Disable util::Result copying and assignment

ryanofsky commented at 7:09 pm on April 18, 2024: contributor

This PR just contains the first two commits of #25665.

It disables copying of util::Result objects because unnecessary copies are inefficient and not possible after #25665, which makes util::Result object move-only.

It disables the assignment operator and replaces it with an Update() method, because #25665 adds more information to util::Result objects (warning and error messages and failure values) and having an assignment operator that overwrites data instead of merging it would make it easy to accidentally erase existing information while trying to assign new information.

DrahtBot commented at 7:09 pm on April 18, 2024: contributor

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.

Type	Reviewers
ACK	stickies-v, furszy, achow101
Stale ACK	TheCharlatan

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

Reviewers, this pull request conflicts with the following ones:

#29936 (fuzz: wallet: add target for CreateTransaction by brunoerg)
#29700 (kernel, refactor: return error status on all fatal errors by ryanofsky)
#29442 (wallet: Target a pre-defined utxo set composition by adjusting change outputs by remyers)
#28984 (Cluster size 2 package rbf by instagibbs)
#28676 ([WIP] Cluster mempool implementation by sdaftuar)
#26022 (Add util::ResultPtr class by ryanofsky)
#25722 (refactor: Use util::Result class for wallet loading by ryanofsky)
#25665 (refactor: Add util::Result failure values, multiple error and warning messages by ryanofsky)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

in src/wallet/test/fuzz/coinselection.cpp:297 in 974b16b258 outdated

290@@ -291,7 +291,10 @@ FUZZ_TARGET(coinselection)
291     }
292 
293     std::vector<COutput> utxos;
294-    std::vector<util::Result<SelectionResult>> results{result_srd, result_knapsack, result_bnb};
295+    std::vector<util::Result<SelectionResult>> results;
296+    results.emplace_back(std::move(result_srd));
297+    results.emplace_back(std::move(result_knapsack));
298+    results.emplace_back(std::move(result_bnb));

stickies-v commented at 4:27 pm on April 19, 2024:

nit: Any reason not to just wrap the args in std::move? Seems like the more intuitive approach, and probably slightly more performant?

0    std::vector<util::Result<SelectionResult>> results {
1        std::move(result_srd), std::move(result_knapsack), std::move(result_bnb)
2    };

ryanofsky commented at 7:11 pm on April 19, 2024:

re: #29906 (review)

nit: Any reason not to just wrap the args in std::move? Seems like the more intuitive approach, and probably slightly more performant?

Agreed that’s much better. Applied suggestion.

ryanofsky commented at 4:48 pm on April 24, 2024:

re: #29906 (comment)

nit: Any reason not to just wrap the args in std::move? Seems like the more intuitive approach, and probably slightly more performant?

Actually this turns out not to work because std::initializer_list list does not work with move-only types. So unfortunately vector initialization needs to be a little more verbose. I updated the PR now to disable the util::Result move constructor to catch this and any related problems.

in src/wallet/spend.cpp:869 in 974b16b258 outdated

865@@ -866,7 +866,7 @@ util::Result<SelectionResult> AutomaticCoinSelection(const CWallet& wallet, Coin
866         if (CAmount total_amount = available_coins.GetTotalAmount() - total_discarded < value_to_select) {
867             // Special case, too-long-mempool cluster.
868             if (total_amount + total_unconf_long_chain > value_to_select) {
869-                return util::Result<SelectionResult>({_("Unconfirmed UTXOs are available, but spending them creates a chain of transactions that will be rejected by the mempool")});
870+                return util::Error{_("Unconfirmed UTXOs are available, but spending them creates a chain of transactions that will be rejected by the mempool")};

stickies-v commented at 4:34 pm on April 19, 2024:

nit: nice, but maybe best to clean up all 3 instances in one go?

 0diff --git a/src/wallet/spend.cpp b/src/wallet/spend.cpp
 1index 8b62cddb02..9a7e166e68 100644
 2--- a/src/wallet/spend.cpp
 3+++ b/src/wallet/spend.cpp
 4@@ -868,7 +868,7 @@ util::Result<SelectionResult> AutomaticCoinSelection(const CWallet& wallet, Coin
 5             if (total_amount + total_unconf_long_chain > value_to_select) {
 6                 return util::Error{_("Unconfirmed UTXOs are available, but spending them creates a chain of transactions that will be rejected by the mempool")};
 7             }
 8-            return util::Result<SelectionResult>(util::Error()); // General "Insufficient Funds"
 9+            return util::Error{}; // General "Insufficient Funds"
10         }
11 
12         // Walk-through the filters until the solution gets found.
13@@ -894,7 +894,7 @@ util::Result<SelectionResult> AutomaticCoinSelection(const CWallet& wallet, Coin
14 
15 
16         // General "Insufficient Funds"
17-        return util::Result<SelectionResult>(util::Error());
18+        return util::Error{};
19     }
20 }
21

ryanofsky commented at 7:11 pm on April 19, 2024:

re: #29906 (review)

nit: nice, but maybe best to clean up all 3 instances in one go?

Thanks! Applied patch

in src/util/result.h:93 in 974b16b258 outdated

84@@ -75,6 +85,9 @@ class Result
85     const T& operator*() const LIFETIMEBOUND { return value(); }
86     T* operator->() LIFETIMEBOUND { return &value(); }
87     T& operator*() LIFETIMEBOUND { return value(); }
88+
89+    //! Update this result by moving from another result object.
90+    Result& Update(Result&& other) LIFETIMEBOUND { return *this = std::move(other); }

stickies-v commented at 4:43 pm on April 19, 2024:

Update is a bit of an ambiguous name imo, it doesn’t clearly indicate if it means replacing or merging into the existing result. I think for this commit, where we can only overwrite the existing result, I think Replace would be better. For the next commits in #25665 where we actually add the merging functionality, I think Merge or Combine would be a better choice.

ryanofsky commented at 7:11 pm on April 19, 2024:

re: #29906 (review)

Update is a bit of an ambiguous name imo, it doesn’t clearly indicate if it means replacing or merging into the existing result. I think for this commit, where we can only overwrite the existing result, I think Replace would be better. For the next commits in #25665 where we actually add the merging functionality, I think Merge or Combine would be a better choice.

We could definitely have a Replace method in the future. The only reason I didn’t add one now is that so far after updating a lot of code to use the Result class in PR’s #29700 and #25722, I haven’t seen uses for a Replace method. If you think having a Replace() method would good to add here for a future use-case, or for the sake of completeness, I’d be happy to add it. However, I don’t think any changed lines here should be calling Replace() because they are just trying to update result values, not reset and replace the entire result object.

I did originally consider calling this method Merge instead of Update but I liked Update better for 2 reasons. First, I liked consistency with python’s dict.update method which takes fields from two different dict objects and combines them, just like this Update function does. Second, I think the name Merge would be misleading in the majority of cases where individual values are not merged, only different fields are combined, and new field values overwrite old values. ¹

Your suggestion Combine could also work instead of Update but I think is less clear syntactically. For example, I think a.Update(b) maps pretty well to “update object a with contents of object b”, but it’s less obvious what a.Combine(b) would be supposed to do.

It is true that with #25722, you can go out of your way to pass a custom type to util::Result and specialize ResultTraits so field values are merged when Update() is called. I haven’t seen cases where this is useful for success types, only for some failure types where multiple things can fail and you want to return information about all the failures. I think name Update is generic enough to cover atypical cases where values are merged without implying that values are merged typically. ↩︎

furszy commented at 1:11 pm on April 25, 2024:

q: why uppercase? Do you wanted to differentiate own functions vs standard ones?

ryanofsky commented at 2:54 pm on April 25, 2024:

re: #29906 (review)

Personally I think using lowercase for instance methods and uppercase for other methods and functions is good practice because it makes it obvious when you are passing an implicit this parameter to function calls. (It is useful for the same reason m_ prefixes are useful.) However, I got pushback when I tried to allow this in the style guide in #14635 so now I usually try to follow the guide.

stickies-v commented at 7:55 pm on April 25, 2024:

I haven’t seen uses for a Replace method.

I agree. The use cases I was thinking of should just be addressed with list initialization, so I think not implementing the method until we actually need it is the way to go, thanks.

Second, I think the name Merge would be misleading … only different fields are combined

That’s a good point, I agree Update > Merge

it’s less obvious what a.Combine(b) would be supposed to do

I don’t think I agree, but I do agree there’s no clear winner, so I’m happy to leave this as is.

stickies-v commented at 5:03 pm on April 19, 2024: contributor

Concept ACK, breaking it out in a smaller PR seems like a good idea, thanks.

I’m unsure about removing the assignment operator altogether. I think it’s good to be careful about footguns, but I’m worried about making the interface overly unintuitive.

Would it make sense to only merge another Result when using the Merge (currently called Update) method, and use the assignment operator to overwrite the current result? I think when people want to merge results, they’ll probably want to be explicit about that, and in other cases overwriting/clearing everything seems like expected behaviour?

laanwj added the label Refactoring on Apr 21, 2024

ryanofsky force-pushed on Apr 24, 2024

ryanofsky commented at 3:52 pm on April 24, 2024: contributor

Updated 974b16b2580f4f09c8936fbead96fdbee637cb14 -> c45cb13b9e4f6eae50ab6dc42acf471921980591 (pr/saferesult.1 -> pr/saferesult.2, compare) with suggestions

re: #29906#pullrequestreview-2011883406

I’m unsure about removing the assignment operator altogether. I think it’s good to be careful about footguns, but I’m worried about making the interface overly unintuitive.

We could add back a safer, more limited form of operator= in the future if not having it causes friction. I rewrote commit message to be clearer and mention that. But I think having a named Update() method should make it easier to figure out what code is doing and avoid mistakes.

Would it make sense to only merge another Result when using the Merge (currently called Update) method, and use the assignment operator to overwrite the current result? I think when people want to merge results, they’ll probably want to be explicit about that, and in other cases overwriting/clearing everything seems like expected behaviour?

Hmm, I’m actually not sure what this is suggesting. If there is a need to overwrite/clear results, IMO, the best way to do that would be to add a Reset() method. I haven’t seen an actual need to do that anywhere though. The intended use for Update is to be able to write code like:

0util::Result<SuccessType, FailureType> result;
1if (do_something()) {
2  result.Update(success_value);
3} else {
4  result.Update({util::Error{_("error message"), failure_value});
5}

ryanofsky force-pushed on Apr 24, 2024

ryanofsky commented at 7:20 pm on April 24, 2024: contributor

Updated c45cb13b9e4f6eae50ab6dc42acf471921980591 -> 66022315641934bda301d61f009dae9cb3b45da0 (pr/saferesult.2 -> pr/saferesult.3, compare) adding change to actually disable the copy constructor

TheCharlatan approved

TheCharlatan commented at 12:41 pm on April 25, 2024: contributor

ACK 66022315641934bda301d61f009dae9cb3b45da0

DrahtBot requested review from stickies-v on Apr 25, 2024

in src/qt/addresstablemodel.cpp:385 in d293d0ba52 outdated

376@@ -377,7 +377,7 @@ QString AddressTableModel::addRow(const QString &type, const QString &label, con
377                 editStatus = WALLET_UNLOCK_FAILURE;
378                 return QString();
379             }
380-            op_dest = walletModel->wallet().getNewDestination(address_type, strLabel);
381+            op_dest.Update(walletModel->wallet().getNewDestination(address_type, strLabel));
382             if (!op_dest) {
383                 editStatus = KEY_GENERATION_FAILURE;
384                 return QString();

furszy commented at 1:44 pm on April 25, 2024:

Not for this PR but.. we could remove this Update call pretty easily (e8a330584571bf0270c692676a57ebcf7d7c7697). We are calling getNewDestination twice only to verify if the wallet is locked or not.

ryanofsky commented at 2:54 pm on April 25, 2024:

re: #29906 (review)

It seems like the goal of the code is to get a new address without unlocking. But I haven’t looked into this. It definitely looks a little clumsy, though, because it isn’t actually using the error message that is returned.

furszy commented at 2:30 pm on April 25, 2024: member

ACK 6602231564

refactor: Drop util::Result operator=

`util::Result` objects are aggregates that can hold multiple fields with
different information. Currently Result objects can only hold a success value
of an arbitrary type or a single bilingual_str error message. In followup PR
https://github.com/bitcoin/bitcoin/pull/25722, Result objects may be able to
hold both success and failure values of different types, plus error and warning
messages.

Having a Result::operator= assignment operator that completely erases all
existing Result information before assigning new information is potentially
dangerous in this case. For example, code that looks like it is assigning a
warning value could erase previously-assigned success or failure values.
Conversely, code that looks like it is just assigning a success or failure
value could erase previously assigned error and warning messages.

To prevent potential bugs like this, disable Result::operator= assignment
operator.

It is possible in the future we may want to re-enable operator= in limited
cases (such as when implicit conversions are not used) or add a Replace() or
Reset() method that mimicks default operator= behavior. Followup PR
https://github.com/bitcoin/bitcoin/pull/25722 also adds a Result::Update()
method providing another way to update an existing Result object.

Co-authored-by: stickies-v <stickies-v@protonmail.com>

834f65e824

refactor: Avoid copying util::Result values

Copying util::Result values is less efficient than moving them because they
allocate memory and contain strings. Also this is needed to avoid compile
errors in https://github.com/bitcoin/bitcoin/pull/25722 which adds a
std::unique_ptr member to util::Result which implicity disables copying.

6a8b2befea

in src/init.cpp:996 in 6602231564 outdated

992@@ -993,7 +993,7 @@ bool AppInitParameterInteraction(const ArgsManager& args)
993     // ********************************************************* Step 3: parameter-to-internal-flags
994     auto result = init::SetLoggingCategories(args);
995     if (!result) return InitError(util::ErrorString(result));
996-    result = init::SetLoggingLevel(args);
997+    result.Update(init::SetLoggingLevel(args));

stickies-v commented at 7:24 pm on April 25, 2024:

I think using Update here is confusing and makes the code less clear.

 0diff --git a/src/init.cpp b/src/init.cpp
 1index 8cb593754c..678bb2a39c 100644
 2--- a/src/init.cpp
 3+++ b/src/init.cpp
 4@@ -991,10 +991,8 @@ bool AppInitParameterInteraction(const ArgsManager& args)
 5         InitWarning(strprintf(_("Reducing -maxconnections from %d to %d, because of system limitations."), nUserMaxConnections, nMaxConnections));
 6 
 7     // ********************************************************* Step 3: parameter-to-internal-flags
 8-    auto result = init::SetLoggingCategories(args);
 9-    if (!result) return InitError(util::ErrorString(result));
10-    result.Update(init::SetLoggingLevel(args));
11-    if (!result) return InitError(util::ErrorString(result));
12+    if (auto result{init::SetLoggingCategories(args)}; !result) return InitError(util::ErrorString(result));
13+    if (auto result{init::SetLoggingLevel(args)}; !result) return InitError(util::ErrorString(result));
14 
15     nConnectTimeout = args.GetIntArg("-timeout", DEFAULT_CONNECT_TIMEOUT);
16     if (nConnectTimeout <= 0) {

ryanofsky commented at 9:02 pm on April 25, 2024:

re: #29906 (review)

Thanks, applied patch

in src/test/mempool_tests.cpp:263 in 6602231564 outdated

259@@ -260,7 +260,7 @@ BOOST_AUTO_TEST_CASE(MempoolIndexingTest)
260     tx10.vout[0].scriptPubKey = CScript() << OP_11 << OP_EQUAL;
261     tx10.vout[0].nValue = 10 * COIN;
262 
263-    ancestors_calculated = pool.CalculateMemPoolAncestors(entry.Fee(200000LL).Time(NodeSeconds{4s}).FromTx(tx10), CTxMemPool::Limits::NoLimits());
264+    ancestors_calculated.Update(pool.CalculateMemPoolAncestors(entry.Fee(200000LL).Time(NodeSeconds{4s}).FromTx(tx10), CTxMemPool::Limits::NoLimits()));

stickies-v commented at 7:29 pm on April 25, 2024:

I don’t think Update is appropriate here, would e.g. use:

 0diff --git a/src/test/mempool_tests.cpp b/src/test/mempool_tests.cpp
 1index 2858494625..41ffb76762 100644
 2--- a/src/test/mempool_tests.cpp
 3+++ b/src/test/mempool_tests.cpp
 4@@ -202,9 +202,11 @@ BOOST_AUTO_TEST_CASE(MempoolIndexingTest)
 5     tx7.vout[1].scriptPubKey = CScript() << OP_11 << OP_EQUAL;
 6     tx7.vout[1].nValue = 1 * COIN;
 7 
 8-    auto ancestors_calculated{pool.CalculateMemPoolAncestors(entry.Fee(2000000LL).FromTx(tx7), CTxMemPool::Limits::NoLimits())};
 9-    BOOST_REQUIRE(ancestors_calculated.has_value());
10-    BOOST_CHECK(*ancestors_calculated == setAncestors);
11+    {
12+        auto ancestors_calculated{pool.CalculateMemPoolAncestors(entry.Fee(2000000LL).FromTx(tx7), CTxMemPool::Limits::NoLimits())};
13+        BOOST_REQUIRE(ancestors_calculated.has_value());
14+        BOOST_CHECK(*ancestors_calculated == setAncestors);
15+    }
16 
17     pool.addUnchecked(entry.FromTx(tx7), setAncestors);
18     BOOST_CHECK_EQUAL(pool.size(), 7U);
19@@ -260,9 +262,12 @@ BOOST_AUTO_TEST_CASE(MempoolIndexingTest)
20     tx10.vout[0].scriptPubKey = CScript() << OP_11 << OP_EQUAL;
21     tx10.vout[0].nValue = 10 * COIN;
22 
23-    ancestors_calculated.Update(pool.CalculateMemPoolAncestors(entry.Fee(200000LL).Time(NodeSeconds{4s}).FromTx(tx10), CTxMemPool::Limits::NoLimits()));
24-    BOOST_REQUIRE(ancestors_calculated);
25-    BOOST_CHECK(*ancestors_calculated == setAncestors);
26+    {
27+        auto ancestors_calculated{pool.CalculateMemPoolAncestors(entry.Fee(200000LL).Time(NodeSeconds{4s}).FromTx(tx10), CTxMemPool::Limits::NoLimits())};
28+        BOOST_REQUIRE(ancestors_calculated);
29+        BOOST_CHECK(*ancestors_calculated == setAncestors);
30+    }
31+
32 
33     pool.addUnchecked(entry.FromTx(tx10), setAncestors);
34

ryanofsky commented at 9:02 pm on April 25, 2024:

re: #29906 (review)

Thanks, applied patch

in src/wallet/test/fuzz/notifications.cpp:113 in 6602231564 outdated

107@@ -108,9 +108,9 @@ struct FuzzedWallet {
108         auto type{fuzzed_data_provider.PickValueInArray(OUTPUT_TYPES)};
109         util::Result<CTxDestination> op_dest{util::Error{}};
110         if (fuzzed_data_provider.ConsumeBool()) {
111-            op_dest = wallet->GetNewDestination(type, "");
112+            op_dest.Update(wallet->GetNewDestination(type, ""));
113         } else {
114-            op_dest = wallet->GetNewChangeDestination(type);
115+            op_dest.Update(wallet->GetNewChangeDestination(type));

stickies-v commented at 7:39 pm on April 25, 2024:

Alternative approach without Update:

 0diff --git a/src/wallet/test/fuzz/notifications.cpp b/src/wallet/test/fuzz/notifications.cpp
 1index d0b06b726e..d9b4cdfdf2 100644
 2--- a/src/wallet/test/fuzz/notifications.cpp
 3+++ b/src/wallet/test/fuzz/notifications.cpp
 4@@ -106,13 +106,12 @@ struct FuzzedWallet {
 5     CTxDestination GetDestination(FuzzedDataProvider& fuzzed_data_provider)
 6     {
 7         auto type{fuzzed_data_provider.PickValueInArray(OUTPUT_TYPES)};
 8-        util::Result<CTxDestination> op_dest{util::Error{}};
 9         if (fuzzed_data_provider.ConsumeBool()) {
10-            op_dest.Update(wallet->GetNewDestination(type, ""));
11+            return *Assert(wallet->GetNewDestination(type, ""));
12         } else {
13-            op_dest.Update(wallet->GetNewChangeDestination(type));
14+            return *Assert(wallet->GetNewChangeDestination(type));
15         }
16-        return *Assert(op_dest);
17+        assert(false);
18     }
19     CScript GetScriptPubKey(FuzzedDataProvider& fuzzed_data_provider) { return GetScriptForDestination(GetDestination(fuzzed_data_provider)); }
20     void FundTx(FuzzedDataProvider& fuzzed_data_provider, CMutableTransaction tx)

ryanofsky commented at 9:02 pm on April 25, 2024:

re: #29906 (review)

Thanks, applied patch

in src/wallet/test/spend_tests.cpp:105 in 6602231564 outdated

101@@ -102,7 +102,7 @@ BOOST_FIXTURE_TEST_CASE(wallet_duplicated_preset_inputs_test, TestChain100Setup)
102 
103     // Second case, don't use 'subtract_fee_from_outputs'.
104     recipients[0].fSubtractFeeFromAmount = false;
105-    res_tx = CreateTransaction(*wallet, recipients, /*change_pos=*/std::nullopt, coin_control);
106+    res_tx.Update(CreateTransaction(*wallet, recipients, /*change_pos=*/std::nullopt, coin_control));

stickies-v commented at 7:46 pm on April 25, 2024:

And also here, I think Update is confusing and can e.g. be simplified with:

 0diff --git a/src/wallet/test/spend_tests.cpp b/src/wallet/test/spend_tests.cpp
 1index 640e63903a..963c0f838b 100644
 2--- a/src/wallet/test/spend_tests.cpp
 3+++ b/src/wallet/test/spend_tests.cpp
 4@@ -97,13 +97,11 @@ BOOST_FIXTURE_TEST_CASE(wallet_duplicated_preset_inputs_test, TestChain100Setup)
 5     // so that the recipient's amount is no longer equal to the user's selected target of 299 BTC.
 6 
 7     // First case, use 'subtract_fee_from_outputs=true'
 8-    util::Result<CreatedTransactionResult> res_tx = CreateTransaction(*wallet, recipients, /*change_pos=*/std::nullopt, coin_control);
 9-    BOOST_CHECK(!res_tx.has_value());
10+    BOOST_CHECK(!CreateTransaction(*wallet, recipients, /*change_pos=*/std::nullopt, coin_control));
11 
12     // Second case, don't use 'subtract_fee_from_outputs'.
13     recipients[0].fSubtractFeeFromAmount = false;
14-    res_tx.Update(CreateTransaction(*wallet, recipients, /*change_pos=*/std::nullopt, coin_control));
15-    BOOST_CHECK(!res_tx.has_value());
16+    BOOST_CHECK(!CreateTransaction(*wallet, recipients, /*change_pos=*/std::nullopt, coin_control));
17 }
18 
19 BOOST_AUTO_TEST_SUITE_END()

ryanofsky commented at 9:02 pm on April 25, 2024:

re: #29906 (review)

Thanks, applied patch

stickies-v commented at 8:11 pm on April 25, 2024: contributor

Approach ACK, code LGTM 66022315641934bda301d61f009dae9cb3b45da0 with some non-blocking suggestions.

We could add back a safer, more limited form of operator= in the future if not having it causes friction.

I made my previous comment because I thought there are some instances of somewhat awkward Update usage in this PR. The majority of util::Result usage is/should probably not require Update() at all, because we’re just returning either a success value or an error string. But, in those simple cases, we should just use list initialization, imo, and not assignment initialization. So, I’ve left a couple of code comments that remove all the instances I find awkward.

The intended use for Update is to be able to write code like: …

Hmmm. In the code example you give, I’d find assignment much more intuitive, since the goal doesn’t seem to be combining results. If Update() is aimed to be used exclusively (?) when we intend to combine results, doesn’t that make for a more clear interface?

ryanofsky commented at 8:49 pm on April 25, 2024: contributor

Thanks @stickies-v, I agree with your suggestions to avoid updating existing Result objects where possible and will apply them.

But I wonder if there are is anything else I can do to help make the interface more intuitive though. I’m not exactly clear on why it is not intuitive currently. A few places you mentioned “Update here is confusing” but I don’t understand why it is confusing. Saying result.Update(success_value) is just meant to update the result object with a success value while keeping other result data intact. Saying result.Update({util::Error{_("error message"), failure_value}); is meant to update the result object with an error message and failure value, again keeping other result data intact.

I think it’s very similar to python dict.update function where if you start with an existing dictionary:

0d = {'a': 1, 'b': 2, 'c': 3}

and call the update method with new values:

0d.update({'a': 4, 'd': 5})

And the dictionary will be updated with the new values overwriting the old ones:

0{'a': 4, 'b': 2, 'c': 3, 'd': 5}

In the code example you give, I’d find assignment much more intuitive, since the goal doesn’t seem to be combining results. If Update() is aimed to be used exclusively (?) when we intend to combine results, doesn’t that make for a more clear interface?

Update is just intended to update some data in a result object without necessarily erasing other data in the result object. Assigning is conceptually different and would imply that result being assigned to would be cleared and completely replaced by value being assigned. In this PR, the result object only has two mutually exclusive fields (success value and error string), so assigning and updating are the same thing. In #25665, result objects contain more fields so assigning and updating are different things.

ryanofsky force-pushed on Apr 25, 2024

ryanofsky commented at 9:10 pm on April 25, 2024: contributor

Updated 66022315641934bda301d61f009dae9cb3b45da0 -> 4fb08c28ba0f14782fdab4ac54387aae0aba82ed (pr/saferesult.3 -> pr/saferesult.4, compare) with suggested changes using new result objects to avoid updating existing ones where possible Update 4fb08c28ba0f14782fdab4ac54387aae0aba82ed -> 88aa093356ff142efe60df989323eb1ed1aa9e18 (pr/saferesult.4 -> pr/saferesult.5, compare) with no changes overall, just moving changes out of first commit that belonged in second commit

ryanofsky force-pushed on Apr 25, 2024

stickies-v commented at 9:34 pm on April 25, 2024: contributor

Sorry, I’ve been doing a poor job explaining myself. I am fully onboard with how Update works. When I used the word “confusion”, I was talking about usage, not interface*. Prior to this push, Update() was used in a couple of places where we know or expect the Result to be empty, and in those case I think we should just be explicit about that and use list initialization. When I see result.Update() being called, I have to look up which values are in result already and ensure that’s correct, whereas with auto result{...}; I know right away that we’re starting from an empty result.

To stick with the python analogy: using update when we know or expect a to be an empty dictionary, is imo an anti-pattern and should be avoided.

0a = {}
1// do some logic to calculate `value`
2a.update({1: value})

Instead, it is much clearer to use assignment, so the reader doesn’t have to figure out which values a held already.

0// do some logic to calculate `value`
1a = {1: value}

In short: I think it would be helpful if we only use result.Update() when result (potentially) has had fields set already, and use list initialization (or if necessary assignment initialization) for when we know (and thus enforce that) result is empty. This is also the concern I had with the code example at the end of this comment.

I hope I did a better job explaining myself, but otherwise I’m happy to talk about it more offline to not pollute this PR more.

well, except for making sure the method names align with how we intend people to use them, hence my earlier renaming suggestions.

ryanofsky force-pushed on Apr 26, 2024

ryanofsky commented at 1:11 am on April 26, 2024: contributor

Rebased 88aa093356ff142efe60df989323eb1ed1aa9e18 -> 0cbcb66257db65f0a68d82d17a2d1a83d8654b38 (pr/saferesult.5 -> pr/saferesult.6, compare) dropping Result::Update() method in this PR, and last 2 uses of it. Update 0cbcb66257db65f0a68d82d17a2d1a83d8654b38 -> e1be443315be6ba6c80267e0e6be59deee77de50 (pr/saferesult.6 -> pr/saferesult.7, compare) just changing a commit message to no longer mention Result::Update().

re: #29906 (comment)

Thanks for clarifying. I think we might disagree whether certain uses of an update function would be antipatterns, but I completely agree with all the code changes you suggested, and that in general if you have a choice between initializing values once or letting them change over time, you should prefer initializing them once so there’s less changing state to reason about. I also looked at remaining two update calls in this PR, and thought they both were not good uses, so I removed them as well.

My update example was very simple because I wanted to show minimal code that demonstrated how to use the update function, but the code was probably too simple to demonstrate why you would want to use it. The use-case for update is when you have a function that is performing multiple operations and you want to accumulate warnings and errors from all the operations and return them. Examples would be the BlockManager::SaveBlockToDisk function from #29700 or the CompleteChainstateInitialization function from #25665. I think these are reasonable uses of the update function, but it’s possible there could be better ways to write this code, and you might have another idea what it should look like.

ryanofsky force-pushed on Apr 26, 2024

in src/test/mempool_tests.cpp:270 in e1be443315 outdated

268+    {
269+        auto ancestors_calculated{pool.CalculateMemPoolAncestors(entry.Fee(200000LL).Time(NodeSeconds{4s}).FromTx(tx10), CTxMemPool::Limits::NoLimits())};
270+        BOOST_REQUIRE(ancestors_calculated);
271+        BOOST_CHECK(*ancestors_calculated == setAncestors);
272+    }
273+

stickies-v commented at 12:55 pm on April 26, 2024:

nit: unnecessary extra newline

ryanofsky commented at 10:11 pm on April 26, 2024:

re: #29906 (review)

nit: unnecessary extra newline

Thanks, removed

stickies-v approved

stickies-v commented at 1:23 pm on April 26, 2024: contributor

ACK e1be443315be6ba6c80267e0e6be59deee77de50

The use-case for update is when you have a function that is performing multiple operations and you want to accumulate warnings and errors from all the operations and return them.

I agree, and from what I’ve seen so far, I would prefer that to be the only use-case.

I also looked at remaining two update calls in this PR, and thought they both were not good uses, so I removed them as well.

Ah, nice one. Given that chaining results is not actually implemented yet, it makes sense that there should be no existing usage of Update in these first commits. I looked at the initial implementation of these 2 new updates to make sure we’re not missing anything and indeed, chaining is not relevant.

I’ve posted my response to the second part of your comment about Update() usage on #25665, since Update() is no longer in this PR.

DrahtBot requested review from TheCharlatan on Apr 26, 2024

DrahtBot requested review from furszy on Apr 26, 2024

in src/wallet/test/fuzz/notifications.cpp:114 in e1be443315 outdated

113         } else {
114-            op_dest = wallet->GetNewChangeDestination(type);
115+            return *Assert(wallet->GetNewChangeDestination(type));
116         }
117-        return *Assert(op_dest);
118+        assert(false);

maflcko commented at 1:27 pm on April 26, 2024:

nit: Is this line needed?

ryanofsky commented at 10:14 pm on April 26, 2024:

re: #29906 (review)

nit: Is this line needed?

Nope, dropped this

in src/validation.cpp:974 in 616572cbb4 outdated

970@@ -970,11 +971,13 @@ bool MemPoolAccept::PreChecks(ATMPArgs& args, Workspace& ws)
971         if (ws.m_vsize > EXTRA_DESCENDANT_TX_SIZE_LIMIT) {
972             return state.Invalid(TxValidationResult::TX_MEMPOOL_POLICY, "too-long-mempool-chain", error_message);
973         }
974-        ancestors = m_pool.CalculateMemPoolAncestors(*entry, cpfp_carve_out_limits);
975-        if (!ancestors) return state.Invalid(TxValidationResult::TX_MEMPOOL_POLICY, "too-long-mempool-chain", error_message);
976+        if (auto ancestors{m_pool.CalculateMemPoolAncestors(*entry, cpfp_carve_out_limits)}) {

furszy commented at 1:54 pm on April 26, 2024:

This should be shadowing the previous ancestors variable (why the compiler isn’t complaining about this?). The else path can also access the variable when it is declared inside the if statement.

ryanofsky commented at 2:20 pm on April 26, 2024:

This should be shadowing the previous ancestors variable (why the compiler isn’t complaining about this?). The else path can also access the variable when it is declared inside the if statement.

I can rename the variable to something else if you have a suggestion. Shadowing is also present in the qt/addresstablemodel.cpp change. The shadowing is intended, and I don’t think shadowing in cases like these is necessarily bad. I think shadowing is sometimes better than having multiple similarly-named variables that could be confused and lead to bugs when the wrong variable is used.

furszy commented at 2:35 pm on April 26, 2024:

I guess the “issue” is how people reading this in the future would differentiate an intended shadowing from an unintended one.-Wshadow will output a warning for this. Adding a special suppression tag just for this seems excessive to me.

But, in any case, it’s not a big deal if you don’t think it’s worth it. I also don’t think this is a problem anyway.

ryanofsky commented at 10:14 pm on April 26, 2024:

re: #29906 (review)

But, in any case, it’s not a big deal if you don’t think it’s worth it. I also don’t think this is a problem anyway.

I’m happy to go with any suggestion. I don’t see shadowing as a problem in all cases, so this is just the best way to write the code that I could think of.

ryanofsky commented at 2:19 pm on April 30, 2024:

re: #29906 (review)

I’m happy to go with any suggestion. I don’t see shadowing as a problem in all cases, so this is just the best way to write the code that I could think of.

Not sure why I couldn’t think of a good way to write this without shadowing last week. But added _retry suffixes now so the code should be clearer and shadowing should be gone :sunglasses:

DrahtBot requested review from furszy on Apr 26, 2024

achow101 commented at 6:37 pm on April 26, 2024: member

ACK e1be443315be6ba6c80267e0e6be59deee77de50

in src/util/result.h:50 in e1be443315 outdated

45+    //! Disallow operator= to avoid confusion in the future when the Result
46+    //! class gains support for richer error reporting, and callers should have
47+    //! ability to set a new result value without clearing existing error
48+    //! messages.
49+    Result& operator=(const Result&) = default;
50+    Result& operator=(Result&&) = default;

achow101 commented at 6:47 pm on April 26, 2024:

Can you briefly explain why these operator= are made private as opposed to deleting them?

ryanofsky commented at 10:11 pm on April 26, 2024:

re: #29906 (review)

Can you briefly explain why these operator= are made private as opposed to deleting them?

Changed these to delete. The default operators were needed in an earlier version of the PR which had an Update() method which called them privately.

ryanofsky force-pushed on Apr 26, 2024

ryanofsky commented at 10:38 pm on April 26, 2024: contributor

Updated e1be443315be6ba6c80267e0e6be59deee77de50 -> 9552619961049d7673f84c40917b0385be70b782 (pr/saferesult.7 -> pr/saferesult.8, compare) with small suggested cleanups

stickies-v commented at 2:12 pm on April 27, 2024: contributor

Re-ACK 9552619961049d7673f84c40917b0385be70b782 , just addressing nits, no other changes

DrahtBot requested review from achow101 on Apr 27, 2024

furszy commented at 12:37 pm on April 29, 2024: member

ACK 9552619961049d7673f84c40917b0385be70b782

TheCharlatan approved

TheCharlatan commented at 2:03 pm on April 30, 2024: contributor

ACK 9552619961049d7673f84c40917b0385be70b782

ryanofsky force-pushed on Apr 30, 2024

ryanofsky commented at 2:23 pm on April 30, 2024: contributor

Updated 9552619961049d7673f84c40917b0385be70b782 -> 6a8b2befeab25e4e92d8e947a23e78014695e06c (pr/saferesult.8 -> pr/saferesult.9, compare) tweaking variables to avoid shadowing

stickies-v commented at 2:54 pm on April 30, 2024: contributor

re-ACK 6a8b2befeab25e4e92d8e947a23e78014695e06c

DrahtBot requested review from furszy on Apr 30, 2024

DrahtBot requested review from TheCharlatan on Apr 30, 2024

furszy commented at 3:02 pm on April 30, 2024: member

re-ACK https://github.com/bitcoin/bitcoin/commit/6a8b2befeab25e4e92d8e947a23e78014695e06c

achow101 commented at 4:04 pm on April 30, 2024: member

ACK 6a8b2befeab25e4e92d8e947a23e78014695e06c

achow101 merged this on Apr 30, 2024

achow101 closed this on Apr 30, 2024

Fabcien referenced this in commit da3ee832f6 on Apr 23, 2025

bitcoin locked this on Apr 30, 2025

Disable util::Result copying and assignment #29906

Code Coverage

Reviews

Conflicts