* [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) @ 2015-07-23 14:30 Jorge Timón 2015-07-23 14:57 ` Milly Bitcoin ` (2 more replies) 0 siblings, 3 replies; 28+ messages in thread From: Jorge Timón @ 2015-07-23 14:30 UTC (permalink / raw) To: Eric Voskuil; +Cc: bitcoin-dev On Thu, Jul 23, 2015 at 2:49 AM, Eric Voskuil via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > On 07/22/2015 05:13 PM, Eric Lombrozo via bitcoin-dev wrote: >> Only being partly serious - I strongly am in favor of a sufficiently > modularized codebase that swapping out consensus rules is fairly > straightforward and easy to test... > > We (libbitcoin) have taken the time to publish and maintain bitcoind's > "libbitcoinconsensus" source files as an independent C++ library (with > Java and Python bindings). > > https://en.bitcoin.it/wiki/Libbitcoin_Consensus > > It can be easily verified against bitcoind sources and in builds of > libbitcoin-blockchain it can be swapped out for libbitcoin's native > consensus checks. > > https://en.bitcoin.it/wiki/Libbitcoin_Blockchain#Consensus_Validation > > So there is really no reason to consider the original client synonymous > with consensus. I initially argued for this library to be natively > isolated from bitcoind, but that didn't seem to be in the cards so we > did it independently. I think there were some misunderstandings in our previous conversation about this topic. I completely agree with having a separated repository for libconsensus (that's the whole point, alternative implementations can be consensus-safe by using it, and in the event of a schism fork[1], they can fork just that smaller project without having to relay on Bitcoin Core [satoshi] at all). But I thought you also wanted Bitcoin Core to use libconsensus instead of just having a subtree/subrepository like it currently does with libsecp256k1. I'm not sure if that would ever be accepted, but in any case we're certainly far away from that goal. Here are some things that need to happen first: 1) Finish encapsulating consensus code so that it can be built without any (we've done it only with script-related code so far). Here are some related PRs (other people havee done other things that help with this as well): ** MERGED or DELETED *** MERGED Consensus: Decouple pow from chainparams #5812 [consensuspow] *** DELETED MOVEONLY: Move constants and globals to consensus.h and policy.o #5696 [consensus_policy0] *** DELETED Refactor: Create CCoinsViewEfficient interface for CCoinsViewCache #5747 [coins] *** MERGED Chainparams: Refactor: Decouple IsSuperMajority from Params() #5968 [params_consensus] *** MERGED Remove redundant getter CChainParams::SubsidyHalvingInterval() #5996 [params_subsidy] *** MERGED Separate CValidationState from main #5669 [consensus] *** DELETED Consensus: Refactor: Separate CheckFinalTx from main::IsFinalTx #6063 [consensus_finaltx] *** MERGED Consensus: Decouple ContextualCheckBlockHeader from checkpoints #5975 [consensus_checkpoints] *** MERGED Separate Consensus::CheckTxInputs and GetSpendHeight in CheckInputs #6061 [consensus_inputs] *** MERGED Bugfix: Don't check the genesis block header before accepting it #6299 [5975-quick-fix] ** REVIEW Optimizations: Consensus: In AcceptToMemoryPool, ConnectBlock, and CreateNewBlock #6445 [consensus-txinputs-0.12.99] ** REBASE MOVEONLY: Move most of consensus functions (pre-block) #6051 [consensus_moveonly] ** REBASE Consensus: Refactor: Turn CBlockIndex::GetMedianTimePast into independent function #6009 [consensus_mediantime] ** DEPENDENT Consensus: Refactor: Consensus version of CheckBlockHeader() #6035 [consensus_checkblockheader] ** DEPENDENT Consensus: Consensus version of pow functions [consensus_pow2] 2) Finish libconsensus's API: expose more things than VerifyScript, at the very least, also expose VerifyTx, VerifyHeader and VerifyBlock. Feedback from alternative implementations like libbitcoin is extremely valuable here. Some related closed-for-now PRs: ** DEPENDENT API: Expose bitcoinconsensus_verify_header() in libconsensus #5995 [consensus_header] ** DEPENDENT API: Expose bitcoinconsensus_verify_block() in libconsensus #5946 [consensus_tip] ** REBASE Chainparams: Explicit Consensus::Params arg in consensus functions #6024 [params_consensus2] 3) Move libconsensus to a separate repository as a subtree/subrepository of Bitcoin Core. Only after all that we can discuss whether Bitcoin Core itself should include libconsensus' code or just use its API directly. I hope that after all this, libbitcoin also reconsiders whether to reimplement its own libconsensus or use the "official" one directly instead. > In any case I agree with your stated need for this isolation (if not the > means) for the reasons you state. The community needs to move beyond a > largely singular and monolithic codebase that is holding that position > in part due to fear about consensus bug forks. I completely agree. That's the goal of libconsensus (and an alternative implementation like libbitcoin being able to use it without sacrificing any of its current or future design differences from Bitcoin Core would be a sign of success in this reward). Unfortunately any changes that touch consensus code are risky and therefore slow. And when consensus encapsulation changes conflict with other changes (not because the other changes need to change consensus but because consensus code is still coupled with policy and other bitcoind-specific code), refactors are never prioritized. Ironically, you need to encapsulate the consensus code to avoid such conflicts, which would make all non-consensus changes far less risky (reducing the consensus-critical review development bottleneck). Unfortunately and ironically again, safer, small and incremental changes are less interesting for reviewers. For example, I've been trying to move consensus code to the consensus folder for a long time. The correctness of a MOVEONLY change is trivial to review for anyone who knows how to copy/paste in its favorite editor and how to use git diff, but will I ever get answers to my questions in [1]? I know there's many people who really care about this, Cory Fields, Wladimir and Pieter Wuille to name a few have reviewed many of this changes (I've just got used to publicly whine about lack of review on this front and policy encapsulation [very related fronts] as an attempt to get some attention: not always, but begging for review actually works some times). Another unfortunate fact is that although a script-only libconsensus allows you to avoid a big part of all possible consensus fork bugs, there cannot be users of a finished libconsensus to ask things to util a finished libconsensus actually exists. At the same time, the future users (alternative implementations, since bitcoin core is already "using libconsensus") are the most relevant people to listen when it comes to the C API. That's why I beg you to comment on [2], even if #5995 is currently closed. Your input on [1] would be very appreciated as well (maybe you think it's better to expose verifyTx before exposing verifyHeader, even if exposing verifyHeader is something that could be done faster). > To make choice regarding consensus an actual choice (and thereby actual > consensus) the modularity you suggest is essential. One must be able to > take new developments without having to take consensus changes. The > option to fork the codebase is not reasonable for most people. At this > point there is no defensible reason for coupling consensus checks with > other features. Would you agree that asking people to fork an independent libconsensus project instead of having to fork the full Bitcoin-qt is much more reasonable? I mean, I agree with your points. If "the specification of the consensus rules is an implementation", then that implementation shouldn't be coupled with a bunch of policy and non-consensus technical choices (storage, dependencies, p2p protocol...). But I still think that "the specification of the consensus rules should be a concrete implementation" rather than based purely on a natural language like English. I believe that's the only point where we fundamentally disagree, but it shouldn't be a barrier in our common goal of taking "power" away from Bitcoin Core development. If we're successful Bitcoin Core won't have any privileged position with regards to, say, libbitcoin when it comes to deciding consensus rules changes. You see, people like Mike Hearn believe that "uncontroversial acceptance by Bitcoin Core devs" is the same as "uncontroversial acceptance by all users of the system" (for a libbitcoin developer like you, obviously a superset of Bitcoin Core's users). He thinks that Gavin proposal is only a schism consensus fork[3] because the code is in github/bitcoinxt/bitcoinxt instead of github/bitcoin/bitcoin, not because PeterTodd-the-user-of-the-system (he doesn't care about him) opposes it. But let's imagine a different situation: 1) libconsensus us finished and used by libbitcoin 2) Bitcoin Core was unanimously in favor of Gavin's 32 GB initial proposal and the changes are applied to bitcoin/bitcoin and bitcoin/libconsensus (or Bitcoin Core has a dictator like Mike wants[4] and he accepts it, it doesn't really matter for this example). But let's also assume that X% of the users and 10% of the miners are against that Schism hardfork, and they don't want to be forced to change the rules by any influential group, mining, economic or user majority. Libbitcoin cannot be forced to accept the next, controversial version of bitcoin/libconsensus, so you guys fork libbitcoin/libconsensus out of the last ok version. Centralized-bitcoin and old-bitcoin would become 2 separated currencies and some people would likely lose money in the transition from one currency to 2 of them, but the users of old-bitcoin have the right of keeping the rules they signed up for and the only responsible people for this likely-catastrophic schism would be the Bitcoin core developers for trying to impose consensus changes into others against their will. Trying to impose consensus changes against the will of some users is wrong, and it is irrelevant if that happens in Bitcoin Core or Bitcoin Tx (if it is uncontroversial, it's also irrelevant where it gets implemented first). I really believe bitcoin needs competitive alternative implementations and I believe libconsensus is a tool to help that happen and reduce the "gatekeeping" friction that there's (unfortunately) around Bitcoin Core. I look forward to any potential collaboration on this front. Even if you still want to maintain a reimplementation of libconsensus (which I humbly think it's a mistake, but I don't think there's any point on keep discussing that, since we know we disagree) we can collaborate on the future common API of a complete libconsensus (with verifyBlock and all). I really hope we can do that. [1] https://github.com/bitcoin/bitcoin/pull/6051#issuecomment-120708121 [2] (kind of outdated, but the API is what matters here) https://github.com/jtimon/bitcoin/commit/00b9b227afc8669a877984561329dde75d3d8942 [3] https://github.com/jtimon/bips/blob/bip-forks/bip-forks.org#schism1-hardforks [4] http://lmgtfy.com/?q=mike+hearn+dictator&l=1 ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-07-23 14:30 [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) Jorge Timón @ 2015-07-23 14:57 ` Milly Bitcoin 2015-07-23 21:02 ` Jorge Timón 2015-07-28 6:40 ` Eric Voskuil 2015-07-28 8:43 ` Wladimir J. van der Laan 2 siblings, 1 reply; 28+ messages in thread From: Milly Bitcoin @ 2015-07-23 14:57 UTC (permalink / raw) To: bitcoin-dev On 7/23/2015 10:30 AM, Jorge Timón via bitcoin-dev wrote: > [4] http://lmgtfy.com/?q=mike+hearn+dictator&l=1 > _______________________________________________ You spend too much time on reddit. All this drama queen stuff is getting ridiculous. Russ ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-07-23 14:57 ` Milly Bitcoin @ 2015-07-23 21:02 ` Jorge Timón 2015-07-23 21:30 ` Milly Bitcoin 0 siblings, 1 reply; 28+ messages in thread From: Jorge Timón @ 2015-07-23 21:02 UTC (permalink / raw) To: Milly Bitcoin; +Cc: bitcoin-dev On Thu, Jul 23, 2015 at 4:57 PM, Milly Bitcoin via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > On 7/23/2015 10:30 AM, Jorge Timón via bitcoin-dev wrote: > >> [4] http://lmgtfy.com/?q=mike+hearn+dictator&l=1 Mike has sincerely said that he would like "Bitcoin Core to have a benevolent dictator like other free software projects", and I wanted to make clear that I wasn't putting words in his mouth but it's actually something very easy to find on the internet. But I now realize that the search can be interpreted as me calling him dictator or something of the sort. That wasn't my intention. In fact, Mike's point of view on Bitcoin Core development wasn't even relevant for my example so I shouldn't even have mentioned him in the first place. I apologize for both mistakes, but please let's keep this thread focused on libconsensus. > You spend too much time on reddit. I actually don't spend much time on reddit: I don't particularly like it. But I do spend some time in reddit so, I agree: I spend too much time on reddit. ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-07-23 21:02 ` Jorge Timón @ 2015-07-23 21:30 ` Milly Bitcoin 0 siblings, 0 replies; 28+ messages in thread From: Milly Bitcoin @ 2015-07-23 21:30 UTC (permalink / raw) To: bitcoin-dev > Mike has sincerely said that he would like "Bitcoin Core to have a > benevolent dictator like other free software projects", and I wanted > to make clear that I wasn't putting words in his mouth He is just pointing out reality. Decentralization is really just a collection of centralized processes. If you ever want to change anything someone, somewhere has to make a decision. Satoshi was the first dictator and he set the consensus rules for his version of Bitcoin and that is what people accepted. Those rules did not appear by magic nor did they appear via some unexplained 'consensus' mechanism. He made decisions and updated the code or accepted updates made by others. Russ ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-07-23 14:30 [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) Jorge Timón 2015-07-23 14:57 ` Milly Bitcoin @ 2015-07-28 6:40 ` Eric Voskuil 2015-07-28 8:47 ` Wladimir J. van der Laan 2015-07-28 9:58 ` Jorge Timón 2015-07-28 8:43 ` Wladimir J. van der Laan 2 siblings, 2 replies; 28+ messages in thread From: Eric Voskuil @ 2015-07-28 6:40 UTC (permalink / raw) To: Jorge Timón; +Cc: bitcoin-dev [-- Attachment #1: Type: text/plain, Size: 11562 bytes --] On 07/23/2015 07:30 AM, Jorge Timón wrote: > On Thu, Jul 23, 2015 at 2:49 AM, Eric Voskuil via bitcoin-dev wrote: >> On 07/22/2015 05:13 PM, Eric Lombrozo via bitcoin-dev wrote: >>> Only being partly serious - I strongly am in favor of a sufficiently >>> modularized codebase that swapping out consensus rules is fairly >>> straightforward and easy to test... >> >> We (libbitcoin) have taken the time to publish and maintain bitcoind's >> "libbitcoinconsensus" source files as an independent C++ library... > I think there were some misunderstandings in our previous conversation > about this topic. > I completely agree with having a separated repository for libconsensus > (that's the whole point, alternative implementations can be > consensus-safe by using it, and in the event of a schism fork[1], they > can fork just that smaller project without having to relay on Bitcoin > Core [satoshi] at all). > But I thought you also wanted Bitcoin Core to use libconsensus instead > of just having a subtree/subrepository like it currently does with > libsecp256k1. libsecp256k1 has it's own repository, libbitcoinconsensus doesn't. A separate repository was what I considered as a requirement for us to use it. > I'm not sure if that would ever be accepted, but in any case we're > certainly far away from that goal. If it's not certain whether this would even be accepted, the commitment to a community consensus library is too weak to take a strong dependency on. But for us it's moot, as we have made the already accomplished that goal. > Here are some things that need to > happen first: > > 1) Finish encapsulating consensus code so that it can be built without > any (we've done it only with script-related code so far). Here are > some related PRs (other people have done other things that help with > this as well): ... > 2) Finish libconsensus's API: expose more things than VerifyScript, at > the very least, also expose VerifyTx, VerifyHeader and VerifyBlock. > Feedback from alternative implementations like libbitcoin is extremely > valuable here. Some related closed-for-now PRs: In our earlier discussion I believe you said that the library would not be undergoing significant change or feature creep. If this is the very least that's projected it would seem that constraint will not hold. > 3) Move libconsensus to a separate repository as a > subtree/subrepository of Bitcoin Core. > > Only after all that we can discuss whether Bitcoin Core itself should > include libconsensus' code or just use its API directly. I don't think it's a question of whether it *should* use its own library as it is published for others - this is a practically self-evident conclusion. > I hope that after all this, libbitcoin also reconsiders whether to > reimplement its own libconsensus or use the "official" one directly > instead. We use a fork of libsecp256k1 and would probably do the same with the consensus library if it was cleanly isolated. >> In any case I agree with your stated need for this isolation (if not the >> means) for the reasons you state. The community needs to move beyond a >> largely singular and monolithic codebase that is holding that position >> in part due to fear about consensus bug forks. > > I completely agree. That's the goal of libconsensus (and an > alternative implementation like libbitcoin being able to use it > without sacrificing any of its current or future design differences > from Bitcoin Core would be a sign of success in this reward). It's a performance sacrifice, and then there's the OpenSSL dependency, but these are both optional within our stack - so the application developer has the option. So the only downside is that we are maintaining the conditional compilation. > Unfortunately any changes that touch consensus code are risky and > therefore slow. And when consensus encapsulation changes conflict with > other changes (not because the other changes need to change consensus > but because consensus code is still coupled with policy and other > bitcoind-specific code), refactors are never prioritized. Ironically, > you need to encapsulate the consensus code to avoid such conflicts, > which would make all non-consensus changes far less risky (reducing > the consensus-critical review development bottleneck). > > Unfortunately and ironically again, safer, small and incremental > changes are less interesting for reviewers. > For example, I've been trying to move consensus code to the consensus > folder for a long time. The correctness of a MOVEONLY change is > trivial to review for anyone who knows how to copy/paste in its > favorite editor and how to use git diff, but will I ever get answers > to my questions in [1]? I think it's worthwhile work, especially if you are passionate about the longer term objectives. I haven't been involved in these reviews as I spend very little time with the satoshi client > I know there's many people who really care about this, Cory Fields, > Wladimir and Pieter Wuille to name a few have reviewed many of this > changes (I've just got used to publicly whine about lack of review on > this front and policy encapsulation [very related fronts] as an > attempt to get some attention: not always, but begging for review > actually works some times). Well a cynic might observe that fear of consensus bugs is what keeps people on the satoshi client, and therefore accelerating the development of a clean and independent consensus library would be a very low priority. > Another unfortunate fact is that although a script-only libconsensus > allows you to avoid a big part of all possible consensus fork bugs, > there cannot be users of a finished libconsensus to ask things to until > a finished libconsensus actually exists. Software is never finished, but this exists and we are using it. > At the same time, the future > users (alternative implementations, since bitcoin core is already > "using libconsensus") It is using the same source files, but AFAICT not the library. > are the most relevant people to listen when it > comes to the C API. That's why I beg you to comment on [2], even if > #5995 is currently closed. Your input on [1] would be very appreciated > as well (maybe you think it's better to expose verifyTx before > exposing verifyHeader, even if exposing verifyHeader is something that > could be done faster). I haven't looked at any of these commits, but I'll make some time to at least give a cursory review. > > To make choice regarding consensus an actual choice (and thereby actual >> consensus) the modularity you suggest is essential. One must be able to >> take new developments without having to take consensus changes. The >> option to fork the codebase is not reasonable for most people. At this >> point there is no defensible reason for coupling consensus checks with >> other features. > > Would you agree that asking people to fork an independent libconsensus > project instead of having to fork the full Bitcoin-qt is much more > reasonable? Yes, of course. We've already done it. For each release of the satoshi client since we made libbitcoin-consensus I've copied the sources. It's pretty much automated and easy to visually verify that the sources match. That would be quite a bit more difficult if there wasn't an independent build. > I mean, I agree with your points. If "the specification of the > consensus rules is an implementation", then that implementation > shouldn't be coupled with a bunch of policy and non-consensus > technical choices (storage, dependencies, p2p protocol...). But I > still think that "the specification of the consensus rules should be a > concrete implementation" rather than based purely on a natural > language like English. Useful specifications often have two reference implementations. It's the idea that there can be only one legitimate implementation that's problematic. > I believe that's the only point where we fundamentally disagree, but > it shouldn't be a barrier in our common goal of taking "power" away > from Bitcoin Core development. If we're successful Bitcoin Core won't > have any privileged position with regards to, say, libbitcoin when it > comes to deciding consensus rules changes. I don't think we disagree on anything fundamental. My issues with the library were (1) the lack of isolation, (2) the fact that the satoshi client wouldn't actually use the library, and (3) backtracking to use OpenSSL, which we had recently removed from libbitcoin. .. > 1) libconsensus us finished and used by libbitcoin > 2) Bitcoin Core was unanimously in favor of Gavin's 32 GB initial > proposal and the changes are applied to bitcoin/bitcoin and > bitcoin/libconsensus (or Bitcoin Core has a dictator like Mike > wants[4] and he accepts it, it doesn't really matter for this > example). > > But let's also assume that X% of the users and 10% of the miners are > against that Schism hardfork, and they don't want to be forced to > change the rules by any influential group, mining, economic or user > majority. > Libbitcoin cannot be forced to accept the next, controversial version > of bitcoin/libconsensus, so you guys fork libbitcoin/libconsensus out > of the last ok version. This is already done. > Centralized-bitcoin and old-bitcoin would become 2 separated > currencies and some people would likely lose money in the transition > from one currency to 2 of them, but the users of old-bitcoin have the > right of keeping the rules they signed up for and the only responsible > people for this likely-catastrophic schism would be the Bitcoin core > developers for trying to impose consensus changes into others against > their will. Trying to impose consensus changes against the will of > some users is wrong, and it is irrelevant if that happens in Bitcoin > Core or Bitcoin Tx (if it is uncontroversial, it's also irrelevant > where it gets implemented first). I don't disagree, but you previously argued that *everyone* had to agree on consensus. Above you are making the argument that people can choose to disagree. Yes, this is important. Yet it's unrealistic for any alternative consensus to overcome inertia unless there are widely deployed independent implementations. > I really believe bitcoin needs competitive alternative implementations > and I believe libconsensus is a tool to help that happen and reduce > the "gatekeeping" friction that there's (unfortunately) around Bitcoin > Core. I look forward to any potential collaboration on this front. > Even if you still want to maintain a reimplementation of libconsensus > (which I humbly think it's a mistake, but I don't think there's any > point on keep discussing that, since we know we disagree) we can > collaborate on the future common API of a complete libconsensus (with > verifyBlock and all). I really hope we can do that. I'm maintain our fork of the consensus sources until they are (1) properly isolated from the satoshi client and (2) the satoshi client uses the actual library. I don't see it as important or even productive to try and wedge the consensus library into the repository/build for bitcoind and Bitcoin-QT. It's straightforward to maintain the consensus library independently. Always willing to work with you on it, although we're all busy, and this isn't my top priority presently. e [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 473 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-07-28 6:40 ` Eric Voskuil @ 2015-07-28 8:47 ` Wladimir J. van der Laan 2015-07-28 9:58 ` Jorge Timón 1 sibling, 0 replies; 28+ messages in thread From: Wladimir J. van der Laan @ 2015-07-28 8:47 UTC (permalink / raw) To: Eric Voskuil; +Cc: bitcoin-dev On Mon, Jul 27, 2015 at 11:40:42PM -0700, Eric Voskuil via bitcoin-dev wrote: > It's a performance sacrifice, and then there's the OpenSSL dependency, > but these are both optional within our stack - so the application > developer has the option. So the only downside is that we are > maintaining the conditional compilation. Now that BIP66 became active, and only strict DER signatures are allowed, the OpenSSL dependency can be removed from consensus. Pieter Wuille will do an announcement on this soon. Wladimir ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-07-28 6:40 ` Eric Voskuil 2015-07-28 8:47 ` Wladimir J. van der Laan @ 2015-07-28 9:58 ` Jorge Timón 2015-07-29 20:38 ` Eric Voskuil 1 sibling, 1 reply; 28+ messages in thread From: Jorge Timón @ 2015-07-28 9:58 UTC (permalink / raw) To: Eric Voskuil; +Cc: bitcoin-dev Ok, I'm going to separate terms: current-libconsensus from theoretical future-libconsensus (implementing ALL consensus rules). On Tue, Jul 28, 2015 at 8:40 AM, Eric Voskuil <eric@voskuil.org> wrote: > libsecp256k1 has it's own repository, libbitcoinconsensus doesn't. A > separate repository was what I considered as a requirement for us to use it. We want to complete future-libconsensus (decouple all the consensus rules from the rest of the bitcoin core code) first. Then we can move future-libconsensus to a subrepository/subtree like libsecp256k1 and I believe everybody wants this to eventually happen. Separating current-libconsensus now may make completing future-libconsensus harder. >> I'm not sure if that would ever be accepted, but in any case we're >> certainly far away from that goal. > > If it's not certain whether this would even be accepted, the commitment > to a community consensus library is too weak to take a strong dependency > on. But for us it's moot, as we have made the already accomplished that > goal. What I mean is that once it is separated to a subtree, there's one more step: Make Bitcoin Core use future-libconsensus' API instead of a subtree. Decoupling future-libconsensus from Bitcoin Core is one thing, and Decoupling Bitcoin Core from future-libconsensus is another thing: you need to decouple Bitcoin Core from all future-libconsensus implementation internals. For example, script/sign (part of Bitcoin Core) depends on individual non-API-exposed classes in current-libconsensus. Moving from a subtree to a completely separated library is what I don't know will ever happen, but I don't think this is "unfairly advantageous" for Bitcoin Core or anything like that: other implementations can also use future-libcosensus as a subtree instead of the C API as well. You have accomplished the goal of separating curren-libconsensus, not future-libconsensus. In fact, if you complete the equivalent of future-libconsensus in libbitcoin and separate that, maybe that's a better place to start drafting a full API. >> 2) Finish libconsensus's API: expose more things than VerifyScript, at >> the very least, also expose VerifyTx, VerifyHeader and VerifyBlock. >> Feedback from alternative implementations like libbitcoin is extremely >> valuable here. Some related closed-for-now PRs: > > In our earlier discussion I believe you said that the library would not > be undergoing significant change or feature creep. If this is the very > least that's projected it would seem that constraint will not hold. future-libconsensus will not have significant changes *once it is completed*. Currently future-libconsensus is spread around many places inclusing src/main, so that obviously needs to change before it can be separated to an independent repo. >> 3) Move libconsensus to a separate repository as a >> subtree/subrepository of Bitcoin Core. >> >> Only after all that we can discuss whether Bitcoin Core itself should >> include libconsensus' code or just use its API directly. > > I don't think it's a question of whether it *should* use its own library > as it is published for others - this is a practically self-evident > conclusion. Well, Bitcoin Core is "currently the only user of future-libconsensus" since bitcoin core and future-libconsensus are currently mutually coupled. Bitcoin Core will always keep using future-libconsensus. The only question is whether it will use it through the C API or as a subtree/subrepository (both options are also available to other implementations). I don't know if decoupling Bitcoin Core from future-libconsensus' implementation details enough to be able to directly use the API is worth it or if anyone will be interested in doing so. For me this last step is not all that interesting: if we have an independent repo with a full API that other implementations can use, I don't really care about Bitcoin Core not going through the API and using including all the code directly instead. >> I hope that after all this, libbitcoin also reconsiders whether to >> reimplement its own libconsensus or use the "official" one directly >> instead. > > We use a fork of libsecp256k1 and would probably do the same with the > consensus library if it was cleanly isolated. Great. >>> In any case I agree with your stated need for this isolation (if not the >>> means) for the reasons you state. The community needs to move beyond a >>> largely singular and monolithic codebase that is holding that position >>> in part due to fear about consensus bug forks. >> >> I completely agree. That's the goal of libconsensus (and an >> alternative implementation like libbitcoin being able to use it >> without sacrificing any of its current or future design differences >> from Bitcoin Core would be a sign of success in this reward). > > It's a performance sacrifice, and then there's the OpenSSL dependency, > but these are both optional within our stack - so the application > developer has the option. So the only downside is that we are > maintaining the conditional compilation. As I told you before the reason why current-libconsensus is using OpenSSL instead of libsecp256k1 is that the very authors of libsecp256k1 warned that using libsecp256k1 for validation was consensus risky. As Wladimir said, Pieter Wuille will make an announcement about this soon. In any case, as I told you in previous conversations, the plan is to move from OpenSSL to libsecp256k1 for validation too (so libconsensus wil drop the OpenSSL dependency and this is just a temporary concern). > I think it's worthwhile work, especially if you are passionate about the > longer term objectives. I haven't been involved in these reviews as I > spend very little time with the satoshi client Well, the questions about the API are just in english, no need to deeply know Bitcoin Core's (satoshi client) internals. But maybe we should have an independent mailing list for consensus-only things. Not all future-libconsensus users will be interested in Bitcoin Core-specific discussions, and making them subscribe and filter seems like an unnecessary burden to participation. > Well a cynic might observe that fear of consensus bugs is what keeps > people on the satoshi client, and therefore accelerating the development > of a clean and independent consensus library would be a very low priority. I think that's precisely what makes it a high priority in the eyes of all the people working on it or reviewing related changes. But, yes, I guess "evil-thinking", maybe that's what make it a low priority for someone evil that wants Bitcoin Core's implementation have more importance than it shold forever. I prefer not to evil-think and just attribute it to having other priorities or just apathy about it. >> Another unfortunate fact is that although a script-only libconsensus >> allows you to avoid a big part of all possible consensus fork bugs, >> there cannot be users of a finished libconsensus to ask things to until >> a finished libconsensus actually exists. > > Software is never finished, but this exists and we are using it. By "finished" I mean a future-libconsensus that implements ALL consensus rules. We don't have that yet. >> At the same time, the future >> users (alternative implementations, since bitcoin core is already >> "using libconsensus") > > It is using the same source files, but AFAICT not the library. Bitcoin Core is the ONLY "user" of future-libconsensus (which actually only exists inside Bitcoin Core and it's not exposed). Current-libconsensus is used by Bitcoin Core and also exposed as an independent build (not a separated repository yet). Once future-Bitcoin's API is completed and the code in a different repo, how is Bitcoin Core using the API instead of the sources directly of any importance to other implementations? That's really the part that I cannot understand. It will be a problem Bitcoin Core, but if other implementations want to have (and maybe solve later) the same problem they can use a subtree too and start coupling their code with implementations details from future-libconsensus. Why would they want to do that? Again, I have no idea. I don't understand what the complain is here. >> are the most relevant people to listen when it >> comes to the C API. That's why I beg you to comment on [2], even if >> #5995 is currently closed. Your input on [1] would be very appreciated >> as well (maybe you think it's better to expose verifyTx before >> exposing verifyHeader, even if exposing verifyHeader is something that >> could be done faster). > > I haven't looked at any of these commits, but I'll make some time to at > least give a cursory review. Great. I mean, I wasn't asking about reviewing the commits themselves (which is also great if you do), but rather on answering the questions I'm making there, ie: what to expose next (ie VerifyTx or VerifyHeader)? would this be an acceptable way to expose VerifyHeader ? Which of he step-checks functions is worth exposing too (Bitcoin Core is currently using some to prevent DoS attacks, for example)? >> Would you agree that asking people to fork an independent libconsensus >> project instead of having to fork the full Bitcoin-qt is much more >> reasonable? > > Yes, of course. We've already done it. For each release of the satoshi > client since we made libbitcoin-consensus I've copied the sources. It's > pretty much automated and easy to visually verify that the sources > match. That would be quite a bit more difficult if there wasn't an > independent build. Well, neither libbitcoincosnensus nor libbitcoin-consensus implements all the consensus rules. That's what makes them different from future-libconsensus. But great, we're confirming more views that we share. > Useful specifications often have two reference implementations. It's the > idea that there can be only one legitimate implementation that's > problematic. Well, this is where I fear we will never agree. I think "Bitcoin is different" in this reward and you disagree. Maybe Pieter's explanation is more convincing to you: https://youtu.be/PxW5D9xCIsc?t=769 Otherwise, I think I'll stop trying convincing you. But one last try: If there's 2 "specification implementations": 1) widely deployed but containing 1 bug 2) not deployed anywhere but more readable and without the bug. When the bug is found, is it a consensus rule or not? If it is, it turns out the second implementation wasn't an specification at all. If it's not, nobody has been ever following consensus rules!! >> I believe that's the only point where we fundamentally disagree, but >> it shouldn't be a barrier in our common goal of taking "power" away >> from Bitcoin Core development. If we're successful Bitcoin Core won't >> have any privileged position with regards to, say, libbitcoin when it >> comes to deciding consensus rules changes. > > I don't think we disagree on anything fundamental. My issues with the > library were (1) the lack of isolation, (2) the fact that the satoshi > client wouldn't actually use the library, and (3) backtracking to use > OpenSSL, which we had recently removed from libbitcoin. 1) Working on it 2) The Satohi client has been using all along and it will use it forever (maybe not through the API, but I don't get what the problem with that is). 3) There will be an announce about this soon. >> Libbitcoin cannot be forced to accept the next, controversial version >> of bitcoin/libconsensus, so you guys fork libbitcoin/libconsensus out >> of the last ok version. > > This is already done. Once future-libconsensus exists as a separated repository, I don't think you want to preemptively fork it unless you're actually changing something. > I don't disagree, but you previously argued that *everyone* had to agree > on consensus. Above you are making the argument that people can choose > to disagree. Yes, this is important. Yet it's unrealistic for any > alternative consensus to overcome inertia unless there are widely > deployed independent implementations. Ideally schism consensus-rules changes will never happen, since they effectively divide the currency in 2 and force the users to chose (apart from other complications). But if someone is trying to impose a schism fork (from Bitcoin Core, from the new future-lbiconsensus repo or from anywhere else) it becomes trivial to protect your implementation against forced changes. Ideally all consensus changes will be uncontroversial or not happen at all. But I think about non-ideal cases too. > I'm maintain our fork of the consensus sources until they are (1) > properly isolated from the satoshi client and (2) the satoshi client > uses the actual library. 1) Reasonable. 2) You mean use it through the API? Seriously, why do you care? > I don't see it as important or even productive to try and wedge the > consensus library into the repository/build for bitcoind and Bitcoin-QT. > It's straightforward to maintain the consensus library independently. To be clear, Bitcoin Core's using future-libconsensus through a subtree instead of the API is not a preference or a goal: it is just how things will be just after completing and separating future-libconsensus. Making it use the API instead of the subtree will be additional work. I'm not sure I will want/have time to do it and I don't know of anyone planning to do that (which seems very reasonably given that a separated future-libconsensus is a dependency for such a change). > Always willing to work with you on it, although we're all busy, and this > isn't my top priority presently. Is it because "fear of consensus bugs is what keeps people on the satoshi client" and you want to keep things this way? Sorry, just joking about your previous "cynic" comment. See? Don't attribute to malice what can be attributed to lack of time. ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-07-28 9:58 ` Jorge Timón @ 2015-07-29 20:38 ` Eric Voskuil 2015-07-29 21:46 ` Jorge Timón 0 siblings, 1 reply; 28+ messages in thread From: Eric Voskuil @ 2015-07-29 20:38 UTC (permalink / raw) To: Jorge Timón; +Cc: bitcoin-dev [-- Attachment #1: Type: text/plain, Size: 6156 bytes --] On 07/28/2015 02:58 AM, Jorge Timón wrote: >> I haven't looked at any of these commits, but I'll make some time to at >> least give a cursory review. > > Great. I mean, I wasn't asking about reviewing the commits themselves > (which is also great if you do), but rather on answering the questions > I'm making there, ie: what to expose next (ie VerifyTx or > VerifyHeader)? Oh, I misunderstood your ask then. I don't have a preference on prioritizing VerifyTx vs VerifyHeader. > would this be an acceptable way to expose > VerifyHeader? I'm not sure how you mean to expose it, could you clarify? > Which of he step-checks functions is worth exposing too (Bitcoin > Core is currently using some to prevent DoS attacks, for example)? I don't see any reason to expose checkpoints in this library. They are trivial to implement and are not part of consensus. >>> Would you agree that asking people to fork an independent libconsensus >>> project instead of having to fork the full Bitcoin-qt is much more >>> reasonable? >> >> Yes, of course. We've already done it. For each release of the satoshi >> client since we made libbitcoin-consensus I've copied the sources. It's >> pretty much automated and easy to visually verify that the sources >> match. That would be quite a bit more difficult if there wasn't an >> independent build. > > Well, neither libbitcoincosnensus nor libbitcoin-consensus implements > all the consensus rules. > That's what makes them different from future-libconsensus. > But great, we're confirming more views that we share. Nothing can eliminate all consensus risk, not even a common full node implementation. >> Useful specifications often have two reference implementations. It's the >> idea that there can be only one legitimate implementation that's >> problematic. > > Well, this is where I fear we will never agree. I think "Bitcoin is > different" in this reward and you disagree. > Maybe Pieter's explanation is more convincing to you: > https://youtu.be/PxW5D9xCIsc?t=769 > Otherwise, I think I'll stop trying convincing you. Maybe I wasn't sufficiently explicit. It is problematic. That is the core issue we are dealing with. That doesn't mean I disagree with the objectives of an independent community consensus library. The premise of the "one true library" idea is that there is *no way* to sufficiently test for consensus bugs in any software release. That of course means that each release of the satoshi client poses a significant risk to the network. This risk is presently greater than that posed by other implementations simply because of adoption. That is the basis of the red herring argument: https://blog.conformal.com/the-bitcoin-consensus-red-herring The bottom line is that nobody has control over this process. There are, and will always be, a multitude of consensus implementations that intend to target the same coin. Presently there are multiple versions of the satoshi client, and this has produced forks, and will continue to do so. Isolating the satoshi consensus checks to an independent library serves not to eliminate that risk, but can reduce it somewhat. Importantly it will allow various implementations to overcome a perception problem, which will improve implementation diversity and developer participation. >>> I believe that's the only point where we fundamentally disagree, but >>> it shouldn't be a barrier in our common goal of taking "power" away >>> from Bitcoin Core development. If we're successful Bitcoin Core won't >>> have any privileged position with regards to, say, libbitcoin when it >>> comes to deciding consensus rules changes. >> >> I don't think we disagree on anything fundamental. My issues with the >> library were (1) the lack of isolation, (2) the fact that the satoshi >> client wouldn't actually use the library, and (3) backtracking to use >> OpenSSL, which we had recently removed from libbitcoin. > > 1) Working on it For the sake of clarity, this is now a non-issue for us. > 2) The Satoshi client has been using all along and it will use it > forever (maybe not through the API, but I don't get what the problem > with that is). Again, I consider this a requirement for us to link directly to it as a library. If the sources are isolated into an independent repo, but the satoshi client is embedding its own copies, one must continue to diff the client sources against the library sources. We are doing this already, so the benefit to having the independent repo is in no longer having to do this. There are also differences in the build system that can affect outcome. Comparing those differences across repos can be more challenging. For this reason I consider it important to your objective that the satoshi client actually use the library - as I assume it will at some point. If the satoshi client folks are to maintain a consensus library for the community it's also important to show a commitment to its independence. Dogfooding is of course a software engineering best practice. But there is also the cynical perspective - the independent library in some ways works against an advantage of the satoshi client. I personally don't think the committers are parochial enough to let this become an issue. We are all after something bigger. But if there was push-back against using the library it would be a red flag. So until that point passes I would just maintain our independent library, cloning the sources from the satoshi client. > 3) There will be an announce about this soon. Yes, I've seen this as a temporary setback. ... >> Always willing to work with you on it, although we're all busy, and this >> isn't my top priority presently. > > Is it because "fear of consensus bugs is what keeps people on the > satoshi client" and you want to keep things this way? No, I see it as less significant to the adoption of libbitcoin-server than other issues we are working on, especially given the existence of libbitcoin-consensus. I also trust you will make progress regardless. e [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 473 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-07-29 20:38 ` Eric Voskuil @ 2015-07-29 21:46 ` Jorge Timón 2015-08-20 0:53 ` Jorge Timón 0 siblings, 1 reply; 28+ messages in thread From: Jorge Timón @ 2015-07-29 21:46 UTC (permalink / raw) To: Eric Voskuil; +Cc: Bitcoin Dev On Wed, Jul 29, 2015 at 10:38 PM, Eric Voskuil <eric@voskuil.org> wrote: > On 07/28/2015 02:58 AM, Jorge Timón wrote: > Oh, I misunderstood your ask then. I don't have a preference on > prioritizing VerifyTx vs VerifyHeader. Ok, let's assume we want to expose verifyHeader first (which I think will be easier). >> would this be an acceptable way to expose >> VerifyHeader? > > I'm not sure how you mean to expose it, could you clarify? In https://github.com/bitcoin/bitcoin/pull/5995 I had one (probably stupid) proposal. But it had so many preparations commits that I had to close it. In the last commit https://github.com/jtimon/bitcoin/commit/00b9b227afc8669a877984561329dde75d3d8942 you can see that I'm adding a new function in script/bitcoinconsensus.cpp with the following declaration: int bitcoinconsensus_verify_header(const unsigned char* blockHeader, unsigned int blockHeaderLen, const Consensus::Params& params, int64_t nTime, CBlockIndexBase* pindexPrev, PrevIndexGetter indexGetter, bitcoinconsensus_error* err) The ugly parts that you may not like are the CBlockIndexBase struct (or maybe it's not so unreasonable) and the function pointer PrevIndexGetter. To see their "ugliness" you can look at: https://github.com/jtimon/bitcoin/commit/4528ec69617f1b6d6c8f0d73dc4091cded7c216c The PrevIndexGetter function pointer that Bitcoin Core would use internally would be: const CBlockIndexBase* GetPrevIndex(const CBlockIndexBase* pindex) { return ((CBlockIndex*)pindex)->pprev; } with an ugly casting. But, well, I guess that's only ugly for Bitcoin Core, not necessarily for other libconsensus users, which can define their own function pointer, provided that it's of the form: typedef const CBlockIndexBase* (*PrevIndexGetter)(const CBlockIndexBase*); The struct that I think needs more refinement (and I just used what I considered easier to implement at the time) is the CBlockIndexBase struct itself: +struct CBlockIndexBase +{ + //! pointer to the hash of the block, if any. Memory is owned by this CBlockIndexBase + const uint256* phashBlock; + //! block header + int32_t nVersion; + uint256 hashMerkleRoot; + uint32_t nTime; + uint32_t nBits; + uint32_t nNonce; + //! height of the entry in the chain. The genesis block has height 0 + int nHeight; +}; I don't like phashBlock being a pointer instead of just a ref or even an object Should that struct have a CBlockIndexBase* pprev; field (moving it down from CBlockIndex)? That's the kind of question where your feedback seems very important from other-implementations developers (because you won't necessarily take into account the difficulty of the refactors required in Bitcoin Core to expose the right interface, and "libconsensus shouldn't care" either, all we want is the best interface). >> Which of he step-checks functions is worth exposing too (Bitcoin >> Core is currently using some to prevent DoS attacks, for example)? > > I don't see any reason to expose checkpoints in this library. They are > trivial to implement and are not part of consensus. Agreed, and I would say all of the checkpoint check separation has been done already. What I mean by step functions is...look at verfyHeader internals, for example: https://github.com/jtimon/bitcoin/commit/11ede96f59f611ede596a1335e896b1fef4fb5b2 It internally calls Consensus::CheckBlockHeader (quite cheap with no context required) and Consensus::ContextualCheckBlockHeader (not so cheap). Bitcoin Core never calls (yet) the full verifyHeader at once. It does the cheap tests first and the expensive later. For example, call CheckBlockHeader, then CheckBlock (also cheap), then ContextualCheckBlockHeader and then ContextualCheckBlock. The question is, will other implementations want access to these not-full-but-cheap tests? In other words, apart from exposing VerifyHeader that fully validates all consensus rules for a header, do we also want to expose CheckBlockHeader and ContextualCheckBlockHeader to give more flexibility to libconsensus' users? I think, yes, other implementations will want this for the same DoS reasons that Bitcoin Core currently wants them. But it would be nice to know what a second person thinks about this. > Nothing can eliminate all consensus risk, not even a common full node > implementation. In fact, one thing does: never changing the code again (but the cure would be worse than the illness). Agreed, any software changes in the consensus code can cause consensus forks (and that's why you don't want to touch libconsensus that much once it's separated). >>> Useful specifications often have two reference implementations. It's the >>> idea that there can be only one legitimate implementation that's >>> problematic. >> >> Well, this is where I fear we will never agree. I think "Bitcoin is >> different" in this reward and you disagree. >> Maybe Pieter's explanation is more convincing to you: >> https://youtu.be/PxW5D9xCIsc?t=769 >> Otherwise, I think I'll stop trying convincing you. > > Maybe I wasn't sufficiently explicit. It is problematic. That is the > core issue we are dealing with. That doesn't mean I disagree with the > objectives of an independent community consensus library. > > The premise of the "one true library" idea is that there is *no way* to > sufficiently test for consensus bugs in any software release. That of > course means that each release of the satoshi client poses a significant > risk to the network. This risk is presently greater than that posed by > other implementations simply because of adoption. That is the basis of > the red herring argument: Well, the "one true library" will be much better than the current "one true full node". The "one true library" would be the specification of the consensus rules, but that doesn't mean you can't fork and modify it however you want. > The bottom line is that nobody has control over this process. There are, > and will always be, a multitude of consensus implementations that intend > to target the same coin. Presently there are multiple versions of the > satoshi client, and this has produced forks, and will continue to do so. I get this point, even if the current satoshi client contains the consensus rules specification (and many other things, obviously), that doesn't mean is somehow protected from forking with itself if the consensus code is changed in the wrong way accidentally. But the more separated libconsensus and Bitcoin Core (satoshi client) are, the less likely that changes in Bitcoin Core that weren't supposed to change consensus rules actually do it by accident (like last time with the migration out of bdb). > Isolating the satoshi consensus checks to an independent library serves > not to eliminate that risk, but can reduce it somewhat. Importantly it > will allow various implementations to overcome a perception problem, > which will improve implementation diversity and developer participation. I think alternative implementations using a full libconsensus can increase their adoption a lot, since they become just as vulnerable to consensus forks as Bitcoin Core (instead of more vulnerable like now). >>>> I believe that's the only point where we fundamentally disagree, but >>>> it shouldn't be a barrier in our common goal of taking "power" away >>>> from Bitcoin Core development. If we're successful Bitcoin Core won't >>>> have any privileged position with regards to, say, libbitcoin when it >>>> comes to deciding consensus rules changes. >>> >>> I don't think we disagree on anything fundamental. My issues with the >>> library were (1) the lack of isolation, (2) the fact that the satoshi >>> client wouldn't actually use the library, and (3) backtracking to use >>> OpenSSL, which we had recently removed from libbitcoin. >> >> 1) Working on it > > For the sake of clarity, this is now a non-issue for us. You mean libbitcoin's code is better organized than Bitcoin Core's? I don't doubt it. Maybe we can create a full-libbitcoin-libconsensus first and work on the API there. >> 2) The Satoshi client has been using all along and it will use it >> forever (maybe not through the API, but I don't get what the problem >> with that is). > > Again, I consider this a requirement for us to link directly to it as a > library. If the sources are isolated into an independent repo, but the > satoshi client is embedding its own copies, one must continue to diff > the client sources against the library sources. We are doing this > already, so the benefit to having the independent repo is in no longer > having to do this. Oh, I see, you don't like that libsecp256k1 is currently a subtree of Bitcoin Core either for the same reasons, right? To not need to know when the changes in libconsensus are applied in Bitcoin Core. Mhmm, once libconsensus is complete, why would you care about it? You just care about the libconsensus version (which doesn't have to coincide with Bitcoin Core versions anymore). > There are also differences in the build system that can affect outcome. > Comparing those differences across repos can be more challenging. For > this reason I consider it important to your objective that the satoshi > client actually use the library - as I assume it will at some point. For the sake of clarity, please say "use the library's API". It's going to use the library one way or another. > If the satoshi client folks are to maintain a consensus library for the > community it's also important to show a commitment to its independence. > Dogfooding is of course a software engineering best practice. But there > is also the cynical perspective - the independent library in some ways > works against an advantage of the satoshi client. > > I personally don't think the committers are parochial enough to let this > become an issue. We are all after something bigger. But if there was > push-back against using the library it would be a red flag. So until > that point passes I would just maintain our independent library, cloning > the sources from the satoshi client. To be clear, I don't oppose to "dogfooding", it's just clear to me that it will take even longer. So what I don't understand is "once libbitcoin is complete and ready for us to use, we will keep using our reimplementation of consensus until Bitcoin Core uses the API as well. If Bitcoin core doesn't use the API, we prefer not to use the library at all and keep having the same consensus risk. We will do what we think it's worse for us until Bitcoin Core uses the library through the API". >> 3) There will be an announce about this soon. > > Yes, I've seen this as a temporary setback. And we will hopefully migrate the current libconsensus from openSSL to libsecp256k1 soon. So we will be able to enjoy libsecp256k1's performance improvements without risking consensus. One problem less. >>> Always willing to work with you on it, although we're all busy, and this >>> isn't my top priority presently. >> >> Is it because "fear of consensus bugs is what keeps people on the >> satoshi client" and you want to keep things this way? > > No, I see it as less significant to the adoption of libbitcoin-server > than other issues we are working on, especially given the existence of > libbitcoin-consensus. I also trust you will make progress regardless. This was just a joke because you said something similar earlier. Don't take it seriously. ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-07-29 21:46 ` Jorge Timón @ 2015-08-20 0:53 ` Jorge Timón 2015-08-20 7:14 ` Tamas Blummer 0 siblings, 1 reply; 28+ messages in thread From: Jorge Timón @ 2015-08-20 0:53 UTC (permalink / raw) To: Eric Voskuil; +Cc: Bitcoin Dev, Libbitcoin Moving it here from the other thread. On Thu, Aug 20, 2015 at 2:08 AM, Eric Voskuil <eric@voskuil.org> wrote: > On 08/19/2015 04:27 PM, Jorge Timón wrote: >> No, as previously explained, once libconsensus is complete it can be >> moved to a separate repository like libsecp256k1. > > I don't see this happening any time soon, and I'm not sure why we should > wait for it. Yes, unfortunately I don't see this happening any time soon either, at least not with the amount of review I'm getting. My initial hope was to complete libconsensus by 0.12 (one year should be enough time, right?) but I was being too optimistic. By "wait for it" I assume you mean waiting for libconsensus to be complete before we separate it to a different repository. The reason is just simplicity. >>> In our discussion leading up to libbitcoin building libbitcoin-consensus >>> we disagreed on whether intentional hard forks would (or even could) >>> happen. I think that issue is now settled. So my question remains how do >>> stakeholders (users/miners) maintain consensus when it's their >>> individual intent (the first objective of libconsensus), and diverge >>> when intended (which a direct dependency on libconsensus makes harder)? >>> IMO it's unreasonable to operate as if this won't happen, given that it has. >> >> I believe the simplest option... > > You might consider this as feedback from your customer base. Mhmm, not sure I understand this point. >> would be to fork the libconsensus >> project and do the schism/controversial/contentious hardfork there. >> But of course modifying libconsensus will be much easier than >> modifying Bitcoin Core (if anything, because the amount of code is >> much smaller). > > That's a false dichotomy. We never would have considered forking Bitcoin > Core, and still wouldn't. Why would we set ourselves up for this > disruption, which would inevitably lead to us factoring the consensus > portions of libconsensus out of /bitcoin at the 11th hour? > > We have to operate as if it can happen at any time. Otherwise we have > relinquished control of this vote and failed our users. Given that > operating assumption, it is much safer for us to have already done this > work (which we did). [It also provides a forcing function for us to > review in detail any consensus changes that get pushed out.] Yes, you need to operate as if it can happen at any time. I now understandbetter your position of having your own repository until a complete libconsensus is separated. In the meantime you will have to keep using your re-implementation of the rest of the consensus rules (besides the script checks), but fortunately the most risky and harder reimplementation is the part of the script validation. > My question is why you would not embrace an independent consensus > repository? Your work to evolve it doesn't change. Yes, I want a separated repository. I just wanted to start with a separated folder first. Right now there's consensus code all over the place, specially in main.cpp. I think changing the order (separated repository first, moving code from Bitcoin Core to libconsensus later) would increase the total amount of work. Here's another option that has recently crossed my mind: 1) Finish the libconsensus separation in an independent branch on top of a given version, for example 0.11. 2) Separate a repository from that. Alternative implementations can start using a full libconsensus 3) Rebase that branch on top of bitcoin/master and start to PR small groups of commits. Once the whole branch has been merged, Bitcoin Core can replace the consensus folder with the libconsensus subtree, so that Bitcoin Core itself can start using a full libconsensus. Ironically with this plan Bitcoin Core may not be the full node first implementation to use a full libconsensus. There will be some consensus fork bug risks during 3 (which at the current speed I estimate it could easily take 3 or 4 years) and there would be some redundant work (replicating every consensus change in both Bitcoin Core and libconsensus). On the bright side, we may be able to have a full libconsensus this year (which was my goal after we exposed VerifyScript in the first libconsensus). Thoughts? ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-20 0:53 ` Jorge Timón @ 2015-08-20 7:14 ` Tamas Blummer 2015-08-20 8:06 ` Jorge Timón 0 siblings, 1 reply; 28+ messages in thread From: Tamas Blummer @ 2015-08-20 7:14 UTC (permalink / raw) To: Jorge Timón; +Cc: Bitcoin Dev, Libbitcoin [-- Attachment #1.1: Type: text/plain, Size: 2510 bytes --] Jorge, separating script engine into libconsensus was very helpful, since wrapped the piece of consensus that would least likely to be captured exactly with an implementation from scratch. Thank you for your effort there. Bits of Proof now uses its own or alternatively libconsensus for full validation. I am sceptical however that a “full” consensus lib extracted from satoshi’s code is worth trying. Not because it was impossible, but because the result would not be higher quality, if measured on agreement with satoshi, than other re-implementations. It would actually be lower quality because of the antique tool set. The rules outside script engine are simpler, therefore much easier to capture exactly. They are however scattered around in the spaghetti and are often just a single if statement, also repeated elsewhere. You would either have to very extensively refactor the code, that unlikely goes through as a PR, or do what me and others did. Read satoshi code and rewrite the same. You have a slight advantage of copy-paste small fragments, but I doubt the consensus relevant advantage of that. Tamas Blummer > On Aug 20, 2015, at 02:53, Jorge Timón via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > > > 1) Finish the libconsensus separation in an independent branch on top > of a given version, for example 0.11. > 2) Separate a repository from that. Alternative implementations can > start using a full libconsensus > 3) Rebase that branch on top of bitcoin/master and start to PR small > groups of commits. Once the whole branch has been merged, Bitcoin Core > can replace the consensus folder with the libconsensus subtree, so > that Bitcoin Core itself can start using a full libconsensus. > > Ironically with this plan Bitcoin Core may not be the full node first > implementation to use a full libconsensus. > There will be some consensus fork bug risks during 3 (which at the > current speed I estimate it could easily take 3 or 4 years) and there > would be some redundant work (replicating every consensus change in > both Bitcoin Core and libconsensus). > On the bright side, we may be able to have a full libconsensus this > year (which was my goal after we exposed VerifyScript in the first > libconsensus). > > Thoughts? > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev [-- Attachment #1.2: Type: text/html, Size: 4394 bytes --] [-- Attachment #2: Message signed with OpenPGP using GPGMail --] [-- Type: application/pgp-signature, Size: 496 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-20 7:14 ` Tamas Blummer @ 2015-08-20 8:06 ` Jorge Timón 2015-08-20 8:35 ` Tamas Blummer 0 siblings, 1 reply; 28+ messages in thread From: Jorge Timón @ 2015-08-20 8:06 UTC (permalink / raw) To: Tamas Blummer; +Cc: Bitcoin Dev, Libbitcoin On Thu, Aug 20, 2015 at 9:14 AM, Tamas Blummer <tamas@bitsofproof.com> wrote: > Jorge, > > separating script engine into libconsensus was very helpful, since wrapped > the piece of consensus > that would least likely to be captured exactly with an implementation from > scratch. Thank you for your > effort there. Bits of Proof now uses its own or alternatively libconsensus > for full validation. It wasn't just me: I didn't had the idea of creating a libconsensus with a C API (thank Matt Corallo for that), I didn't removed all the undesired dependencies or prepared the building part (thank Cory Fields) and also thank at least Wladimir and Pieter who also contributed in some ways I don't remember. And of course also thank all the reviewers that made the PR merges possible. I'm really happy to hear that libconsensus is being used, thank you for your effort there too. > I am sceptical however that a “full” consensus lib extracted from satoshi’s > code is worth trying. > Not because it was impossible, but because the result would not be higher > quality, if measured on agreement > with satoshi, than other re-implementations. It would actually be lower > quality because of the antique tool set. I don't understand what you mean by "quality" in this context. One of the goals is to have as little dependencies as possible (so "more modern tool sets" may not be suitable for libconsensus). libsecp256k1 will keep on being a dependency (highly optimized C code) and that's about it. Ideally I would like to slowly move libconsensus from C++ to C too, but it seems other people would prefer to move to C++11 instead. > The rules outside script engine are simpler, therefore much easier to > capture exactly. They are however > scattered around in the spaghetti and are often just a single if statement, > also repeated elsewhere. Yes, they are simpler and thus there's less risks of consensus fork bugs, but it still exists. It is true that the consensus code is currently spread all around (specially in main.cpp), but completing libconsensus would solve that. Lastly, since for consensus rules "the code is the specification", it is unfortunate that the specification is coupled with a concrete implementation (Bitcoin Core) and we should fix that. > You would either have to very extensively refactor the code, that unlikely > goes through as a PR, or > do what me and others did. Read satoshi code and rewrite the same. You have > a slight advantage of copy-paste small fragments, but I doubt the consensus > relevant advantage of that. But the goal is not reimplementing the consensus rules but rather extract them from Bitcoin Core so that nobody needs to re-implement them again. It is not only exposing it but also separating it from Bitcoin Core so that they can be changed without having to also change/take into account non-consensus Bitcoin Core specific things. A single PR would certainly be unacceptable, I was making many little more acceptable ones (some of them already merged): * [1/9] Consensus ** MERGED or DELETED *** MERGED Consensus: Decouple pow from chainparams #5812 [consensuspow] *** MERGED MOVEONLY: Move constants and globals to consensus.h #5696 [consensus_policy0] *** DELETED Refactor: Create CCoinsViewEfficient interface for CCoinsViewCache #5747 [coins] *** MERGED Chainparams: Refactor: Decouple IsSuperMajority from Params() #5968 [params_consensus] *** MERGED Remove redundant getter CChainParams::SubsidyHalvingInterval() #5996 [params_subsidy] *** MERGED Separate CValidationState from main #5669 [consensus] *** DELETED Consensus: Refactor: Separate CheckFinalTx from main::IsFinalTx #6063 [consensus_finaltx] *** MERGED Consensus: Decouple ContextualCheckBlockHeader from checkpoints #5975 [consensus_checkpoints] *** MERGED Separate Consensus::CheckTxInputs and GetSpendHeight in CheckInputs #6061 [consensus_inputs] *** MERGED Bugfix: Don't check the genesis block header before accepting it #6299 [5975-quick-fix] ** REBASE Chainparams: Explicit Consensus::Params arg in consensus functions #6024 [params_consensus2] ** REBASE Optimizations: Consensus: In AcceptToMemoryPool, ConnectBlock, and CreateNewBlock #6445 [consensus-txinputs-0.12.99] ** REBASE MOVEONLY: Move most of consensus functions (pre-block) #6051 [consensus_moveonly] ** REBASE Consensus: Refactor: Turn CBlockIndex::GetMedianTimePast into independent function #6009 [consensus_mediantime] ** DEPENDENT Consensus: Refactor: Consensus version of CheckBlockHeader() #6035 [consensus_checkblockheader] ** DEPENDENT Consensus: Consensus version of pow functions [consensus_pow2] ** DEPENDENT API: Expose bitcoinconsensus_verify_header() in libconsensus #5995 [consensus_header] ** DEPENDENT API: Expose bitcoinconsensus_verify_block() in libconsensus #5946 [consensus_tip] ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-20 8:06 ` Jorge Timón @ 2015-08-20 8:35 ` Tamas Blummer 2015-08-20 17:44 ` Matt Corallo 2015-08-21 19:46 ` Jorge Timón 0 siblings, 2 replies; 28+ messages in thread From: Tamas Blummer @ 2015-08-20 8:35 UTC (permalink / raw) To: Jorge Timón; +Cc: Bitcoin Dev, Libbitcoin [-- Attachment #1: Type: text/plain, Size: 980 bytes --] Every re-implementation, re-factoring even copy-paste introduces a risk of disagreement, but also open the chance of doing the work better, in the sense of software engineering. > On Aug 20, 2015, at 10:06, Jorge Timón <jtimon@jtimon.cc> wrote: > > > But the goal is not reimplementing the consensus rules but rather > extract them from Bitcoin Core so that nobody needs to re-implement > them again. My goal is different. Compatibility with Bitcoin is important as I also want to deal with Bitcoins, but it is also imperative to be able to create and serve other block chains with other rules and for those I do not want to carry on the legacy of an antique tool set and a spaghetti style. Bits of Proof uses scala (akka networking), java (api service), c++ (leveledb and now libconsensus) and I am eager to integrate secp256k1 (c) as soon as part of consensus. The choices were made because each piece appears best in what they do. Tamas Blummer [-- Attachment #2: Message signed with OpenPGP using GPGMail --] [-- Type: application/pgp-signature, Size: 496 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-20 8:35 ` Tamas Blummer @ 2015-08-20 17:44 ` Matt Corallo 2015-08-20 21:26 ` Tamas Blummer 2015-08-21 19:46 ` Jorge Timón 1 sibling, 1 reply; 28+ messages in thread From: Matt Corallo @ 2015-08-20 17:44 UTC (permalink / raw) To: bitcoin-dev I dont think a libconsensus would have any kind of networking layer, nor is C++ an antique tool set (hopefully libconsensus can avoid a boost dependency, though thats not antique either). Ideally it would have a simple API to give it blocks and a simple API for it to inform you of what the current chain is. If you really want to get fancy maybe it has pluggable block storage, too, but I dont see why you couldnt use this in ~any client? On 08/20/15 08:35, Tamas Blummer via bitcoin-dev wrote: > Every re-implementation, re-factoring even copy-paste introduces a risk of disagreement, > but also open the chance of doing the work better, in the sense of software engineering. > >> On Aug 20, 2015, at 10:06, Jorge Timón <jtimon@jtimon.cc> wrote: >> >> >> But the goal is not reimplementing the consensus rules but rather >> extract them from Bitcoin Core so that nobody needs to re-implement >> them again. > > > > My goal is different. Compatibility with Bitcoin is important as I also want to deal with Bitcoins, > but it is also imperative to be able to create and serve other block chains with other rules and for those > I do not want to carry on the legacy of an antique tool set and a spaghetti style. > > Bits of Proof uses scala (akka networking), java (api service), c++ (leveledb and now libconsensus) > and I am eager to integrate secp256k1 (c) as soon as part of consensus. The choices were > made because each piece appears best in what they do. > > Tamas Blummer > > > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-20 17:44 ` Matt Corallo @ 2015-08-20 21:26 ` Tamas Blummer 2015-08-20 21:35 ` Matt Corallo 0 siblings, 1 reply; 28+ messages in thread From: Tamas Blummer @ 2015-08-20 21:26 UTC (permalink / raw) To: Matt Corallo; +Cc: bitcoin-dev [-- Attachment #1.1: Type: text/plain, Size: 2679 bytes --] I know what you mean as I already have such a component with pluggable block store and networking. While you are at it you could aim for isolation of bitcoin specific decisions and algos from generic block chain code. The magnitude of refactoring you would have to do to get there from main.cpp and the rest of the hairball is harder than a re-write from scratch, and the result will not be impressive, just hopefully working. I think a slim API server was a lower hanging fruit in Core’s case. BTW, support for refactoring is an example where you see if your tool set is modern. Tamas Blummer > On Aug 20, 2015, at 19:44, Matt Corallo via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > > I dont think a libconsensus would have any kind of networking layer, nor > is C++ an antique tool set (hopefully libconsensus can avoid a boost > dependency, though thats not antique either). Ideally it would have a > simple API to give it blocks and a simple API for it to inform you of > what the current chain is. If you really want to get fancy maybe it has > pluggable block storage, too, but I dont see why you couldnt use this in > ~any client? > > On 08/20/15 08:35, Tamas Blummer via bitcoin-dev wrote: >> Every re-implementation, re-factoring even copy-paste introduces a risk of disagreement, >> but also open the chance of doing the work better, in the sense of software engineering. >> >>> On Aug 20, 2015, at 10:06, Jorge Timón <jtimon@jtimon.cc> wrote: >>> >>> >>> But the goal is not reimplementing the consensus rules but rather >>> extract them from Bitcoin Core so that nobody needs to re-implement >>> them again. >> >> >> >> My goal is different. Compatibility with Bitcoin is important as I also want to deal with Bitcoins, >> but it is also imperative to be able to create and serve other block chains with other rules and for those >> I do not want to carry on the legacy of an antique tool set and a spaghetti style. >> >> Bits of Proof uses scala (akka networking), java (api service), c++ (leveledb and now libconsensus) >> and I am eager to integrate secp256k1 (c) as soon as part of consensus. The choices were >> made because each piece appears best in what they do. >> >> Tamas Blummer >> >> >> >> _______________________________________________ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >> > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > [-- Attachment #1.2: Type: text/html, Size: 4723 bytes --] [-- Attachment #2: Message signed with OpenPGP using GPGMail --] [-- Type: application/pgp-signature, Size: 496 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-20 21:26 ` Tamas Blummer @ 2015-08-20 21:35 ` Matt Corallo 2015-08-21 6:46 ` Tamas Blummer 0 siblings, 1 reply; 28+ messages in thread From: Matt Corallo @ 2015-08-20 21:35 UTC (permalink / raw) To: Tamas Blummer; +Cc: bitcoin-dev On 08/20/15 21:26, Tamas Blummer wrote: > I know what you mean as I already have such a component with pluggable > block store and networking. I'm not suggesting pluggable networking, I'm suggesting (and I think everyone thinks the design should be) NO networking. The API is ValidationResult libconsensus.HeyIFoundABlock(Block) and ListOfBlocksToDownloadNext libconsensus.HeyIFoundAHeaderList(ListOfHeaders). > While you are at it you could aim for isolation of bitcoin specific > decisions and algos from generic block chain code. Are you suggesting to support altcoins? I dont think anyone cares about supporting that. > The magnitude of refactoring you would have to do to get there from > main.cpp and the rest of the hairball > is harder than a re-write from scratch, I think you'd be very pleasantly surprised. It sounds like you havent dug into Bitcoin Core validation code in years. > and the result will not be > impressive, just hopefully working. Hmm? The result would be an obviously correct consensus implementation that everyone could use, instead of everyone going off and writing their own and either being wrong, or never updating in the case of forks. Its a huge deal to allow people to focus on making their libraries have good APIs/Wallets/etc instead of focusing on making a working validation engine (though maybe for that the p2p layer needs to also be in a library). > I think a slim API server was a lower hanging fruit in Core’s case. We have one, it just needs a few already obvious performance improvements. > BTW, support for refactoring is an example where you see if your tool > set is modern. There are a number of good development tools for C++ that allow this.... > Tamas Blummer > >> On Aug 20, 2015, at 19:44, Matt Corallo via bitcoin-dev >> <bitcoin-dev@lists.linuxfoundation.org >> <mailto:bitcoin-dev@lists.linuxfoundation.org>> wrote: >> >> I dont think a libconsensus would have any kind of networking layer, nor >> is C++ an antique tool set (hopefully libconsensus can avoid a boost >> dependency, though thats not antique either). Ideally it would have a >> simple API to give it blocks and a simple API for it to inform you of >> what the current chain is. If you really want to get fancy maybe it has >> pluggable block storage, too, but I dont see why you couldnt use this in >> ~any client? >> >> On 08/20/15 08:35, Tamas Blummer via bitcoin-dev wrote: >>> Every re-implementation, re-factoring even copy-paste introduces a >>> risk of disagreement, >>> but also open the chance of doing the work better, in the sense of >>> software engineering. >>> >>>> On Aug 20, 2015, at 10:06, Jorge Timón <jtimon@jtimon.cc >>>> <mailto:jtimon@jtimon.cc>> wrote: >>>> >>>> >>>> But the goal is not reimplementing the consensus rules but rather >>>> extract them from Bitcoin Core so that nobody needs to re-implement >>>> them again. >>> >>> >>> >>> My goal is different. Compatibility with Bitcoin is important as I >>> also want to deal with Bitcoins, >>> but it is also imperative to be able to create and serve other block >>> chains with other rules and for those >>> I do not want to carry on the legacy of an antique tool set and a >>> spaghetti style. >>> >>> Bits of Proof uses scala (akka networking), java (api service), c++ >>> (leveledb and now libconsensus) >>> and I am eager to integrate secp256k1 (c) as soon as part of >>> consensus. The choices were >>> made because each piece appears best in what they do. >>> >>> Tamas Blummer >>> >>> >>> >>> _______________________________________________ >>> bitcoin-dev mailing list >>> bitcoin-dev@lists.linuxfoundation.org >>> <mailto:bitcoin-dev@lists.linuxfoundation.org> >>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >>> >> _______________________________________________ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> <mailto:bitcoin-dev@lists.linuxfoundation.org> >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >> > ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-20 21:35 ` Matt Corallo @ 2015-08-21 6:46 ` Tamas Blummer 0 siblings, 0 replies; 28+ messages in thread From: Tamas Blummer @ 2015-08-21 6:46 UTC (permalink / raw) To: Matt Corallo; +Cc: bitcoin-dev [-- Attachment #1.1: Type: text/plain, Size: 4488 bytes --] Thinking in Bitcoins only on the level of technology unnecessarily narrows your view. OK, I hope to be pleasantly surprised. Tamas Blummer > On Aug 20, 2015, at 23:35, Matt Corallo <lf-lists@mattcorallo.com> wrote: > > > > On 08/20/15 21:26, Tamas Blummer wrote: >> I know what you mean as I already have such a component with pluggable >> block store and networking. > > I'm not suggesting pluggable networking, I'm suggesting (and I think > everyone thinks the design should be) NO networking. The API is > ValidationResult libconsensus.HeyIFoundABlock(Block) and > ListOfBlocksToDownloadNext libconsensus.HeyIFoundAHeaderList(ListOfHeaders). > >> While you are at it you could aim for isolation of bitcoin specific >> decisions and algos from generic block chain code. > > Are you suggesting to support altcoins? I dont think anyone cares about > supporting that. > >> The magnitude of refactoring you would have to do to get there from >> main.cpp and the rest of the hairball >> is harder than a re-write from scratch, > > I think you'd be very pleasantly surprised. It sounds like you havent > dug into Bitcoin Core validation code in years. > >> and the result will not be >> impressive, just hopefully working. > > Hmm? The result would be an obviously correct consensus implementation > that everyone could use, instead of everyone going off and writing their > own and either being wrong, or never updating in the case of forks. Its > a huge deal to allow people to focus on making their libraries have good > APIs/Wallets/etc instead of focusing on making a working validation > engine (though maybe for that the p2p layer needs to also be in a library). > >> I think a slim API server was a lower hanging fruit in Core’s case. > > We have one, it just needs a few already obvious performance improvements. > >> BTW, support for refactoring is an example where you see if your tool >> set is modern. > > There are a number of good development tools for C++ that allow this.... > >> Tamas Blummer >> >>> On Aug 20, 2015, at 19:44, Matt Corallo via bitcoin-dev >>> <bitcoin-dev@lists.linuxfoundation.org >>> <mailto:bitcoin-dev@lists.linuxfoundation.org>> wrote: >>> >>> I dont think a libconsensus would have any kind of networking layer, nor >>> is C++ an antique tool set (hopefully libconsensus can avoid a boost >>> dependency, though thats not antique either). Ideally it would have a >>> simple API to give it blocks and a simple API for it to inform you of >>> what the current chain is. If you really want to get fancy maybe it has >>> pluggable block storage, too, but I dont see why you couldnt use this in >>> ~any client? >>> >>> On 08/20/15 08:35, Tamas Blummer via bitcoin-dev wrote: >>>> Every re-implementation, re-factoring even copy-paste introduces a >>>> risk of disagreement, >>>> but also open the chance of doing the work better, in the sense of >>>> software engineering. >>>> >>>>> On Aug 20, 2015, at 10:06, Jorge Timón <jtimon@jtimon.cc >>>>> <mailto:jtimon@jtimon.cc>> wrote: >>>>> >>>>> >>>>> But the goal is not reimplementing the consensus rules but rather >>>>> extract them from Bitcoin Core so that nobody needs to re-implement >>>>> them again. >>>> >>>> >>>> >>>> My goal is different. Compatibility with Bitcoin is important as I >>>> also want to deal with Bitcoins, >>>> but it is also imperative to be able to create and serve other block >>>> chains with other rules and for those >>>> I do not want to carry on the legacy of an antique tool set and a >>>> spaghetti style. >>>> >>>> Bits of Proof uses scala (akka networking), java (api service), c++ >>>> (leveledb and now libconsensus) >>>> and I am eager to integrate secp256k1 (c) as soon as part of >>>> consensus. The choices were >>>> made because each piece appears best in what they do. >>>> >>>> Tamas Blummer >>>> >>>> >>>> >>>> _______________________________________________ >>>> bitcoin-dev mailing list >>>> bitcoin-dev@lists.linuxfoundation.org >>>> <mailto:bitcoin-dev@lists.linuxfoundation.org> >>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >>>> >>> _______________________________________________ >>> bitcoin-dev mailing list >>> bitcoin-dev@lists.linuxfoundation.org >>> <mailto:bitcoin-dev@lists.linuxfoundation.org> >>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >>> >> > [-- Attachment #1.2: Type: text/html, Size: 7382 bytes --] [-- Attachment #2: Message signed with OpenPGP using GPGMail --] [-- Type: application/pgp-signature, Size: 496 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-20 8:35 ` Tamas Blummer 2015-08-20 17:44 ` Matt Corallo @ 2015-08-21 19:46 ` Jorge Timón 2015-08-21 20:07 ` Eric Lombrozo 2015-08-22 11:04 ` Tamas Blummer 1 sibling, 2 replies; 28+ messages in thread From: Jorge Timón @ 2015-08-21 19:46 UTC (permalink / raw) To: Tamas Blummer; +Cc: Bitcoin Dev, Libbitcoin On Thu, Aug 20, 2015 at 10:35 AM, Tamas Blummer <tamas@bitsofproof.com> wrote: > Every re-implementation, re-factoring even copy-paste introduces a risk of disagreement, > but also open the chance of doing the work better, in the sense of software engineering. But you don't want something better, you want something functionally identical. You may want to watch sipa's explanation on why "the implementation is the specification" and the reasons to separate libconsensus: https://youtu.be/l3O4nh79CUU?t=764 >> On Aug 20, 2015, at 10:06, Jorge Timón <jtimon@jtimon.cc> wrote: >> >> >> But the goal is not reimplementing the consensus rules but rather >> extract them from Bitcoin Core so that nobody needs to re-implement >> them again. > > > > My goal is different. Compatibility with Bitcoin is important as I also want to deal with Bitcoins, > but it is also imperative to be able to create and serve other block chains with other rules and for those > I do not want to carry on the legacy of an antique tool set and a spaghetti style. > > Bits of Proof uses scala (akka networking), java (api service), c++ (leveledb and now libconsensus) > and I am eager to integrate secp256k1 (c) as soon as part of consensus. The choices were > made because each piece appears best in what they do. Since you already depend on libconsensus for VerifyScript, wouldn't it be nice that it also offered VerifyTx, VerifyHeader and VerifyBlock? You would still have complete control over storage, concurrency, networking, policy... My plan is for the C API to interface with the external storage by passing a function pointer to it. ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-21 19:46 ` Jorge Timón @ 2015-08-21 20:07 ` Eric Lombrozo 2015-08-22 11:04 ` Tamas Blummer 1 sibling, 0 replies; 28+ messages in thread From: Eric Lombrozo @ 2015-08-21 20:07 UTC (permalink / raw) To: Jorge Timón, Tamas Blummer; +Cc: Bitcoin Dev, Libbitcoin [-- Attachment #1: Type: text/plain, Size: 2860 bytes --] Unfortunately we have no way of rigorously proving functional equivalence other than code review and unit testing. The simpler the consensus code (and the more we can write it in a style that affords provability of correctness) the easier it will be in the future to compare implementations. Prior to swapping out implementations, we should at the least run it through the gauntlet and perhaps run both implementations side-by-side. All I/O should be treated abstractly in the API. In C++ I really like using a nearly bare-bones signal template for most async message handling, i.e. https://github.com/ciphrex/mSIGNA/blob/master/deps/Signals/src/Signals.h This greatly facilitates support for async bidirectional I/O, etc...with minimal overhead. But others might have other stylistic preferences. - Eric On Fri, Aug 21, 2015, 12:46 PM Jorge Timón < bitcoin-dev@lists.linuxfoundation.org> wrote: > On Thu, Aug 20, 2015 at 10:35 AM, Tamas Blummer <tamas@bitsofproof.com> > wrote: > > Every re-implementation, re-factoring even copy-paste introduces a risk > of disagreement, > > but also open the chance of doing the work better, in the sense of > software engineering. > > But you don't want something better, you want something functionally > identical. > You may want to watch sipa's explanation on why "the implementation is > the specification" and the reasons to separate libconsensus: > https://youtu.be/l3O4nh79CUU?t=764 > > >> On Aug 20, 2015, at 10:06, Jorge Timón <jtimon@jtimon.cc> wrote: > >> > >> > >> But the goal is not reimplementing the consensus rules but rather > >> extract them from Bitcoin Core so that nobody needs to re-implement > >> them again. > > > > > > > > My goal is different. Compatibility with Bitcoin is important as I also > want to deal with Bitcoins, > > but it is also imperative to be able to create and serve other block > chains with other rules and for those > > I do not want to carry on the legacy of an antique tool set and a > spaghetti style. > > > > Bits of Proof uses scala (akka networking), java (api service), c++ > (leveledb and now libconsensus) > > and I am eager to integrate secp256k1 (c) as soon as part of consensus. > The choices were > > made because each piece appears best in what they do. > > Since you already depend on libconsensus for VerifyScript, wouldn't it > be nice that it also offered VerifyTx, VerifyHeader and VerifyBlock? > You would still have complete control over storage, concurrency, > networking, policy... > My plan is for the C API to interface with the external storage by > passing a function pointer to it. > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > [-- Attachment #2: Type: text/html, Size: 3766 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-21 19:46 ` Jorge Timón 2015-08-21 20:07 ` Eric Lombrozo @ 2015-08-22 11:04 ` Tamas Blummer 2015-08-23 1:23 ` Eric Lombrozo 2015-08-29 22:08 ` Jorge Timón 1 sibling, 2 replies; 28+ messages in thread From: Tamas Blummer @ 2015-08-22 11:04 UTC (permalink / raw) To: Jorge Timón, Matt Corallo; +Cc: Bitcoin Dev, Libbitcoin [-- Attachment #1.1: Type: text/plain, Size: 3398 bytes --] > On Aug 21, 2015, at 21:46, Jorge Timón <jtimon@jtimon.cc> wrote: > > On Thu, Aug 20, 2015 at 10:35 AM, Tamas Blummer <tamas@bitsofproof.com <mailto:tamas@bitsofproof.com>> wrote: >> Every re-implementation, re-factoring even copy-paste introduces a risk of disagreement, >> but also open the chance of doing the work better, in the sense of software engineering. > > But you don't want something better, you want something functionally identical. > You may want to watch sipa's explanation on why "the implementation is > the specification" and the reasons to separate libconsensus: > https://youtu.be/l3O4nh79CUU?t=764 <https://youtu.be/l3O4nh79CUU?t=764> I do want something better, but not for the focus you have. Not because what you produce was not high quality, but because quality is achieved at a very high cost and is hard to uphold over generations of developer. You focus on a single use case while there are many out there for distributed ledgers. I think in an infrastructure for enterprise applications, building consensus on the ledger is a cornerstone there, but is only a piece of the solution. I built several commercially successful deployments where I delegated the consensus building to a border router, a Bitcoin Core, then interfaced that trusted peer with my implementation that accepted Core’s decisions in an SPV manner. One might think of this setup as wasteful and unsuitable for “small devices” therefore an example of centralization people here try to avoid. Enterprises have sufficient resources. Solving the business problem is valuable to them even at magnitudes higher cost than a hobbyist would bear. For mainstream adoption you need to get enterprises on board too, and that is what I care of. Enterprises want code that is not only high quality, but is easy to maintain with a development team with high attrition. One has to take whatever help is offered for that, and one is modern languages and runtimes. Bits of Proof’s own implementation of the scripts was not practically relevant in my commercially successful deployments, because of the use of a border router, but it helped development, enabling easier debug and precise error feedback esp. end even after Core had a reject message. I integrated libconsensus only for the hope that is significantly fastens application side tx verification, which it has turned out it does not, until secp265k1 is integrated. I would likely use an other extended libconsensus too, but do not think there was a dependency on that for enterprise development. It would help there more to have a slim protocol server, no wallet, no rpc, no qt but a high performance remoting API. > Since you already depend on libconsensus for VerifyScript, wouldn't it > be nice that it also offered VerifyTx, VerifyHeader and VerifyBlock? > You would still have complete control over storage, concurrency, > networking, policy... > My plan is for the C API to interface with the external storage by > passing a function pointer to it. Storage and validation is non-trivially interconnected, but I now the separation can be done, since I did it. Excuse me, but function pointers is a pattern I used in the 80’s. I know that they are behind the curtain of modern abstractions with similar use, I still prefer not to see them again. Tamas Blummer [-- Attachment #1.2: Type: text/html, Size: 13258 bytes --] [-- Attachment #2: Message signed with OpenPGP using GPGMail --] [-- Type: application/pgp-signature, Size: 496 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-22 11:04 ` Tamas Blummer @ 2015-08-23 1:23 ` Eric Lombrozo 2015-08-23 2:19 ` Eric Lombrozo ` (2 more replies) 2015-08-29 22:08 ` Jorge Timón 1 sibling, 3 replies; 28+ messages in thread From: Eric Lombrozo @ 2015-08-23 1:23 UTC (permalink / raw) To: Tamas Blummer, Jorge Timón, Matt Corallo; +Cc: Bitcoin Dev, Libbitcoin [-- Attachment #1: Type: text/plain, Size: 6470 bytes --] I've been pushing for greater modularization since I first got into bitcoin. I got quickly frustrated when I was only able to get through very few things (i.e. moving core structure serialization classes to a separate unit not called main). Working on Bitcoin has an added layer of frustration that goes beyond most open source projects: even though we're clearly in userland working at the application layer, a good layered protocol design is still lacking. We have no standards process separate from what basically amount to updates to one specific reference implementation. And we all need to agree on any major change, since a blockchain that is easily forked in contentious ways pretty much defeats its own purpose. I went off to develop my own stack, where I could more easily avoid politics and focus on engineering. But I now understand the politics are inevitable. Bitcoin is inherently a cooperative project. Several people have poured themselves passionately into the reference codebase, most of whom did it (at least initially) purely as unpaid volunteers. There's a lot of love that's gone into this. But it's become pretty clear that the modularization is no longer merely a matter of good engineering - it is essential to resolving serious political challenges. Perhaps the most frustrating thing of all is watching people pushing for relatively superficial yet highly controversial changes while we still lack the proper infrastructure to handle these kinds of divergences of opinion without either stagnating or becoming polarized. I could continue working to reimplement an entire stack from scratch, as several others have also done - but besides the serious effort duplication this entails, it doesn't really seem like it will ultimately be a convergent process. It's too easy to let ego and habit dictate one's preferences rather than rational engineering considerations. I know that some might feel I'm just preaching to the choir, but we should probably take a step back from implementation hackery and try to specify some core protocol layers, focusing on interfaces. Specifically, we need a consensus layer that doesn't try to specify networking, storage, wallets, UI, etc. Let different people improve upon these things independently in their own implementations. What matters is that we all converge on a common history and state. At the same time, let's open up more competition on all these other things that are separate from the consensus layer. If only we were to dedicate a fraction of the effort we've put into this whole block size circus into what's actually important...and I blame myself as well... On Sat, Aug 22, 2015, 4:05 AM Tamas Blummer via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > On Aug 21, 2015, at 21:46, Jorge Timón <jtimon@jtimon.cc> wrote: > > On Thu, Aug 20, 2015 at 10:35 AM, Tamas Blummer <tamas@bitsofproof.com> > wrote: > > Every re-implementation, re-factoring even copy-paste introduces a risk of > disagreement, > but also open the chance of doing the work better, in the sense of > software engineering. > > > But you don't want something better, you want something functionally > identical. > You may want to watch sipa's explanation on why "the implementation is > the specification" and the reasons to separate libconsensus: > https://youtu.be/l3O4nh79CUU?t=764 > > > I do want something better, but not for the focus you have. > > Not because what you produce was not high quality, but because quality is > achieved at a very > high cost and is hard to uphold over generations of developer. You focus > on a single use case > while there are many out there for distributed ledgers. > > I think in an infrastructure for enterprise applications, building > consensus on the ledger is a > cornerstone there, but is only a piece of the solution. I built several > commercially successful > deployments where I delegated the consensus building to a border router, a > Bitcoin Core, > then interfaced that trusted peer with my implementation that accepted > Core’s decisions > in an SPV manner. One might think of this setup as wasteful and unsuitable > for “small devices” > therefore an example of centralization people here try to avoid. > > Enterprises have sufficient resources. Solving the business problem is > valuable to them even at > magnitudes higher cost than a hobbyist would bear. > > For mainstream adoption you need to get enterprises on board too, and > that is what I care of. > Enterprises want code that is not only high quality, but is easy to > maintain with a development > team with high attrition. One has to take whatever help is offered for > that, and one is modern > languages and runtimes. > > Bits of Proof’s own implementation of the scripts was not practically > relevant in my commercially > successful deployments, because of the use of a border router, but it > helped development, > enabling easier debug and precise error feedback esp. end even after Core > had a reject message. > > I integrated libconsensus only for the hope that is significantly fastens > application side tx verification, > which it has turned out it does not, until secp265k1 is integrated. > > I would likely use an other extended libconsensus too, but do not think > there was a dependency on > that for enterprise development. > > It would help there more to have a slim protocol server, no wallet, no > rpc, no qt but a high > performance remoting API. > > Since you already depend on libconsensus for VerifyScript, wouldn't it > be nice that it also offered VerifyTx, VerifyHeader and VerifyBlock? > You would still have complete control over storage, concurrency, > networking, policy... > My plan is for the C API to interface with the external storage by > passing a function pointer to it. > > > Storage and validation is non-trivially interconnected, but I now the > separation can be done, > since I did it. > > Excuse me, but function pointers is a pattern I used in the 80’s. I know > that they are behind > the curtain of modern abstractions with similar use, I still prefer not to > see them again. > > Tamas Blummer > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > [-- Attachment #2: Type: text/html, Size: 14121 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-23 1:23 ` Eric Lombrozo @ 2015-08-23 2:19 ` Eric Lombrozo 2015-08-23 6:42 ` Tamas Blummer 2015-08-29 23:25 ` Jorge Timón 2 siblings, 0 replies; 28+ messages in thread From: Eric Lombrozo @ 2015-08-23 2:19 UTC (permalink / raw) To: Tamas Blummer, Jorge Timón, Matt Corallo; +Cc: Bitcoin Dev, Libbitcoin [-- Attachment #1: Type: text/plain, Size: 7281 bytes --] One thing it occurs to me (and I don't know if this has been suggested before) we could do is separate the BIP process into at several distinct areas: 1) Commit structure changes/consensus rule change proposals - Consensus-building process (how are proposals debated, improved, vetted, and selected) - Update/deployment mechanisms for rule changes - Specific hard fork proposals - Specific soft fork proposals 2) Peer policies - Seeding and discovery mechanisms - Relay policies - p2p message support 3) RPC 4) Everything else On Sat, Aug 22, 2015, 6:28 PM Eric Lombrozo <elombrozo@gmail.com> wrote: > I've been pushing for greater modularization since I first got into > bitcoin. I got quickly frustrated when I was only able to get through very > few things (i.e. moving core structure serialization classes to a separate > unit not called main). Working on Bitcoin has an added layer of frustration > that goes beyond most open source projects: even though we're clearly in > userland working at the application layer, a good layered protocol design > is still lacking. We have no standards process separate from what basically > amount to updates to one specific reference implementation. And we all need > to agree on any major change, since a blockchain that is easily forked in > contentious ways pretty much defeats its own purpose. > > I went off to develop my own stack, where I could more easily avoid > politics and focus on engineering. But I now understand the politics are > inevitable. Bitcoin is inherently a cooperative project. Several people > have poured themselves passionately into the reference codebase, most of > whom did it (at least initially) purely as unpaid volunteers. There's a lot > of love that's gone into this. But it's become pretty clear that the > modularization is no longer merely a matter of good engineering - it is > essential to resolving serious political challenges. > > Perhaps the most frustrating thing of all is watching people pushing for > relatively superficial yet highly controversial changes while we still lack > the proper infrastructure to handle these kinds of divergences of opinion > without either stagnating or becoming polarized. > > I could continue working to reimplement an entire stack from scratch, as > several others have also done - but besides the serious effort duplication > this entails, it doesn't really seem like it will ultimately be a > convergent process. It's too easy to let ego and habit dictate one's > preferences rather than rational engineering considerations. > > I know that some might feel I'm just preaching to the choir, but we should > probably take a step back from implementation hackery and try to specify > some core protocol layers, focusing on interfaces. Specifically, we need a > consensus layer that doesn't try to specify networking, storage, wallets, > UI, etc. Let different people improve upon these things independently in > their own implementations. What matters is that we all converge on a common > history and state. At the same time, let's open up more competition on all > these other things that are separate from the consensus layer. > > If only we were to dedicate a fraction of the effort we've put into this > whole block size circus into what's actually important...and I blame myself > as well... > > On Sat, Aug 22, 2015, 4:05 AM Tamas Blummer via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >> On Aug 21, 2015, at 21:46, Jorge Timón <jtimon@jtimon.cc> wrote: >> >> On Thu, Aug 20, 2015 at 10:35 AM, Tamas Blummer <tamas@bitsofproof.com> >> wrote: >> >> Every re-implementation, re-factoring even copy-paste introduces a risk >> of disagreement, >> but also open the chance of doing the work better, in the sense of >> software engineering. >> >> >> But you don't want something better, you want something functionally >> identical. >> You may want to watch sipa's explanation on why "the implementation is >> the specification" and the reasons to separate libconsensus: >> https://youtu.be/l3O4nh79CUU?t=764 >> >> >> I do want something better, but not for the focus you have. >> >> Not because what you produce was not high quality, but because quality is >> achieved at a very >> high cost and is hard to uphold over generations of developer. You focus >> on a single use case >> while there are many out there for distributed ledgers. >> >> I think in an infrastructure for enterprise applications, building >> consensus on the ledger is a >> cornerstone there, but is only a piece of the solution. I built several >> commercially successful >> deployments where I delegated the consensus building to a border router, >> a Bitcoin Core, >> then interfaced that trusted peer with my implementation that accepted >> Core’s decisions >> in an SPV manner. One might think of this setup as wasteful and >> unsuitable for “small devices” >> therefore an example of centralization people here try to avoid. >> >> Enterprises have sufficient resources. Solving the business problem is >> valuable to them even at >> magnitudes higher cost than a hobbyist would bear. >> >> For mainstream adoption you need to get enterprises on board too, and >> that is what I care of. >> Enterprises want code that is not only high quality, but is easy to >> maintain with a development >> team with high attrition. One has to take whatever help is offered for >> that, and one is modern >> languages and runtimes. >> >> Bits of Proof’s own implementation of the scripts was not practically >> relevant in my commercially >> successful deployments, because of the use of a border router, but it >> helped development, >> enabling easier debug and precise error feedback esp. end even after Core >> had a reject message. >> >> I integrated libconsensus only for the hope that is significantly fastens >> application side tx verification, >> which it has turned out it does not, until secp265k1 is integrated. >> >> I would likely use an other extended libconsensus too, but do not think >> there was a dependency on >> that for enterprise development. >> >> It would help there more to have a slim protocol server, no wallet, no >> rpc, no qt but a high >> performance remoting API. >> >> Since you already depend on libconsensus for VerifyScript, wouldn't it >> be nice that it also offered VerifyTx, VerifyHeader and VerifyBlock? >> You would still have complete control over storage, concurrency, >> networking, policy... >> My plan is for the C API to interface with the external storage by >> passing a function pointer to it. >> >> >> Storage and validation is non-trivially interconnected, but I now the >> separation can be done, >> since I did it. >> >> Excuse me, but function pointers is a pattern I used in the 80’s. I know >> that they are behind >> the curtain of modern abstractions with similar use, I still prefer not >> to see them again. >> >> Tamas Blummer >> >> _______________________________________________ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >> > [-- Attachment #2: Type: text/html, Size: 15088 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-23 1:23 ` Eric Lombrozo 2015-08-23 2:19 ` Eric Lombrozo @ 2015-08-23 6:42 ` Tamas Blummer 2015-08-29 23:30 ` Jorge Timón 2015-08-29 23:25 ` Jorge Timón 2 siblings, 1 reply; 28+ messages in thread From: Tamas Blummer @ 2015-08-23 6:42 UTC (permalink / raw) To: Eric Lombrozo; +Cc: Bitcoin Dev, Libbitcoin [-- Attachment #1.1: Type: text/plain, Size: 7745 bytes --] I see the huge amount of sweat and love that went into core and it actually hurts to see that most is expended in friction and lack of a vision for the software architecture. To be concrete, this was my plan if dealing with the Core code base: 1) I'd consider the separation of networking and storage as suggested for a future extended libconsensus low priority, as their design should be (are) dominated by the need of the consensus logic only. 2) create an API to the consensus+networking+storage service that is not at the C++ language level but some scaleable cross-platform remoting, like eg. ZeroMQ. This API should be minimal and simple, assuming that one fully trusts the node answering it. This API would unlock user land development by distinct teams with diverse technologies. 3) move the wallet, QT and RPC and other backward compatibility stuff (if e.g. there is some mining support) in-top of the new API and into distinct source code repositories. Tamas Blummer > On Aug 23, 2015, at 03:23, Eric Lombrozo <elombrozo@gmail.com> wrote: > > I've been pushing for greater modularization since I first got into bitcoin. I got quickly frustrated when I was only able to get through very few things (i.e. moving core structure serialization classes to a separate unit not called main). Working on Bitcoin has an added layer of frustration that goes beyond most open source projects: even though we're clearly in userland working at the application layer, a good layered protocol design is still lacking. We have no standards process separate from what basically amount to updates to one specific reference implementation. And we all need to agree on any major change, since a blockchain that is easily forked in contentious ways pretty much defeats its own purpose. > > I went off to develop my own stack, where I could more easily avoid politics and focus on engineering. But I now understand the politics are inevitable. Bitcoin is inherently a cooperative project. Several people have poured themselves passionately into the reference codebase, most of whom did it (at least initially) purely as unpaid volunteers. There's a lot of love that's gone into this. But it's become pretty clear that the modularization is no longer merely a matter of good engineering - it is essential to resolving serious political challenges. > > Perhaps the most frustrating thing of all is watching people pushing for relatively superficial yet highly controversial changes while we still lack the proper infrastructure to handle these kinds of divergences of opinion without either stagnating or becoming polarized. > > I could continue working to reimplement an entire stack from scratch, as several others have also done - but besides the serious effort duplication this entails, it doesn't really seem like it will ultimately be a convergent process. It's too easy to let ego and habit dictate one's preferences rather than rational engineering considerations. > > I know that some might feel I'm just preaching to the choir, but we should probably take a step back from implementation hackery and try to specify some core protocol layers, focusing on interfaces. Specifically, we need a consensus layer that doesn't try to specify networking, storage, wallets, UI, etc. Let different people improve upon these things independently in their own implementations. What matters is that we all converge on a common history and state. At the same time, let's open up more competition on all these other things that are separate from the consensus layer. > > If only we were to dedicate a fraction of the effort we've put into this whole block size circus into what's actually important...and I blame myself as well... > > > On Sat, Aug 22, 2015, 4:05 AM Tamas Blummer via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org <mailto:bitcoin-dev@lists.linuxfoundation.org>> wrote: >> On Aug 21, 2015, at 21:46, Jorge Timón <jtimon@jtimon.cc <mailto:jtimon@jtimon.cc>> wrote: >> >> On Thu, Aug 20, 2015 at 10:35 AM, Tamas Blummer <tamas@bitsofproof.com <mailto:tamas@bitsofproof.com>> wrote: >>> Every re-implementation, re-factoring even copy-paste introduces a risk of disagreement, >>> but also open the chance of doing the work better, in the sense of software engineering. >> >> But you don't want something better, you want something functionally identical. >> You may want to watch sipa's explanation on why "the implementation is >> the specification" and the reasons to separate libconsensus: >> https://youtu.be/l3O4nh79CUU?t=764 <https://youtu.be/l3O4nh79CUU?t=764> > > I do want something better, but not for the focus you have. > > Not because what you produce was not high quality, but because quality is achieved at a very > high cost and is hard to uphold over generations of developer. You focus on a single use case > while there are many out there for distributed ledgers. > > I think in an infrastructure for enterprise applications, building consensus on the ledger is a > cornerstone there, but is only a piece of the solution. I built several commercially successful > deployments where I delegated the consensus building to a border router, a Bitcoin Core, > then interfaced that trusted peer with my implementation that accepted Core’s decisions > in an SPV manner. One might think of this setup as wasteful and unsuitable for “small devices” > therefore an example of centralization people here try to avoid. > > Enterprises have sufficient resources. Solving the business problem is valuable to them even at > magnitudes higher cost than a hobbyist would bear. > > For mainstream adoption you need to get enterprises on board too, and that is what I care of. > Enterprises want code that is not only high quality, but is easy to maintain with a development > team with high attrition. One has to take whatever help is offered for that, and one is modern > languages and runtimes. > > Bits of Proof’s own implementation of the scripts was not practically relevant in my commercially > successful deployments, because of the use of a border router, but it helped development, > enabling easier debug and precise error feedback esp. end even after Core had a reject message. > > I integrated libconsensus only for the hope that is significantly fastens application side tx verification, > which it has turned out it does not, until secp265k1 is integrated. > > I would likely use an other extended libconsensus too, but do not think there was a dependency on > that for enterprise development. > > It would help there more to have a slim protocol server, no wallet, no rpc, no qt but a high > performance remoting API. > >> Since you already depend on libconsensus for VerifyScript, wouldn't it >> be nice that it also offered VerifyTx, VerifyHeader and VerifyBlock? >> You would still have complete control over storage, concurrency, >> networking, policy... >> My plan is for the C API to interface with the external storage by >> passing a function pointer to it. > > > Storage and validation is non-trivially interconnected, but I now the separation can be done, > since I did it. > > Excuse me, but function pointers is a pattern I used in the 80’s. I know that they are behind > the curtain of modern abstractions with similar use, I still prefer not to see them again. > > Tamas Blummer > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org <mailto:bitcoin-dev@lists.linuxfoundation.org> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev> [-- Attachment #1.2: Type: text/html, Size: 18120 bytes --] [-- Attachment #2: Message signed with OpenPGP using GPGMail --] [-- Type: application/pgp-signature, Size: 496 bytes --] ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-23 6:42 ` Tamas Blummer @ 2015-08-29 23:30 ` Jorge Timón 0 siblings, 0 replies; 28+ messages in thread From: Jorge Timón @ 2015-08-29 23:30 UTC (permalink / raw) To: Tamas Blummer; +Cc: Bitcoin Dev, Libbitcoin On Sun, Aug 23, 2015 at 8:42 AM, Tamas Blummer <tamas@bitsofproof.com> wrote: > I see the huge amount of sweat and love that went into core and it actually > hurts to see that most is expended in friction and lack of a vision for the > software architecture. > > To be concrete, this was my plan if dealing with the Core code base: > > 1) I'd consider the separation of networking and storage as suggested for a > future extended libconsensus low priority, as their design should be (are) > dominated by the need of the consensus logic only. > > 2) create an API to the consensus+networking+storage service that is not at > the C++ language level but some scaleable cross-platform remoting, like eg. > ZeroMQ. > This API should be minimal and simple, assuming that one fully trusts the > node answering it. This API would unlock user land development by distinct > teams with diverse technologies. I plan to replicate the RPC API (or a subset of it) using ZMQ's req/rep pattern, but #6103 comes first. > 3) move the wallet, QT and RPC and other backward compatibility stuff (if > e.g. there is some mining support) in-top of the new API and into distinct > source code repositories. Well, the RPC is the API. For libconsensus, its C API is the API. We've been talking about separating the wallet and qt to a different repository for long, but modularization is a prerequisite. ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-23 1:23 ` Eric Lombrozo 2015-08-23 2:19 ` Eric Lombrozo 2015-08-23 6:42 ` Tamas Blummer @ 2015-08-29 23:25 ` Jorge Timón 2 siblings, 0 replies; 28+ messages in thread From: Jorge Timón @ 2015-08-29 23:25 UTC (permalink / raw) To: Eric Lombrozo, Jonas Schnelli; +Cc: Bitcoin Dev, Libbitcoin I completely agree and I share your frustration. The importance of modularization is often disregarded but in my opinion it has a deep positive impact in the long term: more people are able to contribute with code and review (in the areas they know better), the risks associated with each change become more clear (there was a time when almost any change implied consensus risks), more alternative code bases can be implemented on top of the basic ones without fear of consensus bugs, etc. When I first read some of the code in 2011, I concluded that almost everything was in main.cpp (which I found ridiculous from a software engineering perspective). When I started to contribute with code in 2014, main.cpp was still (and still is in my opinion) giant, but the modularization had greatly improved thanks to changes like moving the serialization code out of main (thank you very much for that). We still have a lot of work ahead, but we've certainly advanced a lot. Unfortunately we cannot force reviewers to pay more attention to modularization PRs, many of them are usually more interested in changes that add or remove functionality in the short term. This problem gets exacerbated when modularization changes are required to be done in small increments to make them more easily reviewable and less disruptive to other open PRs, since it's harder for people to see the big picture and the rationale for those small changes (that often don't hcange functionality or performance at all). I know we are not alone on this and people like Wladimir, Pieter, Cory and Jonas Schnelli (at least, probably more people do) deeply care about modularization, even if I subjectively and selfishly interpret the lack of review on some of my PRs as a symptom of the opposite. So I suggest that people who think this is a high priority join and review each other's PRs on the subject. Currently I focus on 3 modularization areas: 1) Chainparams: supporting multiple chains (ie multiple testchains is all what Bitcoin cares about) is a great goal but there's still many barriers to create a new testchain. I started this work with #3824, but even after #6382 there are still more things to do. 2) Consensus: separating the consensus code, Matt Corallo had the idea of also exposing it in libconsensus. I started with #3839, the latest things I still have open are #6591 and #6445, please review. 3) Policy: separate node local policy code. Luke Dashjr started with #5071, I started with #6335 (after several failed attempts), the next little step blocking many other changes I have ready for way too long is #6068 (#6424 also helps), please review. I know Jonas Schnelli is focusing on the wallet. Cory Fields has recently focused on checkpoints and chainparams. Now that I know that you also care about modularization I will ask you for review as well, I hope not to be too annoying like I've been with Wladimir and Cory some times (and I usually am with some of my coworkers at blockstream). Please do the same with me: point me to any modularization PR you have opened. Regarding your next post, I agree that an additional "Layer" field in BIPs could be useful. Maybe you should start a BIP for that? On Sun, Aug 23, 2015 at 3:23 AM, Eric Lombrozo <elombrozo@gmail.com> wrote: > I've been pushing for greater modularization since I first got into bitcoin. > I got quickly frustrated when I was only able to get through very few things > (i.e. moving core structure serialization classes to a separate unit not > called main). Working on Bitcoin has an added layer of frustration that goes > beyond most open source projects: even though we're clearly in userland > working at the application layer, a good layered protocol design is still > lacking. We have no standards process separate from what basically amount to > updates to one specific reference implementation. And we all need to agree > on any major change, since a blockchain that is easily forked in contentious > ways pretty much defeats its own purpose. > > I went off to develop my own stack, where I could more easily avoid politics > and focus on engineering. But I now understand the politics are inevitable. > Bitcoin is inherently a cooperative project. Several people have poured > themselves passionately into the reference codebase, most of whom did it (at > least initially) purely as unpaid volunteers. There's a lot of love that's > gone into this. But it's become pretty clear that the modularization is no > longer merely a matter of good engineering - it is essential to resolving > serious political challenges. > > Perhaps the most frustrating thing of all is watching people pushing for > relatively superficial yet highly controversial changes while we still lack > the proper infrastructure to handle these kinds of divergences of opinion > without either stagnating or becoming polarized. > > I could continue working to reimplement an entire stack from scratch, as > several others have also done - but besides the serious effort duplication > this entails, it doesn't really seem like it will ultimately be a convergent > process. It's too easy to let ego and habit dictate one's preferences rather > than rational engineering considerations. > > I know that some might feel I'm just preaching to the choir, but we should > probably take a step back from implementation hackery and try to specify > some core protocol layers, focusing on interfaces. Specifically, we need a > consensus layer that doesn't try to specify networking, storage, wallets, > UI, etc. Let different people improve upon these things independently in > their own implementations. What matters is that we all converge on a common > history and state. At the same time, let's open up more competition on all > these other things that are separate from the consensus layer. > > If only we were to dedicate a fraction of the effort we've put into this > whole block size circus into what's actually important...and I blame myself > as well... > > > On Sat, Aug 22, 2015, 4:05 AM Tamas Blummer via bitcoin-dev > <bitcoin-dev@lists.linuxfoundation.org> wrote: >> >> On Aug 21, 2015, at 21:46, Jorge Timón <jtimon@jtimon.cc> wrote: >> >> On Thu, Aug 20, 2015 at 10:35 AM, Tamas Blummer <tamas@bitsofproof.com> >> wrote: >> >> Every re-implementation, re-factoring even copy-paste introduces a risk of >> disagreement, >> but also open the chance of doing the work better, in the sense of >> software engineering. >> >> >> But you don't want something better, you want something functionally >> identical. >> You may want to watch sipa's explanation on why "the implementation is >> the specification" and the reasons to separate libconsensus: >> https://youtu.be/l3O4nh79CUU?t=764 >> >> >> I do want something better, but not for the focus you have. >> >> Not because what you produce was not high quality, but because quality is >> achieved at a very >> high cost and is hard to uphold over generations of developer. You focus >> on a single use case >> while there are many out there for distributed ledgers. >> >> I think in an infrastructure for enterprise applications, building >> consensus on the ledger is a >> cornerstone there, but is only a piece of the solution. I built several >> commercially successful >> deployments where I delegated the consensus building to a border router, a >> Bitcoin Core, >> then interfaced that trusted peer with my implementation that accepted >> Core’s decisions >> in an SPV manner. One might think of this setup as wasteful and unsuitable >> for “small devices” >> therefore an example of centralization people here try to avoid. >> >> Enterprises have sufficient resources. Solving the business problem is >> valuable to them even at >> magnitudes higher cost than a hobbyist would bear. >> >> For mainstream adoption you need to get enterprises on board too, and >> that is what I care of. >> Enterprises want code that is not only high quality, but is easy to >> maintain with a development >> team with high attrition. One has to take whatever help is offered for >> that, and one is modern >> languages and runtimes. >> >> Bits of Proof’s own implementation of the scripts was not practically >> relevant in my commercially >> successful deployments, because of the use of a border router, but it >> helped development, >> enabling easier debug and precise error feedback esp. end even after Core >> had a reject message. >> >> I integrated libconsensus only for the hope that is significantly fastens >> application side tx verification, >> which it has turned out it does not, until secp265k1 is integrated. >> >> I would likely use an other extended libconsensus too, but do not think >> there was a dependency on >> that for enterprise development. >> >> It would help there more to have a slim protocol server, no wallet, no >> rpc, no qt but a high >> performance remoting API. >> >> Since you already depend on libconsensus for VerifyScript, wouldn't it >> be nice that it also offered VerifyTx, VerifyHeader and VerifyBlock? >> You would still have complete control over storage, concurrency, >> networking, policy... >> My plan is for the C API to interface with the external storage by >> passing a function pointer to it. >> >> >> Storage and validation is non-trivially interconnected, but I now the >> separation can be done, >> since I did it. >> >> Excuse me, but function pointers is a pattern I used in the 80’s. I know >> that they are behind >> the curtain of modern abstractions with similar use, I still prefer not to >> see them again. >> >> Tamas Blummer >> >> _______________________________________________ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-08-22 11:04 ` Tamas Blummer 2015-08-23 1:23 ` Eric Lombrozo @ 2015-08-29 22:08 ` Jorge Timón 1 sibling, 0 replies; 28+ messages in thread From: Jorge Timón @ 2015-08-29 22:08 UTC (permalink / raw) To: Tamas Blummer; +Cc: Bitcoin Dev, Libbitcoin On Sat, Aug 22, 2015 at 1:04 PM, Tamas Blummer <tamas@bitsofproof.com> wrote: > On Aug 21, 2015, at 21:46, Jorge Timón <jtimon@jtimon.cc> wrote: > > On Thu, Aug 20, 2015 at 10:35 AM, Tamas Blummer <tamas@bitsofproof.com> > wrote: > > Every re-implementation, re-factoring even copy-paste introduces a risk of > disagreement, > but also open the chance of doing the work better, in the sense of software > engineering. > > > But you don't want something better, you want something functionally > identical. > You may want to watch sipa's explanation on why "the implementation is > the specification" and the reasons to separate libconsensus: > https://youtu.be/l3O4nh79CUU?t=764 > > > I do want something better, but not for the focus you have. > > Not because what you produce was not high quality, but because quality is > achieved at a very > high cost and is hard to uphold over generations of developer. You focus on > a single use case > while there are many out there for distributed ledgers. > > I think in an infrastructure for enterprise applications, building consensus > on the ledger is a > cornerstone there, but is only a piece of the solution. I built several > commercially successful > deployments where I delegated the consensus building to a border router, a > Bitcoin Core, > then interfaced that trusted peer with my implementation that accepted > Core’s decisions > in an SPV manner. One might think of this setup as wasteful and unsuitable > for “small devices” > therefore an example of centralization people here try to avoid. > > Enterprises have sufficient resources. Solving the business problem is > valuable to them even at > magnitudes higher cost than a hobbyist would bear. > > For mainstream adoption you need to get enterprises on board too, and that > is what I care of. > Enterprises want code that is not only high quality, but is easy to maintain > with a development > team with high attrition. One has to take whatever help is offered for that, > and one is modern > languages and runtimes. > > Bits of Proof’s own implementation of the scripts was not practically > relevant in my commercially > successful deployments, because of the use of a border router, but it helped > development, > enabling easier debug and precise error feedback esp. end even after Core > had a reject message. In fact I have been accused in the past (by at least Peter Todd) of having "too many cases in mind" or "doing refactors that are good for altchains". That's why I'm very cautious about proposing changes that are not strict improvments in maintainability to bitcoin itself. But I actually have freicoin, sidechains and private chains (defined in freimarkets, used in elements alpha as "block signing") in mind. Some of the consensus changes I have in mind are support for multiple assets or interest-bearing assets, for example. But if you need to change the consensus rules you need to change the code, there's no way around that. It will be much simpler to only adapt libconsensus to other chains than it is to adapt the whole Bitcoin Core code base. Libconsensus can free you from the need of running "border routers" (which you need to adapt if you depend on them and are supporting chains with different rules). When libconsensus has it's own independent repository, will I fork the project to have a multi-consensus library supporting multiple different chains (apart from bitcoin and its testchains)? Maybe, I'm not sure it makes sense, maybe it's just simpler to maintain a different project for each different chain (ie libfreicoinconsensus, libbetaconsensus, etc). > I integrated libconsensus only for the hope that is significantly fastens > application side tx verification, > which it has turned out it does not, until secp265k1 is integrated. That is very sad to hear. The main reason to integrate libconsensus is to avoid consensus fork bugs (or to not depend on the "border routers" to avoid those bugs). > I would likely use an other extended libconsensus too, but do not think > there was a dependency on > that for enterprise development. > > It would help there more to have a slim protocol server, no wallet, no rpc, > no qt but a high > performance remoting API. That's out of scope for libconsensus which will be stateless and whose only API would be in C. But the refactors in Bitcoin Core will hopefully make it easier to support such a minimal node in it (you know you can "./configure --disable-wallet --without-gui" already, right?, about RPC, that's the remaining API!). > Since you already depend on libconsensus for VerifyScript, wouldn't it > be nice that it also offered VerifyTx, VerifyHeader and VerifyBlock? > You would still have complete control over storage, concurrency, > networking, policy... > My plan is for the C API to interface with the external storage by > passing a function pointer to it. > > > Storage and validation is non-trivially interconnected, but I now the > separation can be done, > since I did it. > > Excuse me, but function pointers is a pattern I used in the 80’s. I know > that they are behind > the curtain of modern abstractions with similar use, I still prefer not to > see them again. Yes, and the wheel it's an invention used in pre-historic times: that doesn't make it less useful. Do you have any other suggestion for interfacing with external storage using a C API? ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-07-23 14:30 [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) Jorge Timón 2015-07-23 14:57 ` Milly Bitcoin 2015-07-28 6:40 ` Eric Voskuil @ 2015-07-28 8:43 ` Wladimir J. van der Laan 2015-07-28 10:09 ` Jorge Timón 2 siblings, 1 reply; 28+ messages in thread From: Wladimir J. van der Laan @ 2015-07-28 8:43 UTC (permalink / raw) To: Jorge Timón; +Cc: bitcoin-dev On Thu, Jul 23, 2015 at 04:30:06PM +0200, Jorge Timón via bitcoin-dev wrote: > I think there were some misunderstandings in our previous conversation > about this topic. > I completely agree with having a separated repository for libconsensus > (that's the whole point, alternative implementations can be > consensus-safe by using it, and in the event of a schism fork[1], they > can fork just that smaller project without having to relay on Bitcoin > Core [satoshi] at all). Indeed. > But I thought you also wanted Bitcoin Core to use libconsensus instead > of just having a subtree/subrepository like it currently does with > libsecp256k1. > I'm not sure if that would ever be accepted, but in any case we're > certainly far away from that goal. Here are some things that need to > happen first: I don't see any reason why Bitcoin Core would not use the consensus library. Eating our own dogfood and such. Biggest risk, as I've said before, is that the refactoring loading to a (more complete) consensus library will result in code that is no longer bug-for-bug compatible with previous versions, thus defeating its entire purpose and introducing fork risk. If that can be avoided - for example by going from here to there using pure code moves, as you're trying to do - I'm all for it. > 2) Finish libconsensus's API: expose more things than VerifyScript, at > the very least, also expose VerifyTx, VerifyHeader and VerifyBlock. > Feedback from alternative implementations like libbitcoin is extremely > valuable here. Some related closed-for-now PRs: Agreed. > 3) Move libconsensus to a separate repository as a > subtree/subrepository of Bitcoin Core. If the rest is done, this is the easy part :) > Unfortunately and ironically again, safer, small and incremental > changes are less interesting for reviewers. > For example, I've been trying to move consensus code to the consensus > folder for a long time. The correctness of a MOVEONLY change is > trivial to review for anyone who knows how to copy/paste in its > favorite editor and how to use git diff, but will I ever get answers > to my questions in [1]? Code review capacity is still our greatest bottleneck. And I don't see any way out of that, unfortunately. > I know there's many people who really care about this, Cory Fields, > Wladimir and Pieter Wuille to name a few have reviewed many of this > changes (I've just got used to publicly whine about lack of review on > this front and policy encapsulation [very related fronts] as an > attempt to get some attention: not always, but begging for review > actually works some times). I do really care about this. Wladimir ^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) 2015-07-28 8:43 ` Wladimir J. van der Laan @ 2015-07-28 10:09 ` Jorge Timón 0 siblings, 0 replies; 28+ messages in thread From: Jorge Timón @ 2015-07-28 10:09 UTC (permalink / raw) To: Wladimir J. van der Laan; +Cc: bitcoin-dev On Tue, Jul 28, 2015 at 10:43 AM, Wladimir J. van der Laan <laanwj@gmail.com> wrote: > On Thu, Jul 23, 2015 at 04:30:06PM +0200, Jorge Timón via bitcoin-dev wrote: >> But I thought you also wanted Bitcoin Core to use libconsensus instead >> of just having a subtree/subrepository like it currently does with >> libsecp256k1. >> I'm not sure if that would ever be accepted, but in any case we're >> certainly far away from that goal. Here are some things that need to >> happen first: > > I don't see any reason why Bitcoin Core would not use the consensus library. Eating our own dogfood and such. As explained to Eric, it's not that I don't want Bitcoin Core to use future-libconsensu through the API instead of a subtree: it's just that that's more long-term and more work. And I don't see why other implementations should really care about it. > Biggest risk, as I've said before, is that the refactoring loading to a (more complete) consensus library will result in code that is no longer bug-for-bug compatible with previous versions, thus defeating its entire purpose and introducing fork risk. > > If that can be avoided - for example by going from here to there using pure code moves, as you're trying to do - I'm all for it. Well, pure movements will not be enough, parameters will have to change, incompatible dependencies have to be removed (ie util.h which contains globals), etc. But yes, I think we can do it with only low-risk and easy-to-review commits. >> 3) Move libconsensus to a separate repository as a >> subtree/subrepository of Bitcoin Core. > > If the rest is done, this is the easy part :) And still, this doesn't require Bitcoin Core to use the API, a subtree is enough at first. This "easy step" doesn't guarantee that Bitcoin Core is using future-libconsensus' API. > Code review capacity is still our greatest bottleneck. > And I don't see any way out of that, unfortunately. I really think these code separations help with this (ie there are many more people in the world with enough knowledge to review the qt or even policy parts than there's people able to review consensus changes). > I do really care about this. I know and I said so. ^ permalink raw reply [flat|nested] 28+ messages in thread
end of thread, other threads:[~2015-08-29 23:30 UTC | newest] Thread overview: 28+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-07-23 14:30 [bitcoin-dev] Libconsensus separated repository (was Bitcoin Core and hard forks) Jorge Timón 2015-07-23 14:57 ` Milly Bitcoin 2015-07-23 21:02 ` Jorge Timón 2015-07-23 21:30 ` Milly Bitcoin 2015-07-28 6:40 ` Eric Voskuil 2015-07-28 8:47 ` Wladimir J. van der Laan 2015-07-28 9:58 ` Jorge Timón 2015-07-29 20:38 ` Eric Voskuil 2015-07-29 21:46 ` Jorge Timón 2015-08-20 0:53 ` Jorge Timón 2015-08-20 7:14 ` Tamas Blummer 2015-08-20 8:06 ` Jorge Timón 2015-08-20 8:35 ` Tamas Blummer 2015-08-20 17:44 ` Matt Corallo 2015-08-20 21:26 ` Tamas Blummer 2015-08-20 21:35 ` Matt Corallo 2015-08-21 6:46 ` Tamas Blummer 2015-08-21 19:46 ` Jorge Timón 2015-08-21 20:07 ` Eric Lombrozo 2015-08-22 11:04 ` Tamas Blummer 2015-08-23 1:23 ` Eric Lombrozo 2015-08-23 2:19 ` Eric Lombrozo 2015-08-23 6:42 ` Tamas Blummer 2015-08-29 23:30 ` Jorge Timón 2015-08-29 23:25 ` Jorge Timón 2015-08-29 22:08 ` Jorge Timón 2015-07-28 8:43 ` Wladimir J. van der Laan 2015-07-28 10:09 ` Jorge Timón
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox