From da51b5e4d216a2eff0e93d31c93434f3eac02f60 Mon Sep 17 00:00:00 2001 From: Hodlinator <172445034+hodlinator@users.noreply.github.com> Date: Mon, 2 Feb 2026 11:45:01 +0100 Subject: [PATCH 1/4] refactor(miniscript): Move keys to avoid copy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As done in other ctors. Co-authored-by: Lőrinc --- src/script/miniscript.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/script/miniscript.h b/src/script/miniscript.h index 1b7e84f471d..a65900c7840 100644 --- a/src/script/miniscript.h +++ b/src/script/miniscript.h @@ -607,7 +607,7 @@ private: // This is kept private as no valid fragment has all of these arguments. // Only used by Clone() Node(internal::NoDupCheck, MiniscriptContext script_ctx, enum Fragment nt, std::vector sub, std::vector key, std::vector arg, uint32_t val) - : fragment(nt), k(val), keys(key), data(std::move(arg)), subs(std::move(sub)), m_script_ctx{script_ctx}, ops(CalcOps()), ss(CalcStackSize()), ws(CalcWitnessSize()), typ(CalcType()), scriptlen(CalcScriptLen()) {} + : fragment(nt), k(val), keys(std::move(key)), data(std::move(arg)), subs(std::move(sub)), m_script_ctx{script_ctx}, ops(CalcOps()), ss(CalcStackSize()), ws(CalcWitnessSize()), typ(CalcType()), scriptlen(CalcScriptLen()) {} //! Compute the length of the script for this miniscript (including children). size_t CalcScriptLen() const From fd7c494c6bfa01a5582d60d234725c564507e9fa Mon Sep 17 00:00:00 2001 From: Hodlinator <172445034+hodlinator@users.noreply.github.com> Date: Thu, 5 Feb 2026 13:00:38 +0100 Subject: [PATCH 2/4] doc(miniscript): Explain why we operate on vectors Explains the reason behind 198bbaee4959119a63b4038cd0dbb519f4daf6f0 where we had earlier switched from operating on unique_ptr to plain Node. --- src/script/miniscript.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/script/miniscript.h b/src/script/miniscript.h index a65900c7840..4f0cf654351 100644 --- a/src/script/miniscript.h +++ b/src/script/miniscript.h @@ -552,6 +552,9 @@ public: // Destroy the subexpressions iteratively after moving out their // subexpressions to avoid a stack-overflow due to recursive calls to // the subs' destructors. + // We move vectors in order to only update array-pointers inside them + // rather than moving individual Node instances which would involve + // moving/copying each Node field. std::vector> queue; queue.push_back(std::move(subs)); do { From 5af5e87646ec436bd4c86a62f70c376edb309ea9 Mon Sep 17 00:00:00 2001 From: Hodlinator <172445034+hodlinator@users.noreply.github.com> Date: Wed, 4 Feb 2026 22:28:25 +0100 Subject: [PATCH 3/4] test(miniscript): Make tested script valid Also give more appropriate name to test. Co-authored-by: Antoine Poinsot --- src/test/miniscript_tests.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/test/miniscript_tests.cpp b/src/test/miniscript_tests.cpp index 757f89b63bc..2bb96144b0a 100644 --- a/src/test/miniscript_tests.cpp +++ b/src/test/miniscript_tests.cpp @@ -728,18 +728,18 @@ BOOST_AUTO_TEST_CASE(fixed_tests) } // Confirm that ~Node(), Node::Clone() and operator=(Node&&) are stack-safe. -BOOST_AUTO_TEST_CASE(node_deep_destruct) +BOOST_AUTO_TEST_CASE(node_stress_stack) { using miniscript::internal::NoDupCheck; using miniscript::Fragment; using NodeU32 = miniscript::Node; - constexpr auto ctx{miniscript::MiniscriptContext::P2WSH}; - + constexpr auto ctx{miniscript::MiniscriptContext::TAPSCRIPT}; NodeU32 root{NoDupCheck{}, ctx, Fragment::JUST_1}; for (uint32_t i{0}; i < 200'000; ++i) { - root = NodeU32{NoDupCheck{}, ctx, Fragment::WRAP_S, Vector(std::move(root))}; + root = NodeU32{NoDupCheck{}, ctx, Fragment::WRAP_N, Vector(std::move(root))}; } + BOOST_CHECK(root.IsValid()); BOOST_CHECK_EQUAL(root.ScriptSize(), 200'001); auto clone{root.Clone()}; From 39e3295c71035b960bc9c5d0eeeaed3e06e9d1a6 Mon Sep 17 00:00:00 2001 From: Hodlinator <172445034+hodlinator@users.noreply.github.com> Date: Thu, 5 Feb 2026 12:02:15 +0100 Subject: [PATCH 4/4] test(miniscript): Check for depth rather than script size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI failure due to default ~Node() implementation has been confirmed on Windows native, MacOS native, 32-bit ARM, ASan+LSan+UBSan+integer, i686, TSan, MSan. (Not on Alpine as that runs without CI_LIMIT_STACK_SIZE). Co-authored-by: Antoine Poinsot Co-authored-by: Lőrinc --- src/test/miniscript_tests.cpp | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/src/test/miniscript_tests.cpp b/src/test/miniscript_tests.cpp index 2bb96144b0a..b1cfad94fed 100644 --- a/src/test/miniscript_tests.cpp +++ b/src/test/miniscript_tests.cpp @@ -734,18 +734,33 @@ BOOST_AUTO_TEST_CASE(node_stress_stack) using miniscript::Fragment; using NodeU32 = miniscript::Node; + const auto compute_depth{[] (const NodeU32& node) -> size_t { + size_t depth{0}; + for (const auto* n{&node}; !n->Subs().empty(); n = &n->Subs().front()) { + ++depth; + } + return depth; + }}; + constexpr auto ctx{miniscript::MiniscriptContext::TAPSCRIPT}; NodeU32 root{NoDupCheck{}, ctx, Fragment::JUST_1}; - for (uint32_t i{0}; i < 200'000; ++i) { + // Some CI jobs run with CI_LIMIT_STACK_SIZE which reduces the stack size + // via ulimit to 512 kbytes. When tested with ~Node()=default (stack-unsafe) + // implementations the test has been shown to fail for the below depth. + // The test may pass locally despite stack-unsafe implementations unless the + // stack is reduced in a similar way or the depth is temporarily increased. + constexpr size_t depth{200'000}; + for (size_t i{0}; i < depth; ++i) { root = NodeU32{NoDupCheck{}, ctx, Fragment::WRAP_N, Vector(std::move(root))}; } BOOST_CHECK(root.IsValid()); - BOOST_CHECK_EQUAL(root.ScriptSize(), 200'001); + BOOST_CHECK_EQUAL(compute_depth(root), depth); auto clone{root.Clone()}; - BOOST_CHECK_EQUAL(clone.ScriptSize(), root.ScriptSize()); + BOOST_CHECK_EQUAL(compute_depth(clone), depth); clone = std::move(root); + BOOST_CHECK_EQUAL(compute_depth(clone), depth); } BOOST_AUTO_TEST_SUITE_END()