git keeps changing the number of digits in abbreviated hashes, resulting in the GitHub archive hash changing because we include it here.
To workaround this and avoid hashes that become increasingly ambiguous later on, just include the full commit hash when building from git.
This has no effect on tagged releases.
f455a24 [net] add seed.testnet.bitcoin.sprovoost.nl to testnet DNS seeds (Sjors Provoost)
Pull request description:
I tested it myself by:
* `dig seed.testnet.bitcoin.sprovoost.nl` (should have propagated by now, but if you only see two records with `A 66.111... ` try again later)
* deleting the other seeds and all data in `.../testnet3`, recompiling and then starting the node. Log shows `21 addresses found from DNS seeds`.
ACK https://github.com/bitcoin/bitcoin/blob/master/doc/dnsseed-policy.md
I'm willing to keep it up and running at least throughout 2018, unless something bad happens.
About my setup:
* Amazon EC2 instance in Europe, running Ubuntu 16.04; I use this instance for some other chores, but only port 53 is world reachable (for mainnet I'd probably run a dedicated instance, and perhaps a location I have physical control over)
* running [sipa/bitcoin-seeder](https://github.com/sipa/bitcoin-seeder) with default settings (and the non-root port redirect)
* feedback about my domain / DNS setup is welcome, I can provide more details via private email
I can use guidance on _Any hosting services contracted by the operator are equally expected to uphold these expectations_. Although I assume the requirements for testnet are less strict than for mainnet, in case I want to pursue the latter in the future: what unpleasant things can Amazon, my domain registrar and other intermediaries do? How would I mitigate that?
Also note that The Netherlands passed some pretty onerous legislation creating uncertainty over what the secret service can compel people like myself to do. However these laws won't take effect before mid 2018, there's probably more interesting targets than myself to go after, and it's easier for them to just monitor all unencrypted P2P traffic everywhere, or monitor some intermediary I depend on.
Any good tools for monitoring uptime?
Tree-SHA512: 386fe688e5006ab8352d93ab3954fc07dc566876ae002891baa51acfaa5bb113f51b1f5ca08c7394a530b10a2f5008c56d57153af3ed07544a305586dda06b97
2862b56 [tests] remove redundant univalue_tests.cpp (John Newbery)
Pull request description:
univalue unit tests were added in #4730 , and exist at `/src/test/univalue_tests.cpp` (outside the univalue tree). That test was brought into the univalue repository in https://github.com/bitcoin-core/univalue/pull/4 , which was pulled into the github repository in https://github.com/bitcoin/bitcoin/pull/11420.
That means that the univalue test exists in two places:
1. `/src/test/univalue_tests.cpp`
2. `/src/univalue/test/object.cpp`
(2) is a strict superset of (1). It adds some macros to work around boost not being a univalue dependency, and adds a few extra lines of test.
Therefore remove `/src/test/univalue_tests.cpp`
Tree-SHA512: 3747b10bbf62e9f12363905488b29945ad559ddca68c5c03d8a362de612a51f408f41a04d3712c6889bfc1632fb1a5fa0d7df0fbf02c322b3981a6d698f501b0
88411e9 Squashed 'src/univalue/' changes from fe805ea74f..07947ff2da (MarcoFalke)
Pull request description:
Pulls in the test changes to the univalue subtree.
Beside looking at the code, reviewers should refer to https://github.com/bitcoin/bitcoin/blob/master/contrib/devtools/README.md#git-subtree-checksh on how to verify the subtree pull.
Tree-SHA512: 09493625a573dca1140570326ee90c1bb84e4893e1dab2cdd51bc23ae1fba1e33c43ed771ca9e112ac71b0242e8a8d058071334562c738d502587eadd5a0f114
0.15.0 introduced a new feeest file format, and support for parsing
old versions was never fully added. We now simply fail to read the
old format, so remove the dead partial-implementation.
3a3a9f9 Ignore old format estimation file (Murch)
Pull request description:
The fee estimation data format changed from 0.14.x to 0.15.0, so we should no longer read the old data. H/T @jnewbery, @morcos
Pending testing.
Tree-SHA512: c8e3824dbdd8f6730133d5ad20b00995e9a63ab54431158a91e2f4d2aba5763b8aa698bce1fffca2713ba3a162e23d8fcd6e3efb9847b015c2e1e8725398150b
ecf9b25 remove unused fNoncriticalErrors variable from CWalletDB::FindWalletTx (Pierre Rochard)
Pull request description:
The `CWalletDB::FindWalletTx` method was patterned after `CWalletDB::LoadWallet`, where `fNoncriticalErrors` is used when a tx check fails in `ReadKeyValue`.
Since `FindWalletTx` is only used by methods which are zapping txs, it makes sense that `ReadKeyValue` is not called and the tx is not checked, so I think that deleting the unused `fNoncriticalErrors` boolean variable and its conditional statement is appropriate.
Tree-SHA512: 0976eae97522719fdaeca1fb3f4a080561e46c06d0b8dc75e14262c6bc242998db3f7057183a230a1d7e4ac5fc348e9059f545b7d718ebbcdf6dcdfc63bcc286
12781db [Tests] check specific validation error in miner tests (Sjors Provoost)
Pull request description:
## Problem
`BOOST_CHECK_THROW` merely checks that some `std::runtime_error` is
thrown, but not which one.
Here's an example of how this can cause a test to pass when a developer
introduces a consensus bug. The test for the sigops limit assumes
that `CreateNewBlock` fails with `bad-blk-sigops`. However it can
also fail with bad-txns-vout-negative, if a naive developer lowers
`BLOCKSUBSIDY` to `1*COIN`.
## Solution
`BOOST_CHECK_EXCEPTION` allows an additional predicate function. This
commit uses this for all exceptions that are checked for in
`miner_tets.cpp`:
* `bad-blk-sigops`
* `bad-cb-multiple`
* `bad-txns-inputs-missingorspent`
* `block-validation-failed`
If the function throws a different error, the test will fail. Although the message produced by Boost is a bit [confusing](http://boost.2283326.n4.nabble.com/Test-BOOST-CHECK-EXCEPTION-error-message-still-vague-tt4683257.html#a4683554), it does show which error was actually thrown. Here's what the above `1*COIN` bug would result in:
<img width="1134" alt="schermafbeelding 2017-09-02 om 23 42 29" src="https://user-images.githubusercontent.com/10217/29998976-815cabce-9038-11e7-9c46-f5f6cfb0ca7d.png">
## Other considerations
A more elegant solution in my opinion would be to subclass `std::runtime_error` for each `INVALID_TRANSACTION` type, but this would involve touching consensus code.
I put the predicates in `test_bitcoin.h` because I assume they can be reused in other test files. However [serialize_tests.cpp](https://github.com/bitcoin/bitcoin/blob/v0.15.0rc3/src/test/serialize_tests.cpp#L245) also uses `BOOST_CHECK_EXCEPTION` and it defines the predicate in the test file itself.
Instead of four `IsRejectInvalidReasonX(std::runtime_error const& e)` functions, I'd prefer something reusable like `bool IsRejectInvalidReason(String reason)(std::runtime_error const& e)`, which would be used like `BOOST_CHECK_EXCEPTION(functionThatThrows(), std::runtime_error, IsRejectInvalidReason("bad-blk-sigops")`. I couldn't figure out how to do that in C++.
Tree-SHA512: e364f19b4ac19f910f6e8d6533357f57ccddcbd9d53dcfaf923d424d2b9711446d6f36da193208b35788ca21863eadaa7becd9ad890334d334bccf8c2e63dee1
6f39ac0 Add test for decoderawtransaction bool (MeshCollider)
bbdbe80 Add iswitness parameter to decode- and fundrawtransaction RPCs (MeshCollider)
Pull request description:
Suggested in https://github.com/bitcoin/bitcoin/pull/10481#issuecomment-325244946, this adds the option to explicitly choose whether a serialized transaction should be decoded as a witness or non-witness transaction rather than relying on the heuristic checks in #10481. The parameter defaults to relying on #10481 if not included, but it overrides that if included.
Tree-SHA512: d4846a5bb7d64dc19c516445488b00af329fc1f4181d9dfdf9f2382a086568edc98250a4ac7594e24a1bc231dfdee53c699b12c8380c355b920a67cc6770b7a9
c79d73d Clarify getbalance meaning a tiny bit in response to questions. (Matt Corallo)
Pull request description:
Someone was asking why getbalance "*" was more "correct" than getbalance, which should rarely be true...spendzeroconfchange was the issue.
Tree-SHA512: 90201cad1acec5161aee469fb4c6d737a0eb90f8380ac93abf0e41e0f02d120afcc3e2e873e5096d3655bb63bbd16fe99e72452f308d72e69139c7f6bb2d745e
57ac471 Call BannedListChanged outside of cs_setBanned lock (Jonas Schnelli)
c853812 Update ban-state in case of dirty-state during periodic sweep (Jonas Schnelli)
Pull request description:
We do currently not update the UI during periodic ban list sweeps (via dump banlist).
Fixes#11612
Tree-SHA512: bffbdcc03c63042177bdd511b0a9187c211c2b5011178481e8ee3e43a71eef1e4cd6b72f73672babab142b644f62f8b56f0aac1d26d3f19372b1f8644fec9395
99ba0c3 Don't use pass by reference to const for cheaply-copied types (bool, char, etc.). (practicalswift)
Pull request description:
Don't use pass by reference to const for cheaply-copied types (`bool`, `char`, etc.).
Tree-SHA512: ccad5e2695dff0b3d6de3e713ff3448f2981168cdac72d73bee10ad346b9919d8d4d588933369e54657a244b8b222fa0bef919bc56d983e1fa64b2004e51b225
03a5dc9 [wallet] Make CWallet::FundTransaction atomic (João Barbosa)
95d4450 [wallet] Tidy up CWallet::FundTransaction (João Barbosa)
Pull request description:
This PR fixes a race for `setLockedCoins` when `lockUnspents` is true. For instance, it should not be possible to use the same unspent in concurrent `fundrawtransaction` calls.
Now the `cs_main` and `cs_wallet` locks are held during `CreateTransaction` and `LockCoin`(s). Also added some style nits around the change.
Tree-SHA512: ccf383c0c5f6db775655a3e9ccd200c3bd831a83afae2b7c389564c74f7227f5bea86a4775727de2c3603b188f383f8a12d3f9d6d94f7887865c31c94ce95ef6
88af502 test: Add createrawtransaction functional tests (João Barbosa)
27c6199 test: Add multidict to support dictionary with duplicate key (laanwj) (João Barbosa)
320669a rpc: Validate replaceable type in createrawtransaction (João Barbosa)
Pull request description:
This was motivated by the `Invalid parameter, duplicated address` test.
Credit to @laanwj for `multidict` implementation.
Tree-SHA512: a87139ae11004b73b467db1e8a072b75e23a0622b173a5668eed383b3575d8abc709817ddd2dfdc53f55afc90750fb61331199ad5de38c1ef6d482f2bc220f74
fbf327b Minimal code changes to allow msvc compilation. (Aaron Clauson)
Pull request description:
These changes are required to allow the Bitcoin source to build with Microsoft's C++ compiler (#11562 is also required).
I looked around for a better place for the typedef of ssize_t which is in random.h. The best candidate looks like src/compat.h but I figured including that header in random.h is a bigger change than the typedef. Note that the same typedef is in at least two other places including the OpenSSL and Berkeley DB headers so some of the Bitcoin code already picks it up.
Tree-SHA512: aa6cc6283015e08ab074641f9abdc116c4dc58574dc90f75e7a5af4cc82946d3052370e5cbe855fb6180c00f8dc66997d3724ff0412e4b7417e51b6602154825
3830b6e net: use CreateSocket for binds (Cory Fields)
df3bcf8 net: pass socket closing responsibility up to caller for outgoing connections (Cory Fields)
9e3b2f5 net: Move IsSelectableSocket check into socket creation (Cory Fields)
1729c29 net: split socket creation out of connection (Cory Fields)
Pull request description:
Requirement for #11227.
We'll need to create sockets and perform the actual connect in separate steps, so break them up.
#11227 adds an RAII wrapper around connection attempts, as a belt-and-suspenders in case a CloseSocket is missed.
Tree-SHA512: de675bb718cc56d68893c303b8057ca062c7431eaa17ae7c4829caed119fa3f15b404d8f52aca22a6bca6e73a26fb79e898b335d090ab015bf6456cf417fc694
We use select in ConnectSocketDirectly, so this check needs to happen before
that.
IsSelectableSocket will not be relevant after upcoming changes to remove select.
9c8eca7 Split up key and script metadata for better type safety (Russell Yanofsky)
Pull request description:
Suggested by @TheBlueMatt
https://github.com/bitcoin/bitcoin/pull/11403#discussion_r155599383
Combining the maps was probably never a good arrangement but is more
problematic now in presence of WitnessV0ScriptHash and WitnessV0KeyHash types.
Tree-SHA512: 9263e9c01090fb49221e91d88a88241a9691dda3e92d86041c8e284306a64d3af5e2438249f9dcc3e6e4a5c11c1a89f975a86d55690adf95bf2636f15f99f92a
a720b92 Remove includes in .cpp files for things the corresponding .h file already included (practicalswift)
Pull request description:
Remove includes in .cpp files for things the corresponding .h file already included.
Example case:
* `addrdb.cpp` includes `addrdb.h` and `fs.h`
* `addrdb.h` includes `fs.h`
Then remove the direct inclusion of `fs.h` in `addrman.cpp` and rely on the indirect inclusion of `fs.h` via the included `addrdb.h`.
In line with the header include guideline (see #10575).
Tree-SHA512: 8704b9de3011a4c234db336a39f7d2c139e741cf0f7aef08a5d3e05197e1e18286b863fdab25ae9638af4ff86b3d52e5cab9eed66bfa2476063aa5c79f9b0346
22fddde Avoid calling GetSerializeSize on each tx in a block if !fTxIndex (Matt Corallo)
2862aca Move some additional variables into CChainState private (Matt Corallo)
fd4d80a Create initial CChainState to hold chain state information (Matt Corallo)
e104f0f Move block writing out of AcceptBlock (Matt Corallo)
50701ba Move txindex/undo data disk location stuff out of ConnectBlock (Matt Corallo)
93a34cf Make DisconnectBlock unaware of where undo data resides on disk (Matt Corallo)
Pull request description:
CChainState should eventually, essentially, be our exposed "libconsensus", but we're probably a few releases away, so the real goal is to clarify our internal interfaces. The main split was a big step, but validation.cpp is still a somewhat ranomly-mixed bag of functions that are pure functions which validate inputs (which should probably either merge with their callers or move into another file in consensus/), read/write data from disk, manipulate our current chain state (which moves into CChainState), and do mempool transaction validation.
Obviously this is only a small step, but some effort is made to clean up what functions the functions in CChainState call, and obviously as things are added its easy to keep clear "CChainState::* cannot call anything except via callbacks through CValidationInterface, pure functions, or disk read/write things". Right now there are some glaring violations in mempool callbacks, and general flushing logic needs cleaning up (FlushStateToDisk maybe shouldnt be called, and there should be an API towards setDirtyBlockIndex, but I'll leave that for after @sipa's current changesets land).
Tree-SHA512: 69b8ec191b36b19c9492b4dee74c8057621fb6ec98ad219e8da0b2ed5c3ad711b10b5af9ff1117e8807ccf88918eeeab573be8448baecc9a59f099c53095985b
07c4838 Always return true if AppInitMain got to the end (Matt Corallo)
Pull request description:
This should fix a rare zapwallettxes failure on travis, but also
avoids having init operations (re-adding wallet transactions to
mempool) running after RPC is free'd.
I believe this was the failure at https://travis-ci.org/bitcoin/bitcoin/jobs/311747844 (from #11605).
Tree-SHA512: f0fea8c1b9265e2eeda57043d541380a3e58e4d9388fa24628a52fd56324257fcd7df0ca02e8f77f66fadd68d951893bab0f610ed9fd0a89b2ccd6bad1efa351
01013f5 Simplify tx validation tests (Pieter Wuille)
2dd6f80 Add a test that all flags are softforks (Pieter Wuille)
2851b77 Make all script verification flags softforks (Pieter Wuille)
Pull request description:
This change makes `SCRIPT_VERIFY_UPGRADABLE_NOPS` not apply to `OP_CHECKLOCKTIMEVERIFY` and `OP_CHECKSEQUENCEVERIFY`. This is a no-op as `UPGRADABLE_NOPS` is only set for mempool transactions, and those always have `SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY` and `SCRIPT_VERIFY_CHECKSEQUENCEVERIFY` set as well. The advantage is that setting more flags now always results in a reduction in acceptable scripts (=softfork).
This results in a nice and testable property for validation, for which a new test is added.
This also means that the introduction of a new definition for a NOP or witness version will likely need the following procedure (example OP_NOP8 here)
* Remove OP_NOP8 from being affected by `SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS`.
* Add a `SCRIPT_VERIFY_DISCOURAGE_NOP8`, which only applies to `OP_NOP8`.
* Add a `SCRIPT_VERIFY_NOP8` which implements the new consensus logic.
* Before activation, add `SCRIPT_VERIFY_DISCOURAGE_NOP8` to the mempool flags.
* After activation, add `SCRIPT_VERIFY_NOP8` to both the mempool and consensus flags.
Tree-SHA512: d3b4538986ecf646aac9dba13a8d89318baf9e308e258547ca3b99e7c0509747f323edac6b1fea4e87e7d3c01b71193794b41679ae4f86f6e11ed6be3fd62c72
a3f5657 Add test cases covering the relevant key length boundaries: 64 bytes +/- 1 byte for HMAC-SHA256 and 128 bytes +/- 1 byte for HMAC-SHA512 (practicalswift)
Pull request description:
* Add test cases covering the relevant key length boundaries: 64 bytes +/- 1 byte for HMAC-SHA256 and 128 bytes +/- 1 byte for HMAC-SHA512.
* ~~Avoid creating a one-past-the-end pointer in the case of key length 64 (HMAC-SHA256) and key length 128 (HMAC-SHA512).~~
* ~~Avoid performing a noop memset call (zero length argument) in the case of key length 64 (HMAC-SHA256) and key length 128 (HMAC-SHA512).~~
Tree-SHA512: 48ff9ab79d41aab97b5b8f6496cc08a39955a07eb424f74ada6440d3b168b6204d3527fa677e175c47e40142f9d62c7456ae162e5a2f5b557e90fb353beef1d0
be9f38c Do not make it trivial for inbound peers to generate log entries (Matt Corallo)
Pull request description:
Based on #11580 because I'm lazy.
We should generally avoid writing to debug.log unconditionally for
inbound peers which misbehave (the peer being about to be banned
being an exception, since they cannot do this twice).
Tree-SHA512: 8e59c8d08d00b1527951b30f4842d010a4c2fc440503ade112baa2c1b9afd0e0d1c5c2df83dde25183a242af45089cf9b9f873b71796771232ffb6c5fc6cc0cc
6697a70 add test for unconfirmed balance between restarts (Gregory Sanders)
6ba8f30 don't attempt mempool entry for wallet transactions on startup if already in mempool (Gregory Sanders)
Pull request description:
…eady in mempool
Mempool loads first, wallet second. Second attempt fails, marking that transaction !fInMempool. Those funds will disappear until confirmation is reached.
Tree-SHA512: 955f0565ec1dc1ba395e0b803a98c07b7cd00c8cac5ec618ed832fed259a856fb7bbbe41310cf6a4e43c0435e09b156109d2a4467d403811dc8379d2caebeede
de74c62 [Doc] Update bip.md, add support for BIP 159 (Jonas Schnelli)
e054d0e [QA] Add node_network_limited test (Jonas Schnelli)
bd09416 Avoid leaking the prune height through getdata (fingerprinting countermeasure) (Jonas Schnelli)
27df193 Always set NODE_NETWORK_LIMITED bit (Jonas Schnelli)
7caba38 Add NODE_NETWORK_LIMITED flags and min block amount constants (Jonas Schnelli)
Pull request description:
Extracted from #10387.
Does implement BIP159, but only the signalling part. No connections are made to NODE_NETWORK_LIMITED in this PR.
The address relay and connection work (the more complicated part) can then be separated (probably in #10387).
Tree-SHA512: e3218eb4789a9320b0f42dc10f62d30c13c49bdef00443fbe653bee22933477adcfc1cf8f6a95269324560b5721203ed41f3c5e2dd8a98ec2791f6a9d8346b1a
f05d349 gui: Fix proxy setting options dialog crash (Wladimir J. van der Laan)
Pull request description:
This fixes a crash bug when opening the options dialog.
- Check the return value of split() to avoid segmentation faults due to out of bounds when the user manages to enter invalid proxy settings. This is reported resonably often.
- Move the default proxy/port to a constant instead of hardcoding magic values.
- Factor out some common code.
- Revert #11448 because this proves a more robust replacement, it is no longer necessary and didn't generally solve the issue.
No attempt is made to do full sanity checking on the proxy, so it can still be rejected by the core with an InitError message.
Tree-SHA512: 72b700b7d6c4d3e3410f0c60e9e4facf93d7c6c1a1b6b23957c48b074a045970f518166952859d1ebca8620062cb70d222670a7310bbd6fe50550ec6d04417b5
fa4c16d qa: Add getrawtransaction in_active_chain=False test (MarcoFalke)
Pull request description:
#10275 accidentally forgot to add a test for `in_active_chain==False`.
This adds a test and also removes the special casing of `blockhash.IsNull()`, which makes no sense imo.
Tree-SHA512: 6c51295820b3dcd53b0b48020ab2b8c8f5864cd5061ddab2b35d35d643eb3e60ef95ff20c06c985a2e47f7080e82f27f3e00ee61c85dce627776d5ea6febee8f
This fixes a crash bug when opening the options dialog.
- Check the return value of split() to avoid segmentation faults due to
out of bounds when the user manages to enter invalid proxy settings.
This is reported resonably often.
- Move the default proxy/port to a constant instead of hardcoding magic
values.
- Factor out some common code.
- Revert #11448 because this proves a more robust replacement, it is no
longer necessary and didn't generally solve the issue.
No attempt is made to do full sanity checking on the proxy, so it can
still be rejected by the core with an InitError message.
529b866 Test datadir in conf file exists (MeshCollider)
Pull request description:
Provoked by Nick ODell's discovery here: https://bitcoin.stackexchange.com/questions/64189/when-running-bitcoind-i-keep-getting-boostfilesystemspace-operation-not-p/64210#64210
If a custom data directory is specified using `-datadir` argument, its existence is checked before the conf file is loaded. But if the conf file then specifies a different non-existent `datadir`, that isn't tested, and results in esoteric errors like:
EXCEPTION: N5boost10filesystem16filesystem_errorE
boost::filesystem::space: Operation not permitted
This just adds a check for the datadir existence at the end of `ReadConfigFile()`
Tree-SHA512: e488618c40aa356263f94040ae00aa4be98038abef66e8674b01032d22a5553a7fafcb8fe2d1f095865b39fb138c07b7a94415a00ef837573f92f95af065f712
434526a [test] Add tests for getrawtransaction with block hash. (Karl-Johan Alm)
b167951 [rpc] Allow getrawtransaction to take optional blockhash to fetch transaction from a block directly. (Karl-Johan Alm)
a5f5a2c [rpc] Fix fVerbose parsing (remove excess if cases). (Karl-Johan Alm)
Pull request description:
[Reviewer hint: use [?w=1](https://github.com/bitcoin/bitcoin/pull/10275/files?w=1) to avoid seeing a bunch of indentation changes.]
Presuming a user knows the block hash of the block containing a given transaction, this PR allows them to fetch the raw transaction, even without `-txindex`. It also enables support for getting transactions that are in orphaned blocks.
Note that supplying a block hash will override mempool and txindex support in `GetTransaction`. The rationale behind this is that a transaction may be in multiple places (orphaned blocks) and if the user supplies an explicit block hash it should be adhered to.
```Bash
$ # a41.. is a tx inside an orphan block ..3c6f.. -- first try getting it normally
$ ./bitcoin-cli getrawtransaction a41e66ee1341aa9fb9475b98cfdc1fe1261faa56c0a49254f33065ec90f7cd79 1
error code: -5
error message:
No such mempool transaction. Use -txindex to enable blockchain transaction queries. Use gettransaction for wallet transactions.
$ # now try with block hash
$ ./bitcoin-cli getrawtransaction a41e66ee1341aa9fb9475b98cfdc1fe1261faa56c0a49254f33065ec90f7cd79 1 0000000000000000003c6fe479122bfa4a9187493937af1734e1e5cd9f198ec7
{
"hex": "01000000014e7e81144e42f6d65550e59b715d470c9301fd7ac189[...]90488ac00000000",
"inMainChain": false,
"txid": "a41e66ee1341aa9fb9475b98cfdc1fe1261faa56c0a49254f33065ec90f7cd79",
"hash": "a41e66ee1341aa9fb9475b98cfdc1fe1261faa56c0a49254f33065ec90f7cd79",
"size": 225,
[...]
}
$ # another tx 6c66... in block 462000
$ ./bitcoin-cli getrawtransaction 6c66b98191e9d6cc671f6817142152ebf6c5cab2ef008397b5a71ac13255a735 1 00000000000000000217f2c12922e321f6d4aa933ce88005a9a493c503054a40
{
"hex": "0200000004d157[...]88acaf0c0700",
"inMainChain": true,
"txid": "6c66b98191e9d6cc671f6817142152ebf6c5cab2ef008397b5a71ac13255a735",
"hash": "6c66b98191e9d6cc671f6817142152ebf6c5cab2ef008397b5a71ac13255a735",
"size": 666,
[...]
}
$
```
Tree-SHA512: 279be3818141edd3cc194a9ee65929331920afb30297ab2d6da07293a2d7311afee5c8b00c6457477d9f1f86e86786a9b56878ea3ee19fa2629b829d042d0cda
This should fix a very rare travis failure in zapwallettxes, but
is also more correct, as you can currently race
ReacceptWalletTransactions with stop RPC calls to get bitcoind to
(IMO) eroneously return a non-0 exit code.
5a7c09a test: Add tests for `-debuglogfile` with subdirs (Anthony Towns)
4158734 doc: Update release notes for `-debuglogfile` (Wladimir J. van der Laan)
2323242 test: Add test for `-debuglogfile` (Wladimir J. van der Laan)
cf5f432 Add `-debuglogfile` option (Wladimir J. van der Laan)
Pull request description:
This patch adds an option to configure the name and/or directory of the debug log file.
The user can specify either a relative path, in which case the path is relative to the (network specific) data directory. They can also specify an absolute path to put the log anywhere else in the file system.
Alternative to #11741 that gets rid of the concept of a "log directory" by specifying the path for the specific kind of log, the debug log. Which happens to be the only kind of log we have at this point*, but a hypothetical new kind of log (say, an audit log) would get a new option. This has more flexibility than specifying a directory which has to contain all of them.
\* excluding `db.log` which is internally generated by the wallet database library, but that one moves along with `-walletdir`.
Tree-SHA512: 4434d0e598dc23504e5c9e67fdbaef56db4f0fd490f9f54fd503e69d4dda9b5b69c539e1794ed841e72161b7b1dc3374d2f1193dd431b057566750e56fd8f24b
b4058ed Fix code constness in CBlockIndex::GetAncestor() overloads (Dan Raviv)
Pull request description:
Make the non-const overload of `CBlockIndex::GetAncestor()` reuse the const overload implementation instead of the other way around. This way, the constness of the const overload implementation is guaranteed. The other way around, it was possible to implement the non-const overload in a way which mutates the object, and since that implementation would be called even for const objects (due to the reuse), we would get undefined behavior.
Tree-SHA512: 545a8639bc52502ea06dbd924e8fabec6274fa69b43e3b8966a7987ce4dae6fb2498f623730fde7ed0e47478941c7f8baa2e76a12018134ff7c14c0dfa25ba3a
680bc2cbb Use range-based for loops (C++11) when looping over map elements (practicalswift)
Pull request description:
Before this commit:
```c++
for (std::map<T1, T2>::iterator x = y.begin(); x != y.end(); ++x) {
T1 z = (*x).first;
…
}
```
After this commit:
```c++
for (auto& x : y) {
T1 z = x.first;
…
}
```
Tree-SHA512: 954b136b7f5e6df09f39248a6b530fd9baa9ab59d7c2c7eb369fd4afbb591b7a52c92ee25f87f1745f47b41d6828b7abfd395b43daf84a55b4e6a3d45015e3a0
e4d0af4 Loop through the bip9 soft fork deployments instead of hard coding (Andrew Chow)
Pull request description:
Instead of hard coding which deployment statistics should be listed in the `getblockchaininfo` output, loop through the available deployments (except testdummy) when displaying their deployment info.
Tree-SHA512: 87e503bcf5e0fd379940d5e53320b9cbb4b47d647c66246d46f47c09a941f135e6ce1e8b75dad441ed4c22c3f41992dfde7717414be1d71c771d4ff8fe0e1936
9b80fc1 Prefix leveldb debug logging (Wladimir J. van der Laan)
Pull request description:
Add leveldb: prefix to leveldb debug logging lines.
leveldb debug messages come in various scary flavors such as:
2017-11-30 08:26:31 leveldb: Recovering log #26
2017-11-30 08:26:31 leveldb: Level-0 table #28: started
2017-11-30 08:26:31 leveldb: Level-0 table #28: 597 bytes OK
2017-11-30 08:26:31 leveldb: Delete type=0 #26
2017-11-30 08:26:31 leveldb: Delete type=3 #24
so it's reasonably important to mark them as coming from leveldb internals and not from consensus validation wallet or such.
This is consistent with the `libevent:` prefix for libevent messages.
(this only affects `-debug=leveldb` or `-debug=1` otherwise you won't see them in the first place)
Tree-SHA512: 074eba00d39c6378b9e14d03aa2c551b4e3fc7bffdd5a1a0ba2498b44bcc77071d47735be09493286056053f0cca625c5cbaad7ad1ddb9d902d30e7cd316d9d2
This patch adds an option to configure the name and/or directory of the
debug log.
The user can specify either a relative path, in which case the path
is relative to the data directory. They can also specify an absolute
path to put the log anywhere else in the file system.
d31e5c1 Fix shutdown in case of errors during initialization (Wladimir J. van der Laan)
Pull request description:
PR #10286 introduced a few steps which are not robust to early shutdown in initialization.
Stumbled upon this with #11781, not sure if there are other scenarios that can trigger it, but it's good to harden against this in any case.
E.g.
```
$ src/bitcoind -debuglogfile=/dfdf
Error: Could not open debug log file /dfdf
Program received signal SIGSEGV, Segmentation fault.
UnregisterValidationInterface (pwalletIn=0x0) at /.../bitcoin/src/validationinterface.cpp:82
82 g_signals.m_internals->BlockChecked.disconnect(boost::bind(&CValidationInterface::BlockChecked, pwalletIn, _1, _2));
(gdb) bt
#0 UnregisterValidationInterface (pwalletIn=0x0) at /.../bitcoin/src/validationinterface.cpp:82
#1 0x00005555555a11fc in Shutdown () at /.../bitcoin/src/init.cpp:196
#2 0x00005555555961cc in AppInit (argc=<optimized out>, argv=<optimized out>) at /.../bitcoin/src/bitcoind.cpp:183
#3 0x0000555555596249 in main (argc=0, argv=0x555555ecf200) at /.../bitcoin/src/bitcoind.cpp:19
```
Tree-SHA512: 7dd9570a9803514a17781bfadf1edde47e96df4e852cce2f423cab422e005fb94d44e777af1a6ea5167b04a4d889e848ae7a61a7e0e94232247ddea32ee70fc8
c60c49b Improve help text and behavior of RPC-logging (Akio Nakamura)
Pull request description:
1. It is allowed `libevent` logging to be updated during runtime,
but still described that restriction in the help text.
So we delete these text.
2. Add a descrption about the evaluation order of `<include>` and
`<exclude>` to clarify how debug loggig categories to be set.
3. Add a description about the available logging category `"all"`
which is not explained.
4. Add `"optional"` to the help text of `<include>` and `<exclude>`.
5. Add missing new lines before `"Argument:"`.
6. `"0"`,`"1"` are allowed in both array of `<include>` and `<exclude>`.
`"0"` is **ignored** and `"1"` is treated **same as** `"all"`.
It is confusing, so forbid them.
7. It always returns all logging categories with status.
Fix the help text to match this behavior.
Tree-SHA512: c2142da1a9bf714af8ebc38ac0d82394e2073fc0bd56f136372e3db7b2af3b6746f8d6b0241fe66c1698c208c124deb076be83f07dec0d0a180ad150593af415
Add leveldb: prefix to leveldb debug logging lines.
leveldb debug messages come in various scary flavors such as:
2017-11-30 08:26:31 leveldb: Recovering log #26
2017-11-30 08:26:31 leveldb: Level-0 table #28: started
2017-11-30 08:26:31 leveldb: Level-0 table #28: 597 bytes OK
2017-11-30 08:26:31 leveldb: Delete type=0 #26
2017-11-30 08:26:31 leveldb: Delete type=3 #24
so it's reasonably important to mark them as coming from leveldb
internals and not from consensus validation wallet or such.
(this only affects `-debug=leveldb` or `-debug=1` otherwise you won't
see them in the first place)
8b2c733 clarify abortrescan rpc use (Gregory Sanders)
Pull request description:
`-rescan` during startup doesn't apply since RPC has not warmed up by that point
Tree-SHA512: 0b6738ed9429ca41edbfa23bb3e2da23bb16fed9e55c1803ab140b2efc49ef3295bb8b7eeb8c24df94204c5b3fb25d0d57cbc8d1be11856a5763c9fde71bceba
9d811dc Document partial validation in ConnectBlock() (Suhas Daftuar)
Pull request description:
`ConnectBlock()` relies on validation that happens in `ContextualCheckBlock()` and
`ContextualCheckBlockHeader()`. This has implications for implementing consensus
changes and handling software upgrade to ensure that nodes upgrading their
software end up enforcing all the consensus rules.
Tree-SHA512: 36a252af2221b0e5d5d6f8d5f8b16f8b566ca0db2d56242130a5523302c8757599ac234594a6a946c1689b260d18a32c2c7f8c3831304e78b9832e2ce5ac435a
e1a8ec5 Fix: Open files read only if requested (Andras Elso)
Tree-SHA512: 047951bf3fa1272764596d2efed0a541105a6d3057789ba4218cd1bbce8a802cab0feac0ed3d28f6eab6b2e54e294d46f729dd0162d6d209e319d716c0567352
PR #10286 introduced a few steps which are not robust to early shutdown
in initialization.
Stumbled upon this with #11781, not sure if there are other scenarios
that can trigger it, but it's harden against this in any case.
abbd230 Move RPC registration out of AppInitParameterInteraction (Russell Yanofsky)
Pull request description:
Move to AppInitServers. This doesn't have any effects on bitcoin behavior. It was just strange to have this unrelated code in the middle of parameter interaction.
Tree-SHA512: 373e18f2ef8d21999ad36295d69326128a3086044acfc8ed537abd5497c8d3620b9832f7f6aa87c0c0939bb5e0d92be8a3c006b5997e9e6fa20334f5610c89bc
blockchain.cpp has low unit test coverage. This commit is intended
to start improving its code coverage to reasonable levels. One or more
follow up commits will complete the task that this commit is starting
(though the usefulness of this commit is not dependent upon later
commits).
Note that these tests were not written based upon a specification of how
GetDifficulty *should* work, but rather how it actually *does* work. As
a result, if there are any bugs in the current GetDifficulty
implementation, these unit tests serve to lock them in rather than
expose them.
-- Why has blockchain.cpp been modified if this is a unit testing change?
Since the existing GetDifficulty function relies on a global variable,
chainActive, it was not suitable for unit testing purposes. Both the
existing GetDifficulty function and the unit tests now call through to
a new, more modular version of GetDifficulty that can work on any chain,
not just chainActive.
-- Why does blockchain_tests.cpp directly include blockchain.cpp instead
of blockchain.h?
While the new GetDifficulty function's signature is arguably better than
the old one's, it still isn't great, and doesn't seem to warrant inclusion
as part of the blockchain.h API, especially since only test code is
directly using it. If a better way of exposing the new GetDifficulty
function to unit tests exists, please mention it and the commit will be
updated accordingly.
-- Why is the test fixture named blockchain_difficulty_tests rather than
blockchain_tests?
The Bitcoin Core policy for naming unit test files is to match the the
file under test ("blockchain" becomes "blockchain_tests"). While this
commit complies with that, blockchain.cpp is a massive file, such that
having all of the unit tests in one file will tend towards disorder.
Since there will be a lot more tests added to this file, the intention
is to divide up different types of tests into different test fixtures
within the same file.
d9340ce Fix sendrawtransaction hang when sending a tx already in mempool (Matt Corallo)
Pull request description:
I assume this is what #11721 actually hit.
Tree-SHA512: 1da4088bbda64c5527233de9ec4d03f9e0c1eacddb2ed3deab3cb99eac0293ee6fb846830f97b5e10e230307b6d7fd18013043173aa4f27ef171d9da626e2c88
65e91f5ed [tests] Test that mempool rejects coinbase transactions (James O'Beirne)
Pull request description:
![selection_063](https://user-images.githubusercontent.com/73197/32978622-b0fa9d70-cbfa-11e7-9a72-1997409e5ba8.png)
Neither the unit nor functional tests appear to cover rejecting a transaction from acceptance to the mempool on the basis of it being a coinbase. Seems like a decent thing to have a test for.
Tree-SHA512: 53af53c975cad5d7a21c443d71a1c0ced5c70a7799b75bb44d9b7dd6ab2afbcdcaab14571540efeb848f3a1daee5e1dd856530d8f2b50582595219a1c17555ff
ConnectBlock() relies on validation that happens in ContextualCheckBlock() and
ContextualCheckBlockHeader(). This has implications for implementing consensus
changes and handling software upgrade to ensure that nodes upgrading their
software end up enforcing all the consensus rules.
A) The changes in behavior are as follows:
1. Introduce logging category "none" as alias of "0" for
both RPC-logging and bitcoind "-debug" parameter.
2. Same as "0" is given to argument of "-debug",
if "none" or "0" is given to <include>, all other given logging
categories are ignored. The same is true for <exclude>.
(Before this PR, "0" was accepted but just be ignored itself.)
B) The changes in the help text are as follows:
1. Add a descrption about the evaluation order of <include> and
<exclude> to clarify how debug loggig categories to be set.
2. Delete text that describe restriction about libevent because
it's already allowed libevent logging to be updated during runtime.
3. Add a description for category "all", "1", "none" and "0".
4. Add "optional" to the help text of <include> and <exclude>.
5. Add missing new lines before "Argument:".
6. This RPC always returns all logging categories with status.
Fix the help text to match this behavior.
c3055bb Add help-console command to Qt debug console (Luke Mlsna)
Pull request description:
This PR would close issue #9195 by adding documentation for the debug console features (mainly nested commands) which were added in [PR #7783](https://github.com/bitcoin/bitcoin/pull/7783).
The following changes were made to QT debug console code:
- Added a line to the initial message text at the top of the debug console:
> For more information on using this console type **help-console**.
- Added a pseudo-command `help-console` which is hooked after parsing the request, but before actually executing the RPC thread. It prints the following text to the console as if it were a valid RPC response.
> This console accepts RPC commands using the standard syntax.
> example: getblockhash 8
> This console can also accept RPC commands using bracketed syntax.
> example: getblockhash(8)
> A space or a comma can be used to separate arguments for either syntax.
> example: sendtoaddress \<address\> \<amount\>
> sendtoaddress,\<address\>,\<amount\>
> Commands may be nested when specified with the bracketed syntax.
> example: getblockinfo(getblockhash(0),true).
> Result values can be queried with a non-quoted string in brackets.
> example: getblock(getblockhash(0) true)[height]
This seemed like a reasonably sane way to introduce a fake RPC help command, but
Tree-SHA512: 35d73dcef9c4936b8be99e80978169f117c22b94f4400c91097bf7e0e1489060202dcd738d9debdf4c8a7bd10709e2c19d4f625f19e47c4a034f1d6019c0e0f2
49bd659 tests: move pwalletMain to wallet test fixture (Wladimir J. van der Laan)
Pull request description:
Scope the variable instead of using an external global; this is how test fixtures are intended to be used.
Followup to #11713.
Tree-SHA512: 7d5bda93cdfe1329c8fe39bd72965906e36dad72fbb5d344ebedf26e66b1857510d01a3c2872d7f718fdeb23365e6ba71991aafe68e82781c6767a086b6d1590
c1e5d40 Make debugging test crash easier (MeshCollider)
8263f6a Create walletdir if datadir doesn't exist and fix tests (MeshCollider)
9587a9c Default walletdir is wallets/ if it exists (MeshCollider)
d987889 Add release notes for -walletdir and wallets/ dir (MeshCollider)
80c5cbc Add test for -walletdir (MeshCollider)
0530ba0 Add -walletdir parameter to specify custom wallet dir (MeshCollider)
Pull request description:
Closes#11348
Adds a `-walletdir` parameter which specifies a directory to use for wallets, allowing them to be stored separately from the 'main' data directory. Creates a new `wallets/` directory in datadir if this is the first time running, and defaults to using it if it exists.
Includes tests and release notes. Things which might need to be considered more:
- there is no 'lock' on the wallets directory, which might be needed?
- because this uses a new wallets/ directory by default, downgrading to an earlier version won't see the wallets in that directory (not a big deal though, users can just copy them up to the main dir)
- jnewbery suggested putting each wallet in its own directory, which is a good idea, but out of scope for this PR IMO. EDIT: this is being done in https://github.com/bitcoin/bitcoin/pull/11687
- doc/files.md needs updating (will do soon)
I also considered including a cleanup by removing caching of data directory paths and instead just initialise them once on startup (c.f. #3073), but decided it wasn't super relevant here will just complicate review.
Tree-SHA512: c8ac04bfe9a810c32055f2c8b8fa0d535e56125ceb8d96f12447dd3538bf3e5ee992b60b1cd2173bf5f3fa023a9feab12c9963593bf27ed419df929bb413398d
f94c2ec Fix for mismatched extern definition in wallet test classes which was breaking msvc linking. (Aaron Clauson)
Pull request description:
The extern declarations are using a raw pointer which doesn't match the source variable's std::unqiue_ptr.
Tree-SHA512: 1500ffa1282ee6565741bf2f8f9def68a355346c8e4a667e1167d3d550eb0b732e8cba52fbef380a92c860e686d36da877d800ee5f2fc1e4dd8fd88fbe170644
Opt-in RBF checkbox uses less technical jargon and emphasises
the fee bump functionality (at the expense of not mentioning
other uses of RBF).
The transaction confirmation screen uses copy consistent with this.
dcfef27 cli: Reject arguments to -getinfo (Wladimir J. van der Laan)
Pull request description:
Currently it's possible to accidentally type e.g.
bitcoin-cli -getinfo getbalance
and get an answer which can be confusing; the trailing arguments are just ignored.
To avoid this, throw an error if the user provides arguments to
`-getinfo`.
Tree-SHA512: 3603e8fa852b884d1dd3b7462db40b092fe8b3390fd4384b4ee330315d797aff711e9f62990012fd4b5a55c8678734ba8497a5488a09ee6b65cf8a99017d6eb4
- Added `help-console` to the list of autocompletion strings
- Implemented requested changes to help message:
- Added an example that uses access-by-index `getblock(getblockhash(0) true)[tx][0]`
- Replace "bracketed syntax" to "parenthesized syntax" where applicable
- Replace "separate" with "delimit"
- Removed `<br>` and `<b>help/help-console</b>` from translation strings, since these parts don't change between languages
- Changed examples to be based off `getblock 0` so they will work even with pruned/no blockchain and `disablewallet` if copied and pasted
- Clarified syntax for queries of named/unnamed result objects.
ac1cf8d Trivial: Improve #endif comments (danra)
Pull request description:
Improve the #endif comments for the '#if HAVE_DECL_BSWAP_XX == 0' preprocessor conditions, so each shows the full condition which it closes.
Tree-SHA512: f533311fa48cb2f46f6490b6c965ad5f8861dcfad70c56d70e31fa989b422880c78b2dd6f24f648b19d3a22f767606e0de5cf1cb71445012b42c97ac2149295e
Currently it's possible to accidentally type e.g.
bitcoin-cli -getinfo getbalance
and get an answer which can be confusing; the trialing arguments are
just ignored.
To avoid this, throw an error if the user provides arguments to
`-getinfo`.
28f8b66 Diagnose unsuitable outputs in lockunspent(). (Eelis)
Pull request description:
Fixes#2667.
This is a simplified version of pull request #3574, which was abandoned by its author.
I added some tests as well.
Tree-SHA512: e63e00dec8b1b232079380183805cb0b0b18c78ea6bea769837949aab984689d7f68b2ccfe66b1873517b040b9e616ce0eb058575c3d4382aa8c26eebcf1f14e
069215e Initialize recently introduced non-static class member lastCycles to zero in constructor (practicalswift)
Pull request description:
Initialize recently introduced non-static class member `lastCycles` to zero in constructor.
`lastCycles` was introduced in 3532818746 which was merged into master yesterday.
Friendly ping @laanwj :-)
Tree-SHA512: cb93b6a8f6e2e3b06cd05a635da95c84f3df64c21fc23fe82f98306ea571badc32040315b563e46ddb5203128226bc334269acd497beead5a5777c434060fd85
This makes all include paths in the GUI absolute.
Many changes are involved as every single source file in
src/qt/ assumes to be able to use relative includes.
aed1d90ac [wallet] Change feebumper from class to functions (Russell Yanofsky)
37bdcca3c [refactor] Make feebumper namespace (Russell Yanofsky)
7c4f00919 [trivial] Rename feebumper variables according to project code style (Russell Yanofsky)
Pull request description:
Make feebumper methods static and remove stored state in the class.
Having the results of feebumper calls persist in an object makes process
separation between Qt and wallet awkward, because it means the feebumper object
either has to be serialized back and forth between Qt and wallet processes
between fee bump calls, or that the feebumper object needs to stay alive in the
wallet process with an object reference passed back to Qt. It's simpler just to
have fee bumper calls return their results immediately instead of storing them
in an object with an extended lifetime.
In addition to making feebumper methods static, also:
- Move LOCK calls from Qt code to feebumper
- Move TransactionCanBeBumped implementation from Qt code to feebumper
- Rename CFeeBumper class to FeeBumper (every CFeeBumper reference had to be
updated in this PR anyway so this doesn't increase the size of the diff)
This change was originally part of https://github.com/bitcoin/bitcoin/pull/10244
Tree-SHA512: bf75e0c741b4e9c8912e66cc1dedf0ff715f77ea65fc33f7020d97d9099b0f6448f5852236dac63eea649de7d6fc03b0b21492e2c5140fb7560a39cf085506fd
89f0312 Remove redundant pwallet nullptr check (Matt Corallo)
c4784b5 Add a dev notes document describing the new wallet RPC blocking (Matt Corallo)
3ea8b75 Give ZMQ consistent order with UpdatedBlockTip on scheduler thread (Matt Corallo)
cb06edf Fix wallet RPC race by waiting for callbacks in sendrawtransaction (Matt Corallo)
e545ded Also call other wallet notify callbacks in scheduler thread (Matt Corallo)
17220d6 Use callbacks to cache whether wallet transactions are in mempool (Matt Corallo)
5d67a78 Add calls to CWallet::BlockUntilSyncedToCurrentChain() in RPCs (Matt Corallo)
5ee3172 Add CWallet::BlockUntilSyncedToCurrentChain() (Matt Corallo)
0b2f42d Add CallFunctionInQueue to wait on validation interface queue drain (Matt Corallo)
2b4b345 Add ability to assert a lock is not held in DEBUG_LOCKORDER (Matt Corallo)
0343676 Call TransactionRemovedFromMempool in the CScheduler thread (Matt Corallo)
a7d3936 Add a CValidationInterface::TransactionRemovedFromMempool (Matt Corallo)
Pull request description:
Based on #10179, this effectively reverts #9583, regaining most of the original speedups of #7946.
This concludes the work of #9725, #10178, and #10179.
See individual commit messages for more information.
Tree-SHA512: eead4809b0a75d1fb33b0765174ff52c972e45040635e38cf3686cef310859c1e6b3c00e7186cbd17374c6ae547bfbd6c1718fe36f26c76ba8a8b052d6ed7bc9
63c2d83 Explicitly state assumption that state.m_chain_sync.m_work_header != nullptr in ConsiderEviction (practicalswift)
Pull request description:
Explicitly state assumption that `state.m_chain_sync.m_work_header != nullptr` in `ConsiderEviction(…)`.
Static analyzer (and humans!) will see the null-check in ...
```
else if (state.m_chain_sync.m_timeout == 0 || (state.m_chain_sync.m_work_header != nullptr && ...
```
... and infer that `state.m_chain_sync.m_work_header` might be set to `nullptr` when reaching `else if (state.m_chain_sync.m_timeout > 0 && time_in_seconds > state.m_chain_sync.m_timeout)` and thus flag `state.m_chain_sync.m_work_header->GetBlockHash().ToString()` as a potential null pointer dereference.
This commit makes the tacit assumption of `state.m_chain_sync.m_work_header != nullptr` explicit.
Code introduced in 5a6d00c6de ("Permit disconnection of outbound peers on bad/slow chains") which was merged into master four days ago.
Friendly ping @sdaftuar :-)
Tree-SHA512: 32e5631025b7ba7556a02c89d040fbe339c482a03f28d0dbc9871c699e1f8ac867619b89c5fd41fdcfcf0dc4d7c859295b26ccd988572145cc244261aec18ce9
927f4ff5a GUI: Receive: Remove option to reuse a previous address (Luke Dashjr)
Pull request description:
This was justified by the need to "resent" an invoice, but now that we have the request history, that need should be gone.
Tree-SHA512: 4ade4eb84a21bbbd8dcc3a2c9580d416e113284b5bdf350c22051c233101fe0ee31659c54a7a46e7136f9c999acb61efbbb3f97aeb2fa7b2b1e1daec02ca0837
5e0ba8f8c [wallet] getreceivedbyaddress should return error if address is not mine (John Newbery)
ea0cd24f7 [tests] Tidy up receivedby.py (John Newbery)
Pull request description:
Two commits:
- First commit tidies up the `receivedby.py` test (and speeds it up by factor of two)
- Second commit changes getreceivedbyaddress to return error if the address is not found in wallet, and adds test to `receivedby.py`
Tree-SHA512: e41342dcbd037a6b440cbe4ecd3b8ed589e18e477333f0d866f3564e948e0f5231e497d5ffb66da4e6680eb772d9f0cf839125098bb68b92d04a5ee35c6c0a81
11413646b [trivial] (whitespace only) fix getblockchaininfo alignment (John Newbery)
bd9c18171 [rpc] Add initialblockdownload to getblockchaininfo (John Newbery)
Pull request description:
Exposing whether the node is in IBD would help for testing, and may be useful in general, particularly for developers.
First discussed in #10357 here: https://github.com/bitcoin/bitcoin/pull/10357#pullrequestreview-59963870
> ... we could simplify this (and possibly other) tests by just adding a way to know if a node is in IBD. I'd like to do that, but I'm not sure it makes sense to complicate this PR with discussion over how that information should be made available. Eg it's not clear to me that the notion of being in IBD is worth exposing to the casual user, versus a hidden rpc call or something, since the definition has changed over time, and may continue to change in the future. But I still do agree that at least for testing purposes it would be far simpler to expose the field somehow...
This PR currently implements the simplest way of doing this: adding an `initialblockdownload` field to `getblockchaininfo`. Other approaches we could take:
1. add a new debug RPC method that exposes `IBD` and potentially other information.
2. add a parameter to `getblockchaininfo`, eg `debug_info`, which would cause it to return debug information including IBD
3. add a query string to the url `?debug=true` which would cause RPCs to return additional debug information.
I quite like the idea of (3). Feedback on these and other approaches very much welcomed!
@sdaftuar @laanwj
Tree-SHA512: a6dedd47f8c9bd38769cc597524466250041136feb33500644b9c48d0ffe4e3eeeb2587b5bbc6420364ebdd2667df807fbb50416f9a7913bbf11a14ea86dc0d4
Change feebumper from a stateful class into a namespace of stateless
functions.
Having the results of feebumper calls persist in an object makes process
separation between Qt and wallet awkward, because it means the feebumper object
either has to be serialized back and forth between Qt and wallet processes
between fee bump calls, or that the feebumper object needs to stay alive in the
wallet process with an object reference passed back to Qt. It's simpler just to
have fee bumper calls return their results immediately instead of storing them
in an object with an extended lifetime.
In addition to making feebumper stateless, also:
- Move LOCK calls from Qt code to feebumper
- Move TransactionCanBeBumped implementation from Qt code to feebumper
Future commit will remove the FeeBumper class. This commit simply places
everything into a feebumper namespace, and changes the enum class name
from BumpeFeeResult to feebumper::Result.
Future PRs will completely refactor this translation unit and touch all
this code so we rename the variables to follow project stlye guidelines
in this preparation commit.
Don't use m_ prefixes for member variables since we're going to remove
the class entirely in the next commits.
203a4aa31 Fix CTxMemPoolEntry::UpdateAncestorState: modifySigOps param type int -> int64_t (donaloconnor)
Pull request description:
CTxMemPoolEntry::CTxMemPoolEntry's modifySigOps parameter is int while update_ancestor_state::modifySigOpsCost is int64_t. This issue was raised in #11165. It looks like the function paramaters were not changed in commit 72abd2c
This will avoid unexpected truncation of int64_t -> int
Tree-SHA512: 314c703f217e104336456859066d18fb0d12c4f9f32835e17490a6f29eb05951184095039e4e57edacef8ad35dd75c6d97d9af656a52209dd0c3779b4ffa0914
5b9748f97 Small refactor of CCoinsViewCache::BatchWrite() (Dan Raviv)
Pull request description:
`std::unordered_map::erase( const_iterator pos )` returns an iterator to the element following the removed one. Use that to optimize (probably minor-performance-wise, and definitely code-structure-wise) the implementation of `CCoinsViewCache::BatchWrite()`.
Tree-SHA512: 00abc838ad91771cfcddd45688841c9414869b75289d09b483a7f0ba835614fe189e9c8aca8a80e3de78ee397ec14083ae52e2e92b7863b3b6eb0d0cb892c9dd
d052e3847 [qt] Add use available balance in send coins dialog (CryptAxe)
Pull request description:
This is an alternative to #11098 to handle #11033 where a new button `Use available balance` is added to each entry. When activated, the available balance is calculated by using the coin control (if any) and then it's subtracted the remaining recipient amounts. If this amount is positive then the `Subtract fee from amount` is automatically selected.
Comparing to #11098, this has the advantage to avoid the fair amount division over the recipients and allows to fine adjust the amounts in multiple iterations.
Started from @CryptAxe commit 89e9eda to credit some code.
<img width="965" alt="screen shot 2017-09-13 at 01 32 44" src="https://user-images.githubusercontent.com/3534524/30354518-e1bee31c-9824-11e7-9354-300aa63cdfd0.png">
<img width="964" alt="screen shot 2017-09-13 at 01 44 57" src="https://user-images.githubusercontent.com/3534524/30354598-5731ac9c-9825-11e7-9d5f-8781988ed219.png">
Tree-SHA512: 01d20c13fd8b6c2a0ca1d74d3a9027c6922e6dccd3b08e59d5a72636be7072ed5eca7ebc5d431299497dd3374e83753220ad4174d8bc46dadb4b2f54973036a5
Static analyzer (and humans!) will see ...
```
else if (state.m_chain_sync.m_timeout == 0 || (state.m_chain_sync.m_work_header != nullptr && ...
```
... and infer that state.m_chain_sync.m_work_header might be set to nullptr,
and thus flag `state.m_chain_sync.m_work_header->GetBlockHash().ToString()`
as a potential null pointer dereference.
This commit makes the tacit assumption (m_work_header != nullptr) explicit.
Code introduced in 5a6d00 ("Permit disconnection of outbound peers on
bad/slow chains") which was merged into master four days ago.
620bae3 Require a steady clock for bench with at least micro precision (Matt Corallo)
Pull request description:
Using a non-steady high_precision_clock by default is definitely not what we want, and in practice steady_clock has more than enough precision. Should double-check that travis passes on this one to make sure we actually have at least microsecond precision on all platforms.
Tree-SHA512: 54a4af3b6addca9897e8ab04694f9461343691b475ca3ed2368595c37520612e284969be94a8ee3d7c66d16532f7bb16b6ad80284cbc153653e8ef2d56696e9d
We should generally avoid writing to debug.log unconditionally for
inbound peers which misbehave (the peer being about to be banned
being an exception, since they cannot do this twice).
To avoid removing logs for outbound peers, a new log is added to
notify users when a new outbound peer is connected which mimics
the version print.
a357293 Use MakeUnique<Db>(...) (practicalswift)
3e09b39 Use MakeUnique<T>(...) instead of std::unique_ptr<T>(new T(...)) (practicalswift)
8617989 Add MakeUnique (substitute for C++14 std::make_unique) (practicalswift)
d223bc9 Use unique_ptr for pcoinscatcher/pcoinsdbview/pcoinsTip/pblocktree (practicalswift)
b45c597 Use unique_ptr for pdbCopy (Db) and fix potential memory leak (practicalswift)
29ab96d Use unique_ptr for dbenv (DbEnv) (practicalswift)
f72cbf9 Use unique_ptr for pfilter (CBloomFilter) (practicalswift)
8ccf1bb Use unique_ptr for sem{Addnode,Outbound} (CSemaphore) (practicalswift)
73db063 Use unique_ptr for upnp_thread (boost::thread) (practicalswift)
0024531 Use unique_ptr for dbw (CDBWrapper) (practicalswift)
fa6d122 Use unique_ptr:s for {fee,short,long}Stats (TxConfirmStats) (practicalswift)
5a6f768 Use unique_ptr for httpRPCTimerInterface (HTTPRPCTimerInterface) (practicalswift)
860e912 Use unique_ptr for pwalletMain (CWallet) (practicalswift)
Pull request description:
Use `std::unique_ptr` (C++11) where possible.
Rationale:
1. Avoid resource leaks (specifically: forgetting to `delete` an object created using `new`)
2. Avoid undefined behaviour (specifically: double `delete`:s)
**Note to reviewers:** Please let me know if I've missed any obvious `std::unique_ptr` candidates. Hopefully this PR should cover all the trivial cases.
Tree-SHA512: 9fbeb47b800ab8ff4e0be9f2a22ab63c23d5c613a0c6716d9183db8d22ddbbce592fb8384a8b7874bf7375c8161efb13ca2197ad6f24b75967148037f0f7b20c
dd9bb25 Fix code style in keystore.cpp/crypter.cpp (Jonas Schnelli)
208fda6 CCrypter: move relevant implementation out of the header (Jonas Schnelli)
3155fd2 CKeystore: move relevant implementation out of the header (Jonas Schnelli)
Pull request description:
Tree-SHA512: 4ce73cca5609199b74b8ff2614ee2b6af949545a1332a3a0135c6453c98665d2b0da171c1e390c9a2aec6b12b7fad931ec90084bb7c2defe243786bfc70daf60
725b79a [test] Verify node doesn't send headers that haven't been fully validated (Russell Yanofsky)
3788a84 Do not send (potentially) invalid headers in response to getheaders (Matt Corallo)
Pull request description:
Nowhere else in the protocol do we send headers which are for
blocks we have not fully validated except in response to getheaders
messages with a null locator. On my public node I have not seen any
such request (whether for an invalid block or not) in at least two
years of debug.log output, indicating that this should have minimal
impact.
Tree-SHA512: c1f6e0cdcdfb78ea577d555f9b3ceb1b4b60eff4f6cf313bfd8b576c9562d797bea73abc23f7011f249ae36dd539c715f3d20487ac03ace60e84e1b77c0c1e1a
6c4042a Assert that CWallet::SyncMetaData finds oldest transaction. (Eelis)
Pull request description:
Without this assert, the Clang static analyzer warns about subsequent dereferencing of copyFrom, because it can't be sure that it's not nullptr. See #9573.
Tree-SHA512: 83cbcb32c52c94fcfefbc90ec7de2011dacd6bdb0da35adc401b8d8dda6a86de2fa0403e2158592268c2cf15eef4f3d887d98c90f1031d4735d5f4bf9dbc1d23
5a5e4e9 [wallet] Remove CTransaction&() helper conversion operator from wallet implementation. (Karl-Johan Alm)
Pull request description:
The `CTransaction&()` operator in `CMerkleTx` makes conversion into `CTransaction`s transparent, but was marked as to-be-removed in favor of explicitly getting the `tx` ivar, presumably as the operator can lead to ambiguous behavior and makes the code harder to follow.
This PR removes the operator and adapts callers. This includes some cases of `static_cast<CTransaction>(wtx)` → `*wtx.tx`, which is definitely an improvement.
Tree-SHA512: 95856fec7194d6a79615ea1c322abfcd6bcedf6ffd0cfa89bbdd332ce13035fa52dd4b828d20df673072dde1be64b79c513529a6f422dd5f0961ce722a32d56a
b109a1c Remove redundant nullptr checks before deallocation (practicalswift)
Pull request description:
Rationale:
* `delete ptr` is a no-op if `ptr` is `nullptr`
Tree-SHA512: c98ce769125c4912186a8403cc08a59cfba85b7141af645c709b4c4eb90dd9cbdd6ed8076d50099d1e4ec2bf75917d1af6844082ec42bbb4d94d229a710e051c
7963335 Fix -disablewallet default value (João Barbosa)
b411c2a Improve -disablewallet parameter interaction (João Barbosa)
Pull request description:
The first commit logs a message for each configured wallet if `-disablewallet` is set:
```
bitcoind -printtoconsole -regtest -disablewallet -wallet=foo -wallet=bar
...
WalletParameterInteraction: parameter interaction: -disablewallet -> ignoring -wallet=foo
WalletParameterInteraction: parameter interaction: -disablewallet -> ignoring -wallet=bar
```
It also moves up the `-disablewallet` check which avoids the unnecessary `-wallet` soft set.
The second commit fixes the default value of `-disablewallet`, currently the value is correct, but it should use `DEFAULT_DISABLE_WALLET`.
The third commit can be dropped or squashed, just took the opportunity to fix the coding style there.
Tree-SHA512: bec13d2b2be5adf4680c77212020ed27dd05f15c4c73542d2005d91108bf704e2df1707ed2bec696e584ecd40eff7a63e25201fd70400222aa5a8da6aed6afeb
9db9d62 Refactor: make the read function simpler (gnuser)
Pull request description:
Tree-SHA512: 5a80cc1b841488323d421e6a40b245d149cab1988247aed6cc7468dcc042d3df15b6711f25e40ff16e03ac21de36adbaa1d8da61ccdb94f97c8b70c24a5eedc5
BOOST_CHECK_THROW merely checks that some std::runtime_error is
thrown, but not which one.
One example of how this could lead to a test passing when a developer
introduces a consensus bug: the test for the sigops limit assumes
that CreateNewBlock fails with bad-blk-sigops. However it can
also fail with bad-txns-vout-negative, e.g. if a naive developer lowers
BLOCKSUBSIDY to 1*COIN in the test.
BOOST_CHECK_EXCEPTION allows an additional predicate function. This
commit uses this for all exceptions that are checked for in
miner_tets.cpp:
* bad-blk-sigops
* bad-cb-multiple
* bad-txns-inputs-missingorspent
* block-validation-failed
An instance of the CheckRejectInvalid class (for a given validation string)
is passed to BOOST_CHECK_EXCEPTION.
c098c58 Wrap dumpwallet warning and note scripts aren't dumped (MeshCollider)
a38bfbc Add wallet backup text to import*, add* and dumpwallet RPCs (MeshCollider)
Pull request description:
Closes https://github.com/bitcoin/bitcoin/issues/11243
Adds "Requires a new wallet backup" text to `addwitnessaddress`, `importprivkey`, `importmulti`, `importaddress`, `importpubkey`, and `addmultisigaddress`. Also adds a warning to `dumpwallet` that backing up the seed alone is not sufficient to back up non-HD addresses
Tree-SHA512: 76d7cdca54d5b458acf479154620322391b889922525fddd6153f4164cfee393ad743757400cb8f6b1b30f24947df68ea9043b4e509f7df77a8fa05dda370933
5ce7cb9 [net] De-duplicate connection eviction logic (Thomas Snider)
Pull request description:
While reviewing the safeguards against deliberate node isolation on the network by malicious actors, I found a good de-duplication candidate.
I think this form is much more legible (the type of `cutoffs` notwithstanding). ReverseCompareNodeTimeConnected is not included in the list since the cutoff size is a function of the remaining number of nodes in the candidate eviction set.
Tree-SHA512: ed17999fa9250dcf8448329219324477117e4ecd2d41dedd72ad253e44630eef50b3232c420f1862ebbfb9b8c94efbba1a235b519e39ff5946865c7d69a75280
24a0bdd bench: prefer a steady clock if the resolution is no worse (Cory Fields)
c515d26 bench: switch to std::chrono for time measurements (Cory Fields)
Pull request description:
gettimeofday has portability issues, see for example #11558.
Regardless of large-scale clock refactors in the future, I think it's fine for bench to just use std::chrono itself.
Note that this may slightly improve bench accuracy and changes the display from tiny floats to nanosecond counts instead.
Tree-SHA512: 122355456d01ec6cfcf6867991715cf3a95eabbf5a4f2adc26a059b50382ffb318b7639cdd575197fc4ee5be8b967c0404f1f920d6f5bd4ddd0bd63b5e5c5632
std::chrono removes portability issues.
Rather than storing doubles, store the untouched time_points. Then
convert to nanoseconds for display. This allows for maximum precision, while
keeping results comparable between differing hardware/operating systems.
Also, display full nanosecond counts rather than sub-second floats.
d61845818 Have SegWit active by default (Pieter Wuille)
4bd89210a Unit tests for always-active versionbits. (Anthony Towns)
d07ee77ab Always-active versionbits support (Pieter Wuille)
18e071841 [consensus] Pin P2SH activation to block 173805 on mainnet (John Newbery)
526023aa7 Improve handling of BIP9Deployment limits (Anthony Towns)
Pull request description:
Most tests shouldn't have to deal with the now-historical SegWit activation transition (and other deployments, but SegWit is certainly the hardest one to accomodate).
This PR makes a versionbits starttime of -1 equal to "always active", and enables it by default for SegWit on regtest. Individual tests can override this by using the existing `-vbparams` option.
A few unit tests and functional tests are adapted to indeed override vbparams, as they specifically test the transition.
This is in preparation for wallet SegWit support, but I thought having earlier eyes on it would be useful.
Tree-SHA512: 3f07a7b41cf46476e6c7a5c43244e68c9f41d223482cedaa4c02a3a7b7cd0e90cbd06b84a1f3704620559636a2268f5767d4c52d09c1b354945737046f618fe5
76ea17c79 Add mutex requirement for AddToCompactExtraTransactions(…) (practicalswift)
4616c825a Use -Wthread-safety-analysis if available (+ -Werror=thread-safety-analysis if --enable-werror) (practicalswift)
7e319d639 Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost. (Matt Corallo)
Pull request description:
* Add mutex requirement for `AddToCompactExtraTransactions(…)`.
* Use `-Wthread-safety-analysis` if available.
* Rebased on top of https://github.com/TheBlueMatt/bitcoin/commits/2017-08-test-10923 - now includes: Fix -Wthread-safety-analysis warnings. Change the sync.h primitives to std from boost.
Tree-SHA512: fb7365f85daa2741c276a1c899228181a8d46af51db7fbbdffceeaff121a3eb2ab74d7c8bf5e7de879bcc5042d00d24cb4649c312d51caba45a3f6135fd8b38f
cabff7588 rpc: Make logging RPC public (Wladimir J. van der Laan)
Pull request description:
This started out as a developer hack but now it's useful enough for general use. Unhide the call by moving it to `control` category. This makes it documented in `help`.
Tree-SHA512: f45fa378558b552d4e2a110bf85100b0eaaa6180bb5f62cb54a251f66026d4625b670c69d85c281eebbf4b56b80b65618c51a5a593b8f9d0a04b31e95adc91f4
a9b6ba0b7 Add missing cs_main locks when calling blockToJSON/blockheaderToJSON (practicalswift)
Pull request description:
`blockToJSON(...)` and `blockheaderToJSON(...)` read the variable `chainActive` which requires holding the mutex `cs_main`. So does `GetDifficulty(...)`.
Tree-SHA512: bfb94f5e3238accbf6a4daddde49d53f1891c38ae9b07e25b3098c485747159258f64bb66a50e147b32beac601de89d9d04ff717b6c4f1460d329c90a53d3333
3ab545d7f addrman: Add missing lock in Clear() (CAddrMan) (practicalswift)
Pull request description:
Add missing lock in `Clear()` (`CAddrMan`).
The variable `vRandom` is guarded by the mutex `cs`.
**Note to reviewers:** Does this look correct? Should the lock cover the entire scope of the method, or should it be limited to cover only `std::vector<int>().swap(vRandom);`?
Tree-SHA512: 8833f31beaed1728fa55b13ddf9e0b8e24e395931497329be2440ce1c5113ff02871707d40830260adabd30c4ea86088f5da5cf8a821150c0d820f50a2ce386a
ff35de8 [ui] Add toggle for unblinding password fields (Thomas Snider)
Pull request description:
Proposed change for adding the ability to toggle password visibility in the password dialog. This is similar to functionality in most password managers and is specifically added with the use case of password managers in mind - the password in that case is likely pasted twice into both the new password and confirm password fields.
If this is a welcome change, I am open to suggestions on rearranging the layout.
Tree-SHA512: 1823f356f8f941cc584c44de264433e9a573cb8a358efa300a412c4458b5564d8d193969be40859195cf9c8d6768eee895ee22440d51db4f09175f9b4e28bced
This started out as a developer hack but now it's useful
enough for general use. Unhide the call by moving it to `control` category.
This makes it documented in `help`.
Commit 1.
This code was written by @TheBlueMatt in the following branch:
* https://github.com/TheBlueMatt/bitcoin/commits/2017-08-test-10923
This commit message was written by me (@practicalswift) who also squashed
@TheBlueMatt's commits into one and tried to summarize the changes made.
Commit 2.
Remove boost include. Remove boost mentions in comments.
Move to AppInitServers. This doesn't have any effects on bitcoin behavior. It
was just strange to have this unrelated code in the middle or parameter
interaction.
6262915 Add unit test for stale tip checking (Suhas Daftuar)
83df257 Add CConnmanTest to mutate g_connman in tests (João Barbosa)
ac7b37c Connect to an extra outbound peer if our tip is stale (Suhas Daftuar)
db32a65 Track tip update time and last new block announcement from each peer (Suhas Daftuar)
2d4327d net: Allow connecting to extra outbound peers (Suhas Daftuar)
Pull request description:
This is an alternative approach to #11534. Rather than disconnect an outbound peer when our tip looks stale, instead try to connect to an additional outbound peer.
Periodically, check to see if we have more outbound peers than we target (ie if any extra peers are in use), and if so, disconnect the one that least recently announced a new block (breaking ties by choosing the newest peer that we connected to).
Tree-SHA512: 8f19e910e0bb36867f81783e020af225f356451899adfc7ade1895d6d3bd5afe51c83759610dfd10c62090c4fe404efa0283b2f63fde0bd7da898a1aaa7fb281
97932cd rpc: further constrain the libevent workaround (Cory Fields)
6b58360 rpc: work-around an upstream libevent bug (Cory Fields)
Pull request description:
A rare race condition may trigger while awaiting the body of a message.
This may fix some reported rpc hangs/crashes.
This work-around mimics what libevent does internally once a write has started, which is what usually happens, but not always due to the processing happening on a different thread: e7ff4ef2b4/http.c (L373)
Fixed upstream at: 5ff8eb2637
Tree-SHA512: b9fa97cae9da2a44101c5faf1e3be0b9cbdf722982d35541cf224be31430779c75e519c8ed18d06ab7487bfb1211069b28f22739f126d6c28ca62d3f73b79a52
720d9e8fa [Wallet] always show help-line of wallet encryption calls (Jonas Schnelli)
Pull request description:
We do currently show/hide the wallet encryption RPC calls from the help if the current wallet.
In case of an encrypted wallet, `encryptwallet` is hidden and `walletpassphrasechange`, `walletpassphrasechange` and `walletlock` do appear in the help.
This is no longer ideal in case of multiwallet due to the fact that one may want help infos in order to target a specific wallet.
IMO its preferable to have a static help screen (show everything always). The currently show/hidden calls do handle the possible invalid encryption-state fine.
Fixes#11588
Tree-SHA512: 513fecd15248a31361f5143685e8cdeb63dfd3fa7120828917e1db54d936dc3db60d48ce46efa5c3a563a48157fe962689879856eeeed53f904686b12aec204e
If our tip hasn't updated in a while, that may be because our peers are
not relaying blocks to us that we would consider valid. Allow connection
to an additional outbound peer in that circumstance.
Also, periodically check to see if we are exceeding our target number of
outbound peers, and disconnect the one which has least recently
announced a new block to us (choosing the newest such peer in the case
of tie).
A rare race condition may trigger while awaiting the body of a message, see
upsteam commit 5ff8eb26371c4dc56f384b2de35bea2d87814779 for details.
This may fix some reported rpc hangs/crashes.
5d465e396 Ensure backupwallet fails when attempting to backup to source file (Tomas van der Wansem)
Pull request description:
Previous behaviour was to destroy the wallet (to zero-length)
This fixes#11375
Tree-SHA512: bfd1738659b15e3f23b6bbdf55ec12269c62c820bf701daec19500b52bd5845bb5516733c6f76f36197eb155182a8a35dc239ad4de2ef1e59bbb0f124a455759
f3d4adf Make p2p-acceptablock not an extended test (Matt Corallo)
00dcda6 [qa] test that invalid blocks on an invalid chain get a disconnect (Matt Corallo)
015a525 Reject headers building on invalid chains by tracking invalidity (Matt Corallo)
932f118 Accept unrequested blocks with work equal to our tip (Matt Corallo)
3d9c70c Stop always storing blocks from whitelisted peers (Matt Corallo)
3b4ac43 Rewrite p2p-acceptblock in preparation for slight behavior changes (Matt Corallo)
Pull request description:
@sdaftuar pointed out that the version in #11487 was somewhat DoS-able as someone could feed you a valid chain that forked off the the last checkpoint block and force you to do lots of work just walking backwards across blocks for each new block they gave you. We came up with a few proposals but settled on the one implemented here as likely the simplest without obvious DoS issues. It uses our existing on-load mapBlockIndex walk to make sure everything that descends from an invalid block is marked as such, and then simply caches blocks which we attempted to connect but which were found to be invalid. To avoid DoS issues during IBD, this will need to depend on #11458.
Includes tests from #11487.
Tree-SHA512: 46aff8332908e122dae72ceb5fe8cd241902c2281a87f58a5fb486bf69d46458d84a096fdcb5f3e8e07fbcf7466232b10c429f4d67855425f11b38ac0bf612e1
b296bf1 Init: Remove redundant exit(EXIT_FAILURE) instances and replace with return false (donaloconnor)
Pull request description:
While reviewing the bitcoin code I noticed that there are a few exit(EXIT_FAILURE) at various places in the AppInit function.
This function returns to main() which will return/exit with EXIT_FAILURE so returning false instead of an explicit exit(EXIT_FAILURE) seems to be cleaner.
This PR attempts to make things a bit more consistent.
There is a subtle difference between exit() and return from main in that the exit() will not clean up any local vars but I don't think this makes a difference in this case. Using exit() might even lead to bugs in the future where the dtor of local objects are expected to be called.
Tree-SHA512: 7d104c3a752b4e7d7bc2382ef7e62543462988f1bbf13dd4077fbeff5399729b76c71a4352556f188b8d306604232477466f5bb827b58a6f3f6273f2370e1faa
659b206 Make listsinceblock refuse unknown block hash (Russell Yanofsky)
Pull request description:
Change suggested by @theuni who noticed listsinceblock would ignore invalid block hashes causing it to return a completely unfiltered list of transactions.
Tree-SHA512: 3c8fb160265780d1334e856e853ab48e2e18372b8f1fc71ae480c3f45317048cc1fee0055d5c58031981a91b9c2bdbeb8e49a889d04ecba61729ce8109f2ce3f
60b98f8 [Util] Update tinyformat.h (fanquake)
Pull request description:
Updates `tinyformat.h` to commit c42f/tinyformat@689695c upstream. Including:
8a2812d8485d9e05a34748e2e48789
@achow101 mentioned that since upgrading to Ubuntu 17.10 (GCC 7), tinyformat had been throwing lots of -Wimplicit-fallthrough warnings. However fallthrough warnings should have been silenced by #10489. cc @theuni.
The upstream commit to fix fallthrough warnings is in this PR https://github.com/c42f/tinyformat/pull/39.
The last time tinyformat.h was updated in this repo was in #8274.
Tree-SHA512: a51bd30544693550e08148daf5d244e3a3a410caff7897351eb9cd28f661dc85e193e045bb86068ee4006b2f89a7233b7573b8c50d93d2a9a15a11386fdcc605
This tracks the set of all known invalid-themselves blocks (ie
blocks which we attempted to connect but which were found to be
invalid). This is used to cheaply check if new headers build on an
invalid chain.
While we're at it we also resolve an edge-case in invalidateblock
on pruned nodes which results in them needing a reindex if they
fail to reorg.
This is a simple change that makes our accept requirements the
same as our request requirements, (ever so slightly) further
decoupling our consensus logic from our FindNextBlocksToDownload
logic in net_processing.
There is no reason to wish to store blocks on disk always just
because a peer is whitelisted. This appears to be a historical
quirk to avoid breaking things when the accept limits were added.
Nowhere else in the protocol do we send headers which are for
blocks we have not fully validated except in response to getheaders
messages with a null locator. On my public node I have not seen any
such request (whether for an invalid block or not) in at least two
years of debug.log output, indicating that this should have minimal
impact.
Reading the variable mapBlockIndex requires holding the mutex cs_main.
The new "Disconnect outbound peers relaying invalid headers" code
added in commit 37886d5e2f and merged
as part of #11568 two days ago did not lock cs_main prior to accessing
mapBlockIndex.
Warnings prior to this commit:
```
addrman.cpp:390:24: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare]
if (vRandom.size() != nTried + nNew)
~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~
addrman.cpp:411:52: warning: comparison of integers of different signs: 'int' and 'size_type' (aka 'unsigned long') [-Wsign-compare]
if (info.nRandomPos < 0 || info.nRandomPos >= vRandom.size() || vRandom[info.nRandomPos] != n)
~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~
addrman.cpp:419:25: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare]
if (setTried.size() != nTried)
~~~~~~~~~~~~~~~ ^ ~~~~~~
addrman.cpp:421:23: warning: comparison of integers of different signs: 'size_type' (aka 'unsigned long') and 'int' [-Wsign-compare]
if (mapNew.size() != nNew)
~~~~~~~~~~~~~ ^ ~~~~
4 warnings generated.
```
cc5c39d [Build] Add AM_OBJCXXFLAGS and QT_PIE_FLAGS to OBJCXXFLAGS to future-proof darwin targets (fanquake)
f8c6697 Fix automake warnings when running autogen.sh (Evan Klitzke)
Pull request description:
Adjusted @eklitzke's commit to completely remove GZIP_ENV.
Added a commit to address OBJCXXFLAGS.
Rebased on master.
Relevant info from @theuni & #11013 below.
--------
GZIP_ENV was indeed added for determinism, but gitian exports this as needed, so it's not really necessary. I'd rather just remove it.
The mm.o rule was added to support XCode 4.2's ancient version of automake. That's irrelevant now, so it makes sense to remove that too.
All darwin targets are PIE by default, so we don't technically need the flags, but I'd be more comfortable if we hooked up the OBJCXXFLAGS in case future ones are added.
--------
The second commit addresses the last point, but could probably use a better commit message.
These warnings are removed from autogen output:
```
Makefile.am:12: warning: user variable 'GZIP_ENV' defined here ...
/usr/local/Cellar/automake/1.15.1/share/automake-1.15/am/distdir.am: ... overrides Automake variable 'GZIP_ENV' defined here
src/Makefile.am: installing 'build-aux/depcomp'
src/Makefile.am:503: warning: user target '.mm.o' defined here ...
/usr/local/Cellar/automake/1.15.1/share/automake-1.15/am/depend2.am: ... overrides Automake target '.mm.o' defined here
```
Tree-SHA512: bd59df5f6d3aafe35d5e36925bfe61cc71e774583a0438d7dd946c9e7ecf6e59d42f90a58b8cfef0faa404c81050338ad4cefe721b4a949af881e73b6ab254d4
37886d5e2 Disconnect outbound peers relaying invalid headers (Suhas Daftuar)
4637f1852 moveonly: factor out headers processing into separate function (Suhas Daftuar)
Pull request description:
Alternate to #11446.
Disconnect outbound (non-manual) peers that serve us block headers that are already known to be invalid, but exempt compact block announcements from such disconnects.
We restrict disconnection to outbound peers that are using up an outbound connection slot, because we rely on those peers to give us connectivity to the honest network (our inbound peers are not chosen by us and hence could all be from an attacker/sybil). Maintaining connectivity to peers that serve us invalid headers is sometimes desirable, eg after a soft-fork, to protect unupgraded software from being partitioned off the honest network, so we prefer to only disconnect when necessary.
Compact block announcements are exempted from this logic to comply with BIP 152, which explicitly permits nodes to relay compact blocks before fully validating them.
Tree-SHA512: 3ea88e4ccc1184f292a85b17f800d401d2c3806fefc7ad5429d05d6872c53acfa5751e3df83ce6b9c0060ab289511ed70ae1323d140ccc5b12e3c8da6de49936
fd3a2f3 [tests] Add fuzz testing for BlockTransactions and BlockTransactionsRequest (practicalswift)
Pull request description:
The `BlockTransactions` deserialization code is reachable with tainted data via `ProcessMessage(…, "BLOCKTXN", vRecv [tainted], …)`.
The same thing applies to `BlockTransactionsRequest` which is reachable via `"GETBLOCKTXN"`.
Tree-SHA512: 64560ea344bc6145b940472f99866b808725745b060dedfb315be400bd94e55399f50b982149645bd7af7ed9935fd28751d7daf0d3f94a8e2ed3bc52e3325ffb
e065249 Add unit test for outbound peer eviction (Suhas Daftuar)
5a6d00c Permit disconnection of outbound peers on bad/slow chains (Suhas Daftuar)
c60fd71 Disconnecting from bad outbound peers in IBD (Suhas Daftuar)
Pull request description:
The first commit will disconnect an outbound peer that serves us a headers chain with insufficient work while we're in IBD.
The second commit introduces a way to disconnect outbound peers whose chains fall out of sync with ours:
For a given outbound peer, we check whether their best known block (which is known from the blocks they announce to us) has at least as much work as our tip. If it doesn't, we set a 20 minute timeout, and if we still haven't heard about a block with as much work as our tip had when we set the timeout, then we send a single getheaders message, and wait 2 more minutes. If after two minutes their best known block has insufficient work, we disconnect that peer.
We protect 4 of our outbound peers (who provide some "good" headers chains, ie a chain with at least as much work as our tip at some point) from being subject to this logic, to prevent excessive network topology changes as a result of this algorithm, while still ensuring that we have a reasonable number of nodes not known to be on bogus chains.
We also don't require our peers to be on the same chain as us, to prevent accidental partitioning of the network in the event of a chain split. Note that if our peers are ever on a more work chain than our tip, then we will download and validate it, and then either reorg to it, or learn of a consensus incompatibility with that peer and disconnect. This PR is designed to protect against peers that are on a less work chain which we may never try to download and validate.
Tree-SHA512: 2e0169a1dd8a7fb95980573ac4a201924bffdd724c19afcab5efcef076fdbe1f2cec7dc5f5d7e0a6327216f56d3828884f73642e00c8534b56ec2bb4c854a656
Currently we have no rotation of outbound peers. If an outbound peer
stops serving us blocks, or is on a consensus-incompatible chain with
less work than our tip (but otherwise valid headers), then we will never
disconnect that peer, even though that peer is using one of our 8
outbound connection slots. Because we rely on our outbound peers to
find an honest node in order to reach consensus, allowing an
incompatible peer to occupy one of those slots is undesirable,
particularly if it is possible for all such slots to be occupied by such
peers.
Protect against this by always checking to see if a peer's best known
block has less work than our tip, and if so, set a 20 minute timeout --
if the peer is still not known to have caught up to a chain with as much
work as ours after 20 minutes, then send a single getheaders message,
wait 2 more minutes, and if a better header hasn't been received by then,
disconnect that peer.
Note:
- we do not require that our peer sync to the same tip as ours, just an
equal or greater work tip. (Doing otherwise would risk partitioning the
network in the event of a chain split, and is also unnecessary.)
- we pick 4 of our outbound peers and do not subject them to this logic,
to be more conservative. We don't wish to permit temporary network
issues (or an attacker) to excessively disrupt network topology.
Change suggested by Cory Fields <cory-nospam-@coryfields.com> who noticed
listsinceblock would ignore invalid block hashes causing it to return a
completely unfiltered list of transactions.