backport: Merge bitcoin/bitcoin#23418, 25480, 25492 #6519
Conversation
vijaydasmp
force-pushed
the
Jan_2025_03
branch
4 times, most recently
from
ecb05bf to
fb70100
Compare
vijaydasmp
changed the title
vijaydasmp
force-pushed
the
Jan_2025_03
branch
5 times, most recently
from
a2257de to
3941a52
Compare
vijaydasmp
force-pushed
the
Jan_2025_03
branch
2 times, most recently
from
f391a48 to
fea3f61
Compare
…tion RPC fa07f84 Fix signed integer overflow in prioritisetransaction RPC (MarcoFalke) fa52cf8 refactor: Replace feeDelta by m_modified_fee (MarcoFalke) Pull request description: Signed integer overflow is UB in theory, but not in practice. Still, it would be nice to avoid this UB to allow Bitcoin Core to be compiled with sanitizers such as `-ftrapv` or ubsan. It is impossible to predict when and if an overflow occurs, since the overflow caused by a prioritisetransaction RPC might only be later hit when descendant txs are added to the mempool. Since it is impossible to predict reliably, leave it up to the user to use the RPC endpoint responsibly, considering their mempool limits and usage patterns. Fixes: bitcoin#20626 Fixes: bitcoin#20383 Fixes: bitcoin#19278 Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34146 / https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47132 ## Steps to reproduce Build the code without the changes in this pull. Make sure to pass the sanitizer flag: ``` ./autogen.sh && ./configure --with-sanitizers=signed-integer-overflow && make clean && make -j $(nproc) ``` ### Reproduce on RPC ``` ./src/bitcoind -chain=regtest -noprinttoconsole & ./src/bitcoin-cli -chain=regtest prioritisetransaction 00000000deadbeef00000000deadbeef00000000deadbeef00000000deadbeef 0 9123456789123456789 ./src/bitcoin-cli -chain=regtest prioritisetransaction 00000000deadbeef00000000deadbeef00000000deadbeef00000000deadbeef 0 9123456789123456789 |> txmempool.cpp:920:15: runtime error: signed integer overflow: 9123456789123456789 + 9123456789123456789 cannot be represented in type 'long int' ./src/bitcoin-cli -chain=regtest stop ``` ### By fuzzing ``` wget https://github.com/bitcoin/bitcoin/files/8921302/clusterfuzz-testcase-minimized-validation_load_mempool-5599531390074880.bin.txt FUZZ=validation_load_mempool ./src/test/fuzz/fuzz ./clusterfuzz-testcase-minimized-validation_load_mempool-5599531390074880.bin.txt |> txmempool.cpp:920:15: runtime error: signed integer overflow: 7214801925397553184 + 2314885530818453536 cannot be represented in type 'long int' |> validation_load_mempool: succeeded against 1 files in 0s. ACKs for top commit: vasild: ACK fa07f84 dunxen: ACK fa07f84 LarryRuane: ACK fa07f84 Tree-SHA512: 4a357950af55a49c9113da0a50c2e743c5b752f0514dd8d16cd92bfde2f77dd0ef56aa98452626df6f7f7a5b51d1227021f6bc94091201a179f0d488ee32a0df
vijaydasmp
force-pushed
the
Jan_2025_03
branch
3 times, most recently
from
4bf1a22 to
3847b1a
Compare
vijaydasmp
changed the title
WalkthroughThe changes span several core components of the system. In the network processing module, methods within the peer management class have been modified so that functions dealing with transaction requests and misbehavior now use direct peer references instead of node identifiers. The RPC functionality has been adjusted to convert ping-related metrics using a different function, thereby changing the underlying representation of timing values. In the transaction memory pool, fee management has been revised: existing functions have been renamed and updated to use a saturating addition mechanism, and the internal fee variable has been replaced to streamline fee calculations. Additionally, the build process has been altered by removing MSVC warning suppression directives and an inline utility function for duration conversion. Finally, changes to sanitation suppressions update comment text and remove a specific suppression entry in the UBSan configuration. Tip 🌐 Web search-backed reviews and chat
✨ Finishing Touches
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
src/rpc/net.cpp (1)
231-231: LGTM: Completed modernization of time handlingThe change completes the consistent update of time handling across all ping-related measurements.
These changes are part of a broader improvement in time handling across the codebase, moving towards type-safe chrono-based time calculations. This reduces the risk of time-related bugs and improves code maintainability.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (13)
src/llmq/dkgsessionhandler.cpp(1 hunks)src/llmq/instantsend.cpp(1 hunks)src/llmq/signing.cpp(1 hunks)src/llmq/signing_shares.cpp(1 hunks)src/net_processing.cpp(27 hunks)src/net_processing.h(1 hunks)src/rpc/net.cpp(1 hunks)src/test/denialofservice_tests.cpp(4 hunks)src/txmempool.cpp(7 hunks)src/txmempool.h(2 hunks)src/util/system.cpp(0 hunks)src/util/time.h(0 hunks)test/sanitizer_suppressions/ubsan(1 hunks)
💤 Files with no reviewable changes (2)
- src/util/time.h
- src/util/system.cpp
✅ Files skipped from review due to trivial changes (1)
- src/llmq/signing_shares.cpp
🔇 Additional comments (31)
src/rpc/net.cpp (3)
225-225: LGTM: Improved time handling using modern C++ chronoThe change from
CountSecondsDoubletoTicks<SecondsDouble>represents a move towards more type-safe time handling using the C++ chrono library.
228-228: LGTM: Consistent time handling for minimum ping timeThe change maintains consistency with the modern time handling approach.
225-231: Verify complete migration of time handling methodsLet's verify that all instances of
CountSecondsDoublehave been migrated to the newTicks<SecondsDouble>approach in the codebase.✅ Verification successful
Time handling migration successfully completed
The codebase shows complete adoption of
Ticks<SecondsDouble>with no remaining instances ofCountSecondsDouble, confirming successful migration of the time handling methods.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Search for any remaining instances of CountSecondsDouble echo "Checking for remaining CountSecondsDouble usage..." rg "CountSecondsDouble" --type cpp # Search for consistent usage of Ticks<SecondsDouble> echo "Verifying Ticks<SecondsDouble> usage..." rg "Ticks<SecondsDouble>" --type cppLength of output: 685
src/txmempool.cpp (5)
104-104: LGTM: Member variable initializationThe initialization of
m_modified_feewithnFeein the constructor is correct and matches the new fee handling approach.
458-458: LGTM: Consistent use of SaturatingAdd for fee updatesThe use of
SaturatingAddis consistently applied to both descendant and ancestor fee updates, maintaining the overflow protection throughout the codebase.Also applies to: 467-467
1465-1468: LGTM: Fee delta handling with overflow protectionThe changes correctly apply
SaturatingAddto fee delta calculations and properly update the modified fees through the mempool entry modification mechanism.
515-516: Verify assumption about fee modification stateThe code assumes that the initial fee matches the modified fee. While this is likely true for new entries, we should verify this assumption holds in all code paths.
✅ Verification successful
Assumption about fee modification state is valid
The assumption is correct by design. The code makes this assertion right after inserting a new entry and applying any potential fee delta from PrioritiseTransaction, which are the only two operations that could affect the fees at this point.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Look for places where fees might be modified before reaching this point rg -B 5 'GetModifiedFee|UpdateModifiedFee' src/Length of output: 9042
112-116: Verify overflow protection in fee updatesThe use of
SaturatingAddfor fee updates provides protection against integer overflow, which is important for fee calculations. The changes look correct but we should verify that all fee-related calculations are consistently using this protection.✅ Verification successful
Fee calculations have appropriate overflow protection
The codebase consistently uses proper overflow protection for fee calculations:
- Consensus-critical paths validate fees using
MoneyRangechecks- Memory pool modifications use
SaturatingAdd- Transaction validation enforces fee range limits
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check for any remaining direct fee additions that might need overflow protection rg -A 2 '\+= .*[Ff]ee' src/Length of output: 4250
Script:
#!/bin/bash # Check for MoneyRange usage near fee calculations rg -B 2 -A 2 'MoneyRange.*fee|fee.*MoneyRange' src/ # Check for other potential overflow protections rg -B 2 -A 2 'Saturating(Add|Sub).*fee|fee.*Saturating(Add|Sub)' src/Length of output: 2694
src/net_processing.cpp (11)
635-635: LGTM: Unit test misbehavior handlingThe
UnitTestMisbehavingmethod provides a clean way to test misbehavior handling in unit tests while maintaining encapsulation of the actual implementation.
676-681: Improved misbehavior tracking with peer referenceThe new
Misbehavingmethod signature usingPeer&provides better encapsulation and direct access to peer state. This change improves code organization and maintainability.
740-740: LGTM: Updated SendBlockTransactions signatureThe addition of the
Peer¶meter toSendBlockTransactionsaligns with the pattern of direct peer state access.
3494-3495: LGTM: Consistent error handling in message processingThe error handling in message processing is consistent, using the misbehavior tracking system uniformly across different message types.
Also applies to: 3500-3502
Line range hint
3983-3996: LGTM: Address rate limiting with token bucketThe implementation of address rate limiting using a token bucket approach is well-designed and properly handles the time-based token accumulation.
4086-4086: LGTM: Consistent inventory size checksThe size checks for INV and GETDATA messages are consistent and use appropriate misbehavior scores.
Also applies to: 4193-4193
4706-4706: LGTM: Block validation error handlingThe error handling for invalid compact blocks and block transactions is appropriate and uses consistent misbehavior scores.
Also applies to: 4832-4832
5101-5101: LGTM: Bloom filter validationThe validation of bloom filter size and data is thorough and uses appropriate misbehavior scores for violations.
Also applies to: 5137-5137
Line range hint
5166-5175: LGTM: Masternode message validationThe validation of masternode-related messages is comprehensive and uses appropriate misbehavior scores for different types of violations.
Also applies to: 5197-5197, 5213-5213, 5220-5220
3628-3634: Verify devnet version check error handlingThe devnet version check error handling looks correct but we should verify the misbehavior scores are appropriate for different scenarios.
✅ Verification successful
Misbehavior scores for devnet version mismatches are appropriately calibrated
The different scores (100 for outbound, 1 for inbound) are well-reasoned:
- Higher score for outbound prevents wasteful reconnection attempts to wrong networks
- Lower score for inbound allows honest mistakes without immediate harsh penalties
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check for consistency in devnet version handling rg -B 5 'devnet' src/Length of output: 70141
1781-1802: Verify thread safety of misbehavior trackingThe misbehavior tracking implementation looks correct but we should verify the thread safety of the score updates and disconnection logic.
✅ Verification successful
Thread safety implementation is correct and comprehensive
The misbehavior tracking implementation demonstrates proper thread safety through:
- Dedicated mutex (m_misbehavior_mutex) protecting all misbehavior state
- Consistent lock usage across all access points
- Clear thread safety annotations using GUARDED_BY
- No potential deadlock scenarios
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check for potential race conditions in peer state access ast-grep --pattern 'm_misbehavior_score' src/ ast-grep --pattern 'm_should_discourage' src/Length of output: 423
Script:
#!/bin/bash # Search for misbehavior related variables and mutex with context rg -A 3 -B 3 "m_misbehavior_score" src/ rg -A 3 -B 3 "m_should_discourage" src/ rg -A 3 -B 3 "m_misbehavior_mutex" src/Length of output: 8267
test/sanitizer_suppressions/ubsan (1)
3-6: Documentation improvement for suppression pattern format.The comment now uses a more generic format
sanitize-type:ClassName::MethodNameinstead of a specific example, making it clearer how to add new suppressions.src/net_processing.h (1)
122-123: Method renamed to clarify its testing purpose.The
Misbehavingmethod has been replaced withUnitTestMisbehaving, making it explicit that this method is intended for unit testing scenarios. This change improves code clarity and separates test functionality from production code.src/test/denialofservice_tests.cpp (4)
353-353: Updated test for peer discouragement threshold.Test now uses
UnitTestMisbehavingto verify peer discouragement at threshold, aligning with the new testing approach.
372-372: Updated tests for incremental misbehavior.Tests now use
UnitTestMisbehavingto verify:
- Below-threshold misbehavior (no discouragement)
- Reaching threshold through multiple violations
Also applies to: 380-380
403-403: Updated test for non-IP peer handling.Test now uses
UnitTestMisbehavingto verify discouragement behavior for non-IP peers (e.g., onion addresses).
449-449: Updated test for ban time functionality.Test now uses
UnitTestMisbehavingto verify the ban time implementation.src/llmq/dkgsessionhandler.cpp (1)
113-113: Updated misbehavior reporting method.The method now uses
UnitTestMisbehavingto report peer misbehavior, maintaining consistency with the test-focused approach adopted across the codebase.src/llmq/signing.cpp (1)
583-583: Verify the impact of switching to UnitTestMisbehaving.The change from
MisbehavingtoUnitTestMisbehavingalters how peer misbehavior is handled. This appears to be part of a broader refactor to improve testing capabilities, but we should ensure this doesn't affect production behavior.Let's verify if this change is consistently applied across the codebase:
✅ Verification successful
The change to UnitTestMisbehaving is a safe refactor
The switch from
MisbehavingtoUnitTestMisbehavingis part of a consistent pattern across the codebase whereUnitTestMisbehavingis the public interface method that internally calls the privateMisbehavingimplementation. This change improves encapsulation without altering the underlying behavior.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check for any remaining direct usage of Misbehaving rg "Misbehaving\(" --type cpp # Check for new UnitTestMisbehaving usage rg "UnitTestMisbehaving\(" --type cppLength of output: 5967
src/txmempool.h (3)
116-116: LGTM! Improved member variable naming.The change from
feeDeltatom_modified_feefollows better naming conventions with them_prefix for member variables and provides a more descriptive name.
145-145: LGTM! Simplified fee access.The updated
GetModifiedFee()implementation directly returnsm_modified_feeinstead of calculating it on the fly, which is more efficient.
153-154: LGTM! Improved method naming.The change from
UpdateFeeDeltatoUpdateModifiedFeebetter reflects the method's purpose and maintains consistency with the new member variable name.src/llmq/instantsend.cpp (1)
941-941: Verify consistent behavior with UnitTestMisbehaving.Similar to the change in signing.cpp, this replaces
MisbehavingwithUnitTestMisbehaving. We should ensure this change maintains the same penalty score (20) and behavior.Let's verify the penalty scores are consistent:
✅ Verification successful
Penalty score of 20 is correct and intentionally different
The lower penalty score in instantsend.cpp is a deliberate design choice, as indicated by the code comment: the peer might simply be unlucky due to quorum changes, so a less harsh penalty is appropriate compared to clear protocol violations that receive 100 points.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check all UnitTestMisbehaving calls and their scores rg "UnitTestMisbehaving.*\(\w+,\s*(\d+)\)" --type cppLength of output: 282
Script:
#!/bin/bash # Get context around UnitTestMisbehaving calls echo "=== signing.cpp ===" rg "UnitTestMisbehaving.*\(\w+,\s*(\d+)\)" src/llmq/signing.cpp -B 5 -A 5 echo -e "\n=== instantsend.cpp ===" rg "UnitTestMisbehaving.*\(\w+,\s*(\d+)\)" src/llmq/instantsend.cpp -B 5 -A 5 echo -e "\n=== signing_shares.cpp ===" rg "UnitTestMisbehaving.*\(\w+,\s*(\d+)\)" src/llmq/signing_shares.cpp -B 5 -A 5 # Also check for any comments mentioning misbehaving scores echo -e "\n=== Comments about misbehaving ===" rg "misbehav\w+" src/llmq/ -i --type cppLength of output: 2943
src/llmq/dkgsessionhandler.cpp
Outdated
| @@ -110,7 +110,7 @@ bool CDKGPendingMessages::HasSeen(const uint256& hash) const | |||
| void CDKGPendingMessages::Misbehaving(const NodeId from, const int score, PeerManager& peerman) | |||
| { | |||
| if (from == -1) return; | |||
| peerman.Misbehaving(from, score); | |||
| peerman.UnitTestMisbehaving(from, score); | |||
There was a problem hiding this comment.
25144: I don't like this approach, we need to find a better way
There was a problem hiding this comment.
Sure , I will try another approach
vijaydasmp
force-pushed
the
Jan_2025_03
branch
from
3847b1a to
4640813
Compare
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (2)
src/net_processing.cpp (2)
676-681: LGTM! Thread-safe misbehavior tracking implementation.The new Misbehaving implementation correctly uses mutex protection for the misbehavior score and adds useful stats tracking. The logging is also improved to show the score transition.
Consider adding these improvements:
void Misbehaving(Peer& peer, int howmuch, const std::string& message) { assert(howmuch > 0); + // Early return if peer has NetPermissionFlags::NoBan + if (m_connman.HasPermission(peer.m_id, NetPermissionFlags::NoBan)) { + return; + } LOCK(peer.m_misbehavior_mutex); const int score_before{peer.m_misbehavior_score}; peer.m_misbehavior_score += howmuch; const int score_now{peer.m_misbehavior_score}; + // Track maximum score seen for this peer + peer.m_max_misbehavior_score = std::max(peer.m_max_misbehavior_score, score_now);This would:
- Add early exit for peers with ban immunity
- Track the maximum misbehavior score seen for each peer
Also applies to: 1781-1802
3156-3156: LGTM! Consistent usage of Misbehaving across the codebase.The Misbehaving function is used consistently throughout the codebase with appropriate error messages and penalty scores.
Consider standardizing the error message format across all call sites:
-Misbehaving(*peer, 20, strprintf("headers message size = %u", nCount)); +Misbehaving(*peer, 20, strprintf("%s: message size = %u exceeds limit %u", __func__, nCount, MAX_HEADERS));This would:
- Include the function name for better error tracing
- Consistently show the limit that was exceeded
- Use a standard format across all oversized message errors
Also applies to: 3163-3163, 3983-3983, 4086-4086, 4193-4193, 4706-4706, 4832-4832, 4896-4896, 5101-5101, 5137-5137
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (6)
src/net_processing.cpp(27 hunks)src/net_processing.h(1 hunks)src/rpc/net.cpp(1 hunks)src/test/denialofservice_tests.cpp(4 hunks)src/util/system.cpp(0 hunks)src/util/time.h(0 hunks)
💤 Files with no reviewable changes (2)
- src/util/time.h
- src/util/system.cpp
🚧 Files skipped from review as they are similar to previous changes (2)
- src/test/denialofservice_tests.cpp
- src/rpc/net.cpp
⏰ Context from checks skipped due to timeout of 90000ms (2)
- GitHub Check: Build Dependencies (linux64, x86_64-pc-linux-gnu)
- GitHub Check: Build Dependencies (arm-linux, arm-linux-gnueabihf)
🔇 Additional comments (3)
src/net_processing.h (1)
122-123: Verify the backport's completeness and security implications.The replacement of
MisbehavingwithUnitTestMisbehavingrepresents a significant change in peer behavior management. This change requires careful verification to ensure:
- All production code paths have been updated to handle peer misbehavior appropriately
- The change doesn't weaken the network's defense against malicious peers
Let's verify the completeness of this backport:
✅ Verification successful
The implementation is correct and complete
The
UnitTestMisbehavingmethod is intentionally designed as a test-friendly wrapper around the coreMisbehavingimplementation. The production code correctly usesMisbehavingdirectly, whileUnitTestMisbehavingprovides a simplified interface for test code. This matches the common pattern of exposing test-specific methods while keeping the core implementation intact.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify that all calls to Misbehaving have been properly migrated # Check for any remaining references to the old Misbehaving method echo "Checking for remaining Misbehaving references..." rg -l "Misbehaving\(" --type cpp # Look for the new UnitTestMisbehaving usage echo "Checking UnitTestMisbehaving usage..." rg -l "UnitTestMisbehaving\(" --type cpp # Check test files to ensure they're using the new method echo "Checking test files..." rg -l "Misbehaving" --type cpp test/Length of output: 666
Script:
#!/bin/bash # Check the implementation details and relationship between Misbehaving and UnitTestMisbehaving # Look at the implementation in net_processing.cpp echo "=== Checking net_processing.cpp implementations ===" rg "Misbehaving|UnitTestMisbehaving" src/net_processing.cpp -B 2 -A 5 # Check if there are any TODOs or comments about migration echo -e "\n=== Checking for related comments ===" rg -i "todo.*misbehav|migrate.*misbehav" src/ # Look for any test documentation about this change echo -e "\n=== Checking test documentation ===" rg "Misbehaving" test/functional/README.md test/README.md 2>/dev/null || trueLength of output: 10028
src/net_processing.cpp (2)
635-635: LGTM! Clean unit test helper implementation.The UnitTestMisbehaving function provides a clean way to test misbehavior handling while ensuring the peer exists through Assert.
Line range hint
5166-5175: LGTM! Appropriate penalty levels for masternode-specific misbehavior.The code correctly differentiates between non-malicious failures (1 point) and protocol violations (100 points) for masternode-related messages.
Also applies to: 5197-5197, 5213-5213, 5220-5220
vijaydasmp
force-pushed
the
Jan_2025_03
branch
6 times, most recently
from
4b85b3d to
a6798b1
Compare
vijaydasmp
force-pushed
the
Jan_2025_03
branch
3 times, most recently
from
9335c37 to
ed2d417
Compare
…ble> fa956e7 Replace CountSecondsDouble with Ticks<SecondsDouble> (MacroFake) Pull request description: Seems odd to have two ways to say exactly the same thing when one is sufficient. ACKs for top commit: fanquake: ACK fa956e7 shaavan: ACK fa956e7 w0xlt: ACK bitcoin@fa956e7 Tree-SHA512: b599470e19b693da1ed1102d1e86b08cb03adaddf2048752b6d050fdf86055be117ff0ae10b6953d03e00eaaf7b0cfa350137968b67d6c5b3ca68c5aa50ca6aa
d8f8f78 util: remove MSVC warning pragmas (fanquake) Pull request description: 4786 - I don't think this exists any more? 4805 - Is already defined (globally) there. Dropped 4717 and 4804, as it seems they are no-longer supressing anything. See: https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warnings-c4000-c5999. ACKs for top commit: hebasto: ACK d8f8f78, build [log](https://api.cirrus-ci.com/v1/task/6088784285532160/logs/build.log) is free of warnings. Tree-SHA512: c8ac4585799996960ea099b2c5337e7bb577152eec2e9543cc459c56f42f7a36fc4dcd7faec2fa4ac159a4ae27859650ccfd96bbf94b94dbd1cbea638560a24f
vijaydasmp
force-pushed
the
Jan_2025_03
branch
from
ed2d417 to
140622f
Compare
vijaydasmp
changed the title
|
dropped 25144 at the moment, will look at it separately , requesting review |
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (6)
src/net_processing.cpp (6)
3985-3991: Consider using std::clamp for token bucket incrementThe token bucket increment calculation could be simplified and made safer using std::clamp.
- const double increment = Ticks<SecondsDouble>(time_diff) * MAX_ADDR_RATE_PER_SECOND; - peer->m_addr_token_bucket = std::min<double>(peer->m_addr_token_bucket + increment, MAX_ADDR_PROCESSING_TOKEN_BUCKET); + const double increment = std::clamp( + Ticks<SecondsDouble>(time_diff) * MAX_ADDR_RATE_PER_SECOND, + 0.0, + MAX_ADDR_PROCESSING_TOKEN_BUCKET - peer->m_addr_token_bucket + ); + peer->m_addr_token_bucket += increment;
6201-6215: Add overflow protection for stalling timeout doublingThe stalling timeout doubling could potentially overflow. Consider adding explicit overflow checks and more descriptive logging.
- const auto new_timeout = std::min(2 * stalling_timeout, BLOCK_STALLING_TIMEOUT_MAX); + const auto new_timeout = std::min( + (stalling_timeout > BLOCK_STALLING_TIMEOUT_MAX / 2) ? + BLOCK_STALLING_TIMEOUT_MAX : 2 * stalling_timeout, + BLOCK_STALLING_TIMEOUT_MAX + ); if (stalling_timeout != new_timeout && m_block_stalling_timeout.compare_exchange_strong(stalling_timeout, new_timeout)) { - LogPrint(BCLog::NET, "Increased stalling timeout temporarily to %d seconds\n", count_seconds(new_timeout)); + LogPrint(BCLog::NET, "Increased stalling timeout from %d to %d seconds due to slow peer\n", + count_seconds(stalling_timeout), count_seconds(new_timeout)); }
6231-6261: Extract magic numbers into named constantsThe headers sync timeout logic uses magic numbers that should be named constants. Also consider more descriptive variable names.
+ // Maximum acceptable age of our chain tip during headers sync + static constexpr auto HEADERS_SYNC_MAX_TIP_AGE = 10min; + if (state.fSyncStarted && state.m_headers_sync_timeout < std::chrono::microseconds::max()) { // Detect whether this is a stalling initial-headers-sync peer - if (m_chainman.m_best_header->GetBlockTime() <= GetAdjustedTime() - nMaxTipAge) { + if (m_chainman.m_best_header->GetBlockTime() <= GetAdjustedTime() - HEADERS_SYNC_MAX_TIP_AGE) { if (current_time > state.m_headers_sync_timeout && nSyncStarted == 1 && (m_num_preferred_download_peers - state.fPreferredDownload >= 1)) {
6263-6266: Improve documentation of peer eviction logicThe peer eviction logic could benefit from more detailed documentation explaining the criteria and rationale.
+ // Check if outbound peers should be evicted based on: + // 1. Chain staleness - peer's chain work is below our minimum requirements + // 2. Sync timeout - peer has not provided new blocks within timeout period + // 3. Download window - peer is stalling our block download progress ConsiderEviction(*pto, *peer, GetTime<std::chrono::seconds>());
6271-6287: Extract block download configuration into named constantsThe block download logic uses magic numbers and could benefit from more descriptive variable names.
+ // Maximum number of blocks that can be in-flight to a single peer + static constexpr int MAX_PARALLEL_BLOCK_DOWNLOADS = MAX_BLOCKS_IN_TRANSIT_PER_PEER; + if (CanServeBlocks(*peer) && pto->CanRelay() && ((sync_blocks_and_headers_from_peer && !IsLimitedPeer(*peer)) || !m_chainman.ActiveChainstate().IsInitialBlockDownload()) && - state.nBlocksInFlight < MAX_BLOCKS_IN_TRANSIT_PER_PEER) { + state.nBlocksInFlight < MAX_PARALLEL_BLOCK_DOWNLOADS) { std::vector<const CBlockIndex*> vToDownload; NodeId staller = -1; - FindNextBlocksToDownload(*peer, MAX_BLOCKS_IN_TRANSIT_PER_PEER - state.nBlocksInFlight, + FindNextBlocksToDownload(*peer, MAX_PARALLEL_BLOCK_DOWNLOADS - state.nBlocksInFlight, vToDownload, staller);
6298-6311: Improve object expiry documentation and namingThe object expiry logic could benefit from more descriptive variable names and detailed documentation of the rate limiting mechanism.
+ // Check for expired in-flight objects and clean them up. + // We randomize the check interval to avoid all peers checking at the same time. if (state.m_object_download.m_check_expiry_timer <= current_time) { for (auto it=state.m_object_download.m_object_in_flight.begin(); it != state.m_object_download.m_object_in_flight.end();) { - if (it->second <= current_time - GetObjectExpiryInterval(it->first.type)) { + const auto& object_inv = it->first; + const auto& request_time = it->second; + const auto expiry_interval = GetObjectExpiryInterval(object_inv.type); + if (request_time <= current_time - expiry_interval) { LogPrint(BCLog::NET, "timeout of inflight object %s from peer=%d\n", - it->first.ToString(), pto->GetId()); + object_inv.ToString(), pto->GetId());
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
src/net_processing.cpp(1 hunks)src/rpc/net.cpp(1 hunks)src/util/system.cpp(0 hunks)src/util/time.h(0 hunks)
💤 Files with no reviewable changes (2)
- src/util/time.h
- src/util/system.cpp
🚧 Files skipped from review as they are similar to previous changes (1)
- src/rpc/net.cpp
|
Hello @PastaPastaPasta, requesting review |
bitcoin backports