45a5aaf Only call clear on prevector if it isn't trivially destructible and don't loop in clear (Jeremy Rubin)
aaa02e7 Add prevector destructor benchmark (Jeremy Rubin)
Tree-SHA512: 52bc8163b65b71310252f2d578349d0ddc364a6c23795c5e06e101f5449f04c96cbdca41c0cffb1974b984b8e33006471137d92b8dd4a81a98e922610a94132a
4d51e9b Assert ConnectBlock block and pIndex are the same block (NicolasDorier)
972714c pow: GetNextWorkRequired never called with NULL pindexLast (Daniel Cousens)
cc44c8f ContextualCheckBlockHeader should never have pindexPrev to NULL (NicolasDorier)
Tree-SHA512: 7cc568bf9417267c335f21ec3d1505b26e56e5b3d5f4d3dbb555279489800aaa65a3bcd7bc376e274dd102912aec16ddbb18de2e2060b2667b41eb979cd9321e
b651270 util: Throw tinyformat::format_error on formatting error (Wladimir J. van der Laan)
3b092bd util: Properly handle errors during log message formatting (Wladimir J. van der Laan)
Tree-SHA512: 85e3b7afec2255fc88034187f1abd6060e9421de17ed4e3d918416f393429a99cc2c974b362099aaaff6970549df47664bea4c857c4e46acc0789663201dc541
dcf2112 Add safe flag to listunspent result (NicolasDorier)
af61d9f Add COutput::fSafe member for safe handling of unconfirmed outputs (Russell Yanofsky)
Tree-SHA512: 311edb6fa8075b3ede5b24cb8c6e5d133ccd8ac9ecafea07b604ffa812ee4f071337e31695e662d8573590a0460af20aaaeb39d49c9ea87924449ea50bdfb0b3
819b513 Add missing braces in semaphore posts in net (Matt Corallo)
e007b24 Fix shutdown hang with >= 8 -addnodes set (Matt Corallo)
Tree-SHA512: f2d7562bd5d333cd0e80562eb3b1fe329fc10ee713996e053d2ed669db6d9eb39550e0a6c6ab768cd070bfe92a5ea85e0f752470206706de196bd4a689b9bc07
Instead of having an exception propagate into the program when an
error happens while formatting a log message, just print a message to
the log.
Addresses #9423.
We previously would block waiting for a CSemaphoreGrant in
ThreadOpenAddedConnections, when we did not need to. This would
block as the posts in CConnman shutdown were both to the wrong
semaphore and in the wrong location.
RPC_INVALID_REQUEST and RPC_METHOD_NOT_FOUND are mapped internally to
HTTP error codes and should not be used for application-layer errors.
This commit adds commenting around those definitions to warn not to use
them for application errors.
On msvc14, int literal '-2147483648' is invalid, because '2147483648' is unsigned type and cant't apply minus operator to unsigned type.
To define the int literal correctly, use '-2147483647 - 1' formula that is also used to define INT_MIN in limits.h.
The fundrawtransaction() RPC was returning misleading or incorrect error
codes (for example RPC_INTERNAL_ERROR when funding the transaction
failed). This commit fixes those error codes:
- RPC_INTERNAL_ERROR should not be returned for application-level
errors, only for genuine internal errors such as corrupted data.
That error code has been replaced with RPC_WALLET_ERROR.
This commit also updates the test cases to explicitly test the error code.
The setban() RPC was returning misleading or incorrect error
codes (for example RPC_CLIENT_NODE_ALREADY_ADDED when an invalid IP
address was entered). This commit fixes those error codes:
- RPC_CLIENT_INVALID_IP_OR_SUBNET should be returned if the client
enters an invalid IP address or subnet.
This commit also updates the test cases to explicitly test the error code.
This commit also adds a testcase for trying to setban on an invalid subnet.
The removeprunedfunds() RPC was returning misleading or incorrect error
codes (for example RPC_INTERNAL_ERROR when the transaction was
not found in the wallet). This commit fixes those error codes:
- RPC_INTERNAL_ERROR should not be returned for application-level
errors, only for genuine internal errors such as corrupted data.
This error code has been replaced with RPC_WALLET_ERROR.
This commit also updates the test cases to explicitly test the error code.
RPCs in blockchain.cpp were returning misleading or incorrect error
codes (for example getblock() returning RPC_INTERNAL_ERROR when the
block had been pruned). This commit fixes those error codes:
- RPC_INTERNAL_ERROR should not be returned for application-level
errors, only for genuine internal errors such as corrupted data.
- RPC_METHOD_NOT_FOUND should not be returned in response to a
JSON request for an existing method.
Those error codes have been replaced with RPC_MISC_ERROR or
RPC_INVALID_PARAMETER as appropriate.
The bumpfee() RPC was returning misleading or incorrect error codes
(for example RPC_INVALID_ADDRESS_OR_KEY when the transaction was not
BIP125 replacable). This commit fixes those error codes:
- RPC_INVALID_ADDRESS_OR_KEY if an invalid address was provided:
- Invalid change address given
- RPC_INVALID_PARAMETER if a single (non-address/key) parameter is incorrect
- confTarget and totalFee options should not both be set.
- Invalid confTarget
- Insufficient totalFee (cannot be less than required fee)
- RPC_WALLET_ERROR for any other error
- Transaction has descendants in the wallet
- Transaction has descendants in the mempool
- Transaction has been mined, or is conflicted with a mined transaction
- Transaction is not BIP 125 replaceable
- Transaction has already been bumped
- Transaction contains inputs that don't belong to the wallet
- Transaction has multiple change outputs
- Transaction does not have a change output
- Fee is higher than maxTxFee
- New fee rate is less than the minimum fee rate
- Change output is too small.
This commit also updates the test cases to explicitly test the error code.
On msvc14, the compiler error C4146 (unary minus operator applied to unsigned type, result still unsigned) had been occured.
Use '0 - x' styled formula instead of '-x' so as to fix the error.
db07f91 Assert that what might look like a possible division by zero is actually unreachable (practicalswift)
Tree-SHA512: f1652eb37196a5b72f356503a1fbb44fb98aa8a94954ad1765f86d81ebf41a2337d4eb58c4f19937fda3752f5d2d642756e44afdbd438015b87ac20801246bff
`u_int` is not available on some platforms (not sure what standard it's
supposed to be part of), we don't use it anywhere else, and it doesn't
hurt to simply write `unsigned int` out here.
Define MSG_DONTWAIT and MSG_NO_SIGNAL in the implementation files that
use them (`net.cpp` and `netbase.cpp`), instead of compat.h which is
included all over the place.
This avoids putting them in the global namespace, as defining them as 0
is a hack that works for our specific usage, but it is not a general
solution.
Also makes sure they are defined only once so the `!defined(MSG_x)` guard can go.
Instead of the WIN32-specific workaround, detect lack of `MSG_DONTWAIT`
in the build system. This allows other platforms without `MSG_DONTWAIT`
to work too.
Setting minrelaytxfee to 0 will allow all transactions regardless of fee to enter your mempool until it reaches its size limit. However now that mempool limiting is governed by a separate incrementalrelay fee, it is an unnecessary restriction to prevent a minrelaytxfee of 0.
This a breaking API change to the prioritisetransaction RPC call which previously required exactly three arguments and now requires exactly two (hash and feeDelta). The function prioritiseTransaction is also updated.
"startingpriority" and "currentpriority" are no longer returned in the JSON information about a mempool entry. This affects getmempoolancestors, getmempooldescendants, getmempooolentry, and getrawmempool.
Remove -limitfreerelay and always enforce minRelayTxFee in the mempool (except from disconnected blocks)
Remove -relaypriority, the option was only used for the ability to allow free transactions to be relayed regardless of their priority. Both notions no longer apply.
Previously if an existing watch only key was reimported with a new timestamp,
the new timestamp would not be saved in the key metadata, and would not be used
to update the wallet nTimeFirstKey value (which could cause rescanning to start
at the wrong point and miss transactions).
Issue was pointed out by Jonas Schnelli <dev@jonasschnelli.ch> in
https://github.com/bitcoin/bitcoin/pull/9108#issuecomment-279715550
ad1ae7a Check and enable -Wshadow by default. (Pavel Janík)
9de90bb Do not shadow variables (gcc set) (Pavel Janík)
Tree-SHA512: 9517feb423dc8ddd63896016b25324673bfbe0bffa97f22996f59d7a3fcbdc2ebf2e43ac02bc067546f54e293e9b2f2514be145f867321e9031f895c063d9fb8
d678771 Wallet: Sanitise -wallet parameter (Luke Dashjr)
9756be3 Wallet/RPC: Use filename rather than CWallet pointer, for lockwallet RPCRunLater job name (Luke Dashjr)
86be48a More tightly couple EnsureWalletIsAvailable with GetWalletForJSONRPCRequest where appropriate (Luke Dashjr)
a435632 Move wallet RPC declarations to rpcwallet.h (Luke Dashjr)
ad15734 RPC: Pass on JSONRPCRequest metadata (URI/user/etc) for "help" method (Luke Dashjr)
bf8a04a Reformat touched lines with C++11 (Luke Dashjr)
2e518e3 Move nWalletUnlockTime to CWallet::nRelockTime, and name timed task unique per CWallet (Luke Dashjr)
d77ad6d RPC: Do all wallet access through new GetWalletForJSONRPCRequest (Luke Dashjr)
eca550f RPC/Wallet: Pass CWallet as pointer to helper functions (Luke Dashjr)
Tree-SHA512: bfd592da841693390e16f83b451503eb5cedb71208089aa32b3fc45e973555584a3ed7696dd239f6409324464d565dacf0f3d0e36e8e13ae6a7843848465f960
6485466 test: Report InitBlockIndex result (Wladimir J. van der Laan)
Tree-SHA512: 8e1408aa8d56ec1873190f886af24aa68b0555ec4996b2b8a5a39a51ded58c8fba5843c07881ed33ab6dcb00e62c2322bcf2a6fb8f1083f77e0d93e7295ab938
7ed143c Add test for CWalletTx::GetImmatureCredit() returning stale values. (Russell Yanofsky)
Tree-SHA512: c95088ed6dfc5a0774ddaa2fe14ac0a9ebd830922a4d77100ec3d51fdeb6df40ad97de4f2ea970ed0f4122dcc0022ee1d43ab3c7188becd7f90c1c6af0ed39b7
If InitBlockIndex fails, then it will segfault later. Same for the later
ActivateBestChain. BOOST_REQUIRE the result, so that an error will be
reported and the test case aborted.
7e6dcd9 random: Add fallback if getrandom syscall not available (Wladimir J. van der Laan)
7cad849 sanity: Move OS random to sanity check function (Wladimir J. van der Laan)
aa09ccb squashme: comment that NUM_OS_RANDOM_BYTES should not be changed lightly (Wladimir J. van der Laan)
224e6eb util: Specific GetOSRandom for Linux/FreeBSD/OpenBSD (Wladimir J. van der Laan)
Tree-SHA512: 9fd408b1316c69de86674f342339b2f89192fd317c8c036b5df4320f828fa263c7966146bfc1904c51137ee4a26e4cb0f560b2cd05e18cde4d808b9b92ad15c4
Prior to this commit pindexRescan was initialized to a chainActive.Tip().
However, the value of pindexRescan set at time of initialization was never
read before pindexRescan was being set to either chainActive.Genesis()
(case 1), FindForkInGlobalIndex(chainActive, locator) (case 2) or
chainActive.Genesis() (case 3). Thus, the initialization was redundant.
This commit a.) removes the redundant initialization and b.) simplifies
this logic so that pindexRescan is initialized to chainActive.Genesis()
(case 1 and 3), and set to FindForkInGlobalIndex(chainActive, locator)
(case 2) as needed.
19cafc6 test: Replace remaining sprintf with snprintf (Wladimir J. van der Laan)
0a17714 uint256: replace sprintf with HexStr and reverse-iterator (Wladimir J. van der Laan)
Tree-SHA512: 2ba1dd4d25e1cbfff4d67b2f483448aa7c34ab5c799cddd48ba5826e5fa6df425abe35e244aaf4c52db9fccfb4d2a25a14bb4597bf9d1fce95991f270da6bb26
83ac719 Change bitcoin address in RPC helpaddress to an invalid address, so people don't accidentally send coins there (like I did). (Marijn Stollenga)
Tree-SHA512: ca1163466a149d567b97efbfcfa8fdfe2d474245b4dd5a1a92555b4e87f8e99df5fee4cd79ef1ce6a98db2337846af78f37c2e6b31d02008b11fa0e151ce6590
This removes the option from the wallet to not pay a fee on "small"
transactions which spend "old" inputs.
This code is no longer worth keeping around, as almost all miners
prefer not to include transactions which pay no fee at all.
Use of `sprintf` is seen as a red flag as many of its uses are insecure.
OpenBSD warns about it while compiling, and some modern platforms, e.g.
[cloudlibc from cloudabi](https://github.com/NuxiNL/cloudlibc) don't
even provide it anymore.
Although our uses of these functions are secure, it can't hurt to
replace them anyway. There are only 3 occurences left, all in the
tests.
- Change initializeResult(int) to initializeResult(bool) to avoid
implicit type conversion.
- Use EXIT_FAILURE and EXIT_SUCCESS instead of magic numbers.
- Remove the argument from shutdownResult(int); it was called with a
constant argument.
Warnings introduced by commit e2e2f4c "Return errors from importmulti if
complete rescans are not successful" and reported by Pavel Janík
<Pavel@Janik.cz> in https://github.com/bitcoin/bitcoin/pull/9773 and
https://github.com/bitcoin/bitcoin/pull/9827
wallet/test/wallet_tests.cpp: In member function ‘void wallet_tests::rescan::test_method()’:
wallet/test/wallet_tests.cpp:377:17: warning: declaration of ‘wallet’ shadows a global declaration [-Wshadow]
CWallet wallet;
An effort to reduce the size of AppInitMain().
The removed code upgrades the location of the block files when
upgrading to 0.8. 0.8 seems to be the oldest version still in use.
If the code was compiled with newer (>=3.17) kernel headers but executed
on a system without the system call, every use of random would crash the
program. Add a fallback for that case.
Move the OS random test to a sanity check function that is called every
time bitcoind is initialized.
Keep `src/test/random_tests.cpp` for the case that later random tests
are added, and keep a rudimentary test that just calls the sanity check.
These are available in sandboxes without access to files or
devices. Also [they are safer and more straightforward](https://en.wikipedia.org/wiki/Entropy-supplying_system_calls)
to use than `/dev/urandom` as reading from a file has quite a few edge
cases:
- Linux: `getrandom(buf, buflen, 0)`. [getrandom(2)](http://man7.org/linux/man-pages/man2/getrandom.2.html)
was introduced in version 3.17 of the Linux kernel.
- OpenBSD: `getentropy(buf, buflen)`. The [getentropy(2)](http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2)
function appeared in OpenBSD 5.6.
- FreeBSD and NetBSD: `sysctl(KERN_ARND)`. Not sure when this was added
but it has existed for quite a while.
Alternatives:
- Linux has sysctl `CTL_KERN` / `KERN_RANDOM` / `RANDOM_UUID`
which gives 16 bytes of randomness. This may be available
on older kernels, however [sysctl is deprecated on Linux](https://lwn.net/Articles/605392/)
and even removed in some distros so we shouldn't use it.
Add tests for `GetOSRand()`:
- Test that no error happens (otherwise `RandFailure()` which aborts)
- Test that all 32 bytes are overwritten (initialize with zeros, try multiple times)
Discussion:
- When to use these? Currently they are always used when available.
Another option would be to use them only when `/dev/urandom` is not
available. But this would mean these code paths receive less testing,
and I'm not sure there is any reason to prefer `/dev/urandom`.
Closes: #9676
3ddfe29 netbase: Do not print an error on connection timeouts through proxy (Wladimir J. van der Laan)
13f6085 netbase: Make InterruptibleRecv return an error code instead of bool (Wladimir J. van der Laan)
f6d18f5 Qt/Intro: Explain a bit more what will happen first time (Luke Dashjr)
50c5657 Qt/Intro: Storage shouldn't grow significantly with pruning enabled (Luke Dashjr)
9adb694 Qt/Intro: Move sizeWarningLabel text into C++ code (Luke Dashjr)
* Extends -dns parameter (via fNameLookup) to control these two new
parameters in addition to -addnode, -connect, and -seednode
* Moves fNameLookup assignment earlier as needed
* Changes -proxy and -onion to use Lookup() instead of LookupNumeric()
Remove "nLowestTimestamp <= chainActive.Tip()->GetBlockTimeMax()" check from
importmulti, which is always true because nLowestTimestamp is set to the
minimum of the most recent block time and all the imported key timestamps,
which is necessarily lower than the maximum block time.
e662af3 Use 2 hour grace period for key timestamps in importmulti rescans (Russell Yanofsky)
38d3e9e [qa] Extend import-rescan.py to test imports on pruned nodes. (Russell Yanofsky)
c28583d [qa] Extend import-rescan.py to test specific key timestamps (Russell Yanofsky)
8be0866 [qa] Simplify import-rescan.py (Russell Yanofsky)
- If the -maxsigcachesize parameter is set to zero, setup a minimum sized
sigcache (2 elements) rather than segfaulting.
- Handle maxsigcachesize being negative
- Handle maxsigcachesize being too large
A new AssertLockHeld(cs_wallet) call was added in commit a58370e
"Dedup nTimeFirstKey update logic" (part of PR #9108).
The lock held assertion will fail when loading prexisting wallets files from
before the #9108 merge that have watch-only keys.
Fixes a bug in AcceptBlock() in invoking CheckBlock() with incorrect
arguments, and restores a call to CheckBlock() from ProcessNewBlock()
as belt-and-suspenders.
Updates the (overspecified) tests to match behavior.
Because it is used inconsistently at least version 5.4.0 of g++ to
complains about methods that don't use override. There is two ways to go
about this: remove override from the methods having it, or add it to the
methods missing it. I chose the second.
d943491 qa: add a test to detect leaky p2p messages (Cory Fields)
8650bbb qa: Expose on-connection to mininode listeners (Matt Corallo)
5b5e4f8 qa: mininode learns when a socket connects, not its first action (Matt Corallo)
cbfc5a6 net: require a verack before responding to anything else (Cory Fields)
8502e7a net: parse reject earlier (Cory Fields)
c45b9fb net: correctly ban before the handshake is complete (Cory Fields)
66f861a Add a test for P2P inactivity timeouts (Matt Corallo)
b436f92 qa: Expose on-connection to mininode listeners (Matt Corallo)
8aaba7a qa: mininode learns when a socket connects, not its first action (Matt Corallo)
2cbd119 Disconnect peers which we do not receive VERACKs from within 60 sec (Matt Corallo)
266a811 Use MTP for importmulti "now" timestamps (Russell Yanofsky)
3cf9917 Add test to check new importmulti "now" value (Russell Yanofsky)
442887f Require timestamps for importmulti keys (Russell Yanofsky)
7179e7c qt: Periodic translations update (Wladimir J. van der Laan)
5e903a5 devtools: Handle Qt formatting characters edge-case in update-translations.py (Wladimir J. van der Laan)
7a8c251901 made this logic hard to follow. After that change, messages would
not be sent to a peer via SendMessages() before the handshake was complete, but
messages could still be sent as a response to an incoming message.
For example, if a peer had not yet sent a verack, we wouldn't notify it about
new blocks, but we would respond to a PING with a PONG.
This change makes the behavior straightforward: until we've received a verack,
never send any message other than version/verack/reject.
The behavior until a VERACK is received has always been undefined, this change
just tightens our policy.
This also makes testing much easier, because we can now connect but not send
version/verack, and anything sent to us is an error.
Prior to this change, all messages were ignored until a VERSION message was
received, as well as possibly incurring a ban score.
Since REJECT messages can be sent at any time (including as a response to a bad
VERSION message), make sure to always parse them.
Moving this parsing up keeps it from being caught in the
if (pfrom->nVersion == 0) check below.
7a8c251901 made a change to avoid getting into SendMessages() until the
version handshake (VERSION + VERACK) is complete. That was done to avoid
leaking out messages to nodes who could connect, but never bothered sending
us their version/verack.
Unfortunately, the ban tally and possible disconnect are done as part of
SendMessages(). So after 7a8c251901, if a peer managed to do something
bannable before completing the handshake (say send 100 non-version messages
before their version), they wouldn't actually end up getting
disconnected/banned. That's fixed here by checking the banscore as part of
ProcessMessages() in addition to SendMessages().
a60677e Pre-0.14.0 hardcoded seeds update (Wladimir J. van der Laan)
bfa9393 contrib/seeds: Update PATTERN_AGENT (Wladimir J. van der Laan)
4dfac2c Update seeds tooling to Python 3 (Wladimir J. van der Laan)
When importing a watch-only address over importmulti with a specific timestamp,
the wallet's nTimeFirstKey is currently set to 1. After this change, the
provided timestamp will be used and stored as metadata associated with
watch-only key. This can improve wallet performance because it can avoid the
need to scan the entire blockchain for watch only addresses when timestamps are
provided.
Also adds timestamp to validateaddress return value (needed for tests).
Fixes#9034.
Additionally, accept a "now" timestamp, to allow avoiding rescans for keys
which are known never to have been used.
Note that the behavior when "now" is specified is slightly different than the
previous behavior when no timestamp was specified at all. Previously, when no
timestamp was specified, it would avoid rescanning during the importmulti call,
but set the key's nCreateTime value to 1, which would not prevent future block
reads in later ScanForWalletTransactions calls. With this change, passing a
"now" timestamp will set the key's nCreateTime to the current block time
instead of 1.
Fixes#9491
These are (afaik) all long-standing races or concurrent accesses. Going
forward, we can clean these up so that they're not all individual atomic
accesses.
- Reintroduce cs_vRecv to guard receive-specific vars
- Lock vRecv/vSend for CNodeStats
- Make some vars atomic.
- Only set the connection time in CNode's constructor so that it doesn't change
Minimum boost version was bumped to 1.47.0 in #8920, which
means the configure step won't even pass with older boost.
This version has boost filesystem v3, which means the
(crappy) fallbacks for older versions can go.
If a timeout happens while reading the proxy response, this effectively
means we timed out while connecting to the remote node. This is very
common for Tor, so do not print an error message.
a9baa6d Bugfix: Qt/Intro: Pruned nodes never require *more* space (Luke Dashjr)
93ffba7 Bugfix: Qt/Intro: Chain state needs to be stored even with the full blockchain (Luke Dashjr)
c8cee26 Qt/Intro: Update block chain size (Luke Dashjr)
618ee92 Further-enforce lockordering by enforcing directly after TRY_LOCKs (Matt Corallo)
2a962d4 Fixup style a bit by moving { to the same line as if statements (Matt Corallo)
8465631 Always enforce lock strict lock ordering (try or not) (Matt Corallo)
fd13eca Lock cs_vSend and cs_inventory in a consistent order even in TRY (Matt Corallo)
The initialization order of global data structures in different
implementation units is undefined. Making use of this is essentially
gambling on what the linker does, the so-called [Static initialization
order fiasco](https://isocpp.org/wiki/faq/ctors#static-init-order).
In this case it apparently worked on Linux but failed on OpenBSD and
FreeBSD.
To create it on first use, make the registration structure local to
a function.
Fixes#8910.