* [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT
@ 2014-06-03 19:07 Ron
2014-06-04 9:51 ` Mike Hearn
0 siblings, 1 reply; 14+ messages in thread
From: Ron @ 2014-06-03 19:07 UTC (permalink / raw)
To: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 1800 bytes --]
Hello
What is the issue with the Bitcoin code for 0.9.x with regard to assertions that isn't in 0.8.6 or previous releases?
on April 18th, I offered
https://github.com/bc4-old-c-coder/bitcoin/commit/f0d221e56a12947b67b9c8f43cc5832b665052c8
this commit and code with all side effects removed from the assertions.
Then on the 28th,
https://github.com/bc4-old-c-coder/bitcoin/tree/0.8.6
this code with unit tests working.
And if that isn't enough, I did a video series on building Bitcoind.exe and the static libraries (on MSVC++) all in NDEBUG (release) mode.
See
https://www.youtube.com/playlist?list=PLFnWb0ttBBMLyUuniLp3PJ5Mn4tVUlliZ
Notice that the NDEBUG release mode is featured, and I even run it!
Lastly what does that say about building Bitcoin-qt in release mode? Should one or not??
There is also a video on building an alternate coin-qt.exe in release mode (gcc version) and running it! See
https://www.youtube.com/watch?v=C8GvHpjbAnM
assert() should have no side effects, that is the problem.
See
http://books.google.com/books?id=L5ZbzVnpkXAC&pg=PA72&lpg=PA72&dq=Gotcha+%2328+Side+Effects&source=bl&ots=Rn15TlPmje&sig=tymHqta0aSANwaM2GaXC-1Di_tk&hl=en&sa=X&ei=uVKNU47fCcvTsAT6goHIBA&ved=0CCAQ6AEwAA#v=onepage&q=Gotcha%20%2328%20Side%20Effects&f=false
a
great book, BTW. Everyone who thinks they know what they are doing
when they write C++ should read this book! They will realize that they
don't know Jack
Why weren't these and all the other examples of amateur, i.e., non-professional, software fixed way back in version 0.3.0 in 2010, before any more releases were done? And why were these and other sub-standard coding practices continued and expanded in later releases, right up until the present?
Ron
[-- Attachment #2: Type: text/html, Size: 10190 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT
2014-06-03 19:07 [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT Ron
@ 2014-06-04 9:51 ` Mike Hearn
2014-06-04 10:12 ` Wladimir
2014-06-04 10:15 ` Gregory Maxwell
0 siblings, 2 replies; 14+ messages in thread
From: Mike Hearn @ 2014-06-04 9:51 UTC (permalink / raw)
To: Ron; +Cc: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 1820 bytes --]
Hi Ron,
FYI your mail is being spamfoldered due to Yahoo's DMARC policy and the
brokenness of the SF.net mailing list software. I would not expect to get
replies reliably whilst this is the case. I think we should move away from
SF.net for hosting mailing lists personally, because it's this list that's
at fault not Yahoo, but until then you may wish to send to the list with a
different email address.
As to your question,
assert() should have *no* side effects, that is the problem.
>
> See
>
> http://books.google.com/books?id=L5ZbzVnpkXAC&pg=PA72&lpg=PA72&dq=Gotcha+%2328+Side+Effects&source=bl&ots=Rn15TlPmje&sig=tymHqta0aSANwaM2GaXC-1Di_tk&hl=en&sa=X&ei=uVKNU47fCcvTsAT6goHIBA&ved=0CCAQ6AEwAA#v=onepage&q=Gotcha%20%2328%20Side%20Effects&f=false
>
> a great book, BTW. Everyone who thinks they know what they are doing when
> they write C++ should read this book! They will realize that they don't
> know Jack [image: Roll Eyes]
>
> Why weren't these and all the other examples of amateur, i.e.,
> non-professional, software fixed way back in version 0.3.0 in 2010, before
> any more releases were done? And why were these and other sub-standard
> coding practices continued and expanded in later releases, right up until
> the present?
>
Back in 2010 most code was still being written by Satoshi so perhaps you
should ask him. Regardless, it's very common for professional codebases to
require assertions be enabled. For example the entire Google C++ codebase
uses always-on assertions that have side effects liberally: it's convenient
and safe, when you have the guarantee the code will always run, and the
performance benefits of compiling out assertions are usually non-existent.
So for this reason I think Bitcoin Core currently will fail to build if
assertions are disabled, and that seems OK to me.
[-- Attachment #2: Type: text/html, Size: 3468 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT
2014-06-04 9:51 ` Mike Hearn
@ 2014-06-04 10:12 ` Wladimir
2014-06-04 10:15 ` Gregory Maxwell
1 sibling, 0 replies; 14+ messages in thread
From: Wladimir @ 2014-06-04 10:12 UTC (permalink / raw)
To: Mike Hearn; +Cc: bitcoin-development, Ron
[-- Attachment #1: Type: text/plain, Size: 337 bytes --]
>
>
> assert() should have *no* side effects, that is the problem.
>>
>
I'm pretty sure that all the side effects of assertions have been removed
before 0.9.0.
However, the assertion checks are extremely important to the proper sanity
of the client and network, so IMHO it's fair to still require building with
them enabled.
Wladimir
[-- Attachment #2: Type: text/html, Size: 1323 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT
2014-06-04 9:51 ` Mike Hearn
2014-06-04 10:12 ` Wladimir
@ 2014-06-04 10:15 ` Gregory Maxwell
2014-06-04 10:20 ` Mike Hearn
2014-06-04 10:42 ` Jannis Froese
1 sibling, 2 replies; 14+ messages in thread
From: Gregory Maxwell @ 2014-06-04 10:15 UTC (permalink / raw)
To: Mike Hearn; +Cc: bitcoin-development, Ron
[-- Attachment #1: Type: text/plain, Size: 2979 bytes --]
On Wed, Jun 4, 2014 at 2:51 AM, Mike Hearn <mike@plan99•net> wrote:
> Hi Ron,
>
> FYI your mail is being spamfoldered due to Yahoo's DMARC policy and the
> brokenness of the SF.net mailing list software. I would not expect to get
> replies reliably whilst this is the case. I think we should move away from
> SF.net for hosting mailing lists personally, because it's this list that's
> at fault not Yahoo, but until then you may wish to send to the list with a
> different email address.
>
> As to your question,
>
> assert() should have *no* side effects, that is the problem.
>>
>> See
>>
>> http://books.google.com/books?id=L5ZbzVnpkXAC&pg=PA72&lpg=PA72&dq=Gotcha+%2328+Side+Effects&source=bl&ots=Rn15TlPmje&sig=tymHqta0aSANwaM2GaXC-1Di_tk&hl=en&sa=X&ei=uVKNU47fCcvTsAT6goHIBA&ved=0CCAQ6AEwAA#v=onepage&q=Gotcha%20%2328%20Side%20Effects&f=false
>>
>> a great book, BTW. Everyone who thinks they know what they are doing
>> when they write C++ should read this book! They will realize that they
>> don't know Jack [image: Roll Eyes]
>>
>> Why weren't these and all the other examples of amateur, i.e.,
>> non-professional, software fixed way back in version 0.3.0 in 2010, before
>> any more releases were done? And why were these and other sub-standard
>> coding practices continued and expanded in later releases, right up until
>> the present?
>>
>
> Back in 2010 most code was still being written by Satoshi so perhaps you
> should ask him. Regardless, it's very common for professional codebases to
> require assertions be enabled. For example the entire Google C++ codebase
> uses always-on assertions that have side effects liberally: it's convenient
> and safe, when you have the guarantee the code will always run, and the
> performance benefits of compiling out assertions are usually non-existent.
>
> So for this reason I think Bitcoin Core currently will fail to build if
> assertions are disabled, and that seems OK to me.
>
As a matter of procedure we do not use assertions with side effects— the
codebase did at one point, but have cleaned them up. In an abundance of
caution we also made it refuse to compile without assertions enabled: A
decision who's wisdom was clearly demonstrated when not long after, some
additional side-effect having assert was contributed. In the real world
errors happen here and there, and making robust software involves defense
in depth.
Considering the normal criticality of the software it should always be with
the assertions. Without them is an untested configuration. It would
probably be superior to use our own assertion macros (for one, they can
give some better reporting…) that don't have the baggage ordinary
assertions have, but as a the codebase is a production thing, making larger
changes all at once to satisfy aesthetics would be unwise... simply
refusing to compile in that untested, unsupported configuration is prudent,
for the time being.
[-- Attachment #2: Type: text/html, Size: 4811 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT
2014-06-04 10:15 ` Gregory Maxwell
@ 2014-06-04 10:20 ` Mike Hearn
2014-06-04 10:31 ` Gregory Maxwell
2014-06-04 12:15 ` Jeff Garzik
2014-06-04 10:42 ` Jannis Froese
1 sibling, 2 replies; 14+ messages in thread
From: Mike Hearn @ 2014-06-04 10:20 UTC (permalink / raw)
To: Gregory Maxwell; +Cc: bitcoin-development, Ron
[-- Attachment #1: Type: text/plain, Size: 830 bytes --]
>
> As a matter of procedure we do not use assertions with side effects— the
> codebase did at one point, but have cleaned them up. In an abundance of
> caution we also made it refuse to compile without assertions enabled: A
> decision who's wisdom was clearly demonstrated when not long after, some
> additional side-effect having assert was contributed. In the real world
> errors happen here and there, and making robust software involves defense
> in depth.
>
I think this class of errors could be removed entirely by just saying it's
OK for assertions to have side effects and requiring them to be enabled, as
is currently done.
The glog library:
http://google-glog.googlecode.com/svn/trunk/doc/glog.html
provides CHECK macros that print stack traces when they fail. Using them
would also be good.
[-- Attachment #2: Type: text/html, Size: 1409 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT
2014-06-04 10:20 ` Mike Hearn
@ 2014-06-04 10:31 ` Gregory Maxwell
2014-06-04 12:15 ` Jeff Garzik
1 sibling, 0 replies; 14+ messages in thread
From: Gregory Maxwell @ 2014-06-04 10:31 UTC (permalink / raw)
To: Mike Hearn; +Cc: bitcoin-development, Ron
On Wed, Jun 4, 2014 at 3:20 AM, Mike Hearn <mike@plan99•net> wrote:
>> As a matter of procedure we do not use assertions with side effects— the
>> codebase did at one point, but have cleaned them up. In an abundance of
>> caution we also made it refuse to compile without assertions enabled: A
>> decision who's wisdom was clearly demonstrated when not long after, some
>> additional side-effect having assert was contributed. In the real world
>> errors happen here and there, and making robust software involves defense in
>> depth.
>
>
> I think this class of errors could be removed entirely by just saying it's
> OK for assertions to have side effects and requiring them to be enabled, as
> is currently done.
>
> The glog library:
>
> http://google-glog.googlecode.com/svn/trunk/doc/glog.html
>
> provides CHECK macros that print stack traces when they fail. Using them
> would also be good.
Yes... it takes only about 10 lines of code to have a nicer assert
than the posix one, all my own software does... and with the noreturn
attribute on the failure path it behaves the same for most static
analysis tools as a regular assert does. I would have just dropped one
in, but an IFDEF seemed more prudent at the time.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT
2014-06-04 10:15 ` Gregory Maxwell
2014-06-04 10:20 ` Mike Hearn
@ 2014-06-04 10:42 ` Jannis Froese
2014-06-04 10:51 ` Mike Hearn
` (2 more replies)
1 sibling, 3 replies; 14+ messages in thread
From: Jannis Froese @ 2014-06-04 10:42 UTC (permalink / raw)
To: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 4649 bytes --]
There are reasons to have assertions enabled by default in software like
Bitcoin Core, where incorrect behaviour can be costly. But this comes at
a prize: our assertions have to satisfy certain performance
requirements. It's no longer possible to do expensive, redundant checks
in performance critical code, which is one of the main advantages of
asserts. Imho, asserts are not intended for small range checks etc, but
are meant for checks that a hash hasn't changed, that a tree structure
is still a tree, that data is still sorted, or that data structures are
in sync.
I think most concerns about the current use of asserts would be resolved
if the currently used asserts would be changed to a nicer definition
which is independent of NDEBUG, and a second class of debugging asserts
would be introduced, which is exclusively for expensive, redundant
checks and is disabled by NDEBUG.
Am 2014-06-04 12:15, schrieb Gregory Maxwell:
> On Wed, Jun 4, 2014 at 2:51 AM, Mike Hearn <mike@plan99•net
> <mailto:mike@plan99•net>> wrote:
>
> Hi Ron,
>
> FYI your mail is being spamfoldered due to Yahoo's DMARC policy
> and the brokenness of the SF.net mailing list software. I would
> not expect to get replies reliably whilst this is the case. I
> think we should move away from SF.net for hosting mailing lists
> personally, because it's this list that's at fault not Yahoo, but
> until then you may wish to send to the list with a different email
> address.
>
> As to your question,
>
> assert() should have *no* side effects, that is the problem.
>
> See
> http://books.google.com/books?id=L5ZbzVnpkXAC&pg=PA72&lpg=PA72&dq=Gotcha+%2328+Side+Effects&source=bl&ots=Rn15TlPmje&sig=tymHqta0aSANwaM2GaXC-1Di_tk&hl=en&sa=X&ei=uVKNU47fCcvTsAT6goHIBA&ved=0CCAQ6AEwAA#v=onepage&q=Gotcha%20%2328%20Side%20Effects&f=false
>
> a great book, BTW. Everyone who thinks they know what they
> are doing when they write C++ should read this book! They
> will realize that they don't know Jack Roll Eyes
>
> Why weren't these and all the other examples of amateur, i.e.,
> non-professional, software fixed way back in version 0.3.0 in
> 2010, before any more releases were done? And why were these
> and other sub-standard coding practices continued and expanded
> in later releases, right up until the present?
>
>
> Back in 2010 most code was still being written by Satoshi so
> perhaps you should ask him. Regardless, it's very common for
> professional codebases to require assertions be enabled. For
> example the entire Google C++ codebase uses always-on assertions
> that have side effects liberally: it's convenient and safe, when
> you have the guarantee the code will always run, and the
> performance benefits of compiling out assertions are usually
> non-existent.
>
> So for this reason I think Bitcoin Core currently will fail to
> build if assertions are disabled, and that seems OK to me.
>
>
> As a matter of procedure we do not use assertions with side effects---
> the codebase did at one point, but have cleaned them up. In an
> abundance of caution we also made it refuse to compile without
> assertions enabled: A decision who's wisdom was clearly demonstrated
> when not long after, some additional side-effect having assert was
> contributed. In the real world errors happen here and there, and
> making robust software involves defense in depth.
>
> Considering the normal criticality of the software it should always be
> with the assertions. Without them is an untested configuration. It
> would probably be superior to use our own assertion macros (for one,
> they can give some better reporting...) that don't have the baggage
> ordinary assertions have, but as a the codebase is a production thing,
> making larger changes all at once to satisfy aesthetics would be
> unwise... simply refusing to compile in that untested, unsupported
> configuration is prudent, for the time being.
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
>
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[-- Attachment #2: Type: text/html, Size: 10034 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT
2014-06-04 10:42 ` Jannis Froese
@ 2014-06-04 10:51 ` Mike Hearn
2014-06-04 12:13 ` Wladimir
2014-06-06 8:29 ` Wladimir
2 siblings, 0 replies; 14+ messages in thread
From: Mike Hearn @ 2014-06-04 10:51 UTC (permalink / raw)
To: Jannis Froese; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 5524 bytes --]
Currently expensive checks are guarded with command line flags. It'd be
nice if there could be one unified command line flag -expensivechecks that
subsumes -checkmempool and so on.
On Wed, Jun 4, 2014 at 6:42 PM, Jannis Froese <s9jafroe@stud•uni-saarland.de
> wrote:
> There are reasons to have assertions enabled by default in software like
> Bitcoin Core, where incorrect behaviour can be costly. But this comes at a
> prize: our assertions have to satisfy certain performance requirements.
> It's no longer possible to do expensive, redundant checks in performance
> critical code, which is one of the main advantages of asserts. Imho,
> asserts are not intended for small range checks etc, but are meant for
> checks that a hash hasn't changed, that a tree structure is still a tree,
> that data is still sorted, or that data structures are in sync.
>
> I think most concerns about the current use of asserts would be resolved
> if the currently used asserts would be changed to a nicer definition which
> is independent of NDEBUG, and a second class of debugging asserts would be
> introduced, which is exclusively for expensive, redundant checks and is
> disabled by NDEBUG.
>
>
>
> Am 2014-06-04 12:15, schrieb Gregory Maxwell:
>
> On Wed, Jun 4, 2014 at 2:51 AM, Mike Hearn <mike@plan99•net> wrote:
>
>> Hi Ron,
>>
>> FYI your mail is being spamfoldered due to Yahoo's DMARC policy and the
>> brokenness of the SF.net mailing list software. I would not expect to get
>> replies reliably whilst this is the case. I think we should move away from
>> SF.net for hosting mailing lists personally, because it's this list that's
>> at fault not Yahoo, but until then you may wish to send to the list with a
>> different email address.
>>
>> As to your question,
>>
>> assert() should have *no* side effects, that is the problem.
>>>
>>> See
>>>
>>> http://books.google.com/books?id=L5ZbzVnpkXAC&pg=PA72&lpg=PA72&dq=Gotcha+%2328+Side+Effects&source=bl&ots=Rn15TlPmje&sig=tymHqta0aSANwaM2GaXC-1Di_tk&hl=en&sa=X&ei=uVKNU47fCcvTsAT6goHIBA&ved=0CCAQ6AEwAA#v=onepage&q=Gotcha%20%2328%20Side%20Effects&f=false
>>>
>>> a great book, BTW. Everyone who thinks they know what they are doing
>>> when they write C++ should read this book! They will realize that they
>>> don't know Jack [image: Roll Eyes]
>>>
>>> Why weren't these and all the other examples of amateur, i.e.,
>>> non-professional, software fixed way back in version 0.3.0 in 2010, before
>>> any more releases were done? And why were these and other sub-standard
>>> coding practices continued and expanded in later releases, right up until
>>> the present?
>>>
>>
>> Back in 2010 most code was still being written by Satoshi so perhaps
>> you should ask him. Regardless, it's very common for professional codebases
>> to require assertions be enabled. For example the entire Google C++
>> codebase uses always-on assertions that have side effects liberally: it's
>> convenient and safe, when you have the guarantee the code will always run,
>> and the performance benefits of compiling out assertions are usually
>> non-existent.
>>
>> So for this reason I think Bitcoin Core currently will fail to build if
>> assertions are disabled, and that seems OK to me.
>>
>
> As a matter of procedure we do not use assertions with side effects— the
> codebase did at one point, but have cleaned them up. In an abundance of
> caution we also made it refuse to compile without assertions enabled: A
> decision who's wisdom was clearly demonstrated when not long after, some
> additional side-effect having assert was contributed. In the real world
> errors happen here and there, and making robust software involves defense
> in depth.
>
> Considering the normal criticality of the software it should always be
> with the assertions. Without them is an untested configuration. It would
> probably be superior to use our own assertion macros (for one, they can
> give some better reporting…) that don't have the baggage ordinary
> assertions have, but as a the codebase is a production thing, making larger
> changes all at once to satisfy aesthetics would be unwise... simply
> refusing to compile in that untested, unsupported configuration is prudent,
> for the time being.
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!http://p.sf.net/sfu/NeoTech
>
>
>
> _______________________________________________
> Bitcoin-development mailing listBitcoin-development@lists•sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
[-- Attachment #2: Type: text/html, Size: 10915 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT
2014-06-04 10:42 ` Jannis Froese
2014-06-04 10:51 ` Mike Hearn
@ 2014-06-04 12:13 ` Wladimir
2014-06-06 8:29 ` Wladimir
2 siblings, 0 replies; 14+ messages in thread
From: Wladimir @ 2014-06-04 12:13 UTC (permalink / raw)
To: Jannis Froese; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 446 bytes --]
On Wed, Jun 4, 2014 at 12:42 PM, Jannis Froese <
s9jafroe@stud•uni-saarland.de> wrote:
> I think most concerns about the current use of asserts would be resolved
> if the currently used asserts would be changed to a nicer definition which
> is independent of NDEBUG, and a second class of debugging asserts would be
> introduced, which is exclusively for expensive, redundant checks and is
> disabled by NDEBUG.
>
Sounds good to me.
Wladimir
[-- Attachment #2: Type: text/html, Size: 876 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT
2014-06-04 10:20 ` Mike Hearn
2014-06-04 10:31 ` Gregory Maxwell
@ 2014-06-04 12:15 ` Jeff Garzik
1 sibling, 0 replies; 14+ messages in thread
From: Jeff Garzik @ 2014-06-04 12:15 UTC (permalink / raw)
To: Mike Hearn; +Cc: bitcoin-development, Ron
Yes, check macros like that can be useful.
I like the kernel's policy, which parallels our direction:
1) Enable and use lightweight assertions for most users.
2) No assertions with side effects
If you want to compile them out, that's fine, but they should always
be present in production software.
On Wed, Jun 4, 2014 at 6:20 AM, Mike Hearn <mike@plan99•net> wrote:
>> As a matter of procedure we do not use assertions with side effects— the
>> codebase did at one point, but have cleaned them up. In an abundance of
>> caution we also made it refuse to compile without assertions enabled: A
>> decision who's wisdom was clearly demonstrated when not long after, some
>> additional side-effect having assert was contributed. In the real world
>> errors happen here and there, and making robust software involves defense in
>> depth.
>
>
> I think this class of errors could be removed entirely by just saying it's
> OK for assertions to have side effects and requiring them to be enabled, as
> is currently done.
>
> The glog library:
>
> http://google-glog.googlecode.com/svn/trunk/doc/glog.html
>
> provides CHECK macros that print stack traces when they fail. Using them
> would also be good.
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc. https://bitpay.com/
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT
2014-06-04 10:42 ` Jannis Froese
2014-06-04 10:51 ` Mike Hearn
2014-06-04 12:13 ` Wladimir
@ 2014-06-06 8:29 ` Wladimir
2014-06-06 8:40 ` Pieter Wuille
2 siblings, 1 reply; 14+ messages in thread
From: Wladimir @ 2014-06-06 8:29 UTC (permalink / raw)
To: Jannis Froese; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 1108 bytes --]
On Wed, Jun 4, 2014 at 12:42 PM, Jannis Froese <
s9jafroe@stud•uni-saarland.de> wrote:
I think most concerns about the current use of asserts would be resolved if
> the currently used asserts would be changed to a nicer definition which is
> independent of NDEBUG, and a second class of debugging asserts would be
> introduced, which is exclusively for expensive, redundant checks and is
> disabled by NDEBUG.
>
Also, most assertion errors that happen to people running Bitcoin Core are
not caused by software bugs but database corruption errors (usually due to
unclean shutdown).
For example in case we detect missing/truncated block files or UTXO db
consistency we should, instead of raising an assertion error, propose a
-reindex - see also https://github.com/bitcoin/bitcoin/issues/2202 .
So instead of using assertions we need a fatal error function for those
problems which are probably recoverable in a certain specific way. In
principle starting a reindex wouldn't even need to take down the entire
process (though that's easier for implementation due to cleanup and
assumptions made).
Wladimir
[-- Attachment #2: Type: text/html, Size: 1731 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT
2014-06-06 8:29 ` Wladimir
@ 2014-06-06 8:40 ` Pieter Wuille
2014-06-07 0:57 ` Jeff Garzik
0 siblings, 1 reply; 14+ messages in thread
From: Pieter Wuille @ 2014-06-06 8:40 UTC (permalink / raw)
To: Wladimir; +Cc: Bitcoin Dev
On Fri, Jun 6, 2014 at 10:29 AM, Wladimir <laanwj@gmail•com> wrote:
> On Wed, Jun 4, 2014 at 12:42 PM, Jannis Froese
> <s9jafroe@stud•uni-saarland.de> wrote:
>
>> I think most concerns about the current use of asserts would be resolved
>> if the currently used asserts would be changed to a nicer definition which
>> is independent of NDEBUG, and a second class of debugging asserts would be
>> introduced, which is exclusively for expensive, redundant checks and is
>> disabled by NDEBUG.
There are a few examples of things that would classify as
expensive/redundant checks:
* addrman consistency checks (only enabled with -DDEBUG_ADDRMAN).
* mempool consistency checks (only enabled with -checkmempool).
* deadlock detection (only enabled with -DDEBUG_LOCKORDER).
I'm not sure all of these make sense to put under a single runtime
flag. For example, addrman consistency is unlikely to be affected
unless you're working on addrman code, and is pretty expensive.
Still, I do like the idea of optional consistency checks, that help
guarantee the software always has a consistency state.
--
Pieter
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT
2014-06-06 8:40 ` Pieter Wuille
@ 2014-06-07 0:57 ` Jeff Garzik
0 siblings, 0 replies; 14+ messages in thread
From: Jeff Garzik @ 2014-06-07 0:57 UTC (permalink / raw)
To: Pieter Wuille; +Cc: Bitcoin Dev
Speaking very generally, the Linux kernel wisdom on this tends to be,
* Compile in as many cheap, compiler-predictable asserts as possible
into the production runtime.
* Debug builds are of limited value. Users do not recompile software,
just to provide better bug reports/diagnostics.
* Make it as easy as possible for users to send reports that are
useful to programmers.
* Expensive diagnostics are fine. Compile in, but disable by default
at runtime (and make sure these features, when turned off, do not slow
down the system).
* Make sure the assert/dump provides a high level of diagnostics.
Stack trace of each thread + multi-threaded core dump are a good
start.
--
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc. https://bitpay.com/
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Bitcoin-development] error "Bitcoin cannot be compiled without assertions." <<<<NOT
[not found] <mailman.192896.1401886427.2163.bitcoin-development@lists.sourceforge.net>
@ 2014-06-04 19:13 ` Ron
0 siblings, 0 replies; 14+ messages in thread
From: Ron @ 2014-06-04 19:13 UTC (permalink / raw)
To: bitcoin-development
________________________________________________________
Message: 2
Date: Wed, 4 Jun 2014 08:15:08 -0400
From: Jeff Garzik <jgarzik@bitpay•com>
Subject: Re: [Bitcoin-development] # error "Bitcoin cannot
be compiled
without assertions." <<<<NOT
To: Mike Hearn <mike@plan99•net>
Cc: "bitcoin-development@lists•sourceforge.net"
<bitcoin-development@lists•sourceforge.net>,
Ron <rdwnj@yahoo•com>
Message-ID:
<CAJHLa0PTTHfvd-1BR5s2k-4UW6V6qLEyAbF2YSRxOOSjtH9+_Q@mail•gmail.com>
Content-Type: text/plain; charset=UTF-8
Yes, check macros like that can be useful.
I like the kernel's policy, which parallels our direction:
1) Enable and use lightweight assertions for most users.
2) No assertions with side effects
If you want to compile them out, that's fine, but they
should always
be present in production software.
_____________________________________________________
I don't think many of you actually read what I said, and you went off on your own tangents.
I said:
this commit and code with all side effects removed from the assertions.
in Vol 37, Issue 4
I intentionally left the gcc code alone. Only the MSC code is assert "fixed". I would have hoped that someone would have noticed and incorporated these changes into the gcc code. Simply by removing the #ifdef _MSC_VER ... #else ... #endif etc. etc.
Did I say I compiled them out? No! Did anyone bother to look at my code or what I said?
Here is an example from main.cpp CTransaction::UpdateCoins(...
- // add outputs
+ // add outputs sure looks like an assert with side effects here!?
+#ifdef _MSC_VER
+ bool
+ fTest = inputs.SetCoins(txhash, CCoins(*this, nHeight));
+ #ifdef _DEBUG
+ assert(fTest);
+ #else
+ if( !fTest )
+ releaseModeAssertionfailure( __FILE__, __LINE__, __PRETTY_FUNCTION__ );
+ #endif
+#else
assert(inputs.SetCoins(txhash, CCoins(*this, nHeight)));
+#endif
Note that I do the test, and if debugging, I let it abort() the program if it fails. Note that in release mode it calls a new function on failure, that I leave you to discover what it does. I see that this assert has been "fixed" in 0.9.x, but I think my "fix" is better, since it allows release mode code to run better, if not identically.
I changed every assert() in the bitcoind 086 sources to behave this way. Since C++ is perniciously baroque, it is not clear if a side effect can or has occurred in the most innocuous of C++ statements. Is the example above side-effect free?
Here is a piece of what I made my decision on:
http://www.gnu.org/software/libc/manual/html_node/Consistency-Checking.html and the link to the book previously given.
Also, no one answered the question about bitcoin-qt, to whit, can or should it be compiled in RELEASE mode because of this? Should it have always been compiled in DEBUG mode in the past too?
Ron
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2014-06-07 0:57 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-03 19:07 [Bitcoin-development] # error "Bitcoin cannot be compiled without assertions." <<<<NOT Ron
2014-06-04 9:51 ` Mike Hearn
2014-06-04 10:12 ` Wladimir
2014-06-04 10:15 ` Gregory Maxwell
2014-06-04 10:20 ` Mike Hearn
2014-06-04 10:31 ` Gregory Maxwell
2014-06-04 12:15 ` Jeff Garzik
2014-06-04 10:42 ` Jannis Froese
2014-06-04 10:51 ` Mike Hearn
2014-06-04 12:13 ` Wladimir
2014-06-06 8:29 ` Wladimir
2014-06-06 8:40 ` Pieter Wuille
2014-06-07 0:57 ` Jeff Garzik
[not found] <mailman.192896.1401886427.2163.bitcoin-development@lists.sourceforge.net>
2014-06-04 19:13 ` [Bitcoin-development] " Ron
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox