Remove CWalletTx merging logic from AddToWallet#9381
Remove CWalletTx merging logic from AddToWallet#9381meshcollider merged 5 commits intobitcoin:masterfrom
Conversation
ryanofsky
force-pushed
the
pr/atw-nomerge
branch
from
d988ec9 to
ed457a3
Compare
ryanofsky
force-pushed
the
pr/atw-nomerge
branch
from
ed457a3 to
b1ac3cf
Compare
|
I'm thinking of splitting this up into two commits to make it easier to review. First commit would change CreateTransaction to return a CTransactionRef instead of CWalletTx. Second commit would change AddToWallet to accept a CTransactionRef instead of a CWalletTx. If any reviewers would prefer this you can let me know. |
|
Splitting commits into logical breaks is always appreciated.
…On 01/25/17 18:48, Russell Yanofsky wrote:
I'm thinking of splitting this up into two commits to make it easier to
review. First commit would change CreateTransaction to return a
CTransactionRef instead of CWalletTx. Second commit would change
AddToWallet to accept a CTransactionRef instead of a CWalletTx.
If any reviewers would prefer this you can let me know.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#9381 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAnoHu0xZqwtESQp3_rXWoR3OurDnNzgks5rV5kPgaJpZM4LRR4W>.
|
|
Hum, reading this (finally) now, I'm not sure if I'm a big fan of this approach. The call-function-which-callsback-to-let-you-fill-in-things-that-really-should-have-been-arguments pattern really sucks. On the flip side, passing in CWalletTxes, and copying those into mapWallet can also lead to issues if you try to do anything to the object you just passed in thinking it is what got stored in the wallet (a mistake I made recently). Maybe we should adapt some of these functions (AddToWallet/CommitTransaction/whatever) to just always take an rvalue to a CWalletTx. This leaves only AddToWalletIfInvolvingMe (I think) which has to update-or-add, and that can just use an internal version of AddToWallet which takes the CWalletDB as an argument instead of creating its own. |
ryanofsky
force-pushed
the
pr/atw-nomerge
branch
from
b1ac3cf to
b78f2eb
Compare
Preserves comment strings, order form and account strings from the original wallet transaction. Also sets fTimeReceivedIsTxTime and fFromMe fields (which are set in CWallet::CreateTransaction) which don't actually influence wallet behavior, but record that the transaction originated in the wallet (instead of coming from the network or sendrawtransaction). Setting these fields also simplifies CWalletTx cleanup in bitcoin#9381.
Preserves comment strings, order form and account strings from the original wallet transaction. Also sets fTimeReceivedIsTxTime and fFromMe fields (which are set in CWallet::CreateTransaction) which don't actually influence wallet behavior, but record that the transaction originated in the wallet (instead of coming from the network or sendrawtransaction). Setting these fields also simplifies CWalletTx cleanup in bitcoin#9381.
ryanofsky
force-pushed
the
pr/atw-nomerge
branch
from
b78f2eb to
d45e95e
Compare
ryanofsky
changed the title
If you are adamant about this, could you say more about why it sucks? I think a callback is exactly the thing you want when you are doing an in-place update to a data structure. In any case, I agree that CommitTransaction shouldn't take a callback, so I changed it to just take a transaction ref. So now there are way fewer callbacks (I think only 3 left in non-test code). |
ryanofsky
force-pushed
the
pr/atw-nomerge
branch
from
d45e95e to
31ec1e6
Compare
|
I'm just generally not a fan of callbacks making ownership models inconsistent. eg this kind of thing is where people always fuck up lockordering (though admittedly less so in this particular case, more the general case of callbacks going in both directions between modules). So I do like this version much better, but still not sure the call back is required to be publicly exposed...Can we just leave MarkReplaced and add a similar function for importpruned funds to use (I dont believe the double-disk-sync in importprunedfunds will make for inconsistent/bad on-disk state?). Then we can make AddToWallet(..., callback) private and use AddToWalletIfInvolvingMe (which should probably also take a CTransactionRef, not a CTransaction, though maybe thats for a separate PR) publicly. |
ryanofsky
changed the title
ryanofsky
force-pushed
the
pr/atw-nomerge
branch
from
31ec1e6 to
98cf53c
Compare
ryanofsky
changed the title
ryanofsky
force-pushed
the
pr/atw-nomerge
branch
from
98cf53c to
3b022f6
Compare
ryanofsky
force-pushed
the
pr/atw-nomerge
branch
from
2764551 to
c80a2bf
Compare
ryanofsky
force-pushed
the
pr/atw-nomerge
branch
from
c80a2bf to
90847c4
Compare
ryanofsky
force-pushed
the
pr/atw-nomerge
branch
2 times, most recently
from
777c297 to
4a20b3c
Compare
ryanofsky
force-pushed
the
pr/atw-nomerge
branch
from
4a20b3c to
4e8ce01
Compare
|
Rebased dff3c12 -> 93510bc ( |
src/wallet/wallet.cpp
Outdated
| } | ||
|
|
||
| bool CWallet::AddToWallet(const CWalletTx& wtxIn, bool fFlushOnClose) | ||
| bool CWallet::AddToWallet(CTransactionRef tx, const CWalletTx::Confirmation& confirm, const UpdateWalletTxFn& update_wtx, bool fFlushOnClose) |
There was a problem hiding this comment.
In 03c5ac0 Remove CWalletTx merging logic from AddToWallet: it might make sense to have a seperate commit that adds the confirm argument.
(maybe not worth confusing existing reviewers)
There was a problem hiding this comment.
re: #9381 (comment)
In 03c5ac0
Remove CWalletTx merging logic from AddToWallet: it might make sense to have a seperate commit that adds theconfirmargument.
(maybe not worth confusing existing reviewers)
This is a good thought, and I started to implement it, but the problem is if I just make a commit adding the confirm argument, then there are two confirm objects being passed to AddToWallet (the other one embedded in the CWalletTx object), which is confusing because it's unclear which confirmation should take precedence. If I change the CWalletTx argument to a TransactionRef to solve this problem, then there is no way for callers to set to the other CWalletTx fields (mapValue, vOrderForm, etc), and I have to add the update_wtx argument too, which is already the whole current commit
src/wallet/wallet.h
Outdated
| //! Callback for updating transaction metadata in mapWallet. | ||
| //! | ||
| //! @param wtx - reference to mapWallet transaction to update | ||
| //! @param new_tx - true if wtx is newly inserted, false it it previously existed |
There was a problem hiding this comment.
| { | ||
| auto locked_chain = chain().lock(); | ||
| LOCK(cs_wallet); | ||
| WalletLogPrintf("CommitTransaction:\n%s", tx->ToString()); /* Continued */ |
There was a problem hiding this comment.
re: #9381 (comment)
Why the
/* Continued */comment?
This is unchanged from previous code, but it's needed to print a lint error since the log format string doesn't end in \n
src/wallet/wallet.cpp
Outdated
| // otherwise just for transaction history. | ||
| AddToWallet(wtxNew); | ||
| AddToWallet(std::move(tx), {}, [&](CWalletTx& new_wtx, bool new_tx) { | ||
| assert(new_tx); |
There was a problem hiding this comment.
Make this a runtime exception? Perhaps there's some weird edge case, I haven't tried, where a user restores their wallet from a backup on a node with a fresh mempool. The user then recreates the same* transaction in the UI and as they look at the confirmation screen, the transaction re-enters the mempool. Once they click OK this assert should be hit.
* = IIUC it's only a duplicate if they use the same inputs, outputs, fee, if we shuffle them the same way and if the block height hasn't changed
There was a problem hiding this comment.
re: #9381 (comment)
Make this a runtime exception? Perhaps there's some weird edge case, I haven't tried, where a user restores their wallet from a backup on a node with a fresh mempool. The user then recreates the same* transaction in the UI and as they look at the confirmation screen, the transaction re-enters the mempool. Once they click OK this assert should be hit.
Good point. Since there can be an arbitrary delay before the GUI commits the transaction, it isn't safe to assert assert the transaction is new. I removed the assert and just replaced it with nonfatal checks to make sure there aren't conflicting mapValue and order form values.
| return true; | ||
| }; | ||
| if (!pwallet->LoadToWallet(hash, update_wtx)) { | ||
| return false; |
There was a problem hiding this comment.
In 754eb21 Avoid copying CWalletTx in LoadToWallet
The "result" of (formerly void) LoadToWallet has always been ignored. Perhaps that's because before https://github.com/bitcoin/bitcoin/pull/3671/files#diff-3b5a9b7d780ff672241548edf2888fcdL385 we just updated the transaction map directly.
Can you think of any silent failures that would now result in ReadKeyValue failing, and IIUC trigger a rescan? (cc @achow101)
bitcoin/src/wallet/walletdb.cpp
Lines 469 to 483 in 2d6e76a
There was a problem hiding this comment.
re: #9381 (comment)
In 754eb21
Avoid copying CWalletTx in LoadToWalletThe "result" of (formerly
void)LoadToWallethas always been ignored. Perhaps that's because before https://github.com/bitcoin/bitcoin/pull/3671/files#diff-3b5a9b7d780ff672241548edf2888fcdL385 we just updated the transaction map directly.Can you think of any silent failures that would now result in
ReadKeyValuefailing, and IIUC trigger a rescan? (cc @achow101)
It might be worth thinking about how to improve error handling in this code, but behavior shouldn't be changing here. LoadToWallet will only return false if fill_wtx returns false, and fill_wtx only returns false if wtx.GetHash() != hash. So ReadKeyValue should be returning true all the times it used to return true and false and the times it used to return false
ryanofsky
left a comment
ryanofsky
left a comment
There was a problem hiding this comment.
Thanks for reviewing!
Updated 93510bc -> fc4df9d (pr/atw-nomerge.75 -> pr/atw-nomerge.76, compare) with suggestions and a few tweaks to make diffs a little smaller
src/wallet/wallet.cpp
Outdated
| } | ||
|
|
||
| bool CWallet::AddToWallet(const CWalletTx& wtxIn, bool fFlushOnClose) | ||
| bool CWallet::AddToWallet(CTransactionRef tx, const CWalletTx::Confirmation& confirm, const UpdateWalletTxFn& update_wtx, bool fFlushOnClose) |
There was a problem hiding this comment.
re: #9381 (comment)
In 03c5ac0
Remove CWalletTx merging logic from AddToWallet: it might make sense to have a seperate commit that adds theconfirmargument.
(maybe not worth confusing existing reviewers)
This is a good thought, and I started to implement it, but the problem is if I just make a commit adding the confirm argument, then there are two confirm objects being passed to AddToWallet (the other one embedded in the CWalletTx object), which is confusing because it's unclear which confirmation should take precedence. If I change the CWalletTx argument to a TransactionRef to solve this problem, then there is no way for callers to set to the other CWalletTx fields (mapValue, vOrderForm, etc), and I have to add the update_wtx argument too, which is already the whole current commit
| { | ||
| auto locked_chain = chain().lock(); | ||
| LOCK(cs_wallet); | ||
| WalletLogPrintf("CommitTransaction:\n%s", tx->ToString()); /* Continued */ |
There was a problem hiding this comment.
re: #9381 (comment)
Why the
/* Continued */comment?
This is unchanged from previous code, but it's needed to print a lint error since the log format string doesn't end in \n
src/wallet/wallet.cpp
Outdated
| // otherwise just for transaction history. | ||
| AddToWallet(wtxNew); | ||
| AddToWallet(std::move(tx), {}, [&](CWalletTx& new_wtx, bool new_tx) { | ||
| assert(new_tx); |
There was a problem hiding this comment.
re: #9381 (comment)
Make this a runtime exception? Perhaps there's some weird edge case, I haven't tried, where a user restores their wallet from a backup on a node with a fresh mempool. The user then recreates the same* transaction in the UI and as they look at the confirmation screen, the transaction re-enters the mempool. Once they click OK this assert should be hit.
Good point. Since there can be an arbitrary delay before the GUI commits the transaction, it isn't safe to assert assert the transaction is new. I removed the assert and just replaced it with nonfatal checks to make sure there aren't conflicting mapValue and order form values.
src/wallet/wallet.h
Outdated
| //! Callback for updating transaction metadata in mapWallet. | ||
| //! | ||
| //! @param wtx - reference to mapWallet transaction to update | ||
| //! @param new_tx - true if wtx is newly inserted, false it it previously existed |
There was a problem hiding this comment.
| return true; | ||
| }; | ||
| if (!pwallet->LoadToWallet(hash, update_wtx)) { | ||
| return false; |
There was a problem hiding this comment.
re: #9381 (comment)
In 754eb21
Avoid copying CWalletTx in LoadToWalletThe "result" of (formerly
void)LoadToWallethas always been ignored. Perhaps that's because before https://github.com/bitcoin/bitcoin/pull/3671/files#diff-3b5a9b7d780ff672241548edf2888fcdL385 we just updated the transaction map directly.Can you think of any silent failures that would now result in
ReadKeyValuefailing, and IIUC trigger a rescan? (cc @achow101)
It might be worth thinking about how to improve error handling in this code, but behavior shouldn't be changing here. LoadToWallet will only return false if fill_wtx returns false, and fill_wtx only returns false if wtx.GetHash() != hash. So ReadKeyValue should be returning true all the times it used to return true and false and the times it used to return false
|
Rebased fc4df9d -> f1fc789 ( |
|
utACK f1fc789 |
|
Rebased f1fc789 -> ece5d1c ( |
|
re-utACK ece5d1c (rebased) |
Instead of AddToWallet taking a temporary CWalletTx object and then potentially merging it with a pre-existing CWalletTx, have it take a callback so callers can update the pre-existing CWalletTx directly. This makes AddToWallet simpler because now it is only has to be concerned with saving CWalletTx objects and not merging them. This makes AddToWallet calls clearer because they can now make direct updates to CWalletTx entries without having to make temporary objects and then worry about how they will be merged. This is a pure refactoring, no behavior is changing.
The change in walletdb.cpp is easier to review ignoring whitespace. This change is need to get rid of CWalletTx copy constructor.
Disable copying of CWalletTx objects to prevent bugs where instances get copied in and out of the mapWallet map and fields are updated in the wrong copy.
CWalletTx initialization has been fixed so it's no longer necessary to change which wallet a transaction is bound to.
|
Rebased ece5d1c -> f2892d8 ( |
|
Light re-utACK f2892d8, looks like a reasonably straight-forward rebase. |
| CWalletTx* wtx = AddToWallet(std::move(tx), {}, [&](CWalletTx& wtx, bool new_tx) { | ||
| CHECK_NONFATAL(wtx.mapValue.empty()); | ||
| CHECK_NONFATAL(wtx.vOrderForm.empty()); | ||
| wtx.mapValue = std::move(mapValue); |
There was a problem hiding this comment.
Does the std::move still work after going through a lambda capture by reference?
There was a problem hiding this comment.
Yes. mapValue is a reference to the same thing it was outside of the lambda. std::move casts it to an rvalue reference.
There was a problem hiding this comment.
Oh, this has nothing to do with lambdas. I didn't know that references (as long as they are not const) can be moved.
There was a problem hiding this comment.
re: #9381 (comment)
Oh, this has nothing to do with lambdas. I didn't know that references (as long as they are not const) can be moved.
Yep, std::move isn't affected by outside things like this. std::move(mapValue) is only a type cast from mapValue_t& to mapValue_t&& that makes the compiler favor the operator=(mapValue_t&&) assignment overload instead of the operator=(const mapValue_t&) one for wtx.mapValue =
There was a problem hiding this comment.
Even const ones, actually - though unless they have mutable fields, there is no effect.
There was a problem hiding this comment.
With "no effect" you mean const& will stay const&, right? See also the example, which does not compile, because the const& copy constructor is deleted:
#include <memory>
struct Test{
const std::unique_ptr<int>b;
Test(const std::unique_ptr<int>& a):b{std::move(a)}{}
};There was a problem hiding this comment.
std::move(a) where a is const T&, returns something of type const T&&. If T has for example a operator=(const T&&), then that one would be selected in assignment. If there is no such operator, operator=(const T&) will be selected instead. In general a const T&& assignment/constructor operator only makes sense if a class has mutable fields.
src/wallet/wallet.cpp
Outdated
|
|
||
| // Notify that old coins are spent | ||
| for (const CTxIn& txin : wtxNew.tx->vin) { | ||
| for (const CTxIn& txin : wtx->tx->vin) { |
There was a problem hiding this comment.
Doesn't this line crash the node when the wallet can not write the tx to disk?
There was a problem hiding this comment.
re: #9381 (comment)
Doesn't this line crash the node when the wallet can not write the tx to disk?
Wow, good catch! I'm not sure current behavior is ideal either but it wasn't my intention to change it. Updated PR
ryanofsky
left a comment
ryanofsky
left a comment
There was a problem hiding this comment.
Updated f2892d8 -> 28b112e (pr/atw-nomerge.79 -> pr/atw-nomerge.80, compare) reverting some CommitTransaction changes to avoid changing behavior and crashing on failure
src/wallet/wallet.cpp
Outdated
|
|
||
| // Notify that old coins are spent | ||
| for (const CTxIn& txin : wtxNew.tx->vin) { | ||
| for (const CTxIn& txin : wtx->tx->vin) { |
There was a problem hiding this comment.
re: #9381 (comment)
Doesn't this line crash the node when the wallet can not write the tx to disk?
Wow, good catch! I'm not sure current behavior is ideal either but it wasn't my intention to change it. Updated PR
| CWalletTx* wtx = AddToWallet(std::move(tx), {}, [&](CWalletTx& wtx, bool new_tx) { | ||
| CHECK_NONFATAL(wtx.mapValue.empty()); | ||
| CHECK_NONFATAL(wtx.vOrderForm.empty()); | ||
| wtx.mapValue = std::move(mapValue); |
There was a problem hiding this comment.
re: #9381 (comment)
Oh, this has nothing to do with lambdas. I didn't know that references (as long as they are not const) can be moved.
Yep, std::move isn't affected by outside things like this. std::move(mapValue) is only a type cast from mapValue_t& to mapValue_t&& that makes the compiler favor the operator=(mapValue_t&&) assignment overload instead of the operator=(const mapValue_t&) one for wtx.mapValue =
|
Ah sorry, no need to revert your changes. If the wallet can't write to disk, a simple |
I don't think CHECK_NONFATAL would be right, because this is checking a runtime error, not an internal assertion about how code works. I can go back to the earlier version and add this if that's your preference. But actually I like the update better because it makes the overall diff smaller and avoids changing behavior in a refactoring PR. I think ideally if different error handling is needed here, it would be handled in a standalone PR with a unit test. |
|
Well, our assumption in the code is that the wallet can write to disk. If that assumption is violated it seems fine to assert or do that Anyway, re-ACK 28b112e |
|
re-utACK 28b112e |
14 participants
This is a pure refactoring, no behavior is changing.
Instead of AddToWallet taking a temporary CWalletTx object and then potentially merging it with a pre-existing CWalletTx, have it take a callback so callers can update the pre-existing CWalletTx directly.
This makes AddToWallet simpler because now it is only has to be concerned with saving CWalletTx objects and not merging them.
This makes AddToWallet calls clearer because they can now make direct updates to CWalletTx entries without having to make temporary objects and then worry about how they will be merged.
Motivation for this change came from the bumpfee PR #8456 where we wanted to be able to call AddToWallet to make a simple update to an existing transaction, but were reluctant to, because the existing CWalletTx merging logic did not apply and seemed dangerous try to update as part of that PR. After this refactoring, the bumpfee PR could call AddToWallet safely instead of implementing a duplicate AddToWallet function.
This also allows getting rid of the CWalletTx copy constructor to prevent unintentional copying.