Satisfy linter

This mostly relates to integer conversions.
In the most cases, the conversions are safe and thus disabled.

Signed-off-by: Matej Pavlovic <[email protected]>

Author: matejpavlovic

cmd/mircat/debug.go

@@ -111,7 +111,7 @@ func debug(args *arguments) error {
 			for _, event := range entry.Events {
 
 				// Set the index of the event in the event log.
-				metadata.index = uint64(index)
+				metadata.index = uint64(index) //nolint:gosec
 
 				// If the event was selected by the user for inspection, pause before submitting it to the node.
 				// The processing continues after the user's interactive confirmation.
@@ -200,9 +200,6 @@ func debuggerNode(id stdtypes.NodeID, membership *trantorpbtypes.Membership) (*m
 		"iss":   protocol,
 		"timer": timer.New(),
 	}
-	if err != nil {
-		panic(fmt.Errorf("error initializing the Mir modules: %w", err))
-	}
 
 	node, err := mir.NewNode(id, mir.DefaultNodeConfig().WithLogger(logger), nodeModules, nil)
 	if err != nil {

cmd/mircat/display.go

@@ -69,7 +69,7 @@ func displayEvents(args *arguments) error { //nolint:gocognit
 			}
 			// getting events from entry
 			for _, event := range entry.Events {
-				metadata.index = uint64(index)
+				metadata.index = uint64(index) //nolint:gosec
 
 				_, validEvent := args.selectedEventNames[eventName(event)]
 				_, validDest := args.selectedEventDests[event.DestModule]

node_test.go

@@ -3,6 +3,7 @@ package mir
 import (
 	"context"
 	"fmt"
+	"math"
 	"sync"
 	"sync/atomic"
 	"testing"
@@ -140,7 +141,7 @@ func TestNode_Backpressure(t *testing.T) {
 	nodeConfig.Stats.Period = 100 * time.Millisecond
 
 	// Set an input event rate that would fill the node's event buffers in one second in 10 batches.
-	blabberModule := newBlabber(uint64(nodeConfig.PauseInputThreshold/10), 100*time.Millisecond)
+	blabberModule := newBlabber(uint64(nodeConfig.PauseInputThreshold/10), 100*time.Millisecond) //nolint:gosec
 
 	// Set the event consumption rate to 1/2 of the input rate (i.e., draining the buffer in 2 seconds)
 	// and create the consumer module.
@@ -181,8 +182,8 @@ func TestNode_Backpressure(t *testing.T) {
 	fmt.Printf("Total submitted events: %d\n", atomic.LoadUint64(&blabberModule.totalSubmitted))
 	totalSubmitted := atomic.LoadUint64(&blabberModule.totalSubmitted)
 	expectSubmitted := atomic.LoadUint64(&consumerModule.numProcessed) +
-		uint64(nodeConfig.PauseInputThreshold) + // Events left in the buffer
-		uint64(nodeConfig.MaxEventBatchSize) + // Events in the consumer's processing queue
+		uint64(nodeConfig.PauseInputThreshold) + //nolint:gosec // Events left in the buffer
+		uint64(nodeConfig.MaxEventBatchSize) + //nolint:gosec // Events in the consumer's processing queue
 		2*blabberModule.batchSize // one batch of overshooting, one batch waiting in the babbler's output channel.
 	assert.LessOrEqual(t, totalSubmitted, expectSubmitted, "too many events submitted (node event buffer overflow)")
 }
@@ -223,9 +224,12 @@ func (b *blabber) Go() {
 				return
 			default:
 			}
+			if b.batchSize > math.MaxInt {
+				panic("batch size too big for int")
+			}
 			evts := stdtypes.ListOf(sliceutil.Repeat(
 				stdtypes.Event(stdevents.NewTestUint64("consumer", 0)),
-				int(b.batchSize),
+				int(b.batchSize), //nolint:gosec
 			)...)
 			select {
 			case <-b.stop:

pkg/availability/multisigcollector/multisigcollector.go

@@ -1,6 +1,7 @@
 package multisigcollector
 
 import (
+	"fmt"
 	"math"
 
 	"google.golang.org/protobuf/proto"
@@ -69,12 +70,17 @@ func NewReconfigurableModule(mc ModuleConfig, paramsTemplate ModuleParams, logge
 				submc := mc
 				submc.Self = mscID
 
+				// Check for integer overflow
+				if mscParams.MaxRequests > math.MaxInt {
+					return nil, fmt.Errorf("max requests too high for int type: %d", mscParams.MaxRequests)
+				}
+
 				// Fill in instance-specific parameters.
 				moduleParams := paramsTemplate
 				moduleParams.InstanceUID = []byte(mscID)
 				moduleParams.EpochNr = mscParams.Epoch
 				moduleParams.Membership = mscParams.Membership
-				moduleParams.MaxRequests = int(mscParams.MaxRequests)
+				moduleParams.MaxRequests = int(mscParams.MaxRequests) //nolint:gosec
 				// TODO: Use InstanceUIDs properly.
 				//       (E.g., concatenate this with the instantiating protocol's InstanceUID when introduced.)
 

pkg/checkpoint/chkpvalidator/conservativecv.go

@@ -1,15 +1,16 @@
 package chkpvalidator
 
 import (
-	es "github.com/go-errors/errors"
+	"math"
 
-	t "github.com/filecoin-project/mir/stdtypes"
+	es "github.com/go-errors/errors"
 
 	"github.com/filecoin-project/mir/pkg/checkpoint"
 	"github.com/filecoin-project/mir/pkg/crypto"
 	checkpointpbtypes "github.com/filecoin-project/mir/pkg/pb/checkpointpb/types"
 	trantorpbtypes "github.com/filecoin-project/mir/pkg/pb/trantorpb/types"
 	tt "github.com/filecoin-project/mir/pkg/trantor/types"
+	t "github.com/filecoin-project/mir/stdtypes"
 )
 
 type ConservativeCV struct {
@@ -55,14 +56,25 @@ func (ccv *ConservativeCV) Verify(
 		return es.Errorf("nodeID not in membership")
 	}
 
+	// Check if epoch is in integer bounds.
+	if sc.Epoch() > math.MaxInt || epochNr > math.MaxInt {
+		return es.Errorf("epoch number out of integer range")
+	}
+
 	// Check how far the received stable checkpoint is ahead of the local node's state.
-	chkpMembershipOffset := int(sc.Epoch()) - 1 - int(epochNr)
+	// Integer casting required here to prevent underflow.
+	chkpMembershipOffset := int(sc.Epoch()) - 1 - int(epochNr) //nolint:gosec
 	if chkpMembershipOffset <= 0 {
 		// Ignore stable checkpoints that are not far enough
 		// ahead of the current state of the local node.
 		return es.Errorf("checkpoint not far ahead enough")
 	}
 
+	// Make sure ccv.configOffset is non-negative before conversion
+	if ccv.configOffset < 0 {
+		return es.Errorf("configOffset cannot be negative")
+	}
+
 	if chkpMembershipOffset > ccv.configOffset {
 		// cannot verify checkpoint signatures, too far ahead
 		return es.Errorf("checkpoint too far ahead")

pkg/checkpoint/chkpvalidator/permissivecv.go

@@ -1,17 +1,17 @@
 package chkpvalidator
 
 import (
-	es "github.com/go-errors/errors"
-
-	t "github.com/filecoin-project/mir/stdtypes"
+	"math"
 
-	"github.com/filecoin-project/mir/pkg/logging"
+	es "github.com/go-errors/errors"
 
 	"github.com/filecoin-project/mir/pkg/checkpoint"
 	"github.com/filecoin-project/mir/pkg/crypto"
+	"github.com/filecoin-project/mir/pkg/logging"
 	checkpointpbtypes "github.com/filecoin-project/mir/pkg/pb/checkpointpb/types"
 	trantorpbtypes "github.com/filecoin-project/mir/pkg/pb/trantorpb/types"
 	tt "github.com/filecoin-project/mir/pkg/trantor/types"
+	t "github.com/filecoin-project/mir/stdtypes"
 )
 
 type PermissiveCV struct {
@@ -50,13 +50,19 @@ func (pcv *PermissiveCV) Verify(chkp *checkpointpbtypes.StableCheckpoint, epochN
 		return es.Errorf("nodeID not in membership")
 	}
 
+	// Check if epoch is in integer bounds.
+	if sc.Epoch() > math.MaxInt || epochNr > math.MaxInt {
+		return es.Errorf("epoch number out of integer range")
+	}
+
 	// ATTENTION: We are using the membership contained in the checkpoint itself
 	// as the one to verify its certificate against.
 	// This is a vulnerability, since any the state of any node can be corrupted
 	// simply by receiving a maliciously crafted checkpoint.
 	// Thus, the permissive checker is a form of a stub and should not be used in production.
 	chkpMembership := sc.PreviousMembership()
-	chkpMembershipOffset := int(sc.Epoch()) - 1 - int(epochNr)
+	// Integer casting required here to prevent underflow.
+	chkpMembershipOffset := int(sc.Epoch()) - 1 - int(epochNr) //nolint:gosec
 
 	if chkpMembershipOffset > pcv.configOffset {
 		// cannot verify checkpoint signatures, too far ahead

pkg/deploytest/deployment.go

@@ -179,8 +179,8 @@ func (d *Deployment) Run(ctx context.Context) (nodeErrors []error, heapObjects i
 		<-ctx.Done()
 		runtime.GC()
 		runtime.ReadMemStats(&m2)
-		heapObjects = int64(m2.HeapObjects - m1.HeapObjects)
-		heapAlloc = int64(m2.HeapAlloc - m1.HeapAlloc)
+		heapObjects = int64(m2.HeapObjects - m1.HeapObjects) //nolint:gosec
+		heapAlloc = int64(m2.HeapAlloc - m1.HeapAlloc)       //nolint:gosec
 		cancel()
 	}()
 

pkg/deploytest/testreplica.go

@@ -183,7 +183,7 @@ func (tr *TestReplica) submitFakeTransactions(ctx context.Context, node *mir.Nod
 				destModule,
 				[]*trantorpbtypes.Transaction{{
 					ClientId: tt.NewClientIDFromInt(0),
-					TxNo:     tt.TxNo(i),
+					TxNo:     tt.TxNo(i), //nolint:gosec
 					Data:     []byte(fmt.Sprintf("Transaction %d", i)),
 				}},
 			).Pb())

pkg/dsl/test/dslmodule_test.go

@@ -278,7 +278,7 @@ func newContextTestingModule(mc *contextTestingModuleModuleConfig) dsl.Module {
 
 			// NB: avoid using primitive types as the context in the actual implementation, prefer named structs,
 			//     remember that the context type is used to match requests with responses.
-			cryptopbdsl.VerifySigs(m, mc.Crypto, sliceutil.Repeat(msg, int(u)), signatures, nodeIDs, &u)
+			cryptopbdsl.VerifySigs(m, mc.Crypto, sliceutil.Repeat(msg, int(u)), signatures, nodeIDs, &u) //nolint:gosec
 		}
 		return nil
 	})

pkg/iss/iss.go

@@ -14,6 +14,7 @@ package iss
 import (
 	"encoding/binary"
 	"fmt"
+	"math"
 
 	es "github.com/go-errors/errors"
 	"google.golang.org/protobuf/proto"
@@ -342,7 +343,7 @@ func New(
 
 			// Choose a leader for the new orderer instance.
 			// TODO: Use the corresponding epoch's leader set to pick a leader, instead of just selecting one from all nodes.
-			leader := maputil.GetSortedKeys(membership.Nodes)[int(epoch)%len(membership.Nodes)]
+			leader := maputil.GetSortedKeys(membership.Nodes)[int(epoch)%len(membership.Nodes)] //nolint:gosec
 
 			// Serialize checkpoint, so it can be proposed as a value.
 			stableCheckpoint := checkpointpbtypes.StableCheckpoint{
@@ -408,7 +409,7 @@ func New(
 		// that are not yet part of the system for those checkpoints.
 		var delayed []stdtypes.NodeID
 		for n := range membership.Nodes {
-			if epoch > iss.nodeEpochMap[n]+tt.EpochNr(iss.Params.RetainedEpochs) {
+			if epoch > iss.nodeEpochMap[n]+tt.EpochNr(iss.Params.RetainedEpochs) { //nolint:gosec
 				delayed = append(delayed, n)
 			}
 		}
@@ -438,7 +439,11 @@ func New(
 
 			sc := checkpoint.StableCheckpointFromPb(chkp.Pb())
 			// Check how far the received stable checkpoint is ahead of the local node's state.
-			chkpMembershipOffset := int(sc.Epoch()) - 1 - int(iss.epoch.Nr())
+			if sc.Epoch() > math.MaxInt || iss.epoch.Nr() > math.MaxInt {
+				return es.Errorf("epoch number out of integer range")
+			}
+			// Integer casting required here to prevent underflow.
+			chkpMembershipOffset := int(sc.Epoch()) - 1 - int(iss.epoch.Nr()) //nolint:gosec
 			if chkpMembershipOffset <= 0 {
 				// Ignore stable checkpoints that are not far enough
 				// ahead of the current state of the local node.
@@ -465,7 +470,11 @@ func New(
 		}
 
 		chkp := checkpoint.StableCheckpointFromPb(c.checkpoint.Pb())
-		chkpMembershipOffset := int(chkp.Epoch()) - 1 - int(iss.epoch.Nr())
+		if chkp.Epoch() > math.MaxInt || iss.epoch.Nr() > math.MaxInt {
+			return es.Errorf("epoch number out of integer range")
+		}
+		// Integer casting required here to prevent underflow.
+		chkpMembershipOffset := int(chkp.Epoch()) - 1 - int(iss.epoch.Nr()) //nolint:gosec
 		if chkpMembershipOffset <= 0 {
 			// Ignore stable checkpoints that have been lagged behind
 			// during validation
@@ -564,7 +573,7 @@ func InitialStateSnapshot(
 		return nil, err
 	}
 
-	firstEpochLength := uint64(params.SegmentLength * len(params.InitialMembership.Nodes))
+	firstEpochLength := uint64(params.SegmentLength * len(params.InitialMembership.Nodes)) //nolint:gosec
 	return &trantorpbtypes.StateSnapshot{
 		AppData: appState,
 		EpochData: &trantorpbtypes.EpochData{
@@ -624,7 +633,7 @@ func (iss *ISS) initAvailability() {
 		(*multisigcollector.InstanceParams)(&mscpbtypes.InstanceParams{
 			Epoch:       iss.epoch.Nr(),
 			Membership:  iss.memberships[0],
-			MaxRequests: uint64(iss.Params.SegmentLength),
+			MaxRequests: uint64(iss.Params.SegmentLength), //nolint:gosec
 		}),
 		stdtypes.RetentionIndex(iss.epoch.Nr()),
 	)
@@ -640,12 +649,12 @@ func (iss *ISS) initOrderers() error {
 
 		// Create segment.
 		// The sequence proposals are all set to nil, so that the orderer proposes new availability certificates.
-		proposals := freeProposals(iss.nextDeliveredSN+tt.SeqNr(i), tt.SeqNr(len(leaders)), iss.Params.SegmentLength)
+		proposals := freeProposals(iss.nextDeliveredSN+tt.SeqNr(i), tt.SeqNr(len(leaders)), iss.Params.SegmentLength) //nolint:gosec
 		seg, err := common.NewSegment(leader, iss.epoch.Membership, proposals)
 		if err != nil {
 			return es.Errorf("error creating new segment: %w", err)
 		}
-		iss.newEpochSN += tt.SeqNr(seg.Len())
+		iss.newEpochSN += tt.SeqNr(seg.Len()) //nolint:gosec
 
 		// Instantiate a new PBFT orderer.
 		stddsl.NewSubmodule(iss.m, iss.moduleConfig.Ordering,
@@ -792,7 +801,7 @@ func (iss *ISS) advanceEpoch() error {
 			EpochConfig: &trantorpbtypes.EpochConfig{ // nolint:govet
 				iss.epoch.Nr(),
 				iss.epoch.FirstSN(),
-				uint64(iss.epoch.Len()),
+				uint64(iss.epoch.Len()), //nolint:gosec
 				iss.memberships,
 			},
 		},
@@ -904,8 +913,9 @@ func (iss *ISS) deliverCommonCheckpoint(chkpData []byte) error {
 	// The state to prune is determined according to the retention index
 	// which is derived from the epoch number the new
 	// stable checkpoint is associated with.
-	pruneIndex := int(chkp.Epoch()) - iss.Params.RetainedEpochs
-	if pruneIndex > 0 { // "> 0" and not ">= 0", since only entries strictly smaller than the index are pruned.
+	// Integer casting required here to prevent underflow.
+	pruneIndex := int(chkp.Epoch()) - iss.Params.RetainedEpochs //nolint:gosec
+	if pruneIndex > 0 {                                         // "> 0" and not ">= 0", since only entries strictly smaller than the index are pruned.
 
 		// Prune timer, checkpointing, availability, orderers, and other modules.
 		stddsl.GarbageCollect(iss.m, iss.moduleConfig.Timer, stdtypes.RetentionIndex(pruneIndex))
@@ -917,7 +927,7 @@ func (iss *ISS) deliverCommonCheckpoint(chkpData []byte) error {
 
 		// Prune epoch state.
 		for epoch := range iss.epochs {
-			if epoch < tt.EpochNr(pruneIndex) {
+			if epoch < tt.EpochNr(pruneIndex) { //nolint:gosec
 				delete(iss.epochs, epoch)
 			}
 		}
@@ -931,7 +941,7 @@ func (iss *ISS) deliverCommonCheckpoint(chkpData []byte) error {
 			// Note that we are not using the current epoch number here, because it is not relevant for checkpoints.
 			// Using pruneIndex makes sure that the re-transmission is stopped
 			// on every stable checkpoint (when another one is started).
-			stdtypes.RetentionIndex(pruneIndex),
+			stdtypes.RetentionIndex(pruneIndex), //nolint:gosec
 			isspbevents.PushCheckpoint(iss.moduleConfig.Self).Pb(),
 		)