ccbd09d5fb Remove unnecessary m/ prefix requirement (josibake)
Pull request description:
`m` in BIP0032 is a variable, not a constant. Requiring it as a constant here is confusing and can lead to erroneous conclusions if using this library as a means of understanding BIP0032.
Fixes#2449
ACKs for top commit:
Kixunil:
ACK ccbd09d5fb
apoelstra:
ACK ccbd09d5fb
Tree-SHA512: b641679f958f20a51c1890b23bbaa0153716802d6180dfd1f649e104f291c5a99143e02b75d292b22254201b28e5c53a04ecd7b6a88ff6f964073106419c5ec1
47569302fc Fix broken kani test (Tobin C. Harding)
Pull request description:
Recently we added a kani test that doesn't work because of `debug_assert` calls in ops traits.
Instead of opening the can of worms that is correct panic behaviour in ops lets just remove the test.
ACKs for top commit:
Kixunil:
ACK 47569302fc
apoelstra:
ACK 47569302fc
Tree-SHA512: f4a862d99173c1502e70fe4c2b9085a1f23dd4501f2ae25dc8a92e3edda7804b42b0580ef32fef2a3d5ea0d98e16b6f0fdba456cf4f0926c5b051ec8a6e54c78
In BIP0032, m is used as a variable for the root extended key. It is not
meant to be used as a constant prefix when serializing paths.
Update the DerivationPath parser to no longer require the m prefix.
Remove the m prefix from the unit tests and the bip32, ecdsa-psbt,
and taproot-psbt examples.
close#2449
Changes -
- in `from_slice` changed the `error` to `FromSliceError`.
- in `verify` changed to `secp256k1::Error` as it can return only one error.
- in `from_str` changed to `FromSliceError`.
- in `CompressedPublicKey` changed `verify` from `Error` to `secp236k1::Error` as it only returns one error.
- introduces CompressedPublicKeyError
- Removes impl from `bip32.rs`
- introduces `ParsePubKeyError` to return errors while generating publickey from string
3c62f74684 Add public functions p2wpkh_script_code (Tobin C. Harding)
a246dc98a4 Run sighash example in CI (Tobin C. Harding)
Pull request description:
This was done to fix#1920, it may be of questionable value though.
- Patch 1 is definitely useful, its a CI fix.
- Patch 2 adds two new API functions.
Fix: #1920
ACKs for top commit:
Kixunil:
ACK 3c62f74684
apoelstra:
ACK 3c62f74684
Tree-SHA512: 58743612c48e392f9ac0a94477588aee959c5fe9191dd04405bbb71aed7b0730b5927ad98f9da34dc93caaaac939617348c3f71318cc7e65c2c154b0f3897b89
c084afa8b2 Print hex in Debug for Sequence (Tobin C. Harding)
Pull request description:
Printing the `Sequence` as a decimal is not super useful when debugging, print it in hex instead.
Using code:
let seq = Sequence::from_consensus(0xFFFFFFFF);
println!("sequence: {:?}", seq);
Before applying this patch we get:
sequence: Sequence(4294967295)
And after applying we get:
sequence: Sequence(0xffffffff)
ACKs for top commit:
Kixunil:
ACK c084afa8b2
apoelstra:
ACK c084afa8b2
Tree-SHA512: d60cd8896ca56a30fc8bd030cf3dd1bc1fd3a1609e99bfc2f26b9bd665b11c34c9df93b3f3ad731506d916513ca4a192dde476e16d99f2d4c4b2697f70a7bc98
343510d3a0 kani: fix Amount overflow test (Andrew Poelstra)
Pull request description:
Our Kani CI job is currently failing. See https://github.com/rust-bitcoin/rust-bitcoin/actions/runs/7770495422/job/21190756253
This fixes one of the issues; the other is that we're hitting a multiplication assertion in the test we added in https://github.com/rust-bitcoin/rust-bitcoin/pull/2393 which I'm unsure how to deal with.
For reference, testing this was a bit of a PITA. I needed to
```
# Ok, these steps are easy/obvious
cargo install kani-verifier
cargo kani
```
This will give you an error located in core/panic.rs or something with the description `This is a placeholder message; Kani doesn't support message formatted at runtime` which is not super helpful. To get the actual failure, you need to write
```
cargo kani --enable-unstable --concrete-playback=inplace
```
which will add a weird unit test which calls into Kani to exercise the original test with a specific input value. Because it calls into Kani you can't just run it with `cargo test`. You need to run
```
RUST_BACKTRACE=1 CARGO_INCREMENTAL=0 cargo kani playback -Z concrete-playback -- kani_concrete_playback_check_div_rem_8626518785677487871
```
where `CARGO_INCREMENTAL=0` disables incremental compilation (this was causing rustc to flame out with a "filename too long" error because it was trying to create some intermediate file with multiple hashes and crate names in it), and the `kani_concrete_playback_123456789` thing is the name of the test that gets added (which you can easily find by reading `git diff`).
ACKs for top commit:
tcharding:
ACK 343510d3a0
Kixunil:
ACK 343510d3a0
Tree-SHA512: 398ce3c61ffa3246bd27ae5719b4ac4fda587e87b8645ec8418fdfd039e4ed78d58233faab27bc63df7e2a30bb5467660e77a6e3d3a08fe86e7ff3dd31869ec7
Add two public API functions on the two public keys, both called
`p2wpkh_script_code` to do exactly as the name suggests.
Of note, I was not able to find anywhere to use these in example code,
this is because of we always use the new `p2wpkh_signature_hash`
function. The new functions may be useful for a user calling
`segwit_v0_encode_signing_data_to`. The may help document the library as
well.
Printing the `Sequence` as a decimal is not super useful when debugging,
print it in hex instead.
Using code:
let seq = Sequence::from_consensus(0xFFFFFFFF);
println!("sequence: {:?}", seq);
Before applying this patch we get:
sequence: Sequence(4294967295)
And after applying we get:
sequence: Sequence(0xffffffff)
8c17ad7fd7 Remove non_exhaustive from struct errors with pub inner (Tobin C. Harding)
Pull request description:
Using `non_exhaustive` as well as a public inner field is incorrect, it prohibits users from creating or matching on the error and does not achieve forward comparability.
This was never right, we shouldn't have done it.
ACKs for top commit:
Kixunil:
ACK 8c17ad7fd7
apoelstra:
ACK 8c17ad7fd7
Tree-SHA512: 41266aaea25e0e5dba22200725e71f7cc23f386f3990c9d0b831980db2cfb431791ba14d6c6b144bd7db90f2f5dc9df38856f23fade0d7aee68217c4c879d3e0
Using `non_exhaustive` as well as a public inner field is incorrect, it
prohibits users from creating or matching on the error and does not
achieve forward comparability.
This was never right, we shouldn't have done it.
Done in preparation for an initial v0.1.0 release of the new `io` crate.
Add a changelog file with a brief description of whats in the initial release.
Currently `Take::read_to_end` is private forcing users to use our
"custom" `read_to_limit`, for seasoned Rust hackers
`foo.take(16).read_to_end(buf)` make be more unsurprising.
Make `read_to_end` public.
c69caafefc Remove attribute comments (Tobin C. Harding)
3e83ef9276 Remove consensus error wrapper TODO (Tobin C. Harding)
bfabea94e9 Remove unwrap comment (Tobin C. Harding)
8bdaf4a34d Remove carrying_mul TODO (Tobin C. Harding)
Pull request description:
Add issues and remove the TODOs from the code.
Resolves: #2368
ACKs for top commit:
apoelstra:
ACK c69caafefc
Kixunil:
ACK c69caafefc
Tree-SHA512: b10a3de8da7ace890735023f8441605dd11b0227c27a2357556b8aaa8276a7f34ed220e3bcbc93aad4b35357319318ff7de27210e8f60dd90f6c55af23e21470
01a66a7fa7 CI: Check for required commands (Tobin C. Harding)
5c15ed5441 CI: Epic overhaul (Martin Habovstiak)
242aa676b3 Use env bash instead of /bin/bash (Tobin C. Harding)
422d30117c Use bash to run shell scripts (Tobin C. Harding)
Pull request description:
The combination of some work by myself [0] and Kix [1].
Draft so I can use github's infrastructure to test it all out.
Includes some patches at the front to fix real issues that the new test infrastructure found - WIN.
[0] https://github.com/rust-bitcoin/rust-bitcoin/pull/2328
[1] https://github.com/rust-bitcoin/rust-bitcoin/pull/2343
Coincidentally this closes 1124
Resolve: #1124
ACKs for top commit:
apoelstra:
ACK 01a66a7fa7
Tree-SHA512: 026a0948a181102246702eadc3ff245c319c456b03ada9ca269141d006146f30fd8eb50377062735a06c3e369f7edac2e334587120338a3747810d999177d930
Use `bash` instead of `sh` to run shell scripts.
We would like to support Nix users who do not typically have any shell
other than `sh` at a known path, therefore use `/usr/bin/env bash`.
0997382772 io: Enable alloc from std (Tobin C. Harding)
ba1166a63b Make crate level attributes uniform (Tobin C. Harding)
Pull request description:
Make the trait level attributes uniform across all released crates in the repo. Excludes things that are obviously not needed, eg, bench stuff if there is not bench code.
- Remove `uninhabited_references` - this is allow by default now.
- Remove `unconditional_recursion` and mark the single false positive we have with an `allow`.
Note, this does not add `missing_docs` to the `io` crate. There is an open PR at the moment to add that along with the required docs.
ACKs for top commit:
apoelstra:
ACK 0997382772
Kixunil:
ACK 0997382772
Tree-SHA512: ef1f638aca171536287cce369be98998e871d26468ad2d8c39d9004db610b406471809c283540a4a19bcede78b12b8976a1bb37e5d431fbff8c8a3e53a64d4e3
4383202f23 CI: Add a job to build kani proofs (Tobin C. Harding)
96d3bbd065 Fix kani test (Tobin C. Harding)
Pull request description:
Recently (in #2379) we patched the `ParseAmountError` but we don't check kani code on every pull request so we broke it.
Fix kani test to use the new `OutOfRangeError`.
EDIT: Attempt, as a separate patch, to add a job that runs on each PR to build the kani test code.
Close: #2424
ACKs for top commit:
Kixunil:
ACK 4383202f23
apoelstra:
ACK 4383202f23
Tree-SHA512: dcddcb0d52201efb3246733e9f164f5acde22df256fc4985b23050628ab9ae9c20a80ecd4ab468558b0a8708dacf6f7af099e8303cf4f73e1557e454c351aa34
Currently we do not build the code in the kani tests when PRs are
pushed, instead we run the verifier once a day. We should at least check
the code builds on each PR. One way to do this is to build the proofs
without running them, `kani --only-codegen` does that.
Recently (in #2379) we patched the `ParseAmountError` but we don't check
kani code on every pull request so we broke it.
Fix kani test to use the new `OutOfRangeError`.
Close: #2424
93dba898c2 Improve lock time errors (Martin Habovstiak)
Pull request description:
The errors returned from various lock time functions had several issues. Among the obvious - `Error` being returned from all operations even when some of its variants were unreachable, there were subtle issues around error messages:
* `ParseIntError` didn't contain information whether the parsed object is `Height` or `Time`.
* Logically overflow and out-of-bounds should be the same thing but produced different error messages.
* Mentioning integers is too technical for a user, talking about upper and lower bound is easier to understand.
* When minus sign is present `std` reports it as invalid digit which is less helpful than saying negative numbers are not allowed.
It is also possible that `ParseIntError` will need to be removed from public API during crate smashing or stabilization, so avoiding it may be better.
This commit significantly refactors the errors. It adds separate types for parsing `Height` and `Time`. Notice that we don't compose them from `ParseIntError` and `ConversionError` - that's not helpful because they carry information that wouldn't be used when displaying which is wasteful. Keeping errors small can be important.
It's also worth noting that exposing the inner representation could cause confusion since the same thing: out of bounds can be represented as an overflow or as a conversion error. So for now we conservatively hide the details and even pretend there's no `source` in case of overflow. This can be expanded in the future if needed.
The returned errors are now minimal. `LockTime` parsing errors are currentlly unchanged.
I can add `LockTime` changes in the same commit or separate within this PR if you want. Just wanted to push something for review before I go to sleep.
ACKs for top commit:
apoelstra:
ACK 93dba898c2
tcharding:
ACK 93dba898c2
Tree-SHA512: 68b60b413b1a1a0fc3648970d37f43e8b1b79f197ded053d83cfc1cf4fab4bed77d77841c2ae4d066b6436ee7187723c5d8cf934193c04c03520e797b7f7e82d
The errors returned from various lock time functions had several issues.
Among the obvious - `Error` being returned from all operations even when
some of its variants were unreachable, there were subtle issues around
error messages:
* `ParseIntError` didn't contain information whether the parsed object
is `Height` or `Time`.
* Logically overflow and out-of-bounds should be the same thing but
produced different error messages.
* Mentioning integers is too technical for a user, talking about upper
and lower bound is easier to understand.
* When minus sign is present `std` reports it as invalid digit which is
less helpful than saying negative numbers are not allowed.
It is also possible that `ParseIntError` will need to be removed from
public API during crate smashing or stabilization, so avoiding it may be
better.
This commit significantly refactors the errors. It adds separate types
for parsing `Height` and `Time`. Notice that we don't compose them from
`ParseIntError` and `ConversionError` - that's not helpful because they
carry information that wouldn't be used when displaying which is
wasteful. Keeping errors small can be important.
It's also worth noting that exposing the inner representation could
cause confusion since the same thing: out of bounds can be represented
as an overflow or as a conversion error. So for now we conservatively
hide the details and even pretend there's no `source` in case of
overflow. This can be expanded in the future if needed.
The returned errors are now minimal. `LockTime` parsing errors are
currentlly unchanged.
Make the trait level attributes uniform across all released crates in
the repo. Excludes things that are obviously not needed, eg, bench stuff
if there is not bench code.
- Remove `uninhabited_references` - this is allow by default now.
- Remove `unconditional_recursion` and mark the single false positive we
have with an `allow`.
Note, this does not add `missing_docs` to the `io` crate. There is an
open PR at the moment to add that along with the required docs.
bd4f14ee51 just: Reduce docs commands (Tobin C. Harding)
Pull request description:
`cargo --doc` works from the workspace root, no need to run the docs builds individually.
## More context
`cargo test` does not run docs tests if run from the workspace root as it does when run in a crate directory.
ACKs for top commit:
sanket1729:
utACK bd4f14ee51
Kixunil:
ACK bd4f14ee51
Tree-SHA512: f4003edcaf9bbc22cfcdcd142665fbb924b6a74af9145ee38d9f14275660e849d53b2f8d10ee45bf5b6c8e3b5123ead762da3fbc5f84714a55d2fe5273950270
13c8a709f1 Use nightly toolchain in pre-commit hook (Tobin C. Harding)
Pull request description:
We use the nightly toolchain to run `clippy` now, update the git pre-commit hook to mirror this.
ACKs for top commit:
apoelstra:
ACK 13c8a709f1
Tree-SHA512: 46700641b81a1e5a2e39ff67ca0d31afaedfb58e008bf453c13f0312b2c6936ae38c58548934cae40abc9de0dc1ec4ce4bba4b8142b204d774612bd9721679c9
dda83707a2 Use `unsigned_abs` instead of manual code (Martin Habovstiak)
Pull request description:
The code originally used `if` and incorrectly casted the value into `usize` rather than `u64`. This change replaces the whole thing with `unsigned_abs`.
Closes#1247
ACKs for top commit:
apoelstra:
ACK dda83707a2
tcharding:
ACK dda83707a2
Tree-SHA512: c57bf440705c69917206aab36bbbe5b048ed52d7a96ebd055416b8a249fc3f7ba32ebff3d2251b971e7ef999ff8169ac3db8e599ab38cf0776ecc030447a9a4a
ac26171c32 Clean up `no_std` usage (Martin Habovstiak)
fce03cec85 Provide `Amount` & co in no-alloc (Martin Habovstiak)
Pull request description:
Using the crate without allocation was previously disabled making the
crate empty without the feature. This chage makes it more fine-grained:
it only disables string and float conversions which use allocator. We
could later provide float conversions by using a sufficiently-long
`ArrayString`.
Note that this is API-breaking because we disallow calling the methods of the sealed `SerdeAmount` trait. However I think it should've been obvious that the thing is internal and calling them is not a great idea. (BTW I only learned this trick recently).
Closes#2389
ACKs for top commit:
apoelstra:
ACK ac26171c32 maaybe `private` should be renamed to `internal_api` or something
tcharding:
ACK ac26171c32
Tree-SHA512: 2ca2ff11c3c362f868c3993b5698ace32e6ce2cf2e8028bc43fe65797eb2239b4841c1c722a0184a7c8f4afea3b475b1a049dd77fa30358cb742d60463018e9f
The code originally used `if` and incorrectly casted the value into
`usize` rather than `u64`. This change replaces the whole thing with
`unsigned_abs`.
Closes#1247
61f8bab65f just: Add quick and dirty CI command (Tobin C. Harding)
e185fe46df just: Lint with nightly toolchain (Tobin C. Harding)
Pull request description:
Improve the `justfile` by doing:
- Update linter toolchain
- Add `just sane` to run a minimal set of checks/tests that can be used pre-push but is not as slow as using `DO_FEATURE_MATRIX=true contrib/test.sh`.
ACKs for top commit:
apoelstra:
ACK 61f8bab65f
Kixunil:
ACK 61f8bab65f
Tree-SHA512: 730874f0381db9ae30052ad6511805f76ae5c13c4c5cc5ad272430cf7e67cfbe7b288aa6dc47035ff5e8e42e03d3e4a3bf9d3e9a072c9aa922f9df62c43850b3
Previously the crate used negative reasoning to enable `std` which was
hard to understand, required the `prelude` module and wasn't really
needed because it's only needed when a crate wants to add `alloc`
feature-backwards compatibly and this crate always had the feature.
This cleans up usage to unconditionally use `#[no_std]` and then just
add `extern crate` on top as needed by activated features.
Using the crate without allocation was previously disabled making the
crate empty without the feature. This chage makes it more fine-grained:
it only disables string and float conversions which use allocator. We
could later provide float conversions by using a sufficiently-long
`ArrayString`.
Andrew Poelstra
josibake
Tobin C. Harding
harshit933
dependabot[bot]
Martin Habovstiak