ci, iwyu: Fix warnings in src/kernel and treat them as errors

[hebasto]

Now seems like a good time to update the includes in src/kernel.

[DrahtBot]

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33779.

Reviews

See the guideline for information on the review process.

Type	Reviewers
ACK	maflcko
Stale ACK	l0rinc, willcl-ark, purpleKarrot

If your review is incorrectly listed, please copy-paste <!--meta-tag:bot-skip--> into the comment that the bot should ignore.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• #34296 (refactor: [move-only] Merge core_io module, remove from libkernel by maflcko)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

[hebasto]

There are no conflicts with other contributors' PRs.

Friendly ping @l0rinc @maflcko @ryanofsky @willcl-ark who reviewed #31308, and @TheCharlatan, the kernel expert :)

[l0rinc]

code review ACK a8a33bc

[willcl-ark]

ACK a8a33bc

Indeed a good time to get this change in :)

[maflcko]

review ACK a8a33bc 🐮

Show signature

Signature:

untrusted comment: signature from minisign secret key on empty file; verify via: minisign -Vm "${path_to_any_empty_file}" -P RWTRmVTMeKV5noAMqVlsMugDDCyyTSbA3Re5AkUrhvLVln0tSaFWglOw -x "${path_to_this_whole_four_line_signature_blob}"
RUTRmVTMeKV5npGrKx1nqXCw5zeVHdtdYURB/KlyA/LMFgpNCs+SkW9a8N95d+U4AP1RJMi+krxU1A3Yux4bpwZNLvVBKy0wLgM=
trusted comment: review ACK a8a33bc0c0a11093418debc36db8ac63bf90e687 🐮
G2GSehSG/6BqX/m6sCiIHGIarE7ISW3dV0VxpX5fcM2EJ8hZOVOcNXSZRr7oRnrNufO91NK8KYEdhrrIaMbJAg==

[sedited]

I tried to reproduce what the CI is doing locally. Having to run the full CI either on push or locally just to fix the includes is not ideal. The following command seems to produce different results:

/home/user/Downloads/include-what-you-use/iwyu_tool.py -p /home/user/bitcoin/build_dev_mode_clang/compile_commands.json src/kernel/chainparams.cpp -- -Xiwyu --cxx17ns -Xiwyu --mapping_file=/home/user/bitcoin/contrib/devtools/iwyu/bitcoin.core.imp -Xiwyu --max_line_length=160

(/home/user/bitcoin/src/kernel/chainparams.h has correct #includes/fwd-decls)

/home/user/bitcoin/src/kernel/chainparams.cpp should add these lines:
#include <functional>                  // for identity, equal_to

The compile commands are configured for clang-21 and I'm using iwyu v0.25. It also seems like we are not configuring yet
for the kernel library headers and implementations.

[maflcko]

different results:

I wonder if it comes from different libstdc++ header versions used. Generally, I could imagine it being difficult to achieve fully reproducible and consistent results across all build configurations. If relying on the CI (locally or remote) is too tedious, then it probably doesn't make sense to treat iwuy suggestions as errors.

Possibly we could spin up a separate CDash to track them externally (outside this project) as warnings or errors? cc @willcl-ark @purpleKarrot

[willcl-ark]

Having to run the full CI either on push or locally just to fix the includes is not ideal.

Something I was thinking about while review the first part of this PR was whether using CMake's CXX_INCLUDE_WHAT_YOU_USE ${iwyu_path} to run this as another configuration "natively" with cmake. The issue here is it's project-wide, and you have to set SKIP_LINTING on those files you don't want it run on. Then we could perhaps provide a preset to run iwyu or something.

I tried implementing that but either must be set per file (verbose) or on a per-target basis, and the resulting cmake ended up being messier than the jq filtering we do currently, so I gave up experimenting with that.

It also probably wouldn't help the repro issues @TheCharlatan notes.

Possibly we could spin up a separate CDash to track them externally (outside this project) as warnings or errors

Would be possible relatively easily, I think, if there's interest.

[maflcko]

Possibly we could spin up a separate CDash to track them externally (outside this project) as warnings or errors

Would be possible relatively easily, I think, if there's interest.

Nice. I was thinking that maybe the CI in this repo could have an auth token to push the iwyu for all builds to the dashboard. This way, it could be easier to check the warnings/error for each pull request, without it being a merge blocker. Also, there could be regular "fix iwyu" pull requests to bring the warnings/errors down, with an easy way to check via the dashboard as well.

[fanquake]

Would be possible relatively easily, I think, if there's interest.

I'm wondering what problem we are trying to solve. Externalizing this would just lead to random PRs to this repo, to "fix" includes, which can't be verified here? If developers aren't actively engaged in actually maintaining includes and no CI will ever fail, that sounds like endless churn. It's also unclear why this needs to be in some other dashboard, if we can have the infra/result determined here already?

[sedited]

Maybe a better approach would be to run the enforced sections in a separate, faster job? Some of the linters are already a bit annoying to invoke locally, so I usually just run the lint job. Doing the same for the includes seems fine to me.

[maflcko]

I'm wondering what problem we are trying to solve.

I think the problem is that it is inherently impossible to reproduce an iwyu run locally without the exact CI config. Maybe this is fine, and nothing needs to be fixed. Though, if devs think that relying exactly on the CI is too tedious, then a dashboard could seem like a nice solution.

endless churn

I think iwyu will mean churn, regardless of how it is enforced, if it is run on more actively changed modules of the codebase.

I guess this gives a third alternative: Only enforce IWYU pre branch-off, so that there is ideally only a single "fix" pull per release and all released versions are iwyu-clean. Post branch-off the IWYU enforcement could be turned-off, so that developers can just continue to develop normally, like before, without having to worry about tedious IWYU fixups for every single pull request and commit.

Maybe a better approach would be to run the enforced sections in a separate, faster job? Some of the linters are already a bit annoying to invoke locally, so I usually just run the lint job. Doing the same for the includes seems fine to me.

Looking at the runtimes here, it seems iwyu takes 9 minutes alone, so with the configure overhead, it will likely be hard to get under 10 minutes. It is less than the 19 minutes the full task takes with clang-tidy, but there is probably a limit to how fast it can be made.

[purpleKarrot]

Maybe a better approach would be to run the enforced sections in a separate, faster job?

With such a job, it is possible to copy the output and pipe it through fix_includes.py locally. Full reproducibility is nice to have (and can be achieved with a dev container that contains all the necessary tools in the right version), but for a development workflow it is also possible to ignore IWYU (just rely on clangd's recommendations to add/remove includes) and then fix deviations using the described approach when the PR job fails.

[purpleKarrot]

ACK a8a33bc

[maflcko]

With such a job, it is possible to copy the output and pipe it through fix_includes.py locally.

For reference, if devs want to copy the output, the job already has the full diff, ready to apply. So there is no need to take an extra step. Example https://github.com/bitcoin/bitcoin/actions/runs/19076699870/job/54494252522?pr=33779#step:9:41045:

IWYU edited 873 files on your behalf.

+ git --no-pager diff
diff --git a/src/addrdb.cpp b/src/addrdb.cpp
index 129bbf2..5ecfbf6 100644
--- a/src/addrdb.cpp
+++ b/src/addrdb.cpp
@@ -4,20 +4,14 @@
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <bitcoin-build-config.h> // IWYU pragma: keep
-
 #include <addrdb.h>
-
 #include <addrman.h>
 #include <chainparams.h>
-#include <clientversion.h>
 #include <common/args.h>
 #include <common/settings.h>
-#include <cstdint>
 #include <hash.h>
 #include <logging.h>
 #include <logging/timer.h>
-#include <netbase.h>
-#include <netgroup.h>
 #include <random.h>
 #include <streams.h>
 #include <tinyformat.h>
@@ -26,6 +20,23 @@
 #include <util/fs_helpers.h>
 #include <util/syserror.h>
 #include <util/translation.h>
+#include <errno.h>
+#include <stdio.h>
+#include <cstdint>
+#include <algorithm>
+#include <array>
+#include <exception>
+#include <map>
+#include <span>
+#include <stdexcept>
+#include <string>
+
+#include "net_types.h"
+#include "protocol.h"
+#include "serialize.h"
+#include "uint256.h"
+#include "util/result.h"
+#include "util/time.h"
 
 namespace {

[hebasto]

Having to run the full CI either on push or locally just to fix the includes is not ideal.

Something I was thinking about while review the first part of this PR was whether using CMake's CXX_INCLUDE_WHAT_YOU_USE ${iwyu_path} to run this as another configuration "natively" with cmake. The issue here is it's project-wide, and you have to set SKIP_LINTING on those files you don't want it run on. Then we could perhaps provide a preset to run iwyu or something.

A separate job running IWYU on a compilation database could be quite fast, as we’d only need to build the codegen target (though it requires a fix for the Qt code). That’s a plan for the future.

[fanquake]

For reference, if devs want to copy the output, the job already has the full diff, ready to apply.

I don't think this diff is "ready to apply"? Headers like errno.h are wrong, and should be <cerrno> (this is enforced by modernize-deprecated-headers in the tidy job)? Includes like #include "net_types.h" are also wrong, and should be #include <net_types.h>?

Given that developers working on this code, have said that this change will likely make development more difficult, should be reason enough to fix the developer workflows/tooling (or at least decide on a the fix) before doing anything here; especially given that the value add of "fixing includes" is trending towards 0, compared to developers actually getting work done/wasting time fighting with CIs. This problem will only grow as this starts to cover more of the codebase, and effect more devs, so it seems like a good time to figure out a solution.

Currently solutions include:

• Add a new dashboard somewhere. This needs to be created, and maintained (externally) by someone, and doesn't seem to solve the problem of developers being able to easily run the same checks locally. Its not clear if that dashboard would post immediately applyable diffs to PRs (updated on every push), when CI turns red here, or developers would need to check the dashboard to find the diff to fix their PR?
• Add a new (faster) CI job here. If the code for this CI job can be easily ran locally (like the lint job), and produce a diff that can be immediately applied (see above for why current output does not seem to be that) then this could be a good solution, assuming the diff is easily surfaced.
• Leave things as they are. Developers can open a PR, and see if the CI turns green. If not, they can scroll through ~68'000 lines of CI output, to extract a diff, potentially (see above) modify the diff so it can be applied, then push again.

[maflcko]

Leave things as they are. Developers can open a PR, and see if the CI turns green. If not, they can scroll through ~68'000 lines of CI output, to extract a diff, potentially (see above) modify the diff so it can be applied, then push again.

The massive output is just the iwyu warning/debug output. On real pull requests that run into errors, the diff should be smaller. (Should be easy to test by pushing this pr's ci changes without the code changes)

I don't think this diff is "ready to apply"? Headers like errno.h are wrong, and should be <cerrno> (this is enforced by modernize-deprecated-headers in the tidy job)? Includes like #include "net_types.h" are also wrong, and should be #include <net_types.h>?

Yeah, good points. The sorting is also wrong, which may be good to fix in iwyu, or in clang-format (c.f. #32813 (comment))

[hebasto]

Maybe a better approach would be to run the enforced sections in a separate, faster job? Some of the linters are already a bit annoying to invoke locally, so I usually just run the lint job. Doing the same for the includes seems fine to me.

Done in #33810.

[fanquake]

Moved this to draft while we first figure out #33810.

[DrahtBot]

🚧 At least one of the CI tasks failed.
_{Task lint: https://github.com/bitcoin/bitcoin/actions/runs/20272513332/job/58211985526
LLM reason (✨ experimental): Lint failure: includes use quotes instead of brackets, triggering lint-includes.py and non-zero exit from the linter.}

Hints

Try to run the tests locally, according to the documentation. However, a CI failure may still
happen due to a number of reasons, for example:

• Possibly due to a silent merge conflict (the changes in this pull request being
  incompatible with the current code in the target branch). If so, make sure to rebase on the latest
  commit of the target branch.

• A sanitizer issue, which can only be found by compiling with the sanitizer and running the
  affected test.

• An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

[maflcko]

It could make sense to go with #33810 first, but this lgtm:

re-ACK d5a62a2 🚢

Show signature

Signature:

untrusted comment: signature from minisign secret key on empty file; verify via: minisign -Vm "${path_to_any_empty_file}" -P RWTRmVTMeKV5noAMqVlsMugDDCyyTSbA3Re5AkUrhvLVln0tSaFWglOw -x "${path_to_this_whole_four_line_signature_blob}"
RUTRmVTMeKV5npGrKx1nqXCw5zeVHdtdYURB/KlyA/LMFgpNCs+SkW9a8N95d+U4AP1RJMi+krxU1A3Yux4bpwZNLvVBKy0wLgM=
trusted comment: re-ACK d5a62a288fba2b1d69325623e0640d1f33af58b8 🚢
Ja6xcEDdUUI3zhnDduwv6nFpS5ep2ifXdFKsXJYkTEoXQYxqD06sAuO1NSTf57ZiwYCuG9ru6rhBsMLBhgWgDw==

[hebasto]

Rebased and undrafted.

[fanquake]

Has #34079 (comment) been reported upstream?

[hebasto]

Has #34079 (comment) been reported upstream?

While working on reducing the code, I arrived at a different conclusion.

UPDATE: See include-what-you-use/include-what-you-use#1886.

[maflcko]

8f2ac6f 🍯

Show signature

Signature:

untrusted comment: signature from minisign secret key on empty file; verify via: minisign -Vm "${path_to_any_empty_file}" -P RWTRmVTMeKV5noAMqVlsMugDDCyyTSbA3Re5AkUrhvLVln0tSaFWglOw -x "${path_to_this_whole_four_line_signature_blob}"
RUTRmVTMeKV5npGrKx1nqXCw5zeVHdtdYURB/KlyA/LMFgpNCs+SkW9a8N95d+U4AP1RJMi+krxU1A3Yux4bpwZNLvVBKy0wLgM=
trusted comment: 8f2ac6f7efb7e5963436fd59462631888fe8afa3 🍯
WmSu1uh1MmK1km0uU7PCiDe6qvuFJn6vQDZuhXR2o2ovMY3KpXg9izWY29/uzlAXLHeJ1ebkkWztDy/jzhiyBg==

[maflcko]

not sure about this. I don't think we should be adding c++ code as an rough alternative to IWYU pragma export. Also, I am starting to think we should get rid of the pragma export to reduce the list of includes, because it doesn't interact well with letting iwyu minimize the include list.

[hebasto]

not sure about this. I don't think we should be adding c++ code as an rough alternative to IWYU pragma export.

Not needing IWYU pragma: export is just a nice side effect. The actual goal of this change is to enforce explicit conversions and make the translation module self-contained.

[maflcko]

I don't think it is maintainable to add a redundant string literal overload for every function in the whole codebase that accepts a std::string as any arg.

[hebasto]

I agree that the current approach is not ideal.

A better alternative for this specific case would be switching the parameter type to std::string_view. This solves the efficiency and IWYU issues without requiring a separate overload. WDYT?

Regarding the rest of the codebase, it might be best to evaluate cases individually. There are some tricky spots, such as using Assume() inside a macro, that might not fit a 'one size fits all' rule.

[maflcko]

A better alternative for this specific case would be switching the parameter type to std::string_view. This solves the efficiency and IWYU issues without requiring a separate overload. WDYT?

I don't see an efficiency problem here, and i fail to see how either this patch, or string_view would solve it.

If you wanted to make it more efficient, you could write:

inline bilingual_str Untranslated(std::string original) { return {original, std::move(original)}; }

However, I am not sure if this is worth it.

[hebasto]

I don't see an efficiency problem here, and i fail to see how either this patch, or string_view would solve it.

I'm not saying that there is a problem that should be solved on its own. But wouldn't that patch reduce the total number of heap allocations where SSO is not involved?

[purpleKarrot]

The use of IWYU pragma export should be limited to cases where you don't want clients to import headers that you consider implementation details, like when you have thousand lines of templated code that you split across multiple files for better maintainability.

<string> is definitely a public header and including the header should be the only way to get std::string. Hence, #include <string> // IWYU pragma export is always wrong and should be verboten.

Whether it is worth avoiding #include <string> where std::string is only used indirectly, is debatable. I would just keep it simple. IWYU is not perfect and we have unnecessary includes anyway where allocators and type traits are used indirectly. I would just drop cd95fbd.

[maflcko]

I guess I agree on the pragma export. If someone wanted to revert that, the diff would be:

diff --git a/src/util/strencodings.h b/src/util/strencodings.h
index 0106385804..b070e5b8c4 100644
--- a/src/util/strencodings.h
+++ b/src/util/strencodings.h
@@ -9,7 +9,7 @@
 #ifndef BITCOIN_UTIL_STRENCODINGS_H
 #define BITCOIN_UTIL_STRENCODINGS_H
 
-#include <crypto/hex_base.h> // IWYU pragma: export
+#include <crypto/hex_base.h>
 #include <span.h>
 #include <util/string.h>
 
@@ -20,8 +20,8 @@
 #include <cstdint>
 #include <limits>
 #include <optional>
-#include <string>      // IWYU pragma: export
-#include <string_view> // IWYU pragma: export
+#include <string>
+#include <string_view>
 #include <system_error>
 #include <type_traits>
 #include <vector>
diff --git a/src/util/string.h b/src/util/string.h
index 330c2a2a61..2578e530af 100644
--- a/src/util/string.h
+++ b/src/util/string.h
@@ -12,8 +12,8 @@
 #include <cstring>
 #include <locale>
 #include <sstream>
-#include <string>      // IWYU pragma: export
-#include <string_view> // IWYU pragma: export
+#include <string>
+#include <string_view>
 #include <vector>
 
 namespace util {

(and then fixup the iwyu complaints)

[hebasto]

@purpleKarrot @maflcko

Thank you for sharing your thoughts!

The use of IWYU pragma export should be limited...

I guess I agree on the pragma export.

Please see #34319.

[hebasto]

I would just drop cd95fbd.

Thanks! Done.

[hebasto]

Rebased. The recent feedback from @purpleKarrot and @maflcko has been addressed.

[maflcko]

review ACK a5a8c41 🍱

Show signature

Signature:

untrusted comment: signature from minisign secret key on empty file; verify via: minisign -Vm "${path_to_any_empty_file}" -P RWTRmVTMeKV5noAMqVlsMugDDCyyTSbA3Re5AkUrhvLVln0tSaFWglOw -x "${path_to_this_whole_four_line_signature_blob}"
RUTRmVTMeKV5npGrKx1nqXCw5zeVHdtdYURB/KlyA/LMFgpNCs+SkW9a8N95d+U4AP1RJMi+krxU1A3Yux4bpwZNLvVBKy0wLgM=
trusted comment: review ACK a5a8c4139c811e697b3c0b4d87737e04b60c53c8 🍱
cUKn0ukCK/Ijewc2lV3kMxUywuKELK0OdeBgoezaO9HRXzKWjlU9p9f0gf793w9ZpPe0+tcjayiUVAreTd6PCw==