aboutsummaryrefslogtreecommitdiff
path: root/src/test/util_tests.cpp
AgeCommit message (Collapse)Author
2024-07-26Merge bitcoin/bitcoin#30386: Early logging improvementsRyan Ofsky
b4dd7ab43e8cfc2c171f67588e4e1ec2705393c2 logging: use std::string_view (Anthony Towns) 558df5c733d31456faf856d44f7037f41981d797 logging: Apply formatting to early log messages (Anthony Towns) 6cf9b344409efcc41a2b34f87100d25e1d2486af logging: Limit early logging buffer (Anthony Towns) 0b1960f1b29cfe5209ac68102c8643fc9553f247 logging: Add DisableLogging() (Anthony Towns) 6bbc2dd6c50f09ff1e70423dc29a404b570f5b69 logging: Add thread safety annotations (Anthony Towns) Pull request description: In order to cope gracefully with `Log*()` calls that are invoked prior to logging being fully configured (indicated by calling `StartLogging()` we buffer early log messages in `m_msgs_before_open`. This has a couple of minor issues: * if there are many such log messages the buffer can become arbitrarily large; this can be a problem for users of libkernel that might not wish to worry about logging at all, and as a result never invoke `StartLogging()` * early log messages are formatted before the formatting options are configured, leading to inconsistent output Fix those issues by buffering the log info prior to formatting it, and setting a limit on the size of the buffer (dropping the oldest lines, and reporting the number of lines skipped). Also adds some thread safety annotations, and the ability to invoke `LogInstance().DisableLogging()` if you want to disable logging entirely, for a minor efficiency improvement. ACKs for top commit: maflcko: re-ACK b4dd7ab43e8cfc2c171f67588e4e1ec2705393c2 🕴 ryanofsky: Code review ACK b4dd7ab43e8cfc2c171f67588e4e1ec2705393c2 TheCharlatan: Nice, ACK b4dd7ab43e8cfc2c171f67588e4e1ec2705393c2 Tree-SHA512: 966660181276939225a9f776de6ee0665e44577d2ee9cc76b06c8937297217482e6e426bdc5772d1ce533a0ba093a8556b6a50857d4c876ad8923e432a200440
2024-07-19logging: use std::string_viewAnthony Towns
2024-07-11Merge bitcoin/bitcoin#30234: Enable clang-tidy checks for self-assignmentmerge-script
26a7f70b5d2b1cbfbf03e0b57b9b5ea92dafbb19 ci: enable self-assignment clang-tidy check (Cory Fields) 32b1d1379258aa57c2a7e278f60d1117fcf17953 refactor: add self-assign checks to classes which violate the clang-tidy check (Cory Fields) Pull request description: See comment here: https://github.com/bitcoin/bitcoin/pull/30161#issuecomment-2148229582 Our code failed these checks in three places, which have been fixed up here. Though these appear to have been harmless, adding the check avoids the copy in the self-assignment case so there should be no downside. ~Additionally, minisketch failed the check as well. See https://github.com/sipa/minisketch/pull/87~ Edit: Done After fixing up the violations, turn on the aggressive clang-tidy check. Note for reviewers: `git diff -w` makes this trivial to review. ACKs for top commit: hebasto: ACK 26a7f70b5d2b1cbfbf03e0b57b9b5ea92dafbb19, I have reviewed the code and it looks OK. TheCharlatan: ACK 26a7f70b5d2b1cbfbf03e0b57b9b5ea92dafbb19 Tree-SHA512: 74d8236a1b5a698f2f61c4740c4fc77788b7f882c4b395acc4e6bfef1ec8a4554ea8821a26b14d70cfa6c8e2e9ea305deeea3fbf323967fa19343c007a53c5ba
2024-07-01tests: overhaul deterministic test randomnessPieter Wuille
The existing code provides two randomness mechanisms for test purposes: - g_insecure_rand_ctx (with its wrappers InsecureRand*), which during tests is initialized using either zeros (SeedRand::ZEROS), or using environment-provided randomness (SeedRand::SEED). - g_mock_deterministic_tests, which controls some (but not all) of the normal randomness output if set, but then makes it extremely predictable (identical output repeatedly). Replace this with a single mechanism, which retains the SeedRand modes to control all randomness. There is a new internal deterministic PRNG inside the random module, which is used in GetRandBytes() when in test mode, and which is also used to initialize g_insecure_rand_ctx. This means that during tests, all random numbers are made deterministic. There is one exception, GetStrongRandBytes(), which even in test mode still uses the normal PRNG state. This probably opens the door to removing a lot of the ad-hoc "deterministic" mode functions littered through the codebase (by simply running relevant tests in SeedRand::ZEROS mode), but this isn't done yet.
2024-06-14refactor: add self-assign checks to classes which violate the clang-tidy checkCory Fields
Both of these cases appear to be harmless, but adding the tests allows us to turn on the aggressive clang-tidy checks.
2024-05-16util: Move util/string.h functions to util namespaceRyan Ofsky
There are no changes to behavior. Changes in this commit are all additions, and are easiest to review using "git diff -U0 --word-diff-regex=." options. Motivation for this change is to keep util functions with really generic names like "Split" and "Join" out of the global namespace so it is easier to see where these functions are defined, and so they don't interfere with function overloading, especially since the util library is a dependency of the kernel library and intended to be used with external code.
2024-05-16util: move spanparsing.h to script/parsing.hRyan Ofsky
Move miniscript / descriptor script parsing functions out of util library so they are not a dependency of the kernel. There are no changes to code or behavior.
2024-05-16util: move util/message to common/signmessageRyan Ofsky
Move util/message to common/signmessage so it is named more clearly, and because the util library is not supposed to depend on other libraries besides the crypto library. The signmessage functions use CKey, CPubKey, PKHash, and DecodeDestination functions in the consensus and common libraries.
2024-03-18refactor: FormatISO8601* without gmtime*MarcoFalke
2023-12-13Merge bitcoin/bitcoin#28075: util: Remove DirIsWritable, GetUniquePathfanquake
fa3da629a1aebcb4500803d7417feed8e34285b0 Remove DirIsWritable, GetUniquePath (MarcoFalke) fad3a9793b71df5bb0b17cc3758cf3466d08c015 Return LockResult::ErrorWrite in LockDirectory (MarcoFalke) fa0afe740843c308f6287b923f1f4d758cf2a3f6 refactor: Return enum in LockDirectory (MarcoFalke) Pull request description: `GetUniquePath` is only used in tests and in `DirIsWritable`. The check by `DirIsWritable` is redundant with the check done in `LockDirectory`. Fix the redundancy by removing everything, except `LockDirectory`. ACKs for top commit: TheCharlatan: Re-ACK fa3da629a1aebcb4500803d7417feed8e34285b0 hebasto: ACK fa3da629a1aebcb4500803d7417feed8e34285b0, I have reviewed the code and it looks OK. Tree-SHA512: e95f18cd586de7582e9c08ac7ddb860bfcfcbc8963804f45c5784c5e4c0598dc59ae7e45dd4daf30a5020dbf8433f5db2ad06e46a8676371982003790043c6c9
2023-11-28test: Setup networking globallyHennadii Stepanov
2023-10-26Remove DirIsWritable, GetUniquePathMarcoFalke
2023-10-26Return LockResult::ErrorWrite in LockDirectoryMarcoFalke
This allows the caller to remove a call to DirIsWritable(), which did a similar check. Users should not notice any different behavior.
2023-10-26refactor: Return enum in LockDirectoryMarcoFalke
This makes it easier to add more Error cases in the future. Also, add missing util namespace.
2023-10-12tidy: modernize-use-emplaceMarcoFalke
2023-09-13Do not use std::vector = {} to release memoryPieter Wuille
2023-05-20refactor: Move system from util to common libraryTheCharlatan
Since the kernel library no longer depends on the system file, move it to the common library instead in accordance to the diagram in doc/design/libraries.md.
2023-04-03refactor: don't avoid sys/types.h on when building for Windowsfanquake
We've already used it unguarded in `httpserver.cpp` for years, with no build issues.
2023-03-23refactor: Move fs.* to util/fs.*TheCharlatan
The fs.* files are already part of the libbitcoin_util library. With the introduction of the fs_helpers.* it makes sense to move fs.* into the util/ directory as well.
2023-03-23refactor: Extract util/fs_helpers from util/systemBen Woosley
This is an extraction of filesystem related functions from util/system into their own utility file. The background of this commit is an ongoing effort to decouple the libbitcoinkernel library from the ArgsManager defined in system.h. Moving these functions out of system.h allows including them from a separate source file without including the ArgsManager definitions from system.h.
2023-02-27Merge bitcoin/bitcoin#25227: Handle invalid hex encoding in ParseHexfanquake
faab273e060d27e166b5fb7fe7692614ec9e5c76 util: Return empty vector on invalid hex encoding (MarcoFalke) fa3549a77bf6a15d8309d36056237f3126baf721 test: Add hex parse unit tests (MarcoFalke) Pull request description: Seems a bit confusing to happily accept random bytes and pretend they are hex encoded strings. ACKs for top commit: stickies-v: re-ACK faab273e060d27e166b5fb7fe7692614ec9e5c76 Tree-SHA512: a808135f744f50aece03d4bf5a71481c7bdca1fcdd0d5b113abdb0c8b382bf81cafee6d17c239041fb49b59f4e19970f24a475378e7f711c3a47d6438de2bdab
2023-02-27util: Return empty vector on invalid hex encodingMarcoFalke
2023-02-27test: Add hex parse unit testsMarcoFalke
2023-02-06Move random test util code from setup_common to randomJon Atack
as many of the unit tests don't use this code
2023-01-03refactor: use braced init for integer constants instead of c style castsPasta
2022-12-24scripted-diff: Bump copyright headersHennadii Stepanov
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT- Commits of previous years: - 2021: f47dda2c58b5d8d623e0e7ff4e74bc352dfa83d7 - 2020: fa0074e2d82928016a43ca408717154a1c70a4db - 2019: aaaaad6ac95b402fe18d019d67897ced6b316ee0
2022-11-14test: Split overly large util_tests.cpp fileMacroFake
2022-11-03Merge bitcoin/bitcoin#25248: refactor: Add LIFETIMEBOUND / -Wdangling-gsl to ↵fanquake
Assert() fa3ea81c3e7d962715788ab5525958a532c51414 refactor: Add LIFETIMEBOUND / -Wdangling-gsl to Assert() (MacroFake) Pull request description: Currently compiles clean, but I think it may still be useful. Can be tested by adding an `&`: ```diff diff --git a/src/test/util_tests.cpp b/src/test/util_tests.cpp index 5766fff92d..300c1ec60f 100644 --- a/src/test/util_tests.cpp +++ b/src/test/util_tests.cpp @@ -125,7 +125,7 @@ BOOST_AUTO_TEST_CASE(util_check) // Check -Wdangling-gsl does not trigger when copying the int. (It would // trigger on "const int&") - const int nine{*Assert(std::optional<int>{9})}; + const int& nine{*Assert(std::optional<int>{9})}; BOOST_CHECK_EQUAL(9, nine); } ``` Output: ``` test/util_tests.cpp:128:29: warning: object backing the pointer will be destroyed at the end of the full-expression [-Wdangling-gsl] const int& nine{*Assert(std::optional<int>{9})}; ^~~~~~~~~~~~~~~~~~~~~ ./util/check.h:75:50: note: expanded from macro 'Assert' #define Assert(val) inline_assertion_check<true>(val, __FILE__, __LINE__, __func__, #val) ^~~ 1 warning generated. ACKs for top commit: jonatack: ACK fa3ea81c3e7d962715788ab5525958a532c51414 theuni: ACK fa3ea81c3e7d962715788ab5525958a532c51414 Tree-SHA512: 17dea4d75f2ee2bf6e1b6a6f6d8f439711c777df0390574e8d8edb6ac9ee807a135341e4439050bd6a15ecc4097a1ba9a7ab15d27541ebf70a4e081fa6871877
2022-10-18test: Remove unused txmempool include from testsMacroFake
2022-10-01refactor: move Boost datetime usage to walletfanquake
This means we don't need datetime in a --disable-wallet build, and it isn't included in the kernel.
2022-08-30Merge bitcoin/bitcoin#25733: tidy: enable bugprone-use-after-moveMacroFake
f345dc3960c2cf4d69ebbcc011e4e836205f0361 tidy: enable bugprone-use-after-move (fanquake) 94f2235f858bc4fdaf0ab0882599f6a228401cf5 test: work around bugprone-use-after-move warnings in util tests (fanquake) Pull request description: Would have caught #25640. Currently `// NOLINT`s around: ```bash test/util_tests.cpp:2513:34: error: 't2' used after it was moved [bugprone-use-after-move,-warnings-as-errors] BOOST_CHECK(v2[0].origin == &t2); ^ test/util_tests.cpp:2511:15: note: move occurred here auto v2 = Vector(std::move(t2)); ^ test/util_tests.cpp:2519:34: error: 't2' used after it was moved [bugprone-use-after-move,-warnings-as-errors] BOOST_CHECK(v3[1].origin == &t2); ^ test/util_tests.cpp:2516:15: note: move occurred here auto v3 = Vector(t1, std::move(t2)); ^ test/util_tests.cpp:2527:34: error: 't3' used after it was moved [bugprone-use-after-move,-warnings-as-errors] BOOST_CHECK(v4[2].origin == &t3); ^ test/util_tests.cpp:2523:15: note: move occurred here auto v4 = Vector(std::move(v3[0]), v3[1], std::move(t3)); ``` See: https://releases.llvm.org/14.0.0/tools/clang/tools/extra/docs/clang-tidy/checks/bugprone-use-after-move.html ACKs for top commit: ryanofsky: Code review ACK f345dc3960c2cf4d69ebbcc011e4e836205f0361. Only change since last review is switching to NOLINT directives Tree-SHA512: afadecbaf1069653f4be5d6e66a5800ffd975c0b1a960057abc6367b616c181cd518897a874a8f3fd5e5e1f45fcc165f7a9a3171136cd4deee641214c4b765b8
2022-08-30Merge bitcoin/bitcoin#25717: p2p: Implement anti-DoS headers syncfanquake
3add23454624c4c79c9eebc060b6fbed4e3131a7 ui: show header pre-synchronization progress (Pieter Wuille) 738421c50f2dbd7395b50a5dbdf6168b07435e62 Emit NotifyHeaderTip signals for pre-synchronization progress (Pieter Wuille) 376086fc5a187f5b2ab3a0d1202ed4e6c22bdb50 Make validation interface capable of signalling header presync (Pieter Wuille) 93eae27031a65b4156df49015ae45b2b541b4e5a Test large reorgs with headerssync logic (Suhas Daftuar) 355547334f7d08640ee1fa291227356d61145d1a Track headers presync progress and log it (Pieter Wuille) 03712dddfbb9fe0dc7a2ead53c65106189f5c803 Expose HeadersSyncState::m_current_height in getpeerinfo() (Suhas Daftuar) 150a5486db50ff77c91765392149000029c8a309 Test headers sync using minchainwork threshold (Suhas Daftuar) 0b6aa826b53470c9cc8ef4a153fa710dce80882f Add unit test for HeadersSyncState (Suhas Daftuar) 83c6a0c5249c4ecbd11f7828c84a50fb473faba3 Reduce spurious messages during headers sync (Suhas Daftuar) ed6cddd98e32263fc116a4380af6d66da20da990 Require callers of AcceptBlockHeader() to perform anti-dos checks (Suhas Daftuar) 551a8d957c4c44afbd0d608fcdf7c6a4352babce Utilize anti-DoS headers download strategy (Suhas Daftuar) ed470940cddbeb40425960d51cefeec4948febe4 Add functions to construct locators without CChain (Pieter Wuille) 84852bb6bb3579e475ce78fe729fd125ddbc715f Add bitdeque, an std::deque<bool> analogue that does bit packing. (Pieter Wuille) 1d4cfa4272cf2c8b980cc8762c1ff2220d3e8d51 Add function to validate difficulty changes (Suhas Daftuar) Pull request description: New nodes starting up for the first time lack protection against DoS from low-difficulty headers. While checkpoints serve as our protection against headers that fork from the main chain below the known checkpointed values, this protection only applies to nodes that have been able to download the honest chain to the checkpointed heights. We can protect all nodes from DoS from low-difficulty headers by adopting a different strategy: before we commit to storing a header in permanent storage, first verify that the header is part of a chain that has sufficiently high work (either `nMinimumChainWork`, or something comparable to our tip). This means that we will download headers from a given peer twice: once to verify the work on the chain, and a second time when permanently storing the headers. The p2p protocol doesn't provide an easy way for us to ensure that we receive the same headers during the second download of peer's headers chain. To ensure that a peer doesn't (say) give us the main chain in phase 1 to trick us into permanently storing an alternate, low-work chain in phase 2, we store commitments to the headers during our first download, which we validate in the second download. Some parameters must be chosen for commitment size/frequency in phase 1, and validation of commitments in phase 2. In this PR, those parameters are chosen to both (a) minimize the per-peer memory usage that an attacker could utilize, and (b) bound the expected amount of permanent memory that an attacker could get us to use to be well-below the memory growth that we'd get from the honest chain (where we expect 1 new block header every 10 minutes). After this PR, we should be able to remove checkpoints from our code, which is a nice philosophical change for us to make as well, as there has been confusion over the years about the role checkpoints play in Bitcoin's consensus algorithm. Thanks to Pieter Wuille for collaborating on this design. ACKs for top commit: Sjors: re-tACK 3add23454624c4c79c9eebc060b6fbed4e3131a7 mzumsande: re-ACK 3add23454624c4c79c9eebc060b6fbed4e3131a7 sipa: re-ACK 3add23454624c4c79c9eebc060b6fbed4e3131a7 glozow: ACK 3add234546 Tree-SHA512: e7789d65f62f72141b8899eb4a2fb3d0621278394d2d7adaa004675250118f89a4e4cb42777fe56649d744ec445ad95141e10f6def65f0a58b7b35b2e654a875
2022-08-30test: work around bugprone-use-after-move warnings in util testsfanquake
```bash test/util_tests.cpp:2513:34: error: 't2' used after it was moved [bugprone-use-after-move,-warnings-as-errors] BOOST_CHECK(v2[0].origin == &t2); ^ test/util_tests.cpp:2511:15: note: move occurred here auto v2 = Vector(std::move(t2)); ^ test/util_tests.cpp:2519:34: error: 't2' used after it was moved [bugprone-use-after-move,-warnings-as-errors] BOOST_CHECK(v3[1].origin == &t2); ^ test/util_tests.cpp:2516:15: note: move occurred here auto v3 = Vector(t1, std::move(t2)); ^ test/util_tests.cpp:2527:34: error: 't3' used after it was moved [bugprone-use-after-move,-warnings-as-errors] BOOST_CHECK(v4[2].origin == &t3); ^ test/util_tests.cpp:2523:15: note: move occurred here auto v4 = Vector(std::move(v3[0]), v3[1], std::move(t3)); ```
2022-08-24Make Join() util work with any container typeMacroFake
Also, remove helper that is only used in tests.
2022-08-23Add bitdeque, an std::deque<bool> analogue that does bit packing.Pieter Wuille
2022-08-19Remove Join() helper only used in testsMacroFake
Also remove redundant return type that can be deduced by the compiler.
2022-08-08test: Add test case for `ReplaceAll()` functionHennadii Stepanov
2022-08-02refactor: Add LIFETIMEBOUND / -Wdangling-gsl to Assert()MacroFake
2022-05-20Merge bitcoin/bitcoin#23595: util: Add ParseHex<std::byte>() helperlaanwj
facd1fb911abfc595a3484ee53397eff515d4c40 refactor: Use Span of std::byte in CExtKey::SetSeed (MarcoFalke) fae1006019188700e0c497a63fc1550fe00ca8bb util: Add ParseHex<std::byte>() helper (MarcoFalke) fabdf81983e2542d60542b80fb94ccb1acdd204a test: Add test for embedded null in hex string (MarcoFalke) Pull request description: This adds the hex->`std::byte` helper after the `std::byte`->hex helper was added in commit 9394964f6b9d1cf1220a4eca17ba18dc49ae876d ACKs for top commit: pk-b2: ACK https://github.com/bitcoin/bitcoin/pull/23595/commits/facd1fb911abfc595a3484ee53397eff515d4c40 laanwj: Code review ACK facd1fb911abfc595a3484ee53397eff515d4c40 Tree-SHA512: e2329fbdea2e580bd1618caab31f5d0e59c245a028e1236662858e621929818870b76ab6834f7ac6a46d7874dfec63f498380ad99da6efe4218f720a60e859be
2022-05-20Merge bitcoin/bitcoin#25101: Add mockable clock typefanquake
fa305fd92c0a5a91831be3ccec0a5ef962a5fbcb Add mockable clock type and TicksSinceEpoch helper (MarcoFalke) Pull request description: This will be used primarily by the addr time refactor (https://github.com/bitcoin/bitcoin/pull/24697) to make addr relay time type safe. However, it can also be used in other places, and can be reviewed independently, so I split it up. ACKs for top commit: jonatack: ACK fa305fd92c0a5a91831be3ccec0a5ef962a5fbcb per `git range-diff 7b3343f fa20781 fa305fd` ajtowns: ACK fa305fd92c0a5a91831be3ccec0a5ef962a5fbcb Tree-SHA512: da00200126833c1f55b1b1e68f596eab5c9254e82b188ad17779c08ffd685e198a7c5270791b4b69a858dc6ba4e051fe0c8b445d203d356d0c884f6365ee1cfe
2022-05-18Add mockable clock type and TicksSinceEpoch helperMarcoFalke
2022-05-17refactor: use C++11 default initializersfanquake
2022-05-11Remove unused GetTimeSecondsMacroFake
2022-05-08Add time helpers for std::chrono::steady_clockMarcoFalke
2022-05-04Merge bitcoin/bitcoin#24852: util: optimize HexStrlaanwj
5e61532e72c1021fda9c7b213bd9cf397cb3a802 util: optimizes HexStr (Martin Leitner-Ankerl) 4e2b99f72a90b956f3050095abed4949aff9b516 bench: Adds a benchmark for HexStr (Martin Leitner-Ankerl) 67c8411c37b483caa2fe3f7f4f40b68ed2a9bcf7 test: Adds a test for HexStr that checks all 256 bytes (Martin Leitner-Ankerl) Pull request description: In my benchmark, this rewrite improves runtime 27% (g++) to 46% (clang++) for the benchmark `HexStrBench`: g++ 11.2.0 | ns/byte | byte/s | err% | ins/byte | cyc/byte | IPC | bra/byte | miss% | total | benchmark |--------------------:|--------------------:|--------:|----------------:|----------------:|-------:|---------------:|--------:|----------:|:---------- | 0.94 | 1,061,381,310.36 | 0.7% | 12.00 | 3.01 | 3.990 | 1.00 | 0.0% | 0.01 | `HexStrBench` master | 0.68 | 1,465,366,544.25 | 1.7% | 6.00 | 2.16 | 2.778 | 1.00 | 0.0% | 0.01 | `HexStrBench` branch clang++ 13.0.1 | ns/byte | byte/s | err% | ins/byte | cyc/byte | IPC | bra/byte | miss% | total | benchmark |--------------------:|--------------------:|--------:|----------------:|----------------:|-------:|---------------:|--------:|----------:|:---------- | 0.80 | 1,244,713,415.92 | 0.9% | 10.00 | 2.56 | 3.913 | 0.50 | 0.0% | 0.01 | `HexStrBench` master | 0.43 | 2,324,188,940.72 | 0.2% | 4.00 | 1.37 | 2.914 | 0.25 | 0.0% | 0.01 | `HexStrBench` branch Note that the idea for this change comes from denis2342 in #23364. This is a rewrite so no unaligned accesses occur. Also, the lookup table is now calculated at compile time, which hopefully makes the code a bit easier to review. ACKs for top commit: laanwj: Code review ACK 5e61532e72c1021fda9c7b213bd9cf397cb3a802 aureleoules: tACK 5e61532e72c1021fda9c7b213bd9cf397cb3a802. theStack: ACK 5e61532e72c1021fda9c7b213bd9cf397cb3a802 🚤 Tree-SHA512: 40b53d5908332473ef24918d3a80ad1292b60566c02585fa548eb4c3189754971be5a70325f4968fce6d714df898b52d9357aba14d4753a8c70e6ffd273a2319
2022-05-04Extend Split to work with multiple separatorsMartin Leitner-Ankerl
2022-05-03Merge bitcoin/bitcoin#24470: Disallow more unsafe string->path conversions ↵MacroFake
allowed by path append operators f64aa9c411ad78259756a28756ec1eb8069b5ab4 Disallow more unsafe string->path conversions allowed by path append operators (Ryan Ofsky) Pull request description: Add more `fs::path` `operator/` and `operator+` overloads to prevent unsafe string->path conversions on Windows that would cause strings to be decoded according to the current Windows locale & code page instead of the correct string encoding. Update application code to deal with loss of implicit string->path conversions by calling `fs::u8path` or `fs::PathFromString` explicitly, or by just changing variable types from `std::string` to `fs::path` to avoid conversions altogether, or make them happen earlier. In all cases, there's no change in behavior either (1) because strings only contained ASCII characters and would be decoded the same regardless of what encoding was used, or (2) because of the 1:1 mapping between paths and strings using the `PathToString` and `PathFromString` functions. Motivation for this PR was just that I was experimenting with #24469 and noticed that operations like `fs::path / std::string` were allowed, and I thought it would be better not to allow them. ACKs for top commit: hebasto: ACK f64aa9c411ad78259756a28756ec1eb8069b5ab4 Tree-SHA512: 944cce49ed51537ee7a35ea4ea7f5feaf0c8fff2fa67ee81ec5adebfd3dcbaf41b73eb35e49973d5f852620367f13506fd12a7a9b5ae3a7a0007414d5c9df50f
2022-04-27test: Add test for embedded null in hex stringMarcoFalke
Also, fix style in the corresponding function. The style change can be reviewed with "--word-diff-regex=."
2022-04-27Use std::string_view throughout util strencodings/stringPieter Wuille
2022-04-21Disallow more unsafe string->path conversions allowed by path append operatorsRyan Ofsky
Add more fs::path operator/ and operator+ overloads to prevent unsafe string->path conversions on Windows that would cause strings to be decoded according to the current Windows locale & code page instead of the correct string encoding. Update application code to deal with loss of implicit string->path conversions by calling fs::u8path or fs::PathFromString explicitly, or by just changing variable types from std::string to fs::path to avoid conversions altoghther, or make them happen earlier. In all cases, there's no change in behavior either (1) because strings only contained ASCII characters and would be decoded the same regardless of what encoding was used, or (2) because of the 1:1 mapping between paths and strings using the PathToString and PathFromString functions. Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>