a47df13471e3168e2e02023fb20cdf2414141b36 [qa] Test disconnect block failure -> shutdown (Suhas Daftuar)
4433ed0f730cfd60eeba3694ff3c283ce2c0c8ee [validation] Crash if disconnecting a block fails (Suhas Daftuar)
Pull request description:
If we're unable to disconnect a block during normal operation, then that is a
failure of our local system (such as disk failure) or the chain that we are on
(eg CVE-2018-17144), but cannot be due to failure of the (more work) chain that
we're trying to validate.
We should abort rather than stay on a less work chain.
Fixes#14341.
ACKs for top commit:
practicalswift:
utACK a47df13471e3168e2e02023fb20cdf2414141b36
TheBlueMatt:
utACK a47df13471e3168e2e02023fb20cdf2414141b36. Didn't bother to review the test in detail, it looked fine. Debated whether invalidateblock should ever crash the node, but *not* crashing in the case of hitting a pruned block (which is the only change here) is clearly better, even if there are other cases I'd argue we should crash in.
ryanofsky:
utACK a47df13471e3168e2e02023fb20cdf2414141b36. Only change since last review is new comment.
promag:
ACK a47df1347, it takes awhile to quit (RPC connection timeouts) but that's unrelated - hope to fix that soon.
fanquake:
ACK a47df13471e3168e2e02023fb20cdf2414141b36
Tree-SHA512: 4dec8cef6e7dbbe513c138fc5821a7ceab855e603ece3c16185b51a3830ab7ebbc844a28827bf64e75326f45325991dcb672f13bd7baede53304f27289c4af8d
a52818cc5633494992da7d1dc8fdb04b4a1b7c29 net: Make poll in InterruptibleRecv only filter for POLLIN events. poll should block until there is data to be read or the timeout expires. (tecnovert)
Pull request description:
poll should block until there is data to be read or the timeout expires.
Filtering for the POLLOUT event causes poll to return immediately which leads to high CPU usage when trying to connect to non-responding peers through tor.
When USE_POLL is not defined select is used with the writefds parameter set to nullptr.
Removing POLLOUT causes the behavior of poll to match that of select.
Fixes: #16004.
ACKs for top commit:
laanwj:
code review ACK a52818cc5633494992da7d1dc8fdb04b4a1b7c29
jonasschnelli:
utACK a52818cc5633494992da7d1dc8fdb04b4a1b7c29
Tree-SHA512: 69934cc14e3327c7ff7f6c5942af8761e865220b2540d74ea1e176adad326307a73860417dddfd32d601b5c0e9e2ada1848bd7e3d27b0b7a9b42f11129af8eb1
5c3c24cf9eab7bf19a9201599e93955cace5c154 test: remove redundant setup in addrman_tests (zenosage)
Pull request description:
#10765 make this default behavior. No reason to keep these line.
Top commit has no ACKs.
Tree-SHA512: 545eea9c2d0741a75708f288f2c8752534ecaa6d54a9d014ef9afa295b0d075007704b64809eec090023703f47753e8ec755d22c9ccecf57b75f6898f6b708dd
a981e749e6553487cd48eda28e590f769e81c85c fix: tor: Call event_base_loopbreak from the event's callback (João Barbosa)
Pull request description:
Calling `event_base_loopbreak` before `event_base_dispatch` has no effect. Fix this by calling `event_base_loopbreak` from the event's callback. From the [documentation](http://www.wangafu.net/~nickm/libevent-2.0/doxygen/html/event_8h.html#a07a7599e478e4031fa8cf52e26d8aa1e):
> event_base_loop() will abort the loop after the next event is completed; event_base_loopbreak() is typically invoked from this event's callback. This behavior is analogous to the "break;" statement.
This can be tested by running the following with and without this change:
```sh
bitcoind -- -regtest -proxy=127.0.0.1:9050 -listen=1 -bind=127.0.0.1 -whitebind=127.0.0.1:0
```
Fixes#16376.
ACKs for top commit:
laanwj:
code review ACK a981e749e6553487cd48eda28e590f769e81c85c
fanquake:
ACK a981e749e6553487cd48eda28e590f769e81c85c
Tree-SHA512: 328fe71366404d5be8177d7081d5b4868cee73412df631a1865d24fb1c153427210762738109e06b737f037f4c68966812fba041831bb9e8129861f19ce61a63
e1a55690e66ca962179bc8170695b92af8a3caa8 Delete error-prone CScript constructor (Gregory Sanders)
Pull request description:
The behavior of this constructor is not the expected behavior compared to the other constructors which directly interpret the vector as a CScript, rather than serialize it into a new CScript. It has only four uses in the entire codebase. Delete this constructor and replace its four uses with the more clear serialization construction.
ACKs for top commit:
Empact:
ACK e1a55690e6
sipa:
Concept and code review ACK e1a55690e66ca962179bc8170695b92af8a3caa8, but I'd like to make sure we have tests covering the FindAndDelete usage.
Tree-SHA512: b6721e343c867ca401a80ec87c25939d7f1fc798f3bf7e5feb0ea6f8280eecb6bd65afc8286912c76ff8119ccea50ad7726b1a4137cae70c9d4fed7d960e10d3
f53a70ce95231d34bb14cd6c58503927e8d7ff59 Improve documentation of memory_cleanse() (Tim Ruffing)
cac30a436cab3641bba3b774d3d3ddbc426e7908 Clean up logic in memory_cleanse() for MSVC (Tim Ruffing)
Pull request description:
When working on https://github.com/bitcoin-core/secp256k1/issues/185, I noticed that the logic in memory_cleanse(), which is supposed to clear memory securely, is weird on MSVC. While it's correct, it's at least a code smell because the code clears the memory twice on MSVC. This weirdness was introduced by #11558.
This PR fixes the logic on MSVC and also improves the docs around this function. Best reviewed in individual commits, see the commit messages for more rationale. The second commit touches only comments.
ACKs for top commit:
practicalswift:
utACK f53a70ce95231d34bb14cd6c58503927e8d7ff59 :-)
laanwj:
code review ACK f53a70ce95231d34bb14cd6c58503927e8d7ff59
Tree-SHA512: 1c2fd98ae62b34b3e6e59d1178b293af969a9e06cbb7df02a699ce8802f145a336f72edb178c520e3ecec81f7e8083828f90a5ba6367d966a2c7d7c0dd6c0475
3b9bf0eb0e0d69f112ce905078018d8351c73e26 rpc: Allow shutdown while in generateblocks (Patrick Strateman)
Pull request description:
By checking the shutdown flag every loop we can use the entire 32 bit nonce space instead of breaking every 16 bits to check the flag.
This is possible now because the shutdown flag is an atomic where before it was controlled by a condition variable and lock.
ACKs for top commit:
kallewoof:
Re-ACK 3b9bf0e
Tree-SHA512: d0664201a55215130c2e9199a31fb81361daf4102a65cb3418984fd61cb98bfb9136d9ee8d23a85d57e50051f9bb0059bd71fe0488a17f63c38ea5caa6004504
d9753383b9e1b61d19d98bcd1d66607f398c7e9f addrdb: Remove temporary files created in SerializeFileDB. Fixes non-determinism in unit tests. (practicalswift)
Pull request description:
Remove temporary files created in `SerializeFileDB` in case of errors.
_Edit: Previously this was hit non-deterministically from the tests: that is no longer the case but the cleanup issue remains :-)_
ACKs for top commit:
laanwj:
code-review ACK d9753383b9e1b61d19d98bcd1d66607f398c7e9f
Tree-SHA512: e72b74b8de411f433bd8bb354cacae07ab75a240db6232bc6a37802ccd8086bff5275ce3d196ddde033d8ab9e2794bb8f60eb83554af7ec2e9f91d6186cb4647
dddd9270f85bd2e71fd281a0c6b4053e02fce93c net: Document what happens to getdata of unknonw type (MarcoFalke)
Pull request description:
Any getdata of unknown type will never be processed and blocks all future messages from a peer. This isn't obviously clear from reading the code, so document it.
Top commit has no ACKs.
Tree-SHA512: 4f8e43bbe6534242facfcfffae28b7a6aa2d228841fa2146a87d494e69f614b0da23cf7a5f3d4367358a7c1981fe2ec196a21c437ae1653f1c7e0351be22598a
f8995807e4 tests: Make coins_tests/updatecoins_simulation_test deterministic (practicalswift)
Pull request description:
Make `coins_tests/updatecoins_simulation_test` deterministic.
Before:
```
$ contrib/devtools/test_deterministic_coverage.sh 1000
[2019-06-15 05:36:20] Measuring coverage, run #1 of 1000
[2019-06-15 05:38:05] Measuring coverage, run #2 of 1000
[2019-06-15 05:39:49] Measuring coverage, run #3 of 1000
[2019-06-15 05:41:38] Measuring coverage, run #4 of 1000
[2019-06-15 05:43:16] Measuring coverage, run #5 of 1000
...
[2019-06-16 18:25:23] Measuring coverage, run #880 of 1000
[2019-06-16 18:27:12] Measuring coverage, run #881 of 1000
[2019-06-16 18:29:33] Measuring coverage, run #882 of 1000
[2019-06-16 18:33:00] Measuring coverage, run #883 of 1000
[2019-06-16 18:35:32] Measuring coverage, run #884 of 1000
The line coverage is non-deterministic between runs. Exiting.
The test suite must be deterministic in the sense that the set of lines executed at least
once must be identical between runs. This is a necessary condition for meaningful
coverage measuring.
--- gcovr.run-1.txt 2019-06-15 05:38:05.282359029 +0200
+++ gcovr.run-884.txt 2019-06-16 18:37:23.518298374 +0200
@@ -269,7 +269,7 @@
test/bloom_tests.cpp 320 320 100%
test/bswap_tests.cpp 13 13 100%
test/checkqueue_tests.cpp 223 222 99% 169
-test/coins_tests.cpp 478 472 98% 52,68,344-345,511,524
+test/coins_tests.cpp 478 474 99% 52,68,511,524
test/compilerbug_tests.cpp 18 18 100%
test/compress_tests.cpp 27 27 100%
test/crypto_tests.cpp 268 268 100%
@@ -401,5 +401,5 @@
zmq/zmqpublishnotifier.h 5 0 0% 12,31,37,43,49
zmq/zmqrpc.cpp 23 3 13% 16,18,20,23,33-35,37,40-47,51,62,64-65
------------------------------------------------------------------------------
-TOTAL 53323 28305 53%
+TOTAL 53323 28307 53%
------------------------------------------------------------------------------
```
After:
```
$ contrib/devtools/test_deterministic_coverage.sh 1000
[2019-06-15 05:36:20] Measuring coverage, run #1 of 1000
[2019-06-15 05:38:05] Measuring coverage, run #2 of 1000
[2019-06-15 05:39:49] Measuring coverage, run #3 of 1000
[2019-06-15 05:41:38] Measuring coverage, run #4 of 1000
[2019-06-15 05:43:16] Measuring coverage, run #5 of 1000
...
$
```
ACKs for commit f89958:
MarcoFalke:
ACK f8995807e4f08fd0266899e3e227903f06da6ab1 (checked that the randomness state of g_insecure_rand_ctx is the same after three test runs)
Tree-SHA512: 796d362b050c5750e351de1126b62f0f2c8e2d712cf01b6e1a3e2cc6ef92fa68439a32fc24c76d34bce4d553aee4ae4ea88a036c56eb9e25979649a19c59c3e5
c59e3a3261 getrawtransaction: inform about blockhash argument when lookup fails (darosior)
Pull request description:
Just 4 words added on `getrawtransaction` lookup error to fix#16142
ACKs for commit c59e3a:
Tree-SHA512: 2219099c1240667527a9b1498a58818b5ff1c2ef366c498d2bb57963e828b3c87fa3e6b94be7e6463bd289ceabc13f9c9b1082134641594ba335ac400e6d63aa
2d8ad2f99710a8981e33fe2d6ce834b0076c4e80 gui: Enable console line edit on setClientModel (João Barbosa)
Pull request description:
Make console line edit disable by default, and only enable once `RPCConsole::setClientModel` is called.
Fixes#16119.
ACKs for commit 2d8ad2:
fanquake:
tACK 2d8ad2f997 on macOS.
Tree-SHA512: 1418ce3c120c08e5ec3e7a7a063572a24402ce0ec541bd4adc21f61d60c4e86b711e82e940ebf5f0445ab861f89c146c2a2e7990fb52bed2c65fc199a1981f71
d2ae6be80f6a0156021bf8c9b9d17cd4966ddffc gui: Set progressDialog to nullptr (João Barbosa)
Pull request description:
If a progress notification `> 0` arrives immediately after notification `= 100` then `progressDialog` is a dangling pointer.
Potential fix for #16134.
ACKs for commit d2ae6b:
hebasto:
utACK d2ae6be80f6a0156021bf8c9b9d17cd4966ddffc
fanquake:
tACK d2ae6be80f
Tree-SHA512: 300ddde2f27c494b19a5bd4085400d0f5a1d4980fe8cc3c07bfebb037efc35f777215ff1a095eeb16658407e11f04456137393e88a12fdd767b7aac5f12eab5e
fadbc5d89562df7e34379f9d01a757e30db7bbe2 mempool: remove unused magic number from consistency check (Gregory Sanders)
Pull request description:
Unexplained magic numbers are no good. Since the exact number does not matter, opt for a constant that is less peculiar.
Note that this could only possibly affect mempool consistency checks which is not active by default except on regtest.
see discussion: https://github.com/bitcoin/bitcoin/issues/15080
ACKs for commit fadbc5:
practicalswift:
utACK fadbc5d89562df7e34379f9d01a757e30db7bbe2
Tree-SHA512: 80f95ebc284c5bcc5d825fab0e9f962457a411539946d68ef4c8bdea4b1f2f7f0ead88928fac0eaaa02a1175f01f5ef381613ce53b0f27c3098e90d76ecfe9af
d595b4aae gui: move coin control OK to the right (fanquake)
Pull request description:
Fixes#16101
The simplest fix seems to be to just drop the `sizePolicy` property, as we don't use that on any other instances of `QDialogButtonBox`.
master (76e2cded477bc483ec610212bdadf21fe35292d4):
![master](https://user-images.githubusercontent.com/863730/58490351-fc26d380-813a-11e9-9906-043ff4f4959f.png)
This PR:
![right-side](https://user-images.githubusercontent.com/863730/58490360-00eb8780-813b-11e9-80fb-2dab04a5ba54.png)
ACKs for commit d595b4:
hebasto:
utACK d595b4aae9d6eca7094ed5612f4773d98e422057
jonasschnelli:
utACK d595b4aae9d6eca7094ed5612f4773d98e422057
JosuGZ:
tACK d595b4aae9d6eca7094ed5612f4773d98e422057
Tree-SHA512: 7099e21d58457bfcbc83237f5a47ddf18cfa6bd9d6194b357b314b4d54aed72fdbbf10cbe38223affd87c2542b8f364d37ce6a175e594dfbcd18c725b42a6d3e
2c448d6bc7 parameterize hard coded numbers referring to miner conf window (Jordan Baczuk)
Pull request description:
Replace hard coded values (eg. 2016) with `mainnetParams.nMinerConfirmationWindow` where appropriate. This parameterizes hard coded values in the unit test that refer to the `Miner Confirmation Window`, which currently is `2016`. This includes values not exactly 2016 but which were derived from it. Also changed `int` to `uint32_t` where appropriate to avoid compiler warnings. This makes one source of truth, and also helps people who might be adjusting this value in testing so the unit tests don't break.
ACKs for commit 2c448d:
Tree-SHA512: 9262e0b89c1baf7857b49fe2221b2b00f948f61317b321c4871a9182a86d6f8aadeb59d6b133e8a213cc9b31b4a417888fb1ad31caef16ccbbab1de33c4b8459
0b09a57ae Give WalletModel::UnlockContext move semantics (Pieter Wuille)
Pull request description:
WalletModel::UnlockContext seems to implement "move upon copy" semantics; with C++11 this can be done more safely using move semantics (making attempts to actually copy fail instead).
Not a big deal if this isn't worth review time.
ACKs for commit 0b09a5:
Empact:
utACK 0b09a57aec
jonasschnelli:
utACK 0b09a57aec4c56712711585a4314d73d4d9b6877
jb55:
utACK 0b09a57aec4c56712711585a4314d73d4d9b6877
Tree-SHA512: f827856586afd03666c2d9f50320776afb3dd511ac1bcd293b330f015acd1588551b163dccc97b1351301e3295f4c74d90e5754bcee89faeadf6437d7db165c8
Change ctpl implementation to use STL queue & mutex.
Use ctpl synchronized queue instead of boost lockfree queue in bls worker aggregator.
Use smart pointers for memory management of Aggregator and VectorAggregator. With 'delete this;' the objects are prone to data race on the delete operator.
Use smart pointers for memory management of ContributionVerifier.
Pass shared_ptr by value to other threads via worker pool.
c01c065b9ded3399a6a480f15543827dd5e8eb4d Do not construct out-of-bound pointers in SHA512/SHA1/RIPEMD160 code (Pieter Wuille)
Pull request description:
This looks like an issue in the current SHA256/512 code, where a pointer outside of the area pointed to may be constructed (this is UB in theory, though in practice every supported platform treats pointers as integers).
I discovered this while investigating #14580. Sadly, it does not fix it.
ACKs for commit c01c06:
practicalswift:
utACK c01c065b9ded3399a6a480f15543827dd5e8eb4d
Tree-SHA512: 47660e00f164f38c36a1ab46e52dd91cd33cfda6a6048d67541c2f8e73c050d4d9d81b5c149bfad281212d52f204f57bebf5b19879dc7a6a5f48aa823fbc2c02
ccc27bdcd2 doc: Clarify -blocksdir usage (Daniel McNally)
Pull request description:
This PR attempts to clarify and correct the `-blocksdir` argument description and default value. `-blocksdir` does not refer to the full path to the actual `blocks` directory, but rather the root/parent directory which contains the `blocks` directory. Accordingly, the default value is `<datadir>` and not `<datadir>/blocks` - this behavior of defaulting to the datadir can also be seen in init.cpp:
```cpp
if (gArgs.IsArgSet("-blocksdir")) {
path = fs::system_complete(gArgs.GetArg("-blocksdir", ""));
if (!fs::is_directory(path)) {
path = "";
return path;
}
} else {
path = GetDataDir(false);
}
```
It also attempts to clarify that only the `.dat` files containing block data are impacted by `-blocksdir`, not the index files.
I believe this would close#12828.
ACKs for commit ccc27b:
hebasto:
utACK ccc27bdcd2d91fe2c023ad004019d5b970f21dbf
Tree-SHA512: 7b65f66b0579fd56e8c8cd4f9f22d6af56181817762a68deccd7fca51820ad82d9a0c48f5f1f012e746c67bcdae7af4555fad867cb620a9ca538d465c9d86c2b
d2eee87928 Lift prevector default vals to the member declaration (Ben Woosley)
Pull request description:
I overlooked this possibility in #14028
ACKs for commit d2eee8:
promag:
utACK d2eee87, change looks good because members are always initialized.
251Labs:
utACK d2eee87 nice one.
ken2812221:
utACK d2eee87928781ab3082d4279aa6f19641a45e801
practicalswift:
utACK d2eee87928781ab3082d4279aa6f19641a45e801
scravy:
utACK d2eee87928781ab3082d4279aa6f19641a45e801
Tree-SHA512: f2726bae1cf892fd680cf8571027bcdc2e42ba567eaa901fb5fb5423b4d11b29e745e0163d82cb513d8c81399cc85933a16ed66d4a30829382d4721ffc41dc97
5d35ae3326 Handle the result of posix_fallocate system call (Luca Venturini)
Pull request description:
The system call `posix_fallocate` is not supported on some filesystems.
- catches the result of posix_allocate and fall back to the default behaviour if the return value is different from 0 (success)
Fixes#15624
ACKs for commit 5d35ae:
MarcoFalke:
utACK 5d35ae3326624da3fe5dcb4047c9a7cec6665cab
sipa:
utACK 5d35ae3326624da3fe5dcb4047c9a7cec6665cab, though the Yoda condition is an uncommon style in this project.
hebasto:
utACK 5d35ae3326624da3fe5dcb4047c9a7cec6665cab
practicalswift:
utACK 5d35ae3326624da3fe5dcb4047c9a7cec6665cab
Tree-SHA512: 7ab3b35fb633926f28a58b2b07ffde8e31bb997c80a716b1b45ee716fe9ff4ddcef0a05810bd4423530e220cfc62f8925517d27a8b92b05a524272063e43f746
f6ee177f7 Remove unused AES-128 code (practicalswift)
Pull request description:
Remove unused AES-128 code.
As far as I can tell this AES-128 code has never been in use in the project (outside of testing/benchmarking).
The AES-256 code is used in `CCrypter::Encrypt`/`CCrypter::Decrypt` (`src/wallet/crypter.cpp`).
Trivia: 0.15% of the project's C++ LOC count (excluding dependencies) is trimmed off:
```
$ LOC_BEFORE=$(git grep -I "" HEAD~1 -- "*.cpp" "*.h" ":(exclude)src/leveldb/" ":(exclude)src/secp256k1/" ":(exclude)src/univalue/" | wc -l)
$ LOC_AFTER=$(git grep -I "" -- "*.cpp" "*.h" ":(exclude)src/leveldb/" ":(exclude)src/secp256k1/" ":(exclude)src/univalue/" | wc -l)
$ bc <<< "scale=4; ${LOC_AFTER}/${LOC_BEFORE}"
.9985
```
:-)
Tree-SHA512: 9588a3cd795a89ef658b8ee7323865f57723cb4ed9560c21de793f82d35e2835059e7d6d0705e99e3d16bf6b2a444b4bf19568d50174ff3776caf8a3168f5c85
f7696e6183 depends: qt: Don't hardcode pwd path (Carl Dong)
89bee1bdbf depends: tar: Always extract as yourself (Carl Dong)
340ef50772 depends: Defer to Python detected by autoconf (Carl Dong)
Pull request description:
Removes some implicit assumptions that the depends system has about its environment and, as a side-effect, makes it possible to build the depends tree under severely privilege-limited environments such as containers built by Guix.
Tree-SHA512: e8618f9310a0deae864b44f9b60baa29e6225ba16817973ff7830b55798ebd4343aa06da6c1f92682a7afb709d26f80d6ee794a139d4d44c27caf4f0c8fe95fc
66e15e8f97 Explain GetAncestor check for m_failed_blocks in AcceptBlockHeader (Sjors Provoost)
Pull request description:
Salvaged (but slightly modified) from #12138, the comment there was really helpful to wrap my head around that part of the code.
In addition, a naive reader like yours truly will first think `IsValid(BLOCK_VALID_SCRIPTS)` means the previous block was invalid. But IIUC that's not what it means. Instead, it means the block hasn't been checked for validity at the `BLOCK_VALID_SCRIPTS` level yet. So in that case the existing text "previous block index isn't valid" is wrong.
Tree-SHA512: 442a319a83290d94697fdf51376463b70454e0f3909d4a45594ddc2e7c26cd19dc703808385a25e26d6d2dddab0aa35ca41722f2e65ee6fe57bbaf62652d3ec8
4d454dcb6 Refactoring with QString::toNSString (Hennadii Stepanov)
Pull request description:
This PR makes `MacNotificationHandler::showNotification()` cleaner and more readable.
The used `QString::toNSString()` function was introduced in Qt 5.2 which is minimum version now (#14725).
The behavior of `MacNotificationHandler::showNotification()` has not been changed.
cc: @jonasschnelli
Tree-SHA512: 940327a77746ee016415efd3b696ad8ec85dcf12bf3f62e55c9bdc1700415d81a8d03fbc79310982d37a4098786dcaef7cd9702db5498d59d8065447babc27f5
fbaaf782cea54dc433e72129ee1088b3169cdfd4 validation: assert that pindexPrev is non-null when required (Karl-Johan Alm)
Pull request description:
In `ContextualCheckBlock`, we are checking if `pindexPrev == nullptr` conditionally at the start, but then assume it is non-`null` later. This removes the latter assumption.
Tree-SHA512: 95f1e9dc839b2cc0e099d155e6180634ece8c6760d00b53e7d27128762e64c92e82d98a5f4a5786b48a4851b17cdbb4b667d3b6a99adb651256e2032de67d05c
fa694f706c37a1c512a7c346591a63c5e09ee239 test: Add tests for truncated scripts (MarcoFalke)
Pull request description:
Previously not covered by any test
Tree-SHA512: 9f99659bdf3947271074938456a2fe64f5b39fc868e9aa474cec199a536ae5d7428f1cfa7f361936b71b09ee4c426261e6b25668fa77b8416b30dbe4ddb357f0
b7df96f4565064bcb7cbbf7e2507e03bdcf339f0 refactor: Drop boost::this_thread::interruption_point and boost::thread_interrupted in main thread (Chun Kuan Lee)
Pull request description:
This PR drops useless `boost::this_thread::interruption_point` and `boost::thread_interrupted` catch. They are only executed in main thread.
Tree-SHA512: a980d098c1a8238e4f0da9493731d7e69b9ca8e010103f442722d0d4cce471cc40a1fafd5f05535ad0e18899b6cf7563ee20e4025f7c7bc15182a0058c028922
cf4b0327ed92ca8a1533cdf6c2b0015fd9b56397 Use std::numeric_limits<UNSIGNED>::max()) instead of (UNSIGNED)-1 (practicalswift)
6b82fc59eb19004e54f910261a40d5e1b9e44b42 Use const in COutPoint class (Hennadii Stepanov)
Pull request description:
Refactoring:
- all cases of using `(uint32_t) -1` in `COutPoint` class are replaced with const;
- also all remaining instances of `(UNSIGNED)-1` transformed to `std::numeric_limits<UNSIGNED>::max()` (by @practicalswift).
Tree-SHA512: fc7fe9838b6e5136d8b97ea3d6f64c4aaa1215f4369832df432cab017396620bb6e30520a64180ceab6de222562ac11eab243a78dfa5a658ba018835a34caa19
9e0a514112 Add compile time checking for all cs_main runtime locking assertions (practicalswift)
Pull request description:
Add compile time checking for `cs_main` runtime locking assertions.
This PR is a subset of #12665. The PR was broken up to make reviewing easier.
The intention is that literally all `EXCLUSIVE_LOCKS_REQUIRED`/`LOCKS_EXCLUDED`:s added in this PR should follow either directly or indirectly from `AssertLockHeld(…)`/`AssertLockNotHeld(…)`:s already existing in the repo.
Consider the case where function `A(…)` contains `AssertLockHeld(cs_foo)` (without
first locking `cs_foo` in `A`), and that `B(…)` calls `A(…)` (without first locking `cs_main`):
* It _directly_ follows that: `A(…)` should have an `EXCLUSIVE_LOCKS_REQUIRED(cs_foo)` annotation.
* It _indirectly_ follows that: `B(…)` should have an `EXCLUSIVE_LOCKS_REQUIRED(cs_foo)` annotation.
Tree-SHA512: 120e7410c4c223dbc7d42030b1a19e328d01a55f041bb6fb5eaac10ac35cb0c5d469b9b3bda6444731164c73b88ac6495a00890672b107d9305e891571f64dd6
# Conflicts:
# src/validation.cpp
# src/validation.h
# src/wallet/feebumper.cpp
# src/wallet/rpcwallet.cpp
# src/wallet/wallet.h
# Conflicts:
# src/wallet/wallet.h
dc287c98f8 Squashed 'src/univalue/' changes from 51d3ab34ba..7890db99d6 (MarcoFalke)
Pull request description:
This removes the deprecated `std::pair` wrappers from univalue, so that they are not accidentally re-introduced in our code base.
Tree-SHA512: 46f6f7c7c7942a9e131d971c425cbde4159abcc1214235b61139ce97b174024e47b9c52e832cde89fbab9879f43d12c26b64d6def9907bd47883f1e574cf2e2e
fab52675144480c96c5564da4650205f1a41b08e doxygen: Remove misleading checkpoints comment in CMainParams (MarcoFalke)
Pull request description:
This removes the checkpoints comment because it is misleading for two reasons:
* It shows up in the doxygen documentation of `CMainParams` https://dev.visucore.com/bitcoin/doxygen/class_c_main_params.html
* The comment refers to "strange transactions" in a block, which are not specified further. Transactions in blocks are always consensus-valid or rejected as consensus-invalid.
Also sort the includes with `clang-format`, as the file is touched anyway.
Tree-SHA512: b75f38dd0422b9310218307cbaa4dd5afa7579612d7dcdf781b8f25626f79c11e090dbcc83a05571f4418220c1a005f6254a9c461534d517ccecf7f1920be6be
# Conflicts:
# src/chainparams.cpp
e9a78e9b3b doc: Change documentation for =0 for non-boolean options (Wladimir J. van der Laan)
Pull request description:
PR #12713 changed the interpretation for negation of non-boolean options (e.g. -noconnect) to no longer set the option to `0`, but to remove it from the options.
I think this is better because it gets rid of the special meaning of `'0'`.
However it needs to be documented. I attempt to do so in this PR.
Addresses #14064.
There might be options I missed, please help check:
- `-connect`
- `-proxy`
- `-onion`
- `-debug`
- `-debuglogfile`
Needs a manpage update.
Tree-SHA512: a69e63e04a6c8bf6f61a58ddc0f5ebd4b9af7a2e0ea5174e668f2e3edd31a541910a125605ca4bfccf3aca6e59267d98a66de9d1e73650f48c8a1828d315d35d
# Conflicts:
# src/init.cpp
4b7091a842 Replace median fee rate with feerate percentiles (Marcin Jachymiak)
Pull request description:
Currently, the `medianfeerate` statistic is calculated from the feerate of the middle transaction of a list of transactions sorted by feerate.
This PR instead uses the value of the 50th percentile weight unit in the block, and also calculates the feerate at the 10th, 25th, 75th, and 90th percentiles. This more accurately corresponds with what is generally meant by median feerate.
Tree-SHA512: 59255e243df90d7afbe69839408c58c9723884b8ab82c66dc24a769e89c6d539db1905374a3f025ff28272fb25a0b90e92d8101103e39a6d9c0d60423a596714
e306be742932d4ea5aca0ea4768e54b2fc3dc6a0 Use 72 byte dummy signatures when watching only inputs may be used (Andrew Chow)
48b1473c898129a99212e2db36c61cf93625ea17 Use 71 byte signature for DUMMY_SIGNATURE_CREATOR (Andrew Chow)
18dfea0dd082af18dfb02981b7ee1cd44d514388 Always create 70 byte signatures with low R values (Andrew Chow)
Pull request description:
When creating signatures for transactions, always make one which has a 32 byte or smaller R and 32 byte or smaller S value. This results in signatures that are always less than 71 bytes (32 byte R + 32 byte S + 6 bytes DER + 1 byte sighash) with low R values. In most cases, the signature will be 71 bytes.
Because R is not mutable in the same way that S is, a low R value can only be found by trying different nonces. RFC 6979 for deterministic nonce generation has the option to specify additional entropy, so we simply use that and add a uin32_t counter which we increment in order to try different nonces. Nonces are sill deterministically generated as the nonce used will the be the first one where the counter results in a nonce that results in a low R value. Because different nonces need to be tried, time to produce a signature does increase. On average, it takes twice as long to make a signature as two signatures need to be created, on average, to find one with a low R.
Having a fixed size signature makes size calculations easier and also saves half a byte of transaction size, on average.
DUMMY_SIGNATURE_CREATOR has been modified to produce 71 byte dummy signatures instead of 72 byte signatures.
Tree-SHA512: 3cd791505126ce92da7c631856a97ba0b59e87d9c132feff6e0eef1dc47768e81fbb38bfbe970371bedf9714b7f61a13a5fe9f30f962c81734092a4d19a4ef33
18f690ec2f7eb1b4aa51825bfed0cbfdadc93ac7 wallet: shuffle coins before grouping, where warranted (Karl-Johan Alm)
Pull request description:
Coins are randomly shuffled in coin selection to avoid unintentional privacy leaks regarding the user's coin set. For the case where a user has a lot of coins with the same destination, these will be grouped into groups of 10 *before* the shuffling.
It is unclear whether this has any implications at all, but this PR plugs the potential issue, if there ever is one, by shuffling the coins before they are grouped.
Issue brought up in https://github.com/bitcoin/bitcoin/pull/12257#discussion_r204554549
Tree-SHA512: fb50ed4b5fc03ab4853d45b76e1c64476ad5bcd797497179bc37b9262885c974ed6811159fd8e581f1461b6cc6d0a66146f4b70a2777c0f5e818d1322e0edb89