Draft
Conversation
Adds 5 unit tests that prove critical safety bugs in Zaino's Height type: 1. test_underflow_wraps_to_max_in_release - Proves Height(0) - 1 wraps to Height(4,294,967,295) in release mode. Documents real-world impact on reorg detection in non_finalised_state.rs:390. 2. test_underflow_panics_in_debug - Proves same operation panics in debug mode with 'attempt to subtract with overflow'. 3. test_overflow_wraps_in_release - Proves Height(u32::MAX - 10) + 20 wraps to Height(9) instead of detecting overflow. 4. test_overflow_panics_in_debug - Proves addition overflow panics in debug mode. 5. test_arithmetic_bypasses_validation - Proves arithmetic operations can create Heights > MAX (2^31 - 1), bypassing TryFrom validation and breaking type invariants. These tests demonstrate that business logic must manually check for edge cases that should be enforced by the type system. Zebra's Height type provides safe arithmetic (returns Option) that forces handling at compile time, eliminating this class of bugs. All tests pass, proving these are real bugs in production code.
Moves Height type and implementations from legacy.rs to dedicated module: - Creates types/db/primitives/height.rs - Adds 5 unit tests proving critical safety bugs in current implementation - Updates primitives.rs to export Height and GENESIS_HEIGHT Tests prove: 1. Underflow wraps to u32::MAX in release (Height(0) - 1 = Height(4294967295)) 2. Underflow panics in debug mode 3. Overflow wraps in release (Height(u32::MAX-10) + 20 = Height(9)) 4. Overflow panics in debug mode 5. Arithmetic bypasses TryFrom validation (can create Heights > MAX) Real-world impact documented: non_finalised_state.rs:390 reorg detection bug where unchecked subtraction causes silent failure instead of error. This extraction prepares for future migration to safe arithmetic that returns Option, matching Zebra's Height implementation.
Member
|
Why is this still Draft? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds unit tests proving the Height type safety bugs described in #615.
Changes
Heighttype totypes/db/primitives/height.rstest_underflow_wraps_to_max_in_release- ProvesHeight(0) - 1 = Height(4,294,967,295)test_underflow_panics_in_debug- Proves panic in debug modetest_overflow_wraps_in_release- ProvesHeight(u32::MAX-10) + 20 = Height(9)test_overflow_panics_in_debug- Proves panic on overflowtest_arithmetic_bypasses_validation- Proves arithmetic creates invalid Heights > MAXprimitives.rsexportsHeightandGENESIS_HEIGHTlegacy.rsto re-export from primitivesTests
All 5 tests pass, proving the bugs are real:
Checklist
Related