is set
|
||||
|
@ -252,7 +414,7 @@ General C++
|
|||
|
||||
- Assertions should not have side-effects
|
||||
|
||||
- *Rationale*: Even though the source code is set to to refuse to compile
|
||||
- *Rationale*: Even though the source code is set to refuse to compile
|
||||
with assertions disabled, having side-effects in assertions is unexpected and
|
||||
makes the code harder to understand
|
||||
|
||||
|
@ -263,7 +425,7 @@ General C++
|
|||
the `.h` to the `.cpp` should not result in build errors
|
||||
|
||||
- Use the RAII (Resource Acquisition Is Initialization) paradigm where possible. For example by using
|
||||
`scoped_pointer` for allocations in a function.
|
||||
`unique_ptr` for allocations in a function.
|
||||
|
||||
- *Rationale*: This avoids memory and resource leaks, and ensures exception safety
|
||||
|
||||
|
@ -282,19 +444,33 @@ C++ data structures
|
|||
- *Rationale*: Behavior is undefined. In C++ parlor this means "may reformat
|
||||
the universe", in practice this has resulted in at least one hard-to-debug crash bug
|
||||
|
||||
- Watch out for vector out-of-bounds exceptions. `&vch[0]` is illegal for an
|
||||
empty vector, `&vch[vch.size()]` is always illegal. Use `begin_ptr(vch)` and
|
||||
`end_ptr(vch)` to get the begin and end pointer instead (defined in
|
||||
`serialize.h`)
|
||||
- Watch out for out-of-bounds vector access. `&vch[vch.size()]` is illegal,
|
||||
including `&vch[0]` for an empty vector. Use `vch.data()` and `vch.data() +
|
||||
vch.size()` instead.
|
||||
|
||||
- Vector bounds checking is only enabled in debug mode. Do not rely on it
|
||||
|
||||
- Make sure that constructors initialize all fields. If this is skipped for a
|
||||
good reason (i.e., optimization on the critical path), add an explicit
|
||||
comment about this
|
||||
- Initialize all non-static class members where they are defined.
|
||||
If this is skipped for a good reason (i.e., optimization on the critical
|
||||
path), add an explicit comment about this
|
||||
|
||||
- *Rationale*: Ensure determinism by avoiding accidental use of uninitialized
|
||||
values. Also, static analyzers balk about this.
|
||||
Initializing the members in the declaration makes it easy to
|
||||
spot uninitialized ones.
|
||||
|
||||
```cpp
|
||||
class A
|
||||
{
|
||||
uint32_t m_count{0};
|
||||
}
|
||||
```
|
||||
|
||||
- By default, declare single-argument constructors `explicit`.
|
||||
|
||||
- *Rationale*: This is a precaution to avoid unintended conversions that might
|
||||
arise when single-argument constructors are used as implicit conversion
|
||||
functions.
|
||||
|
||||
- Use explicitly signed or unsigned `char`s, or even better `uint8_t` and
|
||||
`int8_t`. Do not use bare `char` unless it is to pass to a third-party API.
|
||||
|
@ -321,14 +497,67 @@ Strings and formatting
|
|||
buffer overflows and surprises with `\0` characters. Also some C string manipulations
|
||||
tend to act differently depending on platform, or even the user locale
|
||||
|
||||
- Use `ParseInt32`, `ParseInt64`, `ParseDouble` from `utilstrencodings.h` for number parsing
|
||||
- Use `ParseInt32`, `ParseInt64`, `ParseUInt32`, `ParseUInt64`, `ParseDouble` from `utilstrencodings.h` for number parsing
|
||||
|
||||
- *Rationale*: These functions do overflow checking, and avoid pesky locale issues
|
||||
- *Rationale*: These functions do overflow checking, and avoid pesky locale issues.
|
||||
|
||||
- Avoid using locale dependent functions if possible. You can use the provided
|
||||
[`lint-locale-dependence.sh`](/contrib/devtools/lint-locale-dependence.sh)
|
||||
to check for accidental use of locale dependent functions.
|
||||
|
||||
- *Rationale*: Unnecessary locale dependence can cause bugs that are very tricky to isolate and fix.
|
||||
|
||||
- These functions are known to be locale dependent:
|
||||
`alphasort`, `asctime`, `asprintf`, `atof`, `atoi`, `atol`, `atoll`, `atoq`,
|
||||
`btowc`, `ctime`, `dprintf`, `fgetwc`, `fgetws`, `fprintf`, `fputwc`,
|
||||
`fputws`, `fscanf`, `fwprintf`, `getdate`, `getwc`, `getwchar`, `isalnum`,
|
||||
`isalpha`, `isblank`, `iscntrl`, `isdigit`, `isgraph`, `islower`, `isprint`,
|
||||
`ispunct`, `isspace`, `isupper`, `iswalnum`, `iswalpha`, `iswblank`,
|
||||
`iswcntrl`, `iswctype`, `iswdigit`, `iswgraph`, `iswlower`, `iswprint`,
|
||||
`iswpunct`, `iswspace`, `iswupper`, `iswxdigit`, `isxdigit`, `mblen`,
|
||||
`mbrlen`, `mbrtowc`, `mbsinit`, `mbsnrtowcs`, `mbsrtowcs`, `mbstowcs`,
|
||||
`mbtowc`, `mktime`, `putwc`, `putwchar`, `scanf`, `snprintf`, `sprintf`,
|
||||
`sscanf`, `stoi`, `stol`, `stoll`, `strcasecmp`, `strcasestr`, `strcoll`,
|
||||
`strfmon`, `strftime`, `strncasecmp`, `strptime`, `strtod`, `strtof`,
|
||||
`strtoimax`, `strtol`, `strtold`, `strtoll`, `strtoq`, `strtoul`,
|
||||
`strtoull`, `strtoumax`, `strtouq`, `strxfrm`, `swprintf`, `tolower`,
|
||||
`toupper`, `towctrans`, `towlower`, `towupper`, `ungetwc`, `vasprintf`,
|
||||
`vdprintf`, `versionsort`, `vfprintf`, `vfscanf`, `vfwprintf`, `vprintf`,
|
||||
`vscanf`, `vsnprintf`, `vsprintf`, `vsscanf`, `vswprintf`, `vwprintf`,
|
||||
`wcrtomb`, `wcscasecmp`, `wcscoll`, `wcsftime`, `wcsncasecmp`, `wcsnrtombs`,
|
||||
`wcsrtombs`, `wcstod`, `wcstof`, `wcstoimax`, `wcstol`, `wcstold`,
|
||||
`wcstoll`, `wcstombs`, `wcstoul`, `wcstoull`, `wcstoumax`, `wcswidth`,
|
||||
`wcsxfrm`, `wctob`, `wctomb`, `wctrans`, `wctype`, `wcwidth`, `wprintf`
|
||||
|
||||
- For `strprintf`, `LogPrint`, `LogPrintf` formatting characters don't need size specifiers
|
||||
|
||||
- *Rationale*: Bitcoin Core uses tinyformat, which is type safe. Leave them out to avoid confusion
|
||||
|
||||
Variable names
|
||||
--------------
|
||||
|
||||
Although the shadowing warning (`-Wshadow`) is not enabled by default (it prevents issues rising
|
||||
from using a different variable with the same name),
|
||||
please name variables so that their names do not shadow variables defined in the source code.
|
||||
|
||||
E.g. in member initializers, prepend `_` to the argument name shadowing the
|
||||
member name:
|
||||
|
||||
```c++
|
||||
class AddressBookPage
|
||||
{
|
||||
Mode m_mode;
|
||||
}
|
||||
|
||||
AddressBookPage::AddressBookPage(Mode _mode) :
|
||||
m_mode(_mode)
|
||||
...
|
||||
```
|
||||
|
||||
When using nested cycles, do not name the inner cycle variable the same as in
|
||||
upper cycle etc.
|
||||
|
||||
|
||||
Threads and synchronization
|
||||
----------------------------
|
||||
|
||||
|
@ -366,11 +595,57 @@ Source code organization
|
|||
|
||||
- *Rationale*: Shorter and simpler header files are easier to read, and reduce compile time
|
||||
|
||||
- Use only the lowercase alphanumerics (`a-z0-9`), underscore (`_`) and hyphen (`-`) in source code filenames.
|
||||
|
||||
- *Rationale*: `grep`:ing and auto-completing filenames is easier when using a consistent
|
||||
naming pattern. Potential problems when building on case-insensitive filesystems are
|
||||
avoided when using only lowercase characters in source code filenames.
|
||||
|
||||
- Every `.cpp` and `.h` file should `#include` every header file it directly uses classes, functions or other
|
||||
definitions from, even if those headers are already included indirectly through other headers.
|
||||
|
||||
- *Rationale*: Excluding headers because they are already indirectly included results in compilation
|
||||
failures when those indirect dependencies change. Furthermore, it obscures what the real code
|
||||
dependencies are.
|
||||
|
||||
- Don't import anything into the global namespace (`using namespace ...`). Use
|
||||
fully specified types such as `std::string`.
|
||||
|
||||
- *Rationale*: Avoids symbol conflicts
|
||||
|
||||
- Terminate namespaces with a comment (`// namespace mynamespace`). The comment
|
||||
should be placed on the same line as the brace closing the namespace, e.g.
|
||||
|
||||
```c++
|
||||
namespace mynamespace {
|
||||
...
|
||||
} // namespace mynamespace
|
||||
|
||||
namespace {
|
||||
...
|
||||
} // namespace
|
||||
```
|
||||
|
||||
- *Rationale*: Avoids confusion about the namespace context
|
||||
|
||||
- Use `#include <primitives/transaction.h>` bracket syntax instead of
|
||||
`#include "primitives/transactions.h"` quote syntax.
|
||||
|
||||
- *Rationale*: Bracket syntax is less ambiguous because the preprocessor
|
||||
searches a fixed list of include directories without taking location of the
|
||||
source file into account. This allows quoted includes to stand out more when
|
||||
the location of the source file actually is relevant.
|
||||
|
||||
- Use include guards to avoid the problem of double inclusion. The header file
|
||||
`foo/bar.h` should use the include guard identifier `BITCOIN_FOO_BAR_H`, e.g.
|
||||
|
||||
```c++
|
||||
#ifndef BITCOIN_FOO_BAR_H
|
||||
#define BITCOIN_FOO_BAR_H
|
||||
...
|
||||
#endif // BITCOIN_FOO_BAR_H
|
||||
```
|
||||
|
||||
GUI
|
||||
-----
|
||||
|
||||
|
@ -379,3 +654,265 @@ GUI
|
|||
- *Rationale*: Model classes pass through events and data from the core, they
|
||||
should not interact with the user. That's where View classes come in. The converse also
|
||||
holds: try to not directly access core data structures from Views.
|
||||
|
||||
- Avoid adding slow or blocking code in the GUI thread. In particular do not
|
||||
add new `interfaces::Node` and `interfaces::Wallet` method calls, even if they
|
||||
may be fast now, in case they are changed to lock or communicate across
|
||||
processes in the future.
|
||||
|
||||
Prefer to offload work from the GUI thread to worker threads (see
|
||||
`RPCExecutor` in console code as an example) or take other steps (see
|
||||
https://doc.qt.io/archives/qq/qq27-responsive-guis.html) to keep the GUI
|
||||
responsive.
|
||||
|
||||
- *Rationale*: Blocking the GUI thread can increase latency, and lead to
|
||||
hangs and deadlocks.
|
||||
|
||||
Subtrees
|
||||
----------
|
||||
|
||||
Several parts of the repository are subtrees of software maintained elsewhere.
|
||||
|
||||
Some of these are maintained by active developers of Bitcoin Core, in which case changes should probably go
|
||||
directly upstream without being PRed directly against the project. They will be merged back in the next
|
||||
subtree merge.
|
||||
|
||||
Others are external projects without a tight relationship with our project. Changes to these should also
|
||||
be sent upstream but bugfixes may also be prudent to PR against Bitcoin Core so that they can be integrated
|
||||
quickly. Cosmetic changes should be purely taken upstream.
|
||||
|
||||
There is a tool in `test/lint/git-subtree-check.sh` to check a subtree directory for consistency with
|
||||
its upstream repository.
|
||||
|
||||
Current subtrees include:
|
||||
|
||||
- src/leveldb
|
||||
- Upstream at https://github.com/google/leveldb ; Maintained by Google, but
|
||||
open important PRs to Core to avoid delay.
|
||||
- **Note**: Follow the instructions in [Upgrading LevelDB](#upgrading-leveldb) when
|
||||
merging upstream changes to the leveldb subtree.
|
||||
|
||||
- src/libsecp256k1
|
||||
- Upstream at https://github.com/bitcoin-core/secp256k1/ ; actively maintaned by Core contributors.
|
||||
|
||||
- src/crypto/ctaes
|
||||
- Upstream at https://github.com/bitcoin-core/ctaes ; actively maintained by Core contributors.
|
||||
|
||||
- src/univalue
|
||||
- Upstream at https://github.com/jgarzik/univalue ; report important PRs to Core to avoid delay.
|
||||
|
||||
Upgrading LevelDB
|
||||
---------------------
|
||||
|
||||
Extra care must be taken when upgrading LevelDB. This section explains issues
|
||||
you must be aware of.
|
||||
|
||||
### File Descriptor Counts
|
||||
|
||||
In most configurations we use the default LevelDB value for `max_open_files`,
|
||||
which is 1000 at the time of this writing. If LevelDB actually uses this many
|
||||
file descriptors it will cause problems with Bitcoin's `select()` loop, because
|
||||
it may cause new sockets to be created where the fd value is >= 1024. For this
|
||||
reason, on 64-bit Unix systems we rely on an internal LevelDB optimization that
|
||||
uses `mmap()` + `close()` to open table files without actually retaining
|
||||
references to the table file descriptors. If you are upgrading LevelDB, you must
|
||||
sanity check the changes to make sure that this assumption remains valid.
|
||||
|
||||
In addition to reviewing the upstream changes in `env_posix.cc`, you can use `lsof` to
|
||||
check this. For example, on Linux this command will show open `.ldb` file counts:
|
||||
|
||||
```bash
|
||||
$ lsof -p $(pidof bitcoind) |\
|
||||
awk 'BEGIN { fd=0; mem=0; } /ldb$/ { if ($4 == "mem") mem++; else fd++ } END { printf "mem = %s, fd = %s\n", mem, fd}'
|
||||
mem = 119, fd = 0
|
||||
```
|
||||
|
||||
The `mem` value shows how many files are mmap'ed, and the `fd` value shows you
|
||||
many file descriptors these files are using. You should check that `fd` is a
|
||||
small number (usually 0 on 64-bit hosts).
|
||||
|
||||
See the notes in the `SetMaxOpenFiles()` function in `dbwrapper.cc` for more
|
||||
details.
|
||||
|
||||
### Consensus Compatibility
|
||||
|
||||
It is possible for LevelDB changes to inadvertently change consensus
|
||||
compatibility between nodes. This happened in Bitcoin 0.8 (when LevelDB was
|
||||
first introduced). When upgrading LevelDB you should review the upstream changes
|
||||
to check for issues affecting consensus compatibility.
|
||||
|
||||
For example, if LevelDB had a bug that accidentally prevented a key from being
|
||||
returned in an edge case, and that bug was fixed upstream, the bug "fix" would
|
||||
be an incompatible consensus change. In this situation the correct behavior
|
||||
would be to revert the upstream fix before applying the updates to Bitcoin's
|
||||
copy of LevelDB. In general you should be wary of any upstream changes affecting
|
||||
what data is returned from LevelDB queries.
|
||||
|
||||
Git and GitHub tips
|
||||
---------------------
|
||||
|
||||
- For resolving merge/rebase conflicts, it can be useful to enable diff3 style using
|
||||
`git config merge.conflictstyle diff3`. Instead of
|
||||
|
||||
<<<
|
||||
yours
|
||||
===
|
||||
theirs
|
||||
>>>
|
||||
|
||||
you will see
|
||||
|
||||
<<<
|
||||
yours
|
||||
|||
|
||||
original
|
||||
===
|
||||
theirs
|
||||
>>>
|
||||
|
||||
This may make it much clearer what caused the conflict. In this style, you can often just look
|
||||
at what changed between *original* and *theirs*, and mechanically apply that to *yours* (or the other way around).
|
||||
|
||||
- When reviewing patches which change indentation in C++ files, use `git diff -w` and `git show -w`. This makes
|
||||
the diff algorithm ignore whitespace changes. This feature is also available on github.com, by adding `?w=1`
|
||||
at the end of any URL which shows a diff.
|
||||
|
||||
- When reviewing patches that change symbol names in many places, use `git diff --word-diff`. This will instead
|
||||
of showing the patch as deleted/added *lines*, show deleted/added *words*.
|
||||
|
||||
- When reviewing patches that move code around, try using
|
||||
`git diff --patience commit~:old/file.cpp commit:new/file/name.cpp`, and ignoring everything except the
|
||||
moved body of code which should show up as neither `+` or `-` lines. In case it was not a pure move, this may
|
||||
even work when combined with the `-w` or `--word-diff` options described above.
|
||||
|
||||
- When looking at other's pull requests, it may make sense to add the following section to your `.git/config`
|
||||
file:
|
||||
|
||||
[remote "upstream-pull"]
|
||||
fetch = +refs/pull/*:refs/remotes/upstream-pull/*
|
||||
url = git@github.com:bitcoin/bitcoin.git
|
||||
|
||||
This will add an `upstream-pull` remote to your git repository, which can be fetched using `git fetch --all`
|
||||
or `git fetch upstream-pull`. Afterwards, you can use `upstream-pull/NUMBER/head` in arguments to `git show`,
|
||||
`git checkout` and anywhere a commit id would be acceptable to see the changes from pull request NUMBER.
|
||||
|
||||
Scripted diffs
|
||||
--------------
|
||||
|
||||
For reformatting and refactoring commits where the changes can be easily automated using a bash script, we use
|
||||
scripted-diff commits. The bash script is included in the commit message and our Travis CI job checks that
|
||||
the result of the script is identical to the commit. This aids reviewers since they can verify that the script
|
||||
does exactly what it's supposed to do. It is also helpful for rebasing (since the same script can just be re-run
|
||||
on the new master commit).
|
||||
|
||||
To create a scripted-diff:
|
||||
|
||||
- start the commit message with `scripted-diff:` (and then a description of the diff on the same line)
|
||||
- in the commit message include the bash script between lines containing just the following text:
|
||||
- `-BEGIN VERIFY SCRIPT-`
|
||||
- `-END VERIFY SCRIPT-`
|
||||
|
||||
The scripted-diff is verified by the tool `test/lint/commit-script-check.sh`
|
||||
|
||||
Commit [`bb81e173`](https://github.com/bitcoin/bitcoin/commit/bb81e173) is an example of a scripted-diff.
|
||||
|
||||
RPC interface guidelines
|
||||
--------------------------
|
||||
|
||||
A few guidelines for introducing and reviewing new RPC interfaces:
|
||||
|
||||
- Method naming: use consecutive lower-case names such as `getrawtransaction` and `submitblock`
|
||||
|
||||
- *Rationale*: Consistency with existing interface.
|
||||
|
||||
- Argument naming: use snake case `fee_delta` (and not, e.g. camel case `feeDelta`)
|
||||
|
||||
- *Rationale*: Consistency with existing interface.
|
||||
|
||||
- Use the JSON parser for parsing, don't manually parse integers or strings from
|
||||
arguments unless absolutely necessary.
|
||||
|
||||
- *Rationale*: Introduces hand-rolled string manipulation code at both the caller and callee sites,
|
||||
which is error prone, and it is easy to get things such as escaping wrong.
|
||||
JSON already supports nested data structures, no need to re-invent the wheel.
|
||||
|
||||
- *Exception*: AmountFromValue can parse amounts as string. This was introduced because many JSON
|
||||
parsers and formatters hard-code handling decimal numbers as floating point
|
||||
values, resulting in potential loss of precision. This is unacceptable for
|
||||
monetary values. **Always** use `AmountFromValue` and `ValueFromAmount` when
|
||||
inputting or outputting monetary values. The only exceptions to this are
|
||||
`prioritisetransaction` and `getblocktemplate` because their interface
|
||||
is specified as-is in BIP22.
|
||||
|
||||
- Missing arguments and 'null' should be treated the same: as default values. If there is no
|
||||
default value, both cases should fail in the same way. The easiest way to follow this
|
||||
guideline is detect unspecified arguments with `params[x].isNull()` instead of
|
||||
`params.size() <= x`. The former returns true if the argument is either null or missing,
|
||||
while the latter returns true if is missing, and false if it is null.
|
||||
|
||||
- *Rationale*: Avoids surprises when switching to name-based arguments. Missing name-based arguments
|
||||
are passed as 'null'.
|
||||
|
||||
- Try not to overload methods on argument type. E.g. don't make `getblock(true)` and `getblock("hash")`
|
||||
do different things.
|
||||
|
||||
- *Rationale*: This is impossible to use with `bitcoin-cli`, and can be surprising to users.
|
||||
|
||||
- *Exception*: Some RPC calls can take both an `int` and `bool`, most notably when a bool was switched
|
||||
to a multi-value, or due to other historical reasons. **Always** have false map to 0 and
|
||||
true to 1 in this case.
|
||||
|
||||
- Don't forget to fill in the argument names correctly in the RPC command table.
|
||||
|
||||
- *Rationale*: If not, the call can not be used with name-based arguments.
|
||||
|
||||
- Set okSafeMode in the RPC command table to a sensible value: safe mode is when the
|
||||
blockchain is regarded to be in a confused state, and the client deems it unsafe to
|
||||
do anything irreversible such as send. Anything that just queries should be permitted.
|
||||
|
||||
- *Rationale*: Troubleshooting a node in safe mode is difficult if half the
|
||||
RPCs don't work.
|
||||
|
||||
- Add every non-string RPC argument `(method, idx, name)` to the table `vRPCConvertParams` in `rpc/client.cpp`.
|
||||
|
||||
- *Rationale*: `bitcoin-cli` and the GUI debug console use this table to determine how to
|
||||
convert a plaintext command line to JSON. If the types don't match, the method can be unusable
|
||||
from there.
|
||||
|
||||
- A RPC method must either be a wallet method or a non-wallet method. Do not
|
||||
introduce new methods such as `signrawtransaction` that differ in behavior
|
||||
based on presence of a wallet.
|
||||
|
||||
- *Rationale*: as well as complicating the implementation and interfering
|
||||
with the introduction of multi-wallet, wallet and non-wallet code should be
|
||||
separated to avoid introducing circular dependencies between code units.
|
||||
|
||||
- Try to make the RPC response a JSON object.
|
||||
|
||||
- *Rationale*: If a RPC response is not a JSON object then it is harder to avoid API breakage if
|
||||
new data in the response is needed.
|
||||
|
||||
- Wallet RPCs call BlockUntilSyncedToCurrentChain to maintain consistency with
|
||||
`getblockchaininfo`'s state immediately prior to the call's execution. Wallet
|
||||
RPCs whose behavior does *not* depend on the current chainstate may omit this
|
||||
call.
|
||||
|
||||
- *Rationale*: In previous versions of Bitcoin Core, the wallet was always
|
||||
in-sync with the chainstate (by virtue of them all being updated in the
|
||||
same cs_main lock). In order to maintain the behavior that wallet RPCs
|
||||
return results as of at least the highest best-known block an RPC
|
||||
client may be aware of prior to entering a wallet RPC call, we must block
|
||||
until the wallet is caught up to the chainstate as of the RPC call's entry.
|
||||
This also makes the API much easier for RPC clients to reason about.
|
||||
|
||||
- Be aware of RPC method aliases and generally avoid registering the same
|
||||
callback function pointer for different RPCs.
|
||||
|
||||
- *Rationale*: RPC methods registered with the same function pointer will be
|
||||
considered aliases and only the first method name will show up in the
|
||||
`help` rpc command list.
|
||||
|
||||
- *Exception*: Using RPC method aliases may be appropriate in cases where a
|
||||
new RPC is replacing a deprecated RPC, to avoid both RPCs confusingly
|
||||
showing up in the command list.
|
||||
|
||||
|
|
|
@ -6,13 +6,16 @@ AlignTrailingComments: true
|
|||
AllowAllParametersOfDeclarationOnNextLine: false
|
||||
AllowShortBlocksOnASingleLine: false
|
||||
AllowShortFunctionsOnASingleLine: All
|
||||
AllowShortIfStatementsOnASingleLine: false
|
||||
AllowShortIfStatementsOnASingleLine: true
|
||||
AllowShortLoopsOnASingleLine: false
|
||||
AlwaysBreakBeforeMultilineStrings: false
|
||||
AlwaysBreakTemplateDeclarations: true
|
||||
BinPackParameters: false
|
||||
BreakBeforeBinaryOperators: false
|
||||
BreakBeforeBraces: Linux
|
||||
BreakBeforeBraces: Custom
|
||||
BraceWrapping:
|
||||
AfterClass: true
|
||||
AfterFunction: true
|
||||
BreakBeforeTernaryOperators: false
|
||||
BreakConstructorInitializersBeforeComma: false
|
||||
ColumnLimit: 0
|
||||
|
@ -23,7 +26,6 @@ ContinuationIndentWidth: 4
|
|||
Cpp11BracedListStyle: true
|
||||
DerivePointerAlignment: false
|
||||
DisableFormat: false
|
||||
ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH, BOOST_REVERSE_FOREACH ]
|
||||
IndentCaseLabels: false
|
||||
IndentFunctionDeclarationAfterType: false
|
||||
IndentWidth: 4
|
||||
|
|
Loading…
Reference in a new issue