blvm-consensus 0.1.12

Bitcoin Commons BLVM: Direct mathematical implementation of Bitcoin consensus rules from the Orange Paper
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884

//! Signature operation counting functions
//!
//! Implements consensus's sigop counting for block validation.
//! Sigops are counted to enforce MAX_BLOCK_SIGOPS_COST limit (80,000).
//!
//! Reference: consensus `tx_verify.cpp` and `script.cpp`

use crate::error::Result;
use crate::opcodes::*;
use crate::segwit::Witness;
use crate::types::*;
use crate::utxo_overlay::UtxoLookup;
use blvm_spec_lock::spec_locked;

/// Maximum number of public keys in a multisig (for sigop counting)
/// This is used when we can't accurately determine the number from the script
const MAX_PUBKEYS_PER_MULTISIG: u32 = 20;

/// Witness scale factor for sigop cost calculation
/// Legacy sigops count as 4x their actual number in sigop cost
const WITNESS_SCALE_FACTOR: u64 = 4;

/// Count sigops in a script (legacy counting)
///
/// Counts OP_CHECKSIG, OP_CHECKSIGVERIFY, OP_CHECKMULTISIG, OP_CHECKMULTISIGVERIFY.
/// Matches consensus's CScript::GetSigOpCount(bool fAccurate).
///
/// Uses GetOp-style iteration: each call to the loop body reads one opcode and
/// advances past any associated push data, exactly like consensus's GetOp().
///
/// # Arguments
/// * `script` - Script to count sigops in
/// * `accurate` - If true, use OP_1-OP_16 before OP_CHECKMULTISIG to determine key count
///
/// # Returns
/// Number of sigops in the script
#[spec_locked("5.2.2")]
pub fn count_sigops_in_script(script: &ByteString, accurate: bool) -> u32 {
    let mut count = 0u32;
    let mut last_opcode: Option<u8> = None;
    let mut i = 0;

    while i < script.len() {
        let opcode = script[i];

        // Skip past push data (matches consensus's GetOp)
        if opcode > 0 && opcode < OP_PUSHDATA1 {
            // Direct push: opcode IS the length (1-75 bytes)
            let len = opcode as usize;
            last_opcode = Some(opcode);
            i += 1 + len;
            continue;
        } else if opcode == OP_PUSHDATA1 {
            // OP_PUSHDATA1: next byte is length
            if i + 1 >= script.len() {
                break;
            }
            let len = script[i + 1] as usize;
            last_opcode = Some(opcode);
            i += 2 + len;
            continue;
        } else if opcode == OP_PUSHDATA2 {
            // OP_PUSHDATA2: next 2 bytes (little-endian) are length
            if i + 2 >= script.len() {
                break;
            }
            let len = u16::from_le_bytes([script[i + 1], script[i + 2]]) as usize;
            last_opcode = Some(opcode);
            i += 3 + len;
            continue;
        } else if opcode == OP_PUSHDATA4 {
            // OP_PUSHDATA4: next 4 bytes (little-endian) are length
            if i + 4 >= script.len() {
                break;
            }
            let len =
                u32::from_le_bytes([script[i + 1], script[i + 2], script[i + 3], script[i + 4]])
                    as usize;
            last_opcode = Some(opcode);
            i += 5 + len;
            continue;
        }

        // OP_CHECKSIG and OP_CHECKSIGVERIFY count as 1 sigop each
        if opcode == OP_CHECKSIG || opcode == OP_CHECKSIGVERIFY {
            count = count.saturating_add(1);
        }
        // OP_CHECKMULTISIG and OP_CHECKMULTISIGVERIFY count as multiple sigops
        else if opcode == OP_CHECKMULTISIG || opcode == OP_CHECKMULTISIGVERIFY {
            if accurate {
                // If accurate mode and previous opcode is OP_1-OP_16, use that number
                if let Some(prev_op) = last_opcode {
                    if (OP_1..=OP_16).contains(&prev_op) {
                        // OP_1 = 0x51, OP_16 = 0x60
                        // Decode: OP_N = N - 0x50
                        let n = (prev_op - OP_1 + 1) as u32;
                        count = count.saturating_add(n);
                    } else {
                        count = count.saturating_add(MAX_PUBKEYS_PER_MULTISIG);
                    }
                } else {
                    count = count.saturating_add(MAX_PUBKEYS_PER_MULTISIG);
                }
            } else {
                // Not accurate: assume maximum
                count = count.saturating_add(MAX_PUBKEYS_PER_MULTISIG);
            }
        }

        last_opcode = Some(opcode);
        i += 1;
    }

    count
}

/// Count sigops in a tapscript per BIP 342 (`CountTapscriptSigOps`).
///
/// Used for **per-tapscript validation weight** during script execution. This must **not** be folded
/// into block `MAX_BLOCK_SIGOPS_COST`: Bitcoin Core `WitnessSigOps` only counts witness **v0**; v1
/// (Taproot) contributes **0** to that total.
#[spec_locked("11.2.8")]
pub fn count_tapscript_sigops(script: &ByteString) -> u32 {
    let mut count = 0u32;
    let mut i = 0;

    while i < script.len() {
        let opcode = script[i];

        if opcode > 0 && opcode < OP_PUSHDATA1 {
            let len = opcode as usize;
            i += 1 + len;
            continue;
        } else if opcode == OP_PUSHDATA1 {
            if i + 1 >= script.len() {
                break;
            }
            let len = script[i + 1] as usize;
            i += 2 + len;
            continue;
        } else if opcode == OP_PUSHDATA2 {
            if i + 2 >= script.len() {
                break;
            }
            let len = u16::from_le_bytes([script[i + 1], script[i + 2]]) as usize;
            i += 3 + len;
            continue;
        } else if opcode == OP_PUSHDATA4 {
            if i + 4 >= script.len() {
                break;
            }
            let len =
                u32::from_le_bytes([script[i + 1], script[i + 2], script[i + 3], script[i + 4]])
                    as usize;
            i += 5 + len;
            continue;
        }

        if opcode == OP_CHECKSIG || opcode == OP_CHECKSIGVERIFY || opcode == OP_CHECKSIGADD {
            count = count.saturating_add(1);
        }
        i += 1;
    }
    count
}

/// Check if a script is P2SH (Pay-to-Script-Hash) — Orange Paper 5.2.1 IsP2SH
///
/// P2SH scripts have the format: OP_HASH160 (0xa9) <20-byte-hash> OP_EQUAL (0x87)
#[spec_locked("5.2.1")]
pub fn is_pay_to_script_hash(script: &[u8]) -> bool {
    script.len() == 23
        && script[0] == OP_HASH160  // OP_HASH160
        && script[1] == 0x14  // Push 20 bytes
        && script[22] == OP_EQUAL // OP_EQUAL
}

/// Extract redeem script from P2SH scriptSig
///
/// For P2SH, the scriptSig pushes the redeem script. We need to extract
/// the last push data item from scriptSig.
/// Orange Paper 5.2.1: P2SH scriptSig must contain only pushes; last push = redeem script.
#[spec_locked("5.2.1")]
fn extract_redeem_script_from_scriptsig(script_sig: &ByteString) -> Option<ByteString> {
    let mut i = 0;
    let mut last_data: Option<ByteString> = None;

    while i < script_sig.len() {
        let opcode = script_sig[i];

        if opcode <= OP_PUSHDATA4 {
            // Push data opcode
            let (len, advance) = if opcode < OP_PUSHDATA1 {
                // Direct push: opcode is the length
                let len = opcode as usize;
                (len, 1)
            } else if opcode == OP_PUSHDATA1 {
                // OP_PUSHDATA1
                if i + 1 >= script_sig.len() {
                    return None;
                }
                let len = script_sig[i + 1] as usize;
                (len, 2)
            } else if opcode == OP_PUSHDATA2 {
                // OP_PUSHDATA2
                if i + 2 >= script_sig.len() {
                    return None;
                }
                let len = u16::from_le_bytes([script_sig[i + 1], script_sig[i + 2]]) as usize;
                (len, 3)
            } else if opcode == OP_PUSHDATA4 {
                // OP_PUSHDATA4
                if i + 4 >= script_sig.len() {
                    return None;
                }
                let len = u32::from_le_bytes([
                    script_sig[i + 1],
                    script_sig[i + 2],
                    script_sig[i + 3],
                    script_sig[i + 4],
                ]) as usize;
                (len, 5)
            } else {
                // Other push opcodes (OP_1NEGATE, OP_RESERVED, OP_1-OP_16)
                (0, 1)
            };

            if i + advance + len > script_sig.len() {
                return None;
            }

            last_data = Some(script_sig[i + advance..i + advance + len].to_vec());
            i += advance + len;
        } else if (OP_1..=OP_16).contains(&opcode) {
            // OP_1 to OP_16: push single byte
            last_data = Some(vec![opcode - OP_N_BASE]); // Convert OP_N to value N
            i += 1;
        } else {
            // Other opcode: not a push, invalid for P2SH
            return None;
        }
    }

    last_data
}

/// Get legacy sigop count from transaction
///
/// Counts sigops in scriptSig and scriptPubKey of all inputs and outputs.
/// Matches consensus's GetLegacySigOpCount().
///
/// # Arguments
/// * `tx` - Transaction to count sigops in
///
/// # Returns
/// Total number of legacy sigops
#[spec_locked("5.2.2")]
pub fn get_legacy_sigop_count(tx: &Transaction) -> u32 {
    let mut count = 0u32;

    // Count sigops in all input scriptSigs
    for input in &tx.inputs {
        count = count.saturating_add(count_sigops_in_script(&input.script_sig, false));
    }

    // Count sigops in all output scriptPubKeys
    for output in &tx.outputs {
        count = count.saturating_add(count_sigops_in_script(&output.script_pubkey, false));
    }

    count
}

/// Get P2SH sigop count from transaction
///
/// Counts sigops in P2SH redeem scripts. Only counts sigops for outputs
/// that are P2SH (Pay-to-Script-Hash).
/// Matches consensus's GetP2SHSigOpCount().
///
/// # Arguments
/// * `tx` - Transaction to count sigops in
/// * `utxo_lookup` - UTXO lookup (UtxoSet or UtxoOverlay)
///
/// # Returns
/// Total number of P2SH sigops
#[spec_locked("5.2.2")]
pub fn get_p2sh_sigop_count<U: UtxoLookup>(tx: &Transaction, utxo_lookup: &U) -> Result<u32> {
    // Coinbase transactions have no P2SH sigops
    use crate::transaction::is_coinbase;
    if is_coinbase(tx) {
        return Ok(0);
    }

    let mut count = 0u32;

    for input in &tx.inputs {
        // Get the UTXO (scriptPubKey) for this input
        if let Some(utxo) = utxo_lookup.get(&input.prevout) {
            // Check if this is a P2SH output
            if is_pay_to_script_hash(utxo.script_pubkey.as_ref()) {
                // Extract redeem script from scriptSig
                if let Some(redeem_script) = extract_redeem_script_from_scriptsig(&input.script_sig)
                {
                    // Count sigops in redeem script (use accurate counting)
                    count = count.saturating_add(count_sigops_in_script(&redeem_script, true));
                }
            }
        }
    }

    Ok(count)
}

/// Count witness sigops in transaction
///
/// Counts sigops in witness scripts for SegWit transactions.
/// P2WPKH: 1 sigop; P2WSH: count in witness script; P2TR: count in tapscript.
///
/// # Arguments
/// * `tx` - Transaction
/// * `witnesses` - Witness data for each input (slice of Witness vectors)
/// * `utxo_lookup` - UTXO lookup (UtxoSet or UtxoOverlay)
/// * `flags` - Script verification flags
///
/// # Returns
/// Number of witness sigops
#[spec_locked("11.1")]
pub(crate) fn count_witness_sigops<U: UtxoLookup>(
    tx: &Transaction,
    witnesses: &[Witness],
    utxo_lookup: &U,
    flags: u32,
) -> Result<u64> {
    use crate::transaction::is_coinbase;

    // SegWit flag must be enabled
    if (flags & 0x800) == 0 {
        return Ok(0);
    }

    if is_coinbase(tx) {
        return Ok(0);
    }

    let mut count = 0u64;

    for (i, input) in tx.inputs.iter().enumerate() {
        if let Some(utxo) = utxo_lookup.get(&input.prevout) {
            let script_pubkey = &utxo.script_pubkey;

            // P2WPKH: OP_0 <20-byte-hash>
            if script_pubkey.len() == 22 && script_pubkey[0] == OP_0 && script_pubkey[1] == 0x14 {
                // P2WPKH has 1 sigop (the CHECKSIG in the witness script)
                if let Some(witness) = witnesses.get(i) {
                    if !witness.is_empty() {
                        count = count.saturating_add(1);
                    }
                }
            }
            // P2WSH: OP_0 <32-byte-hash>
            else if script_pubkey.len() == 34
                && script_pubkey[0] == OP_0
                && script_pubkey[1] == 0x20
            {
                // P2WSH: count sigops in witness script
                if let Some(witness) = witnesses.get(i) {
                    if let Some(witness_script) = witness.last() {
                        count = count
                            .saturating_add(count_sigops_in_script(witness_script, true) as u64);
                    }
                }
            }
            // P2TR (witness v1): do **not** add tapscript sigops here.
            // Bitcoin Core `WitnessSigOps` only handles version 0; v1 returns 0.
            // BIP 342 enforces signature-related limits via tapscript validation weight during
            // execution, not `MAX_BLOCK_SIGOPS_COST`. Counting tapscript ops here overstates the
            // block total and rejects mined mainnet blocks (e.g. heavy tapscript spends).
        }
    }

    Ok(count)
}

/// Legacy sigop count with accurate OP_CHECKMULTISIG (OP_1..OP_16 = 1..16, else 20).
/// Used for BIP54 per-tx 2500 limit to match Core's GetSigOpCount(fAccurate=true).
#[spec_locked("5.2.2")]
pub fn get_legacy_sigop_count_accurate(tx: &Transaction) -> u32 {
    let mut count = 0u32;
    for input in &tx.inputs {
        count = count.saturating_add(count_sigops_in_script(&input.script_sig, true));
    }
    for output in &tx.outputs {
        count = count.saturating_add(count_sigops_in_script(&output.script_pubkey, true));
    }
    count
}

/// Get total transaction sigop count (BIP54 limit).
///
/// Sum of legacy + P2SH + witness sigop counts (same accounting as BIP16).
/// Used to enforce per-transaction limit of 2500 sigops after BIP54 activation.
pub fn get_transaction_sigop_count<U: UtxoLookup>(
    tx: &Transaction,
    utxo_lookup: &U,
    witnesses: Option<&[Witness]>,
    flags: u32,
) -> Result<u64> {
    let legacy = get_legacy_sigop_count(tx) as u64;
    let p2sh = get_p2sh_sigop_count(tx, utxo_lookup)? as u64;
    let witness = witnesses
        .map(|w| count_witness_sigops(tx, w, utxo_lookup, flags))
        .unwrap_or(Ok(0))?;
    Ok(legacy.saturating_add(p2sh).saturating_add(witness))
}

/// BIP54 per-tx sigop count: legacy (accurate) + P2SH + witness.
/// Matches Core's CheckSigopsBIP54 (GetSigOpCount(scriptSig, true) for legacy).
pub fn get_transaction_sigop_count_for_bip54<U: UtxoLookup>(
    tx: &Transaction,
    utxo_lookup: &U,
    witnesses: Option<&[Witness]>,
    flags: u32,
) -> Result<u64> {
    let legacy = get_legacy_sigop_count_accurate(tx) as u64;
    let p2sh = get_p2sh_sigop_count(tx, utxo_lookup)? as u64;
    let witness = witnesses
        .map(|w| count_witness_sigops(tx, w, utxo_lookup, flags))
        .unwrap_or(Ok(0))?;
    Ok(legacy.saturating_add(p2sh).saturating_add(witness))
}

/// Get total transaction sigop cost
///
/// Calculates total sigop cost for a transaction, including:
/// - Legacy sigops × 4 (witness scale factor)
/// - P2SH sigops × 4 (if P2SH enabled)
/// - Witness sigops (actual count, not scaled)
///
/// Matches consensus's GetTransactionSigOpCost().
///
/// # Arguments
/// * `tx` - Transaction to count sigops in
/// * `utxo_set` - UTXO set to lookup inputs
/// * `witness` - Witness data for this transaction (one Witness per input)
/// * `flags` - Script verification flags
///
/// # Returns
/// Total sigop cost
#[spec_locked("5.2.2")]
pub fn get_transaction_sigop_cost<U: UtxoLookup>(
    tx: &Transaction,
    utxo_lookup: &U,
    witness: Option<&Witness>,
    flags: u32,
) -> Result<u64> {
    let witness_slices = witness.map(std::slice::from_ref);
    get_transaction_sigop_cost_with_witness_slices(tx, utxo_lookup, witness_slices, flags)
}

/// Same as get_transaction_sigop_cost but accepts pre-fetched UTXOs in input order.
/// Avoids redundant overlay lookups when caller already has UTXO data.
#[spec_locked("5.2.2")]
pub fn get_transaction_sigop_cost_with_utxos(
    tx: &Transaction,
    utxos: &[Option<&UTXO>],
    witnesses: Option<&[Witness]>,
    flags: u32,
) -> Result<u64> {
    let legacy_count = get_legacy_sigop_count(tx) as u64;
    let mut total_cost = legacy_count.saturating_mul(WITNESS_SCALE_FACTOR);

    use crate::transaction::is_coinbase;
    if is_coinbase(tx) {
        return Ok(total_cost);
    }

    if (flags & 0x01) != 0 {
        let mut p2sh_count = 0u32;
        for (input, utxo_opt) in tx.inputs.iter().zip(utxos.iter()) {
            if let Some(utxo) = utxo_opt {
                if is_pay_to_script_hash(utxo.script_pubkey.as_ref()) {
                    if let Some(redeem_script) =
                        extract_redeem_script_from_scriptsig(&input.script_sig)
                    {
                        p2sh_count =
                            p2sh_count.saturating_add(count_sigops_in_script(&redeem_script, true));
                    }
                }
            }
        }
        total_cost = total_cost
            .saturating_add(p2sh_count.saturating_mul(WITNESS_SCALE_FACTOR as u32) as u64);
    }

    if let Some(witnesses) = witnesses {
        if (flags & 0x800) != 0 {
            for (i, (input, utxo_opt)) in tx.inputs.iter().zip(utxos.iter()).enumerate() {
                if let Some(utxo) = utxo_opt {
                    let script_pubkey = utxo.script_pubkey.as_ref();
                    if script_pubkey.len() == 22
                        && script_pubkey[0] == OP_0
                        && script_pubkey[1] == 0x14
                    {
                        if let Some(witness) = witnesses.get(i) {
                            if !witness.is_empty() {
                                total_cost = total_cost.saturating_add(1);
                            }
                        }
                    } else if script_pubkey.len() == 34
                        && script_pubkey[0] == OP_0
                        && script_pubkey[1] == 0x20
                    {
                        if let Some(witness) = witnesses.get(i) {
                            if let Some(witness_script) = witness.last() {
                                total_cost = total_cost.saturating_add(count_sigops_in_script(
                                    witness_script,
                                    true,
                                )
                                    as u64);
                            }
                        }
                    }
                    // P2TR / witness v1: witness sigop cost is 0 for block limit (match Core WitnessSigOps).
                }
            }
        }
    }

    Ok(total_cost)
}

/// Same as get_transaction_sigop_cost but accepts per-input witness slices directly.
/// Avoids flattening witness data in block validation hot path.
#[spec_locked("5.2.2")]
pub fn get_transaction_sigop_cost_with_witness_slices<U: UtxoLookup>(
    tx: &Transaction,
    utxo_lookup: &U,
    witnesses: Option<&[Witness]>,
    flags: u32,
) -> Result<u64> {
    // Legacy sigops × witness scale factor
    let legacy_count = get_legacy_sigop_count(tx) as u64;
    let mut total_cost = legacy_count.saturating_mul(WITNESS_SCALE_FACTOR);

    use crate::transaction::is_coinbase;
    if is_coinbase(tx) {
        return Ok(total_cost);
    }

    // P2SH sigops × witness scale factor (if P2SH enabled)
    if (flags & 0x01) != 0 {
        // SCRIPT_VERIFY_P2SH flag enabled
        let p2sh_count = get_p2sh_sigop_count(tx, utxo_lookup)? as u64;
        total_cost = total_cost.saturating_add(p2sh_count.saturating_mul(WITNESS_SCALE_FACTOR));
    }

    // Witness sigops (actual count, not scaled)
    if let Some(witnesses) = witnesses {
        let witness_count = count_witness_sigops(tx, witnesses, utxo_lookup, flags)?;
        total_cost = total_cost.saturating_add(witness_count);
    }

    Ok(total_cost)
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_count_sigops_checksig() {
        // Script with OP_CHECKSIG
        let script = vec![OP_1, OP_1, OP_CHECKSIG]; // OP_1, OP_1, OP_CHECKSIG
        assert_eq!(count_sigops_in_script(&script, false), 1);
    }

    #[test]
    fn test_count_sigops_checksigverify() {
        // Script with OP_CHECKSIGVERIFY
        let script = vec![OP_1, OP_1, OP_CHECKSIGVERIFY]; // OP_1, OP_1, OP_CHECKSIGVERIFY
        assert_eq!(count_sigops_in_script(&script, false), 1);
    }

    #[test]
    fn test_count_sigops_multisig() {
        // Script with OP_CHECKMULTISIG (defaults to 20)
        let script = vec![OP_1, OP_2, OP_CHECKMULTISIG]; // OP_1, OP_2, OP_CHECKMULTISIG
        assert_eq!(count_sigops_in_script(&script, false), 20);

        // Accurate mode: use OP_2 value (2 sigops)
        assert_eq!(count_sigops_in_script(&script, true), 2);
    }

    #[test]
    fn test_get_legacy_sigop_count() {
        let tx = Transaction {
            version: 1,
            inputs: vec![TransactionInput {
                prevout: OutPoint {
                    hash: [0; 32].into(),
                    index: 0,
                },
                script_sig: vec![OP_1, OP_CHECKSIG], // OP_1, OP_CHECKSIG
                sequence: 0xffffffff,
            }]
            .into(),
            outputs: vec![TransactionOutput {
                value: 1000,
                script_pubkey: vec![OP_1, OP_CHECKSIGVERIFY].into(), // OP_1, OP_CHECKSIGVERIFY
            }]
            .into(),
            lock_time: 0,
        };

        assert_eq!(get_legacy_sigop_count(&tx), 2);
    }

    #[test]
    fn test_is_pay_to_script_hash() {
        // Valid P2SH script: OP_HASH160 <20 bytes> OP_EQUAL
        let mut p2sh_script = vec![OP_HASH160, 0x14]; // OP_HASH160, push 20
        p2sh_script.extend_from_slice(&[0u8; 20]);
        p2sh_script.push(OP_EQUAL); // OP_EQUAL

        assert!(is_pay_to_script_hash(&p2sh_script));

        // Invalid: wrong length
        assert!(!is_pay_to_script_hash(&vec![OP_HASH160, 0x14]));

        // Invalid: not P2SH format
        let p2pkh = vec![OP_DUP, OP_HASH160, 0x14]; // OP_DUP OP_HASH160
        assert!(!is_pay_to_script_hash(&p2pkh));
    }

    // ==========================================================================
    // REGRESSION TESTS: Push data must not be counted as sigops (block 310357 fix)
    // ==========================================================================
    // These tests prevent regression of the bug where bytes inside push data
    // (e.g., 0xAC = OP_CHECKSIG) were incorrectly counted as sigops.
    // This caused valid blocks to be rejected with "sigop cost exceeds maximum".

    #[test]
    fn test_pushdata1_containing_checksig_byte_not_counted() {
        // OP_PUSHDATA1 <len=3> <0xAC 0xAC 0xAC>
        // The 0xAC bytes are push DATA, not OP_CHECKSIG opcodes.
        // Sigop count must be 0.
        let script = vec![OP_PUSHDATA1, 0x03, OP_CHECKSIG, OP_CHECKSIG, OP_CHECKSIG];
        assert_eq!(
            count_sigops_in_script(&script, false),
            0,
            "Push data containing 0xAC must NOT be counted as sigops"
        );
    }

    #[test]
    fn test_pushdata2_containing_checksig_byte_not_counted() {
        // OP_PUSHDATA2 <len=4 as u16 LE> <0xAC 0xAD 0xAE 0xAF>
        // These are push DATA bytes, not opcodes.
        let script = vec![
            OP_PUSHDATA2,
            0x04,
            0x00,
            OP_CHECKSIG,
            OP_CHECKSIGVERIFY,
            OP_CHECKMULTISIG,
            OP_CHECKMULTISIGVERIFY,
        ];
        assert_eq!(
            count_sigops_in_script(&script, false),
            0,
            "Push data containing sigop-like bytes must NOT be counted"
        );
    }

    #[test]
    fn test_pushdata4_containing_checksig_byte_not_counted() {
        // OP_PUSHDATA4 <len=2 as u32 LE> <0xAC 0xAC>
        let script = vec![
            OP_PUSHDATA4,
            0x02,
            0x00,
            0x00,
            0x00,
            OP_CHECKSIG,
            OP_CHECKSIG,
        ];
        assert_eq!(
            count_sigops_in_script(&script, false),
            0,
            "OP_PUSHDATA4 data containing 0xAC must NOT be counted"
        );
    }

    #[test]
    fn test_direct_push_containing_checksig_byte_not_counted() {
        // Direct push: opcode 0x05 means "push next 5 bytes"
        // Data contains OP_CHECKSIG byte which must NOT be counted.
        let script = vec![
            0x05,
            OP_CHECKSIG,
            OP_CHECKSIG,
            OP_CHECKSIG,
            OP_CHECKSIG,
            OP_CHECKSIG,
        ];
        assert_eq!(
            count_sigops_in_script(&script, false),
            0,
            "Direct push data containing 0xAC must NOT be counted as sigops"
        );
    }

    #[test]
    fn test_push_data_then_real_checksig() {
        // Direct push of 3 bytes (containing 0xAC), then a REAL OP_CHECKSIG
        // Only the real OP_CHECKSIG (after push data) should count.
        let script = vec![0x03, OP_CHECKSIG, OP_CHECKSIG, OP_CHECKSIG, OP_CHECKSIG]; // push 3, data, then OP_CHECKSIG
        assert_eq!(
            count_sigops_in_script(&script, false),
            1,
            "Only real OP_CHECKSIG after push data should count"
        );
    }

    #[test]
    fn test_pushdata1_then_real_multisig() {
        // OP_PUSHDATA1 <len=2> <OP_CHECKSIG OP_CHECKSIG> then OP_2 OP_CHECKMULTISIG
        // The OP_CHECKSIG bytes in push data don't count. Only the real OP_CHECKMULTISIG counts.
        let script = vec![
            OP_PUSHDATA1,
            0x02,
            OP_CHECKSIG,
            OP_CHECKSIG,
            OP_2,
            OP_CHECKMULTISIG,
        ];
        // Inaccurate mode: multisig = 20
        assert_eq!(
            count_sigops_in_script(&script, false),
            20,
            "Only real OP_CHECKMULTISIG should count (inaccurate=20)"
        );
        // Accurate mode: OP_2 before OP_CHECKMULTISIG = 2
        assert_eq!(
            count_sigops_in_script(&script, true),
            2,
            "Accurate mode: OP_2 before OP_CHECKMULTISIG = 2 sigops"
        );
    }

    #[test]
    fn test_empty_script_zero_sigops() {
        let script: Vec<u8> = vec![];
        assert_eq!(count_sigops_in_script(&script, false), 0);
        assert_eq!(count_sigops_in_script(&script, true), 0);
    }

    #[test]
    fn test_truncated_pushdata1_does_not_panic() {
        // OP_PUSHDATA1 at end of script (no length byte)
        let script = vec![OP_PUSHDATA1];
        assert_eq!(count_sigops_in_script(&script, false), 0);
    }

    #[test]
    fn test_truncated_pushdata2_does_not_panic() {
        // OP_PUSHDATA2 with only 1 of 2 length bytes
        let script = vec![OP_PUSHDATA2, 0x01];
        assert_eq!(count_sigops_in_script(&script, false), 0);
    }

    #[test]
    fn test_truncated_pushdata4_does_not_panic() {
        // OP_PUSHDATA4 with only 3 of 4 length bytes
        let script = vec![OP_PUSHDATA4, 0x01, 0x00, 0x00];
        assert_eq!(count_sigops_in_script(&script, false), 0);
    }

    #[test]
    fn test_large_push_data_with_many_checksig_bytes() {
        // Simulate a realistic script where push data contains many OP_CHECKSIG bytes
        // This is the kind of script that caused the block 310357 failure.
        // OP_PUSHDATA2 <len=100 as u16 LE> <100 bytes of OP_CHECKSIG>
        let mut script = vec![OP_PUSHDATA2, 100, 0x00]; // OP_PUSHDATA2, length=100
        script.extend_from_slice(&[OP_CHECKSIG; 100]); // 100 bytes of OP_CHECKSIG data
        assert_eq!(
            count_sigops_in_script(&script, false),
            0,
            "100 bytes of OP_CHECKSIG in push data must count as 0 sigops"
        );
    }

    #[test]
    fn test_multiple_sigop_opcodes() {
        // OP_CHECKSIG OP_CHECKSIG OP_CHECKSIGVERIFY
        let script = vec![0xac, 0xac, 0xad];
        assert_eq!(count_sigops_in_script(&script, false), 3);
    }

    #[test]
    fn test_multisig_accurate_op_16() {
        // OP_16 (0x60) OP_CHECKMULTISIG
        let script = vec![0x60, 0xae];
        assert_eq!(count_sigops_in_script(&script, true), 16);
    }

    #[test]
    fn test_multisig_accurate_op_1() {
        // OP_1 (0x51) OP_CHECKMULTISIG
        let script = vec![0x51, 0xae];
        assert_eq!(count_sigops_in_script(&script, true), 1);
    }

    /// Prefetched-UTXO sigop cost must match overlay-based counting (used on assume-valid path).
    /// P2TR witness does not contribute to legacy block sigop cost (`WitnessSigOps` v1 = 0 in Core).
    #[test]
    fn get_transaction_sigop_cost_with_utxos_matches_witness_slices_p2tr_excluded_from_block_cost()
    {
        use crate::segwit::Witness;

        let prev = OutPoint {
            hash: [7u8; 32].into(),
            index: 0,
        };
        let mut spk = vec![OP_1, 0x20];
        spk.extend_from_slice(&[9u8; 32]);

        let utxo = UTXO {
            value: 50_000,
            script_pubkey: spk.into(),
            height: 700_000,
            is_coinbase: false,
        };

        let mut set: UtxoSet = Default::default();
        utxo_set_insert(&mut set, prev, utxo);

        let tapscript = vec![OP_CHECKSIG];
        let witness_two: Witness = vec![tapscript.clone(), vec![0u8; 32]];
        let witness_three: Witness = vec![tapscript, vec![0x50], vec![0u8; 32]];

        let tx = Transaction {
            version: 2,
            inputs: vec![TransactionInput {
                prevout: prev,
                script_sig: vec![],
                sequence: 0xffffffff,
            }]
            .into(),
            outputs: vec![TransactionOutput {
                value: 10_000,
                script_pubkey: vec![OP_0].into(),
            }]
            .into(),
            lock_time: 0,
        };

        let flags = 0x800 | 0x8000 | 0x01;
        let uref = set.get(&prev).map(|a| a.as_ref());
        let utxo_refs: Vec<Option<&UTXO>> = vec![uref];

        for witnesses in [&witness_two, &witness_three] {
            let w = vec![witnesses.clone()];
            let with_slices = get_transaction_sigop_cost_with_witness_slices(
                &tx,
                &set,
                Some(w.as_slice()),
                flags,
            )
            .unwrap();
            let with_utxos =
                get_transaction_sigop_cost_with_utxos(&tx, &utxo_refs, Some(w.as_slice()), flags)
                    .unwrap();
            assert_eq!(
                with_utxos, with_slices,
                "sigop cost must match between utxo prefetch and overlay lookup"
            );
            assert_eq!(
                with_slices, 0,
                "tapscript in P2TR witness must not add to block sigop cost"
            );
        }
    }
}