Our RBF policy is different from the rules specified in BIP125 (refer to
doc/policy/mempool-replacements.md instead), and will continue to
diverge with package RBF. Keep references to BIP125 sequence number,
since that is still useful and correct.
-BEGIN VERIFY SCRIPT-
ren() { sed -i "s:\<$1\>:$2:g" $(git grep -l "\<$1\>" ./src ./test); }
ren m_allow_bip125_replacement m_allow_replacement
ren allow_bip125_replacement allow_replacement
ren MAX_BIP125_REPLACEMENT_CANDIDATES MAX_REPLACEMENT_CANDIDATES
-END VERIFY SCRIPT-
fad5bc432b test: Add missing static to IsStandardTx helper (MacroFake)
Pull request description:
Requested in https://github.com/bitcoin/bitcoin/pull/25648#discussion_r935985961
Also remove line break from the other two helpers.
ACKs for top commit:
glozow:
utACK fad5bc432b
aureleoules:
ACK fad5bc432b.
theStack:
ACK fad5bc432b
Tree-SHA512: 771411e1fb5939a58491ecf719e1929ab0150b0faae2078ac72bd13117f1d4dcffdeed5027bfae53e4336af25a4f1db47d564abc06a5a2c9ec006a9f67bae104
f2f6068b69 test: MiniWallet: add `send_self_transfer_chain` to create chain of txns (Andreas Kouloumos)
1d6b438ef0 test: use MiniWallet to simplify mempool_package_limits.py tests (Andreas Kouloumos)
Pull request description:
While `wallet.py` includes the MiniWallet class and some helper methods, it also includes some methods that have been moved there without having any direct relation with the MiniWallet class. Specifically `make_chain`, `create_child_with_parents` and `create_raw_chain` methods that were extracted from `rpc_packages.py` at f8253d69d6 in order to be used on both `mempool_package_limits.py` and `rpc_packages.py`.
Since that change, due to the introduction of additional methods in MiniWallet, the functionality of those methods can now be replicated with the existing MiniWallet methods and simultaneously simplify those tests by using the MiniWallet.
This PR's goals are
- to simplify the `mempool_package_limits.py` functional tests with usage of the MiniWallet.
- to make progress towards the removal of the `make_chain`, `create_child_with_parents` and `create_raw_chain` methods of `wallet.py`.
For the purpose of the aforementioned goals, a helper method `MiniWallet.send_self_transfer_chain` is introduced and method `bulk_transaction` has been integrated in `create_self_transfer*` methods using an optional `target_weight` option.
ACKs for top commit:
MarcoFalke:
ACK f2f6068b69👜
Tree-SHA512: 3ddfa0046168cbf7904ec6b1ca233b3fdd4f30db6aefae108b6d7fb69f34ef6fb2cf4fa7cef9473ce1434a0cc8149d236441a685352fef35359a2b7ba0d951eb
ddddd6913b sort after scripted-diff (MacroFake)
fac812ca83 scripted-diff: Move mempool_args to src/node (MacroFake)
66664384a6 Remove ::g_max_datacarrier_bytes global (MacroFake)
fad0b4fab8 Pass datacarrier setting into IsStandard (MacroFake)
fa2a6b8516 Combine datacarrier globals into one (MacroFake)
fa477d32ee Remove ::GetVirtualTransactionSize() alias (MacroFake)
fa2f6c1a61 Remove ::fIsBareMultisigStd global (MacroFake)
fadc14e4f5 Remove ::dustRelayFee (MacroFake)
fa8a7f01fe Remove ::IsStandardTx(tx, reason) alias (MacroFake)
fa7a9114e5 test: Remove unused cs_main (MacroFake)
fa9cba7afb Remove ::incrementalRelayFee and ::minRelayTxFee globals (MacroFake)
fa148602e6 Remove ::fRequireStandard global (MacroFake)
fa468bdfb6 Return optional error from ApplyArgsManOptions (MacroFake)
Pull request description:
This change is good because:
* It moves module-specific init-logic out of the bloated init.cpp
* It removes a global from validation.cpp and places it into the data structure that needs it (mempool)
ACKs for top commit:
glozow:
re ACK ddddd69
ryanofsky:
Code review ACK ddddd6913b
ariard:
Light Code Review ACK ddddd69
Tree-SHA512: 9de2ce601cfcaa4dfd7d1c92270568895ce8702ccdffb59829fbe9618eab0fd88d738afef33ed66988c66861115e0340e881056bfb71e2aed4af2440bd37eb1e
9e04cfaa76 test: add coverage for wallet inconsistent state during sync (furszy)
77de5c693f wallet: guard and alert about a wallet invalid state during chain sync (furszy)
Pull request description:
Follow-up work to my comment in #25239.
Guarding and alerting the user about a wallet invalid state during chain synchronization.
#### Explanation
if the `AddToWallet` tx write fails, the method returns a wtx `nullptr` without removing the recently added transaction from the wallet's map.
Which makes that `AddToWalletIfInvolvingMe` return false (even when the tx is on the wallet's map already), --> which makes `SyncTransaction` skip the `MarkInputsDirty` call --> which leads to a wallet invalid state where the inputs of this new transaction are not marked dirty, while the transaction that spends them still exist on the in-memory wallet tx map.
Plus, as we only store the arriving transaction inside `AddToWalletIfInvolvingMe` when we synchronize/scan block/s from the chain and nowhere else, it makes sense to treat the transaction db write error as a runtime error to notify the user about the problem. Otherwise, the user will lose all the not stored transactions after a wallet shutdown (without be able to recover them automatically on the next startup because the chain sync would be above the block where the txs arrived).
Note:
On purpose, the first commit adds test coverage for it. Showing how the wallet can end up in an invalid state. The second commit corrects it with the proposed solution.
ACKs for top commit:
achow101:
re-ACK 9e04cfaa76
jonatack:
ACK 9e04cfaa76
Tree-SHA512: 81f765eca40547d7764833d8ccfae686b67c7728c84271bc00dc51272de643dafc270014079dcc9727b47577ba67b340aeb5f981588b54e69a06abea6958aa96
It is part of the node library. Also, it won't be moved to the kernel
lib, as it will be pruned of ArgsManager.
-BEGIN VERIFY SCRIPT-
# Move module
git mv src/mempool_args.cpp src/node/
git mv src/mempool_args.h src/node/
# Replacements
sed -i 's:mempool_args\.h:node/mempool_args.h:g' $(git grep -l mempool_args)
sed -i 's:mempool_args\.cpp:node/mempool_args.cpp:g' $(git grep -l mempool_args)
sed -i 's:MEMPOOL_ARGS_H:NODE_MEMPOOL_ARGS_H:g' $(git grep -l MEMPOOL_ARGS_H)
-END VERIFY SCRIPT-
fa7bef2e80 univalue: Remove unused and confusing set*() return value (MacroFake)
Pull request description:
The value is:
* currently unused, and useless without `[[nodiscard]]`
* confusing, because it is always `true`, unless a num-string is set
Instead of adding `[[nodiscard]]`, throw when setting is not possible.
ACKs for top commit:
shaavan:
ACK fa7bef2e80
aureleoules:
ACK fa7bef2e80.
Tree-SHA512: 0d74f96f34cb93b66019ab75e12334c964630cc83434f22e58cc7a4fff2ee96a5767e42ab37f08acb67aeacba6811b09c75f1edc68d5e903ccfc59b1c82de891
Moved `bulk_transaction` into MiniWallet class as `_bulk_tx` private
helper method to be used when the newly added `target_weight` option is
passed to `create_self_transfer*`
This is causing build failures in some build environments, like NixOS.
I don't think we are going to patch bdb at this point, and this warning
has existed for as long as we've used bdb.
Fixes#25211.
Tested (in Docker) with:
```bash
docker run -it nixos/nix
nix-shell -p gitMinimal gcc12 libtool pkg-config curl gnumake patch autoconf automake
git clone https://github.com/bitcoin/bitcoin
make -C bitcoin/depends bdb
```
Co-authored-by: Ryan Ofsky <ryan@ofsky.org>
4d06fc4bed doc: empty REVIEWERS file (fanquake)
Pull request description:
It seems that it's time for our experiment with this file to come to an
end.
See discussion here:
https://github.com/bitcoin/bitcoin/pull/25560/files#r915491743.
ACKs for top commit:
MarcoFalke:
ACK 4d06fc4bed seems best to have devs opt-in to this explicitly by themselves
Tree-SHA512: c9d4f85e6401807d5eb4478c523c56d37baf0a11edfd3c04713f21b4217e168876761b3ed26fe2b3477e06dbaf3c4bb8393ce4274ad4a66258f4c170f628b612
395767e9f1 Add test case mimicking issue 24765 (Pieter Wuille)
Pull request description:
This adds a functional test for the concern brought up in #24765. It turned out to be a non-issue, but since I wrote it anyway, it can't hurt to add it.
Top commit has no ACKs.
Tree-SHA512: fc8d57129d8c68f6d9a41b94b5ff676c87b31f53bc958195d4fe312530ec3e038ebd0bc5e8b9d56be77b7b63fd94574685901901404a4ab8726a5e09d89e86c8
cc7335edc8 ci: run USDT interface test in a VM (0xb10c)
dba6f82342 test: adopt USDT utxocache interface tests (0xb10c)
220a5a2841 test: hook into PID in tracing tests (0xb10c)
Pull request description:
Changes a CI task that runs test the previously not run `test/functional/interface_usdt_*.py` functional tests (added in https://github.com/bitcoin/bitcoin/pull/24358).
This task is run as CirussCI `compute_engine_instance` VM as hooking into the tracepoints is not possible in CirrusCI docker containers (https://github.com/bitcoin/bitcoin/issues/23296#issuecomment-1024920845). We use an unoffical PPA and untrusted `bpfcc-tools` package in the CI as the Ubuntu jammy and Debian bullseye packages are outdated. We hope use an official package when new Ubuntu/Debian releases are available for the use with Google Compute Engine.
We make sure to hook into `bitcoind` binaries in USDT interface tests via their PID, instead of their path. This makes sure multiple functional tests running in parallel don't interfere with each other.
The utxocache USDT interface tests is adopted to a change of the functional test framework that wasn't detected as the tests weren't run in the CI. As the tracepoints expose internals, it can happen that we need to adopt the interface test when internals change. This is a bit awkward, and if it happens to frequently, we should consider generalizing the tests a bit more. For now it's fine, I think.
See the individual commit messages for more details on the changes.
Fixes https://github.com/bitcoin/bitcoin/issues/24782
Fixes https://github.com/bitcoin/bitcoin/issues/23296
I'd like to hear from reviewers:
- Are we OK with using the [`hadret/bpfcc`](https://launchpad.net/~hadret/+archive/ubuntu/bpfcc) PPA for now? There is a clear plan when to drop it and as is currently, it could only impact the newly added VM task.
- ~~Adding a new task increases CI runtime and costs. Should an existing `container` CI task be ported to a VM and reused instead?~~ Yes, see https://github.com/bitcoin/bitcoin/pull/25528#issuecomment-1179509525
ACKs for top commit:
MarcoFalke:
cr ACK cc7335edc8
Tree-SHA512: b7fddccc0a77d82371229d048abe0bf2c4ccaa45906497ef3040cf99e7f05561890aef4c253c40e4afc96bb838c9787fae81c8454c6fd9db583276e005a4ccb3
4bedfd702a refactor: remove unneeded temporaries in node/interfaces, simplify code (Jon Atack)
b27ba169eb refactor: make all NodeImpl/ChainImpl/ExternalSignerImpl members public (Jon Atack)
Pull request description:
- Make all `NodeImpl`, `ChainImpl` and `ExternalSignerImpl` class members `public` (and document why), to be consistent in all the `*Impl` classes in `src/node/interfaces.cpp` and `src/wallet/interfaces.cpp` and to help future reviewers and contributors.
- Remove unneeded temporaries in `NodeImpl` and `ChainImpl` methods in `src/node/interfaces.cpp` and simplify, to make the code easier to read and understand and to improve performance by avoiding unnecessary move operations.
ACKs for top commit:
ryanofsky:
Code review ACK 4bedfd702a. Changes since last review, applying suggested style & simplifiying first commit. Also avoiding another lock in second commit.
Tree-SHA512: 112f7cad5e2838c94c5b79d61328f42fe75fdb97f401ab49eccf696fc2c6a8a0c0ee55ec974c0602acf7423f78bb82e90eb8a0cc531e1d3347f73b7c83685504
f8e228476f tracing: do not use `coin` after move in `CCoinsViewCache::AddCoin` (Seibart Nedor)
Pull request description:
This is fix for https://github.com/bitcoin/bitcoin/issues/25640.
ACKs for top commit:
0xB10C:
ACK f8e228476f
Tree-SHA512: e7643ac8e6b6247aaf250f44572c4b458da4aea030ac0268227564e6857200e9c23efe325cfc535f46498cbeccaf46301551efeeb54b062f71d2dcf1ffe71fb8
ab3c06db1a doc: Release notes for default RBF (Andrew Chow)
61d9149e78 rpc: Default rbf enabled (Andrew Chow)
e3c33637ba wallet: Enable -walletrbf by default (Andrew Chow)
Pull request description:
The GUI currently opts in to RBF by default, but RPCs do not, and `-walletrbf` is default disabled. This PR makes the default in those two places to also opt in.
The last time this was proposed (#9527), the primary objections were the novelty at the time, the inability to bump transactions, and the gui not having the option to disable rbf. In the 5 years since, RBF usage has steadily grown, with ~27% of txs opting in. The GUI has the option to enable/disable RBF, and is also defaulted to having it enabled. And we have the ability to bump RBF'd transactions in both the RPC and the GUI. So I think it makes sense to finally change the default to always opt in to RBF.
ACKs for top commit:
darosior:
reACK ab3c06db1a
aureleoules:
ACK ab3c06db1a.
glozow:
utACK ab3c06db1a
Tree-SHA512: 81b012c5033e270f86a87a6a196ccc549eb54b158eebf88e917cc6621d40d7bdcd1566b602688907dd5d364b95a557b29f97dce869cea512e339588262c027b6
00897d0677 script: actually trigger the optimization in BuildScript (Antoine Poinsot)
Pull request description:
The counter is an optimization over calling `ret.empty()`. It was
suggested that the compiler would realize `cnt` is only `0` on the first
iteration, and not actually emit the check and conditional.
This optimization was actually not triggered at all, since we
incremented `cnt` at the beginning of the first iteration. Fix it by
incrementing at the end instead.
This was reported by Github user "Janus".
Fixes#25682. Note this does *not* change semantics. It only allows the optimization of moving instead of copying on first `CScript` element to actually be reachable.
ACKs for top commit:
sipa:
utACK 00897d0677
MarcoFalke:
review ACK 00897d0677
Tree-SHA512: b575bd444b0cd2fe754ec5f3e2f3f53d2696d5dcebedcace1e38be372c82365e75938dfe185429ed5a83efe1a395e204bfb33efe56c10defc5811eaee50580e3
c99a1ecc52 guix: enable hardening options in GCC Build (fanquake)
aa87879a77 guix: pass enable-bind-now to glibc (fanquake)
3897a131d0 guix: enable SSP for RISC-V glibc (2.27) (fanquake)
Pull request description:
The GCC (10.3.0) and glibcs (2.24 and 2.27) we build both support configuration option for turning on hardening features by default.
For example, [our GCC provides](https://gcc.gnu.org/install/configure.html) `--enable-default-pie`:
> Turn on -fPIE and -pie by default.
`--enable-default-ssp`:
> Turn on -fstack-protector-strong by default.
and `--enable-cet` options:
> Enable building target run-time libraries with control-flow instrumentation, see -fcf-protection option.
It also provides `--enable-standard-branch-protection`, but we don't do that here, because we don't support building with it yet (#24123).
You could verify the that the on-by-default pie flags are working by Guix building master + this change:
```diff
--- a/configure.ac
+++ b/configure.ac
@@ -971,7 +971,6 @@ if test "$use_hardening" != "no"; then
AX_CHECK_LINK_FLAG([-Wl,-z,relro], [HARDENED_LDFLAGS="$HARDENED_LDFLAGS -Wl,-z,relro"], [], [$LDFLAG_WERROR])
AX_CHECK_LINK_FLAG([-Wl,-z,now], [HARDENED_LDFLAGS="$HARDENED_LDFLAGS -Wl,-z,now"], [], [$LDFLAG_WERROR])
AX_CHECK_LINK_FLAG([-Wl,-z,separate-code], [HARDENED_LDFLAGS="$HARDENED_LDFLAGS -Wl,-z,separate-code"], [], [$LDFLAG_WERROR])
- AX_CHECK_LINK_FLAG([-fPIE -pie], [PIE_FLAGS="-fPIE"; HARDENED_LDFLAGS="$HARDENED_LDFLAGS -pie"], [], [$CXXFLAG_WERROR])
```
and verifying that the `PIE` security checks fail. Then, build this PR branch, + the same change, and checking that they still pass.
A similar thing can be done with the stack-protector, i.e perform a Guix build, and observe the security checks failing after applying this diff to master:
```diff
--- a/configure.ac
+++ b/configure.ac
@@ -936,8 +936,6 @@ dnl -fstack-reuse=none for all gcc builds. (Only gcc understands this flag)
AX_CHECK_COMPILE_FLAG([-fstack-reuse=none], [HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -fstack-reuse=none"])
if test "$use_hardening" != "no"; then
use_hardening=yes
- AX_CHECK_COMPILE_FLAG([-Wstack-protector], [HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -Wstack-protector"])
- AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -fstack-protector-all"])
```
Then check that a build doesn't fail when building this PR + that change. Although it should be noted that the security checks will pass for this + that change, even though the GCC option is for stack-protector-strong, rather than stack-protector-all. This is because our stack protector check is currently just for the presencse of the canary, and not a check that every function is instrumented.
[For glibc](https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html), we enable `--enable-stack-protector=all` (RISC-V only):
> Compile the C library and all other parts of the glibc package using the GCC -fstack-protector, -fstack-protector-strong or -fstack-protector-all options to detect stack overruns. Only the dynamic linker and a small number of routines called directly from assembler are excluded from this protection.
and `--enable-bind-now`:
> Disable lazy binding for installed shared objects and programs. This provides additional security hardening because it enables full RELRO and a read-only global offset table (GOT), at the cost of slightly increased program load times.
You could check that the stack-protector option is being used for the RISC-V builds, by comparing the contents of a function that comes from glibc, i.e `atexit`, in a build of master:
```bash
riscv64-linux-gnu/src/bitcoind: file format elf64-littleriscv
00000000007aa078 <atexit>:
7aa078:003a5617 auipca2,0x3a5
7aa07c:f8863603 lda2,-120(a2) # b4f000 <__dso_handle>
7aa080:4581 lia1,0
7aa082:ff8b3317 auipct1,0xff8b3
7aa086:41e30067 jr1054(t1) # 5d4a0 <__cxa_atexit@plt>
```
vs this PR:
```bash
riscv64-linux-gnu/src/bitcoind: file format elf64-littleriscv
00000000007aa078 <atexit>:
7aa078:003aa797 auipca5,0x3aa
7aa07c:3c87b783 lda5,968(a5) # b54440 <__stack_chk_guard@GLIBC_2.27>
7aa080:6398 lda4,0(a5)
7aa082:1101 addisp,sp,-32
7aa084:ec06 sdra,24(sp)
7aa086:e43a sda4,8(sp)
7aa088:6722 lda4,8(sp)
7aa08a:639c lda5,0(a5)
7aa08c:00f71d63 bnea4,a5,7aa0a6 <atexit+0x2e>
7aa090:60e2 ldra,24(sp)
7aa092:003a5617 auipca2,0x3a5
7aa096:f6e63603 lda2,-146(a2) # b4f000 <__dso_handle>
7aa09a:4581 lia1,0
7aa09c:6105 addisp,sp,32
7aa09e:ff8b3317 auipct1,0xff8b3
7aa0a2:40230067 jr1026(t1) # 5d4a0 <__cxa_atexit@plt>
7aa0a6:ff8b3097 auipcra,0xff8b3
7aa0aa:2ba080e7 jalr698(ra) # 5d360 <__stack_chk_fail@plt>
```
Note that none of the above means we would actually remove the use of hardening flags from our configure.
Guix Build (x86_64):
```bash
8de8ceac0f34729f17c64cd3b788d8e73e8a29cf51ec88ae33e04b1002f07162 guix-build-c99a1ecc52d8/output/aarch64-linux-gnu/SHA256SUMS.part
d638d329d2d23324aa8cb491b5fa9cfc59e7998cc95f6c47540ae34767316764 guix-build-c99a1ecc52d8/output/aarch64-linux-gnu/bitcoin-c99a1ecc52d8-aarch64-linux-gnu-debug.tar.gz
ce57cfd97109e2cebc91936653e291073230e9da1197d60edd6703c2c8e4961a guix-build-c99a1ecc52d8/output/aarch64-linux-gnu/bitcoin-c99a1ecc52d8-aarch64-linux-gnu.tar.gz
917770f42ca696048c11ce3e7a100b9cc59cbe482878bccf11c1d84e327e61a7 guix-build-c99a1ecc52d8/output/arm-linux-gnueabihf/SHA256SUMS.part
a5e6ea54cb58941b2dceaa036495c65d83e3ae65b806af7124718df428206b38 guix-build-c99a1ecc52d8/output/arm-linux-gnueabihf/bitcoin-c99a1ecc52d8-arm-linux-gnueabihf-debug.tar.gz
c035aa6599aeab74445bcf15966886fafb1e4397d6f4e66e4e5ff05770f3af94 guix-build-c99a1ecc52d8/output/arm-linux-gnueabihf/bitcoin-c99a1ecc52d8-arm-linux-gnueabihf.tar.gz
a48654be85a540b393fefa87f75f10fcb1652cfb824eb5cb32da9aeffdbe9843 guix-build-c99a1ecc52d8/output/arm64-apple-darwin/SHA256SUMS.part
8cf48b00d6cbe7bc203043dde34ca51a82e25bc3b4e91802730209a90637a8ed guix-build-c99a1ecc52d8/output/arm64-apple-darwin/bitcoin-c99a1ecc52d8-arm64-apple-darwin-unsigned.dmg
6ff1c1f0fbf64303421f71a91c14020554ab96673f2461aae80ef2249a846ebd guix-build-c99a1ecc52d8/output/arm64-apple-darwin/bitcoin-c99a1ecc52d8-arm64-apple-darwin-unsigned.tar.gz
0df1d3d95759b26a9cc448dba29291c5d940e9faf9a79c7658775285498809eb guix-build-c99a1ecc52d8/output/arm64-apple-darwin/bitcoin-c99a1ecc52d8-arm64-apple-darwin.tar.gz
3556666828f68205b8b82771a7046e10e10cf31bd894c6ed389bbaa2397b917c guix-build-c99a1ecc52d8/output/dist-archive/bitcoin-c99a1ecc52d8.tar.gz
970390a724f2b9e40731942a427a5893a489fdac9c970a5a2f52cd684c4e2bcb guix-build-c99a1ecc52d8/output/powerpc64-linux-gnu/SHA256SUMS.part
c281257c8f9466aca2d68971ff8cd219288f62a601396d4f8f1497a4404fac11 guix-build-c99a1ecc52d8/output/powerpc64-linux-gnu/bitcoin-c99a1ecc52d8-powerpc64-linux-gnu-debug.tar.gz
79e68965a50907f4c3382143f7c58dd71b927f87fe80a62c06b434232d764b93 guix-build-c99a1ecc52d8/output/powerpc64-linux-gnu/bitcoin-c99a1ecc52d8-powerpc64-linux-gnu.tar.gz
b65be16861b1d11225f5497c58adbc585bb1b192096018f006ae11c851235d65 guix-build-c99a1ecc52d8/output/powerpc64le-linux-gnu/SHA256SUMS.part
5edb31e2d6702ab3e24189db1a1151bb40dc009a2d6f196eca19124947400a24 guix-build-c99a1ecc52d8/output/powerpc64le-linux-gnu/bitcoin-c99a1ecc52d8-powerpc64le-linux-gnu-debug.tar.gz
d6e0414082f91a443bcfee9647f8cf9ad09d13fdf6acd6070866505b420db8eb guix-build-c99a1ecc52d8/output/powerpc64le-linux-gnu/bitcoin-c99a1ecc52d8-powerpc64le-linux-gnu.tar.gz
89edc84604ea960dff7598999cabb14e2dbd7d585021acfd3065e0e8ebb77786 guix-build-c99a1ecc52d8/output/riscv64-linux-gnu/SHA256SUMS.part
091d582c7797792ab62653e61aa2192db768fb624615a2393284d7fad2a643bd guix-build-c99a1ecc52d8/output/riscv64-linux-gnu/bitcoin-c99a1ecc52d8-riscv64-linux-gnu-debug.tar.gz
fcc20f8f7e2889f544e10d77e714496fd44e3dfdb2d1919b12ec5d41aeb9a8ac guix-build-c99a1ecc52d8/output/riscv64-linux-gnu/bitcoin-c99a1ecc52d8-riscv64-linux-gnu.tar.gz
4b736dbfca1c0eb37390d791a9cdfe12aa3111f65a0c92775cd68044696f5b17 guix-build-c99a1ecc52d8/output/x86_64-apple-darwin/SHA256SUMS.part
dc51605e5c0f25e25aa1672471c2096e2c95f59d9c7adbee81714ad33da559a0 guix-build-c99a1ecc52d8/output/x86_64-apple-darwin/bitcoin-c99a1ecc52d8-x86_64-apple-darwin-unsigned.dmg
96a7b7b0144049215a4e51a01c4c90dcbf8469590a380fe2b1faca652f80c545 guix-build-c99a1ecc52d8/output/x86_64-apple-darwin/bitcoin-c99a1ecc52d8-x86_64-apple-darwin-unsigned.tar.gz
8d0a9e33e02db7c234d3cff2cf8489a93ae83a0efb9c02dd0a4a43b1615d5f75 guix-build-c99a1ecc52d8/output/x86_64-apple-darwin/bitcoin-c99a1ecc52d8-x86_64-apple-darwin.tar.gz
60e21c7d8eb8422bf3280d63fca7e3983b8d62949b46f582e483bfadf42d9838 guix-build-c99a1ecc52d8/output/x86_64-linux-gnu/SHA256SUMS.part
93cce61cbd237e8d63a7b60fd7c0611834d2587899f241c80ad3e7c31ce9f5c6 guix-build-c99a1ecc52d8/output/x86_64-linux-gnu/bitcoin-c99a1ecc52d8-x86_64-linux-gnu-debug.tar.gz
86e6d35ced80385dbebc9d0b4e443a86d9b5dfecff4928fccb4331fc37b7c8bc guix-build-c99a1ecc52d8/output/x86_64-linux-gnu/bitcoin-c99a1ecc52d8-x86_64-linux-gnu.tar.gz
cdf1045063b8ad18735d623fa45867a3b6fbcabefac6ef763ad4d04e956ef2b7 guix-build-c99a1ecc52d8/output/x86_64-w64-mingw32/SHA256SUMS.part
e032c517396d818f2a5f7a2f8453966de37a1734f2f2d95ad0e39358647f5068 guix-build-c99a1ecc52d8/output/x86_64-w64-mingw32/bitcoin-c99a1ecc52d8-win64-debug.zip
b09cc098672215e810b4a11df0ebce760f716546d76745367898bb1850a6a8b4 guix-build-c99a1ecc52d8/output/x86_64-w64-mingw32/bitcoin-c99a1ecc52d8-win64-setup-unsigned.exe
a27108b306be7099a426bf2e02009b7271c8c04394bf5c5aa4f592b69be77fb5 guix-build-c99a1ecc52d8/output/x86_64-w64-mingw32/bitcoin-c99a1ecc52d8-win64-unsigned.tar.gz
a682fe68b09de24e1bdef49836d4fc5080e779fac66a73c9dcafb8fc6126af3a guix-build-c99a1ecc52d8/output/x86_64-w64-mingw32/bitcoin-c99a1ecc52d8-win64.zip
```
Guix Build (arm64):
```bash
917770f42ca696048c11ce3e7a100b9cc59cbe482878bccf11c1d84e327e61a7 guix-build-c99a1ecc52d8/output/arm-linux-gnueabihf/SHA256SUMS.part
a5e6ea54cb58941b2dceaa036495c65d83e3ae65b806af7124718df428206b38 guix-build-c99a1ecc52d8/output/arm-linux-gnueabihf/bitcoin-c99a1ecc52d8-arm-linux-gnueabihf-debug.tar.gz
c035aa6599aeab74445bcf15966886fafb1e4397d6f4e66e4e5ff05770f3af94 guix-build-c99a1ecc52d8/output/arm-linux-gnueabihf/bitcoin-c99a1ecc52d8-arm-linux-gnueabihf.tar.gz
1a306a6dc68183f210aa56c6eb07785654e1c2e21ac9e2bd866d8fdec34a527c guix-build-c99a1ecc52d8/output/arm64-apple-darwin/SHA256SUMS.part
7da1d43adabf4725b6244df9625b683f47669949ffbcf37184619e431151138f guix-build-c99a1ecc52d8/output/arm64-apple-darwin/bitcoin-c99a1ecc52d8-arm64-apple-darwin-unsigned.dmg
ac38ae4188927e2e0b0d3bdaae9d314424e4f7e3ab2a90c6cbedc8a985ae237e guix-build-c99a1ecc52d8/output/arm64-apple-darwin/bitcoin-c99a1ecc52d8-arm64-apple-darwin-unsigned.tar.gz
1b1653f3b3dff1bf5737223a4e5c2b674b700baba4ef594e3c7a040b5e81f3f6 guix-build-c99a1ecc52d8/output/arm64-apple-darwin/bitcoin-c99a1ecc52d8-arm64-apple-darwin.tar.gz
3556666828f68205b8b82771a7046e10e10cf31bd894c6ed389bbaa2397b917c guix-build-c99a1ecc52d8/output/dist-archive/bitcoin-c99a1ecc52d8.tar.gz
970390a724f2b9e40731942a427a5893a489fdac9c970a5a2f52cd684c4e2bcb guix-build-c99a1ecc52d8/output/powerpc64-linux-gnu/SHA256SUMS.part
c281257c8f9466aca2d68971ff8cd219288f62a601396d4f8f1497a4404fac11 guix-build-c99a1ecc52d8/output/powerpc64-linux-gnu/bitcoin-c99a1ecc52d8-powerpc64-linux-gnu-debug.tar.gz
79e68965a50907f4c3382143f7c58dd71b927f87fe80a62c06b434232d764b93 guix-build-c99a1ecc52d8/output/powerpc64-linux-gnu/bitcoin-c99a1ecc52d8-powerpc64-linux-gnu.tar.gz
b65be16861b1d11225f5497c58adbc585bb1b192096018f006ae11c851235d65 guix-build-c99a1ecc52d8/output/powerpc64le-linux-gnu/SHA256SUMS.part
5edb31e2d6702ab3e24189db1a1151bb40dc009a2d6f196eca19124947400a24 guix-build-c99a1ecc52d8/output/powerpc64le-linux-gnu/bitcoin-c99a1ecc52d8-powerpc64le-linux-gnu-debug.tar.gz
d6e0414082f91a443bcfee9647f8cf9ad09d13fdf6acd6070866505b420db8eb guix-build-c99a1ecc52d8/output/powerpc64le-linux-gnu/bitcoin-c99a1ecc52d8-powerpc64le-linux-gnu.tar.gz
89edc84604ea960dff7598999cabb14e2dbd7d585021acfd3065e0e8ebb77786 guix-build-c99a1ecc52d8/output/riscv64-linux-gnu/SHA256SUMS.part
091d582c7797792ab62653e61aa2192db768fb624615a2393284d7fad2a643bd guix-build-c99a1ecc52d8/output/riscv64-linux-gnu/bitcoin-c99a1ecc52d8-riscv64-linux-gnu-debug.tar.gz
fcc20f8f7e2889f544e10d77e714496fd44e3dfdb2d1919b12ec5d41aeb9a8ac guix-build-c99a1ecc52d8/output/riscv64-linux-gnu/bitcoin-c99a1ecc52d8-riscv64-linux-gnu.tar.gz
4b736dbfca1c0eb37390d791a9cdfe12aa3111f65a0c92775cd68044696f5b17 guix-build-c99a1ecc52d8/output/x86_64-apple-darwin/SHA256SUMS.part
dc51605e5c0f25e25aa1672471c2096e2c95f59d9c7adbee81714ad33da559a0 guix-build-c99a1ecc52d8/output/x86_64-apple-darwin/bitcoin-c99a1ecc52d8-x86_64-apple-darwin-unsigned.dmg
96a7b7b0144049215a4e51a01c4c90dcbf8469590a380fe2b1faca652f80c545 guix-build-c99a1ecc52d8/output/x86_64-apple-darwin/bitcoin-c99a1ecc52d8-x86_64-apple-darwin-unsigned.tar.gz
8d0a9e33e02db7c234d3cff2cf8489a93ae83a0efb9c02dd0a4a43b1615d5f75 guix-build-c99a1ecc52d8/output/x86_64-apple-darwin/bitcoin-c99a1ecc52d8-x86_64-apple-darwin.tar.gz
60e21c7d8eb8422bf3280d63fca7e3983b8d62949b46f582e483bfadf42d9838 guix-build-c99a1ecc52d8/output/x86_64-linux-gnu/SHA256SUMS.part
93cce61cbd237e8d63a7b60fd7c0611834d2587899f241c80ad3e7c31ce9f5c6 guix-build-c99a1ecc52d8/output/x86_64-linux-gnu/bitcoin-c99a1ecc52d8-x86_64-linux-gnu-debug.tar.gz
86e6d35ced80385dbebc9d0b4e443a86d9b5dfecff4928fccb4331fc37b7c8bc guix-build-c99a1ecc52d8/output/x86_64-linux-gnu/bitcoin-c99a1ecc52d8-x86_64-linux-gnu.tar.gz
cdf1045063b8ad18735d623fa45867a3b6fbcabefac6ef763ad4d04e956ef2b7 guix-build-c99a1ecc52d8/output/x86_64-w64-mingw32/SHA256SUMS.part
e032c517396d818f2a5f7a2f8453966de37a1734f2f2d95ad0e39358647f5068 guix-build-c99a1ecc52d8/output/x86_64-w64-mingw32/bitcoin-c99a1ecc52d8-win64-debug.zip
b09cc098672215e810b4a11df0ebce760f716546d76745367898bb1850a6a8b4 guix-build-c99a1ecc52d8/output/x86_64-w64-mingw32/bitcoin-c99a1ecc52d8-win64-setup-unsigned.exe
a27108b306be7099a426bf2e02009b7271c8c04394bf5c5aa4f592b69be77fb5 guix-build-c99a1ecc52d8/output/x86_64-w64-mingw32/bitcoin-c99a1ecc52d8-win64-unsigned.tar.gz
a682fe68b09de24e1bdef49836d4fc5080e779fac66a73c9dcafb8fc6126af3a guix-build-c99a1ecc52d8/output/x86_64-w64-mingw32/bitcoin-c99a1ecc52d8-win64.zip
```
ACKs for top commit:
hebasto:
ACK c99a1ecc52
Tree-SHA512: bb895544c06bab741b965d853e60151a2e38e058c5c373f8e1a01a652220d47c8a0227a31fa96d6e81a48126d677fdec1cb47c20c104c89953d4ca051924b402
8f1ff487b3 libxcb: use a patch instead of sed (fanquake)
Pull request description:
To remove the unneeded pthread-stubs requirement.
Should almost be enough to close#16838.
seds dead (mostly). The usage left in `qt.mk` are for substituting runtime values.
ACKs for top commit:
hebasto:
ACK 8f1ff487b3.
Tree-SHA512: 2b6ebbe98a838d8e08e54737292b02176ff4c85a541ae1ec0c590c75e33ba92289628b88ca3144f2e214f4327515f7fd22c39687312f44183b759815c092b24f
3fe58a98d3 tidy: run clang-tidy in quiet mode (fanquake)
Pull request description:
This should cut the amount of output by atleast half.
```bash
/opt/homebrew/opt/llvm/bin/clang-tidy --use-color -p=bitcoin bitcoin/src/wallet/test/fuzz/coinselection.cpp
278 warnings generated.
Suppressed 278 warnings (278 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
```
becomes
```bash
/opt/homebrew/opt/llvm/bin/clang-tidy --use-color -p=/bitcoin -quiet bitcoin/src/wallet/test/fuzz/coinselection.cpp
278 warnings generated.
```
See https://clang.llvm.org/extra/clang-tidy/.
> --quiet
> Run clang-tidy in quiet mode. This suppresses
> printing statistics about ignored warnings and
> warnings treated as errors if the respective
> options are specified.
However the `run-clang-tidy` option is `-quiet`. See f28c006a58/clang-tools-extra/clang-tidy/tool/run-clang-tidy.py (L244).
ACKs for top commit:
jamesob:
ACK 3fe58a98d3
Tree-SHA512: 936cfab09a78e71a4a2a2b3539087c1a95fe279923cc8c3f950c70924d6920dcd54b0da8b5493a1337c23a3b25834ab0db5a6b0c660c6e46d750f0fc966e7625
- make the code easier to read and understand
- improve performance by avoiding unnecessary move operations
- the cleaner, simpler, and easier to read the code is, the
better chance the compiler has at implementing it well
as the classes themselves are private, and to be consistent within all the
*Impl classes in src/node/interfaces.cpp and src/wallet/interfaces.cpp
following this order:
public:
// ... virtual methods ...
// ... nonvirtual helper methods ...
// ... data members ...
and add documentation in src/node/interfaces.cpp and src/wallet/interfaces.cpp
to help future reviewers and contributors.
dd065dae9f refactor: Make mapBlocksUnknownParent local, and rename it (Hennadii Stepanov)
Pull request description:
This PR is a second attempt at #19594. This PR has two motivations:
- Improve code hygiene by eliminating a global variable, `mapBlocksUnknownParent`
- Fix fuzz test OOM when running too long ([see #19594 comment](https://github.com/bitcoin/bitcoin/pull/19594#issuecomment-958801638))
A minor added advantage is to release `mapBlocksUnknownParent` memory when the reindexing phase is done. The current situation is somewhat similar to a memory leak because this map exists unused for the remaining lifetime of the process. It's true that this map should be empty of data elements after use, but its internal metadata (indexing structures, etc.) can have non-trivial size because there can be many thousands of simultaneous elements in this map.
This PR helps our efforts to reduce the use of global variables. This variable isn't just global, it's hidden inside a function (it looks like a local variable but has the `static` attribute).
This global variable exists because the `-reindex` processing code calls `LoadExternalBlockFile()` multiple times (once for each block file), but that function must preserve some state between calls (the `mapBlocksUnknownParent` map). This PR fixes this by allocating this map as a local variable in the caller's scope and passing it in on each call. When reindexing completes, the map goes out of scope and is deallocated.
I tested this manually by reindexing on mainnet and signet. Also, the existing `feature_reindex.py` functional test passes.
ACKs for top commit:
mzumsande:
re-ACK dd065dae9f
theStack:
re-ACK dd065dae9f
shaavan:
reACK dd065dae9f
Tree-SHA512: 9cd20e44d2fa1096dd405bc107bc065ea8f904f5b3f63080341b08d8cf57b790df565f58815c2f331377d044d5306708b4bf6bdfc5ef8d0ed85d8e97d744732c
b4b657ba57 refactor: log `nEvicted` message in `LimitOrphans` then return void (chinggg)
Pull request description:
Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49347
LimitOrphans() can log expired tx and it should log evicted tx as well instead of returning the `nEvicted` number for caller to print the message.
Since `LimitOrphans()` now returns void, the redundant assertion check in fuzz test is also removed.
Top commit has no ACKs.
Tree-SHA512: 18c41702321b0e59812590cd389f3163831d431f4ebdc3b3e1e0698496a6bdbac52288f28f779237a58813c6717da1a35e8933d509822978ff726c1b13cfc778
22f1e4a02f Merge bitcoin-core/leveldb-subtree#32: fix macro HAVE_O_CLOEXEC when O_CLOEXEC not found
1eeb1cb879 fix macro HAVE_O_CLOEXEC when O_CLOEXEC not found
git-subtree-dir: src/leveldb
git-subtree-split: 22f1e4a02fd8e96090bb699a04c95c784aa88e74
71d1d13627 test: add unit test for AvailableCoins (josibake)
da03cb41a4 test: functional test for new coin selection logic (josibake)
438e04845b wallet: run coin selection by `OutputType` (josibake)
77b0707206 refactor: use CoinsResult struct in SelectCoins (josibake)
2e67291ca3 refactor: store by OutputType in CoinsResult (josibake)
Pull request description:
# Concept
Following https://github.com/bitcoin/bitcoin/pull/23789, Bitcoin Core wallet will now generate a change address that matches the payment address type. This improves privacy by not revealing which of the outputs is the change at the time of the transaction in scenarios where the input address types differ from the payment address type. However, information about the change can be leaked in a later transaction. This proposal attempts to address that concern.
## Leaking information in a later transaction
Consider the following scenario:
![mix input types(1)](https://user-images.githubusercontent.com/7444140/158597086-788339b0-c698-4b60-bd45-9ede4cd3a483.png)
1. Alice has a wallet with bech32 type UTXOs and pays Bob, who gives her a P2SH address
2. Alice's wallet generates a P2SH change output, preserving her privacy in `txid: a`
3. Alice then pays Carol, who gives her a bech32 address
4. Alice's wallet combines the P2SH UTXO with a bech32 UTXO and `txid: b` has two bech32 outputs
From a chain analysis perspective, it is reasonable to infer that the P2SH input in `txid: b` was the change from `txid: a`. To avoid leaking information in this scenario, Alice's wallet should avoid picking the P2SH output and instead fund the transaction with only bech32 Outputs. If the payment to Carol can be funded with just the P2SH output, it should be preferred over the bech32 outputs as this will convert the P2SH UTXO to bech32 UTXOs via the payment and change outputs of the new transaction.
**TLDR;** Avoid mixing output types, spend non-default `OutputTypes` when it is economical to do so.
# Approach
`AvailableCoins` now populates a struct, which makes it easier to access coins by `OutputType`. Coin selection tries to find a funding solution by each output type and chooses the most economical by waste metric. If a solution can't be found without mixing, coin selection runs over the entire wallet, allowing mixing, which is the same as the current behavior.
I've also added a functional test (`test/functional/wallet_avoid_mixing_output_types.py`) and unit test (`src/wallet/test/availablecoins_tests.cpp`.
ACKs for top commit:
achow101:
re-ACK 71d1d13627
aureleoules:
ACK 71d1d13627.
Xekyo:
reACK 71d1d13627 via `git range-diff master 6530d19 71d1d13`
LarryRuane:
ACK 71d1d13627
Tree-SHA512: 2e0716efdae5adf5479446fabc731ae81d595131d3b8bade98b64ba323d0e0c6d964a67f8c14c89c428998bda47993fa924f3cfca1529e2bd49eaa4e31b7e426