test,refactor: extract script template helpers & widen sigop count coverage #32729

l0rinc commented at 2:44 PM on June 11, 2025: contributor

Summary

This PR extracts a set of cheap, inline helpers for recognizing the most common script templates, clarifies the definition of valid op-codes for pre-Taproot scripts, and splits the existing "deserialize + check-block" benchmark into three orthogonal micro-benchmarks.
The change is behavior-neutral for consensus and policy - every modified call-site performs the same checks as before, just through clearer helper functions.

Context

While working on GetSigOpCount optimizations for known script templates I noticed that feature-test coverage was thin for this code path.
This PR therefore adds tests for error cases (malformed push-data encodings) and for the expected sigop totals of the various script templates (including edge cases like a sigop after an OP_RETURN).

Given the difficulty of reviewing the original optimizations themselves, I split all test / benchmark work into this standalone PR.
The recent burst of sigops related refactor activity (#31624, #32521, #32533) underlines the need for extra safety.

The refactors here eliminate magic numbers, deduplicate template checks, and lay groundwork for future performance work.

Structure

Benchmarks - first commits separate deserialization+hashing, validation, and sigop counting so each cost can be measured independently.
Template helpers - tiny, mechanical commits move each script-template check into script.h, replace all ad-hoc byte-checks, and add tests where necessary.
Tests - a full script-test suite covering malformed PUSHDATA sequences and the pre-taproot / accurate sigop totals for every standard template.
pre-taproot opcode ceiling - documents, enforces, and tests that OP_CHECKSIGADD > MAX_OPCODE.
Extra fuzzing - enabled all possible opcodes in ConsumeOpcodeType

DrahtBot commented at 2:44 PM on June 11, 2025: contributor

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32729.

Reviews

See the guideline for information on the review process.

Type	Reviewers
Stale ACK	ryanofsky, hodlinator

If your review is incorrectly listed, please copy-paste <code></code> into the comment that the bot should ignore.

Conflicts

Reviewers, this pull request conflicts with the following ones:

#35025 (refactor: use SpanReader in deserialization benchmarks by l0rinc)
#32554 (bench: replace embedded raw block with configurable block generator by l0rinc)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

l0rinc renamed this:
~~test,refactor: sigops~~
test: extract script template helpers & widen sigop count coverage
on Jun 11, 2025

DrahtBot added the label Tests on Jun 11, 2025

l0rinc renamed this:
~~test: extract script template helpers & widen sigop count coverage~~
test,refactor: extract script template helpers & widen sigop count coverage
on Jun 11, 2025

l0rinc marked this as ready for review on Jun 11, 2025

DrahtBot added the label Needs rebase on Jun 11, 2025

l0rinc force-pushed on Jun 12, 2025

DrahtBot removed the label Needs rebase on Jun 12, 2025

DrahtBot added the label CI failed on Jul 21, 2025

DrahtBot commented at 10:23 AM on July 21, 2025: contributor

🚧 At least one of the CI tasks failed. Task tidy: https://github.com/bitcoin/bitcoin/runs/43965124848 LLM reason (✨ experimental): The failure is caused by a compilation error in policy.cpp where a boolean value is incorrectly passed to a function expecting a CScript reference.

<details><summary>Hints</summary>

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

</details>

l0rinc force-pushed on Jul 21, 2025

l0rinc commented at 7:58 PM on July 21, 2025: contributor

Rebased after https://github.com/bitcoin/bitcoin/pull/32521/files#diff-ea6d307faa4ec9dfa5abcf6858bc19603079f2b8e110e1d62da4df98f4bdb9c0R184

DrahtBot removed the label CI failed on Jul 22, 2025

l0rinc force-pushed on Jul 28, 2025

l0rinc commented at 8:42 PM on July 28, 2025: contributor

Rebased after #32279 - updating the tests with the new convenience template helpers instead of using Solver for them. Ready for review again.

in src/script/script.h:None in 06cb252c82 outdated

 533 | @@ -534,7 +534,7 @@ class CScript : public CScriptBase
 534 |       * counted more accurately, assuming they are of the form
 535 |       *  ... OP_N CHECKMULTISIG ...
 536 |       */
 537 | -    unsigned int GetSigOpCount(bool fAccurate) const;
 538 | +    unsigned int GetLegacySigOpCount(bool fAccurate) const;

ryanofsky commented at 12:22 AM on August 5, 2025:

In commit "refactor: rename GetSigOpCount to GetLegacySigOpCount" (06cb252c8285746737e3385886da2efd1ab41f5a)

I like getting rid of this overload, but I found the code here very confusing before this change, and I think renaming this to GetLegacySigOpCount makes the confusion worse because this method is not acting like a legacy function when it's called with fAccurate = true. At first I though you might have been using legacy here to mean "pre-segwit" which is different than the way the GetLegacySigOpCount(CTransaction) uses legacy to mean "pre-p2sh". But after noticing this is also called by the segwit WitnessSigOps function, I don't see how the term "legacy" even applies here at all.

I think I would suggest renaming this to CountSigOps to be consistent with the CountWitnessSigOps function, and giving it better documentation. I also think the other overload should be a standalone function not a CScript method because it is not really using the CScript.

I think a change like the one below could be a lot clearer:

--- a/src/consensus/tx_verify.cpp
+++ b/src/consensus/tx_verify.cpp
@@ -113,10 +113,10 @@ unsigned int GetLegacySigOpCount(const CTransaction& tx)
 {
     unsigned int nSigOps = 0;
     for (const auto& txin : tx.vin) {
-        nSigOps += txin.scriptSig.GetLegacySigOpCount(/*fAccurate=*/false);
+        nSigOps += txin.scriptSig.CountSigOps(/*fAccurate=*/false);
     }
     for (const auto& txout : tx.vout) {
-        nSigOps += txout.scriptPubKey.GetLegacySigOpCount(/*fAccurate=*/false);
+        nSigOps += txout.scriptPubKey.CountSigOps(/*fAccurate=*/false);
     }
     return nSigOps;
 }
@@ -133,7 +133,7 @@ unsigned int GetP2SHSigOpCount(const CTransaction& tx, const CCoinsViewCache& in
         assert(!coin.IsSpent());
         const CTxOut &prevout = coin.out;
         if (prevout.scriptPubKey.IsPayToScriptHash())
-            nSigOps += prevout.scriptPubKey.GetSigOpCount(tx.vin[i].scriptSig);
+            nSigOps += CountP2SHSigOps(tx.vin[i].scriptSig);
     }
     return nSigOps;
 }
--- a/src/policy/policy.cpp
+++ b/src/policy/policy.cpp
@@ -181,8 +181,11 @@ static bool CheckSigopsBIP54(const CTransaction& tx, const CCoinsViewCache& inpu
         // `fAccurate` means correctly accounting sigops for CHECKMULTISIGs(VERIFY) with 16 pubkeys
         // or fewer. This method of accounting was introduced by BIP16, and BIP54 reuses it.
         // The GetSigOpCount call on the previous scriptPubKey counts both bare and P2SH sigops.
-        sigops += txin.scriptSig.GetLegacySigOpCount(/*fAccurate=*/true);
-        sigops += prev_txo.scriptPubKey.GetSigOpCount(txin.scriptSig);
+        sigops += txin.scriptSig.CountSigOps(/*fAccurate=*/true);
+        sigops += prev_txo.scriptPubKey.CountSigOps(/*fAccurate=*/true);
+        if (prev_txo.scriptPubKey.IsPayToScriptHash()) {
+           sigops += CountP2SHSigOps(txin.scriptSig);
+        }
 
         if (sigops > MAX_TX_LEGACY_SIGOPS) {
             return false;
@@ -239,7 +242,7 @@ bool AreInputsStandard(const CTransaction& tx, const CCoinsViewCache& mapInputs)
             if (stack.empty())
                 return false;
             CScript subscript(stack.back().begin(), stack.back().end());
-            if (subscript.GetLegacySigOpCount(/*fAccurate=*/true) > MAX_P2SH_SIGOPS) {
+            if (subscript.CountSigOps(/*fAccurate=*/true) > MAX_P2SH_SIGOPS) {
                 return false;
             }
         }
--- a/src/script/interpreter.cpp
+++ b/src/script/interpreter.cpp
@@ -2084,7 +2084,7 @@ size_t static WitnessSigOps(int witversion, const std::vector<unsigned char>& wi
 
         if (witprogram.size() == WITNESS_V0_SCRIPTHASH_SIZE && witness.stack.size() > 0) {
             CScript subscript(witness.stack.back().begin(), witness.stack.back().end());
-            return subscript.GetLegacySigOpCount(/*fAccurate=*/true);
+            return subscript.CountSigOps(/*fAccurate=*/true);
         }
     }
 
--- a/src/script/script.cpp
+++ b/src/script/script.cpp
@@ -156,7 +156,7 @@ std::string GetOpName(opcodetype opcode)
     }
 }
 
-unsigned int CScript::GetLegacySigOpCount(bool fAccurate) const
+unsigned int CScript::CountSigOps(bool fAccurate) const
 {
     unsigned int n = 0;
     const_iterator pc = begin();
@@ -180,15 +180,12 @@ unsigned int CScript::GetLegacySigOpCount(bool fAccurate) const
     return n;
 }
 
-unsigned int CScript::GetSigOpCount(const CScript& scriptSig) const
+unsigned int CountP2SHSigOps(const CScript& scriptSig)
 {
-    if (!IsPayToScriptHash())
-        return GetLegacySigOpCount(/*fAccurate=*/true);
-
     // This is a pay-to-script-hash scriptPubKey;
     // get the last item that the scriptSig
     // pushes onto the stack:
-    const_iterator pc = scriptSig.begin();
+    CScript::const_iterator pc = scriptSig.begin();
     std::vector<unsigned char> vData;
     while (pc < scriptSig.end())
     {
@@ -201,7 +198,7 @@ unsigned int CScript::GetSigOpCount(const CScript& scriptSig) const
 
     /// ... and return its opcount:
     CScript subscript(vData.begin(), vData.end());
-    return subscript.GetLegacySigOpCount(/*fAccurate=*/true);
+    return subscript.CountSigOps(/*fAccurate=*/true);
 }
 
 bool CScript::IsPayToAnchor() const
--- a/src/script/script.h
+++ b/src/script/script.h
@@ -528,19 +528,20 @@ public:
     }
 
     /**
-     * Pre-version-0.6, Bitcoin always counted CHECKMULTISIGs
-     * as 20 sigops. With pay-to-script-hash, that changed:
-     * CHECKMULTISIGs serialized in scriptSigs are
-     * counted more accurately, assuming they are of the form
-     *  ... OP_N CHECKMULTISIG ...
-     */
-    unsigned int GetLegacySigOpCount(bool fAccurate) const;
-
-    /**
-     * Accurately count sigOps, including sigOps in
-     * pay-to-script-hash transactions:
-     */
-    unsigned int GetSigOpCount(const CScript& scriptSig) const;
+    * Count the number of signature operations (sigops) in this script.
+    *
+    * The fAccurate parameter controls how sigops are counted for CHECKMULTISIG
+    * operations. Set fAccurate = true when analyzing P2SH redeem scripts or
+    * SegWit witness scripts, and false when analyzing scriptPubKeys or
+    * scriptSigs.
+    *
+    * Historically, Bitcoin always counted each CHECKMULTISIG as 20 sigops
+    * (MAX_PUBKEYS_PER_MULTISIG), regardless of the number of pubkeys. Starting
+    * with P2SH in version 0.6, CHECKMULTISIG operations inside wrapped scripts
+    * began to be counted more precisely, using the preceding OP_N opcode to
+    * determine the number of pubkeys and thus the number of sigops.
+    */
+    unsigned int CountSigOps(bool fAccurate) const;
 
     /*
      * OP_1 <0x4e73>
@@ -606,6 +607,15 @@ public:
     explicit CScriptID(const uint160& in) : BaseHash(in) {}
 };
 
+/**
+ * Count the number of signature operations (sigops) in a P2SH scriptSig.
+ *
+ * If the scriptSig contains a SegWit redeem script (i.e., a P2SH-P2WPKH or
+ * P2SH-P2WSH script), this function counts only the non-SegWit sigops.
+ * To count SegWit sigops in such cases, use CountWitnessSigOps.
+ */
+unsigned int CountP2SHSigOps(const CScript& scriptSig);unsigned int CountP2SHSigOps(const CScript& scriptSig);
+
 /** Test for OP_SUCCESSx opcodes as defined by BIP342. */
 bool IsOpSuccess(const opcodetype& opcode);

</details>

l0rinc commented at 2:22 AM on August 5, 2025:

Thanks, love the inlining of GetSigOpCount (bothered me, too - it's a lot clearer this way), and the new CountSigOps name as well. Added your comments (+ you as co-author, of course) and adjusted all the tests, now that CountSigOps is separated from CountP2SHSigOps: https://github.com/bitcoin/bitcoin/compare/6bf4c8d48f61089254532b065d9ca8e1c2bf6868..f8208e92bd103359f8c3ceb3361eb7904099e994

Edit: note, that instead of

-        sigops += prev_txo.scriptPubKey.GetSigOpCount(txin.scriptSig);
+        sigops += prev_txo.scriptPubKey.CountSigOps(/*fAccurate=*/true);
+        if (prev_txo.scriptPubKey.IsPayToScriptHash()) {
+           sigops += CountP2SHSigOps(txin.scriptSig);
+        }

I did:

-        sigops += prev_txo.scriptPubKey.GetSigOpCount(txin.scriptSig);
+        sigops += prev_txo.scriptPubKey.IsPayToScriptHash() ?
+                      CountP2SHSigOps(txin.scriptSig) :
+                      prev_txo.scriptPubKey.CountSigOps(/*fAccurate=*/true);

since I don't think CountSigOps should always be applied (even if always 0)

l0rinc force-pushed on Aug 5, 2025

DrahtBot added the label CI failed on Aug 5, 2025

DrahtBot commented at 2:39 AM on August 5, 2025: contributor

🚧 At least one of the CI tasks failed. Task MSan, depends: https://github.com/bitcoin/bitcoin/runs/47383324322 LLM reason (✨ experimental): The CI failure is caused by a compilation error in script_ops.cpp: 'GetSigOpCount' is missing in 'CScript'.

<details><summary>Hints</summary>

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

</details>

l0rinc force-pushed on Aug 5, 2025

DrahtBot removed the label CI failed on Aug 5, 2025

in src/script/script.h:None in 4cbd303ddd outdated

 544 | +     * Starting with P2SH in version 0.6, `CHECKMULTISIG` operations inside wrapped scripts
 545 | +     * began to be counted more precisely, using the preceding OP_N opcode to determine
 546 | +     * the number of pubkeys and thus the number of sigops.
 547 |       */
 548 | -    unsigned int GetSigOpCount(bool fAccurate) const;
 549 | +    unsigned int CountSigOps(bool fAccurate) const;

ryanofsky commented at 11:14 AM on August 5, 2025:

In commit "refactor: rename GetSigOpCount to CountSigOps" (4cbd303ddd7ae500683a7a595f38c5b8ff2de31e)

It's not obvious from commit message why this rename is being done. I think it might help to add some explanation like:

Previous GetSigOpCount method was overloaded to take either a bool or scriptSig as a parameter, without an explanation of when to call each overload. New CountSigOps method avoids the overloading and documents how it should be called. The name was chosen to be clearer and consistent with the newer CountWitnessSigOps function.

I also think it would be reasonable to keep the current method name and just document the method better without renaming it, but I do like the current approach.

l0rinc commented at 9:11 PM on August 5, 2025:

Done, thanks, kept the rename and added you as a co-author

in src/script/script.h:None in 37c1d8fc8d outdated

 611 | + *
 612 | + * If the scriptSig contains a SegWit redeem script (i.e., a P2SH-P2WPKH or P2SH-P2WSH script),
 613 | + * this function counts only the non-SegWit sigops.
 614 | + * To count SegWit sigops in such cases, use `CountWitnessSigOps`.
 615 | + */
 616 | +unsigned int CountP2SHSigOps(const CScript& scriptSig);

ryanofsky commented at 11:42 AM on August 5, 2025:

In commit "refactor: split off P2SH from GetSigOpCount" (37c1d8fc8db2f1ddd6ddf4d8fccbd13bbc9c9935)

Might be helpful to say what is motivating this change in the commit message. Maybe add:

The name CountP2SHSigOps was chosen to match CountWitnessSigOps, since the two functions are counterparts for handling P2SH and SegWit scripts.

ryanofsky commented at 3:07 PM on August 5, 2025:

In commit "refactor: split off P2SH from GetSigOpCount" (37c1d8fc8db2f1ddd6ddf4d8fccbd13bbc9c9935)

Two things:

It might be nice to make CountP2SHSigOps function more similar to CountWitnessSigOps and accept a scriptPubKey argument. It looks like this change also makes call sites simpler.
I noticed with BIP54 the CScript::CountSigOps comment when to use fAccurate=false will not be right anymore. Would suggest qualifying the comment with "When enforcing the MAX_BLOCK_SIGOPS_COST limit".

Both changes are included in the diff below. Feel free to use, or keep the current code, or do something different if you prefer

--- a/src/consensus/tx_verify.cpp
+++ b/src/consensus/tx_verify.cpp
@@ -131,9 +131,7 @@ unsigned int GetP2SHSigOpCount(const CTransaction& tx, const CCoinsViewCache& in
     {
         const Coin& coin = inputs.AccessCoin(tx.vin[i].prevout);
         assert(!coin.IsSpent());
-        if (coin.out.scriptPubKey.IsPayToScriptHash()) {
-            nSigOps += CountP2SHSigOps(tx.vin[i].scriptSig);
-        }
+        nSigOps += CountP2SHSigOps(tx.vin[i].scriptSig, coin.out.scriptPubKey);
     }
     return nSigOps;
 }
--- a/src/policy/policy.cpp
+++ b/src/policy/policy.cpp
@@ -180,10 +180,9 @@ static bool CheckSigopsBIP54(const CTransaction& tx, const CCoinsViewCache& inpu
         // This means sigops in the spent scriptPubKey count toward the limit.
         // `fAccurate` means correctly accounting sigops for CHECKMULTISIGs(VERIFY) with 16 pubkeys
         // or fewer. This method of accounting was introduced by BIP16, and BIP54 reuses it.
+        sigops += prev_txo.scriptPubKey.CountSigOps(/*fAccurate=*/true);
         sigops += txin.scriptSig.CountSigOps(/*fAccurate=*/true);
-        sigops += prev_txo.scriptPubKey.IsPayToScriptHash() ?
-                      CountP2SHSigOps(txin.scriptSig) :
-                      prev_txo.scriptPubKey.CountSigOps(/*fAccurate=*/true);
+        sigops += CountP2SHSigOps(txin.scriptSig, prev_txo.scriptPubKey);
 
         if (sigops > MAX_TX_LEGACY_SIGOPS) {
             return false;
--- a/src/script/script.cpp
+++ b/src/script/script.cpp
@@ -180,8 +180,12 @@ unsigned int CScript::CountSigOps(bool fAccurate) const
     return n;
 }
 
-unsigned int CountP2SHSigOps(const CScript& scriptSig)
+unsigned int CountP2SHSigOps(const CScript& scriptSig, const CScript& scriptPubKey)
 {
+    if (!scriptPubKey.IsPayToScriptHash()) {
+        return 0;
+    }
+
     // This is a pay-to-script-hash scriptPubKey;
     // get the last item that the scriptSig
     // pushes onto the stack:
--- a/src/script/script.h
+++ b/src/script/script.h
@@ -531,8 +531,9 @@ public:
      * Count the number of signature operations (sigops) in this script.
      *
      * The `fAccurate` parameter controls how sigops are counted for `CHECKMULTISIG` operations.
-     * Set `fAccurate` to `true` when analyzing P2SH redeem scripts or SegWit witness scripts,
-     * and to `false` when analyzing scriptPubKeys or scriptSigs.
+     * When enforcing the `MAX_BLOCK_SIGOPS_COST` limit, set `fAccurate` to `true` when
+     * analyzing P2SH redeem scripts or SegWit witness scripts, and to `false` when analyzing
+     * scriptPubKeys or scriptSigs.
      *
      * Historically, Bitcoin always counted each `CHECKMULTISIG` as
      * 20 sigops (`MAX_PUBKEYS_PER_MULTISIG`), regardless of the number of pubkeys.
@@ -613,7 +614,7 @@ public:
  * this function counts only the non-SegWit sigops.
  * To count SegWit sigops in such cases, use `CountWitnessSigOps`.
  */
-unsigned int CountP2SHSigOps(const CScript& scriptSig);
+unsigned int CountP2SHSigOps(const CScript& scriptSig, const CScript& scriptPubKey);
 
 /** Test for OP_SUCCESSx opcodes as defined by BIP342. */
 bool IsOpSuccess(const opcodetype& opcode);
--- a/src/test/sigopcount_tests.cpp
+++ b/src/test/sigopcount_tests.cpp
@@ -44,7 +44,7 @@ BOOST_AUTO_TEST_CASE(CountSigOps)
     CScript p2sh = GetScriptForDestination(ScriptHash(s1));
     CScript scriptSig;
     scriptSig << OP_0 << Serialize(s1);
-    BOOST_CHECK_EQUAL(CountP2SHSigOps(scriptSig), 3U);
+    BOOST_CHECK_EQUAL(CountP2SHSigOps(scriptSig, p2sh), 3U);
 
     std::vector<CPubKey> keys;
     for (int i = 0; i < 3; i++)
@@ -61,7 +61,7 @@ BOOST_AUTO_TEST_CASE(CountSigOps)
     BOOST_CHECK_EQUAL(p2sh.CountSigOps(/*fAccurate=*/false), 0U);
     CScript scriptSig2;
     scriptSig2 << OP_1 << ToByteVector(dummy) << ToByteVector(dummy) << Serialize(s2);
-    BOOST_CHECK_EQUAL(CountP2SHSigOps(scriptSig2), 3U);
+    BOOST_CHECK_EQUAL(CountP2SHSigOps(scriptSig2, p2sh), 3U);
 }
 
 /**

</details>

EDIT: Simplified GetP2SHSigOpCount after earlier post

l0rinc commented at 9:13 PM on August 5, 2025:

Added your explanation to the commit message - even though the changes themselves made that obvious, since we've added new comments to the methods

l0rinc commented at 1:17 AM on August 6, 2025:

I played with this, but really dislike the new version, mostly for how awkward CheckSigopsBIP54 has become after it. But I have kept your comment update and change the ternary, let me know what you think of this instead:

if (prev_txo.scriptPubKey.IsPayToScriptHash()) {
    Assert(prev_txo.scriptPubKey.CountSigOps(/*fAccurate=*/true) == 0);
    sigops += CountP2SHSigOps(txin.scriptSig);
} else {
    sigops += prev_txo.scriptPubKey.CountSigOps(/*fAccurate=*/true);
}

If we get to my original proposal which optimizes CountSigOps for the templates, I don't mind always executing it, even when IsPayToScriptHash() == true. But it seems more logical to me to have two sigop updates here, like before.

ryanofsky commented at 4:45 PM on August 7, 2025:

re: #32729 (review)

Thanks. I think I just dislike reviewing changes before I know what purpose / motivation of the change is. I know you can often guess motivations after the fact, but it is usually helpful imo to see them stated explicitly.

ryanofsky commented at 4:53 PM on August 7, 2025:

re: #32729 (review)

I played with this, but really dislike the new version, mostly for how awkward CheckSigopsBIP54 has become after it.

I'm confused because the diff makes this code shorter than before, removes a conditional, and makes it match the BIP54 spec more closely (see other comment about BIP54 above). Also I liked the ternary version of this better than the current version. But whatever you prefer is fine with me and maybe some wires were just crossed here.

l0rinc commented at 10:23 PM on August 7, 2025:

Not after the fact, but that the commited code contained the added comments already explaining - not important, it's done :)

l0rinc commented at 10:29 PM on August 7, 2025:

Done

in src/script/script.h:None in 0d51088d1d outdated

 554 | @@ -555,7 +555,13 @@ class CScript : public CScriptBase
 555 |       */
 556 |      static bool IsPayToAnchor(int version, const std::vector<unsigned char>& program);
 557 |  
 558 | -    bool IsPayToScriptHash() const;
 559 | +    bool IsPayToScriptHash() const noexcept
 560 | +    {
 561 | +        return size() == 23 &&
 562 | +               front() == OP_HASH160 &&
 563 | +               (*this)[1] == WITNESS_V0_KEYHASH_SIZE &&

ryanofsky commented at 12:21 PM on August 5, 2025:

In commit "refactor: pull IsPayToScriptHash to header" (0d51088d1daa15ade3bf3c57410a0c12df235615)

It doesn't seem like WITNESS_V0_KEYHASH_SIZE is really the right constant to use for a p2sh script. Maybe should introduce a SCRIPT_HASH_SIZE or similar constant instead? Could also make sense to use the same constant for the memcpy in IsToScriptID

l0rinc commented at 9:50 PM on August 5, 2025:

Subtle, thanks, extracted it to:

static constexpr size_t HASH160_OUTPUT_SIZE{20};
static constexpr size_t WITNESS_V0_KEYHASH_SIZE{HASH160_OUTPUT_SIZE};

and used these where it explains the magic number better

in src/test/script_tests.cpp:None in 38e89f6462 outdated

1221 | @@ -1222,7 +1222,7 @@ BOOST_AUTO_TEST_CASE(script_size_and_capacity_test)
1222 |      // P2TR has direct allocation
1223 |      {
1224 |          const auto script{GetScriptForDestination(WitnessV1Taproot{XOnlyPubKey{dummy_pubkey}})};
1225 | -        BOOST_CHECK_EQUAL(GetTxoutType(script), TxoutType::WITNESS_V1_TAPROOT);
1226 | +        BOOST_CHECK(script.IsPayToTaproot());

ryanofsky commented at 12:27 PM on August 5, 2025:

In commit "refactor: pull IsPayToTaproot to header" (38e89f646221ec0c15158b6ef0007336fec008e3)

Can commit message explain reason for other changes in this commit, like this test check and the IsWitnessProgram reordering above (assuming they are intentional)

l0rinc commented at 10:13 PM on August 5, 2025:

There was no reordering, it was just inserted after the other helper, IsPayToWitnessScriptHash (looks like GitHub got confused). The BOOST_CHECK_EQUAL to BOOST_CHECK change is just to test the new helper method in a simpler way, now that we don't have to use Solver. You still think it needs additional explanations?

ryanofsky commented at 6:33 PM on August 7, 2025:

re: #32729 (review)

You still think it needs additional explanations?

It seems ok, but maybe consider adding your explanation to the commit message: "The BOOST_CHECK_EQUAL to BOOST_CHECK change is just to test the new helper method in a simpler way, now that we don't have to use Solver."

I wouldn't have asked the question if I had known what the intention behind the solver change was, so this wasn't obvious to me.

Also I do see IsWitnessProgram followed by IsPayToTaproot in the header before b71e7a07becb5d74db4bc1fdd60899b5ec5157f4 and IsPayToTaproot followed by IsWitnessProgram after that commit, so I am still wondering if reordering was intended here. Seems fine either way though.

l0rinc commented at 9:55 PM on August 7, 2025:

Also I do see IsWitnessProgram followed by IsPayToTaproot in the header before https://github.com/bitcoin/bitcoin/commit/b71e7a07becb5d74db4bc1fdd60899b5ec5157f4 and IsPayToTaproot followed by IsWitnessProgram after that commit

Yes, the quick template helpers are grouped above the IsWitnessProgram, the move is deliberate.

test the new helper method in a simpler way, now that we don't have to use Solver

I don't actually mind keeping both the solver and the new helpers - it's even better to make sure they're synchronized. Added both to each case.

ryanofsky commented at 12:34 PM on August 5, 2025: contributor

Code review f8208e92bd103359f8c3ceb3361eb7904099e994. Thanks for the updates, and I started reviewing the next chunk of this. Overall the changes seem helpful and well-considered and the extra test and benchmark coverage seem like they should be useful.

in src/script/script.h:None in 3c800a72b6 outdated

 561 | @@ -562,7 +562,14 @@ class CScript : public CScriptBase
 562 |                 (*this)[1] == WITNESS_V0_KEYHASH_SIZE &&
 563 |                 back() == OP_EQUAL;
 564 |      }
 565 | -    bool IsPayToWitnessScriptHash() const;
 566 | +
 567 | +    bool IsPayToWitnessScriptHash() const noexcept
 568 | +    {
 569 | +        return size() == 34 &&

ryanofsky commented at 3:20 PM on August 5, 2025:

In commit "refactor: pull IsPayToWitnessScriptHash to header" (3c800a72b6520d94bc3996fa31ecded0f6fab22d)

Changing 34 to WITNESS_V0_SCRIPTHASH_SIZE + 2 might make this a little more self-documenting.

(I don't mean to bikeshed on use of literals vs constants and front/back in these functions though. I could imagine other developers preferring the literals for concreteness even if I like the constants, and I don't have a strong preference.)

l0rinc commented at 10:20 PM on August 5, 2025:

In most other cases I used constants, but for the sizes I prefer redundancy and clarity, to make absolutely sure we're not accidentally changing anything here

in src/script/script.h:None in 38e89f6462 outdated

 574 | @@ -575,9 +575,14 @@ class CScript : public CScriptBase
 575 |                 (*this)[1] == WITNESS_V0_SCRIPTHASH_SIZE;
 576 |      }
 577 |  
 578 | -    bool IsWitnessProgram(int& version, std::vector<unsigned char>& program) const;
 579 | +    bool IsPayToTaproot() const noexcept
 580 | +    {
 581 | +        return size() == 34 &&

ryanofsky commented at 3:26 PM on August 5, 2025:

In commit "refactor: pull IsPayToTaproot to header" (38e89f646221ec0c15158b6ef0007336fec008e3)

Similar to previous, could replace 34 with WITNESS_V1_TAPROOT_SIZE + 2 but no strong preference

l0rinc commented at 10:20 PM on August 5, 2025:

I prefer the constant here for redundancy

in src/script/script.h:None in 5d23e9a4c6 outdated

 559 | @@ -560,6 +560,16 @@ class CScript : public CScriptBase
 560 |                 back() == 0x73;
 561 |      }
 562 |  
 563 | +    bool IsPayToPubKeyHash() const noexcept
 564 | +    {
 565 | +        return size() == 25 &&
 566 | +               front() == OP_DUP &&
 567 | +               (*this)[1] == OP_HASH160 &&
 568 | +               (*this)[2] == WITNESS_V0_KEYHASH_SIZE &&

ryanofsky commented at 3:32 PM on August 5, 2025:

In commit "refactor: add IsPayToPubKeyHash helper to script.h" (5d23e9a4c6fa4aab530889c54565954486572afd)

Again it seems a little off to use a segwit constant in pre-segwit output. Might be better to stick with literal 20 or maybe introduce a HASH160_SIZE or PUBKEY_HASH_SIZE constant. No strong preference though and technically this should be ok.

l0rinc commented at 10:22 PM on August 5, 2025:

Yes, good point, already did that as part of the other similar comment you had.

in src/script/script.h:None in 017f58821f outdated

 592 | @@ -592,6 +593,13 @@ class CScript : public CScriptBase
 593 |                 (*this)[1] == WITNESS_V1_TAPROOT_SIZE;
 594 |      }
 595 |  
 596 | +    bool IsCompressedPayToPubKey() const noexcept
 597 | +    {
 598 | +        return size() == 35 &&

ryanofsky commented at 3:38 PM on August 5, 2025:

In commit "refactor: add IsCompressedPayToPubKey helper to script.h" (017f58821fe857a2bb7ac14f2b00b349936391d8)

I guess it is intentional to replace CPubKey::COMPRESSED_SIZE + 2 with 35 here?

l0rinc commented at 10:25 PM on August 5, 2025:

Yes, same reasoning as before - normally I'm all for deduplication, so that the reason is clear + if we change it, we don't have to touch multiple places. But here I want a bit of extra redundancy to make sure that we do have to change in multiple places if we really want to change this value.

hodlinator commented at 8:59 PM on August 7, 2025:

Can you come up with any scenario where we would change a value of a named constant in this context of script types? In absence of that, the redundancy argument seems weak and I would rather make these numbers less magical as Russ seems to prefer as well. Better to have expressions that describe the contents of the script IMO. Slightly lower risk of off-by-one errors as well I would think. Using literal values >9 there's also more room for confusion/errors due to hexadecimal/decimal mixups.

For similar reasons, when accessing the last element I prefer either:

    (*this)[1 + CPubKey::COMPRESSED_SIZE] == OP_CHECKSIG;

or (what you had in an earlier push):

    back() == OP_CHECKSIG;

rather than: https://github.com/bitcoin/bitcoin/blob/748b10bbe864191ef49c32e0963e048b939f6088/src/script/script.h#L612

(Even though I've been warming up to back(), I still prefer the aesthetics of (*this)[0] over front() in this context).

l0rinc commented at 5:36 AM on August 11, 2025:

Not yet sure, we have a lot of places where we have similar indexes, I find them hard to follow and verify. I need more convincing to do it here - or maybe we can attempt it in a follow-up.

hodlinator commented at 12:05 PM on August 12, 2025:

I think my argument above is strong enough but this is not a blocker for me.

l0rinc commented at 4:02 PM on August 12, 2025:

There's a fine line here, as @ryanofsky also mentioned, we can endlessly bikeshed here. I'm for deduplication, but in this case leaving the hard-coded indexes seems safer to me. I don't mind doing this and other related hard-coded values in a follow-up.

ryanofsky commented at 11:48 AM on August 13, 2025:

re: #32729 (review)

Am fine with current approach just wanted to link #32729#pullrequestreview-3097866742 in this thread which shows the way I'd suggest writing this.

The surface difference between two styles is that mine avoids magic numbers while current style doesn't. I think the more fundamental difference is l0rinc thinks it's good if this code would be broken with different constant sizes "to make sure that we do have to change in multiple places if we really want to change this value" and I don't think that's good. Imo, if it's important for a constant to not change, unit tests, static asserts, and comments providing rationales are better mechanisms for ensuring this than segfaults.

Practically speaking though I don't think style of this code matters, and anything seems fine here.

in src/script/script.h:None in 017f58821f outdated

   8 | @@ -9,6 +9,7 @@
   9 |  #include <attributes.h>
  10 |  #include <crypto/common.h>
  11 |  #include <prevector.h> // IWYU pragma: export
  12 | +#include <pubkey.h>

ryanofsky commented at 3:59 PM on August 5, 2025:

In commit "refactor: add IsCompressedPayToPubKey helper to script.h" (017f58821fe857a2bb7ac14f2b00b349936391d8)

Seems reasonable to include pubkey.h but since we are only using constants, it might be better to move constants somewhere.

l0rinc commented at 10:28 PM on August 5, 2025:

We kinda' depend on pubkey here - if you have a more concrete suggestion, please let me know, all other ones I thought of were uglier than this.

in src/script/script.h:None in 017f58821f outdated

 592 | @@ -592,6 +593,13 @@ class CScript : public CScriptBase
 593 |                 (*this)[1] == WITNESS_V1_TAPROOT_SIZE;
 594 |      }
 595 |  
 596 | +    bool IsCompressedPayToPubKey() const noexcept

ryanofsky commented at 4:02 PM on August 5, 2025:

In commit "refactor: add IsCompressedPayToPubKey helper to script.h" (017f58821fe857a2bb7ac14f2b00b349936391d8)

Might be good to document that this method does not check the pubkey prefix (even/odd/uncompressed) and verify this is even or odd.

l0rinc commented at 1:28 AM on August 6, 2025:

Not sure, would we not consider it a P2PK without a valid prefix? Otherwise that's just an extra validation step that should be done elsewhere. We're not always checking the prefixes (see: MatchPayToPubkey), and we don't have extra info for other such quick checks - let me know if you have strong preferences here.

ryanofsky commented at 6:58 PM on August 7, 2025:

re: #32729 (review)

To clarify I agree code is doing the right thing and the CScript class shouldn't be looking inside the keys to check the format. I just think short comments could be helpful to prevent misunderstandings. Maybe:

//! Detect P2PK script with a compressed public key. Doesn't check the 0x02/0x03 key prefix.
//! Detect P2PK script with a uncompressed public key. Doesn't check the 0x04 key prefix.

Feel free to leave as-is though, just a suggestion

l0rinc commented at 10:29 PM on August 7, 2025:

Thanks, done

hodlinator commented at 8:49 AM on August 8, 2025:

nit: Agreed, comments are the absolute minimum, could even go so far as name them IsCompressedPayToPubKeyNoPrefix/IsUncompressedPayToPubKeyNoPrefix.

l0rinc commented at 5:39 AM on August 11, 2025:

Already done (I don't like the prefix, the script also checks CPubKey::ValidSize and the compressor also checks pubkey.IsFullyValid() - so it's not just the prefix validation that's "missing")

in src/test/sigopcount_tests.cpp:None in c194618bb5 outdated

 101 | +
 102 | +// Asserts the expected legacy/accurate sig-op totals for all common known script templates
 103 | +BOOST_AUTO_TEST_CASE(CountSigOpsKnownTemplates)
 104 | +{
 105 | +    CKey dummyKey;
 106 | +    dummyKey.MakeNewKey(true);

ryanofsky commented at 5:36 PM on August 5, 2025:

In commit "test: add CountSigOps edge-cases & known-template coverage" (c194618bb587a2e15ed11f268898599c74f1aa74)

Maybe add document boolean parameter with /*fCompressed=*/ here and below

l0rinc commented at 10:59 PM on August 5, 2025:

Even better, I used CKey dummyKey{GenerateRandomKey(/*compressed=*/true)}

in src/test/sigopcount_tests.cpp:None in c194618bb5 outdated

  98 | +        }
  99 | +    }
 100 | +}
 101 | +
 102 | +// Asserts the expected legacy/accurate sig-op totals for all common known script templates
 103 | +BOOST_AUTO_TEST_CASE(CountSigOpsKnownTemplates)

ryanofsky commented at 5:41 PM on August 5, 2025:

In commit "test: add CountSigOps edge-cases & known-template coverage" (c194618bb587a2e15ed11f268898599c74f1aa74)

Maybe reorder the CountSigOpsKnownTemplates before CountSigOpsErrors to make it easier to understand how the fake scripts differ from real scripts.

l0rinc commented at 11:01 PM on August 5, 2025:

Done, changed the order in the commit message as well.

in src/script/script.h:None in f8208e92bd outdated

 217 | @@ -218,8 +218,8 @@ enum opcodetype
 218 |      OP_INVALIDOPCODE = 0xff,
 219 |  };
 220 |  
 221 | -// Maximum value that an opcode can be
 222 | -static const unsigned int MAX_OPCODE = OP_NOP10;
 223 | +// Highest opcode allowed in pre-Taproot scripts

ryanofsky commented at 5:50 PM on August 5, 2025:

In commit "test: make sure OP_CHECKSIGADD isn't considered valid (legacy) sigop" (f8208e92bd103359f8c3ceb3361eb7904099e994)

Would suggest dropping "test:" prefix from this commit since it is changing non-test code. Could also split this up into a renaming and a test commit.

Also I'm not sure it is good to use LEGACY to mean pre-taproot here. In the OutputType enum, legacy seems to means "pre-segwit" and in GetLegacySigOpCount legacy seems to mean "pre-p2sh", so adding a third definition of "legacy" here would be nice to avoid. Maybe call it something like MAX_PRE_TAPSCRIPT_OPCODE or MAX_BASE_OPCODE?

l0rinc commented at 11:09 PM on August 5, 2025:

Thanks for the new name suggestion, I didn't like the legacy here, was hoping you will have a better suggestion!

Also extracted the test with explanations.

hodlinator commented at 8:18 PM on August 6, 2025:

Related: @itornaza's rename attempt in #30953. To me "legacy script" vs "tapscript" seems quite an established nomenclature, but "base" is acceptable and minimally more specific than his "script".

Your PR description still states: "Legacy opcode ceiling - final commit documents, enforces, and tests that OP_CHECKSIGADD > MAX_OPCODE." - I believe it is no longer the final commit.

ryanofsky commented at 6:15 PM on August 7, 2025:

In commit "refactor: make sure OP_CHECKSIGADD isn't considered valid (legacy) sigop" (a2cce66f11e635924c34b27b253214be8815b0bc)

Thanks, maybe also replace "(legacy)" in commit description with "pre-tapscript" or "base"

l0rinc commented at 9:48 PM on August 7, 2025:

Reworded the commit message, thanks

in src/test/sigopcount_tests.cpp:None in c194618bb5 outdated

 111 | +            // P2A
 112 | +            const std::vector<unsigned char> anchor_data{0x4e, 0x73};
 113 | +            const auto script{CScript() << OP_1 << anchor_data};
 114 | +
 115 | +            BOOST_CHECK(script.IsPayToAnchor());
 116 | +            BOOST_CHECK(script.IsPayToAnchor(1, anchor_data));

ryanofsky commented at 5:56 PM on August 5, 2025:

In commit "test: add CountSigOps edge-cases & known-template coverage" (c194618bb587a2e15ed11f268898599c74f1aa74)

Forgot to check sigops here?

l0rinc commented at 11:12 PM on August 5, 2025:

Overzealous merge conflict resolution - thanks, added it back.

in src/test/sigopcount_tests.cpp:None in c194618bb5 outdated

 187 | +BOOST_AUTO_TEST_CASE(GetOpName_no_missing_mnemonics)
 188 | +{
 189 | +    for (auto op{OP_0}; op < OP_INVALIDOPCODE; op = opcodetype(op + 1)) {
 190 | +        const auto op_name{GetOpName(op)};
 191 | +        BOOST_CHECK(!op_name.empty());
 192 | +        if (op >= OP_PUSHDATA1 && !IsOpSuccess(op)) {

ryanofsky commented at 6:10 PM on August 5, 2025:

In commit "test: add CountSigOps edge-cases & known-template coverage" (c194618bb587a2e15ed11f268898599c74f1aa74)

Maybe it would make sense to check that some (most?) of these opcodes actually do satisfy op_name == "OP_UNKNOWN", if that is the case.

l0rinc commented at 12:06 AM on August 6, 2025:

Yeah, I just implemented all of them instead - thanks for the push.

in src/test/sigopcount_tests.cpp:None in c194618bb5 outdated

  29 | @@ -28,6 +30,172 @@ Serialize(const CScript& s)
  30 |  
  31 |  BOOST_FIXTURE_TEST_SUITE(sigopcount_tests, BasicTestingSetup)
  32 |  
  33 | +// Feeds malformed PUSHDATA sequences to confirm the parser never crashes and still counts sig-ops that appear before the error.
  34 | +BOOST_AUTO_TEST_CASE(CountSigOpsErrors)
  35 | +{
  36 | +    for (const bool fAccurate : {false, true}) {
  37 | +        {
  38 | +            const auto script{CScript() << OP_CHECKSIG << opcodetype(0x4b)}; // push-75 with 0 bytes present

ryanofsky commented at 6:14 PM on August 5, 2025:

In commit "test: add CountSigOps edge-cases & known-template coverage" (c194618bb587a2e15ed11f268898599c74f1aa74)

Maybe use CScript{} instead of CScript() since already using braced initialization for the variable

l0rinc commented at 12:09 AM on August 6, 2025:

Done

in src/test/sigopcount_tests.cpp:None in c194618bb5 outdated

  34 | +BOOST_AUTO_TEST_CASE(CountSigOpsErrors)
  35 | +{
  36 | +    for (const bool fAccurate : {false, true}) {
  37 | +        {
  38 | +            const auto script{CScript() << OP_CHECKSIG << opcodetype(0x4b)}; // push-75 with 0 bytes present
  39 | +            BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 1);

ryanofsky commented at 6:17 PM on August 5, 2025:

In commit "test: add CountSigOps edge-cases & known-template coverage" (c194618bb587a2e15ed11f268898599c74f1aa74)

The checks in this test are very repetitive. You might be able to make it easier understand and maintain by building a std::vector<CScript> of invalid scripts and looping over it.

l0rinc commented at 12:11 AM on August 6, 2025:

Yeah, I thought of deduplicating them, but in that case they're not so explicit. I expect people to be interested in the behavior of a given template and see its behavior directly. If you insist, let me know and I'll think of something.

in src/core_read.cpp:None in f8208e92bd outdated

  26 | @@ -27,7 +27,7 @@ class OpCodeParser
  27 |  public:
  28 |      OpCodeParser()
  29 |      {
  30 | -        for (unsigned int op = 0; op <= MAX_OPCODE; ++op) {
  31 | +        for (unsigned int op = 0; op <= MAX_LEGACY_OPCODE; ++op) {

ryanofsky commented at 6:34 PM on August 5, 2025:

In commit "test: make sure OP_CHECKSIGADD isn't considered valid (legacy) sigop" (f8208e92bd103359f8c3ceb3361eb7904099e994)

I'm confused about whether code that changes in this commit is actually doing the right thing currently, of if some of it should be improved to support taproot opcodes. Would be helpful if commit message could clarify.

l0rinc commented at 9:11 PM on August 5, 2025:

I also found this confusing, it's why I have renamed the max in the first place and why I added tests for GetOpName. But given that we already had a test making sure that:

BOOST_CHECK_EXCEPTION(ParseScript("OP_CHECKSIGADD"), std::runtime_error, HasReason("script parse error: unknown opcode"));

it seems to be the expected behavior. Added a short explanation to the commit message.

However, the fuzz usage in ConsumeOpcodeType didn't make sense to me, so I've extended that to test any kind of opcode - done in a separate commit at the end.

<details> <summary>awkward fuzzing on my Mac</summary>

rm -rfd build_fuzz && \
cmake --preset=libfuzzer \
 -DCMAKE_C_COMPILER="$(brew --prefix llvm)/bin/clang" \
 -DCMAKE_CXX_COMPILER="$(brew --prefix llvm)/bin/clang++" \
 -DCMAKE_OSX_SYSROOT="$(xcrun --show-sdk-path)" \
 -DCMAKE_C_FLAGS="-target arm64-apple-macos11" \
 -DCMAKE_CXX_FLAGS="-target arm64-apple-macos11" \
 -DCMAKE_EXE_LINKER_FLAGS="-fuse-ld=lld" && \
cmake --build build_fuzz -j$(nproc) && \
FUZZ=script_ops build_fuzz/bin/fuzz

</details>

ryanofsky approved

ryanofsky commented at 6:41 PM on August 5, 2025: contributor

Code review ACK f8208e92bd103359f8c3ceb3361eb7904099e994. I finished reviewing this and didn't see any problems, just left various suggestions. The changes overall seem nice for making this code less confusing and adding better test & benchmark coverage.

l0rinc force-pushed on Aug 6, 2025

l0rinc commented at 2:15 AM on August 6, 2025: contributor

Addressed or responded to all concerns, thanks for spending the time to review this. I've extended the fuzzer to use the whole range of possible opcodes, I'm curious to see if it reveals any new failures. The change consists of tiny, simple changes, other reviewers are welcome.

l0rinc requested review from ryanofsky on Aug 6, 2025

l0rinc force-pushed on Aug 6, 2025

DrahtBot added the label CI failed on Aug 6, 2025

DrahtBot commented at 2:31 AM on August 6, 2025: contributor

🚧 At least one of the CI tasks failed. Task lint: https://github.com/bitcoin/bitcoin/runs/47470624304 LLM reason (✨ experimental): Lint check failed due to locale-dependent code usage in src/test/sigopcount_tests.cpp.

<details><summary>Hints</summary>

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

</details>

DrahtBot removed the label CI failed on Aug 6, 2025

in src/bench/checkblock.cpp:None in 0abbad2de4 outdated

  38 | @@ -39,26 +39,18 @@ static void DeserializeBlockTest(benchmark::Bench& bench)
  39 |      });
  40 |  }
  41 |  
  42 | -static void DeserializeAndCheckBlockTest(benchmark::Bench& bench)
  43 | +static void CheckBlockBench(benchmark::Bench& bench)
  44 |  {
  45 | -    DataStream stream(benchmark::data::block413567);
  46 | -    std::byte a{0};
  47 | -    stream.write({&a, 1}); // Prevent compaction

hodlinator commented at 8:30 PM on August 6, 2025:

nit: Could remove that part from the benchmark-code above too?
reflection: Seems like DataStream::Compact() is no longer called by anything.

l0rinc commented at 5:57 PM on August 10, 2025:

Good observation, but we still need this because of https://github.com/bitcoin/bitcoin/blob/master/src/streams.h#L213 - after read reaches the end, it wipes the Stream so we should add some garbage to the end to prevent that. But we could still do some cleanup in this area, in a separate PR.

in src/bench/checkblock.cpp:None in 37f72340f9 outdated

  55 | +    CBlock block;
  56 | +    DataStream(benchmark::data::block413567) >> TX_WITH_WITNESS(block);
  57 | +
  58 | +    constexpr auto expected_sigops{2841};
  59 | +    bench.batch(expected_sigops).unit("sigops").run([&] {
  60 | +        auto nSigOps{0};

hodlinator commented at 8:43 PM on August 6, 2025:

nSigOps => sig_op_count?

l0rinc commented at 6:06 PM on August 10, 2025:

It's deliberate, we're exercising https://github.com/bitcoin/bitcoin/blob/master/src/validation.cpp#L4080-L4084. Renaming it only here would only make searching more difficult. I'm all for modernizing, but this didn't seem the right place to do it.

hodlinator commented at 11:36 AM on August 12, 2025:

Did you mean these lines? (Better to not link master as it's a moving target). https://github.com/bitcoin/bitcoin/blob/273e600e65c2e31a6e9a0bd72b40672aaa503b08/src/validation.cpp#L4075-L4079 Certainly nit-level.

l0rinc commented at 3:43 PM on August 12, 2025:

Yeah

in src/script/script.h:None in 006a428613 outdated

 539 | +     * Set `fAccurate` to `true` when analyzing P2SH redeem scripts or SegWit witness scripts,
 540 | +     * and to `false` when analyzing scriptPubKeys or scriptSigs.
 541 | +     *
 542 | +     * Historically, Bitcoin always counted each `CHECKMULTISIG` as
 543 | +     * 20 sigops (`MAX_PUBKEYS_PER_MULTISIG`), regardless of the number of pubkeys.
 544 | +     * Starting with P2SH in version 0.6, `CHECKMULTISIG` operations inside wrapped scripts

hodlinator commented at 8:52 PM on August 6, 2025:

Why is the wrapped-property worth calling out in a P2SH context? Do you mean in contrast to bare multisig? I'm not super clear on this area, so feel a bit uncomfortable reviewing this comment (easier to verify code changes).

ryanofsky commented at 3:19 PM on August 8, 2025:

re: #32729 (review)

Why is the wrapped-property worth calling out in a P2SH context? Do you mean in contrast to bare multisig?

Good point. By wrapped scripts I just meant redeemScripts and witnessScripts, but that term was confusing. I think a better version of this is probably:

/**
 * Count the number of signature operations (sigops) in this script.
 *
 * The `fAccurate` parameter controls how `CHECKMULTISIG` operations are counted.
 * When enforcing the `MAX_BLOCK_SIGOPS_COST` limit, set `fAccurate` to `true` when
 * counting a redeemScript (P2SH) or witnessScript (P2WSH), and set it to `false`
 * when counting a scriptPubKey or scriptSig.
 *
 * Historical note: before P2SH (v0.6), `CHECKMULTISIG` was always counted as
 * MAX_PUBKEYS_PER_MULTISIG (=20), regardless of the actual number of pubkeys.
 * Starting with P2SH — and similarly for P2WSH later — `CHECKMULTISIG` inside
 * the redeemScript/witnessScript began to be counted precisely, using the
 * preceding OP_N to determine the number of pubkeys.
 */
unsigned int CountSigOps(bool fAccurate) const;

which cleans up the comment and mentions witness scripts explicitly in the "historical" section.

If anything still is confusing here would be good to know because I spent hours being confused by the previous code while reviewing this PR and was hoping a little more documentation could avoid the need for others to go through that.

l0rinc commented at 5:04 AM on August 11, 2025:

Updated the doc, thanks!

I spent hours being confused by the previous code while reviewing this PR

Does this PR make the situation clearer?

in src/script/script.h:None in 006a428613 outdated

 535 | -     *  ... OP_N CHECKMULTISIG ...
 536 | +     * Count the number of signature operations (sigops) in this script.
 537 | +     *
 538 | +     * The `fAccurate` parameter controls how sigops are counted for `CHECKMULTISIG` operations.
 539 | +     * Set `fAccurate` to `true` when analyzing P2SH redeem scripts or SegWit witness scripts,
 540 | +     * and to `false` when analyzing scriptPubKeys or scriptSigs.

hodlinator commented at 8:56 PM on August 6, 2025:

Follow-up idea: Instead of having these kinds of booleans, it might be cool to explore subclassing CScript into something like WitnessScript/LockScript/UnlockScript/TapScript someday. That could also prevent mixing up the parameter order for CountP2SHSigOps(UnlockScript, LockScript).

l0rinc commented at 5:06 AM on August 11, 2025:

Yes, I also thought of that.

in src/script/script.h:None in 4df5614c46 outdated

 558 | @@ -556,7 +559,13 @@ class CScript : public CScriptBase
 559 |       */
 560 |      static bool IsPayToAnchor(int version, const std::vector<unsigned char>& program);
 561 |  
 562 | -    bool IsPayToScriptHash() const;
 563 | +    bool IsPayToScriptHash() const noexcept

hodlinator commented at 9:37 PM on August 6, 2025:

re noexcept: The base, prevector, is a header-only type, so compiler sees all and should be able to infer noexcept, so seems like noise to me? Same for IsPayToWitnessScriptHash() and others.

l0rinc commented at 5:08 AM on August 11, 2025:

Maybe, I don't know in which cases we can safely avoid it, hoping that all compilers will eliminate it.

hodlinator commented at 11:27 AM on August 12, 2025:

I hoped it would be inferred by the compiler, but experiments such as static_assert(noexcept(script.IsPayToAnchor())) when removing the explicit specification showed that to not be the case. Guess we can open the floodgates of adding these identifiers to touched/new functions where appropriate.

in src/compressor.cpp:None in 2b48b56247 outdated

   3 | @@ -4,10 +4,11 @@
   4 |  // file COPYING or http://www.opensource.org/licenses/mit-license.php.
   5 |  
   6 |  #include <compressor.h>
   7 | -

hodlinator commented at 1:20 PM on August 7, 2025:

meganit: This empty line is intentional and IMO preferable; increases the chance that the corresponding header doesn't become alphabetically sorted after another header. Having the corresponding header first ensures missing #include's inside it get caught.

l0rinc commented at 5:11 AM on August 11, 2025:

Sure, done

in src/test/compress_tests.cpp:None in 2b48b56247 outdated

 181 | +    {
 182 | +        auto key{ToByteVector(GenerateRandomKey(/*compressed=*/true).GetPubKey())};
 183 | +        key[0] = 0x06; // 0x02/0x03 would be valid prefixes
 184 | +
 185 | +        const auto script{CScript() << key << OP_CHECKSIG};
 186 | +        BOOST_CHECK(script.IsCompressedPayToPubKey());

hodlinator commented at 1:30 PM on August 7, 2025:

Could add a comments about this check not catching invalid prefixes here and below, unless you alter the name to highlight that prefixes are not checked (see other comment in script.h).

l0rinc commented at 5:13 AM on August 11, 2025:

Added a comment previously to IsCompressedPayToPubKey to explain that:

//! Detect P2PK script with a compressed public key. Doesn't check the 0x02/0x03 key prefix.
bool IsCompressedPayToPubKey() const noexcept

hodlinator commented at 8:59 AM on August 12, 2025:

Yeah, saw that, but still thought a brief local comment would decrease the level of surprise for those reading the test. Please consider it a nit though.

        BOOST_CHECK(script.IsCompressedPayToPubKey()); // Prefix is not validated

l0rinc commented at 3:53 PM on August 12, 2025:

Since many other parts aren't validated either, only the structure, I think I'll leave it as is

in src/compressor.cpp:None in 2b48b56247 outdated

  30 | @@ -30,10 +31,9 @@ static bool IsToScriptID(const CScript& script, CScriptID& hash)
  31 |      return true;
  32 |  }
  33 |  
  34 | -static bool IsToPubKey(const CScript& script, CPubKey &pubkey)
  35 | +static bool IsToPubKey(const CScript& script, CPubKey& pubkey)
  36 |  {
  37 | -    if (script.size() == 35 && script[0] == 33 && script[34] == OP_CHECKSIG
  38 | -                            && (script[1] == 0x02 || script[1] == 0x03)) {
  39 | +    if (script.IsCompressedPayToPubKey() && (script[1] == 0x02 || script[1] == 0x03)) {

hodlinator commented at 1:39 PM on August 7, 2025:

Since we're adding the secp256k1.h #include in commit 17922e88153b07f6146f5740dde69e8a3587220a, why not use SECP256K1_TAG_PUBKEY_EVEN/..._ODD directly instead of changing to them in 90df1ccfca9c0adfd1c61c1b07d8911ab632bc6a?

l0rinc commented at 5:15 AM on August 11, 2025:

That's more consistent, indeed

in src/test/fuzz/script.cpp:None in 9ee6977ce8 outdated

  20 |  #include <script/signingprovider.h>
  21 |  #include <script/solver.h>
  22 |  #include <streams.h>
  23 | -#include <test/fuzz/FuzzedDataProvider.h>
  24 |  #include <test/fuzz/fuzz.h>
  25 | +#include <test/fuzz/FuzzedDataProvider.h>

hodlinator commented at 1:49 PM on August 7, 2025:

So your editor's sorting function orders script_error.h before script.h, and fuzz.h before FuzzedDataProvider.h? My editor sorts the headers as they are before this change. 🤔

l0rinc commented at 5:18 AM on August 11, 2025:

Reverted

in src/script/script.h:None in 006a428613 outdated

 534 | -     * counted more accurately, assuming they are of the form
 535 | -     *  ... OP_N CHECKMULTISIG ...
 536 | +     * Count the number of signature operations (sigops) in this script.
 537 | +     *
 538 | +     * The `fAccurate` parameter controls how sigops are counted for `CHECKMULTISIG` operations.
 539 | +     * Set `fAccurate` to `true` when analyzing P2SH redeem scripts or SegWit witness scripts,

ryanofsky commented at 4:14 PM on August 7, 2025:

In commit "refactor: rename GetSigOpCount to CountSigOps" (006a428613710dde24866cf4f6efd7b68b6ee294)

This sentence should be prefixed with "When enforcing the MAX_BLOCK_SIGOPS_COST limit" to be correct since it doesn't apply in other cases. (Problem is fixed in the next commit but the change belongs this commit. Sorry my previous feedback was a bit jumbled and I mixed the commits together.)

l0rinc commented at 9:43 PM on August 7, 2025:

Brought the change one commit earlier to avoid modifying the same thing twice.

in src/test/sigopcount_tests.cpp:None in 9ee6977ce8 outdated

 212 | +    // Unused
 213 | +    for (auto op{opcodetype(OP_CHECKSIGADD + 1)}; op < OP_INVALIDOPCODE; op = opcodetype(op + 1)) {
 214 | +        BOOST_CHECK_EQUAL(GetOpName(op), "OP_UNKNOWN");
 215 | +    }
 216 | +    // Invalid
 217 | +    BOOST_CHECK_EQUAL(GetOpName(OP_INVALIDOPCODE), "OP_INVALIDOPCODE");

hodlinator commented at 4:18 PM on August 7, 2025:

Not sure this belongs in sigopcount_tests.cpp, script_tests.cpp seems more appropriate?
Would feel more robust if written like this to eliminate any doubt about not covering the whole enum:

    static_assert(OP_FALSE == OP_0);
    for (auto op{opcodetype(0)}; op <= OP_INVALIDOPCODE; op = static_cast<opcodetype>(op + 1)) {
        switch (op) {
        // Special
        case OP_FALSE: BOOST_CHECK_EQUAL(GetOpName(op), "0"); break;
        case OP_TRUE: BOOST_CHECK_EQUAL(GetOpName(op), "1"); break;
        // Push data
        case OP_PUSHDATA1: BOOST_CHECK_EQUAL(GetOpName(op), "OP_PUSHDATA1"); break;
        case OP_PUSHDATA2: BOOST_CHECK_EQUAL(GetOpName(op), "OP_PUSHDATA2"); break;
        case OP_PUSHDATA4: BOOST_CHECK_EQUAL(GetOpName(op), "OP_PUSHDATA4"); break;

        case OP_1NEGATE: BOOST_CHECK_EQUAL(GetOpName(op), "-1"); break;
        case OP_RESERVED: BOOST_CHECK_EQUAL(GetOpName(op), "OP_RESERVED"); break;
        case OP_INVALIDOPCODE: BOOST_CHECK_EQUAL(GetOpName(op), "OP_INVALIDOPCODE"); break;

        default:
            // Direct push
            if (op >= OP_0 + 1 && op < OP_PUSHDATA1) {
                BOOST_CHECK_EQUAL(GetOpName(op), "OP_UNKNOWN");
            // Numbers
            } else if (op >= OP_RESERVED + 1 && op < OP_NOP) {
                BOOST_CHECK_EQUAL(GetOpName(op), util::ToString(op - OP_RESERVED));
            // Named operations
            } else if (op >= OP_NOP && op <= OP_CHECKSIGADD) {
                const auto op_name{GetOpName(op)};
                BOOST_CHECK_NE(op_name, "OP_UNKNOWN");
                BOOST_CHECK(op_name.starts_with("OP_"));
            // Unused
            } else if (op >= OP_CHECKSIGADD + 1 && op < OP_INVALIDOPCODE) {
                BOOST_CHECK_EQUAL(GetOpName(op), "OP_UNKNOWN");
            } else {
                BOOST_FAIL("Incomplete coverage");
            }
            break;
        }
    }

ryanofsky commented at 3:43 PM on August 8, 2025:

re: #32729 (review)

Seems like a good idea. Maybe default section can be simplified too (untested)

        default:
            // Numbers
            if (op >= OP_RESERVED + 1 && op < OP_NOP) {
                BOOST_CHECK_EQUAL(GetOpName(op), util::ToString(op - OP_RESERVED));
            // Named operations
            } else if (op >= OP_NOP && op <= OP_CHECKSIGADD) {
                const auto op_name{GetOpName(op)};
                BOOST_CHECK_NE(op_name, "OP_UNKNOWN");
                BOOST_CHECK(op_name.starts_with("OP_"));
            } else {
                BOOST_CHECK_EQUAL(GetOpName(op), "OP_UNKNOWN");
            }
            break;

l0rinc commented at 5:29 AM on August 11, 2025:

Excellent, did something very similar, thanks for the hints. Verified that all ops are indeed checked this way and added both of you as coauthors.

hodlinator commented at 7:58 AM on August 11, 2025:

Thanks! Could avoid some more redundant GetOpName()-calls and use more information rich variable naming. (nit: Still have a minor preference for specifying which op-codes are expected to result in "OP_UNKNOWN"):

diff --git a/src/test/script_tests.cpp b/src/test/script_tests.cpp
index 60a730dfc2..a851bf6c9f 100644
--- a/src/test/script_tests.cpp
+++ b/src/test/script_tests.cpp
@@ -1620,29 +1620,31 @@ BOOST_AUTO_TEST_CASE(script_HasValidBaseOps)
 BOOST_AUTO_TEST_CASE(GetOpName_no_missing_mnemonics)
 {
     for (auto op{OP_0}; op <= OP_INVALIDOPCODE; op = opcodetype(op + 1)) {
-        switch (auto arg0{GetOpName(op)}; op) {
+        switch (auto name{GetOpName(op)}; op) {
         // Special
-        case OP_FALSE: BOOST_CHECK_EQUAL(arg0, "0"); break;
-        case OP_TRUE: BOOST_CHECK_EQUAL(arg0, "1"); break;
+        case OP_FALSE: BOOST_CHECK_EQUAL(name, "0"); break;
+        case OP_TRUE: BOOST_CHECK_EQUAL(name, "1"); break;
         // Push data
-        case OP_PUSHDATA1: BOOST_CHECK_EQUAL(arg0, "OP_PUSHDATA1"); break;
-        case OP_PUSHDATA2: BOOST_CHECK_EQUAL(arg0, "OP_PUSHDATA2"); break;
-        case OP_PUSHDATA4: BOOST_CHECK_EQUAL(arg0, "OP_PUSHDATA4"); break;
+        case OP_PUSHDATA1: BOOST_CHECK_EQUAL(name, "OP_PUSHDATA1"); break;
+        case OP_PUSHDATA2: BOOST_CHECK_EQUAL(name, "OP_PUSHDATA2"); break;
+        case OP_PUSHDATA4: BOOST_CHECK_EQUAL(name, "OP_PUSHDATA4"); break;
         // Other
-        case OP_1NEGATE: BOOST_CHECK_EQUAL(arg0, "-1"); break;
-        case OP_RESERVED: BOOST_CHECK_EQUAL(arg0, "OP_RESERVED"); break;
-        case OP_INVALIDOPCODE: BOOST_CHECK_EQUAL(arg0, "OP_INVALIDOPCODE"); break;
+        case OP_1NEGATE: BOOST_CHECK_EQUAL(name, "-1"); break;
+        case OP_RESERVED: BOOST_CHECK_EQUAL(name, "OP_RESERVED"); break;
+        case OP_INVALIDOPCODE: BOOST_CHECK_EQUAL(name, "OP_INVALIDOPCODE"); break;
         default:
             if (op >= OP_RESERVED + 1 && op < OP_NOP) {
                 // Numbers
-                BOOST_CHECK_EQUAL(GetOpName(op), util::ToString(op - OP_RESERVED));
+                BOOST_CHECK_EQUAL(name, util::ToString(op - OP_RESERVED));
             } else if (op >= OP_NOP && op <= OP_CHECKSIGADD) {
                 // Named operations
-                const auto op_name{GetOpName(op)};
-                BOOST_CHECK_NE(op_name, "OP_UNKNOWN");
-                BOOST_CHECK(op_name.starts_with("OP_"));
+                BOOST_CHECK_NE(name, "OP_UNKNOWN");
+                BOOST_CHECK(name.starts_with("OP_"));
+            } else if ((op >= OP_0 + 1 && op < OP_PUSHDATA1) || (op >= OP_CHECKSIGADD + 1 && op < OP_INVALIDOPCODE)) {
+                // Direct push or unused
+                BOOST_CHECK_EQUAL(name, "OP_UNKNOWN");
             } else {
-                BOOST_CHECK_EQUAL(GetOpName(op), "OP_UNKNOWN");
+                BOOST_FAIL("Incomplete coverage");
             }
             break;
         }

hodlinator commented at 10:09 PM on August 12, 2025:

nit: Seems to be missing a newline after default:: https://github.com/bitcoin/bitcoin/blob/8ec20fbe3fe476e44a60bba2ed90f8bff39fc4db/src/test/script_tests.cpp#L1632-L1639

in src/consensus/tx_verify.cpp:None in 6bf5dce801 outdated

 130 | @@ -131,9 +131,9 @@ unsigned int GetP2SHSigOpCount(const CTransaction& tx, const CCoinsViewCache& in
 131 |      {
 132 |          const Coin& coin = inputs.AccessCoin(tx.vin[i].prevout);
 133 |          assert(!coin.IsSpent());
 134 | -        const CTxOut &prevout = coin.out;
 135 | -        if (prevout.scriptPubKey.IsPayToScriptHash())
 136 | -            nSigOps += prevout.scriptPubKey.GetSigOpCount(tx.vin[i].scriptSig);
 137 | +        if (coin.out.scriptPubKey.IsPayToScriptHash()) {
 138 | +            nSigOps += CountP2SHSigOps(tx.vin[i].scriptSig);
 139 | +        }

ryanofsky commented at 4:35 PM on August 7, 2025:

In commit "refactor: split off P2SH from GetSigOpCount" (6bf5dce801e0da9d372d42d2c0650c283ec787f5)

I still think you should consider simplifying these lines to:

nSigOps += CountP2SHSigOps(tx.vin[i].scriptSig, coin.out.scriptPubKey);

and simplifying CheckSigopsBIP54 to:

sigops += txin.scriptSig.CountSigOps(/*fAccurate=*/true);
sigops += prev_txo.scriptPubKey.CountSigOps(/*fAccurate=*/true);
sigops += CountP2SHSigOps(txin.scriptSig, prev_txo.scriptPubKey);

Getting rid of conditionals in these counting functions make them safer and more readable. In the case of BIP54 it also makes the code literally match the specification which says "For each input in the transaction, count the number of CHECKSIG and CHECKMULTISIG in the input scriptSig and previous output's scriptPubKey, including the P2SH redeemScript."

Additionally this would make the CountP2SHSigOps and CountWitnessSigOps functions take the same arguments and have the same semantics instead of having an unnecessary difference between them.

l0rinc commented at 9:43 PM on August 7, 2025:

Done

l0rinc commented at 10:23 PM on August 7, 2025:

If you say you find it more readable, I don't mind - changed

ryanofsky approved

ryanofsky commented at 7:26 PM on August 7, 2025: contributor

Code review ACK dd1a7ab428a7c7f87b2a02580aca0d593c2de68a. Thanks for the updates! I left a few more suggestions, but nothing important.

I think it might be good to link directly to your optimization commit d76d7531dfcc7ef2d104b8977a2239cb1fc89119 in the PR description since it helps explain the changes here and bring them together.

On style changes in the CScript methods I think they are an improvement overall, though personally I'd try to avoid front/back methods and magic numbers and write them more like:

        return size() == (5 + HASH160_SIZE) &&
               (*this)[0] == OP_DUP &&
               (*this)[1] == OP_HASH160 &&
               (*this)[2] == HASH160_SIZE &&
               (*this)[3 + HASH160_SIZE] == OP_EQUALVERIFY &&
               (*this)[4 + HASH160_SIZE] == OP_CHECKSIG;

But no need to bikeshed and whatever you or other reviewers prefer seems fine. Existing style also is fine.

in src/rpc/mempool.cpp:None in a2cce66f11 outdated

  81 | @@ -82,7 +82,7 @@ static RPCHelpMan sendrawtransaction()
  82 |              }
  83 |  
  84 |              for (const auto& out : mtx.vout) {
  85 | -                if((out.scriptPubKey.IsUnspendable() || !out.scriptPubKey.HasValidOps()) && out.nValue > max_burn_amount) {
  86 | +                if((out.scriptPubKey.IsUnspendable() || !out.scriptPubKey.HasValidBaseOps()) && out.nValue > max_burn_amount) {

hodlinator commented at 8:05 PM on August 7, 2025:

nit: if (

l0rinc commented at 5:30 AM on August 11, 2025:

Done

in src/script/script.cpp:None in a2cce66f11 outdated

 267 |      CScript::const_iterator it = begin();
 268 |      while (it < end()) {
 269 |          opcodetype opcode;
 270 |          std::vector<unsigned char> item;
 271 | -        if (!GetOp(it, opcode, item) || opcode > MAX_OPCODE || item.size() > MAX_SCRIPT_ELEMENT_SIZE) {
 272 | +        if (!GetOp(it, opcode, item) || opcode > MAX_BASE_OPCODE || item.size() > MAX_SCRIPT_ELEMENT_SIZE) {

hodlinator commented at 8:10 PM on August 7, 2025:

Was considering whether HasValidOps() instead should take a parameter like bool tapscript. But only found it being used for scriptPubKeys and scriptSigs, whereas tapscripts only exist in witness data AFAIK. Maybe worth calling out in the commit message of 94da3342dd1cfd21cc99c67c55ee4aa977e8b520?

l0rinc commented at 5:33 AM on August 11, 2025:

Did something like that, let me know what you think.

hodlinator commented at 8:32 AM on August 12, 2025:

Like the new version, makes it clearer!

(nit: I would drop the "Also fixes minor spacing issues in conditional statements."-paragraph if you retouch).

l0rinc force-pushed on Aug 7, 2025

l0rinc commented at 10:33 PM on August 7, 2025: contributor

Pushed a new set of smaller, mostly test fixes - thanks for detailed review again!

though personally I'd try to avoid front/back methods

Done, they're more uniform this way. I left the hard-coded indexes for redundancy.

DrahtBot added the label CI failed on Aug 7, 2025

DrahtBot commented at 11:00 PM on August 7, 2025: contributor

🚧 At least one of the CI tasks failed. Task no wallet, libbitcoinkernel: https://github.com/bitcoin/bitcoin/runs/47636996984 LLM reason (✨ experimental): The CI failure is caused by a compilation error due to calling CountP2SHSigOps with one argument instead of the required two.

<details><summary>Hints</summary>

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

</details>

l0rinc force-pushed on Aug 7, 2025

DrahtBot removed the label CI failed on Aug 8, 2025

in src/test/sigopcount_tests.cpp:None in 748b10bbe8 outdated

  47 | +            BOOST_CHECK(script.IsPayToAnchor(1, anchor_data));
  48 | +            BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 0);
  49 | +        }
  50 | +        {
  51 | +            // OP_RETURN with sigop after (non-standard, found first in block 229,712)
  52 | +            const auto p2pkh_hash{"cd2b3298b7f455f39805377e5f213093df3cc09a"_hex_v_u8};

hodlinator commented at 8:53 AM on August 8, 2025:

This seems fine since your #30765 / cac846c2fbf6fc69bfc288fd387aa3f68d84d584?

            const auto p2pkh_hash{"cd2b3298b7f455f39805377e5f213093df3cc09a"_hex};

l0rinc commented at 5:40 AM on August 11, 2025:

Done, thanks

in src/test/sigopcount_tests.cpp:None in 748b10bbe8 outdated

  38 | +    const auto pubkey{dummyKey.GetPubKey()};
  39 | +
  40 | +    for (const bool fAccurate : {false, true}) {
  41 | +        {
  42 | +            // P2A
  43 | +            const std::vector<unsigned char> anchor_data{0x4e, 0x73};

hodlinator commented at 9:40 AM on August 8, 2025:

reflection: Tempting to encourage something like:

            const auto anchor_data{std::to_array({std::byte{0x4e}, std::byte{0x73}})};

But the second IsPayToAnchor() is not ready for it and I understand if you don't want to modernize that within this PR.

l0rinc commented at 5:42 AM on August 11, 2025:

Yeah, I don't really like it, it has more moving parts

in src/test/sigopcount_tests.cpp:None in 748b10bbe8 outdated

 176 | +            BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 1);
 177 | +        }
 178 | +        {
 179 | +            const auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA4
 180 | +                              << opcodetype(100) << opcodetype(0xff) << opcodetype(0xff) << opcodetype(0xff)
 181 | +                              << OP_CHECKSIG << OP_CHECKSIGVERIFY << OP_CHECKMULTISIG << OP_CHECKMULTISIGVERIFY}; // out of bounds OP_PUSHDATA4 data size ignoring OP_CHECKMULTISIGVERIFY

hodlinator commented at 9:47 AM on August 8, 2025:

Starting a comment at column 115? More readable for multi-line statements here and above:

            // out of bounds OP_PUSHDATA4 data size ignoring OP_CHECKMULTISIGVERIFY
            const auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA4
                              << opcodetype(100) << opcodetype(0xff) << opcodetype(0xff) << opcodetype(0xff)
                              << OP_CHECKSIG << OP_CHECKSIGVERIFY << OP_CHECKMULTISIG << OP_CHECKMULTISIGVERIFY};

l0rinc commented at 5:46 AM on August 11, 2025:

Not sure, but I don't mind - done.

in src/test/sigopcount_tests.cpp:None in 748b10bbe8 outdated

 134 | +            const auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA1}; // not enough data after OP_PUSHDATA1
 135 | +            BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 1);
 136 | +        }
 137 | +        {
 138 | +            const auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA1
 139 | +                              << opcodetype(0xff)

hodlinator commented at 10:10 AM on August 8, 2025:

Why not use:

                              << OP_INVALIDOPCODE

here and below?

l0rinc commented at 5:47 AM on August 11, 2025:

Because it would look weird in cases such as:

<< opcodetype(100) << opcodetype(0xff) << opcodetype(0xff) << opcodetype(0xff)

hodlinator commented at 8:28 AM on August 12, 2025:

Consider it a nit, but curious why it would look weird?

l0rinc commented at 3:55 PM on August 12, 2025:

just seems more consistent with the rest (I also considered it at first, changed it back, seems eaiser to parse).

Also, these aren't actual opcodes (edit: I'm explicitly creating invalid pushes here). I though of adding these as CScript{} << "ffff"_hex, but operator<<(std::span<const std::byte> b) starts with AppendDataSize, we don't really have a way to just add raw bytes (except for .insert() which will likely make the code uglier).

hodlinator commented at 7:17 AM on August 13, 2025:

I was glossing over the fact that you want to use these to represent numeric lengths, sorry. The old-style C++ opcodetype() casts derailed me.

Have a slight preference for:

diff --git a/src/test/sigopcount_tests.cpp b/src/test/sigopcount_tests.cpp
index eeb9eec3f9..dbe1dd7ca2 100644
--- a/src/test/sigopcount_tests.cpp
+++ b/src/test/sigopcount_tests.cpp
@@ -125,71 +125,77 @@ BOOST_AUTO_TEST_CASE(CountSigOpsErrors)
         }
         {
             // push-2 with only 1 byte present ignoring OP_CHECKSIGVERIFY
-            const auto script{CScript{} << OP_CHECKSIG
-                              << opcodetype(0x02)
-                              << OP_CHECKSIGVERIFY};
+            auto script{CScript{} << OP_CHECKSIG};
+            script.push_back(0x02);
+            script << OP_CHECKSIGVERIFY;
             BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 1);
         }
 
         {
-            // not enough data after OP_PUSHDATA1
+            // missing data after OP_PUSHDATA1
             const auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA1};
             BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 1);
         }
         {
             // out of bounds OP_PUSHDATA1 data size ignoring OP_CHECKSIGVERIFY
-            const auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA1
-                              << opcodetype(0xff)
-                              << OP_CHECKSIGVERIFY};
+            auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA1};
+            script.push_back(0xff);
+            script << OP_CHECKSIGVERIFY;
             BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 1);
         }
 
         {
-            // not enough data after OP_PUSHDATA2
+            // missing data after OP_PUSHDATA2
             const auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA2};
             BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 1);
         }
         {
             // not enough data after OP_PUSHDATA2
-            const auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA2 << opcodetype(0xff)};
+            auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA2};
+            script.push_back(0xff);
             BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 1);
         }
         {
             // out of bounds OP_PUSHDATA2 data size ignoring OP_CHECKSIGVERIFY
-            const auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA2
-                              << opcodetype(0xff) << opcodetype(0xff)
-                              << OP_CHECKSIG << OP_CHECKSIGVERIFY << OP_CHECKMULTISIG << OP_CHECKMULTISIGVERIFY};
+            auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA2};
+            script.push_back(0xff);
+            script.push_back(0xff);
+            script << OP_CHECKSIG << OP_CHECKSIGVERIFY << OP_CHECKMULTISIG << OP_CHECKMULTISIGVERIFY;
             BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 1);
         }
 
         {
-            // not enough data after OP_PUSHDATA4
+            // missing data after OP_PUSHDATA4
             const auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA4};
             BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 1);
         }
         {
             // not enough data after OP_PUSHDATA4
-            const auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA4
-                              << opcodetype(0xff)};
+            auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA4};
+            script.push_back(0xff);
             BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 1);
         }
         {
             // not enough data after OP_PUSHDATA4
-            const auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA4
-                              << opcodetype(0xff) << opcodetype(0xff)};
+            auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA4};
+            script.push_back(0xff);
+            script.push_back(0xff);
             BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 1);
         }
         {
             // not enough data after OP_PUSHDATA4
-            const auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA4
-                              << opcodetype(0xff) << opcodetype(0xff) << opcodetype(0xff)};
+            auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA4};
+            script.push_back(0xff);
+            script.push_back(0xff);
+            script.push_back(0xff);
             BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 1);
         }
         {
             // out of bounds OP_PUSHDATA4 data size ignoring OP_CHECKMULTISIGVERIFY
-            const auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA4
-                              << opcodetype(100) << opcodetype(0xff) << opcodetype(0xff) << opcodetype(0xff)
-                              << OP_CHECKSIG << OP_CHECKSIGVERIFY << OP_CHECKMULTISIG << OP_CHECKMULTISIGVERIFY};
+            auto script{CScript{} << OP_CHECKSIG << OP_PUSHDATA4};
+            constexpr uint8_t length[]{100, 0xff, 0xff, 0xff};
+            script.insert(script.end(), length, length + sizeof(length));
+            script << OP_CHECKSIG << OP_CHECKSIGVERIFY << OP_CHECKMULTISIG << OP_CHECKMULTISIGVERIFY;
             BOOST_CHECK_EQUAL(script.CountSigOps(fAccurate), 1);
         }
     }

Avoids opcodetype() for non-opcodes.
Makes the CScript mutable, but the scopes are narrow.

l0rinc commented at 5:17 PM on August 13, 2025:

Thanks, I was explicitly trying to avoid these, but maybe we can polish this in a follow-up.

in src/script/script.h:None in 748b10bbe8 outdated

 551 | +     * Count the number of signature operations (sigops) in this script.
 552 | +     *
 553 | +     * The `fAccurate` parameter controls how sigops are counted for `CHECKMULTISIG` operations.
 554 | +     * When enforcing the `MAX_BLOCK_SIGOPS_COST` limit, set `fAccurate` to `true` when
 555 | +     * analyzing P2SH redeem scripts or SegWit witness scripts, and to `false` when analyzing
 556 | +     * scriptPubKeys or scriptSigs.

hodlinator commented at 11:39 AM on August 8, 2025:

nit: Could include newer/clearer terms?

     * locking scripts (scriptPubKeys) or unlocking scripts (scriptSigs).

or

     * scriptPubKeys (locking scripts) or scriptSigs (unlocking scripts).

Same for CountP2SHSigOps().

ryanofsky commented at 3:01 PM on August 8, 2025:

re: #32729 (review)

nit: Could include newer/clearer terms?

Suggestion seems ok, but just to push back a little I like terms scriptPubKey and scriptSig because they are concrete, easy to google and grep, and I'd think probably familiar to most people reading this. But maybe I'm wrong if newer documentation uses different terms, and it seems fine to add them.

l0rinc commented at 5:49 AM on August 11, 2025:

Sure, added it to Russ's latest doc.

in src/test/script_tests.cpp:None in 748b10bbe8 outdated

1621 | -    BOOST_CHECK(!script.HasValidOps());
1622 | +    BOOST_CHECK( ToScript("76a9141234567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac"_hex).HasValidBaseOps()); // Normal script
1623 | +    BOOST_CHECK( ToScript("76a914ff34567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac"_hex).HasValidBaseOps());
1624 | +    BOOST_CHECK(!ToScript("ff88ac"_hex).HasValidBaseOps()); // Script with OP_INVALIDOPCODE explicit
1625 | +    BOOST_CHECK(!ToScript("88acc0"_hex).HasValidBaseOps()); // Script with undefined opcode
1626 | +    BOOST_CHECK(!ToScript("ba"_hex).HasValidBaseOps());     // OP_CHECKSIGADD > MAX_BASE_OPCODE

hodlinator commented at 12:24 PM on August 8, 2025:

Could say it in code:


    static_assert(OP_CHECKSIGADD > MAX_BASE_OPCODE);
    BOOST_CHECK(!CScript{CScript{} << OP_CHECKSIGADD}.HasValidBaseOps());

l0rinc commented at 5:51 AM on August 11, 2025:

Added something similar, thanks

in src/policy/policy.cpp:None in 748b10bbe8 outdated

 179 | @@ -180,9 +180,9 @@ static bool CheckSigopsBIP54(const CTransaction& tx, const CCoinsViewCache& inpu
 180 |          // This means sigops in the spent scriptPubKey count toward the limit.
 181 |          // `fAccurate` means correctly accounting sigops for CHECKMULTISIGs(VERIFY) with 16 pubkeys
 182 |          // or fewer. This method of accounting was introduced by BIP16, and BIP54 reuses it.
 183 | -        // The GetSigOpCount call on the previous scriptPubKey counts both bare and P2SH sigops.
 184 | -        sigops += txin.scriptSig.GetSigOpCount(/*fAccurate=*/true);
 185 | -        sigops += prev_txo.scriptPubKey.GetSigOpCount(txin.scriptSig);
 186 | +        sigops += prev_txo.scriptPubKey.CountSigOps(/*fAccurate=*/true);
 187 | +        sigops += txin.scriptSig.CountSigOps(/*fAccurate=*/true);
 188 | +        sigops += CountP2SHSigOps(txin.scriptSig, prev_txo.scriptPubKey);

hodlinator commented at 12:42 PM on August 8, 2025:

This function is covered in transaction_tests.cpp/max_standard_legacy_sigops, but the change is still a bit scary.

Old behavior:

txin.scriptSig.GetSigOpCount(/*fAccurate=*/true) would count txin.scriptSig sigops.
rev_txo.scriptPubKey.GetSigOpCount(txin.scriptSig) would count sigops from either the P2SH lock script or the previous txo's lock script.

New behavior:

prev_txo.scriptPubKey.CountSigOps(/*fAccurate=*/true) counts sigops from the previous txo's lock script.
txin.scriptSig.CountSigOps(/*fAccurate=*/true) counts txin.scriptSig sigops (same as before).
CountP2SHSigOps(txin.scriptSig, prev_txo.scriptPubKey) will count txin.scriptSig sigops, only if prev_txo.scriptPubKey is P2SH.

I guess prev_txo.scriptPubKey.CountSigOps(/*fAccurate=*/true) will not find any sigops if prev_txo.scriptPubKey is P2SH, making the end result the same?

Wish this were more clear through code, or commented.

ryanofsky commented at 2:58 PM on August 8, 2025:

re: #32729 (review)

I guess prev_txo.scriptPubKey.CountSigOps(/*fAccurate=*/true) will not find any sigops if prev_txo.scriptPubKey is P2SH, making the end result the same?

Yes results should be the same for that reason. A goal of this change is to make the CheckSigopsBIP54 function match the BIP54 specification which says "For each input in the transaction, count the number of CHECKSIG and CHECKMULTISIG in the input scriptSig and previous output's scriptPubKey, including the P2SH redeemScript."

l0rinc commented at 5:54 AM on August 11, 2025:

Added Russ's explanation to the commit message.

hodlinator commented at 1:35 PM on August 8, 2025: contributor

Concept ACK 748b10bbe864191ef49c32e0963e048b939f6088

Overall incremental improvements, good to add more coverage of sigop-counting considering it is in vogue.

ryanofsky approved

ryanofsky commented at 3:24 PM on August 8, 2025: contributor

Code review ACK 748b10bbe864191ef49c32e0963e048b939f6088. Just small cleanups and suggested changes since last review. Thanks for the updates!

DrahtBot requested review from hodlinator on Aug 8, 2025

l0rinc force-pushed on Aug 11, 2025

l0rinc commented at 6:03 AM on August 11, 2025: contributor

Thanks for the reviews, addressed all concerns - either by applying it or explaining my take. Let me know if I left out something.

in src/script/script.h:1 in dff42e3af7 outdated

hodlinator commented at 12:38 PM on August 12, 2025:

nit: The added IsPayToWitnessPubKeyHash() makes tests feel more complete, but is pretty much dead code.

l0rinc commented at 3:50 PM on August 12, 2025:

I'm planning on using these to short-circuit sigop counting, see https://github.com/bitcoin/bitcoin/pull/32532/files#diff-6da39bed8a76fcaae51f021f0cdd906748aa99fdbf2d41981947f6a1b18fbe7bR192

hodlinator commented at 9:46 PM on August 12, 2025:

Ah, now I recall it from the PR description.

nit: Would be nice to add that motivation in the commit message when adding IsPayToWitnessPubKeyHash().

l0rinc commented at 10:21 PM on August 12, 2025:

Sure, done

in src/script/script.cpp:None in 6b167d5835 outdated

 221 | @@ -222,15 +222,6 @@ bool CScript::IsPayToAnchor(int version, const std::vector<unsigned char>& progr
 222 |          program[1] == 0x73;
 223 |  }
 224 |  
 225 | -bool CScript::IsPayToScriptHash() const

hodlinator commented at 12:56 PM on August 12, 2025:

In 6b167d5835b68297b259cc99baee8eff3968155a etc, what is the gain from making these methods inline by moving them to the header?
nit: If these moves are kept, would suggest using "move" rather than "pull" in the commit message.
nit: Would suggest using "extract" rather than "add" (except for IsPayToWitnessPubKeyHash() which is new code).

l0rinc commented at 3:46 PM on August 12, 2025:

we don't introduce a header + implementation duplication - what would be the advantage in this case of separating them to header + impl?

2,3) done

hodlinator commented at 10:01 PM on August 12, 2025:

2,3) thanks!

1): Arguments for avoiding the move:

➕: Avoids moving 4 functions to headers, minimizing the diff and making it clearer which parts of the body changed if any.

➕: Someone chose to have them like this, so best to avoid flip-flopping for minor reasons.

➕: Keeps the script.h header small and faster to re-parse for each compilation unit as it is a commonly included header, direct includes:

₿ git grep "<script/script\.h>" |wc -l
98

(➖): Not inlining adds some linking time, but those functions are rarely called.

➕: Increases readability for getting an overview of CScript for programmers using editors that don't auto-collapse function bodies.

l0rinc commented at 10:21 PM on August 12, 2025:

I prefer having them in the same place, @ryanofsky, where do you think these helpers belong, in header or cpp?

ryanofsky commented at 12:04 PM on August 13, 2025:

re: #32729 (review)

I prefer having them in the same place, @ryanofsky, where do you think these helpers belong, in header or cpp?

No real opinion, I just assumed these needed to be moved for the optimization in d76d7531dfcc7ef2d104b8977a2239cb1fc89119.

Abstractly, I think it makes sense for these to be in a header file since they are low-level and natural candidates to inline. Ideally I don't think they'd be in this header file for reasons hodlinator mentioned, and I would probably want them to be standalone functions not class methods since I think the purpose of classes is to encapsulate internal state and these aren't accessing anything private.

But I think anything is fine here, and it makes sense to go with your preference if there aren't objections.

hodlinator commented at 3:10 PM on January 21, 2026:

Was reminded of this move of function bodies from .CPP to header file in the latest Optech podcast on the topic of mutation testing. Admittedly they say re-running tests takes much more time than re-compiling, but leaning towards keeping function bodies in .CPP-files would help mutation testing iteration too.

l0rinc commented at 1:21 PM on January 22, 2026:

Keeping the implementation in the header enables the compiler to see the full definition at every call site, allowing additional optimizations.

It's a good point to measure it (even though most compilations are cached), I would still want to know if this affects the speed. I have measured it for Debug/Release/RelWithDebInfo for gcc/clang and I couldn't measure any speed change for the same settings. The difference between compilers is a lot bigger: <img width="1506" height="681" alt="image" src="https://github.com/user-attachments/assets/a56244d4-27b9-47d3-8e0b-4805b74fbb19" />

<details> <summary>Details</summary>

COMMITS="898e8d3a2d3549b5fd0cbf6722767f143f9242ee 72be34291f9c1d44380708513668595eb4f28c0a"; \                                                                                                        
(for c in $COMMITS; do git fetch -q origin $c && git log -1 --pretty='%h %s' $c || exit 1; done) && \
echo "$(date -I) | compilation | $(hostname) | $(uname -m) | $(nproc) cores" && \
hyperfine \
  --runs 5 \
  --sort command \
  --parameter-list COMMIT ${COMMITS// /,} \
  --parameter-list BUILD_TYPE Debug,Release,RelWithDebInfo \
  --parameter-list COMPILER gcc,clang \
  --prepare 'git checkout {COMMIT} && git clean -fxd && git reset --hard && rm -rf build && \
    if [ "{COMPILER}" = "gcc" ]; then CC=gcc CXX=g++; else CC=clang CXX=clang++; fi && \
    CCACHE_DISABLE=1 cmake -B build -DCMAKE_BUILD_TYPE={BUILD_TYPE} -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX' \
  'CCACHE_DISABLE=1 cmake --build build -j$(nproc)'
898e8d3a2d Merge bitcoin/bitcoin#34296: refactor: [move-only] Merge core_io module, remove from libkernel
72be34291f fuzz: Extend `ConsumeOpcodeType` to cover all possible ops
2026-01-22 | compilation | i9-ssd | x86_64 | 16 cores
Benchmark 1: CCACHE_DISABLE=1 cmake --build build -j$(nproc) (COMMIT = 898e8d3a2d3549b5fd0cbf6722767f143f9242ee, BUILD_TYPE = Debug, COMPILER = gcc)
  Time (mean ± σ):     209.487 s ±  1.041 s    [User: 2721.799 s, System: 202.101 s]
  Range (min ... max):   208.488 s ... 211.114 s    5 runs
 
Benchmark 2: CCACHE_DISABLE=1 cmake --build build -j$(nproc) (COMMIT = 72be34291f9c1d44380708513668595eb4f28c0a, BUILD_TYPE = Debug, COMPILER = gcc)
  Time (mean ± σ):     209.884 s ±  0.309 s    [User: 2728.227 s, System: 201.869 s]
  Range (min ... max):   209.570 s ... 210.319 s    5 runs
 
Benchmark 3: CCACHE_DISABLE=1 cmake --build build -j$(nproc) (COMMIT = 898e8d3a2d3549b5fd0cbf6722767f143f9242ee, BUILD_TYPE = Release, COMPILER = gcc)
  Time (mean ± σ):     224.956 s ±  0.676 s    [User: 3116.142 s, System: 160.579 s]
  Range (min ... max):   223.980 s ... 225.616 s    5 runs
 
Benchmark 4: CCACHE_DISABLE=1 cmake --build build -j$(nproc) (COMMIT = 72be34291f9c1d44380708513668595eb4f28c0a, BUILD_TYPE = Release, COMPILER = gcc)
  Time (mean ± σ):     225.117 s ±  0.625 s    [User: 3123.141 s, System: 160.827 s]
  Range (min ... max):   224.126 s ... 225.762 s    5 runs
 
Benchmark 5: CCACHE_DISABLE=1 cmake --build build -j$(nproc) (COMMIT = 898e8d3a2d3549b5fd0cbf6722767f143f9242ee, BUILD_TYPE = RelWithDebInfo, COMPILER = gcc)
  Time (mean ± σ):     302.039 s ±  0.836 s    [User: 4090.930 s, System: 211.996 s]
  Range (min ... max):   300.761 s ... 302.942 s    5 runs
 
Benchmark 6: CCACHE_DISABLE=1 cmake --build build -j$(nproc) (COMMIT = 72be34291f9c1d44380708513668595eb4f28c0a, BUILD_TYPE = RelWithDebInfo, COMPILER = gcc)
  Time (mean ± σ):     302.246 s ±  0.848 s    [User: 4099.721 s, System: 211.801 s]
  Range (min ... max):   301.038 s ... 302.983 s    5 runs
 
Benchmark 7: CCACHE_DISABLE=1 cmake --build build -j$(nproc) (COMMIT = 898e8d3a2d3549b5fd0cbf6722767f143f9242ee, BUILD_TYPE = Debug, COMPILER = clang)
  Time (mean ± σ):     196.074 s ±  0.700 s    [User: 2722.762 s, System: 116.160 s]
  Range (min ... max):   195.183 s ... 197.136 s    5 runs
 
Benchmark 8: CCACHE_DISABLE=1 cmake --build build -j$(nproc) (COMMIT = 72be34291f9c1d44380708513668595eb4f28c0a, BUILD_TYPE = Debug, COMPILER = clang)
  Time (mean ± σ):     196.378 s ±  0.412 s    [User: 2726.934 s, System: 116.125 s]
  Range (min ... max):   195.716 s ... 196.699 s    5 runs
 
Benchmark 9: CCACHE_DISABLE=1 cmake --build build -j$(nproc) (COMMIT = 898e8d3a2d3549b5fd0cbf6722767f143f9242ee, BUILD_TYPE = Release, COMPILER = clang)
  Time (mean ± σ):     224.457 s ±  0.408 s    [User: 3231.299 s, System: 105.116 s]
  Range (min ... max):   223.965 s ... 224.951 s    5 runs
 
Benchmark 10: CCACHE_DISABLE=1 cmake --build build -j$(nproc) (COMMIT = 72be34291f9c1d44380708513668595eb4f28c0a, BUILD_TYPE = Release, COMPILER = clang)
  Time (mean ± σ):     225.254 s ±  0.472 s    [User: 3237.303 s, System: 105.346 s]
  Range (min ... max):   224.615 s ... 225.770 s    5 runs
 
Benchmark 11: CCACHE_DISABLE=1 cmake --build build -j$(nproc) (COMMIT = 898e8d3a2d3549b5fd0cbf6722767f143f9242ee, BUILD_TYPE = RelWithDebInfo, COMPILER = clang)
  Time (mean ± σ):     255.072 s ±  0.713 s    [User: 3626.257 s, System: 114.702 s]
  Range (min ... max):   254.147 s ... 255.967 s    5 runs
 
Benchmark 12: CCACHE_DISABLE=1 cmake --build build -j$(nproc) (COMMIT = 72be34291f9c1d44380708513668595eb4f28c0a, BUILD_TYPE = RelWithDebInfo, COMPILER = clang)
  Time (mean ± σ):     255.039 s ±  0.707 s    [User: 3634.755 s, System: 114.830 s]
  Range (min ... max):   253.926 s ... 255.840 s    5 runs

</details>

hodlinator commented at 1:45 PM on January 22, 2026:

It is correct that in the bigger post above I wrote

Keeps the script.h header small and faster to re-parse for each compilation unit as it is a commonly included header, direct includes:
₿ git grep "<script/script\.h>" |wc -l
98

You show that full project compilation speed is virtually unaffected between having function bodies in header/.CPP file. But in the case of mutation testing in my previous message, I'm more concerned about invalidating 98 translation units directly (possibly others indirectly) - instead of 1 translation unit, due to mutating/modifying function bodies.

l0rinc commented at 2:01 PM on January 22, 2026:

If you decide to test that, let me know what you find.

maflcko commented at 4:54 PM on January 22, 2026:

If you decide to test that, let me know what you find.

Not sure why this needs testing. Compiling 85 translation units will be slower than compiling a single one. Unless one has 85 CPU threads, but then it will still take more CPU time.

l0rinc commented at 4:58 PM on January 22, 2026:

I'm not sure why that matters here - we're talking about possibly "optimizing" a few milliseconds from compilation while ignoring runtime speedups, aren't we?

maflcko commented at 5:18 PM on January 22, 2026:

ignoring runtime speedups

The function GetLegacySigOpCount is in the C++ file, so in the same translation unit as the util methods, regardless of where they are located. So there should be no runtime speed difference at all. If there is, then that sounds like a compiler bug.

hodlinator commented at 1:15 PM on August 12, 2025: contributor

Reviewed cf8f476ef25e4fe43e67970ee2ec6a265d49e763

Main thing remaining is question about motivation behind moving methods (see inline comment).

fanquake commented at 1:19 PM on August 12, 2025: member

https://github.com/bitcoin/bitcoin/actions/runs/16872143934/job/47788785406?pr=32729#step:6:4338:

 test/script_tests.cpp(1620): Entering test case "GetOpName_no_missing_mnemonics"
/home/runner/work/_temp/src/test/script_tests.cpp:1622:25: runtime error: load of value 256, which is not a valid value for type 'opcodetype'
    [#0](/bitcoin-bitcoin/0/) 0x559b4df3e847 in script_tests::GetOpName_no_missing_mnemonics::test_method() /home/runner/work/_temp/build-asan/src/test/./test/script_tests.cpp:1622:25
    [#1](/bitcoin-bitcoin/1/) 0x559b4df3ba1b in script_tests::GetOpName_no_missing_mnemonics_invoker() /home/runner/work/_temp/build-asan/src/test/./test/script_tests.cpp:1620:1
    [#2](/bitcoin-bitcoin/2/) 0x559b4d0f360d in boost::function0<void>::operator()() const /usr/include/boost/function/function_template.hpp:771:14
    [#3](/bitcoin-bitcoin/3/) 0x559b4d174328 in boost::detail::forward::operator()() /usr/include/boost/test/impl/execution_monitor.ipp:1395:32
    [#4](/bitcoin-bitcoin/4/) 0x559b4d174328 in boost::detail::function::function_obj_invoker0<boost::detail::forward, int>::invoke(boost::detail::function::function_buffer&) /usr/include/boost/function/function_template.hpp:137:18
    [#5](/bitcoin-bitcoin/5/) 0x559b4d16de2d in boost::function0<int>::operator()() const /usr/include/boost/function/function_template.hpp:771:14
    [#6](/bitcoin-bitcoin/6/) 0x559b4d0598fc in int boost::detail::do_invoke<boost::shared_ptr<boost::detail::translator_holder_base>, boost::function<int ()>>(boost::shared_ptr<boost::detail::translator_holder_base> const&, boost::function<int ()> const&) /usr/include/boost/test/impl/execution_monitor.ipp:308:30
    [#7](/bitcoin-bitcoin/7/) 0x559b4d0598fc in boost::execution_monitor::catch_signals(boost::function<int ()> const&) /usr/include/boost/test/impl/execution_monitor.ipp:910:16
    [#8](/bitcoin-bitcoin/8/) 0x559b4d059e0d in boost::execution_monitor::execute(boost::function<int ()> const&) /usr/include/boost/test/impl/execution_monitor.ipp:1308:16
    [#9](/bitcoin-bitcoin/9/) 0x559b4d052498 in boost::execution_monitor::vexecute(boost::function<void ()> const&) /usr/include/boost/test/impl/execution_monitor.ipp:1404:5
    [#10](/bitcoin-bitcoin/10/) 0x559b4d052498 in boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::function<void ()> const&, unsigned long) /usr/include/boost/test/impl/unit_test_monitor.ipp:49:9
    [#11](/bitcoin-bitcoin/11/) 0x559b4d0b5fd4 in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned long, boost::unit_test::framework::state::random_generator_helper const*) /usr/include/boost/test/impl/framework.ipp:815:44
    [#12](/bitcoin-bitcoin/12/) 0x559b4d0b4e9b in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned long, boost::unit_test::framework::state::random_generator_helper const*) /usr/include/boost/test/impl/framework.ipp:784:58
    [#13](/bitcoin-bitcoin/13/) 0x559b4d0b4e9b in boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned long, boost::unit_test::framework::state::random_generator_helper const*) /usr/include/boost/test/impl/framework.ipp:784:58
    [#14](/bitcoin-bitcoin/14/) 0x559b4d0508eb in boost::unit_test::framework::run(unsigned long, bool) /usr/include/boost/test/impl/framework.ipp:1722:29
    [#15](/bitcoin-bitcoin/15/) 0x559b4d07f350 in boost::unit_test::unit_test_main(boost::unit_test::test_suite* (*)(int, char**), int, char**) /usr/include/boost/test/impl/unit_test_main.ipp:250:9
    [#16](/bitcoin-bitcoin/16/) 0x7f2c01d841c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f)
    [#17](/bitcoin-bitcoin/17/) 0x7f2c01d8428a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f)
    [#18](/bitcoin-bitcoin/18/) 0x559b4cf44984 in _start (/home/runner/work/_temp/build-asan/bin/test_bitcoin+0x12c5984) (BuildId: 536afe9665aa0f1665ca9d21723b3d0c1c5aa9a6)

SUMMARY: UndefinedBehaviorSanitizer: invalid-enum-load /home/runner/work/_temp/src/test/script_tests.cpp:1622:25

bitcoin deleted a comment on Aug 12, 2025

l0rinc force-pushed on Aug 12, 2025

l0rinc commented at 4:26 PM on August 12, 2025: contributor

Thanks, addresses remaining nits + fixed test opcode name iteration boundary failure: https://github.com/bitcoin/bitcoin/compare/cf8f476ef25e4fe43e67970ee2ec6a265d49e763..738b620f314780751c4db3af87c9f22792723125 (rebased in a separate push)

l0rinc force-pushed on Aug 12, 2025

ryanofsky approved

ryanofsky commented at 12:12 PM on August 13, 2025: contributor

Code review ACK 3219b59c47d5a487a1129f702602f58ca9285342. A lot of test improvements since last review, only comment and whitespace changes in non-test code. I think I'm caught up on the discussion now too

DrahtBot requested review from hodlinator on Aug 13, 2025

hodlinator approved

hodlinator commented at 7:49 PM on August 13, 2025: contributor

ACK 3219b59c47d5a487a1129f702602f58ca9285342

Renaming the sigop-counting functions while changing behavior of CScript::GetSigOpCount(const CScript& scriptSig)/CountP2SHSigOps(const CScript& scriptSig, const CScript& scriptPubKey) makes it relatively easy to verify the change, as no lingering GetSigOpCount overloads remain.

Renaming HasValidOps() -> HasValidBaseOps() makes one paranoid that we haven't been supporting Tapscript op codes everywhere, but the function is not used in those contexts.

I disagree with moving IsPayToTaproot() etc from .CPP to .H, but it's not blocking.

Stay humble and stack commits! :) (Not advocating for merging commits, it is helpful to keep similar transforms applied to different areas in separate commits, other reviewers shouldn't be scared by the high count of them).

DrahtBot added the label Needs rebase on Jan 14, 2026

l0rinc commented at 5:09 PM on January 15, 2026: contributor

Rebased, ready for review again. This change is mostly about tests and benchmarks and cleanup, let me know if you think the two should be added separately instead.

l0rinc force-pushed on Jan 15, 2026

DrahtBot removed the label Needs rebase on Jan 15, 2026

DrahtBot added the label Needs rebase on Jan 19, 2026

l0rinc force-pushed on Jan 19, 2026

DrahtBot removed the label Needs rebase on Jan 19, 2026

hodlinator approved

hodlinator commented at 8:22 AM on January 20, 2026: contributor

re-ACK 72be34291f9c1d44380708513668595eb4f28c0a

Changes since ACK #32729#pullrequestreview-3117474040:

No longer specifying high priority in BENCHMARK-macros.
Handle txvalidation_tests.cpp diff context changing (probably due to Cluster Mempool).
Handle code having been moved from core_read.cpp to core_io.cpp.

DrahtBot requested review from ryanofsky on Jan 20, 2026

DrahtBot added the label Needs rebase on Mar 19, 2026

l0rinc force-pushed on Mar 20, 2026

l0rinc commented at 12:27 AM on March 20, 2026: contributor

Trivial include-only rebase after #29060 - ready for review again.

DrahtBot removed the label Needs rebase on Mar 20, 2026

DrahtBot added the label Needs rebase on Apr 6, 2026

bench: measure `SigOpsBlock` speed separately

Add benchmark to measure the performance of counting legacy signature operations in a block, independent of other validation steps.

164451ac64

refactor: rename `GetSigOpCount` to `CountSigOps`

Previous `GetSigOpCount` method was overloaded to take either a `bool` or `scriptSig` as a parameter, without an explanation of when to call each overload.
New `CountSigOps` method avoids the overloading and documents how it should be called. The name was chosen to be clearer and consistent with the newer `CountWitnessSigOps` function.
Besides the renames, also added primitive argument name reminders to the call sites to highlight the meaning of the call.

Co-authored-by: Ryan Ofsky <ryan@ofsky.org>

1f77c9a665

refactor: split off `P2SH` from `GetSigOpCount`

The name `CountP2SHSigOps` was chosen to match `CountWitnessSigOps`, since the two functions are counterparts for handling `P2SH` and `SegWit` scripts.
Also, it's called by `GetP2SHSigOpCount` in consensus, so the new name clarifies its significance.

A goal of this change is to make the `CheckSigopsBIP54` function match the BIP54 specification which says "For each input in the transaction, count the number of CHECKSIG and CHECKMULTISIG in the input scriptSig and previous output's scriptPubKey, including the P2SH redeemScript."

Co-authored-by: Ryan Ofsky <ryan@ofsky.org>

143c5b1a86

refactor: move the script-hash-size constants to `script.h`

This enables using these constants in script.h definitions in upcoming commits. No naming conflicts exist with these constant names.

f47a6bfde3

refactor: move `IsPayToScriptHash` to header

Moved the implementation to the header (implicitly inline + noexcept), removed redundant `this` and parentheses and changed the `0x14`/`20` magic constants to descriptive `HASH160_OUTPUT_SIZE`.
See: https://learnmeabitcoin.com/technical/script/p2sh/#scriptpubkey

756a2a82d9

refactor: move `IsPayToWitnessScriptHash` to header

Moved the implementation to the header (implicitly inline + noexcept), removed redundant `this` and parentheses, and changed the `0x20` magic constant to descriptive `WITNESS_V0_SCRIPTHASH_SIZE`.
See: https://learnmeabitcoin.com/technical/script/p2wsh/#scriptpubkey

64d8210f4c

refactor: move `IsPayToAnchor` to header

Moved the implementation to the header (implicitly inline + noexcept), removed redundant `this` and parentheses.

6ec83a8b6d

refactor: move `IsPayToTaproot` to header

Moved the implementation to the header (implicitly inline + noexcept), removed redundant `this` and parentheses, and changed the `0x20` magic constant to descriptive `WITNESS_V1_TAPROOT_SIZE`.
See: https://learnmeabitcoin.com/technical/script/p2tr/#scriptpubkey

f18a70352e

refactor: extract `IsPayToPubKeyHash` helper to script.h

The usages in `compressor.cpp` and `solver.cpp` were also updated to use the new method.
See: https://learnmeabitcoin.com/technical/script/p2pkh/#scriptpubkey

8bb02de695

refactor: extract `IsCompressedPayToPubKey` helper to script.h

The usages in `compressor.cpp` and `solver.cpp` were also updated to use the new method.
Note that compressor has additional prefix checks as well, which are not properly exercised by the `compressed_p2pk` unit test.
See: https://learnmeabitcoin.com/technical/script/p2pk/#scriptpubkey and https://learnmeabitcoin.com/technical/keys/public-key/#compressed

8ad289e67d

refactor: extract `IsUncompressedPayToPubKey` helper to script.h

The usages in `compressor.cpp` and `solver.cpp` were also updated to use the new method.
Note that compressor has additional prefix checks as well, which are not properly exercised by the `uncompressed_p2pk` unit test.
See: https://learnmeabitcoin.com/technical/script/p2pk/#scriptpubkey and https://learnmeabitcoin.com/technical/keys/public-key/#uncompressed

8533020039

refactor: add `IsPayToWitnessPubKeyHash` helper to script.h

This template helper isn't used outside of tests yet, but for the sake of completeness - and since we're planning on using this for upcoming optimizations -, it's added as a last step.

See: https://learnmeabitcoin.com/technical/script/p2wpkh/#scriptpubkey

0fcfdd4f0b

test: add `CountSigOps` edge-cases & known-template coverage

* `CountSigOpsKnownTemplates` asserts the expected legacy/accurate sig-op totals for all common known script templates (P2PKH, P2SH, P2WPKH/WSH, P2TR, compressed & uncompressed P2PK, OP_RETURN, multisig).
* `CountSigOpsErrors` feeds malformed PUSHDATA sequences to confirm the parser never crashes and still counts sig-ops that appear before the error.
* `GetOpName_no_missing_mnemonics` checks all opcode names by category.

Co-authored-by: Hodlinator <172445034+hodlinator@users.noreply.github.com>
Co-authored-by: Ryan Ofsky <ryan@ofsky.org>

dd235042b4

refactor: distinguish pre-Taproot opcodes from all opcodes in script validation

Renames `HasValidOps()` to `HasValidBaseOps()` and `MAX_OPCODE` to `MAX_BASE_OPCODE` to clarify that pre-Taproot script validation should only accept opcodes up to OP_NOP10 (0xb9).

This prevents Tapscript-only opcodes like OP_CHECKSIGADD (0xba) from being considered valid in scriptPubKey and scriptSig contexts, where only pre-Taproot opcodes should be allowed.

9690c1cd51

test: exercise the `HasValidBaseOps` functionality

Add explicit test case checking that OP_CHECKSIGADD > MAX_BASE_OPCODE (i.e. that we have opcodes bigger than the max).
The other changes in the test are just inlines to reduce scope.

Also note that `OpCodeParser` deliberately skips `OP_CHECKSIGADD`, see: `script_parse_tests/parse_script`.

31b7c574a5

fuzz: Extend `ConsumeOpcodeType` to cover all possible ops

`OP_CHECKSIGADD` wasn't tested this way at all, but we should fuzz all possible values anyway.

fa5338ece6

l0rinc force-pushed on Apr 7, 2026

l0rinc commented at 2:38 PM on April 7, 2026: contributor

Rebased after the #34208 - which completely removed one of the benchmark commits from this PR, simplifying it even more. Ready for review.

DrahtBot removed the label Needs rebase on Apr 7, 2026