Bitcoin Core  27.99.0
P2P Digital Currency
validation.cpp
Go to the documentation of this file.
1 // Copyright (c) 2009-2010 Satoshi Nakamoto
2 // Copyright (c) 2009-2022 The Bitcoin Core developers
3 // Distributed under the MIT software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 
6 #if defined(HAVE_CONFIG_H)
8 #endif
9 
10 #include <validation.h>
11 
12 #include <arith_uint256.h>
13 #include <chain.h>
14 #include <checkqueue.h>
15 #include <clientversion.h>
16 #include <consensus/amount.h>
17 #include <consensus/consensus.h>
18 #include <consensus/merkle.h>
19 #include <consensus/tx_check.h>
20 #include <consensus/tx_verify.h>
21 #include <consensus/validation.h>
22 #include <cuckoocache.h>
23 #include <flatfile.h>
24 #include <hash.h>
25 #include <kernel/chain.h>
26 #include <kernel/chainparams.h>
27 #include <kernel/coinstats.h>
29 #include <kernel/mempool_entry.h>
32 #include <logging.h>
33 #include <logging/timer.h>
34 #include <node/blockstorage.h>
35 #include <node/utxo_snapshot.h>
36 #include <policy/v3_policy.h>
37 #include <policy/policy.h>
38 #include <policy/rbf.h>
39 #include <policy/settings.h>
40 #include <pow.h>
41 #include <primitives/block.h>
42 #include <primitives/transaction.h>
43 #include <random.h>
44 #include <reverse_iterator.h>
45 #include <script/script.h>
46 #include <script/sigcache.h>
47 #include <signet.h>
48 #include <tinyformat.h>
49 #include <txdb.h>
50 #include <txmempool.h>
51 #include <uint256.h>
52 #include <undo.h>
53 #include <util/check.h>
54 #include <util/fs.h>
55 #include <util/fs_helpers.h>
56 #include <util/hasher.h>
57 #include <util/moneystr.h>
58 #include <util/rbf.h>
59 #include <util/result.h>
60 #include <util/signalinterrupt.h>
61 #include <util/strencodings.h>
62 #include <util/time.h>
63 #include <util/trace.h>
64 #include <util/translation.h>
65 #include <validationinterface.h>
66 #include <warnings.h>
67 
68 #include <algorithm>
69 #include <cassert>
70 #include <chrono>
71 #include <deque>
72 #include <numeric>
73 #include <optional>
74 #include <string>
75 #include <tuple>
76 #include <utility>
77 
82 
83 using fsbridge::FopenFn;
84 using node::BlockManager;
85 using node::BlockMap;
88 using node::fReindex;
90 
92 static constexpr std::chrono::hours DATABASE_WRITE_INTERVAL{1};
94 static constexpr std::chrono::hours DATABASE_FLUSH_INTERVAL{24};
96 static constexpr std::chrono::hours MAX_FEE_ESTIMATION_TIP_AGE{3};
97 const std::vector<std::string> CHECKLEVEL_DOC {
98  "level 0 reads the blocks from disk",
99  "level 1 verifies block validity",
100  "level 2 verifies undo data",
101  "level 3 checks disconnection of tip blocks",
102  "level 4 tries to reconnect the blocks",
103  "each level includes the checks of the previous levels",
104 };
110 static constexpr int PRUNE_LOCK_BUFFER{10};
111 
113 std::condition_variable g_best_block_cv;
115 
116 const CBlockIndex* Chainstate::FindForkInGlobalIndex(const CBlockLocator& locator) const
117 {
119 
120  // Find the latest block common to locator and chain - we expect that
121  // locator.vHave is sorted descending by height.
122  for (const uint256& hash : locator.vHave) {
123  const CBlockIndex* pindex{m_blockman.LookupBlockIndex(hash)};
124  if (pindex) {
125  if (m_chain.Contains(pindex)) {
126  return pindex;
127  }
128  if (pindex->GetAncestor(m_chain.Height()) == m_chain.Tip()) {
129  return m_chain.Tip();
130  }
131  }
132  }
133  return m_chain.Genesis();
134 }
135 
136 bool CheckInputScripts(const CTransaction& tx, TxValidationState& state,
137  const CCoinsViewCache& inputs, unsigned int flags, bool cacheSigStore,
138  bool cacheFullScriptStore, PrecomputedTransactionData& txdata,
139  std::vector<CScriptCheck>* pvChecks = nullptr)
141 
142 bool CheckFinalTxAtTip(const CBlockIndex& active_chain_tip, const CTransaction& tx)
143 {
145 
146  // CheckFinalTxAtTip() uses active_chain_tip.Height()+1 to evaluate
147  // nLockTime because when IsFinalTx() is called within
148  // AcceptBlock(), the height of the block *being*
149  // evaluated is what is used. Thus if we want to know if a
150  // transaction can be part of the *next* block, we need to call
151  // IsFinalTx() with one more than active_chain_tip.Height().
152  const int nBlockHeight = active_chain_tip.nHeight + 1;
153 
154  // BIP113 requires that time-locked transactions have nLockTime set to
155  // less than the median time of the previous block they're contained in.
156  // When the next block is created its previous block will be the current
157  // chain tip, so we use that to calculate the median time passed to
158  // IsFinalTx().
159  const int64_t nBlockTime{active_chain_tip.GetMedianTimePast()};
160 
161  return IsFinalTx(tx, nBlockHeight, nBlockTime);
162 }
163 
164 namespace {
175 std::optional<std::vector<int>> CalculatePrevHeights(
176  const CBlockIndex& tip,
177  const CCoinsView& coins,
178  const CTransaction& tx)
179 {
180  std::vector<int> prev_heights;
181  prev_heights.resize(tx.vin.size());
182  for (size_t i = 0; i < tx.vin.size(); ++i) {
183  const CTxIn& txin = tx.vin[i];
184  Coin coin;
185  if (!coins.GetCoin(txin.prevout, coin)) {
186  LogPrintf("ERROR: %s: Missing input %d in transaction \'%s\'\n", __func__, i, tx.GetHash().GetHex());
187  return std::nullopt;
188  }
189  if (coin.nHeight == MEMPOOL_HEIGHT) {
190  // Assume all mempool transaction confirm in the next block.
191  prev_heights[i] = tip.nHeight + 1;
192  } else {
193  prev_heights[i] = coin.nHeight;
194  }
195  }
196  return prev_heights;
197 }
198 } // namespace
199 
200 std::optional<LockPoints> CalculateLockPointsAtTip(
201  CBlockIndex* tip,
202  const CCoinsView& coins_view,
203  const CTransaction& tx)
204 {
205  assert(tip);
206 
207  auto prev_heights{CalculatePrevHeights(*tip, coins_view, tx)};
208  if (!prev_heights.has_value()) return std::nullopt;
209 
210  CBlockIndex next_tip;
211  next_tip.pprev = tip;
212  // When SequenceLocks() is called within ConnectBlock(), the height
213  // of the block *being* evaluated is what is used.
214  // Thus if we want to know if a transaction can be part of the
215  // *next* block, we need to use one more than active_chainstate.m_chain.Height()
216  next_tip.nHeight = tip->nHeight + 1;
217  const auto [min_height, min_time] = CalculateSequenceLocks(tx, STANDARD_LOCKTIME_VERIFY_FLAGS, prev_heights.value(), next_tip);
218 
219  // Also store the hash of the block with the highest height of
220  // all the blocks which have sequence locked prevouts.
221  // This hash needs to still be on the chain
222  // for these LockPoint calculations to be valid
223  // Note: It is impossible to correctly calculate a maxInputBlock
224  // if any of the sequence locked inputs depend on unconfirmed txs,
225  // except in the special case where the relative lock time/height
226  // is 0, which is equivalent to no sequence lock. Since we assume
227  // input height of tip+1 for mempool txs and test the resulting
228  // min_height and min_time from CalculateSequenceLocks against tip+1.
229  int max_input_height{0};
230  for (const int height : prev_heights.value()) {
231  // Can ignore mempool inputs since we'll fail if they had non-zero locks
232  if (height != next_tip.nHeight) {
233  max_input_height = std::max(max_input_height, height);
234  }
235  }
236 
237  // tip->GetAncestor(max_input_height) should never return a nullptr
238  // because max_input_height is always less than the tip height.
239  // It would, however, be a bad bug to continue execution, since a
240  // LockPoints object with the maxInputBlock member set to nullptr
241  // signifies no relative lock time.
242  return LockPoints{min_height, min_time, Assert(tip->GetAncestor(max_input_height))};
243 }
244 
246  const LockPoints& lock_points)
247 {
248  assert(tip != nullptr);
249 
250  CBlockIndex index;
251  index.pprev = tip;
252  // CheckSequenceLocksAtTip() uses active_chainstate.m_chain.Height()+1 to evaluate
253  // height based locks because when SequenceLocks() is called within
254  // ConnectBlock(), the height of the block *being*
255  // evaluated is what is used.
256  // Thus if we want to know if a transaction can be part of the
257  // *next* block, we need to use one more than active_chainstate.m_chain.Height()
258  index.nHeight = tip->nHeight + 1;
259 
260  return EvaluateSequenceLocks(index, {lock_points.height, lock_points.time});
261 }
262 
263 // Returns the script flags which should be checked for a given block
264 static unsigned int GetBlockScriptFlags(const CBlockIndex& block_index, const ChainstateManager& chainman);
265 
266 static void LimitMempoolSize(CTxMemPool& pool, CCoinsViewCache& coins_cache)
268 {
270  AssertLockHeld(pool.cs);
271  int expired = pool.Expire(GetTime<std::chrono::seconds>() - pool.m_expiry);
272  if (expired != 0) {
273  LogPrint(BCLog::MEMPOOL, "Expired %i transactions from the memory pool\n", expired);
274  }
275 
276  std::vector<COutPoint> vNoSpendsRemaining;
277  pool.TrimToSize(pool.m_max_size_bytes, &vNoSpendsRemaining);
278  for (const COutPoint& removed : vNoSpendsRemaining)
279  coins_cache.Uncache(removed);
280 }
281 
283 {
285  if (active_chainstate.m_chainman.IsInitialBlockDownload()) {
286  return false;
287  }
288  if (active_chainstate.m_chain.Tip()->GetBlockTime() < count_seconds(GetTime<std::chrono::seconds>() - MAX_FEE_ESTIMATION_TIP_AGE))
289  return false;
290  if (active_chainstate.m_chain.Height() < active_chainstate.m_chainman.m_best_header->nHeight - 1) {
291  return false;
292  }
293  return true;
294 }
295 
297  DisconnectedBlockTransactions& disconnectpool,
298  bool fAddToMempool)
299 {
300  if (!m_mempool) return;
301 
304  std::vector<uint256> vHashUpdate;
305  {
306  // disconnectpool is ordered so that the front is the most recently-confirmed
307  // transaction (the last tx of the block at the tip) in the disconnected chain.
308  // Iterate disconnectpool in reverse, so that we add transactions
309  // back to the mempool starting with the earliest transaction that had
310  // been previously seen in a block.
311  const auto queuedTx = disconnectpool.take();
312  auto it = queuedTx.rbegin();
313  while (it != queuedTx.rend()) {
314  // ignore validation errors in resurrected transactions
315  if (!fAddToMempool || (*it)->IsCoinBase() ||
316  AcceptToMemoryPool(*this, *it, GetTime(),
317  /*bypass_limits=*/true, /*test_accept=*/false).m_result_type !=
319  // If the transaction doesn't make it in to the mempool, remove any
320  // transactions that depend on it (which would now be orphans).
322  } else if (m_mempool->exists(GenTxid::Txid((*it)->GetHash()))) {
323  vHashUpdate.push_back((*it)->GetHash());
324  }
325  ++it;
326  }
327  }
328 
329  // AcceptToMemoryPool/addUnchecked all assume that new mempool entries have
330  // no in-mempool children, which is generally not true when adding
331  // previously-confirmed transactions back to the mempool.
332  // UpdateTransactionsFromBlock finds descendants of any transactions in
333  // the disconnectpool that were added back and cleans up the mempool state.
335 
336  // Predicate to use for filtering transactions in removeForReorg.
337  // Checks whether the transaction is still final and, if it spends a coinbase output, mature.
338  // Also updates valid entries' cached LockPoints if needed.
339  // If false, the tx is still valid and its lockpoints are updated.
340  // If true, the tx would be invalid in the next block; remove this entry and all of its descendants.
341  // Note that v3 rules are not applied here, so reorgs may cause violations of v3 inheritance or
342  // topology restrictions.
343  const auto filter_final_and_mature = [&](CTxMemPool::txiter it)
347  const CTransaction& tx = it->GetTx();
348 
349  // The transaction must be final.
350  if (!CheckFinalTxAtTip(*Assert(m_chain.Tip()), tx)) return true;
351 
352  const LockPoints& lp = it->GetLockPoints();
353  // CheckSequenceLocksAtTip checks if the transaction will be final in the next block to be
354  // created on top of the new chain.
357  return true;
358  }
359  } else {
360  const CCoinsViewMemPool view_mempool{&CoinsTip(), *m_mempool};
361  const std::optional<LockPoints> new_lock_points{CalculateLockPointsAtTip(m_chain.Tip(), view_mempool, tx)};
362  if (new_lock_points.has_value() && CheckSequenceLocksAtTip(m_chain.Tip(), *new_lock_points)) {
363  // Now update the mempool entry lockpoints as well.
364  it->UpdateLockPoints(*new_lock_points);
365  } else {
366  return true;
367  }
368  }
369 
370  // If the transaction spends any coinbase outputs, it must be mature.
371  if (it->GetSpendsCoinbase()) {
372  for (const CTxIn& txin : tx.vin) {
373  if (m_mempool->exists(GenTxid::Txid(txin.prevout.hash))) continue;
374  const Coin& coin{CoinsTip().AccessCoin(txin.prevout)};
375  assert(!coin.IsSpent());
376  const auto mempool_spend_height{m_chain.Tip()->nHeight + 1};
377  if (coin.IsCoinBase() && mempool_spend_height - coin.nHeight < COINBASE_MATURITY) {
378  return true;
379  }
380  }
381  }
382  // Transaction is still valid and cached LockPoints are updated.
383  return false;
384  };
385 
386  // We also need to remove any now-immature transactions
387  m_mempool->removeForReorg(m_chain, filter_final_and_mature);
388  // Re-limit mempool size, in case we added any transactions
390 }
391 
398  const CCoinsViewCache& view, const CTxMemPool& pool,
399  unsigned int flags, PrecomputedTransactionData& txdata, CCoinsViewCache& coins_tip)
401 {
404 
406  for (const CTxIn& txin : tx.vin) {
407  const Coin& coin = view.AccessCoin(txin.prevout);
408 
409  // This coin was checked in PreChecks and MemPoolAccept
410  // has been holding cs_main since then.
411  Assume(!coin.IsSpent());
412  if (coin.IsSpent()) return false;
413 
414  // If the Coin is available, there are 2 possibilities:
415  // it is available in our current ChainstateActive UTXO set,
416  // or it's a UTXO provided by a transaction in our mempool.
417  // Ensure the scriptPubKeys in Coins from CoinsView are correct.
418  const CTransactionRef& txFrom = pool.get(txin.prevout.hash);
419  if (txFrom) {
420  assert(txFrom->GetHash() == txin.prevout.hash);
421  assert(txFrom->vout.size() > txin.prevout.n);
422  assert(txFrom->vout[txin.prevout.n] == coin.out);
423  } else {
424  const Coin& coinFromUTXOSet = coins_tip.AccessCoin(txin.prevout);
425  assert(!coinFromUTXOSet.IsSpent());
426  assert(coinFromUTXOSet.out == coin.out);
427  }
428  }
429 
430  // Call CheckInputScripts() to cache signature and script validity against current tip consensus rules.
431  return CheckInputScripts(tx, state, view, flags, /* cacheSigStore= */ true, /* cacheFullScriptStore= */ true, txdata);
432 }
433 
434 namespace {
435 
436 class MemPoolAccept
437 {
438 public:
439  explicit MemPoolAccept(CTxMemPool& mempool, Chainstate& active_chainstate) :
440  m_pool(mempool),
441  m_view(&m_dummy),
442  m_viewmempool(&active_chainstate.CoinsTip(), m_pool),
443  m_active_chainstate(active_chainstate)
444  {
445  }
446 
447  // We put the arguments we're handed into a struct, so we can pass them
448  // around easier.
449  struct ATMPArgs {
450  const CChainParams& m_chainparams;
451  const int64_t m_accept_time;
452  const bool m_bypass_limits;
453  /*
454  * Return any outpoints which were not previously present in the coins
455  * cache, but were added as a result of validating the tx for mempool
456  * acceptance. This allows the caller to optionally remove the cache
457  * additions if the associated transaction ends up being rejected by
458  * the mempool.
459  */
460  std::vector<COutPoint>& m_coins_to_uncache;
461  const bool m_test_accept;
465  const bool m_allow_replacement;
470  const bool m_package_submission;
474  const bool m_package_feerates;
479  const std::optional<CFeeRate> m_client_maxfeerate;
480 
482  static ATMPArgs SingleAccept(const CChainParams& chainparams, int64_t accept_time,
483  bool bypass_limits, std::vector<COutPoint>& coins_to_uncache,
484  bool test_accept) {
485  return ATMPArgs{/* m_chainparams */ chainparams,
486  /* m_accept_time */ accept_time,
487  /* m_bypass_limits */ bypass_limits,
488  /* m_coins_to_uncache */ coins_to_uncache,
489  /* m_test_accept */ test_accept,
490  /* m_allow_replacement */ true,
491  /* m_package_submission */ false,
492  /* m_package_feerates */ false,
493  /* m_client_maxfeerate */ {}, // checked by caller
494  };
495  }
496 
498  static ATMPArgs PackageTestAccept(const CChainParams& chainparams, int64_t accept_time,
499  std::vector<COutPoint>& coins_to_uncache) {
500  return ATMPArgs{/* m_chainparams */ chainparams,
501  /* m_accept_time */ accept_time,
502  /* m_bypass_limits */ false,
503  /* m_coins_to_uncache */ coins_to_uncache,
504  /* m_test_accept */ true,
505  /* m_allow_replacement */ false,
506  /* m_package_submission */ false, // not submitting to mempool
507  /* m_package_feerates */ false,
508  /* m_client_maxfeerate */ {}, // checked by caller
509  };
510  }
511 
513  static ATMPArgs PackageChildWithParents(const CChainParams& chainparams, int64_t accept_time,
514  std::vector<COutPoint>& coins_to_uncache, std::optional<CFeeRate>& client_maxfeerate) {
515  return ATMPArgs{/* m_chainparams */ chainparams,
516  /* m_accept_time */ accept_time,
517  /* m_bypass_limits */ false,
518  /* m_coins_to_uncache */ coins_to_uncache,
519  /* m_test_accept */ false,
520  /* m_allow_replacement */ false,
521  /* m_package_submission */ true,
522  /* m_package_feerates */ true,
523  /* m_client_maxfeerate */ client_maxfeerate,
524  };
525  }
526 
528  static ATMPArgs SingleInPackageAccept(const ATMPArgs& package_args) {
529  return ATMPArgs{/* m_chainparams */ package_args.m_chainparams,
530  /* m_accept_time */ package_args.m_accept_time,
531  /* m_bypass_limits */ false,
532  /* m_coins_to_uncache */ package_args.m_coins_to_uncache,
533  /* m_test_accept */ package_args.m_test_accept,
534  /* m_allow_replacement */ true,
535  /* m_package_submission */ true, // do not LimitMempoolSize in Finalize()
536  /* m_package_feerates */ false, // only 1 transaction
537  /* m_client_maxfeerate */ package_args.m_client_maxfeerate,
538  };
539  }
540 
541  private:
542  // Private ctor to avoid exposing details to clients and allowing the possibility of
543  // mixing up the order of the arguments. Use static functions above instead.
544  ATMPArgs(const CChainParams& chainparams,
545  int64_t accept_time,
546  bool bypass_limits,
547  std::vector<COutPoint>& coins_to_uncache,
548  bool test_accept,
549  bool allow_replacement,
550  bool package_submission,
551  bool package_feerates,
552  std::optional<CFeeRate> client_maxfeerate)
553  : m_chainparams{chainparams},
554  m_accept_time{accept_time},
555  m_bypass_limits{bypass_limits},
556  m_coins_to_uncache{coins_to_uncache},
557  m_test_accept{test_accept},
558  m_allow_replacement{allow_replacement},
559  m_package_submission{package_submission},
560  m_package_feerates{package_feerates},
561  m_client_maxfeerate{client_maxfeerate}
562  {
563  }
564  };
565 
567  void CleanupTemporaryCoins() EXCLUSIVE_LOCKS_REQUIRED(cs_main, m_pool.cs);
568 
569  // Single transaction acceptance
570  MempoolAcceptResult AcceptSingleTransaction(const CTransactionRef& ptx, ATMPArgs& args) EXCLUSIVE_LOCKS_REQUIRED(cs_main);
571 
577  PackageMempoolAcceptResult AcceptMultipleTransactions(const std::vector<CTransactionRef>& txns, ATMPArgs& args) EXCLUSIVE_LOCKS_REQUIRED(cs_main);
578 
589  PackageMempoolAcceptResult AcceptSubPackage(const std::vector<CTransactionRef>& subpackage, ATMPArgs& args)
591 
596  PackageMempoolAcceptResult AcceptPackage(const Package& package, ATMPArgs& args) EXCLUSIVE_LOCKS_REQUIRED(cs_main);
597 
598 private:
599  // All the intermediate state that gets passed between the various levels
600  // of checking a given transaction.
601  struct Workspace {
602  explicit Workspace(const CTransactionRef& ptx) : m_ptx(ptx), m_hash(ptx->GetHash()) {}
605  std::set<Txid> m_conflicts;
608  CTxMemPool::setEntries m_iters_conflicting;
611  CTxMemPool::setEntries m_all_conflicting;
613  CTxMemPool::setEntries m_ancestors;
616  std::unique_ptr<CTxMemPoolEntry> m_entry;
620  std::list<CTransactionRef> m_replaced_transactions;
623  bool m_sibling_eviction{false};
624 
627  int64_t m_vsize;
629  CAmount m_base_fees;
631  CAmount m_modified_fees;
633  CAmount m_conflicting_fees{0};
635  size_t m_conflicting_size{0};
636 
640  CFeeRate m_package_feerate{0};
641 
642  const CTransactionRef& m_ptx;
644  const Txid& m_hash;
645  TxValidationState m_state;
648  PrecomputedTransactionData m_precomputed_txdata;
649  };
650 
651  // Run the policy checks on a given transaction, excluding any script checks.
652  // Looks up inputs, calculates feerate, considers replacement, evaluates
653  // package limits, etc. As this function can be invoked for "free" by a peer,
654  // only tests that are fast should be done here (to avoid CPU DoS).
655  bool PreChecks(ATMPArgs& args, Workspace& ws) EXCLUSIVE_LOCKS_REQUIRED(cs_main, m_pool.cs);
656 
657  // Run checks for mempool replace-by-fee.
658  bool ReplacementChecks(Workspace& ws) EXCLUSIVE_LOCKS_REQUIRED(cs_main, m_pool.cs);
659 
660  // Enforce package mempool ancestor/descendant limits (distinct from individual
661  // ancestor/descendant limits done in PreChecks).
662  bool PackageMempoolChecks(const std::vector<CTransactionRef>& txns,
663  int64_t total_vsize,
664  PackageValidationState& package_state) EXCLUSIVE_LOCKS_REQUIRED(cs_main, m_pool.cs);
665 
666  // Run the script checks using our policy flags. As this can be slow, we should
667  // only invoke this on transactions that have otherwise passed policy checks.
668  bool PolicyScriptChecks(const ATMPArgs& args, Workspace& ws) EXCLUSIVE_LOCKS_REQUIRED(cs_main, m_pool.cs);
669 
670  // Re-run the script checks, using consensus flags, and try to cache the
671  // result in the scriptcache. This should be done after
672  // PolicyScriptChecks(). This requires that all inputs either be in our
673  // utxo set or in the mempool.
674  bool ConsensusScriptChecks(const ATMPArgs& args, Workspace& ws) EXCLUSIVE_LOCKS_REQUIRED(cs_main, m_pool.cs);
675 
676  // Try to add the transaction to the mempool, removing any conflicts first.
677  // Returns true if the transaction is in the mempool after any size
678  // limiting is performed, false otherwise.
679  bool Finalize(const ATMPArgs& args, Workspace& ws) EXCLUSIVE_LOCKS_REQUIRED(cs_main, m_pool.cs);
680 
681  // Submit all transactions to the mempool and call ConsensusScriptChecks to add to the script
682  // cache - should only be called after successful validation of all transactions in the package.
683  // Does not call LimitMempoolSize(), so mempool max_size_bytes may be temporarily exceeded.
684  bool SubmitPackage(const ATMPArgs& args, std::vector<Workspace>& workspaces, PackageValidationState& package_state,
685  std::map<uint256, MempoolAcceptResult>& results)
686  EXCLUSIVE_LOCKS_REQUIRED(cs_main, m_pool.cs);
687 
688  // Compare a package's feerate against minimum allowed.
689  bool CheckFeeRate(size_t package_size, CAmount package_fee, TxValidationState& state) EXCLUSIVE_LOCKS_REQUIRED(::cs_main, m_pool.cs)
690  {
692  AssertLockHeld(m_pool.cs);
693  CAmount mempoolRejectFee = m_pool.GetMinFee().GetFee(package_size);
694  if (mempoolRejectFee > 0 && package_fee < mempoolRejectFee) {
695  return state.Invalid(TxValidationResult::TX_RECONSIDERABLE, "mempool min fee not met", strprintf("%d < %d", package_fee, mempoolRejectFee));
696  }
697 
698  if (package_fee < m_pool.m_min_relay_feerate.GetFee(package_size)) {
699  return state.Invalid(TxValidationResult::TX_RECONSIDERABLE, "min relay fee not met",
700  strprintf("%d < %d", package_fee, m_pool.m_min_relay_feerate.GetFee(package_size)));
701  }
702  return true;
703  }
704 
705 private:
706  CTxMemPool& m_pool;
707  CCoinsViewCache m_view;
708  CCoinsViewMemPool m_viewmempool;
709  CCoinsView m_dummy;
710 
711  Chainstate& m_active_chainstate;
712 
715  bool m_rbf{false};
716 };
717 
718 bool MemPoolAccept::PreChecks(ATMPArgs& args, Workspace& ws)
719 {
721  AssertLockHeld(m_pool.cs);
722  const CTransactionRef& ptx = ws.m_ptx;
723  const CTransaction& tx = *ws.m_ptx;
724  const Txid& hash = ws.m_hash;
725 
726  // Copy/alias what we need out of args
727  const int64_t nAcceptTime = args.m_accept_time;
728  const bool bypass_limits = args.m_bypass_limits;
729  std::vector<COutPoint>& coins_to_uncache = args.m_coins_to_uncache;
730 
731  // Alias what we need out of ws
732  TxValidationState& state = ws.m_state;
733  std::unique_ptr<CTxMemPoolEntry>& entry = ws.m_entry;
734 
735  if (!CheckTransaction(tx, state)) {
736  return false; // state filled in by CheckTransaction
737  }
738 
739  // Coinbase is only valid in a block, not as a loose transaction
740  if (tx.IsCoinBase())
741  return state.Invalid(TxValidationResult::TX_CONSENSUS, "coinbase");
742 
743  // Rather not work on nonstandard transactions (unless -testnet/-regtest)
744  std::string reason;
745  if (m_pool.m_require_standard && !IsStandardTx(tx, m_pool.m_max_datacarrier_bytes, m_pool.m_permit_bare_multisig, m_pool.m_dust_relay_feerate, reason)) {
746  return state.Invalid(TxValidationResult::TX_NOT_STANDARD, reason);
747  }
748 
749  // Transactions smaller than 65 non-witness bytes are not relayed to mitigate CVE-2017-12842.
751  return state.Invalid(TxValidationResult::TX_NOT_STANDARD, "tx-size-small");
752 
753  // Only accept nLockTime-using transactions that can be mined in the next
754  // block; we don't want our mempool filled up with transactions that can't
755  // be mined yet.
756  if (!CheckFinalTxAtTip(*Assert(m_active_chainstate.m_chain.Tip()), tx)) {
757  return state.Invalid(TxValidationResult::TX_PREMATURE_SPEND, "non-final");
758  }
759 
760  if (m_pool.exists(GenTxid::Wtxid(tx.GetWitnessHash()))) {
761  // Exact transaction already exists in the mempool.
762  return state.Invalid(TxValidationResult::TX_CONFLICT, "txn-already-in-mempool");
763  } else if (m_pool.exists(GenTxid::Txid(tx.GetHash()))) {
764  // Transaction with the same non-witness data but different witness (same txid, different
765  // wtxid) already exists in the mempool.
766  return state.Invalid(TxValidationResult::TX_CONFLICT, "txn-same-nonwitness-data-in-mempool");
767  }
768 
769  // Check for conflicts with in-memory transactions
770  for (const CTxIn &txin : tx.vin)
771  {
772  const CTransaction* ptxConflicting = m_pool.GetConflictTx(txin.prevout);
773  if (ptxConflicting) {
774  if (!args.m_allow_replacement) {
775  // Transaction conflicts with a mempool tx, but we're not allowing replacements.
776  return state.Invalid(TxValidationResult::TX_MEMPOOL_POLICY, "bip125-replacement-disallowed");
777  }
778  if (!ws.m_conflicts.count(ptxConflicting->GetHash()))
779  {
780  // Transactions that don't explicitly signal replaceability are
781  // *not* replaceable with the current logic, even if one of their
782  // unconfirmed ancestors signals replaceability. This diverges
783  // from BIP125's inherited signaling description (see CVE-2021-31876).
784  // Applications relying on first-seen mempool behavior should
785  // check all unconfirmed ancestors; otherwise an opt-in ancestor
786  // might be replaced, causing removal of this descendant.
787  //
788  // All V3 transactions are considered replaceable.
789  //
790  // Replaceability signaling of the original transactions may be
791  // ignored due to node setting.
792  const bool allow_rbf{m_pool.m_full_rbf || SignalsOptInRBF(*ptxConflicting) || ptxConflicting->nVersion == 3};
793  if (!allow_rbf) {
794  return state.Invalid(TxValidationResult::TX_MEMPOOL_POLICY, "txn-mempool-conflict");
795  }
796 
797  ws.m_conflicts.insert(ptxConflicting->GetHash());
798  }
799  }
800  }
801 
802  m_view.SetBackend(m_viewmempool);
803 
804  const CCoinsViewCache& coins_cache = m_active_chainstate.CoinsTip();
805  // do all inputs exist?
806  for (const CTxIn& txin : tx.vin) {
807  if (!coins_cache.HaveCoinInCache(txin.prevout)) {
808  coins_to_uncache.push_back(txin.prevout);
809  }
810 
811  // Note: this call may add txin.prevout to the coins cache
812  // (coins_cache.cacheCoins) by way of FetchCoin(). It should be removed
813  // later (via coins_to_uncache) if this tx turns out to be invalid.
814  if (!m_view.HaveCoin(txin.prevout)) {
815  // Are inputs missing because we already have the tx?
816  for (size_t out = 0; out < tx.vout.size(); out++) {
817  // Optimistically just do efficient check of cache for outputs
818  if (coins_cache.HaveCoinInCache(COutPoint(hash, out))) {
819  return state.Invalid(TxValidationResult::TX_CONFLICT, "txn-already-known");
820  }
821  }
822  // Otherwise assume this might be an orphan tx for which we just haven't seen parents yet
823  return state.Invalid(TxValidationResult::TX_MISSING_INPUTS, "bad-txns-inputs-missingorspent");
824  }
825  }
826 
827  // This is const, but calls into the back end CoinsViews. The CCoinsViewDB at the bottom of the
828  // hierarchy brings the best block into scope. See CCoinsViewDB::GetBestBlock().
829  m_view.GetBestBlock();
830 
831  // we have all inputs cached now, so switch back to dummy (to protect
832  // against bugs where we pull more inputs from disk that miss being added
833  // to coins_to_uncache)
834  m_view.SetBackend(m_dummy);
835 
836  assert(m_active_chainstate.m_blockman.LookupBlockIndex(m_view.GetBestBlock()) == m_active_chainstate.m_chain.Tip());
837 
838  // Only accept BIP68 sequence locked transactions that can be mined in the next
839  // block; we don't want our mempool filled up with transactions that can't
840  // be mined yet.
841  // Pass in m_view which has all of the relevant inputs cached. Note that, since m_view's
842  // backend was removed, it no longer pulls coins from the mempool.
843  const std::optional<LockPoints> lock_points{CalculateLockPointsAtTip(m_active_chainstate.m_chain.Tip(), m_view, tx)};
844  if (!lock_points.has_value() || !CheckSequenceLocksAtTip(m_active_chainstate.m_chain.Tip(), *lock_points)) {
845  return state.Invalid(TxValidationResult::TX_PREMATURE_SPEND, "non-BIP68-final");
846  }
847 
848  // The mempool holds txs for the next block, so pass height+1 to CheckTxInputs
849  if (!Consensus::CheckTxInputs(tx, state, m_view, m_active_chainstate.m_chain.Height() + 1, ws.m_base_fees)) {
850  return false; // state filled in by CheckTxInputs
851  }
852 
853  if (m_pool.m_require_standard && !AreInputsStandard(tx, m_view)) {
854  return state.Invalid(TxValidationResult::TX_INPUTS_NOT_STANDARD, "bad-txns-nonstandard-inputs");
855  }
856 
857  // Check for non-standard witnesses.
858  if (tx.HasWitness() && m_pool.m_require_standard && !IsWitnessStandard(tx, m_view)) {
859  return state.Invalid(TxValidationResult::TX_WITNESS_MUTATED, "bad-witness-nonstandard");
860  }
861 
862  int64_t nSigOpsCost = GetTransactionSigOpCost(tx, m_view, STANDARD_SCRIPT_VERIFY_FLAGS);
863 
864  // ws.m_modified_fees includes any fee deltas from PrioritiseTransaction
865  ws.m_modified_fees = ws.m_base_fees;
866  m_pool.ApplyDelta(hash, ws.m_modified_fees);
867 
868  // Keep track of transactions that spend a coinbase, which we re-scan
869  // during reorgs to ensure COINBASE_MATURITY is still met.
870  bool fSpendsCoinbase = false;
871  for (const CTxIn &txin : tx.vin) {
872  const Coin &coin = m_view.AccessCoin(txin.prevout);
873  if (coin.IsCoinBase()) {
874  fSpendsCoinbase = true;
875  break;
876  }
877  }
878 
879  // Set entry_sequence to 0 when bypass_limits is used; this allows txs from a block
880  // reorg to be marked earlier than any child txs that were already in the mempool.
881  const uint64_t entry_sequence = bypass_limits ? 0 : m_pool.GetSequence();
882  entry.reset(new CTxMemPoolEntry(ptx, ws.m_base_fees, nAcceptTime, m_active_chainstate.m_chain.Height(), entry_sequence,
883  fSpendsCoinbase, nSigOpsCost, lock_points.value()));
884  ws.m_vsize = entry->GetTxSize();
885 
886  if (nSigOpsCost > MAX_STANDARD_TX_SIGOPS_COST)
887  return state.Invalid(TxValidationResult::TX_NOT_STANDARD, "bad-txns-too-many-sigops",
888  strprintf("%d", nSigOpsCost));
889 
890  // No individual transactions are allowed below the min relay feerate except from disconnected blocks.
891  // This requirement, unlike CheckFeeRate, cannot be bypassed using m_package_feerates because,
892  // while a tx could be package CPFP'd when entering the mempool, we do not have a DoS-resistant
893  // method of ensuring the tx remains bumped. For example, the fee-bumping child could disappear
894  // due to a replacement.
895  // The only exception is v3 transactions.
896  if (!bypass_limits && ws.m_ptx->nVersion != 3 && ws.m_modified_fees < m_pool.m_min_relay_feerate.GetFee(ws.m_vsize)) {
897  // Even though this is a fee-related failure, this result is TX_MEMPOOL_POLICY, not
898  // TX_RECONSIDERABLE, because it cannot be bypassed using package validation.
899  return state.Invalid(TxValidationResult::TX_MEMPOOL_POLICY, "min relay fee not met",
900  strprintf("%d < %d", ws.m_modified_fees, m_pool.m_min_relay_feerate.GetFee(ws.m_vsize)));
901  }
902  // No individual transactions are allowed below the mempool min feerate except from disconnected
903  // blocks and transactions in a package. Package transactions will be checked using package
904  // feerate later.
905  if (!bypass_limits && !args.m_package_feerates && !CheckFeeRate(ws.m_vsize, ws.m_modified_fees, state)) return false;
906 
907  ws.m_iters_conflicting = m_pool.GetIterSet(ws.m_conflicts);
908 
909  // Note that these modifications are only applicable to single transaction scenarios;
910  // carve-outs and package RBF are disabled for multi-transaction evaluations.
911  CTxMemPool::Limits maybe_rbf_limits = m_pool.m_limits;
912 
913  // Calculate in-mempool ancestors, up to a limit.
914  if (ws.m_conflicts.size() == 1) {
915  // In general, when we receive an RBF transaction with mempool conflicts, we want to know whether we
916  // would meet the chain limits after the conflicts have been removed. However, there isn't a practical
917  // way to do this short of calculating the ancestor and descendant sets with an overlay cache of
918  // changed mempool entries. Due to both implementation and runtime complexity concerns, this isn't
919  // very realistic, thus we only ensure a limited set of transactions are RBF'able despite mempool
920  // conflicts here. Importantly, we need to ensure that some transactions which were accepted using
921  // the below carve-out are able to be RBF'ed, without impacting the security the carve-out provides
922  // for off-chain contract systems (see link in the comment below).
923  //
924  // Specifically, the subset of RBF transactions which we allow despite chain limits are those which
925  // conflict directly with exactly one other transaction (but may evict children of said transaction),
926  // and which are not adding any new mempool dependencies. Note that the "no new mempool dependencies"
927  // check is accomplished later, so we don't bother doing anything about it here, but if our
928  // policy changes, we may need to move that check to here instead of removing it wholesale.
929  //
930  // Such transactions are clearly not merging any existing packages, so we are only concerned with
931  // ensuring that (a) no package is growing past the package size (not count) limits and (b) we are
932  // not allowing something to effectively use the (below) carve-out spot when it shouldn't be allowed
933  // to.
934  //
935  // To check these we first check if we meet the RBF criteria, above, and increment the descendant
936  // limits by the direct conflict and its descendants (as these are recalculated in
937  // CalculateMempoolAncestors by assuming the new transaction being added is a new descendant, with no
938  // removals, of each parent's existing dependent set). The ancestor count limits are unmodified (as
939  // the ancestor limits should be the same for both our new transaction and any conflicts).
940  // We don't bother incrementing m_limit_descendants by the full removal count as that limit never comes
941  // into force here (as we're only adding a single transaction).
942  assert(ws.m_iters_conflicting.size() == 1);
943  CTxMemPool::txiter conflict = *ws.m_iters_conflicting.begin();
944 
945  maybe_rbf_limits.descendant_count += 1;
946  maybe_rbf_limits.descendant_size_vbytes += conflict->GetSizeWithDescendants();
947  }
948 
949  auto ancestors{m_pool.CalculateMemPoolAncestors(*entry, maybe_rbf_limits)};
950  if (!ancestors) {
951  // If CalculateMemPoolAncestors fails second time, we want the original error string.
952  // Contracting/payment channels CPFP carve-out:
953  // If the new transaction is relatively small (up to 40k weight)
954  // and has at most one ancestor (ie ancestor limit of 2, including
955  // the new transaction), allow it if its parent has exactly the
956  // descendant limit descendants.
957  //
958  // This allows protocols which rely on distrusting counterparties
959  // being able to broadcast descendants of an unconfirmed transaction
960  // to be secure by simply only having two immediately-spendable
961  // outputs - one for each counterparty. For more info on the uses for
962  // this, see https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-November/016518.html
963  CTxMemPool::Limits cpfp_carve_out_limits{
964  .ancestor_count = 2,
965  .ancestor_size_vbytes = maybe_rbf_limits.ancestor_size_vbytes,
966  .descendant_count = maybe_rbf_limits.descendant_count + 1,
967  .descendant_size_vbytes = maybe_rbf_limits.descendant_size_vbytes + EXTRA_DESCENDANT_TX_SIZE_LIMIT,
968  };
969  const auto error_message{util::ErrorString(ancestors).original};
970  if (ws.m_vsize > EXTRA_DESCENDANT_TX_SIZE_LIMIT) {
971  return state.Invalid(TxValidationResult::TX_MEMPOOL_POLICY, "too-long-mempool-chain", error_message);
972  }
973  ancestors = m_pool.CalculateMemPoolAncestors(*entry, cpfp_carve_out_limits);
974  if (!ancestors) return state.Invalid(TxValidationResult::TX_MEMPOOL_POLICY, "too-long-mempool-chain", error_message);
975  }
976 
977  ws.m_ancestors = *ancestors;
978  // Even though just checking direct mempool parents for inheritance would be sufficient, we
979  // check using the full ancestor set here because it's more convenient to use what we have
980  // already calculated.
981  if (const auto err{SingleV3Checks(ws.m_ptx, ws.m_ancestors, ws.m_conflicts, ws.m_vsize)}) {
982  // Disabled within package validation.
983  if (err->second != nullptr && args.m_allow_replacement) {
984  // Potential sibling eviction. Add the sibling to our list of mempool conflicts to be
985  // included in RBF checks.
986  ws.m_conflicts.insert(err->second->GetHash());
987  // Adding the sibling to m_iters_conflicting here means that it doesn't count towards
988  // RBF Carve Out above. This is correct, since removing to-be-replaced transactions from
989  // the descendant count is done separately in SingleV3Checks for v3 transactions.
990  ws.m_iters_conflicting.insert(m_pool.GetIter(err->second->GetHash()).value());
991  ws.m_sibling_eviction = true;
992  // The sibling will be treated as part of the to-be-replaced set in ReplacementChecks.
993  // Note that we are not checking whether it opts in to replaceability via BIP125 or v3
994  // (which is normally done in PreChecks). However, the only way a v3 transaction can
995  // have a non-v3 and non-BIP125 descendant is due to a reorg.
996  } else {
997  return state.Invalid(TxValidationResult::TX_MEMPOOL_POLICY, "v3-rule-violation", err->first);
998  }
999  }
1000 
1001  // A transaction that spends outputs that would be replaced by it is invalid. Now
1002  // that we have the set of all ancestors we can detect this
1003  // pathological case by making sure ws.m_conflicts and ws.m_ancestors don't
1004  // intersect.
1005  if (const auto err_string{EntriesAndTxidsDisjoint(ws.m_ancestors, ws.m_conflicts, hash)}) {
1006  // We classify this as a consensus error because a transaction depending on something it
1007  // conflicts with would be inconsistent.
1008  return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-txns-spends-conflicting-tx", *err_string);
1009  }
1010 
1011  m_rbf = !ws.m_conflicts.empty();
1012  return true;
1013 }
1014 
1015 bool MemPoolAccept::ReplacementChecks(Workspace& ws)
1016 {
1018  AssertLockHeld(m_pool.cs);
1019 
1020  const CTransaction& tx = *ws.m_ptx;
1021  const uint256& hash = ws.m_hash;
1022  TxValidationState& state = ws.m_state;
1023 
1024  CFeeRate newFeeRate(ws.m_modified_fees, ws.m_vsize);
1025  // Enforce Rule #6. The replacement transaction must have a higher feerate than its direct conflicts.
1026  // - The motivation for this check is to ensure that the replacement transaction is preferable for
1027  // block-inclusion, compared to what would be removed from the mempool.
1028  // - This logic predates ancestor feerate-based transaction selection, which is why it doesn't
1029  // consider feerates of descendants.
1030  // - Note: Ancestor feerate-based transaction selection has made this comparison insufficient to
1031  // guarantee that this is incentive-compatible for miners, because it is possible for a
1032  // descendant transaction of a direct conflict to pay a higher feerate than the transaction that
1033  // might replace them, under these rules.
1034  if (const auto err_string{PaysMoreThanConflicts(ws.m_iters_conflicting, newFeeRate, hash)}) {
1035  // Even though this is a fee-related failure, this result is TX_MEMPOOL_POLICY, not
1036  // TX_RECONSIDERABLE, because it cannot be bypassed using package validation.
1037  // This must be changed if package RBF is enabled.
1039  strprintf("insufficient fee%s", ws.m_sibling_eviction ? " (including sibling eviction)" : ""), *err_string);
1040  }
1041 
1042  // Calculate all conflicting entries and enforce Rule #5.
1043  if (const auto err_string{GetEntriesForConflicts(tx, m_pool, ws.m_iters_conflicting, ws.m_all_conflicting)}) {
1045  strprintf("too many potential replacements%s", ws.m_sibling_eviction ? " (including sibling eviction)" : ""), *err_string);
1046  }
1047  // Enforce Rule #2.
1048  if (const auto err_string{HasNoNewUnconfirmed(tx, m_pool, ws.m_iters_conflicting)}) {
1049  // Sibling eviction is only done for v3 transactions, which cannot have multiple ancestors.
1050  Assume(!ws.m_sibling_eviction);
1052  strprintf("replacement-adds-unconfirmed%s", ws.m_sibling_eviction ? " (including sibling eviction)" : ""), *err_string);
1053  }
1054  // Check if it's economically rational to mine this transaction rather than the ones it
1055  // replaces and pays for its own relay fees. Enforce Rules #3 and #4.
1056  for (CTxMemPool::txiter it : ws.m_all_conflicting) {
1057  ws.m_conflicting_fees += it->GetModifiedFee();
1058  ws.m_conflicting_size += it->GetTxSize();
1059  }
1060  if (const auto err_string{PaysForRBF(ws.m_conflicting_fees, ws.m_modified_fees, ws.m_vsize,
1061  m_pool.m_incremental_relay_feerate, hash)}) {
1062  // Even though this is a fee-related failure, this result is TX_MEMPOOL_POLICY, not
1063  // TX_RECONSIDERABLE, because it cannot be bypassed using package validation.
1064  // This must be changed if package RBF is enabled.
1066  strprintf("insufficient fee%s", ws.m_sibling_eviction ? " (including sibling eviction)" : ""), *err_string);
1067  }
1068  return true;
1069 }
1070 
1071 bool MemPoolAccept::PackageMempoolChecks(const std::vector<CTransactionRef>& txns,
1072  const int64_t total_vsize,
1073  PackageValidationState& package_state)
1074 {
1076  AssertLockHeld(m_pool.cs);
1077 
1078  // CheckPackageLimits expects the package transactions to not already be in the mempool.
1079  assert(std::all_of(txns.cbegin(), txns.cend(), [this](const auto& tx)
1080  { return !m_pool.exists(GenTxid::Txid(tx->GetHash()));}));
1081 
1082  auto result = m_pool.CheckPackageLimits(txns, total_vsize);
1083  if (!result) {
1084  // This is a package-wide error, separate from an individual transaction error.
1085  return package_state.Invalid(PackageValidationResult::PCKG_POLICY, "package-mempool-limits", util::ErrorString(result).original);
1086  }
1087  return true;
1088 }
1089 
1090 bool MemPoolAccept::PolicyScriptChecks(const ATMPArgs& args, Workspace& ws)
1091 {
1093  AssertLockHeld(m_pool.cs);
1094  const CTransaction& tx = *ws.m_ptx;
1095  TxValidationState& state = ws.m_state;
1096 
1097  constexpr unsigned int scriptVerifyFlags = STANDARD_SCRIPT_VERIFY_FLAGS;
1098 
1099  // Check input scripts and signatures.
1100  // This is done last to help prevent CPU exhaustion denial-of-service attacks.
1101  if (!CheckInputScripts(tx, state, m_view, scriptVerifyFlags, true, false, ws.m_precomputed_txdata)) {
1102  // SCRIPT_VERIFY_CLEANSTACK requires SCRIPT_VERIFY_WITNESS, so we
1103  // need to turn both off, and compare against just turning off CLEANSTACK
1104  // to see if the failure is specifically due to witness validation.
1105  TxValidationState state_dummy; // Want reported failures to be from first CheckInputScripts
1106  if (!tx.HasWitness() && CheckInputScripts(tx, state_dummy, m_view, scriptVerifyFlags & ~(SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_CLEANSTACK), true, false, ws.m_precomputed_txdata) &&
1107  !CheckInputScripts(tx, state_dummy, m_view, scriptVerifyFlags & ~SCRIPT_VERIFY_CLEANSTACK, true, false, ws.m_precomputed_txdata)) {
1108  // Only the witness is missing, so the transaction itself may be fine.
1110  state.GetRejectReason(), state.GetDebugMessage());
1111  }
1112  return false; // state filled in by CheckInputScripts
1113  }
1114 
1115  return true;
1116 }
1117 
1118 bool MemPoolAccept::ConsensusScriptChecks(const ATMPArgs& args, Workspace& ws)
1119 {
1121  AssertLockHeld(m_pool.cs);
1122  const CTransaction& tx = *ws.m_ptx;
1123  const uint256& hash = ws.m_hash;
1124  TxValidationState& state = ws.m_state;
1125 
1126  // Check again against the current block tip's script verification
1127  // flags to cache our script execution flags. This is, of course,
1128  // useless if the next block has different script flags from the
1129  // previous one, but because the cache tracks script flags for us it
1130  // will auto-invalidate and we'll just have a few blocks of extra
1131  // misses on soft-fork activation.
1132  //
1133  // This is also useful in case of bugs in the standard flags that cause
1134  // transactions to pass as valid when they're actually invalid. For
1135  // instance the STRICTENC flag was incorrectly allowing certain
1136  // CHECKSIG NOT scripts to pass, even though they were invalid.
1137  //
1138  // There is a similar check in CreateNewBlock() to prevent creating
1139  // invalid blocks (using TestBlockValidity), however allowing such
1140  // transactions into the mempool can be exploited as a DoS attack.
1141  unsigned int currentBlockScriptVerifyFlags{GetBlockScriptFlags(*m_active_chainstate.m_chain.Tip(), m_active_chainstate.m_chainman)};
1142  if (!CheckInputsFromMempoolAndCache(tx, state, m_view, m_pool, currentBlockScriptVerifyFlags,
1143  ws.m_precomputed_txdata, m_active_chainstate.CoinsTip())) {
1144  LogPrintf("BUG! PLEASE REPORT THIS! CheckInputScripts failed against latest-block but not STANDARD flags %s, %s\n", hash.ToString(), state.ToString());
1145  return Assume(false);
1146  }
1147 
1148  return true;
1149 }
1150 
1151 bool MemPoolAccept::Finalize(const ATMPArgs& args, Workspace& ws)
1152 {
1154  AssertLockHeld(m_pool.cs);
1155  const CTransaction& tx = *ws.m_ptx;
1156  const uint256& hash = ws.m_hash;
1157  TxValidationState& state = ws.m_state;
1158  const bool bypass_limits = args.m_bypass_limits;
1159 
1160  std::unique_ptr<CTxMemPoolEntry>& entry = ws.m_entry;
1161 
1162  // Remove conflicting transactions from the mempool
1163  for (CTxMemPool::txiter it : ws.m_all_conflicting)
1164  {
1165  LogPrint(BCLog::MEMPOOL, "replacing tx %s (wtxid=%s) with %s (wtxid=%s) for %s additional fees, %d delta bytes\n",
1166  it->GetTx().GetHash().ToString(),
1167  it->GetTx().GetWitnessHash().ToString(),
1168  hash.ToString(),
1169  tx.GetWitnessHash().ToString(),
1170  FormatMoney(ws.m_modified_fees - ws.m_conflicting_fees),
1171  (int)entry->GetTxSize() - (int)ws.m_conflicting_size);
1172  TRACE7(mempool, replaced,
1173  it->GetTx().GetHash().data(),
1174  it->GetTxSize(),
1175  it->GetFee(),
1176  std::chrono::duration_cast<std::chrono::duration<std::uint64_t>>(it->GetTime()).count(),
1177  hash.data(),
1178  entry->GetTxSize(),
1179  entry->GetFee()
1180  );
1181  ws.m_replaced_transactions.push_back(it->GetSharedTx());
1182  }
1183  m_pool.RemoveStaged(ws.m_all_conflicting, false, MemPoolRemovalReason::REPLACED);
1184  // Store transaction in memory
1185  m_pool.addUnchecked(*entry, ws.m_ancestors);
1186 
1187  // trim mempool and check if tx was trimmed
1188  // If we are validating a package, don't trim here because we could evict a previous transaction
1189  // in the package. LimitMempoolSize() should be called at the very end to make sure the mempool
1190  // is still within limits and package submission happens atomically.
1191  if (!args.m_package_submission && !bypass_limits) {
1192  LimitMempoolSize(m_pool, m_active_chainstate.CoinsTip());
1193  if (!m_pool.exists(GenTxid::Txid(hash)))
1194  // The tx no longer meets our (new) mempool minimum feerate but could be reconsidered in a package.
1195  return state.Invalid(TxValidationResult::TX_RECONSIDERABLE, "mempool full");
1196  }
1197  return true;
1198 }
1199 
1200 bool MemPoolAccept::SubmitPackage(const ATMPArgs& args, std::vector<Workspace>& workspaces,
1201  PackageValidationState& package_state,
1202  std::map<uint256, MempoolAcceptResult>& results)
1203 {
1205  AssertLockHeld(m_pool.cs);
1206  // Sanity check: none of the transactions should be in the mempool, and none of the transactions
1207  // should have a same-txid-different-witness equivalent in the mempool.
1208  assert(std::all_of(workspaces.cbegin(), workspaces.cend(), [this](const auto& ws){
1209  return !m_pool.exists(GenTxid::Txid(ws.m_ptx->GetHash())); }));
1210 
1211  bool all_submitted = true;
1212  // ConsensusScriptChecks adds to the script cache and is therefore consensus-critical;
1213  // CheckInputsFromMempoolAndCache asserts that transactions only spend coins available from the
1214  // mempool or UTXO set. Submit each transaction to the mempool immediately after calling
1215  // ConsensusScriptChecks to make the outputs available for subsequent transactions.
1216  for (Workspace& ws : workspaces) {
1217  if (!ConsensusScriptChecks(args, ws)) {
1218  results.emplace(ws.m_ptx->GetWitnessHash(), MempoolAcceptResult::Failure(ws.m_state));
1219  // Since PolicyScriptChecks() passed, this should never fail.
1220  Assume(false);
1221  all_submitted = false;
1223  strprintf("BUG! PolicyScriptChecks succeeded but ConsensusScriptChecks failed: %s",
1224  ws.m_ptx->GetHash().ToString()));
1225  }
1226 
1227  // Re-calculate mempool ancestors to call addUnchecked(). They may have changed since the
1228  // last calculation done in PreChecks, since package ancestors have already been submitted.
1229  {
1230  auto ancestors{m_pool.CalculateMemPoolAncestors(*ws.m_entry, m_pool.m_limits)};
1231  if(!ancestors) {
1232  results.emplace(ws.m_ptx->GetWitnessHash(), MempoolAcceptResult::Failure(ws.m_state));
1233  // Since PreChecks() and PackageMempoolChecks() both enforce limits, this should never fail.
1234  Assume(false);
1235  all_submitted = false;
1237  strprintf("BUG! Mempool ancestors or descendants were underestimated: %s",
1238  ws.m_ptx->GetHash().ToString()));
1239  }
1240  ws.m_ancestors = std::move(ancestors).value_or(ws.m_ancestors);
1241  }
1242  // If we call LimitMempoolSize() for each individual Finalize(), the mempool will not take
1243  // the transaction's descendant feerate into account because it hasn't seen them yet. Also,
1244  // we risk evicting a transaction that a subsequent package transaction depends on. Instead,
1245  // allow the mempool to temporarily bypass limits, the maximum package size) while
1246  // submitting transactions individually and then trim at the very end.
1247  if (!Finalize(args, ws)) {
1248  results.emplace(ws.m_ptx->GetWitnessHash(), MempoolAcceptResult::Failure(ws.m_state));
1249  // Since LimitMempoolSize() won't be called, this should never fail.
1250  Assume(false);
1251  all_submitted = false;
1253  strprintf("BUG! Adding to mempool failed: %s", ws.m_ptx->GetHash().ToString()));
1254  }
1255  }
1256 
1257  std::vector<Wtxid> all_package_wtxids;
1258  all_package_wtxids.reserve(workspaces.size());
1259  std::transform(workspaces.cbegin(), workspaces.cend(), std::back_inserter(all_package_wtxids),
1260  [](const auto& ws) { return ws.m_ptx->GetWitnessHash(); });
1261 
1262  // Add successful results. The returned results may change later if LimitMempoolSize() evicts them.
1263  for (Workspace& ws : workspaces) {
1264  const auto effective_feerate = args.m_package_feerates ? ws.m_package_feerate :
1265  CFeeRate{ws.m_modified_fees, static_cast<uint32_t>(ws.m_vsize)};
1266  const auto effective_feerate_wtxids = args.m_package_feerates ? all_package_wtxids :
1267  std::vector<Wtxid>{ws.m_ptx->GetWitnessHash()};
1268  results.emplace(ws.m_ptx->GetWitnessHash(),
1269  MempoolAcceptResult::Success(std::move(ws.m_replaced_transactions), ws.m_vsize,
1270  ws.m_base_fees, effective_feerate, effective_feerate_wtxids));
1271  if (!m_pool.m_signals) continue;
1272  const CTransaction& tx = *ws.m_ptx;
1273  const auto tx_info = NewMempoolTransactionInfo(ws.m_ptx, ws.m_base_fees,
1274  ws.m_vsize, ws.m_entry->GetHeight(),
1275  args.m_bypass_limits, args.m_package_submission,
1276  IsCurrentForFeeEstimation(m_active_chainstate),
1277  m_pool.HasNoInputsOf(tx));
1278  m_pool.m_signals->TransactionAddedToMempool(tx_info, m_pool.GetAndIncrementSequence());
1279  }
1280  return all_submitted;
1281 }
1282 
1283 MempoolAcceptResult MemPoolAccept::AcceptSingleTransaction(const CTransactionRef& ptx, ATMPArgs& args)
1284 {
1286  LOCK(m_pool.cs); // mempool "read lock" (held through m_pool.m_signals->TransactionAddedToMempool())
1287 
1288  Workspace ws(ptx);
1289  const std::vector<Wtxid> single_wtxid{ws.m_ptx->GetWitnessHash()};
1290 
1291  if (!PreChecks(args, ws)) {
1292  if (ws.m_state.GetResult() == TxValidationResult::TX_RECONSIDERABLE) {
1293  // Failed for fee reasons. Provide the effective feerate and which tx was included.
1294  return MempoolAcceptResult::FeeFailure(ws.m_state, CFeeRate(ws.m_modified_fees, ws.m_vsize), single_wtxid);
1295  }
1296  return MempoolAcceptResult::Failure(ws.m_state);
1297  }
1298 
1299  // Individual modified feerate exceeded caller-defined max; abort
1300  if (args.m_client_maxfeerate && CFeeRate(ws.m_modified_fees, ws.m_vsize) > args.m_client_maxfeerate.value()) {
1301  ws.m_state.Invalid(TxValidationResult::TX_MEMPOOL_POLICY, "max feerate exceeded", "");
1302  return MempoolAcceptResult::Failure(ws.m_state);
1303  }
1304 
1305  if (m_rbf && !ReplacementChecks(ws)) return MempoolAcceptResult::Failure(ws.m_state);
1306 
1307  // Perform the inexpensive checks first and avoid hashing and signature verification unless
1308  // those checks pass, to mitigate CPU exhaustion denial-of-service attacks.
1309  if (!PolicyScriptChecks(args, ws)) return MempoolAcceptResult::Failure(ws.m_state);
1310 
1311  if (!ConsensusScriptChecks(args, ws)) return MempoolAcceptResult::Failure(ws.m_state);
1312 
1313  const CFeeRate effective_feerate{ws.m_modified_fees, static_cast<uint32_t>(ws.m_vsize)};
1314  // Tx was accepted, but not added
1315  if (args.m_test_accept) {
1316  return MempoolAcceptResult::Success(std::move(ws.m_replaced_transactions), ws.m_vsize,
1317  ws.m_base_fees, effective_feerate, single_wtxid);
1318  }
1319 
1320  if (!Finalize(args, ws)) {
1321  // The only possible failure reason is fee-related (mempool full).
1322  // Failed for fee reasons. Provide the effective feerate and which txns were included.
1323  Assume(ws.m_state.GetResult() == TxValidationResult::TX_RECONSIDERABLE);
1324  return MempoolAcceptResult::FeeFailure(ws.m_state, CFeeRate(ws.m_modified_fees, ws.m_vsize), {ws.m_ptx->GetWitnessHash()});
1325  }
1326 
1327  if (m_pool.m_signals) {
1328  const CTransaction& tx = *ws.m_ptx;
1329  const auto tx_info = NewMempoolTransactionInfo(ws.m_ptx, ws.m_base_fees,
1330  ws.m_vsize, ws.m_entry->GetHeight(),
1331  args.m_bypass_limits, args.m_package_submission,
1332  IsCurrentForFeeEstimation(m_active_chainstate),
1333  m_pool.HasNoInputsOf(tx));
1334  m_pool.m_signals->TransactionAddedToMempool(tx_info, m_pool.GetAndIncrementSequence());
1335  }
1336 
1337  return MempoolAcceptResult::Success(std::move(ws.m_replaced_transactions), ws.m_vsize, ws.m_base_fees,
1338  effective_feerate, single_wtxid);
1339 }
1340 
1341 PackageMempoolAcceptResult MemPoolAccept::AcceptMultipleTransactions(const std::vector<CTransactionRef>& txns, ATMPArgs& args)
1342 {
1344 
1345  // These context-free package limits can be done before taking the mempool lock.
1346  PackageValidationState package_state;
1347  if (!IsWellFormedPackage(txns, package_state, /*require_sorted=*/true)) return PackageMempoolAcceptResult(package_state, {});
1348 
1349  std::vector<Workspace> workspaces{};
1350  workspaces.reserve(txns.size());
1351  std::transform(txns.cbegin(), txns.cend(), std::back_inserter(workspaces),
1352  [](const auto& tx) { return Workspace(tx); });
1353  std::map<uint256, MempoolAcceptResult> results;
1354 
1355  LOCK(m_pool.cs);
1356 
1357  // Do all PreChecks first and fail fast to avoid running expensive script checks when unnecessary.
1358  for (Workspace& ws : workspaces) {
1359  if (!PreChecks(args, ws)) {
1360  package_state.Invalid(PackageValidationResult::PCKG_TX, "transaction failed");
1361  // Exit early to avoid doing pointless work. Update the failed tx result; the rest are unfinished.
1362  results.emplace(ws.m_ptx->GetWitnessHash(), MempoolAcceptResult::Failure(ws.m_state));
1363  return PackageMempoolAcceptResult(package_state, std::move(results));
1364  }
1365 
1366  // Individual modified feerate exceeded caller-defined max; abort
1367  // N.B. this doesn't take into account CPFPs. Chunk-aware validation may be more robust.
1368  if (args.m_client_maxfeerate && CFeeRate(ws.m_modified_fees, ws.m_vsize) > args.m_client_maxfeerate.value()) {
1369  package_state.Invalid(PackageValidationResult::PCKG_TX, "max feerate exceeded");
1370  // Exit early to avoid doing pointless work. Update the failed tx result; the rest are unfinished.
1371  results.emplace(ws.m_ptx->GetWitnessHash(), MempoolAcceptResult::Failure(ws.m_state));
1372  return PackageMempoolAcceptResult(package_state, std::move(results));
1373  }
1374 
1375  // Make the coins created by this transaction available for subsequent transactions in the
1376  // package to spend. Since we already checked conflicts in the package and we don't allow
1377  // replacements, we don't need to track the coins spent. Note that this logic will need to be
1378  // updated if package replace-by-fee is allowed in the future.
1379  assert(!args.m_allow_replacement);
1380  m_viewmempool.PackageAddTransaction(ws.m_ptx);
1381  }
1382 
1383  // At this point we have all in-mempool ancestors, and we know every transaction's vsize.
1384  // Run the v3 checks on the package.
1385  for (Workspace& ws : workspaces) {
1386  if (auto err{PackageV3Checks(ws.m_ptx, ws.m_vsize, txns, ws.m_ancestors)}) {
1387  package_state.Invalid(PackageValidationResult::PCKG_POLICY, "v3-violation", err.value());
1388  return PackageMempoolAcceptResult(package_state, {});
1389  }
1390  }
1391 
1392  // Transactions must meet two minimum feerates: the mempool minimum fee and min relay fee.
1393  // For transactions consisting of exactly one child and its parents, it suffices to use the
1394  // package feerate (total modified fees / total virtual size) to check this requirement.
1395  // Note that this is an aggregate feerate; this function has not checked that there are transactions
1396  // too low feerate to pay for themselves, or that the child transactions are higher feerate than
1397  // their parents. Using aggregate feerate may allow "parents pay for child" behavior and permit
1398  // a child that is below mempool minimum feerate. To avoid these behaviors, callers of
1399  // AcceptMultipleTransactions need to restrict txns topology (e.g. to ancestor sets) and check
1400  // the feerates of individuals and subsets.
1401  const auto m_total_vsize = std::accumulate(workspaces.cbegin(), workspaces.cend(), int64_t{0},
1402  [](int64_t sum, auto& ws) { return sum + ws.m_vsize; });
1403  const auto m_total_modified_fees = std::accumulate(workspaces.cbegin(), workspaces.cend(), CAmount{0},
1404  [](CAmount sum, auto& ws) { return sum + ws.m_modified_fees; });
1405  const CFeeRate package_feerate(m_total_modified_fees, m_total_vsize);
1406  std::vector<Wtxid> all_package_wtxids;
1407  all_package_wtxids.reserve(workspaces.size());
1408  std::transform(workspaces.cbegin(), workspaces.cend(), std::back_inserter(all_package_wtxids),
1409  [](const auto& ws) { return ws.m_ptx->GetWitnessHash(); });
1410  TxValidationState placeholder_state;
1411  if (args.m_package_feerates &&
1412  !CheckFeeRate(m_total_vsize, m_total_modified_fees, placeholder_state)) {
1413  package_state.Invalid(PackageValidationResult::PCKG_TX, "transaction failed");
1414  return PackageMempoolAcceptResult(package_state, {{workspaces.back().m_ptx->GetWitnessHash(),
1415  MempoolAcceptResult::FeeFailure(placeholder_state, CFeeRate(m_total_modified_fees, m_total_vsize), all_package_wtxids)}});
1416  }
1417 
1418  // Apply package mempool ancestor/descendant limits. Skip if there is only one transaction,
1419  // because it's unnecessary. Also, CPFP carve out can increase the limit for individual
1420  // transactions, but this exemption is not extended to packages in CheckPackageLimits().
1421  std::string err_string;
1422  if (txns.size() > 1 && !PackageMempoolChecks(txns, m_total_vsize, package_state)) {
1423  return PackageMempoolAcceptResult(package_state, std::move(results));
1424  }
1425 
1426  for (Workspace& ws : workspaces) {
1427  ws.m_package_feerate = package_feerate;
1428  if (!PolicyScriptChecks(args, ws)) {
1429  // Exit early to avoid doing pointless work. Update the failed tx result; the rest are unfinished.
1430  package_state.Invalid(PackageValidationResult::PCKG_TX, "transaction failed");
1431  results.emplace(ws.m_ptx->GetWitnessHash(), MempoolAcceptResult::Failure(ws.m_state));
1432  return PackageMempoolAcceptResult(package_state, std::move(results));
1433  }
1434  if (args.m_test_accept) {
1435  const auto effective_feerate = args.m_package_feerates ? ws.m_package_feerate :
1436  CFeeRate{ws.m_modified_fees, static_cast<uint32_t>(ws.m_vsize)};
1437  const auto effective_feerate_wtxids = args.m_package_feerates ? all_package_wtxids :
1438  std::vector<Wtxid>{ws.m_ptx->GetWitnessHash()};
1439  results.emplace(ws.m_ptx->GetWitnessHash(),
1440  MempoolAcceptResult::Success(std::move(ws.m_replaced_transactions),
1441  ws.m_vsize, ws.m_base_fees, effective_feerate,
1442  effective_feerate_wtxids));
1443  }
1444  }
1445 
1446  if (args.m_test_accept) return PackageMempoolAcceptResult(package_state, std::move(results));
1447 
1448  if (!SubmitPackage(args, workspaces, package_state, results)) {
1449  // PackageValidationState filled in by SubmitPackage().
1450  return PackageMempoolAcceptResult(package_state, std::move(results));
1451  }
1452 
1453  return PackageMempoolAcceptResult(package_state, std::move(results));
1454 }
1455 
1456 void MemPoolAccept::CleanupTemporaryCoins()
1457 {
1458  // There are 3 kinds of coins in m_view:
1459  // (1) Temporary coins from the transactions in subpackage, constructed by m_viewmempool.
1460  // (2) Mempool coins from transactions in the mempool, constructed by m_viewmempool.
1461  // (3) Confirmed coins fetched from our current UTXO set.
1462  //
1463  // (1) Temporary coins need to be removed, regardless of whether the transaction was submitted.
1464  // If the transaction was submitted to the mempool, m_viewmempool will be able to fetch them from
1465  // there. If it wasn't submitted to mempool, it is incorrect to keep them - future calls may try
1466  // to spend those coins that don't actually exist.
1467  // (2) Mempool coins also need to be removed. If the mempool contents have changed as a result
1468  // of submitting or replacing transactions, coins previously fetched from mempool may now be
1469  // spent or nonexistent. Those coins need to be deleted from m_view.
1470  // (3) Confirmed coins don't need to be removed. The chainstate has not changed (we are
1471  // holding cs_main and no blocks have been processed) so the confirmed tx cannot disappear like
1472  // a mempool tx can. The coin may now be spent after we submitted a tx to mempool, but
1473  // we have already checked that the package does not have 2 transactions spending the same coin.
1474  // Keeping them in m_view is an optimization to not re-fetch confirmed coins if we later look up
1475  // inputs for this transaction again.
1476  for (const auto& outpoint : m_viewmempool.GetNonBaseCoins()) {
1477  // In addition to resetting m_viewmempool, we also need to manually delete these coins from
1478  // m_view because it caches copies of the coins it fetched from m_viewmempool previously.
1479  m_view.Uncache(outpoint);
1480  }
1481  // This deletes the temporary and mempool coins.
1482  m_viewmempool.Reset();
1483 }
1484 
1485 PackageMempoolAcceptResult MemPoolAccept::AcceptSubPackage(const std::vector<CTransactionRef>& subpackage, ATMPArgs& args)
1486 {
1488  AssertLockHeld(m_pool.cs);
1489  auto result = [&]() EXCLUSIVE_LOCKS_REQUIRED(::cs_main, m_pool.cs) {
1490  if (subpackage.size() > 1) {
1491  return AcceptMultipleTransactions(subpackage, args);
1492  }
1493  const auto& tx = subpackage.front();
1494  ATMPArgs single_args = ATMPArgs::SingleInPackageAccept(args);
1495  const auto single_res = AcceptSingleTransaction(tx, single_args);
1496  PackageValidationState package_state_wrapped;
1497  if (single_res.m_result_type != MempoolAcceptResult::ResultType::VALID) {
1498  package_state_wrapped.Invalid(PackageValidationResult::PCKG_TX, "transaction failed");
1499  }
1500  return PackageMempoolAcceptResult(package_state_wrapped, {{tx->GetWitnessHash(), single_res}});
1501  }();
1502 
1503  // Clean up m_view and m_viewmempool so that other subpackage evaluations don't have access to
1504  // coins they shouldn't. Keep some coins in order to minimize re-fetching coins from the UTXO set.
1505  CleanupTemporaryCoins();
1506 
1507  return result;
1508 }
1509 
1510 PackageMempoolAcceptResult MemPoolAccept::AcceptPackage(const Package& package, ATMPArgs& args)
1511 {
1513  // Used if returning a PackageMempoolAcceptResult directly from this function.
1514  PackageValidationState package_state_quit_early;
1515 
1516  // Check that the package is well-formed. If it isn't, we won't try to validate any of the
1517  // transactions and thus won't return any MempoolAcceptResults, just a package-wide error.
1518 
1519  // Context-free package checks.
1520  if (!IsWellFormedPackage(package, package_state_quit_early, /*require_sorted=*/true)) {
1521  return PackageMempoolAcceptResult(package_state_quit_early, {});
1522  }
1523 
1524  // All transactions in the package must be a parent of the last transaction. This is just an
1525  // opportunity for us to fail fast on a context-free check without taking the mempool lock.
1526  if (!IsChildWithParents(package)) {
1527  package_state_quit_early.Invalid(PackageValidationResult::PCKG_POLICY, "package-not-child-with-parents");
1528  return PackageMempoolAcceptResult(package_state_quit_early, {});
1529  }
1530 
1531  // IsChildWithParents() guarantees the package is > 1 transactions.
1532  assert(package.size() > 1);
1533  // The package must be 1 child with all of its unconfirmed parents. The package is expected to
1534  // be sorted, so the last transaction is the child.
1535  const auto& child = package.back();
1536  std::unordered_set<uint256, SaltedTxidHasher> unconfirmed_parent_txids;
1537  std::transform(package.cbegin(), package.cend() - 1,
1538  std::inserter(unconfirmed_parent_txids, unconfirmed_parent_txids.end()),
1539  [](const auto& tx) { return tx->GetHash(); });
1540 
1541  // All child inputs must refer to a preceding package transaction or a confirmed UTXO. The only
1542  // way to verify this is to look up the child's inputs in our current coins view (not including
1543  // mempool), and enforce that all parents not present in the package be available at chain tip.
1544  // Since this check can bring new coins into the coins cache, keep track of these coins and
1545  // uncache them if we don't end up submitting this package to the mempool.
1546  const CCoinsViewCache& coins_tip_cache = m_active_chainstate.CoinsTip();
1547  for (const auto& input : child->vin) {
1548  if (!coins_tip_cache.HaveCoinInCache(input.prevout)) {
1549  args.m_coins_to_uncache.push_back(input.prevout);
1550  }
1551  }
1552  // Using the MemPoolAccept m_view cache allows us to look up these same coins faster later.
1553  // This should be connecting directly to CoinsTip, not to m_viewmempool, because we specifically
1554  // require inputs to be confirmed if they aren't in the package.
1555  m_view.SetBackend(m_active_chainstate.CoinsTip());
1556  const auto package_or_confirmed = [this, &unconfirmed_parent_txids](const auto& input) {
1557  return unconfirmed_parent_txids.count(input.prevout.hash) > 0 || m_view.HaveCoin(input.prevout);
1558  };
1559  if (!std::all_of(child->vin.cbegin(), child->vin.cend(), package_or_confirmed)) {
1560  package_state_quit_early.Invalid(PackageValidationResult::PCKG_POLICY, "package-not-child-with-unconfirmed-parents");
1561  return PackageMempoolAcceptResult(package_state_quit_early, {});
1562  }
1563  // Protect against bugs where we pull more inputs from disk that miss being added to
1564  // coins_to_uncache. The backend will be connected again when needed in PreChecks.
1565  m_view.SetBackend(m_dummy);
1566 
1567  LOCK(m_pool.cs);
1568  // Stores results from which we will create the returned PackageMempoolAcceptResult.
1569  // A result may be changed if a mempool transaction is evicted later due to LimitMempoolSize().
1570  std::map<uint256, MempoolAcceptResult> results_final;
1571  // Results from individual validation which will be returned if no other result is available for
1572  // this transaction. "Nonfinal" because if a transaction fails by itself but succeeds later
1573  // (i.e. when evaluated with a fee-bumping child), the result in this map may be discarded.
1574  std::map<uint256, MempoolAcceptResult> individual_results_nonfinal;
1575  bool quit_early{false};
1576  std::vector<CTransactionRef> txns_package_eval;
1577  for (const auto& tx : package) {
1578  const auto& wtxid = tx->GetWitnessHash();
1579  const auto& txid = tx->GetHash();
1580  // There are 3 possibilities: already in mempool, same-txid-diff-wtxid already in mempool,
1581  // or not in mempool. An already confirmed tx is treated as one not in mempool, because all
1582  // we know is that the inputs aren't available.
1583  if (m_pool.exists(GenTxid::Wtxid(wtxid))) {
1584  // Exact transaction already exists in the mempool.
1585  // Node operators are free to set their mempool policies however they please, nodes may receive
1586  // transactions in different orders, and malicious counterparties may try to take advantage of
1587  // policy differences to pin or delay propagation of transactions. As such, it's possible for
1588  // some package transaction(s) to already be in the mempool, and we don't want to reject the
1589  // entire package in that case (as that could be a censorship vector). De-duplicate the
1590  // transactions that are already in the mempool, and only call AcceptMultipleTransactions() with
1591  // the new transactions. This ensures we don't double-count transaction counts and sizes when
1592  // checking ancestor/descendant limits, or double-count transaction fees for fee-related policy.
1593  const auto& entry{*Assert(m_pool.GetEntry(txid))};
1594  results_final.emplace(wtxid, MempoolAcceptResult::MempoolTx(entry.GetTxSize(), entry.GetFee()));
1595  } else if (m_pool.exists(GenTxid::Txid(txid))) {
1596  // Transaction with the same non-witness data but different witness (same txid,
1597  // different wtxid) already exists in the mempool.
1598  //
1599  // We don't allow replacement transactions right now, so just swap the package
1600  // transaction for the mempool one. Note that we are ignoring the validity of the
1601  // package transaction passed in.
1602  // TODO: allow witness replacement in packages.
1603  const auto& entry{*Assert(m_pool.GetEntry(txid))};
1604  // Provide the wtxid of the mempool tx so that the caller can look it up in the mempool.
1605  results_final.emplace(wtxid, MempoolAcceptResult::MempoolTxDifferentWitness(entry.GetTx().GetWitnessHash()));
1606  } else {
1607  // Transaction does not already exist in the mempool.
1608  // Try submitting the transaction on its own.
1609  const auto single_package_res = AcceptSubPackage({tx}, args);
1610  const auto& single_res = single_package_res.m_tx_results.at(wtxid);
1611  if (single_res.m_result_type == MempoolAcceptResult::ResultType::VALID) {
1612  // The transaction succeeded on its own and is now in the mempool. Don't include it
1613  // in package validation, because its fees should only be "used" once.
1614  assert(m_pool.exists(GenTxid::Wtxid(wtxid)));
1615  results_final.emplace(wtxid, single_res);
1616  } else if (single_res.m_state.GetResult() != TxValidationResult::TX_RECONSIDERABLE &&
1617  single_res.m_state.GetResult() != TxValidationResult::TX_MISSING_INPUTS) {
1618  // Package validation policy only differs from individual policy in its evaluation
1619  // of feerate. For example, if a transaction fails here due to violation of a
1620  // consensus rule, the result will not change when it is submitted as part of a
1621  // package. To minimize the amount of repeated work, unless the transaction fails
1622  // due to feerate or missing inputs (its parent is a previous transaction in the
1623  // package that failed due to feerate), don't run package validation. Note that this
1624  // decision might not make sense if different types of packages are allowed in the
1625  // future. Continue individually validating the rest of the transactions, because
1626  // some of them may still be valid.
1627  quit_early = true;
1628  package_state_quit_early.Invalid(PackageValidationResult::PCKG_TX, "transaction failed");
1629  individual_results_nonfinal.emplace(wtxid, single_res);
1630  } else {
1631  individual_results_nonfinal.emplace(wtxid, single_res);
1632  txns_package_eval.push_back(tx);
1633  }
1634  }
1635  }
1636 
1637  auto multi_submission_result = quit_early || txns_package_eval.empty() ? PackageMempoolAcceptResult(package_state_quit_early, {}) :
1638  AcceptSubPackage(txns_package_eval, args);
1639  PackageValidationState& package_state_final = multi_submission_result.m_state;
1640 
1641  // Make sure we haven't exceeded max mempool size.
1642  // Package transactions that were submitted to mempool or already in mempool may be evicted.
1643  LimitMempoolSize(m_pool, m_active_chainstate.CoinsTip());
1644 
1645  for (const auto& tx : package) {
1646  const auto& wtxid = tx->GetWitnessHash();
1647  if (multi_submission_result.m_tx_results.count(wtxid) > 0) {
1648  // We shouldn't have re-submitted if the tx result was already in results_final.
1649  Assume(results_final.count(wtxid) == 0);
1650  // If it was submitted, check to see if the tx is still in the mempool. It could have
1651  // been evicted due to LimitMempoolSize() above.
1652  const auto& txresult = multi_submission_result.m_tx_results.at(wtxid);
1653  if (txresult.m_result_type == MempoolAcceptResult::ResultType::VALID && !m_pool.exists(GenTxid::Wtxid(wtxid))) {
1654  package_state_final.Invalid(PackageValidationResult::PCKG_TX, "transaction failed");
1655  TxValidationState mempool_full_state;
1656  mempool_full_state.Invalid(TxValidationResult::TX_MEMPOOL_POLICY, "mempool full");
1657  results_final.emplace(wtxid, MempoolAcceptResult::Failure(mempool_full_state));
1658  } else {
1659  results_final.emplace(wtxid, txresult);
1660  }
1661  } else if (const auto it{results_final.find(wtxid)}; it != results_final.end()) {
1662  // Already-in-mempool transaction. Check to see if it's still there, as it could have
1663  // been evicted when LimitMempoolSize() was called.
1664  Assume(it->second.m_result_type != MempoolAcceptResult::ResultType::INVALID);
1665  Assume(individual_results_nonfinal.count(wtxid) == 0);
1666  // Query by txid to include the same-txid-different-witness ones.
1667  if (!m_pool.exists(GenTxid::Txid(tx->GetHash()))) {
1668  package_state_final.Invalid(PackageValidationResult::PCKG_TX, "transaction failed");
1669  TxValidationState mempool_full_state;
1670  mempool_full_state.Invalid(TxValidationResult::TX_MEMPOOL_POLICY, "mempool full");
1671  // Replace the previous result.
1672  results_final.erase(wtxid);
1673  results_final.emplace(wtxid, MempoolAcceptResult::Failure(mempool_full_state));
1674  }
1675  } else if (const auto it{individual_results_nonfinal.find(wtxid)}; it != individual_results_nonfinal.end()) {
1676  Assume(it->second.m_result_type == MempoolAcceptResult::ResultType::INVALID);
1677  // Interesting result from previous processing.
1678  results_final.emplace(wtxid, it->second);
1679  }
1680  }
1681  Assume(results_final.size() == package.size());
1682  return PackageMempoolAcceptResult(package_state_final, std::move(results_final));
1683 }
1684 
1685 } // anon namespace
1686 
1688  int64_t accept_time, bool bypass_limits, bool test_accept)
1690 {
1692  const CChainParams& chainparams{active_chainstate.m_chainman.GetParams()};
1693  assert(active_chainstate.GetMempool() != nullptr);
1694  CTxMemPool& pool{*active_chainstate.GetMempool()};
1695 
1696  std::vector<COutPoint> coins_to_uncache;
1697  auto args = MemPoolAccept::ATMPArgs::SingleAccept(chainparams, accept_time, bypass_limits, coins_to_uncache, test_accept);
1698  MempoolAcceptResult result = MemPoolAccept(pool, active_chainstate).AcceptSingleTransaction(tx, args);
1700  // Remove coins that were not present in the coins cache before calling
1701  // AcceptSingleTransaction(); this is to prevent memory DoS in case we receive a large
1702  // number of invalid transactions that attempt to overrun the in-memory coins cache
1703  // (`CCoinsViewCache::cacheCoins`).
1704 
1705  for (const COutPoint& hashTx : coins_to_uncache)
1706  active_chainstate.CoinsTip().Uncache(hashTx);
1707  TRACE2(mempool, rejected,
1708  tx->GetHash().data(),
1709  result.m_state.GetRejectReason().c_str()
1710  );
1711  }
1712  // After we've (potentially) uncached entries, ensure our coins cache is still within its size limits
1713  BlockValidationState state_dummy;
1714  active_chainstate.FlushStateToDisk(state_dummy, FlushStateMode::PERIODIC);
1715  return result;
1716 }
1717 
1719  const Package& package, bool test_accept, std::optional<CFeeRate> client_maxfeerate)
1720 {
1722  assert(!package.empty());
1723  assert(std::all_of(package.cbegin(), package.cend(), [](const auto& tx){return tx != nullptr;}));
1724 
1725  std::vector<COutPoint> coins_to_uncache;
1726  const CChainParams& chainparams = active_chainstate.m_chainman.GetParams();
1727  auto result = [&]() EXCLUSIVE_LOCKS_REQUIRED(cs_main) {
1729  if (test_accept) {
1730  auto args = MemPoolAccept::ATMPArgs::PackageTestAccept(chainparams, GetTime(), coins_to_uncache);
1731  return MemPoolAccept(pool, active_chainstate).AcceptMultipleTransactions(package, args);
1732  } else {
1733  auto args = MemPoolAccept::ATMPArgs::PackageChildWithParents(chainparams, GetTime(), coins_to_uncache, client_maxfeerate);
1734  return MemPoolAccept(pool, active_chainstate).AcceptPackage(package, args);
1735  }
1736  }();
1737 
1738  // Uncache coins pertaining to transactions that were not submitted to the mempool.
1739  if (test_accept || result.m_state.IsInvalid()) {
1740  for (const COutPoint& hashTx : coins_to_uncache) {
1741  active_chainstate.CoinsTip().Uncache(hashTx);
1742  }
1743  }
1744  // Ensure the coins cache is still within limits.
1745  BlockValidationState state_dummy;
1746  active_chainstate.FlushStateToDisk(state_dummy, FlushStateMode::PERIODIC);
1747  return result;
1748 }
1749 
1750 CAmount GetBlockSubsidy(int nHeight, const Consensus::Params& consensusParams)
1751 {
1752  int halvings = nHeight / consensusParams.nSubsidyHalvingInterval;
1753  // Force block reward to zero when right shift is undefined.
1754  if (halvings >= 64)
1755  return 0;
1756 
1757  CAmount nSubsidy = 50 * COIN;
1758  // Subsidy is cut in half every 210,000 blocks which will occur approximately every 4 years.
1759  nSubsidy >>= halvings;
1760  return nSubsidy;
1761 }
1762 
1764  : m_dbview{std::move(db_params), std::move(options)},
1765  m_catcherview(&m_dbview) {}
1766 
1767 void CoinsViews::InitCache()
1768 {
1770  m_cacheview = std::make_unique<CCoinsViewCache>(&m_catcherview);
1771 }
1772 
1774  CTxMemPool* mempool,
1775  BlockManager& blockman,
1776  ChainstateManager& chainman,
1777  std::optional<uint256> from_snapshot_blockhash)
1778  : m_mempool(mempool),
1779  m_blockman(blockman),
1780  m_chainman(chainman),
1781  m_from_snapshot_blockhash(from_snapshot_blockhash) {}
1782 
1783 const CBlockIndex* Chainstate::SnapshotBase()
1784 {
1785  if (!m_from_snapshot_blockhash) return nullptr;
1786  if (!m_cached_snapshot_base) m_cached_snapshot_base = Assert(m_chainman.m_blockman.LookupBlockIndex(*m_from_snapshot_blockhash));
1787  return m_cached_snapshot_base;
1788 }
1789 
1790 void Chainstate::InitCoinsDB(
1791  size_t cache_size_bytes,
1792  bool in_memory,
1793  bool should_wipe,
1794  fs::path leveldb_name)
1795 {
1797  leveldb_name += node::SNAPSHOT_CHAINSTATE_SUFFIX;
1798  }
1799 
1800  m_coins_views = std::make_unique<CoinsViews>(
1801  DBParams{
1802  .path = m_chainman.m_options.datadir / leveldb_name,
1803  .cache_bytes = cache_size_bytes,
1804  .memory_only = in_memory,
1805  .wipe_data = should_wipe,
1806  .obfuscate = true,
1807  .options = m_chainman.m_options.coins_db},
1809 }
1810 
1811 void Chainstate::InitCoinsCache(size_t cache_size_bytes)
1812 {
1814  assert(m_coins_views != nullptr);
1815  m_coinstip_cache_size_bytes = cache_size_bytes;
1816  m_coins_views->InitCache();
1817 }
1818 
1819 // Note that though this is marked const, we may end up modifying `m_cached_finished_ibd`, which
1820 // is a performance-related implementation detail. This function must be marked
1821 // `const` so that `CValidationInterface` clients (which are given a `const Chainstate*`)
1822 // can call it.
1823 //
1825 {
1826  // Optimization: pre-test latch before taking the lock.
1827  if (m_cached_finished_ibd.load(std::memory_order_relaxed))
1828  return false;
1829 
1830  LOCK(cs_main);
1831  if (m_cached_finished_ibd.load(std::memory_order_relaxed))
1832  return false;
1833  if (m_blockman.LoadingBlocks()) {
1834  return true;
1835  }
1836  CChain& chain{ActiveChain()};
1837  if (chain.Tip() == nullptr) {
1838  return true;
1839  }
1840  if (chain.Tip()->nChainWork < MinimumChainWork()) {
1841  return true;
1842  }
1843  if (chain.Tip()->Time() < Now<NodeSeconds>() - m_options.max_tip_age) {
1844  return true;
1845  }
1846  LogPrintf("Leaving InitialBlockDownload (latching to false)\n");
1847  m_cached_finished_ibd.store(true, std::memory_order_relaxed);
1848  return false;
1849 }
1850 
1852 {
1854 
1855  // Before we get past initial download, we cannot reliably alert about forks
1856  // (we assume we don't get stuck on a fork before finishing our initial sync)
1858  return;
1859  }
1860 
1861  if (m_chainman.m_best_invalid && m_chainman.m_best_invalid->nChainWork > m_chain.Tip()->nChainWork + (GetBlockProof(*m_chain.Tip()) * 6)) {
1862  LogPrintf("%s: Warning: Found invalid chain at least ~6 blocks longer than our best chain.\nChain state database corruption likely.\n", __func__);
1864  } else {
1866  }
1867 }
1868 
1869 // Called both upon regular invalid block discovery *and* InvalidateBlock
1871 {
1873  if (!m_chainman.m_best_invalid || pindexNew->nChainWork > m_chainman.m_best_invalid->nChainWork) {
1874  m_chainman.m_best_invalid = pindexNew;
1875  }
1876  if (m_chainman.m_best_header != nullptr && m_chainman.m_best_header->GetAncestor(pindexNew->nHeight) == pindexNew) {
1877  m_chainman.m_best_header = m_chain.Tip();
1878  }
1879 
1880  LogPrintf("%s: invalid block=%s height=%d log2_work=%f date=%s\n", __func__,
1881  pindexNew->GetBlockHash().ToString(), pindexNew->nHeight,
1882  log(pindexNew->nChainWork.getdouble())/log(2.0), FormatISO8601DateTime(pindexNew->GetBlockTime()));
1883  CBlockIndex *tip = m_chain.Tip();
1884  assert (tip);
1885  LogPrintf("%s: current best=%s height=%d log2_work=%f date=%s\n", __func__,
1886  tip->GetBlockHash().ToString(), m_chain.Height(), log(tip->nChainWork.getdouble())/log(2.0),
1889 }
1890 
1891 // Same as InvalidChainFound, above, except not called directly from InvalidateBlock,
1892 // which does its own setBlockIndexCandidates management.
1894 {
1897  pindex->nStatus |= BLOCK_FAILED_VALID;
1898  m_chainman.m_failed_blocks.insert(pindex);
1899  m_blockman.m_dirty_blockindex.insert(pindex);
1900  setBlockIndexCandidates.erase(pindex);
1901  InvalidChainFound(pindex);
1902  }
1903 }
1904 
1905 void UpdateCoins(const CTransaction& tx, CCoinsViewCache& inputs, CTxUndo &txundo, int nHeight)
1906 {
1907  // mark inputs spent
1908  if (!tx.IsCoinBase()) {
1909  txundo.vprevout.reserve(tx.vin.size());
1910  for (const CTxIn &txin : tx.vin) {
1911  txundo.vprevout.emplace_back();
1912  bool is_spent = inputs.SpendCoin(txin.prevout, &txundo.vprevout.back());
1913  assert(is_spent);
1914  }
1915  }
1916  // add outputs
1917  AddCoins(inputs, tx, nHeight);
1918 }
1919 
1921  const CScript &scriptSig = ptxTo->vin[nIn].scriptSig;
1922  const CScriptWitness *witness = &ptxTo->vin[nIn].scriptWitness;
1924 }
1925 
1928 
1929 bool InitScriptExecutionCache(size_t max_size_bytes)
1930 {
1931  // Setup the salted hasher
1933  // We want the nonce to be 64 bytes long to force the hasher to process
1934  // this chunk, which makes later hash computations more efficient. We
1935  // just write our 32-byte entropy twice to fill the 64 bytes.
1938 
1939  auto setup_results = g_scriptExecutionCache.setup_bytes(max_size_bytes);
1940  if (!setup_results) return false;
1941 
1942  const auto [num_elems, approx_size_bytes] = *setup_results;
1943  LogPrintf("Using %zu MiB out of %zu MiB requested for script execution cache, able to store %zu elements\n",
1944  approx_size_bytes >> 20, max_size_bytes >> 20, num_elems);
1945  return true;
1946 }
1947 
1968  const CCoinsViewCache& inputs, unsigned int flags, bool cacheSigStore,
1969  bool cacheFullScriptStore, PrecomputedTransactionData& txdata,
1970  std::vector<CScriptCheck>* pvChecks)
1971 {
1972  if (tx.IsCoinBase()) return true;
1973 
1974  if (pvChecks) {
1975  pvChecks->reserve(tx.vin.size());
1976  }
1977 
1978  // First check if script executions have been cached with the same
1979  // flags. Note that this assumes that the inputs provided are
1980  // correct (ie that the transaction hash which is in tx's prevouts
1981  // properly commits to the scriptPubKey in the inputs view of that
1982  // transaction).
1983  uint256 hashCacheEntry;
1985  hasher.Write(UCharCast(tx.GetWitnessHash().begin()), 32).Write((unsigned char*)&flags, sizeof(flags)).Finalize(hashCacheEntry.begin());
1986  AssertLockHeld(cs_main); //TODO: Remove this requirement by making CuckooCache not require external locks
1987  if (g_scriptExecutionCache.contains(hashCacheEntry, !cacheFullScriptStore)) {
1988  return true;
1989  }
1990 
1991  if (!txdata.m_spent_outputs_ready) {
1992  std::vector<CTxOut> spent_outputs;
1993  spent_outputs.reserve(tx.vin.size());
1994 
1995  for (const auto& txin : tx.vin) {
1996  const COutPoint& prevout = txin.prevout;
1997  const Coin& coin = inputs.AccessCoin(prevout);
1998  assert(!coin.IsSpent());
1999  spent_outputs.emplace_back(coin.out);
2000  }
2001  txdata.Init(tx, std::move(spent_outputs));
2002  }
2003  assert(txdata.m_spent_outputs.size() == tx.vin.size());
2004 
2005  for (unsigned int i = 0; i < tx.vin.size(); i++) {
2006 
2007  // We very carefully only pass in things to CScriptCheck which
2008  // are clearly committed to by tx' witness hash. This provides
2009  // a sanity check that our caching is not introducing consensus
2010  // failures through additional data in, eg, the coins being
2011  // spent being checked as a part of CScriptCheck.
2012 
2013  // Verify signature
2014  CScriptCheck check(txdata.m_spent_outputs[i], tx, i, flags, cacheSigStore, &txdata);
2015  if (pvChecks) {
2016  pvChecks->emplace_back(std::move(check));
2017  } else if (!check()) {
2019  // Check whether the failure was caused by a
2020  // non-mandatory script verification check, such as
2021  // non-standard DER encodings or non-null dummy
2022  // arguments; if so, ensure we return NOT_STANDARD
2023  // instead of CONSENSUS to avoid downstream users
2024  // splitting the network between upgraded and
2025  // non-upgraded nodes by banning CONSENSUS-failing
2026  // data providers.
2027  CScriptCheck check2(txdata.m_spent_outputs[i], tx, i,
2028  flags & ~STANDARD_NOT_MANDATORY_VERIFY_FLAGS, cacheSigStore, &txdata);
2029  if (check2())
2030  return state.Invalid(TxValidationResult::TX_NOT_STANDARD, strprintf("non-mandatory-script-verify-flag (%s)", ScriptErrorString(check.GetScriptError())));
2031  }
2032  // MANDATORY flag failures correspond to
2033  // TxValidationResult::TX_CONSENSUS. Because CONSENSUS
2034  // failures are the most serious case of validation
2035  // failures, we may need to consider using
2036  // RECENT_CONSENSUS_CHANGE for any script failure that
2037  // could be due to non-upgraded nodes which we may want to
2038  // support, to avoid splitting the network (but this
2039  // depends on the details of how net_processing handles
2040  // such errors).
2041  return state.Invalid(TxValidationResult::TX_CONSENSUS, strprintf("mandatory-script-verify-flag-failed (%s)", ScriptErrorString(check.GetScriptError())));
2042  }
2043  }
2044 
2045  if (cacheFullScriptStore && !pvChecks) {
2046  // We executed all of the provided scripts, and were told to
2047  // cache the result. Do so now.
2048  g_scriptExecutionCache.insert(hashCacheEntry);
2049  }
2050 
2051  return true;
2052 }
2053 
2054 bool FatalError(Notifications& notifications, BlockValidationState& state, const std::string& strMessage, const bilingual_str& userMessage)
2055 {
2056  notifications.fatalError(strMessage, userMessage);
2057  return state.Error(strMessage);
2058 }
2059 
2067 int ApplyTxInUndo(Coin&& undo, CCoinsViewCache& view, const COutPoint& out)
2068 {
2069  bool fClean = true;
2070 
2071  if (view.HaveCoin(out)) fClean = false; // overwriting transaction output
2072 
2073  if (undo.nHeight == 0) {
2074  // Missing undo metadata (height and coinbase). Older versions included this
2075  // information only in undo records for the last spend of a transactions'
2076  // outputs. This implies that it must be present for some other output of the same tx.
2077  const Coin& alternate = AccessByTxid(view, out.hash);
2078  if (!alternate.IsSpent()) {
2079  undo.nHeight = alternate.nHeight;
2080  undo.fCoinBase = alternate.fCoinBase;
2081  } else {
2082  return DISCONNECT_FAILED; // adding output for transaction without known metadata
2083  }
2084  }
2085  // If the coin already exists as an unspent coin in the cache, then the
2086  // possible_overwrite parameter to AddCoin must be set to true. We have
2087  // already checked whether an unspent coin exists above using HaveCoin, so
2088  // we don't need to guess. When fClean is false, an unspent coin already
2089  // existed and it is an overwrite.
2090  view.AddCoin(out, std::move(undo), !fClean);
2091 
2092  return fClean ? DISCONNECT_OK : DISCONNECT_UNCLEAN;
2093 }
2094 
2097 DisconnectResult Chainstate::DisconnectBlock(const CBlock& block, const CBlockIndex* pindex, CCoinsViewCache& view)
2098 {
2100  bool fClean = true;
2101 
2102  CBlockUndo blockUndo;
2103  if (!m_blockman.UndoReadFromDisk(blockUndo, *pindex)) {
2104  LogError("DisconnectBlock(): failure reading undo data\n");
2105  return DISCONNECT_FAILED;
2106  }
2107 
2108  if (blockUndo.vtxundo.size() + 1 != block.vtx.size()) {
2109  LogError("DisconnectBlock(): block and undo data inconsistent\n");
2110  return DISCONNECT_FAILED;
2111  }
2112 
2113  // Ignore blocks that contain transactions which are 'overwritten' by later transactions,
2114  // unless those are already completely spent.
2115  // See https://github.com/bitcoin/bitcoin/issues/22596 for additional information.
2116  // Note: the blocks specified here are different than the ones used in ConnectBlock because DisconnectBlock
2117  // unwinds the blocks in reverse. As a result, the inconsistency is not discovered until the earlier
2118  // blocks with the duplicate coinbase transactions are disconnected.
2119  bool fEnforceBIP30 = !((pindex->nHeight==91722 && pindex->GetBlockHash() == uint256S("0x00000000000271a2dc26e7667f8419f2e15416dc6955e5a6c6cdf3f2574dd08e")) ||
2120  (pindex->nHeight==91812 && pindex->GetBlockHash() == uint256S("0x00000000000af0aed4792b1acee3d966af36cf5def14935db8de83d6f9306f2f")));
2121 
2122  // undo transactions in reverse order
2123  for (int i = block.vtx.size() - 1; i >= 0; i--) {
2124  const CTransaction &tx = *(block.vtx[i]);
2125  Txid hash = tx.GetHash();
2126  bool is_coinbase = tx.IsCoinBase();
2127  bool is_bip30_exception = (is_coinbase && !fEnforceBIP30);
2128 
2129  // Check that all outputs are available and match the outputs in the block itself
2130  // exactly.
2131  for (size_t o = 0; o < tx.vout.size(); o++) {
2132  if (!tx.vout[o].scriptPubKey.IsUnspendable()) {
2133  COutPoint out(hash, o);
2134  Coin coin;
2135  bool is_spent = view.SpendCoin(out, &coin);
2136  if (!is_spent || tx.vout[o] != coin.out || pindex->nHeight != coin.nHeight || is_coinbase != coin.fCoinBase) {
2137  if (!is_bip30_exception) {
2138  fClean = false; // transaction output mismatch
2139  }
2140  }
2141  }
2142  }
2143 
2144  // restore inputs
2145  if (i > 0) { // not coinbases
2146  CTxUndo &txundo = blockUndo.vtxundo[i-1];
2147  if (txundo.vprevout.size() != tx.vin.size()) {
2148  LogError("DisconnectBlock(): transaction and undo data inconsistent\n");
2149  return DISCONNECT_FAILED;
2150  }
2151  for (unsigned int j = tx.vin.size(); j > 0;) {
2152  --j;
2153  const COutPoint& out = tx.vin[j].prevout;
2154  int res = ApplyTxInUndo(std::move(txundo.vprevout[j]), view, out);
2155  if (res == DISCONNECT_FAILED) return DISCONNECT_FAILED;
2156  fClean = fClean && res != DISCONNECT_UNCLEAN;
2157  }
2158  // At this point, all of txundo.vprevout should have been moved out.
2159  }
2160  }
2161 
2162  // move best block pointer to prevout block
2163  view.SetBestBlock(pindex->pprev->GetBlockHash());
2164 
2165  return fClean ? DISCONNECT_OK : DISCONNECT_UNCLEAN;
2166 }
2167 
2172 {
2173 private:
2175  int m_bit;
2176 
2177 public:
2178  explicit WarningBitsConditionChecker(const ChainstateManager& chainman, int bit) : m_chainman{chainman}, m_bit(bit) {}
2179 
2180  int64_t BeginTime(const Consensus::Params& params) const override { return 0; }
2181  int64_t EndTime(const Consensus::Params& params) const override { return std::numeric_limits<int64_t>::max(); }
2182  int Period(const Consensus::Params& params) const override { return params.nMinerConfirmationWindow; }
2183  int Threshold(const Consensus::Params& params) const override { return params.nRuleChangeActivationThreshold; }
2184 
2185  bool Condition(const CBlockIndex* pindex, const Consensus::Params& params) const override
2186  {
2187  return pindex->nHeight >= params.MinBIP9WarningHeight &&
2189  ((pindex->nVersion >> m_bit) & 1) != 0 &&
2190  ((m_chainman.m_versionbitscache.ComputeBlockVersion(pindex->pprev, params) >> m_bit) & 1) == 0;
2191  }
2192 };
2193 
2194 static unsigned int GetBlockScriptFlags(const CBlockIndex& block_index, const ChainstateManager& chainman)
2195 {
2196  const Consensus::Params& consensusparams = chainman.GetConsensus();
2197 
2198  // BIP16 didn't become active until Apr 1 2012 (on mainnet, and
2199  // retroactively applied to testnet)
2200  // However, only one historical block violated the P2SH rules (on both
2201  // mainnet and testnet).
2202  // Similarly, only one historical block violated the TAPROOT rules on
2203  // mainnet.
2204  // For simplicity, always leave P2SH+WITNESS+TAPROOT on except for the two
2205  // violating blocks.
2207  const auto it{consensusparams.script_flag_exceptions.find(*Assert(block_index.phashBlock))};
2208  if (it != consensusparams.script_flag_exceptions.end()) {
2209  flags = it->second;
2210  }
2211 
2212  // Enforce the DERSIG (BIP66) rule
2213  if (DeploymentActiveAt(block_index, chainman, Consensus::DEPLOYMENT_DERSIG)) {
2215  }
2216 
2217  // Enforce CHECKLOCKTIMEVERIFY (BIP65)
2218  if (DeploymentActiveAt(block_index, chainman, Consensus::DEPLOYMENT_CLTV)) {
2220  }
2221 
2222  // Enforce CHECKSEQUENCEVERIFY (BIP112)
2223  if (DeploymentActiveAt(block_index, chainman, Consensus::DEPLOYMENT_CSV)) {
2225  }
2226 
2227  // Enforce BIP147 NULLDUMMY (activated simultaneously with segwit)
2228  if (DeploymentActiveAt(block_index, chainman, Consensus::DEPLOYMENT_SEGWIT)) {
2230  }
2231 
2232  return flags;
2233 }
2234 
2235 
2236 static SteadyClock::duration time_check{};
2237 static SteadyClock::duration time_forks{};
2238 static SteadyClock::duration time_connect{};
2239 static SteadyClock::duration time_verify{};
2240 static SteadyClock::duration time_undo{};
2241 static SteadyClock::duration time_index{};
2242 static SteadyClock::duration time_total{};
2243 static int64_t num_blocks_total = 0;
2244 
2248 bool Chainstate::ConnectBlock(const CBlock& block, BlockValidationState& state, CBlockIndex* pindex,
2249  CCoinsViewCache& view, bool fJustCheck)
2250 {
2252  assert(pindex);
2253 
2254  uint256 block_hash{block.GetHash()};
2255  assert(*pindex->phashBlock == block_hash);
2256  const bool parallel_script_checks{m_chainman.GetCheckQueue().HasThreads()};
2257 
2258  const auto time_start{SteadyClock::now()};
2259  const CChainParams& params{m_chainman.GetParams()};
2260 
2261  // Check it again in case a previous version let a bad block in
2262  // NOTE: We don't currently (re-)invoke ContextualCheckBlock() or
2263  // ContextualCheckBlockHeader() here. This means that if we add a new
2264  // consensus rule that is enforced in one of those two functions, then we
2265  // may have let in a block that violates the rule prior to updating the
2266  // software, and we would NOT be enforcing the rule here. Fully solving
2267  // upgrade from one software version to the next after a consensus rule
2268  // change is potentially tricky and issue-specific (see NeedsRedownload()
2269  // for one approach that was used for BIP 141 deployment).
2270  // Also, currently the rule against blocks more than 2 hours in the future
2271  // is enforced in ContextualCheckBlockHeader(); we wouldn't want to
2272  // re-enforce that rule here (at least until we make it impossible for
2273  // the clock to go backward).
2274  if (!CheckBlock(block, state, params.GetConsensus(), !fJustCheck, !fJustCheck)) {
2276  // We don't write down blocks to disk if they may have been
2277  // corrupted, so this should be impossible unless we're having hardware
2278  // problems.
2279  return FatalError(m_chainman.GetNotifications(), state, "Corrupt block found indicating potential hardware failure; shutting down");
2280  }
2281  LogError("%s: Consensus::CheckBlock: %s\n", __func__, state.ToString());
2282  return false;
2283  }
2284 
2285  // verify that the view's current state corresponds to the previous block
2286  uint256 hashPrevBlock = pindex->pprev == nullptr ? uint256() : pindex->pprev->GetBlockHash();
2287  assert(hashPrevBlock == view.GetBestBlock());
2288 
2289  num_blocks_total++;
2290 
2291  // Special case for the genesis block, skipping connection of its transactions
2292  // (its coinbase is unspendable)
2293  if (block_hash == params.GetConsensus().hashGenesisBlock) {
2294  if (!fJustCheck)
2295  view.SetBestBlock(pindex->GetBlockHash());
2296  return true;
2297  }
2298 
2299  bool fScriptChecks = true;
2300  if (!m_chainman.AssumedValidBlock().IsNull()) {
2301  // We've been configured with the hash of a block which has been externally verified to have a valid history.
2302  // A suitable default value is included with the software and updated from time to time. Because validity
2303  // relative to a piece of software is an objective fact these defaults can be easily reviewed.
2304  // This setting doesn't force the selection of any particular chain but makes validating some faster by
2305  // effectively caching the result of part of the verification.
2306  BlockMap::const_iterator it{m_blockman.m_block_index.find(m_chainman.AssumedValidBlock())};
2307  if (it != m_blockman.m_block_index.end()) {
2308  if (it->second.GetAncestor(pindex->nHeight) == pindex &&
2309  m_chainman.m_best_header->GetAncestor(pindex->nHeight) == pindex &&
2310  m_chainman.m_best_header->nChainWork >= m_chainman.MinimumChainWork()) {
2311  // This block is a member of the assumed verified chain and an ancestor of the best header.
2312  // Script verification is skipped when connecting blocks under the
2313  // assumevalid block. Assuming the assumevalid block is valid this
2314  // is safe because block merkle hashes are still computed and checked,
2315  // Of course, if an assumed valid block is invalid due to false scriptSigs
2316  // this optimization would allow an invalid chain to be accepted.
2317  // The equivalent time check discourages hash power from extorting the network via DOS attack
2318  // into accepting an invalid block through telling users they must manually set assumevalid.
2319  // Requiring a software change or burying the invalid block, regardless of the setting, makes
2320  // it hard to hide the implication of the demand. This also avoids having release candidates
2321  // that are hardly doing any signature verification at all in testing without having to
2322  // artificially set the default assumed verified block further back.
2323  // The test against the minimum chain work prevents the skipping when denied access to any chain at
2324  // least as good as the expected chain.
2325  fScriptChecks = (GetBlockProofEquivalentTime(*m_chainman.m_best_header, *pindex, *m_chainman.m_best_header, params.GetConsensus()) <= 60 * 60 * 24 * 7 * 2);
2326  }
2327  }
2328  }
2329 
2330  const auto time_1{SteadyClock::now()};
2331  time_check += time_1 - time_start;
2332  LogPrint(BCLog::BENCH, " - Sanity checks: %.2fms [%.2fs (%.2fms/blk)]\n",
2333  Ticks<MillisecondsDouble>(time_1 - time_start),
2334  Ticks<SecondsDouble>(time_check),
2335  Ticks<MillisecondsDouble>(time_check) / num_blocks_total);
2336 
2337  // Do not allow blocks that contain transactions which 'overwrite' older transactions,
2338  // unless those are already completely spent.
2339  // If such overwrites are allowed, coinbases and transactions depending upon those
2340  // can be duplicated to remove the ability to spend the first instance -- even after
2341  // being sent to another address.
2342  // See BIP30, CVE-2012-1909, and http://r6.ca/blog/20120206T005236Z.html for more information.
2343  // This rule was originally applied to all blocks with a timestamp after March 15, 2012, 0:00 UTC.
2344  // Now that the whole chain is irreversibly beyond that time it is applied to all blocks except the
2345  // two in the chain that violate it. This prevents exploiting the issue against nodes during their
2346  // initial block download.
2347  bool fEnforceBIP30 = !IsBIP30Repeat(*pindex);
2348 
2349  // Once BIP34 activated it was not possible to create new duplicate coinbases and thus other than starting
2350  // with the 2 existing duplicate coinbase pairs, not possible to create overwriting txs. But by the
2351  // time BIP34 activated, in each of the existing pairs the duplicate coinbase had overwritten the first
2352  // before the first had been spent. Since those coinbases are sufficiently buried it's no longer possible to create further
2353  // duplicate transactions descending from the known pairs either.
2354  // If we're on the known chain at height greater than where BIP34 activated, we can save the db accesses needed for the BIP30 check.
2355 
2356  // BIP34 requires that a block at height X (block X) has its coinbase
2357  // scriptSig start with a CScriptNum of X (indicated height X). The above
2358  // logic of no longer requiring BIP30 once BIP34 activates is flawed in the
2359  // case that there is a block X before the BIP34 height of 227,931 which has
2360  // an indicated height Y where Y is greater than X. The coinbase for block
2361  // X would also be a valid coinbase for block Y, which could be a BIP30
2362  // violation. An exhaustive search of all mainnet coinbases before the
2363  // BIP34 height which have an indicated height greater than the block height
2364  // reveals many occurrences. The 3 lowest indicated heights found are
2365  // 209,921, 490,897, and 1,983,702 and thus coinbases for blocks at these 3
2366  // heights would be the first opportunity for BIP30 to be violated.
2367 
2368  // The search reveals a great many blocks which have an indicated height
2369  // greater than 1,983,702, so we simply remove the optimization to skip
2370  // BIP30 checking for blocks at height 1,983,702 or higher. Before we reach
2371  // that block in another 25 years or so, we should take advantage of a
2372  // future consensus change to do a new and improved version of BIP34 that
2373  // will actually prevent ever creating any duplicate coinbases in the
2374  // future.
2375  static constexpr int BIP34_IMPLIES_BIP30_LIMIT = 1983702;
2376 
2377  // There is no potential to create a duplicate coinbase at block 209,921
2378  // because this is still before the BIP34 height and so explicit BIP30
2379  // checking is still active.
2380 
2381  // The final case is block 176,684 which has an indicated height of
2382  // 490,897. Unfortunately, this issue was not discovered until about 2 weeks
2383  // before block 490,897 so there was not much opportunity to address this
2384  // case other than to carefully analyze it and determine it would not be a
2385  // problem. Block 490,897 was, in fact, mined with a different coinbase than
2386  // block 176,684, but it is important to note that even if it hadn't been or
2387  // is remined on an alternate fork with a duplicate coinbase, we would still
2388  // not run into a BIP30 violation. This is because the coinbase for 176,684
2389  // is spent in block 185,956 in transaction
2390  // d4f7fbbf92f4a3014a230b2dc70b8058d02eb36ac06b4a0736d9d60eaa9e8781. This
2391  // spending transaction can't be duplicated because it also spends coinbase
2392  // 0328dd85c331237f18e781d692c92de57649529bd5edf1d01036daea32ffde29. This
2393  // coinbase has an indicated height of over 4.2 billion, and wouldn't be
2394  // duplicatable until that height, and it's currently impossible to create a
2395  // chain that long. Nevertheless we may wish to consider a future soft fork
2396  // which retroactively prevents block 490,897 from creating a duplicate
2397  // coinbase. The two historical BIP30 violations often provide a confusing
2398  // edge case when manipulating the UTXO and it would be simpler not to have
2399  // another edge case to deal with.
2400 
2401  // testnet3 has no blocks before the BIP34 height with indicated heights
2402  // post BIP34 before approximately height 486,000,000. After block
2403  // 1,983,702 testnet3 starts doing unnecessary BIP30 checking again.
2404  assert(pindex->pprev);
2405  CBlockIndex* pindexBIP34height = pindex->pprev->GetAncestor(params.GetConsensus().BIP34Height);
2406  //Only continue to enforce if we're below BIP34 activation height or the block hash at that height doesn't correspond.
2407  fEnforceBIP30 = fEnforceBIP30 && (!pindexBIP34height || !(pindexBIP34height->GetBlockHash() == params.GetConsensus().BIP34Hash));
2408 
2409  // TODO: Remove BIP30 checking from block height 1,983,702 on, once we have a
2410  // consensus change that ensures coinbases at those heights cannot
2411  // duplicate earlier coinbases.
2412  if (fEnforceBIP30 || pindex->nHeight >= BIP34_IMPLIES_BIP30_LIMIT) {
2413  for (const auto& tx : block.vtx) {
2414  for (size_t o = 0; o < tx->vout.size(); o++) {
2415  if (view.HaveCoin(COutPoint(tx->GetHash(), o))) {
2416  LogPrintf("ERROR: ConnectBlock(): tried to overwrite transaction\n");
2417  return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-txns-BIP30");
2418  }
2419  }
2420  }
2421  }
2422 
2423  // Enforce BIP68 (sequence locks)
2424  int nLockTimeFlags = 0;
2426  nLockTimeFlags |= LOCKTIME_VERIFY_SEQUENCE;
2427  }
2428 
2429  // Get the script flags for this block
2430  unsigned int flags{GetBlockScriptFlags(*pindex, m_chainman)};
2431 
2432  const auto time_2{SteadyClock::now()};
2433  time_forks += time_2 - time_1;
2434  LogPrint(BCLog::BENCH, " - Fork checks: %.2fms [%.2fs (%.2fms/blk)]\n",
2435  Ticks<MillisecondsDouble>(time_2 - time_1),
2436  Ticks<SecondsDouble>(time_forks),
2437  Ticks<MillisecondsDouble>(time_forks) / num_blocks_total);
2438 
2439  CBlockUndo blockundo;
2440 
2441  // Precomputed transaction data pointers must not be invalidated
2442  // until after `control` has run the script checks (potentially
2443  // in multiple threads). Preallocate the vector size so a new allocation
2444  // doesn't invalidate pointers into the vector, and keep txsdata in scope
2445  // for as long as `control`.
2446  CCheckQueueControl<CScriptCheck> control(fScriptChecks && parallel_script_checks ? &m_chainman.GetCheckQueue() : nullptr);
2447  std::vector<PrecomputedTransactionData> txsdata(block.vtx.size());
2448 
2449  std::vector<int> prevheights;
2450  CAmount nFees = 0;
2451  int nInputs = 0;
2452  int64_t nSigOpsCost = 0;
2453  blockundo.vtxundo.reserve(block.vtx.size() - 1);
2454  for (unsigned int i = 0; i < block.vtx.size(); i++)
2455  {
2456  const CTransaction &tx = *(block.vtx[i]);
2457 
2458  nInputs += tx.vin.size();
2459 
2460  if (!tx.IsCoinBase())
2461  {
2462  CAmount txfee = 0;
2463  TxValidationState tx_state;
2464  if (!Consensus::CheckTxInputs(tx, tx_state, view, pindex->nHeight, txfee)) {
2465  // Any transaction validation failure in ConnectBlock is a block consensus failure
2467  tx_state.GetRejectReason(), tx_state.GetDebugMessage());
2468  LogError("%s: Consensus::CheckTxInputs: %s, %s\n", __func__, tx.GetHash().ToString(), state.ToString());
2469  return false;
2470  }
2471  nFees += txfee;
2472  if (!MoneyRange(nFees)) {
2473  LogPrintf("ERROR: %s: accumulated fee in the block out of range.\n", __func__);
2474  return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-txns-accumulated-fee-outofrange");
2475  }
2476 
2477  // Check that transaction is BIP68 final
2478  // BIP68 lock checks (as opposed to nLockTime checks) must
2479  // be in ConnectBlock because they require the UTXO set
2480  prevheights.resize(tx.vin.size());
2481  for (size_t j = 0; j < tx.vin.size(); j++) {
2482  prevheights[j] = view.AccessCoin(tx.vin[j].prevout).nHeight;
2483  }
2484 
2485  if (!SequenceLocks(tx, nLockTimeFlags, prevheights, *pindex)) {
2486  LogPrintf("ERROR: %s: contains a non-BIP68-final transaction\n", __func__);
2487  return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-txns-nonfinal");
2488  }
2489  }
2490 
2491  // GetTransactionSigOpCost counts 3 types of sigops:
2492  // * legacy (always)
2493  // * p2sh (when P2SH enabled in flags and excludes coinbase)
2494  // * witness (when witness enabled in flags and excludes coinbase)
2495  nSigOpsCost += GetTransactionSigOpCost(tx, view, flags);
2496  if (nSigOpsCost > MAX_BLOCK_SIGOPS_COST) {
2497  LogPrintf("ERROR: ConnectBlock(): too many sigops\n");
2498  return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-blk-sigops");
2499  }
2500 
2501  if (!tx.IsCoinBase())
2502  {
2503  std::vector<CScriptCheck> vChecks;
2504  bool fCacheResults = fJustCheck; /* Don't cache results if we're actually connecting blocks (still consult the cache, though) */
2505  TxValidationState tx_state;
2506  if (fScriptChecks && !CheckInputScripts(tx, tx_state, view, flags, fCacheResults, fCacheResults, txsdata[i], parallel_script_checks ? &vChecks : nullptr)) {
2507  // Any transaction validation failure in ConnectBlock is a block consensus failure
2509  tx_state.GetRejectReason(), tx_state.GetDebugMessage());
2510  LogError("ConnectBlock(): CheckInputScripts on %s failed with %s\n",
2511  tx.GetHash().ToString(), state.ToString());
2512  return false;
2513  }
2514  control.Add(std::move(vChecks));
2515  }
2516 
2517  CTxUndo undoDummy;
2518  if (i > 0) {
2519  blockundo.vtxundo.emplace_back();
2520  }
2521  UpdateCoins(tx, view, i == 0 ? undoDummy : blockundo.vtxundo.back(), pindex->nHeight);
2522  }
2523  const auto time_3{SteadyClock::now()};
2524  time_connect += time_3 - time_2;
2525  LogPrint(BCLog::BENCH, " - Connect %u transactions: %.2fms (%.3fms/tx, %.3fms/txin) [%.2fs (%.2fms/blk)]\n", (unsigned)block.vtx.size(),
2526  Ticks<MillisecondsDouble>(time_3 - time_2), Ticks<MillisecondsDouble>(time_3 - time_2) / block.vtx.size(),
2527  nInputs <= 1 ? 0 : Ticks<MillisecondsDouble>(time_3 - time_2) / (nInputs - 1),
2528  Ticks<SecondsDouble>(time_connect),
2529  Ticks<MillisecondsDouble>(time_connect) / num_blocks_total);
2530 
2531  CAmount blockReward = nFees + GetBlockSubsidy(pindex->nHeight, params.GetConsensus());
2532  if (block.vtx[0]->GetValueOut() > blockReward) {
2533  LogPrintf("ERROR: ConnectBlock(): coinbase pays too much (actual=%d vs limit=%d)\n", block.vtx[0]->GetValueOut(), blockReward);
2534  return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-cb-amount");
2535  }
2536 
2537  if (!control.Wait()) {
2538  LogPrintf("ERROR: %s: CheckQueue failed\n", __func__);
2539  return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "block-validation-failed");
2540  }
2541  const auto time_4{SteadyClock::now()};
2542  time_verify += time_4 - time_2;
2543  LogPrint(BCLog::BENCH, " - Verify %u txins: %.2fms (%.3fms/txin) [%.2fs (%.2fms/blk)]\n", nInputs - 1,
2544  Ticks<MillisecondsDouble>(time_4 - time_2),
2545  nInputs <= 1 ? 0 : Ticks<MillisecondsDouble>(time_4 - time_2) / (nInputs - 1),
2546  Ticks<SecondsDouble>(time_verify),
2547  Ticks<MillisecondsDouble>(time_verify) / num_blocks_total);
2548 
2549  if (fJustCheck)
2550  return true;
2551 
2552  if (!m_blockman.WriteUndoDataForBlock(blockundo, state, *pindex)) {
2553  return false;
2554  }
2555 
2556  const auto time_5{SteadyClock::now()};
2557  time_undo += time_5 - time_4;
2558  LogPrint(BCLog::BENCH, " - Write undo data: %.2fms [%.2fs (%.2fms/blk)]\n",
2559  Ticks<MillisecondsDouble>(time_5 - time_4),
2560  Ticks<SecondsDouble>(time_undo),
2561  Ticks<MillisecondsDouble>(time_undo) / num_blocks_total);
2562 
2563  if (!pindex->IsValid(BLOCK_VALID_SCRIPTS)) {
2565  m_blockman.m_dirty_blockindex.insert(pindex);
2566  }
2567 
2568  // add this block to the view's block chain
2569  view.SetBestBlock(pindex->GetBlockHash());
2570 
2571  const auto time_6{SteadyClock::now()};
2572  time_index += time_6 - time_5;
2573  LogPrint(BCLog::BENCH, " - Index writing: %.2fms [%.2fs (%.2fms/blk)]\n",
2574  Ticks<MillisecondsDouble>(time_6 - time_5),
2575  Ticks<SecondsDouble>(time_index),
2576  Ticks<MillisecondsDouble>(time_index) / num_blocks_total);
2577 
2578  TRACE6(validation, block_connected,
2579  block_hash.data(),
2580  pindex->nHeight,
2581  block.vtx.size(),
2582  nInputs,
2583  nSigOpsCost,
2584  time_5 - time_start // in microseconds (µs)
2585  );
2586 
2587  return true;
2588 }
2589 
2590 CoinsCacheSizeState Chainstate::GetCoinsCacheSizeState()
2591 {
2593  return this->GetCoinsCacheSizeState(
2596 }
2597 
2598 CoinsCacheSizeState Chainstate::GetCoinsCacheSizeState(
2599  size_t max_coins_cache_size_bytes,
2600  size_t max_mempool_size_bytes)
2601 {
2603  const int64_t nMempoolUsage = m_mempool ? m_mempool->DynamicMemoryUsage() : 0;
2604  int64_t cacheSize = CoinsTip().DynamicMemoryUsage();
2605  int64_t nTotalSpace =
2606  max_coins_cache_size_bytes + std::max<int64_t>(int64_t(max_mempool_size_bytes) - nMempoolUsage, 0);
2607 
2609  static constexpr int64_t MAX_BLOCK_COINSDB_USAGE_BYTES = 10 * 1024 * 1024; // 10MB
2610  int64_t large_threshold =
2611  std::max((9 * nTotalSpace) / 10, nTotalSpace - MAX_BLOCK_COINSDB_USAGE_BYTES);
2612 
2613  if (cacheSize > nTotalSpace) {
2614  LogPrintf("Cache size (%s) exceeds total space (%s)\n", cacheSize, nTotalSpace);
2616  } else if (cacheSize > large_threshold) {
2618  }
2619  return CoinsCacheSizeState::OK;
2620 }
2621 
2622 bool Chainstate::FlushStateToDisk(
2623  BlockValidationState &state,
2624  FlushStateMode mode,
2625  int nManualPruneHeight)
2626 {
2627  LOCK(cs_main);
2628  assert(this->CanFlushToDisk());
2629  std::set<int> setFilesToPrune;
2630  bool full_flush_completed = false;
2631 
2632  const size_t coins_count = CoinsTip().GetCacheSize();
2633  const size_t coins_mem_usage = CoinsTip().DynamicMemoryUsage();
2634 
2635  try {
2636  {
2637  bool fFlushForPrune = false;
2638  bool fDoFullFlush = false;
2639 
2640  CoinsCacheSizeState cache_state = GetCoinsCacheSizeState();
2642  if (m_blockman.IsPruneMode() && (m_blockman.m_check_for_pruning || nManualPruneHeight > 0) && !fReindex) {
2643  // make sure we don't prune above any of the prune locks bestblocks
2644  // pruning is height-based
2645  int last_prune{m_chain.Height()}; // last height we can prune
2646  std::optional<std::string> limiting_lock; // prune lock that actually was the limiting factor, only used for logging
2647 
2648  for (const auto& prune_lock : m_blockman.m_prune_locks) {
2649  if (prune_lock.second.height_first == std::numeric_limits<int>::max()) continue;
2650  // Remove the buffer and one additional block here to get actual height that is outside of the buffer
2651  const int lock_height{prune_lock.second.height_first - PRUNE_LOCK_BUFFER - 1};
2652  last_prune = std::max(1, std::min(last_prune, lock_height));
2653  if (last_prune == lock_height) {
2654  limiting_lock = prune_lock.first;
2655  }
2656  }
2657 
2658  if (limiting_lock) {
2659  LogPrint(BCLog::PRUNE, "%s limited pruning to height %d\n", limiting_lock.value(), last_prune);
2660  }
2661 
2662  if (nManualPruneHeight > 0) {
2663  LOG_TIME_MILLIS_WITH_CATEGORY("find files to prune (manual)", BCLog::BENCH);
2664 
2666  setFilesToPrune,
2667  std::min(last_prune, nManualPruneHeight),
2668  *this, m_chainman);
2669  } else {
2670  LOG_TIME_MILLIS_WITH_CATEGORY("find files to prune", BCLog::BENCH);
2671 
2672  m_blockman.FindFilesToPrune(setFilesToPrune, last_prune, *this, m_chainman);
2674  }
2675  if (!setFilesToPrune.empty()) {
2676  fFlushForPrune = true;
2677  if (!m_blockman.m_have_pruned) {
2678  m_blockman.m_block_tree_db->WriteFlag("prunedblockfiles", true);
2679  m_blockman.m_have_pruned = true;
2680  }
2681  }
2682  }
2683  const auto nNow{SteadyClock::now()};
2684  // Avoid writing/flushing immediately after startup.
2685  if (m_last_write == decltype(m_last_write){}) {
2686  m_last_write = nNow;
2687  }
2688  if (m_last_flush == decltype(m_last_flush){}) {
2689  m_last_flush = nNow;
2690  }
2691  // The cache is large and we're within 10% and 10 MiB of the limit, but we have time now (not in the middle of a block processing).
2692  bool fCacheLarge = mode == FlushStateMode::PERIODIC && cache_state >= CoinsCacheSizeState::LARGE;
2693  // The cache is over the limit, we have to write now.
2694  bool fCacheCritical = mode == FlushStateMode::IF_NEEDED && cache_state >= CoinsCacheSizeState::CRITICAL;
2695  // It's been a while since we wrote the block index to disk. Do this frequently, so we don't need to redownload after a crash.
2696  bool fPeriodicWrite = mode == FlushStateMode::PERIODIC && nNow > m_last_write + DATABASE_WRITE_INTERVAL;
2697  // It's been very long since we flushed the cache. Do this infrequently, to optimize cache usage.
2698  bool fPeriodicFlush = mode == FlushStateMode::PERIODIC && nNow > m_last_flush + DATABASE_FLUSH_INTERVAL;
2699  // Combine all conditions that result in a full cache flush.
2700  fDoFullFlush = (mode == FlushStateMode::ALWAYS) || fCacheLarge || fCacheCritical || fPeriodicFlush || fFlushForPrune;
2701  // Write blocks and block index to disk.
2702  if (fDoFullFlush || fPeriodicWrite) {
2703  // Ensure we can write block index
2705  return FatalError(m_chainman.GetNotifications(), state, "Disk space is too low!", _("Disk space is too low!"));
2706  }
2707  {
2708  LOG_TIME_MILLIS_WITH_CATEGORY("write block and undo data to disk", BCLog::BENCH);
2709 
2710  // First make sure all block and undo data is flushed to disk.
2711  // TODO: Handle return error, or add detailed comment why it is
2712  // safe to not return an error upon failure.
2714  LogPrintLevel(BCLog::VALIDATION, BCLog::Level::Warning, "%s: Failed to flush block file.\n", __func__);
2715  }
2716  }
2717 
2718  // Then update all block file information (which may refer to block and undo files).
2719  {
2720  LOG_TIME_MILLIS_WITH_CATEGORY("write block index to disk", BCLog::BENCH);
2721 
2722  if (!m_blockman.WriteBlockIndexDB()) {
2723  return FatalError(m_chainman.GetNotifications(), state, "Failed to write to block index database");
2724  }
2725  }
2726  // Finally remove any pruned files
2727  if (fFlushForPrune) {
2728  LOG_TIME_MILLIS_WITH_CATEGORY("unlink pruned files", BCLog::BENCH);
2729 
2730  m_blockman.UnlinkPrunedFiles(setFilesToPrune);
2731  }
2732  m_last_write = nNow;
2733  }
2734  // Flush best chain related state. This can only be done if the blocks / block index write was also done.
2735  if (fDoFullFlush && !CoinsTip().GetBestBlock().IsNull()) {
2736  LOG_TIME_MILLIS_WITH_CATEGORY(strprintf("write coins cache to disk (%d coins, %.2fkB)",
2737  coins_count, coins_mem_usage / 1000), BCLog::BENCH);
2738 
2739  // Typical Coin structures on disk are around 48 bytes in size.
2740  // Pushing a new one to the database can cause it to be written
2741  // twice (once in the log, and once in the tables). This is already
2742  // an overestimation, as most will delete an existing entry or
2743  // overwrite one. Still, use a conservative safety factor of 2.
2744  if (!CheckDiskSpace(m_chainman.m_options.datadir, 48 * 2 * 2 * CoinsTip().GetCacheSize())) {
2745  return FatalError(m_chainman.GetNotifications(), state, "Disk space is too low!", _("Disk space is too low!"));
2746  }
2747  // Flush the chainstate (which may refer to block index entries).
2748  if (!CoinsTip().Flush())
2749  return FatalError(m_chainman.GetNotifications(), state, "Failed to write to coin database");
2750  m_last_flush = nNow;
2751  full_flush_completed = true;
2752  TRACE5(utxocache, flush,
2753  int64_t{Ticks<std::chrono::microseconds>(SteadyClock::now() - nNow)},
2754  (uint32_t)mode,
2755  (uint64_t)coins_count,
2756  (uint64_t)coins_mem_usage,
2757  (bool)fFlushForPrune);
2758  }
2759  }
2760  if (full_flush_completed && m_chainman.m_options.signals) {
2761  // Update best block in wallet (so we can detect restored wallets).
2763  }
2764  } catch (const std::runtime_error& e) {
2765  return FatalError(m_chainman.GetNotifications(), state, std::string("System error while flushing: ") + e.what());
2766  }
2767  return true;
2768 }
2769 
2771 {
2772  BlockValidationState state;
2773  if (!this->FlushStateToDisk(state, FlushStateMode::ALWAYS)) {
2774  LogPrintf("%s: failed to flush state (%s)\n", __func__, state.ToString());
2775  }
2776 }
2777 
2779 {
2780  BlockValidationState state;
2782  if (!this->FlushStateToDisk(state, FlushStateMode::NONE)) {
2783  LogPrintf("%s: failed to flush state (%s)\n", __func__, state.ToString());
2784  }
2785 }
2786 
2788 static void AppendWarning(bilingual_str& res, const bilingual_str& warn)
2789 {
2790  if (!res.empty()) res += Untranslated(", ");
2791  res += warn;
2792 }
2793 
2794 static void UpdateTipLog(
2795  const CCoinsViewCache& coins_tip,
2796  const CBlockIndex* tip,
2797  const CChainParams& params,
2798  const std::string& func_name,
2799  const std::string& prefix,
2800  const std::string& warning_messages) EXCLUSIVE_LOCKS_REQUIRED(::cs_main)
2801 {
2802 
2804  LogPrintf("%s%s: new best=%s height=%d version=0x%08x log2_work=%f tx=%lu date='%s' progress=%f cache=%.1fMiB(%utxo)%s\n",
2805  prefix, func_name,
2806  tip->GetBlockHash().ToString(), tip->nHeight, tip->nVersion,
2807  log(tip->nChainWork.getdouble()) / log(2.0), (unsigned long)tip->nChainTx,
2809  GuessVerificationProgress(params.TxData(), tip),
2810  coins_tip.DynamicMemoryUsage() * (1.0 / (1 << 20)),
2811  coins_tip.GetCacheSize(),
2812  !warning_messages.empty() ? strprintf(" warning='%s'", warning_messages) : "");
2813 }
2814 
2815 void Chainstate::UpdateTip(const CBlockIndex* pindexNew)
2816 {
2818  const auto& coins_tip = this->CoinsTip();
2819 
2820  const CChainParams& params{m_chainman.GetParams()};
2821 
2822  // The remainder of the function isn't relevant if we are not acting on
2823  // the active chainstate, so return if need be.
2824  if (this != &m_chainman.ActiveChainstate()) {
2825  // Only log every so often so that we don't bury log messages at the tip.
2826  constexpr int BACKGROUND_LOG_INTERVAL = 2000;
2827  if (pindexNew->nHeight % BACKGROUND_LOG_INTERVAL == 0) {
2828  UpdateTipLog(coins_tip, pindexNew, params, __func__, "[background validation] ", "");
2829  }
2830  return;
2831  }
2832 
2833  // New best block
2834  if (m_mempool) {
2836  }
2837 
2838  {
2840  g_best_block = pindexNew->GetBlockHash();
2841  g_best_block_cv.notify_all();
2842  }
2843 
2844  bilingual_str warning_messages;
2846  const CBlockIndex* pindex = pindexNew;
2847  for (int bit = 0; bit < VERSIONBITS_NUM_BITS; bit++) {
2849  ThresholdState state = checker.GetStateFor(pindex, params.GetConsensus(), m_chainman.m_warningcache.at(bit));
2850  if (state == ThresholdState::ACTIVE || state == ThresholdState::LOCKED_IN) {
2851  const bilingual_str warning = strprintf(_("Unknown new rules activated (versionbit %i)"), bit);
2852  if (state == ThresholdState::ACTIVE) {
2853  m_chainman.GetNotifications().warning(warning);
2854  } else {
2855  AppendWarning(warning_messages, warning);
2856  }
2857  }
2858  }
2859  }
2860  UpdateTipLog(coins_tip, pindexNew, params, __func__, "", warning_messages.original);
2861 }
2862 
2874 {
2877 
2878  CBlockIndex *pindexDelete = m_chain.Tip();
2879  assert(pindexDelete);
2880  assert(pindexDelete->pprev);
2881  // Read block from disk.
2882  std::shared_ptr<CBlock> pblock = std::make_shared<CBlock>();
2883  CBlock& block = *pblock;
2884  if (!m_blockman.ReadBlockFromDisk(block, *pindexDelete)) {
2885  LogError("DisconnectTip(): Failed to read block\n");
2886  return false;
2887  }
2888  // Apply the block atomically to the chain state.
2889  const auto time_start{SteadyClock::now()};
2890  {
2891  CCoinsViewCache view(&CoinsTip());
2892  assert(view.GetBestBlock() == pindexDelete->GetBlockHash());
2893  if (DisconnectBlock(block, pindexDelete, view) != DISCONNECT_OK) {
2894  LogError("DisconnectTip(): DisconnectBlock %s failed\n", pindexDelete->GetBlockHash().ToString());
2895  return false;
2896  }
2897  bool flushed = view.Flush();
2898  assert(flushed);
2899  }
2900  LogPrint(BCLog::BENCH, "- Disconnect block: %.2fms\n",
2901  Ticks<MillisecondsDouble>(SteadyClock::now() - time_start));
2902 
2903  {
2904  // Prune locks that began at or after the tip should be moved backward so they get a chance to reorg
2905  const int max_height_first{pindexDelete->nHeight - 1};
2906  for (auto& prune_lock : m_blockman.m_prune_locks) {
2907  if (prune_lock.second.height_first <= max_height_first) continue;
2908 
2909  prune_lock.second.height_first = max_height_first;
2910  LogPrint(BCLog::PRUNE, "%s prune lock moved back to %d\n", prune_lock.first, max_height_first);
2911  }
2912  }
2913 
2914  // Write the chain state to disk, if necessary.
2915  if (!FlushStateToDisk(state, FlushStateMode::IF_NEEDED)) {
2916  return false;
2917  }
2918 
2919  if (disconnectpool && m_mempool) {
2920  // Save transactions to re-add to mempool at end of reorg. If any entries are evicted for
2921  // exceeding memory limits, remove them and their descendants from the mempool.
2922  for (auto&& evicted_tx : disconnectpool->AddTransactionsFromBlock(block.vtx)) {
2924  }
2925  }
2926 
2927  m_chain.SetTip(*pindexDelete->pprev);
2928 
2929  UpdateTip(pindexDelete->pprev);
2930  // Let wallets know transactions went from 1-confirmed to
2931  // 0-confirmed or conflicted:
2933  m_chainman.m_options.signals->BlockDisconnected(pblock, pindexDelete);
2934  }
2935  return true;
2936 }
2937 
2938 static SteadyClock::duration time_connect_total{};
2939 static SteadyClock::duration time_flush{};
2940 static SteadyClock::duration time_chainstate{};
2941 static SteadyClock::duration time_post_connect{};
2942 
2944  CBlockIndex* pindex = nullptr;
2945  std::shared_ptr<const CBlock> pblock;
2947 };
2956 private:
2957  std::vector<PerBlockConnectTrace> blocksConnected;
2958 
2959 public:
2960  explicit ConnectTrace() : blocksConnected(1) {}
2961 
2962  void BlockConnected(CBlockIndex* pindex, std::shared_ptr<const CBlock> pblock) {
2963  assert(!blocksConnected.back().pindex);
2964  assert(pindex);
2965  assert(pblock);
2966  blocksConnected.back().pindex = pindex;
2967  blocksConnected.back().pblock = std::move(pblock);
2968  blocksConnected.emplace_back();
2969  }
2970 
2971  std::vector<PerBlockConnectTrace>& GetBlocksConnected() {
2972  // We always keep one extra block at the end of our list because
2973  // blocks are added after all the conflicted transactions have
2974  // been filled in. Thus, the last entry should always be an empty
2975  // one waiting for the transactions from the next block. We pop
2976  // the last entry here to make sure the list we return is sane.
2977  assert(!blocksConnected.back().pindex);
2978  blocksConnected.pop_back();
2979  return blocksConnected;
2980  }
2981 };
2982 
2989 bool Chainstate::ConnectTip(BlockValidationState& state, CBlockIndex* pindexNew, const std::shared_ptr<const CBlock>& pblock, ConnectTrace& connectTrace, DisconnectedBlockTransactions& disconnectpool)
2990 {
2993 
2994  assert(pindexNew->pprev == m_chain.Tip());
2995  // Read block from disk.
2996  const auto time_1{SteadyClock::now()};
2997  std::shared_ptr<const CBlock> pthisBlock;
2998  if (!pblock) {
2999  std::shared_ptr<CBlock> pblockNew = std::make_shared<CBlock>();
3000  if (!m_blockman.ReadBlockFromDisk(*pblockNew, *pindexNew)) {
3001  return FatalError(m_chainman.GetNotifications(), state, "Failed to read block");
3002  }
3003  pthisBlock = pblockNew;
3004  } else {
3005  LogPrint(BCLog::BENCH, " - Using cached block\n");
3006  pthisBlock = pblock;
3007  }
3008  const CBlock& blockConnecting = *pthisBlock;
3009  // Apply the block atomically to the chain state.
3010  const auto time_2{SteadyClock::now()};
3011  SteadyClock::time_point time_3;
3012  // When adding aggregate statistics in the future, keep in mind that
3013  // num_blocks_total may be zero until the ConnectBlock() call below.
3014  LogPrint(BCLog::BENCH, " - Load block from disk: %.2fms\n",
3015  Ticks<MillisecondsDouble>(time_2 - time_1));
3016  {
3017  CCoinsViewCache view(&CoinsTip());
3018  bool rv = ConnectBlock(blockConnecting, state, pindexNew, view);
3020  m_chainman.m_options.signals->BlockChecked(blockConnecting, state);
3021  }
3022  if (!rv) {
3023  if (state.IsInvalid())
3024  InvalidBlockFound(pindexNew, state);
3025  LogError("%s: ConnectBlock %s failed, %s\n", __func__, pindexNew->GetBlockHash().ToString(), state.ToString());
3026  return false;
3027  }
3028  time_3 = SteadyClock::now();
3029  time_connect_total += time_3 - time_2;
3030  assert(num_blocks_total > 0);
3031  LogPrint(BCLog::BENCH, " - Connect total: %.2fms [%.2fs (%.2fms/blk)]\n",
3032  Ticks<MillisecondsDouble>(time_3 - time_2),
3033  Ticks<SecondsDouble>(time_connect_total),
3034  Ticks<MillisecondsDouble>(time_connect_total) / num_blocks_total);
3035  bool flushed = view.Flush();
3036  assert(flushed);
3037  }
3038  const auto time_4{SteadyClock::now()};
3039  time_flush += time_4 - time_3;
3040  LogPrint(BCLog::BENCH, " - Flush: %.2fms [%.2fs (%.2fms/blk)]\n",
3041  Ticks<MillisecondsDouble>(time_4 - time_3),
3042  Ticks<SecondsDouble>(time_flush),
3043  Ticks<MillisecondsDouble>(time_flush) / num_blocks_total);
3044  // Write the chain state to disk, if necessary.
3045  if (!FlushStateToDisk(state, FlushStateMode::IF_NEEDED)) {
3046  return false;
3047  }
3048  const auto time_5{SteadyClock::now()};
3049  time_chainstate += time_5 - time_4;
3050  LogPrint(BCLog::BENCH, " - Writing chainstate: %.2fms [%.2fs (%.2fms/blk)]\n",
3051  Ticks<MillisecondsDouble>(time_5 - time_4),
3052  Ticks<SecondsDouble>(time_chainstate),
3053  Ticks<MillisecondsDouble>(time_chainstate) / num_blocks_total);
3054  // Remove conflicting transactions from the mempool.;
3055  if (m_mempool) {
3056  m_mempool->removeForBlock(blockConnecting.vtx, pindexNew->nHeight);
3057  disconnectpool.removeForBlock(blockConnecting.vtx);
3058  }
3059  // Update m_chain & related variables.
3060  m_chain.SetTip(*pindexNew);
3061  UpdateTip(pindexNew);
3062 
3063  const auto time_6{SteadyClock::now()};
3064  time_post_connect += time_6 - time_5;
3065  time_total += time_6 - time_1;
3066  LogPrint(BCLog::BENCH, " - Connect postprocess: %.2fms [%.2fs (%.2fms/blk)]\n",
3067  Ticks<MillisecondsDouble>(time_6 - time_5),
3068  Ticks<SecondsDouble>(time_post_connect),
3069  Ticks<MillisecondsDouble>(time_post_connect) / num_blocks_total);
3070  LogPrint(BCLog::BENCH, "- Connect block: %.2fms [%.2fs (%.2fms/blk)]\n",
3071  Ticks<MillisecondsDouble>(time_6 - time_1),
3072  Ticks<SecondsDouble>(time_total),
3073  Ticks<MillisecondsDouble>(time_total) / num_blocks_total);
3074 
3075  // If we are the background validation chainstate, check to see if we are done
3076  // validating the snapshot (i.e. our tip has reached the snapshot's base block).
3077  if (this != &m_chainman.ActiveChainstate()) {
3078  // This call may set `m_disabled`, which is referenced immediately afterwards in
3079  // ActivateBestChain, so that we stop connecting blocks past the snapshot base.
3080  m_chainman.MaybeCompleteSnapshotValidation();
3081  }
3082 
3083  connectTrace.BlockConnected(pindexNew, std::move(pthisBlock));
3084  return true;
3085 }
3086 
3092 {
3094  do {
3095  CBlockIndex *pindexNew = nullptr;
3096 
3097  // Find the best candidate header.
3098  {
3099  std::set<CBlockIndex*, CBlockIndexWorkComparator>::reverse_iterator it = setBlockIndexCandidates.rbegin();
3100  if (it == setBlockIndexCandidates.rend())
3101  return nullptr;
3102  pindexNew = *it;
3103  }
3104 
3105  // Check whether all blocks on the path between the currently active chain and the candidate are valid.
3106  // Just going until the active chain is an optimization, as we know all blocks in it are valid already.
3107  CBlockIndex *pindexTest = pindexNew;
3108  bool fInvalidAncestor = false;
3109  while (pindexTest && !m_chain.Contains(pindexTest)) {
3110  assert(pindexTest->HaveNumChainTxs() || pindexTest->nHeight == 0);
3111 
3112  // Pruned nodes may have entries in setBlockIndexCandidates for
3113  // which block files have been deleted. Remove those as candidates
3114  // for the most work chain if we come across them; we can't switch
3115  // to a chain unless we have all the non-active-chain parent blocks.
3116  bool fFailedChain = pindexTest->nStatus & BLOCK_FAILED_MASK;
3117  bool fMissingData = !(pindexTest->nStatus & BLOCK_HAVE_DATA);
3118  if (fFailedChain || fMissingData) {
3119  // Candidate chain is not usable (either invalid or missing data)
3120  if (fFailedChain && (m_chainman.m_best_invalid == nullptr || pindexNew->nChainWork > m_chainman.m_best_invalid->nChainWork)) {
3121  m_chainman.m_best_invalid = pindexNew;
3122  }
3123  CBlockIndex *pindexFailed = pindexNew;
3124  // Remove the entire chain from the set.
3125  while (pindexTest != pindexFailed) {
3126  if (fFailedChain) {
3127  pindexFailed->nStatus |= BLOCK_FAILED_CHILD;
3128  m_blockman.m_dirty_blockindex.insert(pindexFailed);
3129  } else if (fMissingData) {
3130  // If we're missing data, then add back to m_blocks_unlinked,
3131  // so that if the block arrives in the future we can try adding
3132  // to setBlockIndexCandidates again.
3134  std::make_pair(pindexFailed->pprev, pindexFailed));
3135  }
3136  setBlockIndexCandidates.erase(pindexFailed);
3137  pindexFailed = pindexFailed->pprev;
3138  }
3139  setBlockIndexCandidates.erase(pindexTest);
3140  fInvalidAncestor = true;
3141  break;
3142  }
3143  pindexTest = pindexTest->pprev;
3144  }
3145  if (!fInvalidAncestor)
3146  return pindexNew;
3147  } while(true);
3148 }
3149 
3152  // Note that we can't delete the current block itself, as we may need to return to it later in case a
3153  // reorganization to a better block fails.
3154  std::set<CBlockIndex*, CBlockIndexWorkComparator>::iterator it = setBlockIndexCandidates.begin();
3155  while (it != setBlockIndexCandidates.end() && setBlockIndexCandidates.value_comp()(*it, m_chain.Tip())) {
3156  setBlockIndexCandidates.erase(it++);
3157  }
3158  // Either the current tip or a successor of it we're working towards is left in setBlockIndexCandidates.
3159  assert(!setBlockIndexCandidates.empty());
3160 }
3161 
3168 bool Chainstate::ActivateBestChainStep(BlockValidationState& state, CBlockIndex* pindexMostWork, const std::shared_ptr<const CBlock>& pblock, bool& fInvalidFound, ConnectTrace& connectTrace)
3169 {
3172 
3173  const CBlockIndex* pindexOldTip = m_chain.Tip();
3174  const CBlockIndex* pindexFork = m_chain.FindFork(pindexMostWork);
3175 
3176  // Disconnect active blocks which are no longer in the best chain.
3177  bool fBlocksDisconnected = false;
3179  while (m_chain.Tip() && m_chain.Tip() != pindexFork) {
3180  if (!DisconnectTip(state, &disconnectpool)) {
3181  // This is likely a fatal error, but keep the mempool consistent,
3182  // just in case. Only remove from the mempool in this case.
3183  MaybeUpdateMempoolForReorg(disconnectpool, false);
3184 
3185  // If we're unable to disconnect a block during normal operation,
3186  // then that is a failure of our local system -- we should abort
3187  // rather than stay on a less work chain.
3188  FatalError(m_chainman.GetNotifications(), state, "Failed to disconnect block; see debug.log for details");
3189  return false;
3190  }
3191  fBlocksDisconnected = true;
3192  }
3193 
3194  // Build list of new blocks to connect (in descending height order).
3195  std::vector<CBlockIndex*> vpindexToConnect;
3196  bool fContinue = true;
3197  int nHeight = pindexFork ? pindexFork->nHeight : -1;
3198  while (fContinue && nHeight != pindexMostWork->nHeight) {
3199  // Don't iterate the entire list of potential improvements toward the best tip, as we likely only need
3200  // a few blocks along the way.
3201  int nTargetHeight = std::min(nHeight + 32, pindexMostWork->nHeight);
3202  vpindexToConnect.clear();
3203  vpindexToConnect.reserve(nTargetHeight - nHeight);
3204  CBlockIndex* pindexIter = pindexMostWork->GetAncestor(nTargetHeight);
3205  while (pindexIter && pindexIter->nHeight != nHeight) {
3206  vpindexToConnect.push_back(pindexIter);
3207  pindexIter = pindexIter->pprev;
3208  }
3209  nHeight = nTargetHeight;
3210 
3211  // Connect new blocks.
3212  for (CBlockIndex* pindexConnect : reverse_iterate(vpindexToConnect)) {
3213  if (!ConnectTip(state, pindexConnect, pindexConnect == pindexMostWork ? pblock : std::shared_ptr<const CBlock>(), connectTrace, disconnectpool)) {
3214  if (state.IsInvalid()) {
3215  // The block violates a consensus rule.
3217  InvalidChainFound(vpindexToConnect.front());
3218  }
3219  state = BlockValidationState();
3220  fInvalidFound = true;
3221  fContinue = false;
3222  break;
3223  } else {
3224  // A system error occurred (disk space, database error, ...).
3225  // Make the mempool consistent with the current tip, just in case
3226  // any observers try to use it before shutdown.
3227  MaybeUpdateMempoolForReorg(disconnectpool, false);
3228  return false;
3229  }
3230  } else {
3232  if (!pindexOldTip || m_chain.Tip()->nChainWork > pindexOldTip->nChainWork) {
3233  // We're in a better position than we were. Return temporarily to release the lock.
3234  fContinue = false;
3235  break;
3236  }
3237  }
3238  }
3239  }
3240 
3241  if (fBlocksDisconnected) {
3242  // If any blocks were disconnected, disconnectpool may be non empty. Add
3243  // any disconnected transactions back to the mempool.
3244  MaybeUpdateMempoolForReorg(disconnectpool, true);
3245  }
3246  if (m_mempool) m_mempool->check(this->CoinsTip(), this->m_chain.Height() + 1);
3247 
3249 
3250  return true;
3251 }
3252 
3254 {
3258 }
3259 
3261 {
3262  bool fNotify = false;
3263  bool fInitialBlockDownload = false;
3264  static CBlockIndex* pindexHeaderOld = nullptr;
3265  CBlockIndex* pindexHeader = nullptr;
3266  {
3267  LOCK(cs_main);
3268  pindexHeader = chainman.m_best_header;
3269 
3270  if (pindexHeader != pindexHeaderOld) {
3271  fNotify = true;
3272  fInitialBlockDownload = chainman.IsInitialBlockDownload();
3273  pindexHeaderOld = pindexHeader;
3274  }
3275  }
3276  // Send block tip changed notifications without cs_main
3277  if (fNotify) {
3278  chainman.GetNotifications().headerTip(GetSynchronizationState(fInitialBlockDownload), pindexHeader->nHeight, pindexHeader->nTime, false);
3279  }
3280  return fNotify;
3281 }
3282 
3285 
3286  if (signals.CallbacksPending() > 10) {
3287  signals.SyncWithValidationInterfaceQueue();
3288  }
3289 }
3290 
3291 bool Chainstate::ActivateBestChain(BlockValidationState& state, std::shared_ptr<const CBlock> pblock)
3292 {
3294 
3295  // Note that while we're often called here from ProcessNewBlock, this is
3296  // far from a guarantee. Things in the P2P/RPC will often end up calling
3297  // us in the middle of ProcessNewBlock - do not assume pblock is set
3298  // sanely for performance or correctness!
3300 
3301  // ABC maintains a fair degree of expensive-to-calculate internal state
3302  // because this function periodically releases cs_main so that it does not lock up other threads for too long
3303  // during large connects - and to allow for e.g. the callback queue to drain
3304  // we use m_chainstate_mutex to enforce mutual exclusion so that only one caller may execute this function at a time
3306 
3307  // Belt-and-suspenders check that we aren't attempting to advance the background
3308  // chainstate past the snapshot base block.
3309  if (WITH_LOCK(::cs_main, return m_disabled)) {
3310  LogPrintf("m_disabled is set - this chainstate should not be in operation. "
3311  "Please report this as a bug. %s\n", PACKAGE_BUGREPORT);
3312  return false;
3313  }
3314 
3315  CBlockIndex *pindexMostWork = nullptr;
3316  CBlockIndex *pindexNewTip = nullptr;
3317  bool exited_ibd{false};
3318  do {
3319  // Block until the validation queue drains. This should largely
3320  // never happen in normal operation, however may happen during
3321  // reindex, causing memory blowup if we run too far ahead.
3322  // Note that if a validationinterface callback ends up calling
3323  // ActivateBestChain this may lead to a deadlock! We should
3324  // probably have a DEBUG_LOCKORDER test for this in the future.
3326 
3327  {
3328  LOCK(cs_main);
3329  // Lock transaction pool for at least as long as it takes for connectTrace to be consumed
3330  LOCK(MempoolMutex());
3331  const bool was_in_ibd = m_chainman.IsInitialBlockDownload();
3332  CBlockIndex* starting_tip = m_chain.Tip();
3333  bool blocks_connected = false;
3334  do {
3335  // We absolutely may not unlock cs_main until we've made forward progress
3336  // (with the exception of shutdown due to hardware issues, low disk space, etc).
3337  ConnectTrace connectTrace; // Destructed before cs_main is unlocked
3338 
3339  if (pindexMostWork == nullptr) {
3340  pindexMostWork = FindMostWorkChain();
3341  }
3342 
3343  // Whether we have anything to do at all.
3344  if (pindexMostWork == nullptr || pindexMostWork == m_chain.Tip()) {
3345  break;
3346  }
3347 
3348  bool fInvalidFound = false;
3349  std::shared_ptr<const CBlock> nullBlockPtr;
3350  if (!ActivateBestChainStep(state, pindexMostWork, pblock && pblock->GetHash() == pindexMostWork->GetBlockHash() ? pblock : nullBlockPtr, fInvalidFound, connectTrace)) {
3351  // A system error occurred
3352  return false;
3353  }
3354  blocks_connected = true;
3355 
3356  if (fInvalidFound) {
3357  // Wipe cache, we may need another branch now.
3358  pindexMostWork = nullptr;
3359  }
3360  pindexNewTip = m_chain.Tip();
3361 
3362  for (const PerBlockConnectTrace& trace : connectTrace.GetBlocksConnected()) {
3363  assert(trace.pblock && trace.pindex);
3365  m_chainman.m_options.signals->BlockConnected(this->GetRole(), trace.pblock, trace.pindex);
3366  }
3367  }
3368 
3369  // This will have been toggled in
3370  // ActivateBestChainStep -> ConnectTip -> MaybeCompleteSnapshotValidation,
3371  // if at all, so we should catch it here.
3372  //
3373  // Break this do-while to ensure we don't advance past the base snapshot.
3374  if (m_disabled) {
3375  break;
3376  }
3377  } while (!m_chain.Tip() || (starting_tip && CBlockIndexWorkComparator()(m_chain.Tip(), starting_tip)));
3378  if (!blocks_connected) return true;
3379 
3380  const CBlockIndex* pindexFork = m_chain.FindFork(starting_tip);
3381  bool still_in_ibd = m_chainman.IsInitialBlockDownload();
3382 
3383  if (was_in_ibd && !still_in_ibd) {
3384  // Active chainstate has exited IBD.
3385  exited_ibd = true;
3386  }
3387 
3388  // Notify external listeners about the new tip.
3389  // Enqueue while holding cs_main to ensure that UpdatedBlockTip is called in the order in which blocks are connected
3390  if (this == &m_chainman.ActiveChainstate() && pindexFork != pindexNewTip) {
3391  // Notify ValidationInterface subscribers
3393  m_chainman.m_options.signals->UpdatedBlockTip(pindexNewTip, pindexFork, still_in_ibd);
3394  }
3395 
3396  // Always notify the UI if a new block tip was connected
3397  if (kernel::IsInterrupted(m_chainman.GetNotifications().blockTip(GetSynchronizationState(still_in_ibd), *pindexNewTip))) {
3398  // Just breaking and returning success for now. This could
3399  // be changed to bubble up the kernel::Interrupted value to
3400  // the caller so the caller could distinguish between
3401  // completed and interrupted operations.
3402  break;
3403  }
3404  }
3405  }
3406  // When we reach this point, we switched to a new tip (stored in pindexNewTip).
3407 
3408  if (exited_ibd) {
3409  // If a background chainstate is in use, we may need to rebalance our
3410  // allocation of caches once a chainstate exits initial block download.
3411  LOCK(::cs_main);
3412  m_chainman.MaybeRebalanceCaches();
3413  }
3414 
3415  if (WITH_LOCK(::cs_main, return m_disabled)) {
3416  // Background chainstate has reached the snapshot base block, so exit.
3417 
3418  // Restart indexes to resume indexing for all blocks unique to the snapshot
3419  // chain. This resumes indexing "in order" from where the indexing on the
3420  // background validation chain left off.
3421  //
3422  // This cannot be done while holding cs_main (within
3423  // MaybeCompleteSnapshotValidation) or a cs_main deadlock will occur.
3426  }
3427  break;
3428  }
3429 
3430  // We check interrupt only after giving ActivateBestChainStep a chance to run once so that we
3431  // never interrupt before connecting the genesis block during LoadChainTip(). Previously this
3432  // caused an assert() failure during interrupt in such cases as the UTXO DB flushing checks
3433  // that the best block hash is non-null.
3434  if (m_chainman.m_interrupt) break;
3435  } while (pindexNewTip != pindexMostWork);
3436 
3438 
3439  // Write changes periodically to disk, after relay.
3440  if (!FlushStateToDisk(state, FlushStateMode::PERIODIC)) {
3441  return false;
3442  }
3443 
3444  return true;
3445 }
3446 
3447 bool Chainstate::PreciousBlock(BlockValidationState& state, CBlockIndex* pindex)
3448 {
3451  {
3452  LOCK(cs_main);
3453  if (pindex->nChainWork < m_chain.Tip()->nChainWork) {
3454  // Nothing to do, this block is not at the tip.
3455  return true;
3456  }
3458  // The chain has been extended since the last call, reset the counter.
3460  }
3462  setBlockIndexCandidates.erase(pindex);
3464  if (m_chainman.nBlockReverseSequenceId > std::numeric_limits<int32_t>::min()) {
3465  // We can't keep reducing the counter if somebody really wants to
3466  // call preciousblock 2**31-1 times on the same set of tips...
3468  }
3469  if (pindex->IsValid(BLOCK_VALID_TRANSACTIONS) && pindex->HaveNumChainTxs()) {
3470  setBlockIndexCandidates.insert(pindex);
3472  }
3473  }
3474 
3475  return ActivateBestChain(state, std::shared_ptr<const CBlock>());
3476 }
3477 
3478 bool Chainstate::InvalidateBlock(BlockValidationState& state, CBlockIndex* pindex)
3479 {
3482 
3483  // Genesis block can't be invalidated
3484  assert(pindex);
3485  if (pindex->nHeight == 0) return false;
3486 
3487  CBlockIndex* to_mark_failed = pindex;
3488  bool pindex_was_in_chain = false;
3489  int disconnected = 0;
3490 
3491  // We do not allow ActivateBestChain() to run while InvalidateBlock() is
3492  // running, as that could cause the tip to change while we disconnect
3493  // blocks.
3495 
3496  // We'll be acquiring and releasing cs_main below, to allow the validation
3497  // callbacks to run. However, we should keep the block index in a
3498  // consistent state as we disconnect blocks -- in particular we need to
3499  // add equal-work blocks to setBlockIndexCandidates as we disconnect.
3500  // To avoid walking the block index repeatedly in search of candidates,
3501  // build a map once so that we can look up candidate blocks by chain
3502  // work as we go.
3503  std::multimap<const arith_uint256, CBlockIndex *> candidate_blocks_by_work;
3504 
3505  {
3506  LOCK(cs_main);
3507  for (auto& entry : m_blockman.m_block_index) {
3508  CBlockIndex* candidate = &entry.second;
3509  // We don't need to put anything in our active chain into the
3510  // multimap, because those candidates will be found and considered
3511  // as we disconnect.
3512  // Instead, consider only non-active-chain blocks that have at
3513  // least as much work as where we expect the new tip to end up.
3514  if (!m_chain.Contains(candidate) &&
3515  !CBlockIndexWorkComparator()(candidate, pindex->pprev) &&
3516  candidate->IsValid(BLOCK_VALID_TRANSACTIONS) &&
3517  candidate->HaveNumChainTxs()) {
3518  candidate_blocks_by_work.insert(std::make_pair(candidate->nChainWork, candidate));
3519  }
3520  }
3521  }
3522 
3523  // Disconnect (descendants of) pindex, and mark them invalid.
3524  while (true) {
3525  if (m_chainman.m_interrupt) break;
3526 
3527  // Make sure the queue of validation callbacks doesn't grow unboundedly.
3529 
3530  LOCK(cs_main);
3531  // Lock for as long as disconnectpool is in scope to make sure MaybeUpdateMempoolForReorg is
3532  // called after DisconnectTip without unlocking in between
3533  LOCK(MempoolMutex());
3534  if (!m_chain.Contains(pindex)) break;
3535  pindex_was_in_chain = true;
3536  CBlockIndex *invalid_walk_tip = m_chain.Tip();
3537 
3538  // ActivateBestChain considers blocks already in m_chain
3539  // unconditionally valid already, so force disconnect away from it.
3541  bool ret = DisconnectTip(state, &disconnectpool);
3542  // DisconnectTip will add transactions to disconnectpool.
3543  // Adjust the mempool to be consistent with the new tip, adding
3544  // transactions back to the mempool if disconnecting was successful,
3545  // and we're not doing a very deep invalidation (in which case
3546  // keeping the mempool up to date is probably futile anyway).
3547  MaybeUpdateMempoolForReorg(disconnectpool, /* fAddToMempool = */ (++disconnected <= 10) && ret);
3548  if (!ret) return false;
3549  assert(invalid_walk_tip->pprev == m_chain.Tip());
3550 
3551  // We immediately mark the disconnected blocks as invalid.
3552  // This prevents a case where pruned nodes may fail to invalidateblock
3553  // and be left unable to start as they have no tip candidates (as there
3554  // are no blocks that meet the "have data and are not invalid per
3555  // nStatus" criteria for inclusion in setBlockIndexCandidates).
3556  invalid_walk_tip->nStatus |= BLOCK_FAILED_VALID;
3557  m_blockman.m_dirty_blockindex.insert(invalid_walk_tip);
3558  setBlockIndexCandidates.erase(invalid_walk_tip);
3559  setBlockIndexCandidates.insert(invalid_walk_tip->pprev);
3560  if (invalid_walk_tip->pprev == to_mark_failed && (to_mark_failed->nStatus & BLOCK_FAILED_VALID)) {
3561  // We only want to mark the last disconnected block as BLOCK_FAILED_VALID; its children
3562  // need to be BLOCK_FAILED_CHILD instead.
3563  to_mark_failed->nStatus = (to_mark_failed->nStatus ^ BLOCK_FAILED_VALID) | BLOCK_FAILED_CHILD;
3564  m_blockman.m_dirty_blockindex.insert(to_mark_failed);
3565  }
3566 
3567  // Add any equal or more work headers to setBlockIndexCandidates
3568  auto candidate_it = candidate_blocks_by_work.lower_bound(invalid_walk_tip->pprev->nChainWork);
3569  while (candidate_it != candidate_blocks_by_work.end()) {
3570  if (!CBlockIndexWorkComparator()(candidate_it->second, invalid_walk_tip->pprev)) {
3571  setBlockIndexCandidates.insert(candidate_it->second);
3572  candidate_it = candidate_blocks_by_work.erase(candidate_it);
3573  } else {
3574  ++candidate_it;
3575  }
3576  }
3577 
3578  // Track the last disconnected block, so we can correct its BLOCK_FAILED_CHILD status in future
3579  // iterations, or, if it's the last one, call InvalidChainFound on it.
3580  to_mark_failed = invalid_walk_tip;
3581  }
3582 
3584 
3585  {
3586  LOCK(cs_main);
3587  if (m_chain.Contains(to_mark_failed)) {
3588  // If the to-be-marked invalid block is in the active chain, something is interfering and we can't proceed.
3589  return false;
3590  }
3591 
3592  // Mark pindex (or the last disconnected block) as invalid, even when it never was in the main chain
3593  to_mark_failed->nStatus |= BLOCK_FAILED_VALID;
3594  m_blockman.m_dirty_blockindex.insert(to_mark_failed);
3595  setBlockIndexCandidates.erase(to_mark_failed);
3596  m_chainman.m_failed_blocks.insert(to_mark_failed);
3597 
3598  // If any new blocks somehow arrived while we were disconnecting
3599  // (above), then the pre-calculation of what should go into
3600  // setBlockIndexCandidates may have missed entries. This would
3601  // technically be an inconsistency in the block index, but if we clean
3602  // it up here, this should be an essentially unobservable error.
3603  // Loop back over all block index entries and add any missing entries
3604  // to setBlockIndexCandidates.
3605  for (auto& [_, block_index] : m_blockman.m_block_index) {
3606  if (block_index.IsValid(BLOCK_VALID_TRANSACTIONS) && block_index.HaveNumChainTxs() && !setBlockIndexCandidates.value_comp()(&block_index, m_chain.Tip())) {
3607  setBlockIndexCandidates.insert(&block_index);
3608  }
3609  }
3610 
3611  InvalidChainFound(to_mark_failed);
3612  }
3613 
3614  // Only notify about a new block tip if the active chain was modified.
3615  if (pindex_was_in_chain) {
3616  // Ignoring return value for now, this could be changed to bubble up
3617  // kernel::Interrupted value to the caller so the caller could
3618  // distinguish between completed and interrupted operations. It might
3619  // also make sense for the blockTip notification to have an enum
3620  // parameter indicating the source of the tip change so hooks can
3621  // distinguish user-initiated invalidateblock changes from other
3622  // changes.
3624  }
3625  return true;
3626 }
3627 
3630 
3631  int nHeight = pindex->nHeight;
3632 
3633  // Remove the invalidity flag from this block and all its descendants.
3634  for (auto& [_, block_index] : m_blockman.m_block_index) {
3635  if (!block_index.IsValid() && block_index.GetAncestor(nHeight) == pindex) {
3636  block_index.nStatus &= ~BLOCK_FAILED_MASK;
3637  m_blockman.m_dirty_blockindex.insert(&block_index);
3638  if (block_index.IsValid(BLOCK_VALID_TRANSACTIONS) && block_index.HaveNumChainTxs() && setBlockIndexCandidates.value_comp()(m_chain.Tip(), &block_index)) {
3639  setBlockIndexCandidates.insert(&block_index);
3640  }
3641  if (&block_index == m_chainman.m_best_invalid) {
3642  // Reset invalid block marker if it was pointing to one of those.
3643  m_chainman.m_best_invalid = nullptr;
3644  }
3645  m_chainman.m_failed_blocks.erase(&block_index);
3646  }
3647  }
3648 
3649  // Remove the invalidity flag from all ancestors too.
3650  while (pindex != nullptr) {
3651  if (pindex->nStatus & BLOCK_FAILED_MASK) {
3652  pindex->nStatus &= ~BLOCK_FAILED_MASK;
3653  m_blockman.m_dirty_blockindex.insert(pindex);
3654  m_chainman.m_failed_blocks.erase(pindex);
3655  }
3656  pindex = pindex->pprev;
3657  }
3658 }
3659 
3661 {
3663  // The block only is a candidate for the most-work-chain if it has the same
3664  // or more work than our current tip.
3665  if (m_chain.Tip() != nullptr && setBlockIndexCandidates.value_comp()(pindex, m_chain.Tip())) {
3666  return;
3667  }
3668 
3669  bool is_active_chainstate = this == &m_chainman.ActiveChainstate();
3670  if (is_active_chainstate) {
3671  // The active chainstate should always add entries that have more
3672  // work than the tip.
3673  setBlockIndexCandidates.insert(pindex);
3674  } else if (!m_disabled) {
3675  // For the background chainstate, we only consider connecting blocks
3676  // towards the snapshot base (which can't be nullptr or else we'll
3677  // never make progress).
3678  const CBlockIndex* snapshot_base{Assert(m_chainman.GetSnapshotBaseBlock())};
3679  if (snapshot_base->GetAncestor(pindex->nHeight) == pindex) {
3680  setBlockIndexCandidates.insert(pindex);
3681  }
3682  }
3683 }
3684 
3687 {
3689  pindexNew->nTx = block.vtx.size();
3690  pindexNew->nChainTx = 0;
3691  pindexNew->nFile = pos.nFile;
3692  pindexNew->nDataPos = pos.nPos;
3693  pindexNew->nUndoPos = 0;
3694  pindexNew->nStatus |= BLOCK_HAVE_DATA;
3695  if (DeploymentActiveAt(*pindexNew, *this, Consensus::DEPLOYMENT_SEGWIT)) {
3696  pindexNew->nStatus |= BLOCK_OPT_WITNESS;
3697  }
3699  m_blockman.m_dirty_blockindex.insert(pindexNew);
3700 
3701  if (pindexNew->pprev == nullptr || pindexNew->pprev->HaveNumChainTxs()) {
3702  // If pindexNew is the genesis block or all parents are BLOCK_VALID_TRANSACTIONS.
3703  std::deque<CBlockIndex*> queue;
3704  queue.push_back(pindexNew);
3705 
3706  // Recursively process any descendant blocks that now may be eligible to be connected.
3707  while (!queue.empty()) {
3708  CBlockIndex *pindex = queue.front();
3709  queue.pop_front();
3710  pindex->nChainTx = (pindex->pprev ? pindex->pprev->nChainTx : 0) + pindex->nTx;
3711  pindex->nSequenceId = nBlockSequenceId++;
3712  for (Chainstate *c : GetAll()) {
3713  c->TryAddBlockIndexCandidate(pindex);
3714  }
3715  std::pair<std::multimap<CBlockIndex*, CBlockIndex*>::iterator, std::multimap<CBlockIndex*, CBlockIndex*>::iterator> range = m_blockman.m_blocks_unlinked.equal_range(pindex);
3716  while (range.first != range.second) {
3717  std::multimap<CBlockIndex*, CBlockIndex*>::iterator it = range.first;
3718  queue.push_back(it->second);
3719  range.first++;
3720  m_blockman.m_blocks_unlinked.erase(it);
3721  }
3722  }
3723  } else {
3724  if (pindexNew->pprev && pindexNew->pprev->IsValid(BLOCK_VALID_TREE)) {
3725  m_blockman.m_blocks_unlinked.insert(std::make_pair(pindexNew->pprev, pindexNew));
3726  }
3727  }
3728 }
3729 
3730 static bool CheckBlockHeader(const CBlockHeader& block, BlockValidationState& state, const Consensus::Params& consensusParams, bool fCheckPOW = true)
3731 {
3732  // Check proof of work matches claimed amount
3733  if (fCheckPOW && !CheckProofOfWork(block.GetHash(), block.nBits, consensusParams))
3734  return state.Invalid(BlockValidationResult::BLOCK_INVALID_HEADER, "high-hash", "proof of work failed");
3735 
3736  return true;
3737 }
3738 
3739 static bool CheckMerkleRoot(const CBlock& block, BlockValidationState& state)
3740 {
3741  if (block.m_checked_merkle_root) return true;
3742 
3743  bool mutated;
3744  uint256 merkle_root = BlockMerkleRoot(block, &mutated);
3745  if (block.hashMerkleRoot != merkle_root) {
3746  return state.Invalid(
3748  /*reject_reason=*/"bad-txnmrklroot",
3749  /*debug_message=*/"hashMerkleRoot mismatch");
3750  }
3751 
3752  // Check for merkle tree malleability (CVE-2012-2459): repeating sequences
3753  // of transactions in a block without affecting the merkle root of a block,
3754  // while still invalidating it.
3755  if (mutated) {
3756  return state.Invalid(
3758  /*reject_reason=*/"bad-txns-duplicate",
3759  /*debug_message=*/"duplicate transaction");
3760  }
3761 
3762  block.m_checked_merkle_root = true;
3763  return true;
3764 }
3765 
3772 static bool CheckWitnessMalleation(const CBlock& block, bool expect_witness_commitment, BlockValidationState& state)
3773 {
3774  if (expect_witness_commitment) {
3775  if (block.m_checked_witness_commitment) return true;
3776 
3777  int commitpos = GetWitnessCommitmentIndex(block);
3778  if (commitpos != NO_WITNESS_COMMITMENT) {
3779  assert(!block.vtx.empty() && !block.vtx[0]->vin.empty());
3780  const auto& witness_stack{block.vtx[0]->vin[0].scriptWitness.stack};
3781 
3782  if (witness_stack.size() != 1 || witness_stack[0].size() != 32) {
3783  return state.Invalid(
3785  /*reject_reason=*/"bad-witness-nonce-size",
3786  /*debug_message=*/strprintf("%s : invalid witness reserved value size", __func__));
3787  }
3788 
3789  // The malleation check is ignored; as the transaction tree itself
3790  // already does not permit it, it is impossible to trigger in the
3791  // witness tree.
3792  uint256 hash_witness = BlockWitnessMerkleRoot(block, /*mutated=*/nullptr);
3793 
3794  CHash256().Write(hash_witness).Write(witness_stack[0]).Finalize(hash_witness);
3795  if (memcmp(hash_witness.begin(), &block.vtx[0]->vout[commitpos].scriptPubKey[6], 32)) {
3796  return state.Invalid(
3798  /*reject_reason=*/"bad-witness-merkle-match",
3799  /*debug_message=*/strprintf("%s : witness merkle commitment mismatch", __func__));
3800  }
3801 
3802  block.m_checked_witness_commitment = true;
3803  return true;
3804  }
3805  }
3806 
3807  // No witness data is allowed in blocks that don't commit to witness data, as this would otherwise leave room for spam
3808  for (const auto& tx : block.vtx) {
3809  if (tx->HasWitness()) {
3810  return state.Invalid(
3812  /*reject_reason=*/"unexpected-witness",
3813  /*debug_message=*/strprintf("%s : unexpected witness data found", __func__));
3814  }
3815  }
3816 
3817  return true;
3818 }
3819 
3820 bool CheckBlock(const CBlock& block, BlockValidationState& state, const Consensus::Params& consensusParams, bool fCheckPOW, bool fCheckMerkleRoot)
3821 {
3822  // These are checks that are independent of context.
3823 
3824  if (block.fChecked)
3825  return true;
3826 
3827  // Check that the header is valid (particularly PoW). This is mostly
3828  // redundant with the call in AcceptBlockHeader.
3829  if (!CheckBlockHeader(block, state, consensusParams, fCheckPOW))
3830  return false;
3831 
3832  // Signet only: check block solution
3833  if (consensusParams.signet_blocks && fCheckPOW && !CheckSignetBlockSolution(block, consensusParams)) {
3834  return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-signet-blksig", "signet block signature validation failure");
3835  }
3836 
3837  // Check the merkle root.
3838  if (fCheckMerkleRoot && !CheckMerkleRoot(block, state)) {
3839  return false;
3840  }
3841 
3842  // All potential-corruption validation must be done before we do any
3843  // transaction validation, as otherwise we may mark the header as invalid
3844  // because we receive the wrong transactions for it.
3845  // Note that witness malleability is checked in ContextualCheckBlock, so no
3846  // checks that use witness data may be performed here.
3847 
3848  // Size limits
3850  return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-blk-length", "size limits failed");
3851 
3852  // First transaction must be coinbase, the rest must not be
3853  if (block.vtx.empty() || !block.vtx[0]->IsCoinBase())
3854  return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-cb-missing", "first tx is not coinbase");
3855  for (unsigned int i = 1; i < block.vtx.size(); i++)
3856  if (block.vtx[i]->IsCoinBase())
3857  return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-cb-multiple", "more than one coinbase");
3858 
3859  // Check transactions
3860  // Must check for duplicate inputs (see CVE-2018-17144)
3861  for (const auto& tx : block.vtx) {
3862  TxValidationState tx_state;
3863  if (!CheckTransaction(*tx, tx_state)) {
3864  // CheckBlock() does context-free validation checks. The only
3865  // possible failures are consensus failures.
3868  strprintf("Transaction check failed (tx hash %s) %s", tx->GetHash().ToString(), tx_state.GetDebugMessage()));
3869  }
3870  }
3871  unsigned int nSigOps = 0;
3872  for (const auto& tx : block.vtx)
3873  {
3874  nSigOps += GetLegacySigOpCount(*tx);
3875  }
3877  return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-blk-sigops", "out-of-bounds SigOpCount");
3878 
3879  if (fCheckPOW && fCheckMerkleRoot)
3880  block.fChecked = true;
3881 
3882  return true;
3883 }
3884 
3885 void ChainstateManager::UpdateUncommittedBlockStructures(CBlock& block, const CBlockIndex* pindexPrev) const
3886 {
3887  int commitpos = GetWitnessCommitmentIndex(block);
3888  static const std::vector<unsigned char> nonce(32, 0x00);
3889  if (commitpos != NO_WITNESS_COMMITMENT && DeploymentActiveAfter(pindexPrev, *this, Consensus::DEPLOYMENT_SEGWIT) && !block.vtx[0]->HasWitness()) {
3890  CMutableTransaction tx(*block.vtx[0]);
3891  tx.vin[0].scriptWitness.stack.resize(1);
3892  tx.vin[0].scriptWitness.stack[0] = nonce;
3893  block.vtx[0] = MakeTransactionRef(std::move(tx));
3894  }
3895 }
3896 
3897 std::vector<unsigned char> ChainstateManager::GenerateCoinbaseCommitment(CBlock& block, const CBlockIndex* pindexPrev) const
3898 {
3899  std::vector<unsigned char> commitment;
3900  int commitpos = GetWitnessCommitmentIndex(block);
3901  std::vector<unsigned char> ret(32, 0x00);
3902  if (commitpos == NO_WITNESS_COMMITMENT) {
3903  uint256 witnessroot = BlockWitnessMerkleRoot(block, nullptr);
3904  CHash256().Write(witnessroot).Write(ret).Finalize(witnessroot);
3905  CTxOut out;
3906  out.nValue = 0;
3907  out.scriptPubKey.resize(MINIMUM_WITNESS_COMMITMENT);
3908  out.scriptPubKey[0] = OP_RETURN;
3909  out.scriptPubKey[1] = 0x24;
3910  out.scriptPubKey[2] = 0xaa;
3911  out.scriptPubKey[3] = 0x21;
3912  out.scriptPubKey[4] = 0xa9;
3913  out.scriptPubKey[5] = 0xed;
3914  memcpy(&out.scriptPubKey[6], witnessroot.begin(), 32);
3915  commitment = std::vector<unsigned char>(out.scriptPubKey.begin(), out.scriptPubKey.end());
3916  CMutableTransaction tx(*block.vtx[0]);
3917  tx.vout.push_back(out);
3918  block.vtx[0] = MakeTransactionRef(std::move(tx));
3919  }
3920  UpdateUncommittedBlockStructures(block, pindexPrev);
3921  return commitment;
3922 }
3923 
3924 bool HasValidProofOfWork(const std::vector<CBlockHeader>& headers, const Consensus::Params& consensusParams)
3925 {
3926  return std::all_of(headers.cbegin(), headers.cend(),
3927  [&](const auto& header) { return CheckProofOfWork(header.GetHash(), header.nBits, consensusParams);});
3928 }
3929 
3930 bool IsBlockMutated(const CBlock& block, bool check_witness_root)
3931 {
3932  BlockValidationState state;
3933  if (!CheckMerkleRoot(block, state)) {
3934  LogDebug(BCLog::VALIDATION, "Block mutated: %s\n", state.ToString());
3935  return true;
3936  }
3937 
3938  if (block.vtx.empty() || !block.vtx[0]->IsCoinBase()) {
3939  // Consider the block mutated if any transaction is 64 bytes in size (see 3.1
3940  // in "Weaknesses in Bitcoin’s Merkle Root Construction":
3941  // https://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20190225/a27d8837/attachment-0001.pdf).
3942  //
3943  // Note: This is not a consensus change as this only applies to blocks that
3944  // don't have a coinbase transaction and would therefore already be invalid.
3945  return std::any_of(block.vtx.begin(), block.vtx.end(),
3946  [](auto& tx) { return GetSerializeSize(TX_NO_WITNESS(tx)) == 64; });
3947  } else {
3948  // Theoretically it is still possible for a block with a 64 byte
3949  // coinbase transaction to be mutated but we neglect that possibility
3950  // here as it requires at least 224 bits of work.
3951  }
3952 
3953  if (!CheckWitnessMalleation(block, check_witness_root, state)) {
3954  LogDebug(BCLog::VALIDATION, "Block mutated: %s\n", state.ToString());
3955  return true;
3956  }
3957 
3958  return false;
3959 }
3960 
3961 arith_uint256 CalculateClaimedHeadersWork(const std::vector<CBlockHeader>& headers)
3962 {
3963  arith_uint256 total_work{0};
3964  for (const CBlockHeader& header : headers) {
3965  CBlockIndex dummy(header);
3966  total_work += GetBlockProof(dummy);
3967  }
3968  return total_work;
3969 }
3970 
3980 static bool ContextualCheckBlockHeader(const CBlockHeader& block, BlockValidationState& state, BlockManager& blockman, const ChainstateManager& chainman, const CBlockIndex* pindexPrev) EXCLUSIVE_LOCKS_REQUIRED(::cs_main)
3981 {
3983  assert(pindexPrev != nullptr);
3984  const int nHeight = pindexPrev->nHeight + 1;
3985 
3986  // Check proof of work
3987  const Consensus::Params& consensusParams = chainman.GetConsensus();
3988  if (block.nBits != GetNextWorkRequired(pindexPrev, &block, consensusParams))
3989  return state.Invalid(BlockValidationResult::BLOCK_INVALID_HEADER, "bad-diffbits", "incorrect proof of work");
3990 
3991  // Check against checkpoints
3992  if (chainman.m_options.checkpoints_enabled) {
3993  // Don't accept any forks from the main chain prior to last checkpoint.
3994  // GetLastCheckpoint finds the last checkpoint in MapCheckpoints that's in our
3995  // BlockIndex().
3996  const CBlockIndex* pcheckpoint = blockman.GetLastCheckpoint(chainman.GetParams().Checkpoints());
3997  if (pcheckpoint && nHeight < pcheckpoint->nHeight) {
3998  LogPrintf("ERROR: %s: forked chain older than last checkpoint (height %d)\n", __func__, nHeight);
3999  return state.Invalid(BlockValidationResult::BLOCK_CHECKPOINT, "bad-fork-prior-to-checkpoint");
4000  }
4001  }
4002 
4003  // Check timestamp against prev
4004  if (block.GetBlockTime() <= pindexPrev->GetMedianTimePast())
4005  return state.Invalid(BlockValidationResult::BLOCK_INVALID_HEADER, "time-too-old", "block's timestamp is too early");
4006 
4007  // Check timestamp
4008  if (block.Time() > NodeClock::now() + std::chrono::seconds{MAX_FUTURE_BLOCK_TIME}) {
4009  return state.Invalid(BlockValidationResult::BLOCK_TIME_FUTURE, "time-too-new", "block timestamp too far in the future");
4010  }
4011 
4012  // Reject blocks with outdated version
4013  if ((block.nVersion < 2 && DeploymentActiveAfter(pindexPrev, chainman, Consensus::DEPLOYMENT_HEIGHTINCB)) ||
4014  (block.nVersion < 3 && DeploymentActiveAfter(pindexPrev, chainman, Consensus::DEPLOYMENT_DERSIG)) ||
4015  (block.nVersion < 4 && DeploymentActiveAfter(pindexPrev, chainman, Consensus::DEPLOYMENT_CLTV))) {
4016  return state.Invalid(BlockValidationResult::BLOCK_INVALID_HEADER, strprintf("bad-version(0x%08x)", block.nVersion),
4017  strprintf("rejected nVersion=0x%08x block", block.nVersion));
4018  }
4019 
4020  return true;
4021 }
4022 
4029 static bool ContextualCheckBlock(const CBlock& block, BlockValidationState& state, const ChainstateManager& chainman, const CBlockIndex* pindexPrev)
4030 {
4031  const int nHeight = pindexPrev == nullptr ? 0 : pindexPrev->nHeight + 1;
4032 
4033  // Enforce BIP113 (Median Time Past).
4034  bool enforce_locktime_median_time_past{false};
4035  if (DeploymentActiveAfter(pindexPrev, chainman, Consensus::DEPLOYMENT_CSV)) {
4036  assert(pindexPrev != nullptr);
4037  enforce_locktime_median_time_past = true;
4038  }
4039 
4040  const int64_t nLockTimeCutoff{enforce_locktime_median_time_past ?
4041  pindexPrev->GetMedianTimePast() :
4042  block.GetBlockTime()};
4043 
4044  // Check that all transactions are finalized
4045  for (const auto& tx : block.vtx) {
4046  if (!IsFinalTx(*tx, nHeight, nLockTimeCutoff)) {
4047  return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-txns-nonfinal", "non-final transaction");
4048  }
4049  }
4050 
4051  // Enforce rule that the coinbase starts with serialized block height
4052  if (DeploymentActiveAfter(pindexPrev, chainman, Consensus::DEPLOYMENT_HEIGHTINCB))
4053  {
4054  CScript expect = CScript() << nHeight;
4055  if (block.vtx[0]->vin[0].scriptSig.size() < expect.size() ||
4056  !std::equal(expect.begin(), expect.end(), block.vtx[0]->vin[0].scriptSig.begin())) {
4057  return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-cb-height", "block height mismatch in coinbase");
4058  }
4059  }
4060 
4061  // Validation for witness commitments.
4062  // * We compute the witness hash (which is the hash including witnesses) of all the block's transactions, except the
4063  // coinbase (where 0x0000....0000 is used instead).
4064  // * The coinbase scriptWitness is a stack of a single 32-byte vector, containing a witness reserved value (unconstrained).
4065  // * We build a merkle tree with all those witness hashes as leaves (similar to the hashMerkleRoot in the block header).
4066  // * There must be at least one output whose scriptPubKey is a single 36-byte push, the first 4 bytes of which are
4067  // {0xaa, 0x21, 0xa9, 0xed}, and the following 32 bytes are SHA256^2(witness root, witness reserved value). In case there are
4068  // multiple, the last one is used.
4069  if (!CheckWitnessMalleation(block, DeploymentActiveAfter(pindexPrev, chainman, Consensus::DEPLOYMENT_SEGWIT), state)) {
4070  return false;
4071  }
4072 
4073  // After the coinbase witness reserved value and commitment are verified,
4074  // we can check if the block weight passes (before we've checked the
4075  // coinbase witness, it would be possible for the weight to be too
4076  // large by filling up the coinbase witness, which doesn't change
4077  // the block hash, so we couldn't mark the block as permanently
4078  // failed).
4079  if (GetBlockWeight(block) > MAX_BLOCK_WEIGHT) {
4080  return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-blk-weight", strprintf("%s : weight limit failed", __func__));
4081  }
4082 
4083  return true;
4084 }
4085 
4086 bool ChainstateManager::AcceptBlockHeader(const CBlockHeader& block, BlockValidationState& state, CBlockIndex** ppindex, bool min_pow_checked)
4087 {
4089 
4090  // Check for duplicate
4091  uint256 hash = block.GetHash();
4092  BlockMap::iterator miSelf{m_blockman.m_block_index.find(hash)};
4093  if (hash != GetConsensus().hashGenesisBlock) {
4094  if (miSelf != m_blockman.m_block_index.end()) {
4095  // Block header is already known.
4096  CBlockIndex* pindex = &(miSelf->second);
4097  if (ppindex)
4098  *ppindex = pindex;
4099  if (pindex->nStatus & BLOCK_FAILED_MASK) {
4100  LogPrint(BCLog::VALIDATION, "%s: block %s is marked invalid\n", __func__, hash.ToString());
4101  return state.Invalid(BlockValidationResult::BLOCK_CACHED_INVALID, "duplicate");
4102  }
4103  return true;
4104  }
4105 
4106  if (!CheckBlockHeader(block, state, GetConsensus())) {
4107  LogPrint(BCLog::VALIDATION, "%s: Consensus::CheckBlockHeader: %s, %s\n", __func__, hash.ToString(), state.ToString());
4108  return false;
4109  }
4110 
4111  // Get prev block index
4112  CBlockIndex* pindexPrev = nullptr;
4113  BlockMap::iterator mi{m_blockman.m_block_index.find(block.hashPrevBlock)};
4114  if (mi == m_blockman.m_block_index.end()) {
4115  LogPrint(BCLog::VALIDATION, "header %s has prev block not found: %s\n", hash.ToString(), block.hashPrevBlock.ToString());
4116  return state.Invalid(BlockValidationResult::BLOCK_MISSING_PREV, "prev-blk-not-found");
4117  }
4118  pindexPrev = &((*mi).second);
4119  if (pindexPrev->nStatus & BLOCK_FAILED_MASK) {
4120  LogPrint(BCLog::VALIDATION, "header %s has prev block invalid: %s\n", hash.ToString(), block.hashPrevBlock.ToString());
4121  return state.Invalid(BlockValidationResult::BLOCK_INVALID_PREV, "bad-prevblk");
4122  }
4123  if (!ContextualCheckBlockHeader(block, state, m_blockman, *this, pindexPrev)) {
4124  LogPrint(BCLog::VALIDATION, "%s: Consensus::ContextualCheckBlockHeader: %s, %s\n", __func__, hash.ToString(), state.ToString());
4125  return false;
4126  }
4127 
4128  /* Determine if this block descends from any block which has been found
4129  * invalid (m_failed_blocks), then mark pindexPrev and any blocks between
4130  * them as failed. For example:
4131  *
4132  * D3
4133  * /
4134  * B2 - C2
4135  * / \
4136  * A D2 - E2 - F2
4137  * \
4138  * B1 - C1 - D1 - E1
4139  *
4140  * In the case that we attempted to reorg from E1 to F2, only to find
4141  * C2 to be invalid, we would mark D2, E2, and F2 as BLOCK_FAILED_CHILD
4142  * but NOT D3 (it was not in any of our candidate sets at the time).
4143  *
4144  * In any case D3 will also be marked as BLOCK_FAILED_CHILD at restart
4145  * in LoadBlockIndex.
4146  */
4147  if (!pindexPrev->IsValid(BLOCK_VALID_SCRIPTS)) {
4148  // The above does not mean "invalid": it checks if the previous block
4149  // hasn't been validated up to BLOCK_VALID_SCRIPTS. This is a performance
4150  // optimization, in the common case of adding a new block to the tip,
4151  // we don't need to iterate over the failed blocks list.
4152  for (const CBlockIndex* failedit : m_failed_blocks) {
4153  if (pindexPrev->GetAncestor(failedit->nHeight) == failedit) {
4154  assert(failedit->nStatus & BLOCK_FAILED_VALID);
4155  CBlockIndex* invalid_walk = pindexPrev;
4156  while (invalid_walk != failedit) {
4157  invalid_walk->nStatus |= BLOCK_FAILED_CHILD;
4158  m_blockman.m_dirty_blockindex.insert(invalid_walk);
4159  invalid_walk = invalid_walk->pprev;
4160  }
4161  LogPrint(BCLog::VALIDATION, "header %s has prev block invalid: %s\n", hash.ToString(), block.hashPrevBlock.ToString());
4162  return state.Invalid(BlockValidationResult::BLOCK_INVALID_PREV, "bad-prevblk");
4163  }
4164  }
4165  }
4166  }
4167  if (!min_pow_checked) {
4168  LogPrint(BCLog::VALIDATION, "%s: not adding new block header %s, missing anti-dos proof-of-work validation\n", __func__, hash.ToString());
4169  return state.Invalid(BlockValidationResult::BLOCK_HEADER_LOW_WORK, "too-little-chainwork");
4170  }
4171  CBlockIndex* pindex{m_blockman.AddToBlockIndex(block, m_best_header)};
4172 
4173  if (ppindex)
4174  *ppindex = pindex;
4175 
4176  // Since this is the earliest point at which we have determined that a
4177  // header is both new and valid, log here.
4178  //
4179  // These messages are valuable for detecting potential selfish mining behavior;
4180  // if multiple displacing headers are seen near simultaneously across many
4181  // nodes in the network, this might be an indication of selfish mining. Having
4182  // this log by default when not in IBD ensures broad availability of this data
4183  // in case investigation is merited.
4184  const auto msg = strprintf(
4185  "Saw new header hash=%s height=%d", hash.ToString(), pindex->nHeight);
4186 
4187  if (IsInitialBlockDownload()) {
4189  } else {
4190  LogPrintf("%s\n", msg);
4191  }
4192 
4193  return true;
4194 }
4195 
4196 // Exposed wrapper for AcceptBlockHeader
4197 bool ChainstateManager::ProcessNewBlockHeaders(const std::vector<CBlockHeader>& headers, bool min_pow_checked, BlockValidationState& state, const CBlockIndex** ppindex)
4198 {
4200  {
4201  LOCK(cs_main);
4202  for (const CBlockHeader& header : headers) {
4203  CBlockIndex *pindex = nullptr; // Use a temp pindex instead of ppindex to avoid a const_cast
4204  bool accepted{AcceptBlockHeader(header, state, &pindex, min_pow_checked)};
4205  CheckBlockIndex();
4206 
4207  if (!accepted) {
4208  return false;
4209  }
4210  if (ppindex) {
4211  *ppindex = pindex;
4212  }
4213  }
4214  }
4215  if (NotifyHeaderTip(*this)) {
4216  if (IsInitialBlockDownload() && ppindex && *ppindex) {
4217  const CBlockIndex& last_accepted{**ppindex};
4218  const int64_t blocks_left{(GetTime() - last_accepted.GetBlockTime()) / GetConsensus().nPowTargetSpacing};
4219  const double progress{100.0 * last_accepted.nHeight / (last_accepted.nHeight + blocks_left)};
4220  LogPrintf("Synchronizing blockheaders, height: %d (~%.2f%%)\n", last_accepted.nHeight, progress);
4221  }
4222  }
4223  return true;
4224 }
4225 
4226 void ChainstateManager::ReportHeadersPresync(const arith_uint256& work, int64_t height, int64_t timestamp)
4227 {
4229  {
4230  LOCK(cs_main);
4231  // Don't report headers presync progress if we already have a post-minchainwork header chain.
4232  // This means we lose reporting for potentially legitimate, but unlikely, deep reorgs, but
4233  // prevent attackers that spam low-work headers from filling our logs.
4234  if (m_best_header->nChainWork >= UintToArith256(GetConsensus().nMinimumChainWork)) return;
4235  // Rate limit headers presync updates to 4 per second, as these are not subject to DoS
4236  // protection.
4237  auto now = std::chrono::steady_clock::now();
4238  if (now < m_last_presync_update + std::chrono::milliseconds{250}) return;
4239  m_last_presync_update = now;
4240  }
4241  bool initial_download = IsInitialBlockDownload();
4242  GetNotifications().headerTip(GetSynchronizationState(initial_download), height, timestamp, /*presync=*/true);
4243  if (initial_download) {
4244  const int64_t blocks_left{(GetTime() - timestamp) / GetConsensus().nPowTargetSpacing};
4245  const double progress{100.0 * height / (height + blocks_left)};
4246  LogPrintf("Pre-synchronizing blockheaders, height: %d (~%.2f%%)\n", height, progress);
4247  }
4248 }
4249 
4251 bool ChainstateManager::AcceptBlock(const std::shared_ptr<const CBlock>& pblock, BlockValidationState& state, CBlockIndex** ppindex, bool fRequested, const FlatFilePos* dbp, bool* fNewBlock, bool min_pow_checked)
4252 {
4253  const CBlock& block = *pblock;
4254 
4255  if (fNewBlock) *fNewBlock = false;
4257 
4258  CBlockIndex *pindexDummy = nullptr;
4259  CBlockIndex *&pindex = ppindex ? *ppindex : pindexDummy;
4260 
4261  bool accepted_header{AcceptBlockHeader(block, state, &pindex, min_pow_checked)};
4262  CheckBlockIndex();
4263 
4264  if (!accepted_header)
4265  return false;
4266 
4267  // Check all requested blocks that we do not already have for validity and
4268  // save them to disk. Skip processing of unrequested blocks as an anti-DoS
4269  // measure, unless the blocks have more work than the active chain tip, and
4270  // aren't too far ahead of it, so are likely to be attached soon.
4271  bool fAlreadyHave = pindex->nStatus & BLOCK_HAVE_DATA;
4272  bool fHasMoreOrSameWork = (ActiveTip() ? pindex->nChainWork >= ActiveTip()->nChainWork : true);
4273  // Blocks that are too out-of-order needlessly limit the effectiveness of
4274  // pruning, because pruning will not delete block files that contain any
4275  // blocks which are too close in height to the tip. Apply this test
4276  // regardless of whether pruning is enabled; it should generally be safe to
4277  // not process unrequested blocks.
4278  bool fTooFarAhead{pindex->nHeight > ActiveHeight() + int(MIN_BLOCKS_TO_KEEP)};
4279 
4280  // TODO: Decouple this function from the block download logic by removing fRequested
4281  // This requires some new chain data structure to efficiently look up if a
4282  // block is in a chain leading to a candidate for best tip, despite not
4283  // being such a candidate itself.
4284  // Note that this would break the getblockfrompeer RPC
4285 
4286  // TODO: deal better with return value and error conditions for duplicate
4287  // and unrequested blocks.
4288  if (fAlreadyHave) return true;
4289  if (!fRequested) { // If we didn't ask for it:
4290  if (pindex->nTx != 0) return true; // This is a previously-processed block that was pruned
4291  if (!fHasMoreOrSameWork) return true; // Don't process less-work chains
4292  if (fTooFarAhead) return true; // Block height is too high
4293 
4294  // Protect against DoS attacks from low-work chains.
4295  // If our tip is behind, a peer could try to send us
4296  // low-work blocks on a fake chain that we would never
4297  // request; don't process these.
4298  if (pindex->nChainWork < MinimumChainWork()) return true;
4299  }
4300 
4301  const CChainParams& params{GetParams()};
4302 
4303  if (!CheckBlock(block, state, params.GetConsensus()) ||
4304  !ContextualCheckBlock(block, state, *this, pindex->pprev)) {
4305  if (state.IsInvalid() && state.GetResult() != BlockValidationResult::BLOCK_MUTATED) {
4306  pindex->nStatus |= BLOCK_FAILED_VALID;
4307  m_blockman.m_dirty_blockindex.insert(pindex);
4308  }
4309  LogError("%s: %s\n", __func__, state.ToString());
4310  return false;
4311  }
4312 
4313  // Header is valid/has work, merkle tree and segwit merkle tree are good...RELAY NOW
4314  // (but if it does not build on our best tip, let the SendMessages loop relay it)
4315  if (!IsInitialBlockDownload() && ActiveTip() == pindex->pprev && m_options.signals) {
4316  m_options.signals->NewPoWValidBlock(pindex, pblock);
4317  }
4318 
4319  // Write block to history file
4320  if (fNewBlock) *fNewBlock = true;
4321  try {
4322  FlatFilePos blockPos{m_blockman.SaveBlockToDisk(block, pindex->nHeight, dbp)};
4323  if (blockPos.IsNull()) {
4324  state.Error(strprintf("%s: Failed to find position to write new block to disk", __func__));
4325  return false;
4326  }
4327  ReceivedBlockTransactions(block, pindex, blockPos);
4328  } catch (const std::runtime_error& e) {
4329  return FatalError(GetNotifications(), state, std::string("System error: ") + e.what());
4330  }
4331 
4332  // TODO: FlushStateToDisk() handles flushing of both block and chainstate
4333  // data, so we should move this to ChainstateManager so that we can be more
4334  // intelligent about how we flush.
4335  // For now, since FlushStateMode::NONE is used, all that can happen is that
4336  // the block files may be pruned, so we can just call this on one
4337  // chainstate (particularly if we haven't implemented pruning with
4338  // background validation yet).
4339  ActiveChainstate().FlushStateToDisk(state, FlushStateMode::NONE);
4340 
4341  CheckBlockIndex();
4342 
4343  return true;
4344 }
4345 
4346 bool ChainstateManager::ProcessNewBlock(const std::shared_ptr<const CBlock>& block, bool force_processing, bool min_pow_checked, bool* new_block)
4347 {
4349 
4350  {
4351  CBlockIndex *pindex = nullptr;
4352  if (new_block) *new_block = false;
4353  BlockValidationState state;
4354 
4355  // CheckBlock() does not support multi-threaded block validation because CBlock::fChecked can cause data race.
4356  // Therefore, the following critical section must include the CheckBlock() call as well.
4357  LOCK(cs_main);
4358 
4359  // Skipping AcceptBlock() for CheckBlock() failures means that we will never mark a block as invalid if
4360  // CheckBlock() fails. This is protective against consensus failure if there are any unknown forms of block
4361  // malleability that cause CheckBlock() to fail; see e.g. CVE-2012-2459 and
4362  // https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html. Because CheckBlock() is
4363  // not very expensive, the anti-DoS benefits of caching failure (of a definitely-invalid block) are not substantial.
4364  bool ret = CheckBlock(*block, state, GetConsensus());
4365  if (ret) {
4366  // Store to disk
4367  ret = AcceptBlock(block, state, &pindex, force_processing, nullptr, new_block, min_pow_checked);
4368  }
4369  if (!ret) {
4370  if (m_options.signals) {
4371  m_options.signals->BlockChecked(*block, state);
4372  }
4373  LogError("%s: AcceptBlock FAILED (%s)\n", __func__, state.ToString());
4374  return false;
4375  }
4376  }
4377 
4378  NotifyHeaderTip(*this);
4379 
4380  BlockValidationState state; // Only used to report errors, not invalidity - ignore it
4381  if (!ActiveChainstate().ActivateBestChain(state, block)) {
4382  LogError("%s: ActivateBestChain failed (%s)\n", __func__, state.ToString());
4383  return false;
4384  }
4385 
4386  Chainstate* bg_chain{WITH_LOCK(cs_main, return BackgroundSyncInProgress() ? m_ibd_chainstate.get() : nullptr)};
4387  BlockValidationState bg_state;
4388  if (bg_chain && !bg_chain->ActivateBestChain(bg_state, block)) {
4389  LogError("%s: [background] ActivateBestChain failed (%s)\n", __func__, bg_state.ToString());
4390  return false;
4391  }
4392 
4393  return true;
4394 }
4395 
4397 {
4399  Chainstate& active_chainstate = ActiveChainstate();
4400  if (!active_chainstate.GetMempool()) {
4401  TxValidationState state;
4402  state.Invalid(TxValidationResult::TX_NO_MEMPOOL, "no-mempool");
4403  return MempoolAcceptResult::Failure(state);
4404  }
4405  auto result = AcceptToMemoryPool(active_chainstate, tx, GetTime(), /*bypass_limits=*/ false, test_accept);
4406  active_chainstate.GetMempool()->check(active_chainstate.CoinsTip(), active_chainstate.m_chain.Height() + 1);
4407  return result;
4408 }
4409 
4411  const CChainParams& chainparams,
4412  Chainstate& chainstate,
4413  const CBlock& block,
4414  CBlockIndex* pindexPrev,
4415  bool fCheckPOW,
4416  bool fCheckMerkleRoot)
4417 {
4419  assert(pindexPrev && pindexPrev == chainstate.m_chain.Tip());
4420  CCoinsViewCache viewNew(&chainstate.CoinsTip());
4421  uint256 block_hash(block.GetHash());
4422  CBlockIndex indexDummy(block);
4423  indexDummy.pprev = pindexPrev;
4424  indexDummy.nHeight = pindexPrev->nHeight + 1;
4425  indexDummy.phashBlock = &block_hash;
4426 
4427  // NOTE: CheckBlockHeader is called by CheckBlock
4428  if (!ContextualCheckBlockHeader(block, state, chainstate.m_blockman, chainstate.m_chainman, pindexPrev)) {
4429  LogError("%s: Consensus::ContextualCheckBlockHeader: %s\n", __func__, state.ToString());
4430  return false;
4431  }
4432  if (!CheckBlock(block, state, chainparams.GetConsensus(), fCheckPOW, fCheckMerkleRoot)) {
4433  LogError("%s: Consensus::CheckBlock: %s\n", __func__, state.ToString());
4434  return false;
4435  }
4436  if (!ContextualCheckBlock(block, state, chainstate.m_chainman, pindexPrev)) {
4437  LogError("%s: Consensus::ContextualCheckBlock: %s\n", __func__, state.ToString());
4438  return false;
4439  }
4440  if (!chainstate.ConnectBlock(block, state, &indexDummy, viewNew, true)) {
4441  return false;
4442  }
4443  assert(state.IsValid());
4444 
4445  return true;
4446 }
4447 
4448 /* This function is called from the RPC code for pruneblockchain */
4449 void PruneBlockFilesManual(Chainstate& active_chainstate, int nManualPruneHeight)
4450 {
4451  BlockValidationState state;
4452  if (!active_chainstate.FlushStateToDisk(
4453  state, FlushStateMode::NONE, nManualPruneHeight)) {
4454  LogPrintf("%s: failed to flush state (%s)\n", __func__, state.ToString());
4455  }
4456 }
4457 
4459 {
4461  const CCoinsViewCache& coins_cache = CoinsTip();
4462  assert(!coins_cache.GetBestBlock().IsNull()); // Never called when the coins view is empty
4463  const CBlockIndex* tip = m_chain.Tip();
4464 
4465  if (tip && tip->GetBlockHash() == coins_cache.GetBestBlock()) {
4466  return true;
4467  }
4468 
4469  // Load pointer to end of best chain
4470  CBlockIndex* pindex = m_blockman.LookupBlockIndex(coins_cache.GetBestBlock());
4471  if (!pindex) {
4472  return false;
4473  }
4474  m_chain.SetTip(*pindex);
4476 
4477  tip = m_chain.Tip();
4478  LogPrintf("Loaded best chain: hashBestChain=%s height=%d date=%s progress=%f\n",
4479  tip->GetBlockHash().ToString(),
4480  m_chain.Height(),
4483  return true;
4484 }
4485 
4487  : m_notifications{notifications}
4488 {
4489  m_notifications.progress(_("Verifying blocks…"), 0, false);
4490 }
4491 
4493 {
4494  m_notifications.progress(bilingual_str{}, 100, false);
4495 }
4496 
4498  Chainstate& chainstate,
4499  const Consensus::Params& consensus_params,
4500  CCoinsView& coinsview,
4501  int nCheckLevel, int nCheckDepth)
4502 {
4504 
4505  if (chainstate.m_chain.Tip() == nullptr || chainstate.m_chain.Tip()->pprev == nullptr) {
4506  return VerifyDBResult::SUCCESS;
4507  }
4508 
4509  // Verify blocks in the best chain
4510  if (nCheckDepth <= 0 || nCheckDepth > chainstate.m_chain.Height()) {
4511  nCheckDepth = chainstate.m_chain.Height();
4512  }
4513  nCheckLevel = std::max(0, std::min(4, nCheckLevel));
4514  LogPrintf("Verifying last %i blocks at level %i\n", nCheckDepth, nCheckLevel);
4515  CCoinsViewCache coins(&coinsview);
4516  CBlockIndex* pindex;
4517  CBlockIndex* pindexFailure = nullptr;
4518  int nGoodTransactions = 0;
4519  BlockValidationState state;
4520  int reportDone = 0;
4521  bool skipped_no_block_data{false};
4522  bool skipped_l3_checks{false};
4523  LogPrintf("Verification progress: 0%%\n");
4524 
4525  const bool is_snapshot_cs{chainstate.m_from_snapshot_blockhash};
4526 
4527  for (pindex = chainstate.m_chain.Tip(); pindex && pindex->pprev; pindex = pindex->pprev) {
4528  const int percentageDone = std::max(1, std::min(99, (int)(((double)(chainstate.m_chain.Height() - pindex->nHeight)) / (double)nCheckDepth * (nCheckLevel >= 4 ? 50 : 100))));
4529  if (reportDone < percentageDone / 10) {
4530  // report every 10% step
4531  LogPrintf("Verification progress: %d%%\n", percentageDone);
4532  reportDone = percentageDone / 10;
4533  }
4534  m_notifications.progress(_("Verifying blocks…"), percentageDone, false);
4535  if (pindex->nHeight <= chainstate.m_chain.Height() - nCheckDepth) {
4536  break;
4537  }
4538  if ((chainstate.m_blockman.IsPruneMode() || is_snapshot_cs) && !(pindex->nStatus & BLOCK_HAVE_DATA)) {
4539  // If pruning or running under an assumeutxo snapshot, only go
4540  // back as far as we have data.
4541  LogPrintf("VerifyDB(): block verification stopping at height %d (no data). This could be due to pruning or use of an assumeutxo snapshot.\n", pindex->nHeight);
4542  skipped_no_block_data = true;
4543  break;
4544  }
4545  CBlock block;
4546  // check level 0: read from disk
4547  if (!chainstate.m_blockman.ReadBlockFromDisk(block, *pindex)) {
4548  LogPrintf("Verification error: ReadBlockFromDisk failed at %d, hash=%s\n", pindex->nHeight, pindex->GetBlockHash().ToString());
4550  }
4551  // check level 1: verify block validity
4552  if (nCheckLevel >= 1 && !CheckBlock(block, state, consensus_params)) {
4553  LogPrintf("Verification error: found bad block at %d, hash=%s (%s)\n",
4554  pindex->nHeight, pindex->GetBlockHash().ToString(), state.ToString());
4556  }
4557  // check level 2: verify undo validity
4558  if (nCheckLevel >= 2 && pindex) {
4559  CBlockUndo undo;
4560  if (!pindex->GetUndoPos().IsNull()) {
4561  if (!chainstate.m_blockman.UndoReadFromDisk(undo, *pindex)) {
4562  LogPrintf("Verification error: found bad undo data at %d, hash=%s\n", pindex->nHeight, pindex->GetBlockHash().ToString());
4564  }
4565  }
4566  }
4567  // check level 3: check for inconsistencies during memory-only disconnect of tip blocks
4568  size_t curr_coins_usage = coins.DynamicMemoryUsage() + chainstate.CoinsTip().DynamicMemoryUsage();
4569 
4570  if (nCheckLevel >= 3) {
4571  if (curr_coins_usage <= chainstate.m_coinstip_cache_size_bytes) {
4572  assert(coins.GetBestBlock() == pindex->GetBlockHash());
4573  DisconnectResult res = chainstate.DisconnectBlock(block, pindex, coins);
4574  if (res == DISCONNECT_FAILED) {
4575  LogPrintf("Verification error: irrecoverable inconsistency in block data at %d, hash=%s\n", pindex->nHeight, pindex->GetBlockHash().ToString());
4577  }
4578  if (res == DISCONNECT_UNCLEAN) {
4579  nGoodTransactions = 0;
4580  pindexFailure = pindex;
4581  } else {
4582  nGoodTransactions += block.vtx.size();
4583  }
4584  } else {
4585  skipped_l3_checks = true;
4586  }
4587  }
4588  if (chainstate.m_chainman.m_interrupt) return VerifyDBResult::INTERRUPTED;
4589  }
4590  if (pindexFailure) {
4591  LogPrintf("Verification error: coin database inconsistencies found (last %i blocks, %i good transactions before that)\n", chainstate.m_chain.Height() - pindexFailure->nHeight + 1, nGoodTransactions);
4593  }
4594  if (skipped_l3_checks) {
4595  LogPrintf("Skipped verification of level >=3 (insufficient database cache size). Consider increasing -dbcache.\n");
4596  }
4597 
4598  // store block count as we move pindex at check level >= 4
4599  int block_count = chainstate.m_chain.Height() - pindex->nHeight;
4600 
4601  // check level 4: try reconnecting blocks
4602  if (nCheckLevel >= 4 && !skipped_l3_checks) {
4603  while (pindex != chainstate.m_chain.Tip()) {
4604  const int percentageDone = std::max(1, std::min(99, 100 - (int)(((double)(chainstate.m_chain.Height() - pindex->nHeight)) / (double)nCheckDepth * 50)));
4605  if (reportDone < percentageDone / 10) {
4606  // report every 10% step
4607  LogPrintf("Verification progress: %d%%\n", percentageDone);
4608  reportDone = percentageDone / 10;
4609  }
4610  m_notifications.progress(_("Verifying blocks…"), percentageDone, false);
4611  pindex = chainstate.m_chain.Next(pindex);
4612  CBlock block;
4613  if (!chainstate.m_blockman.ReadBlockFromDisk(block, *pindex)) {
4614  LogPrintf("Verification error: ReadBlockFromDisk failed at %d, hash=%s\n", pindex->nHeight, pindex->GetBlockHash().ToString());
4616  }
4617  if (!chainstate.ConnectBlock(block, state, pindex, coins)) {
4618  LogPrintf("Verification error: found unconnectable block at %d, hash=%s (%s)\n", pindex->nHeight, pindex->GetBlockHash().ToString(), state.ToString());
4620  }
4621  if (chainstate.m_chainman.m_interrupt) return VerifyDBResult::INTERRUPTED;
4622  }
4623  }
4624 
4625  LogPrintf("Verification: No coin database inconsistencies in last %i blocks (%i transactions)\n", block_count, nGoodTransactions);
4626 
4627  if (skipped_l3_checks) {
4629  }
4630  if (skipped_no_block_data) {
4632  }
4633  return VerifyDBResult::SUCCESS;
4634 }
4635 
4638 {
4640  // TODO: merge with ConnectBlock
4641  CBlock block;
4642  if (!m_blockman.ReadBlockFromDisk(block, *pindex)) {
4643  LogError("ReplayBlock(): ReadBlockFromDisk failed at %d, hash=%s\n", pindex->nHeight, pindex->GetBlockHash().ToString());
4644  return false;
4645  }
4646 
4647  for (const CTransactionRef& tx : block.vtx) {
4648  if (!tx->IsCoinBase()) {
4649  for (const CTxIn &txin : tx->vin) {
4650  inputs.SpendCoin(txin.prevout);
4651  }
4652  }
4653  // Pass check = true as every addition may be an overwrite.
4654  AddCoins(inputs, *tx, pindex->nHeight, true);
4655  }
4656  return true;
4657 }
4658 
4660 {
4661  LOCK(cs_main);
4662 
4663  CCoinsView& db = this->CoinsDB();
4664  CCoinsViewCache cache(&db);
4665 
4666  std::vector<uint256> hashHeads = db.GetHeadBlocks();
4667  if (hashHeads.empty()) return true; // We're already in a consistent state.
4668  if (hashHeads.size() != 2) {
4669  LogError("ReplayBlocks(): unknown inconsistent state\n");
4670  return false;
4671  }
4672 
4673  m_chainman.GetNotifications().progress(_("Replaying blocks…"), 0, false);
4674  LogPrintf("Replaying blocks\n");
4675 
4676  const CBlockIndex* pindexOld = nullptr; // Old tip during the interrupted flush.
4677  const CBlockIndex* pindexNew; // New tip during the interrupted flush.
4678  const CBlockIndex* pindexFork = nullptr; // Latest block common to both the old and the new tip.
4679 
4680  if (m_blockman.m_block_index.count(hashHeads[0]) == 0) {
4681  LogError("ReplayBlocks(): reorganization to unknown block requested\n");
4682  return false;
4683  }
4684  pindexNew = &(m_blockman.m_block_index[hashHeads[0]]);
4685 
4686  if (!hashHeads[1].IsNull()) { // The old tip is allowed to be 0, indicating it's the first flush.
4687  if (m_blockman.m_block_index.count(hashHeads[1]) == 0) {
4688  LogError("ReplayBlocks(): reorganization from unknown block requested\n");
4689  return false;
4690  }
4691  pindexOld = &(m_blockman.m_block_index[hashHeads[1]]);
4692  pindexFork = LastCommonAncestor(pindexOld, pindexNew);
4693  assert(pindexFork != nullptr);
4694  }
4695 
4696  // Rollback along the old branch.
4697  while (pindexOld != pindexFork) {
4698  if (pindexOld->nHeight > 0) { // Never disconnect the genesis block.
4699  CBlock block;
4700  if (!m_blockman.ReadBlockFromDisk(block, *pindexOld)) {
4701  LogError("RollbackBlock(): ReadBlockFromDisk() failed at %d, hash=%s\n", pindexOld->nHeight, pindexOld->GetBlockHash().ToString());
4702  return false;
4703  }
4704  LogPrintf("Rolling back %s (%i)\n", pindexOld->GetBlockHash().ToString(), pindexOld->nHeight);
4705  DisconnectResult res = DisconnectBlock(block, pindexOld, cache);
4706  if (res == DISCONNECT_FAILED) {
4707  LogError("RollbackBlock(): DisconnectBlock failed at %d, hash=%s\n", pindexOld->nHeight, pindexOld->GetBlockHash().ToString());
4708  return false;
4709  }
4710  // If DISCONNECT_UNCLEAN is returned, it means a non-existing UTXO was deleted, or an existing UTXO was
4711  // overwritten. It corresponds to cases where the block-to-be-disconnect never had all its operations
4712  // applied to the UTXO set. However, as both writing a UTXO and deleting a UTXO are idempotent operations,
4713  // the result is still a version of the UTXO set with the effects of that block undone.
4714  }
4715  pindexOld = pindexOld->pprev;
4716  }
4717 
4718  // Roll forward from the forking point to the new tip.
4719  int nForkHeight = pindexFork ? pindexFork->nHeight : 0;
4720  for (int nHeight = nForkHeight + 1; nHeight <= pindexNew->nHeight; ++nHeight) {
4721  const CBlockIndex& pindex{*Assert(pindexNew->GetAncestor(nHeight))};
4722 
4723  LogPrintf("Rolling forward %s (%i)\n", pindex.GetBlockHash().ToString(), nHeight);
4724  m_chainman.GetNotifications().progress(_("Replaying blocks…"), (int)((nHeight - nForkHeight) * 100.0 / (pindexNew->nHeight - nForkHeight)), false);
4725  if (!RollforwardBlock(&pindex, cache)) return false;
4726  }
4727 
4728  cache.SetBestBlock(pindexNew->GetBlockHash());
4729  cache.Flush();
4731  return true;
4732 }
4733 
4735 {
4737 
4738  // At and above m_params.SegwitHeight, segwit consensus rules must be validated
4739  CBlockIndex* block{m_chain.Tip()};
4740 
4741  while (block != nullptr && DeploymentActiveAt(*block, m_chainman, Consensus::DEPLOYMENT_SEGWIT)) {
4742  if (!(block->nStatus & BLOCK_OPT_WITNESS)) {
4743  // block is insufficiently validated for a segwit client
4744  return true;
4745  }
4746  block = block->pprev;
4747  }
4748 
4749  return false;
4750 }
4751 
4752 void Chainstate::ClearBlockIndexCandidates()
4753 {
4755  setBlockIndexCandidates.clear();
4756 }
4757 
4759 {
4761  // Load block index from databases
4762  bool needs_init = fReindex;
4763  if (!fReindex) {
4764  bool ret{m_blockman.LoadBlockIndexDB(SnapshotBlockhash())};
4765  if (!ret) return false;
4766 
4767  m_blockman.ScanAndUnlinkAlreadyPrunedFiles();
4768 
4769  std::vector<CBlockIndex*> vSortedByHeight{m_blockman.GetAllBlockIndices()};
4770  std::sort(vSortedByHeight.begin(), vSortedByHeight.end(),
4772 
4773  for (CBlockIndex* pindex : vSortedByHeight) {
4774  if (m_interrupt) return false;
4775  // If we have an assumeutxo-based chainstate, then the snapshot
4776  // block will be a candidate for the tip, but it may not be
4777  // VALID_TRANSACTIONS (eg if we haven't yet downloaded the block),
4778  // so we special-case the snapshot block as a potential candidate
4779  // here.
4780  if (pindex == GetSnapshotBaseBlock() ||
4781  (pindex->IsValid(BLOCK_VALID_TRANSACTIONS) &&
4782  (pindex->HaveNumChainTxs() || pindex->pprev == nullptr))) {
4783 
4784  for (Chainstate* chainstate : GetAll()) {
4785  chainstate->TryAddBlockIndexCandidate(pindex);
4786  }
4787  }
4788  if (pindex->nStatus & BLOCK_FAILED_MASK && (!m_best_invalid || pindex->nChainWork > m_best_invalid->nChainWork)) {
4789  m_best_invalid = pindex;
4790  }
4791  if (pindex->IsValid(BLOCK_VALID_TREE) && (m_best_header == nullptr || CBlockIndexWorkComparator()(m_best_header, pindex)))
4792  m_best_header = pindex;
4793  }
4794 
4795  needs_init = m_blockman.m_block_index.empty();
4796  }
4797 
4798  if (needs_init) {
4799  // Everything here is for *new* reindex/DBs. Thus, though
4800  // LoadBlockIndexDB may have set fReindex if we shut down
4801  // mid-reindex previously, we don't check fReindex and
4802  // instead only check it prior to LoadBlockIndexDB to set
4803  // needs_init.
4804 
4805  LogPrintf("Initializing databases...\n");
4806  }
4807  return true;
4808 }
4809 
4811 {
4812  LOCK(cs_main);
4813 
4814  const CChainParams& params{m_chainman.GetParams()};
4815 
4816  // Check whether we're already initialized by checking for genesis in
4817  // m_blockman.m_block_index. Note that we can't use m_chain here, since it is
4818  // set based on the coins db, not the block index db, which is the only
4819  // thing loaded at this point.
4820  if (m_blockman.m_block_index.count(params.GenesisBlock().GetHash()))
4821  return true;
4822 
4823  try {
4824  const CBlock& block = params.GenesisBlock();
4825  FlatFilePos blockPos{m_blockman.SaveBlockToDisk(block, 0, nullptr)};
4826  if (blockPos.IsNull()) {
4827  LogError("%s: writing genesis block to disk failed\n", __func__);
4828  return false;
4829  }
4830  CBlockIndex* pindex = m_blockman.AddToBlockIndex(block, m_chainman.m_best_header);
4831  m_chainman.ReceivedBlockTransactions(block, pindex, blockPos);
4832  } catch (const std::runtime_error& e) {
4833  LogError("%s: failed to write genesis block: %s\n", __func__, e.what());
4834  return false;
4835  }
4836 
4837  return true;
4838 }
4839 
4841  AutoFile& file_in,
4842  FlatFilePos* dbp,
4843  std::multimap<uint256, FlatFilePos>* blocks_with_unknown_parent)
4844 {
4845  // Either both should be specified (-reindex), or neither (-loadblock).
4846  assert(!dbp == !blocks_with_unknown_parent);
4847 
4848  const auto start{SteadyClock::now()};
4849  const CChainParams& params{GetParams()};
4850 
4851  int nLoaded = 0;
4852  try {
4854  // nRewind indicates where to resume scanning in case something goes wrong,
4855  // such as a block fails to deserialize.
4856  uint64_t nRewind = blkdat.GetPos();
4857  while (!blkdat.eof()) {
4858  if (m_interrupt) return;
4859 
4860  blkdat.SetPos(nRewind);
4861  nRewind++; // start one byte further next time, in case of failure
4862  blkdat.SetLimit(); // remove former limit
4863  unsigned int nSize = 0;
4864  try {
4865  // locate a header
4866  MessageStartChars buf;
4867  blkdat.FindByte(std::byte(params.MessageStart()[0]));
4868  nRewind = blkdat.GetPos() + 1;
4869  blkdat >> buf;
4870  if (buf != params.MessageStart()) {
4871  continue;
4872  }
4873  // read size
4874  blkdat >> nSize;
4875  if (nSize < 80 || nSize > MAX_BLOCK_SERIALIZED_SIZE)
4876  continue;
4877  } catch (const std::exception&) {
4878  // no valid block header found; don't complain
4879  // (this happens at the end of every blk.dat file)
4880  break;
4881  }
4882  try {
4883  // read block header
4884  const uint64_t nBlockPos{blkdat.GetPos()};
4885  if (dbp)
4886  dbp->nPos = nBlockPos;
4887  blkdat.SetLimit(nBlockPos + nSize);
4888  CBlockHeader header;
4889  blkdat >> header;
4890  const uint256 hash{header.GetHash()};
4891  // Skip the rest of this block (this may read from disk into memory); position to the marker before the
4892  // next block, but it's still possible to rewind to the start of the current block (without a disk read).
4893  nRewind = nBlockPos + nSize;
4894  blkdat.SkipTo(nRewind);
4895 
4896  std::shared_ptr<CBlock> pblock{}; // needs to remain available after the cs_main lock is released to avoid duplicate reads from disk
4897 
4898  {
4899  LOCK(cs_main);
4900  // detect out of order blocks, and store them for later
4901  if (hash != params.GetConsensus().hashGenesisBlock && !m_blockman.LookupBlockIndex(header.hashPrevBlock)) {
4902  LogPrint(BCLog::REINDEX, "%s: Out of order block %s, parent %s not known\n", __func__, hash.ToString(),
4903  header.hashPrevBlock.ToString());
4904  if (dbp && blocks_with_unknown_parent) {
4905  blocks_with_unknown_parent->emplace(header.hashPrevBlock, *dbp);
4906  }
4907  continue;
4908  }
4909 
4910  // process in case the block isn't known yet
4911  const CBlockIndex* pindex = m_blockman.LookupBlockIndex(hash);
4912  if (!pindex || (pindex->nStatus & BLOCK_HAVE_DATA) == 0) {
4913  // This block can be processed immediately; rewind to its start, read and deserialize it.
4914  blkdat.SetPos(nBlockPos);
4915  pblock = std::make_shared<CBlock>();
4916  blkdat >> TX_WITH_WITNESS(*pblock);
4917  nRewind = blkdat.GetPos();
4918 
4919  BlockValidationState state;
4920  if (AcceptBlock(pblock, state, nullptr, true, dbp, nullptr, true)) {
4921  nLoaded++;
4922  }
4923  if (state.IsError()) {
4924  break;
4925  }
4926  } else if (hash != params.GetConsensus().hashGenesisBlock && pindex->nHeight % 1000 == 0) {
4927  LogPrint(BCLog::REINDEX, "Block Import: already had block %s at height %d\n", hash.ToString(), pindex->nHeight);
4928  }
4929  }
4930 
4931  // Activate the genesis block so normal node progress can continue
4932  if (hash == params.GetConsensus().hashGenesisBlock) {
4933  bool genesis_activation_failure = false;
4934  for (auto c : GetAll()) {
4935  BlockValidationState state;
4936  if (!c->ActivateBestChain(state, nullptr)) {
4937  genesis_activation_failure = true;
4938  break;
4939  }
4940  }
4941  if (genesis_activation_failure) {
4942  break;
4943  }
4944  }
4945 
4946  if (m_blockman.IsPruneMode() && !fReindex && pblock) {
4947  // must update the tip for pruning to work while importing with -loadblock.
4948  // this is a tradeoff to conserve disk space at the expense of time
4949  // spent updating the tip to be able to prune.
4950  // otherwise, ActivateBestChain won't be called by the import process
4951  // until after all of the block files are loaded. ActivateBestChain can be
4952  // called by concurrent network message processing. but, that is not
4953  // reliable for the purpose of pruning while importing.
4954  bool activation_failure = false;
4955  for (auto c : GetAll()) {
4956  BlockValidationState state;
4957  if (!c->ActivateBestChain(state, pblock)) {
4958  LogPrint(BCLog::REINDEX, "failed to activate chain (%s)\n", state.ToString());
4959  activation_failure = true;
4960  break;
4961  }
4962  }
4963  if (activation_failure) {
4964  break;
4965  }
4966  }
4967 
4968  NotifyHeaderTip(*this);
4969 
4970  if (!blocks_with_unknown_parent) continue;
4971 
4972  // Recursively process earlier encountered successors of this block
4973  std::deque<uint256> queue;
4974  queue.push_back(hash);
4975  while (!queue.empty()) {
4976  uint256 head = queue.front();
4977  queue.pop_front();
4978  auto range = blocks_with_unknown_parent->equal_range(head);
4979  while (range.first != range.second) {
4980  std::multimap<uint256, FlatFilePos>::iterator it = range.first;
4981  std::shared_ptr<CBlock> pblockrecursive = std::make_shared<CBlock>();
4982  if (m_blockman.ReadBlockFromDisk(*pblockrecursive, it->second)) {
4983  LogPrint(BCLog::REINDEX, "%s: Processing out of order child %s of %s\n", __func__, pblockrecursive->GetHash().ToString(),
4984  head.ToString());
4985  LOCK(cs_main);
4986  BlockValidationState dummy;
4987  if (AcceptBlock(pblockrecursive, dummy, nullptr, true, &it->second, nullptr, true)) {
4988  nLoaded++;
4989  queue.push_back(pblockrecursive->GetHash());
4990  }
4991  }
4992  range.first++;
4993  blocks_with_unknown_parent->erase(it);
4994  NotifyHeaderTip(*this);
4995  }
4996  }
4997  } catch (const std::exception& e) {
4998  // historical bugs added extra data to the block files that does not deserialize cleanly.
4999  // commonly this data is between readable blocks, but it does not really matter. such data is not fatal to the import process.
5000  // the code that reads the block files deals with invalid data by simply ignoring it.
5001  // it continues to search for the next {4 byte magic message start bytes + 4 byte length + block} that does deserialize cleanly
5002  // and passes all of the other block validation checks dealing with POW and the merkle root, etc...
5003  // we merely note with this informational log message when unexpected data is encountered.
5004  // we could also be experiencing a storage system read error, or a read of a previous bad write. these are possible, but
5005  // less likely scenarios. we don't have enough information to tell a difference here.
5006  // the reindex process is not the place to attempt to clean and/or compact the block files. if so desired, a studious node operator
5007  // may use knowledge of the fact that the block files are not entirely pristine in order to prepare a set of pristine, and
5008  // perhaps ordered, block files for later reindexing.
5009  LogPrint(BCLog::REINDEX, "%s: unexpected data at file offset 0x%x - %s. continuing\n", __func__, (nRewind - 1), e.what());
5010  }
5011  }
5012  } catch (const std::runtime_error& e) {
5013  GetNotifications().fatalError(std::string("System error: ") + e.what());
5014  }
5015  LogPrintf("Loaded %i blocks from external file in %dms\n", nLoaded, Ticks<std::chrono::milliseconds>(SteadyClock::now() - start));
5016 }
5017 
5019 {
5020  if (!ShouldCheckBlockIndex()) {
5021  return;
5022  }
5023 
5024  LOCK(cs_main);
5025 
5026  // During a reindex, we read the genesis block and call CheckBlockIndex before ActivateBestChain,
5027  // so we have the genesis block in m_blockman.m_block_index but no active chain. (A few of the
5028  // tests when iterating the block tree require that m_chain has been initialized.)
5029  if (ActiveChain().Height() < 0) {
5030  assert(m_blockman.m_block_index.size() <= 1);
5031  return;
5032  }
5033 
5034  // Build forward-pointing map of the entire block tree.
5035  std::multimap<CBlockIndex*,CBlockIndex*> forward;
5036  for (auto& [_, block_index] : m_blockman.m_block_index) {
5037  forward.emplace(block_index.pprev, &block_index);
5038  }
5039 
5040  assert(forward.size() == m_blockman.m_block_index.size());
5041 
5042  std::pair<std::multimap<CBlockIndex*,CBlockIndex*>::iterator,std::multimap<CBlockIndex*,CBlockIndex*>::iterator> rangeGenesis = forward.equal_range(nullptr);
5043  CBlockIndex *pindex = rangeGenesis.first->second;
5044  rangeGenesis.first++;
5045  assert(rangeGenesis.first == rangeGenesis.second); // There is only one index entry with parent nullptr.
5046 
5047  // Iterate over the entire block tree, using depth-first search.
5048  // Along the way, remember whether there are blocks on the path from genesis
5049  // block being explored which are the first to have certain properties.
5050  size_t nNodes = 0;
5051  int nHeight = 0;
5052  CBlockIndex* pindexFirstInvalid = nullptr; // Oldest ancestor of pindex which is invalid.
5053  CBlockIndex* pindexFirstMissing = nullptr; // Oldest ancestor of pindex which does not have BLOCK_HAVE_DATA.
5054  CBlockIndex* pindexFirstNeverProcessed = nullptr; // Oldest ancestor of pindex for which nTx == 0.
5055  CBlockIndex* pindexFirstNotTreeValid = nullptr; // Oldest ancestor of pindex which does not have BLOCK_VALID_TREE (regardless of being valid or not).
5056  CBlockIndex* pindexFirstNotTransactionsValid = nullptr; // Oldest ancestor of pindex which does not have BLOCK_VALID_TRANSACTIONS (regardless of being valid or not).
5057  CBlockIndex* pindexFirstNotChainValid = nullptr; // Oldest ancestor of pindex which does not have BLOCK_VALID_CHAIN (regardless of being valid or not).
5058  CBlockIndex* pindexFirstNotScriptsValid = nullptr; // Oldest ancestor of pindex which does not have BLOCK_VALID_SCRIPTS (regardless of being valid or not).
5059  CBlockIndex* pindexFirstAssumeValid = nullptr; // Oldest ancestor of pindex which has BLOCK_ASSUMED_VALID
5060  while (pindex != nullptr) {
5061  nNodes++;
5062  if (pindexFirstAssumeValid == nullptr && pindex->nStatus & BLOCK_ASSUMED_VALID) pindexFirstAssumeValid = pindex;
5063  if (pindexFirstInvalid == nullptr && pindex->nStatus & BLOCK_FAILED_VALID) pindexFirstInvalid = pindex;
5064  if (pindexFirstMissing == nullptr && !(pindex->nStatus & BLOCK_HAVE_DATA)) {
5065  pindexFirstMissing = pindex;
5066  }
5067  if (pindexFirstNeverProcessed == nullptr && pindex->nTx == 0) pindexFirstNeverProcessed = pindex;
5068  if (pindex->pprev != nullptr && pindexFirstNotTreeValid == nullptr && (pindex->nStatus & BLOCK_VALID_MASK) < BLOCK_VALID_TREE) pindexFirstNotTreeValid = pindex;
5069 
5070  if (pindex->pprev != nullptr && !pindex->IsAssumedValid()) {
5071  // Skip validity flag checks for BLOCK_ASSUMED_VALID index entries, since these
5072  // *_VALID_MASK flags will not be present for index entries we are temporarily assuming
5073  // valid.
5074  if (pindexFirstNotTransactionsValid == nullptr &&
5075  (pindex->nStatus & BLOCK_VALID_MASK) < BLOCK_VALID_TRANSACTIONS) {
5076  pindexFirstNotTransactionsValid = pindex;
5077  }
5078 
5079  if (pindexFirstNotChainValid == nullptr &&
5080  (pindex->nStatus & BLOCK_VALID_MASK) < BLOCK_VALID_CHAIN) {
5081  pindexFirstNotChainValid = pindex;
5082  }
5083 
5084  if (pindexFirstNotScriptsValid == nullptr &&
5085  (pindex->nStatus & BLOCK_VALID_MASK) < BLOCK_VALID_SCRIPTS) {
5086  pindexFirstNotScriptsValid = pindex;
5087  }
5088  }
5089 
5090  // Begin: actual consistency checks.
5091  if (pindex->pprev == nullptr) {
5092  // Genesis block checks.
5093  assert(pindex->GetBlockHash() == GetConsensus().hashGenesisBlock); // Genesis block's hash must match.
5094  for (auto c : GetAll()) {
5095  if (c->m_chain.Genesis() != nullptr) {
5096  assert(pindex == c->m_chain.Genesis()); // The chain's genesis block must be this block.
5097  }
5098  }
5099  }
5100  if (!pindex->HaveNumChainTxs()) assert(pindex->nSequenceId <= 0); // nSequenceId can't be set positive for blocks that aren't linked (negative is used for preciousblock)
5101  // VALID_TRANSACTIONS is equivalent to nTx > 0 for all nodes (whether or not pruning has occurred).
5102  // HAVE_DATA is only equivalent to nTx > 0 (or VALID_TRANSACTIONS) if no pruning has occurred.
5103  // Unless these indexes are assumed valid and pending block download on a
5104  // background chainstate.
5105  if (!m_blockman.m_have_pruned && !pindex->IsAssumedValid()) {
5106  // If we've never pruned, then HAVE_DATA should be equivalent to nTx > 0
5107  assert(!(pindex->nStatus & BLOCK_HAVE_DATA) == (pindex->nTx == 0));
5108  if (pindexFirstAssumeValid == nullptr) {
5109  // If we've got some assume valid blocks, then we might have
5110  // missing blocks (not HAVE_DATA) but still treat them as
5111  // having been processed (with a fake nTx value). Otherwise, we
5112  // can assert that these are the same.
5113  assert(pindexFirstMissing == pindexFirstNeverProcessed);
5114  }
5115  } else {
5116  // If we have pruned, then we can only say that HAVE_DATA implies nTx > 0
5117  if (pindex->nStatus & BLOCK_HAVE_DATA) assert(pindex->nTx > 0);
5118  }
5119  if (pindex->nStatus & BLOCK_HAVE_UNDO) assert(pindex->nStatus & BLOCK_HAVE_DATA);
5120  if (pindex->IsAssumedValid()) {
5121  // Assumed-valid blocks should have some nTx value.
5122  assert(pindex->nTx > 0);
5123  // Assumed-valid blocks should connect to the main chain.
5124  assert((pindex->nStatus & BLOCK_VALID_MASK) >= BLOCK_VALID_TREE);
5125  } else {
5126  // Otherwise there should only be an nTx value if we have
5127  // actually seen a block's transactions.
5128  assert(((pindex->nStatus & BLOCK_VALID_MASK) >= BLOCK_VALID_TRANSACTIONS) == (pindex->nTx > 0)); // This is pruning-independent.
5129  }
5130  // All parents having had data (at some point) is equivalent to all parents being VALID_TRANSACTIONS, which is equivalent to HaveNumChainTxs().
5131  assert((pindexFirstNeverProcessed == nullptr) == pindex->HaveNumChainTxs());
5132  assert((pindexFirstNotTransactionsValid == nullptr) == pindex->HaveNumChainTxs());
5133  assert(pindex->nHeight == nHeight); // nHeight must be consistent.
5134  assert(pindex->pprev == nullptr || pindex->nChainWork >= pindex->pprev->nChainWork); // For every block except the genesis block, the chainwork must be larger than the parent's.
5135  assert(nHeight < 2 || (pindex->pskip && (pindex->pskip->nHeight < nHeight))); // The pskip pointer must point back for all but the first 2 blocks.
5136  assert(pindexFirstNotTreeValid == nullptr); // All m_blockman.m_block_index entries must at least be TREE valid
5137  if ((pindex->nStatus & BLOCK_VALID_MASK) >= BLOCK_VALID_TREE) assert(pindexFirstNotTreeValid == nullptr); // TREE valid implies all parents are TREE valid
5138  if ((pindex->nStatus & BLOCK_VALID_MASK) >= BLOCK_VALID_CHAIN) assert(pindexFirstNotChainValid == nullptr); // CHAIN valid implies all parents are CHAIN valid
5139  if ((pindex->nStatus & BLOCK_VALID_MASK) >= BLOCK_VALID_SCRIPTS) assert(pindexFirstNotScriptsValid == nullptr); // SCRIPTS valid implies all parents are SCRIPTS valid
5140  if (pindexFirstInvalid == nullptr) {
5141  // Checks for not-invalid blocks.
5142  assert((pindex->nStatus & BLOCK_FAILED_MASK) == 0); // The failed mask cannot be set for blocks without invalid parents.
5143  }
5144  // Make sure nChainTx sum is correctly computed.
5145  unsigned int prev_chain_tx = pindex->pprev ? pindex->pprev->nChainTx : 0;
5146  assert((pindex->nChainTx == pindex->nTx + prev_chain_tx)
5147  // Transaction may be completely unset - happens if only the header was accepted but the block hasn't been processed.
5148  || (pindex->nChainTx == 0 && pindex->nTx == 0)
5149  // nChainTx may be unset, but nTx set (if a block has been accepted, but one of its predecessors hasn't been processed yet)
5150  || (pindex->nChainTx == 0 && prev_chain_tx == 0 && pindex->pprev)
5151  // Transaction counts prior to snapshot are unknown.
5152  || pindex->IsAssumedValid());
5153  // Chainstate-specific checks on setBlockIndexCandidates
5154  for (auto c : GetAll()) {
5155  if (c->m_chain.Tip() == nullptr) continue;
5156  if (!CBlockIndexWorkComparator()(pindex, c->m_chain.Tip()) && pindexFirstNeverProcessed == nullptr) {
5157  if (pindexFirstInvalid == nullptr) {
5158  const bool is_active = c == &ActiveChainstate();
5159  // If this block sorts at least as good as the current tip and
5160  // is valid and we have all data for its parents, it must be in
5161  // setBlockIndexCandidates. m_chain.Tip() must also be there
5162  // even if some data has been pruned.
5163  //
5164  if ((pindexFirstMissing == nullptr || pindex == c->m_chain.Tip())) {
5165  // The active chainstate should always have this block
5166  // as a candidate, but a background chainstate should
5167  // only have it if it is an ancestor of the snapshot base.
5168  if (is_active || GetSnapshotBaseBlock()->GetAncestor(pindex->nHeight) == pindex) {
5169  assert(c->setBlockIndexCandidates.count(pindex));
5170  }
5171  }
5172  // If some parent is missing, then it could be that this block was in
5173  // setBlockIndexCandidates but had to be removed because of the missing data.
5174  // In this case it must be in m_blocks_unlinked -- see test below.
5175  }
5176  } else { // If this block sorts worse than the current tip or some ancestor's block has never been seen, it cannot be in setBlockIndexCandidates.
5177  assert(c->setBlockIndexCandidates.count(pindex) == 0);
5178  }
5179  }
5180  // Check whether this block is in m_blocks_unlinked.
5181  std::pair<std::multimap<CBlockIndex*,CBlockIndex*>::iterator,std::multimap<CBlockIndex*,CBlockIndex*>::iterator> rangeUnlinked = m_blockman.m_blocks_unlinked.equal_range(pindex->pprev);
5182  bool foundInUnlinked = false;
5183  while (rangeUnlinked.first != rangeUnlinked.second) {
5184  assert(rangeUnlinked.first->first == pindex->pprev);
5185  if (rangeUnlinked.first->second == pindex) {
5186  foundInUnlinked = true;
5187  break;
5188  }
5189  rangeUnlinked.first++;
5190  }
5191  if (pindex->pprev && (pindex->nStatus & BLOCK_HAVE_DATA) && pindexFirstNeverProcessed != nullptr && pindexFirstInvalid == nullptr) {
5192  // If this block has block data available, some parent was never received, and has no invalid parents, it must be in m_blocks_unlinked.
5193  assert(foundInUnlinked);
5194  }
5195  if (!(pindex->nStatus & BLOCK_HAVE_DATA)) assert(!foundInUnlinked); // Can't be in m_blocks_unlinked if we don't HAVE_DATA
5196  if (pindexFirstMissing == nullptr) assert(!foundInUnlinked); // We aren't missing data for any parent -- cannot be in m_blocks_unlinked.
5197  if (pindex->pprev && (pindex->nStatus & BLOCK_HAVE_DATA) && pindexFirstNeverProcessed == nullptr && pindexFirstMissing != nullptr) {
5198  // We HAVE_DATA for this block, have received data for all parents at some point, but we're currently missing data for some parent.
5199  assert(m_blockman.m_have_pruned || pindexFirstAssumeValid != nullptr); // We must have pruned, or else we're using a snapshot (causing us to have faked the received data for some parent(s)).
5200  // This block may have entered m_blocks_unlinked if:
5201  // - it has a descendant that at some point had more work than the
5202  // tip, and
5203  // - we tried switching to that descendant but were missing
5204  // data for some intermediate block between m_chain and the
5205  // tip.
5206  // So if this block is itself better than any m_chain.Tip() and it wasn't in
5207  // setBlockIndexCandidates, then it must be in m_blocks_unlinked.
5208  for (auto c : GetAll()) {
5209  const bool is_active = c == &ActiveChainstate();
5210  if (!CBlockIndexWorkComparator()(pindex, c->m_chain.Tip()) && c->setBlockIndexCandidates.count(pindex) == 0) {
5211  if (pindexFirstInvalid == nullptr) {
5212  if (is_active || GetSnapshotBaseBlock()->GetAncestor(pindex->nHeight) == pindex) {
5213  assert(foundInUnlinked);
5214  }
5215  }
5216  }
5217  }
5218  }
5219  // assert(pindex->GetBlockHash() == pindex->GetBlockHeader().GetHash()); // Perhaps too slow
5220  // End: actual consistency checks.
5221 
5222  // Try descending into the first subnode.
5223  std::pair<std::multimap<CBlockIndex*,CBlockIndex*>::iterator,std::multimap<CBlockIndex*,CBlockIndex*>::iterator> range = forward.equal_range(pindex);
5224  if (range.first != range.second) {
5225  // A subnode was found.
5226  pindex = range.first->second;
5227  nHeight++;
5228  continue;
5229  }
5230  // This is a leaf node.
5231  // Move upwards until we reach a node of which we have not yet visited the last child.
5232  while (pindex) {
5233  // We are going to either move to a parent or a sibling of pindex.
5234  // If pindex was the first with a certain property, unset the corresponding variable.
5235  if (pindex == pindexFirstInvalid) pindexFirstInvalid = nullptr;
5236  if (pindex == pindexFirstMissing) pindexFirstMissing = nullptr;
5237  if (pindex == pindexFirstNeverProcessed) pindexFirstNeverProcessed = nullptr;
5238  if (pindex == pindexFirstNotTreeValid) pindexFirstNotTreeValid = nullptr;
5239  if (pindex == pindexFirstNotTransactionsValid) pindexFirstNotTransactionsValid = nullptr;
5240  if (pindex == pindexFirstNotChainValid) pindexFirstNotChainValid = nullptr;
5241  if (pindex == pindexFirstNotScriptsValid) pindexFirstNotScriptsValid = nullptr;
5242  if (pindex == pindexFirstAssumeValid) pindexFirstAssumeValid = nullptr;
5243  // Find our parent.
5244  CBlockIndex* pindexPar = pindex->pprev;
5245  // Find which child we just visited.
5246  std::pair<std::multimap<CBlockIndex*,CBlockIndex*>::iterator,std::multimap<CBlockIndex*,CBlockIndex*>::iterator> rangePar = forward.equal_range(pindexPar);
5247  while (rangePar.first->second != pindex) {
5248  assert(rangePar.first != rangePar.second); // Our parent must have at least the node we're coming from as child.
5249  rangePar.first++;
5250  }
5251  // Proceed to the next one.
5252  rangePar.first++;
5253  if (rangePar.first != rangePar.second) {
5254  // Move to the sibling.
5255  pindex = rangePar.first->second;
5256  break;
5257  } else {
5258  // Move up further.
5259  pindex = pindexPar;
5260  nHeight--;
5261  continue;
5262  }
5263  }
5264  }
5265 
5266  // Check that we actually traversed the entire map.
5267  assert(nNodes == forward.size());
5268 }
5269 
5270 std::string Chainstate::ToString()
5271 {
5273  CBlockIndex* tip = m_chain.Tip();
5274  return strprintf("Chainstate [%s] @ height %d (%s)",
5275  m_from_snapshot_blockhash ? "snapshot" : "ibd",
5276  tip ? tip->nHeight : -1, tip ? tip->GetBlockHash().ToString() : "null");
5277 }
5278 
5279 bool Chainstate::ResizeCoinsCaches(size_t coinstip_size, size_t coinsdb_size)
5280 {
5282  if (coinstip_size == m_coinstip_cache_size_bytes &&
5283  coinsdb_size == m_coinsdb_cache_size_bytes) {
5284  // Cache sizes are unchanged, no need to continue.
5285  return true;
5286  }
5287  size_t old_coinstip_size = m_coinstip_cache_size_bytes;
5288  m_coinstip_cache_size_bytes = coinstip_size;
5289  m_coinsdb_cache_size_bytes = coinsdb_size;
5290  CoinsDB().ResizeCache(coinsdb_size);
5291 
5292  LogPrintf("[%s] resized coinsdb cache to %.1f MiB\n",
5293  this->ToString(), coinsdb_size * (1.0 / 1024 / 1024));
5294  LogPrintf("[%s] resized coinstip cache to %.1f MiB\n",
5295  this->ToString(), coinstip_size * (1.0 / 1024 / 1024));
5296 
5297  BlockValidationState state;
5298  bool ret;
5299 
5300  if (coinstip_size > old_coinstip_size) {
5301  // Likely no need to flush if cache sizes have grown.
5302  ret = FlushStateToDisk(state, FlushStateMode::IF_NEEDED);
5303  } else {
5304  // Otherwise, flush state to disk and deallocate the in-memory coins map.
5305  ret = FlushStateToDisk(state, FlushStateMode::ALWAYS);
5306  }
5307  return ret;
5308 }
5309 
5312 double GuessVerificationProgress(const ChainTxData& data, const CBlockIndex *pindex) {
5313  if (pindex == nullptr)
5314  return 0.0;
5315 
5316  int64_t nNow = time(nullptr);
5317 
5318  double fTxTotal;
5319 
5320  if (pindex->nChainTx <= data.nTxCount) {
5321  fTxTotal = data.nTxCount + (nNow - data.nTime) * data.dTxRate;
5322  } else {
5323  fTxTotal = pindex->nChainTx + (nNow - pindex->GetBlockTime()) * data.dTxRate;
5324  }
5325 
5326  return std::min<double>(pindex->nChainTx / fTxTotal, 1.0);
5327 }
5328 
5329 std::optional<uint256> ChainstateManager::SnapshotBlockhash() const
5330 {
5331  LOCK(::cs_main);
5332  if (m_active_chainstate && m_active_chainstate->m_from_snapshot_blockhash) {
5333  // If a snapshot chainstate exists, it will always be our active.
5334  return m_active_chainstate->m_from_snapshot_blockhash;
5335  }
5336  return std::nullopt;
5337 }
5338 
5339 std::vector<Chainstate*> ChainstateManager::GetAll()
5340 {
5341  LOCK(::cs_main);
5342  std::vector<Chainstate*> out;
5343 
5344  for (Chainstate* cs : {m_ibd_chainstate.get(), m_snapshot_chainstate.get()}) {
5345  if (this->IsUsable(cs)) out.push_back(cs);
5346  }
5347 
5348  return out;
5349 }
5350 
5351 Chainstate& ChainstateManager::InitializeChainstate(CTxMemPool* mempool)
5352 {
5354  assert(!m_ibd_chainstate);
5355  assert(!m_active_chainstate);
5356 
5357  m_ibd_chainstate = std::make_unique<Chainstate>(mempool, m_blockman, *this);
5358  m_active_chainstate = m_ibd_chainstate.get();
5359  return *m_active_chainstate;
5360 }
5361 
5362 [[nodiscard]] static bool DeleteCoinsDBFromDisk(const fs::path db_path, bool is_snapshot)
5364 {
5366 
5367  if (is_snapshot) {
5368  fs::path base_blockhash_path = db_path / node::SNAPSHOT_BLOCKHASH_FILENAME;
5369 
5370  try {
5371  bool existed = fs::remove(base_blockhash_path);
5372  if (!existed) {
5373  LogPrintf("[snapshot] snapshot chainstate dir being removed lacks %s file\n",
5375  }
5376  } catch (const fs::filesystem_error& e) {
5377  LogPrintf("[snapshot] failed to remove file %s: %s\n",
5378  fs::PathToString(base_blockhash_path), fsbridge::get_filesystem_error_message(e));
5379  }
5380  }
5381 
5382  std::string path_str = fs::PathToString(db_path);
5383  LogPrintf("Removing leveldb dir at %s\n", path_str);
5384 
5385  // We have to destruct before this call leveldb::DB in order to release the db
5386  // lock, otherwise `DestroyDB` will fail. See `leveldb::~DBImpl()`.
5387  const bool destroyed = DestroyDB(path_str);
5388 
5389  if (!destroyed) {
5390  LogPrintf("error: leveldb DestroyDB call failed on %s\n", path_str);
5391  }
5392 
5393  // Datadir should be removed from filesystem; otherwise initialization may detect
5394  // it on subsequent statups and get confused.
5395  //
5396  // If the base_blockhash_path removal above fails in the case of snapshot
5397  // chainstates, this will return false since leveldb won't remove a non-empty
5398  // directory.
5399  return destroyed && !fs::exists(db_path);
5400 }
5401 
5403  AutoFile& coins_file,
5404  const SnapshotMetadata& metadata,
5405  bool in_memory)
5406 {
5407  uint256 base_blockhash = metadata.m_base_blockhash;
5408 
5409  if (this->SnapshotBlockhash()) {
5410  LogPrintf("[snapshot] can't activate a snapshot-based chainstate more than once\n");
5411  return false;
5412  }
5413 
5414  {
5415  LOCK(::cs_main);
5416  if (Assert(m_active_chainstate->GetMempool())->size() > 0) {
5417  LogPrintf("[snapshot] can't activate a snapshot when mempool not empty\n");
5418  return false;
5419  }
5420  }
5421 
5422  int64_t current_coinsdb_cache_size{0};
5423  int64_t current_coinstip_cache_size{0};
5424 
5425  // Cache percentages to allocate to each chainstate.
5426  //
5427  // These particular percentages don't matter so much since they will only be
5428  // relevant during snapshot activation; caches are rebalanced at the conclusion of
5429  // this function. We want to give (essentially) all available cache capacity to the
5430  // snapshot to aid the bulk load later in this function.
5431  static constexpr double IBD_CACHE_PERC = 0.01;
5432  static constexpr double SNAPSHOT_CACHE_PERC = 0.99;
5433 
5434  {
5435  LOCK(::cs_main);
5436  // Resize the coins caches to ensure we're not exceeding memory limits.
5437  //
5438  // Allocate the majority of the cache to the incoming snapshot chainstate, since
5439  // (optimistically) getting to its tip will be the top priority. We'll need to call
5440  // `MaybeRebalanceCaches()` once we're done with this function to ensure
5441  // the right allocation (including the possibility that no snapshot was activated
5442  // and that we should restore the active chainstate caches to their original size).
5443  //
5444  current_coinsdb_cache_size = this->ActiveChainstate().m_coinsdb_cache_size_bytes;
5445  current_coinstip_cache_size = this->ActiveChainstate().m_coinstip_cache_size_bytes;
5446 
5447  // Temporarily resize the active coins cache to make room for the newly-created
5448  // snapshot chain.
5449  this->ActiveChainstate().ResizeCoinsCaches(
5450  static_cast<size_t>(current_coinstip_cache_size * IBD_CACHE_PERC),
5451  static_cast<size_t>(current_coinsdb_cache_size * IBD_CACHE_PERC));
5452  }
5453 
5454  auto snapshot_chainstate = WITH_LOCK(::cs_main,
5455  return std::make_unique<Chainstate>(
5456  /*mempool=*/nullptr, m_blockman, *this, base_blockhash));
5457 
5458  {
5459  LOCK(::cs_main);
5460  snapshot_chainstate->InitCoinsDB(
5461  static_cast<size_t>(current_coinsdb_cache_size * SNAPSHOT_CACHE_PERC),
5462  in_memory, false, "chainstate");
5463  snapshot_chainstate->InitCoinsCache(
5464  static_cast<size_t>(current_coinstip_cache_size * SNAPSHOT_CACHE_PERC));
5465  }
5466 
5467  auto cleanup_bad_snapshot = [&](const char* reason) EXCLUSIVE_LOCKS_REQUIRED(::cs_main) {
5468  LogPrintf("[snapshot] activation failed - %s\n", reason);
5469  this->MaybeRebalanceCaches();
5470 
5471  // PopulateAndValidateSnapshot can return (in error) before the leveldb datadir
5472  // has been created, so only attempt removal if we got that far.
5473  if (auto snapshot_datadir = node::FindSnapshotChainstateDir(m_options.datadir)) {
5474  // We have to destruct leveldb::DB in order to release the db lock, otherwise
5475  // DestroyDB() (in DeleteCoinsDBFromDisk()) will fail. See `leveldb::~DBImpl()`.
5476  // Destructing the chainstate (and so resetting the coinsviews object) does this.
5477  snapshot_chainstate.reset();
5478  bool removed = DeleteCoinsDBFromDisk(*snapshot_datadir, /*is_snapshot=*/true);
5479  if (!removed) {
5480  GetNotifications().fatalError(strprintf("Failed to remove snapshot chainstate dir (%s). "
5481  "Manually remove it before restarting.\n", fs::PathToString(*snapshot_datadir)));
5482  }
5483  }
5484  return false;
5485  };
5486 
5487  if (!this->PopulateAndValidateSnapshot(*snapshot_chainstate, coins_file, metadata)) {
5488  LOCK(::cs_main);
5489  return cleanup_bad_snapshot("population failed");
5490  }
5491 
5492  LOCK(::cs_main); // cs_main required for rest of snapshot activation.
5493 
5494  // Do a final check to ensure that the snapshot chainstate is actually a more
5495  // work chain than the active chainstate; a user could have loaded a snapshot
5496  // very late in the IBD process, and we wouldn't want to load a useless chainstate.
5497  if (!CBlockIndexWorkComparator()(ActiveTip(), snapshot_chainstate->m_chain.Tip())) {
5498  return cleanup_bad_snapshot("work does not exceed active chainstate");
5499  }
5500  // If not in-memory, persist the base blockhash for use during subsequent
5501  // initialization.
5502  if (!in_memory) {
5503  if (!node::WriteSnapshotBaseBlockhash(*snapshot_chainstate)) {
5504  return cleanup_bad_snapshot("could not write base blockhash");
5505  }
5506  }
5507 
5508  assert(!m_snapshot_chainstate);
5509  m_snapshot_chainstate.swap(snapshot_chainstate);
5510  const bool chaintip_loaded = m_snapshot_chainstate->LoadChainTip();
5511  assert(chaintip_loaded);
5512 
5513  // Transfer possession of the mempool to the snapshot chainstate.
5514  // Mempool is empty at this point because we're still in IBD.
5515  Assert(m_active_chainstate->m_mempool->size() == 0);
5516  Assert(!m_snapshot_chainstate->m_mempool);
5517  m_snapshot_chainstate->m_mempool = m_active_chainstate->m_mempool;
5518  m_active_chainstate->m_mempool = nullptr;
5519  m_active_chainstate = m_snapshot_chainstate.get();
5520  m_blockman.m_snapshot_height = this->GetSnapshotBaseHeight();
5521 
5522  LogPrintf("[snapshot] successfully activated snapshot %s\n", base_blockhash.ToString());
5523  LogPrintf("[snapshot] (%.2f MB)\n",
5524  m_snapshot_chainstate->CoinsTip().DynamicMemoryUsage() / (1000 * 1000));
5525 
5526  this->MaybeRebalanceCaches();
5527  return true;
5528 }
5529 
5530 static void FlushSnapshotToDisk(CCoinsViewCache& coins_cache, bool snapshot_loaded)
5531 {
5533  strprintf("%s (%.2f MB)",
5534  snapshot_loaded ? "saving snapshot chainstate" : "flushing coins cache",
5535  coins_cache.DynamicMemoryUsage() / (1000 * 1000)),
5537 
5538  coins_cache.Flush();
5539 }
5540 
5541 struct StopHashingException : public std::exception
5542 {
5543  const char* what() const noexcept override
5544  {
5545  return "ComputeUTXOStats interrupted.";
5546  }
5547 };
5548 
5550 {
5551  if (interrupt) throw StopHashingException();
5552 }
5553 
5555  Chainstate& snapshot_chainstate,
5556  AutoFile& coins_file,
5557  const SnapshotMetadata& metadata)
5558 {
5559  // It's okay to release cs_main before we're done using `coins_cache` because we know
5560  // that nothing else will be referencing the newly created snapshot_chainstate yet.
5561  CCoinsViewCache& coins_cache = *WITH_LOCK(::cs_main, return &snapshot_chainstate.CoinsTip());
5562 
5563  uint256 base_blockhash = metadata.m_base_blockhash;
5564 
5565  CBlockIndex* snapshot_start_block = WITH_LOCK(::cs_main, return m_blockman.LookupBlockIndex(base_blockhash));
5566 
5567  if (!snapshot_start_block) {
5568  // Needed for ComputeUTXOStats to determine the
5569  // height and to avoid a crash when base_blockhash.IsNull()
5570  LogPrintf("[snapshot] Did not find snapshot start blockheader %s\n",
5571  base_blockhash.ToString());
5572  return false;
5573  }
5574 
5575  int base_height = snapshot_start_block->nHeight;
5576  const auto& maybe_au_data = GetParams().AssumeutxoForHeight(base_height);
5577 
5578  if (!maybe_au_data) {
5579  LogPrintf("[snapshot] assumeutxo height in snapshot metadata not recognized "
5580  "(%d) - refusing to load snapshot\n", base_height);
5581  return false;
5582  }
5583 
5584  const AssumeutxoData& au_data = *maybe_au_data;
5585 
5586  // This work comparison is a duplicate check with the one performed later in
5587  // ActivateSnapshot(), but is done so that we avoid doing the long work of staging
5588  // a snapshot that isn't actually usable.
5589  if (WITH_LOCK(::cs_main, return !CBlockIndexWorkComparator()(ActiveTip(), snapshot_start_block))) {
5590  LogPrintf("[snapshot] activation failed - work does not exceed active chainstate\n");
5591  return false;
5592  }
5593 
5594  COutPoint outpoint;
5595  Coin coin;
5596  const uint64_t coins_count = metadata.m_coins_count;
5597  uint64_t coins_left = metadata.m_coins_count;
5598 
5599  LogPrintf("[snapshot] loading coins from snapshot %s\n", base_blockhash.ToString());
5600  int64_t coins_processed{0};
5601 
5602  while (coins_left > 0) {
5603  try {
5604  coins_file >> outpoint;
5605  coins_file >> coin;
5606  } catch (const std::ios_base::failure&) {
5607  LogPrintf("[snapshot] bad snapshot format or truncated snapshot after deserializing %d coins\n",
5608  coins_count - coins_left);
5609  return false;
5610  }
5611  if (coin.nHeight > base_height ||
5612  outpoint.n >= std::numeric_limits<decltype(outpoint.n)>::max() // Avoid integer wrap-around in coinstats.cpp:ApplyHash
5613  ) {
5614  LogPrintf("[snapshot] bad snapshot data after deserializing %d coins\n",
5615  coins_count - coins_left);
5616  return false;
5617  }
5618  if (!MoneyRange(coin.out.nValue)) {
5619  LogPrintf("[snapshot] bad snapshot data after deserializing %d coins - bad tx out value\n",
5620  coins_count - coins_left);
5621  return false;
5622  }
5623 
5624  coins_cache.EmplaceCoinInternalDANGER(std::move(outpoint), std::move(coin));
5625 
5626  --coins_left;
5627  ++coins_processed;
5628 
5629  if (coins_processed % 1000000 == 0) {
5630  LogPrintf("[snapshot] %d coins loaded (%.2f%%, %.2f MB)\n",
5631  coins_processed,
5632  static_cast<float>(coins_processed) * 100 / static_cast<float>(coins_count),
5633  coins_cache.DynamicMemoryUsage() / (1000 * 1000));
5634  }
5635 
5636  // Batch write and flush (if we need to) every so often.
5637  //
5638  // If our average Coin size is roughly 41 bytes, checking every 120,000 coins
5639  // means <5MB of memory imprecision.
5640  if (coins_processed % 120000 == 0) {
5641  if (m_interrupt) {
5642  return false;
5643  }
5644 
5645  const auto snapshot_cache_state = WITH_LOCK(::cs_main,
5646  return snapshot_chainstate.GetCoinsCacheSizeState());
5647 
5648  if (snapshot_cache_state >= CoinsCacheSizeState::CRITICAL) {
5649  // This is a hack - we don't know what the actual best block is, but that
5650  // doesn't matter for the purposes of flushing the cache here. We'll set this
5651  // to its correct value (`base_blockhash`) below after the coins are loaded.
5652  coins_cache.SetBestBlock(GetRandHash());
5653 
5654  // No need to acquire cs_main since this chainstate isn't being used yet.
5655  FlushSnapshotToDisk(coins_cache, /*snapshot_loaded=*/false);
5656  }
5657  }
5658  }
5659 
5660  // Important that we set this. This and the coins_cache accesses above are
5661  // sort of a layer violation, but either we reach into the innards of
5662  // CCoinsViewCache here or we have to invert some of the Chainstate to
5663  // embed them in a snapshot-activation-specific CCoinsViewCache bulk load
5664  // method.
5665  coins_cache.SetBestBlock(base_blockhash);
5666 
5667  bool out_of_coins{false};
5668  try {
5669  coins_file >> outpoint;
5670  } catch (const std::ios_base::failure&) {
5671  // We expect an exception since we should be out of coins.
5672  out_of_coins = true;
5673  }
5674  if (!out_of_coins) {
5675  LogPrintf("[snapshot] bad snapshot - coins left over after deserializing %d coins\n",
5676  coins_count);
5677  return false;
5678  }
5679 
5680  LogPrintf("[snapshot] loaded %d (%.2f MB) coins from snapshot %s\n",
5681  coins_count,
5682  coins_cache.DynamicMemoryUsage() / (1000 * 1000),
5683  base_blockhash.ToString());
5684 
5685  // No need to acquire cs_main since this chainstate isn't being used yet.
5686  FlushSnapshotToDisk(coins_cache, /*snapshot_loaded=*/true);
5687 
5688  assert(coins_cache.GetBestBlock() == base_blockhash);
5689 
5690  // As above, okay to immediately release cs_main here since no other context knows
5691  // about the snapshot_chainstate.
5692  CCoinsViewDB* snapshot_coinsdb = WITH_LOCK(::cs_main, return &snapshot_chainstate.CoinsDB());
5693 
5694  std::optional<CCoinsStats> maybe_stats;
5695 
5696  try {
5697  maybe_stats = ComputeUTXOStats(
5698  CoinStatsHashType::HASH_SERIALIZED, snapshot_coinsdb, m_blockman, [&interrupt = m_interrupt] { SnapshotUTXOHashBreakpoint(interrupt); });
5699  } catch (StopHashingException const&) {
5700  return false;
5701  }
5702  if (!maybe_stats.has_value()) {
5703  LogPrintf("[snapshot] failed to generate coins stats\n");
5704  return false;
5705  }
5706 
5707  // Assert that the deserialized chainstate contents match the expected assumeutxo value.
5708  if (AssumeutxoHash{maybe_stats->hashSerialized} != au_data.hash_serialized) {
5709  LogPrintf("[snapshot] bad snapshot content hash: expected %s, got %s\n",
5710  au_data.hash_serialized.ToString(), maybe_stats->hashSerialized.ToString());
5711  return false;
5712  }
5713 
5714  snapshot_chainstate.m_chain.SetTip(*snapshot_start_block);
5715 
5716  // The remainder of this function requires modifying data protected by cs_main.
5717  LOCK(::cs_main);
5718 
5719  // Fake various pieces of CBlockIndex state:
5720  CBlockIndex* index = nullptr;
5721 
5722  // Don't make any modifications to the genesis block.
5723  // This is especially important because we don't want to erroneously
5724  // apply BLOCK_ASSUMED_VALID to genesis, which would happen if we didn't skip
5725  // it here (since it apparently isn't BLOCK_VALID_SCRIPTS).
5726  constexpr int AFTER_GENESIS_START{1};
5727 
5728  for (int i = AFTER_GENESIS_START; i <= snapshot_chainstate.m_chain.Height(); ++i) {
5729  index = snapshot_chainstate.m_chain[i];
5730 
5731  // Fake nTx so that LoadBlockIndex() loads assumed-valid CBlockIndex
5732  // entries (among other things)
5733  if (!index->nTx) {
5734  index->nTx = 1;
5735  }
5736  // Fake nChainTx so that GuessVerificationProgress reports accurately
5737  index->nChainTx = index->pprev->nChainTx + index->nTx;
5738 
5739  // Mark unvalidated block index entries beneath the snapshot base block as assumed-valid.
5740  if (!index->IsValid(BLOCK_VALID_SCRIPTS)) {
5741  // This flag will be removed once the block is fully validated by a
5742  // background chainstate.
5743  index->nStatus |= BLOCK_ASSUMED_VALID;
5744  }
5745 
5746  // Fake BLOCK_OPT_WITNESS so that Chainstate::NeedsRedownload()
5747  // won't ask to rewind the entire assumed-valid chain on startup.
5748  if (DeploymentActiveAt(*index, *this, Consensus::DEPLOYMENT_SEGWIT)) {
5749  index->nStatus |= BLOCK_OPT_WITNESS;
5750  }
5751 
5752  m_blockman.m_dirty_blockindex.insert(index);
5753  // Changes to the block index will be flushed to disk after this call
5754  // returns in `ActivateSnapshot()`, when `MaybeRebalanceCaches()` is
5755  // called, since we've added a snapshot chainstate and therefore will
5756  // have to downsize the IBD chainstate, which will result in a call to
5757  // `FlushStateToDisk(ALWAYS)`.
5758  }
5759 
5760  assert(index);
5761  index->nChainTx = au_data.nChainTx;
5762  snapshot_chainstate.setBlockIndexCandidates.insert(snapshot_start_block);
5763 
5764  LogPrintf("[snapshot] validated snapshot (%.2f MB)\n",
5765  coins_cache.DynamicMemoryUsage() / (1000 * 1000));
5766  return true;
5767 }
5768 
5769 // Currently, this function holds cs_main for its duration, which could be for
5770 // multiple minutes due to the ComputeUTXOStats call. This hold is necessary
5771 // because we need to avoid advancing the background validation chainstate
5772 // farther than the snapshot base block - and this function is also invoked
5773 // from within ConnectTip, i.e. from within ActivateBestChain, so cs_main is
5774 // held anyway.
5775 //
5776 // Eventually (TODO), we could somehow separate this function's runtime from
5777 // maintenance of the active chain, but that will either require
5778 //
5779 // (i) setting `m_disabled` immediately and ensuring all chainstate accesses go
5780 // through IsUsable() checks, or
5781 //
5782 // (ii) giving each chainstate its own lock instead of using cs_main for everything.
5783 SnapshotCompletionResult ChainstateManager::MaybeCompleteSnapshotValidation()
5784 {
5786  if (m_ibd_chainstate.get() == &this->ActiveChainstate() ||
5787  !this->IsUsable(m_snapshot_chainstate.get()) ||
5788  !this->IsUsable(m_ibd_chainstate.get()) ||
5789  !m_ibd_chainstate->m_chain.Tip()) {
5790  // Nothing to do - this function only applies to the background
5791  // validation chainstate.
5793  }
5794  const int snapshot_tip_height = this->ActiveHeight();
5795  const int snapshot_base_height = *Assert(this->GetSnapshotBaseHeight());
5796  const CBlockIndex& index_new = *Assert(m_ibd_chainstate->m_chain.Tip());
5797 
5798  if (index_new.nHeight < snapshot_base_height) {
5799  // Background IBD not complete yet.
5801  }
5802 
5804  uint256 snapshot_blockhash = *Assert(SnapshotBlockhash());
5805 
5806  auto handle_invalid_snapshot = [&]() EXCLUSIVE_LOCKS_REQUIRED(::cs_main) {
5807  bilingual_str user_error = strprintf(_(
5808  "%s failed to validate the -assumeutxo snapshot state. "
5809  "This indicates a hardware problem, or a bug in the software, or a "
5810  "bad software modification that allowed an invalid snapshot to be "
5811  "loaded. As a result of this, the node will shut down and stop using any "
5812  "state that was built on the snapshot, resetting the chain height "
5813  "from %d to %d. On the next "
5814  "restart, the node will resume syncing from %d "
5815  "without using any snapshot data. "
5816  "Please report this incident to %s, including how you obtained the snapshot. "
5817  "The invalid snapshot chainstate will be left on disk in case it is "
5818  "helpful in diagnosing the issue that caused this error."),
5819  PACKAGE_NAME, snapshot_tip_height, snapshot_base_height, snapshot_base_height, PACKAGE_BUGREPORT
5820  );
5821 
5822  LogPrintf("[snapshot] !!! %s\n", user_error.original);
5823  LogPrintf("[snapshot] deleting snapshot, reverting to validated chain, and stopping node\n");
5824 
5825  m_active_chainstate = m_ibd_chainstate.get();
5826  m_snapshot_chainstate->m_disabled = true;
5827  assert(!this->IsUsable(m_snapshot_chainstate.get()));
5828  assert(this->IsUsable(m_ibd_chainstate.get()));
5829 
5830  auto rename_result = m_snapshot_chainstate->InvalidateCoinsDBOnDisk();
5831  if (!rename_result) {
5832  user_error = strprintf(Untranslated("%s\n%s"), user_error, util::ErrorString(rename_result));
5833  }
5834 
5835  GetNotifications().fatalError(user_error.original, user_error);
5836  };
5837 
5838  if (index_new.GetBlockHash() != snapshot_blockhash) {
5839  LogPrintf("[snapshot] supposed base block %s does not match the "
5840  "snapshot base block %s (height %d). Snapshot is not valid.\n",
5841  index_new.ToString(), snapshot_blockhash.ToString(), snapshot_base_height);
5842  handle_invalid_snapshot();
5844  }
5845 
5846  assert(index_new.nHeight == snapshot_base_height);
5847 
5848  int curr_height = m_ibd_chainstate->m_chain.Height();
5849 
5850  assert(snapshot_base_height == curr_height);
5851  assert(snapshot_base_height == index_new.nHeight);
5852  assert(this->IsUsable(m_snapshot_chainstate.get()));
5853  assert(this->GetAll().size() == 2);
5854 
5855  CCoinsViewDB& ibd_coins_db = m_ibd_chainstate->CoinsDB();
5856  m_ibd_chainstate->ForceFlushStateToDisk();
5857 
5858  const auto& maybe_au_data = m_options.chainparams.AssumeutxoForHeight(curr_height);
5859  if (!maybe_au_data) {
5860  LogPrintf("[snapshot] assumeutxo data not found for height "
5861  "(%d) - refusing to validate snapshot\n", curr_height);
5862  handle_invalid_snapshot();
5864  }
5865 
5866  const AssumeutxoData& au_data = *maybe_au_data;
5867  std::optional<CCoinsStats> maybe_ibd_stats;
5868  LogPrintf("[snapshot] computing UTXO stats for background chainstate to validate "
5869  "snapshot - this could take a few minutes\n");
5870  try {
5871  maybe_ibd_stats = ComputeUTXOStats(
5872  CoinStatsHashType::HASH_SERIALIZED,
5873  &ibd_coins_db,
5874  m_blockman,
5875  [&interrupt = m_interrupt] { SnapshotUTXOHashBreakpoint(interrupt); });
5876  } catch (StopHashingException const&) {
5878  }
5879 
5880  // XXX note that this function is slow and will hold cs_main for potentially minutes.
5881  if (!maybe_ibd_stats) {
5882  LogPrintf("[snapshot] failed to generate stats for validation coins db\n");
5883  // While this isn't a problem with the snapshot per se, this condition
5884  // prevents us from validating the snapshot, so we should shut down and let the
5885  // user handle the issue manually.
5886  handle_invalid_snapshot();
5888  }
5889  const auto& ibd_stats = *maybe_ibd_stats;
5890 
5891  // Compare the background validation chainstate's UTXO set hash against the hard-coded
5892  // assumeutxo hash we expect.
5893  //
5894  // TODO: For belt-and-suspenders, we could cache the UTXO set
5895  // hash for the snapshot when it's loaded in its chainstate's leveldb. We could then
5896  // reference that here for an additional check.
5897  if (AssumeutxoHash{ibd_stats.hashSerialized} != au_data.hash_serialized) {
5898  LogPrintf("[snapshot] hash mismatch: actual=%s, expected=%s\n",
5899  ibd_stats.hashSerialized.ToString(),
5900  au_data.hash_serialized.ToString());
5901  handle_invalid_snapshot();
5903  }
5904 
5905  LogPrintf("[snapshot] snapshot beginning at %s has been fully validated\n",
5906  snapshot_blockhash.ToString());
5907 
5908  m_ibd_chainstate->m_disabled = true;
5909  this->MaybeRebalanceCaches();
5910 
5912 }
5913 
5915 {
5916  LOCK(::cs_main);
5917  assert(m_active_chainstate);
5918  return *m_active_chainstate;
5919 }
5920 
5922 {
5923  LOCK(::cs_main);
5924  return m_snapshot_chainstate && m_active_chainstate == m_snapshot_chainstate.get();
5925 }
5926 
5927 void ChainstateManager::MaybeRebalanceCaches()
5928 {
5930  bool ibd_usable = this->IsUsable(m_ibd_chainstate.get());
5931  bool snapshot_usable = this->IsUsable(m_snapshot_chainstate.get());
5932  assert(ibd_usable || snapshot_usable);
5933 
5934  if (ibd_usable && !snapshot_usable) {
5935  // Allocate everything to the IBD chainstate. This will always happen
5936  // when we are not using a snapshot.
5937  m_ibd_chainstate->ResizeCoinsCaches(m_total_coinstip_cache, m_total_coinsdb_cache);
5938  }
5939  else if (snapshot_usable && !ibd_usable) {
5940  // If background validation has completed and snapshot is our active chain...
5941  LogPrintf("[snapshot] allocating all cache to the snapshot chainstate\n");
5942  // Allocate everything to the snapshot chainstate.
5943  m_snapshot_chainstate->ResizeCoinsCaches(m_total_coinstip_cache, m_total_coinsdb_cache);
5944  }
5945  else if (ibd_usable && snapshot_usable) {
5946  // If both chainstates exist, determine who needs more cache based on IBD status.
5947  //
5948  // Note: shrink caches first so that we don't inadvertently overwhelm available memory.
5949  if (IsInitialBlockDownload()) {
5950  m_ibd_chainstate->ResizeCoinsCaches(
5952  m_snapshot_chainstate->ResizeCoinsCaches(
5954  } else {
5955  m_snapshot_chainstate->ResizeCoinsCaches(
5957  m_ibd_chainstate->ResizeCoinsCaches(
5959  }
5960  }
5961 }
5962 
5963 void ChainstateManager::ResetChainstates()
5964 {
5965  m_ibd_chainstate.reset();
5966  m_snapshot_chainstate.reset();
5967  m_active_chainstate = nullptr;
5968 }
5969 
5976 {
5977  if (!opts.check_block_index.has_value()) opts.check_block_index = opts.chainparams.DefaultConsistencyChecks();
5978  if (!opts.minimum_chain_work.has_value()) opts.minimum_chain_work = UintToArith256(opts.chainparams.GetConsensus().nMinimumChainWork);
5979  if (!opts.assumed_valid_block.has_value()) opts.assumed_valid_block = opts.chainparams.GetConsensus().defaultAssumeValid;
5980  return std::move(opts);
5981 }
5982 
5984  : m_script_check_queue{/*batch_size=*/128, options.worker_threads_num},
5985  m_interrupt{interrupt},
5986  m_options{Flatten(std::move(options))},
5987  m_blockman{interrupt, std::move(blockman_options)}
5988 {
5989 }
5990 
5992 {
5993  LOCK(::cs_main);
5994 
5996 }
5997 
5998 bool ChainstateManager::DetectSnapshotChainstate()
5999 {
6000  assert(!m_snapshot_chainstate);
6001  std::optional<fs::path> path = node::FindSnapshotChainstateDir(m_options.datadir);
6002  if (!path) {
6003  return false;
6004  }
6005  std::optional<uint256> base_blockhash = node::ReadSnapshotBaseBlockhash(*path);
6006  if (!base_blockhash) {
6007  return false;
6008  }
6009  LogPrintf("[snapshot] detected active snapshot chainstate (%s) - loading\n",
6010  fs::PathToString(*path));
6011 
6012  this->ActivateExistingSnapshot(*base_blockhash);
6013  return true;
6014 }
6015 
6016 Chainstate& ChainstateManager::ActivateExistingSnapshot(uint256 base_blockhash)
6017 {
6018  assert(!m_snapshot_chainstate);
6019  m_snapshot_chainstate =
6020  std::make_unique<Chainstate>(nullptr, m_blockman, *this, base_blockhash);
6021  LogPrintf("[snapshot] switching active chainstate to %s\n", m_snapshot_chainstate->ToString());
6022 
6023  // Mempool is empty at this point because we're still in IBD.
6024  Assert(m_active_chainstate->m_mempool->size() == 0);
6025  Assert(!m_snapshot_chainstate->m_mempool);
6026  m_snapshot_chainstate->m_mempool = m_active_chainstate->m_mempool;
6027  m_active_chainstate->m_mempool = nullptr;
6028  m_active_chainstate = m_snapshot_chainstate.get();
6029  return *m_snapshot_chainstate;
6030 }
6031 
6032 bool IsBIP30Repeat(const CBlockIndex& block_index)
6033 {
6034  return (block_index.nHeight==91842 && block_index.GetBlockHash() == uint256S("0x00000000000a4d0a398161ffc163c503763b1f4360639393e0e4c8e300e0caec")) ||
6035  (block_index.nHeight==91880 && block_index.GetBlockHash() == uint256S("0x00000000000743f190a18c5577a3c2d2a1f610ae9601ac046a38084ccb7cd721"));
6036 }
6037 
6038 bool IsBIP30Unspendable(const CBlockIndex& block_index)
6039 {
6040  return (block_index.nHeight==91722 && block_index.GetBlockHash() == uint256S("0x00000000000271a2dc26e7667f8419f2e15416dc6955e5a6c6cdf3f2574dd08e")) ||
6041  (block_index.nHeight==91812 && block_index.GetBlockHash() == uint256S("0x00000000000af0aed4792b1acee3d966af36cf5def14935db8de83d6f9306f2f"));
6042 }
6043 
6045 {
6047  // Should never be called on a non-snapshot chainstate.
6048  assert(cs.m_from_snapshot_blockhash);
6049  auto storage_path_maybe = cs.CoinsDB().StoragePath();
6050  // Should never be called with a non-existent storage path.
6051  assert(storage_path_maybe);
6052  return *storage_path_maybe;
6053 }
6054 
6055 util::Result<void> Chainstate::InvalidateCoinsDBOnDisk()
6056 {
6057  fs::path snapshot_datadir = GetSnapshotCoinsDBPath(*this);
6058 
6059  // Coins views no longer usable.
6060  m_coins_views.reset();
6061 
6062  auto invalid_path = snapshot_datadir + "_INVALID";
6063  std::string dbpath = fs::PathToString(snapshot_datadir);
6064  std::string target = fs::PathToString(invalid_path);
6065  LogPrintf("[snapshot] renaming snapshot datadir %s to %s\n", dbpath, target);
6066 
6067  // The invalid snapshot datadir is simply moved and not deleted because we may
6068  // want to do forensics later during issue investigation. The user is instructed
6069  // accordingly in MaybeCompleteSnapshotValidation().
6070  try {
6071  fs::rename(snapshot_datadir, invalid_path);
6072  } catch (const fs::filesystem_error& e) {
6073  auto src_str = fs::PathToString(snapshot_datadir);
6074  auto dest_str = fs::PathToString(invalid_path);
6075 
6076  LogPrintf("%s: error renaming file '%s' -> '%s': %s\n",
6077  __func__, src_str, dest_str, e.what());
6078  return util::Error{strprintf(_(
6079  "Rename of '%s' -> '%s' failed. "
6080  "You should resolve this by manually moving or deleting the invalid "
6081  "snapshot directory %s, otherwise you will encounter the same error again "
6082  "on the next startup."),
6083  src_str, dest_str, src_str)};
6084  }
6085  return {};
6086 }
6087 
6088 bool ChainstateManager::DeleteSnapshotChainstate()
6089 {
6091  Assert(m_snapshot_chainstate);
6092  Assert(m_ibd_chainstate);
6093 
6094  fs::path snapshot_datadir = GetSnapshotCoinsDBPath(*m_snapshot_chainstate);
6095  if (!DeleteCoinsDBFromDisk(snapshot_datadir, /*is_snapshot=*/ true)) {
6096  LogPrintf("Deletion of %s failed. Please remove it manually to continue reindexing.\n",
6097  fs::PathToString(snapshot_datadir));
6098  return false;
6099  }
6100  m_active_chainstate = m_ibd_chainstate.get();
6101  m_snapshot_chainstate.reset();
6102  return true;
6103 }
6104 
6105 ChainstateRole Chainstate::GetRole() const
6106 {
6107  if (m_chainman.GetAll().size() <= 1) {
6108  return ChainstateRole::NORMAL;
6109  }
6110  return (this != &m_chainman.ActiveChainstate()) ?
6113 }
6114 
6115 const CBlockIndex* ChainstateManager::GetSnapshotBaseBlock() const
6116 {
6117  return m_active_chainstate ? m_active_chainstate->SnapshotBase() : nullptr;
6118 }
6119 
6120 std::optional<int> ChainstateManager::GetSnapshotBaseHeight() const
6121 {
6122  const CBlockIndex* base = this->GetSnapshotBaseBlock();
6123  return base ? std::make_optional(base->nHeight) : std::nullopt;
6124 }
6125 
6126 bool ChainstateManager::ValidatedSnapshotCleanup()
6127 {
6129  auto get_storage_path = [](auto& chainstate) EXCLUSIVE_LOCKS_REQUIRED(::cs_main) -> std::optional<fs::path> {
6130  if (!(chainstate && chainstate->HasCoinsViews())) {
6131  return {};
6132  }
6133  return chainstate->CoinsDB().StoragePath();
6134  };
6135  std::optional<fs::path> ibd_chainstate_path_maybe = get_storage_path(m_ibd_chainstate);
6136  std::optional<fs::path> snapshot_chainstate_path_maybe = get_storage_path(m_snapshot_chainstate);
6137 
6138  if (!this->IsSnapshotValidated()) {
6139  // No need to clean up.
6140  return false;
6141  }
6142  // If either path doesn't exist, that means at least one of the chainstates
6143  // is in-memory, in which case we can't do on-disk cleanup. You'd better be
6144  // in a unittest!
6145  if (!ibd_chainstate_path_maybe || !snapshot_chainstate_path_maybe) {
6146  LogPrintf("[snapshot] snapshot chainstate cleanup cannot happen with "
6147  "in-memory chainstates. You are testing, right?\n");
6148  return false;
6149  }
6150 
6151  const auto& snapshot_chainstate_path = *snapshot_chainstate_path_maybe;
6152  const auto& ibd_chainstate_path = *ibd_chainstate_path_maybe;
6153 
6154  // Since we're going to be moving around the underlying leveldb filesystem content
6155  // for each chainstate, make sure that the chainstates (and their constituent
6156  // CoinsViews members) have been destructed first.
6157  //
6158  // The caller of this method will be responsible for reinitializing chainstates
6159  // if they want to continue operation.
6160  this->ResetChainstates();
6161 
6162  // No chainstates should be considered usable.
6163  assert(this->GetAll().size() == 0);
6164 
6165  LogPrintf("[snapshot] deleting background chainstate directory (now unnecessary) (%s)\n",
6166  fs::PathToString(ibd_chainstate_path));
6167 
6168  fs::path tmp_old{ibd_chainstate_path + "_todelete"};
6169 
6170  auto rename_failed_abort = [this](
6171  fs::path p_old,
6172  fs::path p_new,
6173  const fs::filesystem_error& err) {
6174  LogPrintf("Error renaming path (%s) -> (%s): %s\n",
6175  fs::PathToString(p_old), fs::PathToString(p_new), err.what());
6177  "Rename of '%s' -> '%s' failed. "
6178  "Cannot clean up the background chainstate leveldb directory.",
6179  fs::PathToString(p_old), fs::PathToString(p_new)));
6180  };
6181 
6182  try {
6183  fs::rename(ibd_chainstate_path, tmp_old);
6184  } catch (const fs::filesystem_error& e) {
6185  rename_failed_abort(ibd_chainstate_path, tmp_old, e);
6186  throw;
6187  }
6188 
6189  LogPrintf("[snapshot] moving snapshot chainstate (%s) to "
6190  "default chainstate directory (%s)\n",
6191  fs::PathToString(snapshot_chainstate_path), fs::PathToString(ibd_chainstate_path));
6192 
6193  try {
6194  fs::rename(snapshot_chainstate_path, ibd_chainstate_path);
6195  } catch (const fs::filesystem_error& e) {
6196  rename_failed_abort(snapshot_chainstate_path, ibd_chainstate_path, e);
6197  throw;
6198  }
6199 
6200  if (!DeleteCoinsDBFromDisk(tmp_old, /*is_snapshot=*/false)) {
6201  // No need to FatalError because once the unneeded bg chainstate data is
6202  // moved, it will not interfere with subsequent initialization.
6203  LogPrintf("Deletion of %s failed. Please remove it manually, as the "
6204  "directory is now unnecessary.\n",
6205  fs::PathToString(tmp_old));
6206  } else {
6207  LogPrintf("[snapshot] deleted background chainstate directory (%s)\n",
6208  fs::PathToString(ibd_chainstate_path));
6209  }
6210  return true;
6211 }
6212 
6213 Chainstate& ChainstateManager::GetChainstateForIndexing()
6214 {
6215  // We can't always return `m_ibd_chainstate` because after background validation
6216  // has completed, `m_snapshot_chainstate == m_active_chainstate`, but it can be
6217  // indexed.
6218  return (this->GetAll().size() > 1) ? *m_ibd_chainstate : *m_active_chainstate;
6219 }
6220 
6221 std::pair<int, int> ChainstateManager::GetPruneRange(const Chainstate& chainstate, int last_height_can_prune)
6222 {
6223  if (chainstate.m_chain.Height() <= 0) {
6224  return {0, 0};
6225  }
6226  int prune_start{0};
6227 
6228  if (this->GetAll().size() > 1 && m_snapshot_chainstate.get() == &chainstate) {
6229  // Leave the blocks in the background IBD chain alone if we're pruning
6230  // the snapshot chain.
6231  prune_start = *Assert(GetSnapshotBaseHeight()) + 1;
6232  }
6233 
6234  int max_prune = std::max<int>(
6235  0, chainstate.m_chain.Height() - static_cast<int>(MIN_BLOCKS_TO_KEEP));
6236 
6237  // last block to prune is the lesser of (caller-specified height, MIN_BLOCKS_TO_KEEP from the tip)
6238  //
6239  // While you might be tempted to prune the background chainstate more
6240  // aggressively (i.e. fewer MIN_BLOCKS_TO_KEEP), this won't work with index
6241  // building - specifically blockfilterindex requires undo data, and if
6242  // we don't maintain this trailing window, we hit indexing failures.
6243  int prune_end = std::min(last_height_can_prune, max_prune);
6244 
6245  return {prune_start, prune_end};
6246 }
bool MoneyRange(const CAmount &nValue)
Definition: amount.h:27
int64_t CAmount
Amount in satoshis (Can be negative)
Definition: amount.h:12
static constexpr CAmount COIN
The amount of satoshis in one BTC.
Definition: amount.h:15
arith_uint256 UintToArith256(const uint256 &a)
int ret
#define PACKAGE_NAME
#define PACKAGE_BUGREPORT
int flags
Definition: bitcoin-tx.cpp:530
ArgsManager & args
Definition: bitcoind.cpp:268
arith_uint256 GetBlockProof(const CBlockIndex &block)
Definition: chain.cpp:131
const CBlockIndex * LastCommonAncestor(const CBlockIndex *pa, const CBlockIndex *pb)
Find the last common ancestor two blocks have.
Definition: chain.cpp:165
int64_t GetBlockProofEquivalentTime(const CBlockIndex &to, const CBlockIndex &from, const CBlockIndex &tip, const Consensus::Params &params)
Return the time it would take to redo the work difference between from and to, assuming the current h...
Definition: chain.cpp:146
@ BLOCK_VALID_CHAIN
Outputs do not overspend inputs, no double spends, coinbase output ok, no immature coinbase spends,...
Definition: chain.h:108
@ BLOCK_VALID_MASK
All validity bits.
Definition: chain.h:114
@ BLOCK_ASSUMED_VALID
If ASSUMED_VALID is set, it means that this block has not been validated and has validity status less...
Definition: chain.h:141
@ BLOCK_VALID_TRANSACTIONS
Only first tx is coinbase, 2 <= coinbase input script length <= 100, transactions valid,...
Definition: chain.h:104
@ BLOCK_VALID_SCRIPTS
Scripts & signatures ok. Implies all parents are either at least VALID_SCRIPTS, or are ASSUMED_VALID.
Definition: chain.h:111
@ BLOCK_VALID_TREE
All parent headers found, difficulty matches, timestamp >= median previous, checkpoint.
Definition: chain.h:97
@ BLOCK_HAVE_UNDO
undo data available in rev*.dat
Definition: chain.h:118
@ BLOCK_HAVE_DATA
full block available in blk*.dat
Definition: chain.h:117
@ BLOCK_FAILED_CHILD
descends from failed block
Definition: chain.h:122
@ BLOCK_FAILED_MASK
Definition: chain.h:123
@ BLOCK_FAILED_VALID
stage after last reached validness failed
Definition: chain.h:121
@ BLOCK_OPT_WITNESS
block data in blk*.dat was received with a witness-enforcing client
Definition: chain.h:125
#define Assert(val)
Identity function.
Definition: check.h:77
#define Assume(val)
Assume is the identity function.
Definition: check.h:89
Abstract class that implements BIP9-style threshold logic, and caches results.
Definition: versionbits.h:57
Non-refcounted RAII wrapper for FILE*.
Definition: streams.h:389
std::string ToString() const
Definition: hash_type.h:43
Wrapper around an AutoFile& that implements a ring buffer to deserialize from.
Definition: streams.h:467
Nodes collect new transactions into a block, hash them into a hash tree, and scan through nonce value...
Definition: block.h:22
NodeSeconds Time() const
Definition: block.h:56
uint32_t nBits
Definition: block.h:29
int64_t GetBlockTime() const
Definition: block.h:61
int32_t nVersion
Definition: block.h:25
uint256 hashPrevBlock
Definition: block.h:26
uint256 hashMerkleRoot
Definition: block.h:27
uint256 GetHash() const
Definition: block.cpp:11
Definition: block.h:69
bool m_checked_merkle_root
Definition: block.h:77
std::vector< CTransactionRef > vtx
Definition: block.h:72
bool m_checked_witness_commitment
Definition: block.h:76
bool fChecked
Definition: block.h:75
The block chain is a tree shaped structure starting with the genesis block at the root,...
Definition: chain.h:150
std::string ToString() const
Definition: chain.cpp:15
CBlockIndex * pprev
pointer to the index of the predecessor of this block
Definition: chain.h:156
bool IsAssumedValid() const EXCLUSIVE_LOCKS_REQUIRED(
Definition: chain.h:323
arith_uint256 nChainWork
(memory only) Total amount of work (expected number of hashes) in the chain up to and including this ...
Definition: chain.h:174
bool HaveNumChainTxs() const
Check whether this block's and all previous blocks' transactions have been downloaded (and stored to ...
Definition: chain.h:275
uint32_t nTime
Definition: chain.h:204
int32_t nSequenceId
(memory only) Sequential id assigned to distinguish order in which blocks are received.
Definition: chain.h:209
uint256 GetBlockHash() const
Definition: chain.h:258
int64_t GetBlockTime() const
Definition: chain.h:282
int64_t GetMedianTimePast() const
Definition: chain.h:294
FlatFilePos GetUndoPos() const EXCLUSIVE_LOCKS_REQUIRED(
Definition: chain.h:234
bool RaiseValidity(enum BlockStatus nUpTo) EXCLUSIVE_LOCKS_REQUIRED(
Raise the validity level of this block index entry.
Definition: chain.h:331
CBlockIndex * pskip
pointer to the index of some further predecessor of this block
Definition: chain.h:159
unsigned int nTx
Number of transactions in this block.
Definition: chain.h:181
bool IsValid(enum BlockStatus nUpTo=BLOCK_VALID_TRANSACTIONS) const EXCLUSIVE_LOCKS_REQUIRED(
Check whether this block index entry is valid up to the passed validity level.
Definition: chain.h:311
int32_t nVersion
block header
Definition: chain.h:202
CBlockIndex * GetAncestor(int height)
Efficiently find an ancestor of this block.
Definition: chain.cpp:120
int nHeight
height of the entry in the chain. The genesis block has height 0
Definition: chain.h:162
unsigned int nChainTx
(memory only) Number of transactions in the chain up to and including this block.
Definition: chain.h:191
const uint256 * phashBlock
pointer to the hash of the block, if any. Memory is owned by this CBlockIndex
Definition: chain.h:153
Undo information for a CBlock.
Definition: undo.h:63
std::vector< CTxUndo > vtxundo
Definition: undo.h:65
An in-memory indexed chain of blocks.
Definition: chain.h:447
CBlockIndex * Genesis() const
Returns the index entry for the genesis block of this chain, or nullptr if none.
Definition: chain.h:457
CBlockIndex * Next(const CBlockIndex *pindex) const
Find the successor of a block in this chain, or nullptr if the given index is not found or is the tip...
Definition: chain.h:483
CBlockIndex * Tip() const
Returns the index entry for the tip of this chain, or nullptr if none.
Definition: chain.h:463
void SetTip(CBlockIndex &block)
Set/initialize a chain with a given tip.
Definition: chain.cpp:21
int Height() const
Return the maximal height in the chain.
Definition: chain.h:492
const CBlockIndex * FindFork(const CBlockIndex *pindex) const
Find the last common block between this chain and a block index entry.
Definition: chain.cpp:60
bool Contains(const CBlockIndex *pindex) const
Efficiently check whether a block is present in this chain.
Definition: chain.h:477
CBlockLocator GetLocator() const
Return a CBlockLocator that refers to the tip in of this chain.
Definition: chain.cpp:55
CChainParams defines various tweakable parameters of a given instance of the Bitcoin system.
Definition: chainparams.h:81
const ChainTxData & TxData() const
Definition: chainparams.h:131
std::optional< AssumeutxoData > AssumeutxoForHeight(int height) const
Definition: chainparams.h:122
const Consensus::Params & GetConsensus() const
Definition: chainparams.h:93
RAII-style controller object for a CCheckQueue that guarantees the passed queue is finished before co...
Definition: checkqueue.h:193
void Add(std::vector< T > &&vChecks)
Definition: checkqueue.h:219
CCoinsView that adds a memory cache for transactions to another CCoinsView.
Definition: coins.h:229
bool SpendCoin(const COutPoint &outpoint, Coin *moveto=nullptr)
Spend a coin.
Definition: coins.cpp:128
void Uncache(const COutPoint &outpoint)
Removes the UTXO with the given outpoint from the cache, if it is not modified.
Definition: coins.cpp:283
void AddCoin(const COutPoint &outpoint, Coin &&coin, bool possible_overwrite)
Add a coin.
Definition: coins.cpp:69
unsigned int GetCacheSize() const
Calculate the size of the cache (in number of transaction outputs)
Definition: coins.cpp:298
uint256 GetBestBlock() const override
Retrieve the block hash whose state this CCoinsView currently represents.
Definition: coins.cpp:171
void SetBestBlock(const uint256 &hashBlock)
Definition: coins.cpp:177
bool HaveCoinInCache(const COutPoint &outpoint) const
Check if we have the given utxo already loaded in this cache.
Definition: coins.cpp:166
bool Flush()
Push the modifications applied to this cache to its base and wipe local state.
Definition: coins.cpp:253
size_t DynamicMemoryUsage() const
Calculate the size of the cache (in bytes)
Definition: coins.cpp:39
void EmplaceCoinInternalDANGER(COutPoint &&outpoint, Coin &&coin)
Emplace a coin into cacheCoins without performing any checks, marking the emplaced coin as dirty.
Definition: coins.cpp:109
bool HaveCoin(const COutPoint &outpoint) const override
Just check whether a given outpoint is unspent.
Definition: coins.cpp:161
const Coin & AccessCoin(const COutPoint &output) const
Return a reference to Coin in the cache, or coinEmpty if not found.
Definition: coins.cpp:152
CCoinsView backed by the coin database (chainstate/)
Definition: txdb.h:54
void ResizeCache(size_t new_cache_size) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Dynamically alter the underlying leveldb cache size.
Definition: txdb.cpp:54
Abstract view on the open txout dataset.
Definition: coins.h:173
virtual bool GetCoin(const COutPoint &outpoint, Coin &coin) const
Retrieve the Coin (unspent transaction output) for a given outpoint.
Definition: coins.cpp:12
virtual std::vector< uint256 > GetHeadBlocks() const
Retrieve the range of blocks that may have been only partially written.
Definition: coins.cpp:14
CCoinsView that brings transactions from a mempool into view.
Definition: txmempool.h:825
Fee rate in satoshis per kilovirtualbyte: CAmount / kvB.
Definition: feerate.h:33
A hasher class for Bitcoin's 256-bit hash (double SHA-256).
Definition: hash.h:24
CHash256 & Write(Span< const unsigned char > input)
Definition: hash.h:37
void Finalize(Span< unsigned char > output)
Definition: hash.h:30
An outpoint - a combination of a transaction hash and an index n into its vout.
Definition: transaction.h:29
uint32_t n
Definition: transaction.h:32
Txid hash
Definition: transaction.h:31
A hasher class for SHA-256.
Definition: sha256.h:14
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: sha256.cpp:728
CSHA256 & Write(const unsigned char *data, size_t len)
Definition: sha256.cpp:702
Closure representing one script verification Note that this stores references to the spending transac...
Definition: validation.h:335
bool operator()()
ScriptError GetScriptError() const
Definition: validation.h:356
PrecomputedTransactionData * txdata
Definition: validation.h:343
CTxOut m_tx_out
Definition: validation.h:337
bool cacheStore
Definition: validation.h:341
ScriptError error
Definition: validation.h:342
unsigned int nFlags
Definition: validation.h:340
const CTransaction * ptxTo
Definition: validation.h:338
unsigned int nIn
Definition: validation.h:339
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:414
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:296
bool HasWitness() const
Definition: transaction.h:373
const Txid & GetHash() const LIFETIMEBOUND
Definition: transaction.h:343
const Wtxid & GetWitnessHash() const LIFETIMEBOUND
Definition: transaction.h:344
const std::vector< CTxOut > vout
Definition: transaction.h:307
bool IsCoinBase() const
Definition: transaction.h:356
const int32_t nVersion
Definition: transaction.h:308
const std::vector< CTxIn > vin
Definition: transaction.h:306
An input of a transaction.
Definition: transaction.h:67
COutPoint prevout
Definition: transaction.h:69
CTxMemPoolEntry stores data about the corresponding transaction, as well as data about all in-mempool...
Definition: mempool_entry.h:66
CTxMemPool stores valid-according-to-the-current-best-chain transactions that may be included in the ...
Definition: txmempool.h:301
RecursiveMutex cs
This mutex needs to be locked when accessing mapTx or other members that are guarded by it.
Definition: txmempool.h:389
void removeRecursive(const CTransaction &tx, MemPoolRemovalReason reason) EXCLUSIVE_LOCKS_REQUIRED(cs)
Definition: txmempool.cpp:560
void UpdateTransactionsFromBlock(const std::vector< uint256 > &vHashesToUpdate) EXCLUSIVE_LOCKS_REQUIRED(cs
UpdateTransactionsFromBlock is called when adding transactions from a disconnected block back to the ...
Definition: txmempool.cpp:102
void AddTransactionsUpdated(unsigned int n)
Definition: txmempool.cpp:425
const int64_t m_max_size_bytes
Definition: txmempool.h:438
CTransactionRef get(const uint256 &hash) const
Definition: txmempool.cpp:846
size_t DynamicMemoryUsage() const
Definition: txmempool.cpp:1026
void removeForReorg(CChain &chain, std::function< bool(txiter)> filter_final_and_mature) EXCLUSIVE_LOCKS_REQUIRED(cs
After reorg, filter the entries that would no longer be valid in the next block, and update the entri...
Definition: txmempool.cpp:590
std::set< txiter, CompareIteratorByHash > setEntries
Definition: txmempool.h:395
void removeForBlock(const std::vector< CTransactionRef > &vtx, unsigned int nBlockHeight) EXCLUSIVE_LOCKS_REQUIRED(cs)
Called when a block is connected.
Definition: txmempool.cpp:630
indexed_transaction_set::nth_index< 0 >::type::const_iterator txiter
Definition: txmempool.h:392
bool exists(const GenTxid &gtxid) const
Definition: txmempool.h:677
An output of a transaction.
Definition: transaction.h:150
CScript scriptPubKey
Definition: transaction.h:153
CAmount nValue
Definition: transaction.h:152
Undo information for a CTransaction.
Definition: undo.h:53
std::vector< Coin > vprevout
Definition: undo.h:56
VerifyDBResult VerifyDB(Chainstate &chainstate, const Consensus::Params &consensus_params, CCoinsView &coinsview, int nCheckLevel, int nCheckDepth) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
kernel::Notifications & m_notifications
Definition: validation.h:402
CVerifyDB(kernel::Notifications &notifications)
Chainstate stores and provides an API to update our local knowledge of the current best chain.
Definition: validation.h:491
const CBlockIndex *SnapshotBase() EXCLUSIVE_LOCKS_REQUIRED(std::set< CBlockIndex *, node::CBlockIndexWorkComparator > setBlockIndexCandidates
The base of the snapshot this chainstate was created from.
Definition: validation.h:585
CTxMemPool * GetMempool()
Definition: validation.h:611
Mutex m_chainstate_mutex
The ChainState Mutex A lock that must be held when modifying this ChainState - held in ActivateBestCh...
Definition: validation.h:498
CChain m_chain
The current chain of blockheaders we consult and build on.
Definition: validation.h:571
bool RollforwardBlock(const CBlockIndex *pindex, CCoinsViewCache &inputs) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Apply the effects of a block on the utxo cache, ignoring that it may already have been applied.
size_t m_coinstip_cache_size_bytes
The cache size of the in-memory coins view.
Definition: validation.h:634
bool ConnectTip(BlockValidationState &state, CBlockIndex *pindexNew, const std::shared_ptr< const CBlock > &pblock, ConnectTrace &connectTrace, DisconnectedBlockTransactions &disconnectpool) EXCLUSIVE_LOCKS_REQUIRED(cs_main
Connect a new block to m_chain.
bool LoadChainTip() EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Update the chain tip based on database information, i.e.
size_t m_coinsdb_cache_size_bytes
The cache size of the on-disk coins view.
Definition: validation.h:631
bool PreciousBlock(BlockValidationState &state, CBlockIndex *pindex) LOCKS_EXCLUDED(bool InvalidateBlock(BlockValidationState &state, CBlockIndex *pindex) LOCKS_EXCLUDED(voi ResetBlockFailureFlags)(CBlockIndex *pindex) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Mark a block as precious and reorganize.
Definition: validation.h:715
void InvalidBlockFound(CBlockIndex *pindex, const BlockValidationState &state) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
void CheckForkWarningConditions() EXCLUSIVE_LOCKS_REQUIRED(cs_main)
CCoinsViewDB & CoinsDB() EXCLUSIVE_LOCKS_REQUIRED(
Definition: validation.h:604
void ForceFlushStateToDisk()
Unconditionally flush all changes to disk.
bool LoadGenesisBlock()
Ensures we have a genesis block in the block tree, possibly writing one to disk.
const std::optional< uint256 > m_from_snapshot_blockhash
The blockhash which is the base of the snapshot this chainstate was created from.
Definition: validation.h:578
bool ActivateBestChain(BlockValidationState &state, std::shared_ptr< const CBlock > pblock=nullptr) LOCKS_EXCLUDED(DisconnectResult DisconnectBlock(const CBlock &block, const CBlockIndex *pindex, CCoinsViewCache &view) EXCLUSIVE_LOCKS_REQUIRED(boo ConnectBlock)(const CBlock &block, BlockValidationState &state, CBlockIndex *pindex, CCoinsViewCache &view, bool fJustCheck=false) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Find the best known block, and make it the tip of the block chain.
Definition: validation.h:694
CTxMemPool * m_mempool
Optional mempool that is kept in sync with the chain.
Definition: validation.h:502
bool DisconnectTip(BlockValidationState &state, DisconnectedBlockTransactions *disconnectpool) EXCLUSIVE_LOCKS_REQUIRED(cs_main
Disconnect m_chain's tip.
CBlockIndex * FindMostWorkChain() EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Return the tip of the chain with the most work in it, that isn't known to be invalid (it's however fa...
void UpdateTip(const CBlockIndex *pindexNew) EXCLUSIVE_LOCKS_REQUIRED(SteadyClock::time_poin m_last_write)
Check warning conditions and do some notifications on new chain tip set.
Definition: validation.h:787
ChainstateManager & m_chainman
The chainstate manager that owns this chainstate.
Definition: validation.h:531
std::unique_ptr< CoinsViews > m_coins_views
Manages the UTXO set, which is a reflection of the contents of m_chain.
Definition: validation.h:505
bool ReplayBlocks()
Replay blocks that aren't fully applied to the database.
void PruneBlockIndexCandidates()
Delete all entries in setBlockIndexCandidates that are worse than the current tip.
CCoinsViewCache & CoinsTip() EXCLUSIVE_LOCKS_REQUIRED(
Definition: validation.h:596
void TryAddBlockIndexCandidate(CBlockIndex *pindex) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
void PruneAndFlush()
Prune blockfiles from the disk if necessary and then flush chainstate changes if we pruned.
node::BlockManager & m_blockman
Reference to a BlockManager instance which itself is shared across all Chainstate instances.
Definition: validation.h:521
void MaybeUpdateMempoolForReorg(DisconnectedBlockTransactions &disconnectpool, bool fAddToMempool) EXCLUSIVE_LOCKS_REQUIRED(cs_main
Make mempool consistent after a reorg, by re-adding or recursively erasing disconnected block transac...
Definition: validation.cpp:296
bool ActivateBestChainStep(BlockValidationState &state, CBlockIndex *pindexMostWork, const std::shared_ptr< const CBlock > &pblock, bool &fInvalidFound, ConnectTrace &connectTrace) EXCLUSIVE_LOCKS_REQUIRED(cs_main
Try to make some progress towards making pindexMostWork the active block.
SteadyClock::time_point m_last_flush
Definition: validation.h:788
void InvalidChainFound(CBlockIndex *pindexNew) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Chainstate(CTxMemPool *mempool, node::BlockManager &blockman, ChainstateManager &chainman, std::optional< uint256 > from_snapshot_blockhash=std::nullopt)
bool NeedsRedownload() const EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Whether the chain state needs to be redownloaded due to lack of witness data.
Provides an interface for creating and interacting with one or two chainstates: an IBD chainstate gen...
Definition: validation.h:849
CChain & ActiveChain() const EXCLUSIVE_LOCKS_REQUIRED(GetMutex())
Definition: validation.h:1068
SnapshotCompletionResult MaybeCompleteSnapshotValidation() EXCLUSIVE_LOCKS_REQUIRED(const CBlockIndex *GetSnapshotBaseBlock() const EXCLUSIVE_LOCKS_REQUIRED(Chainstate ActiveChainstate)() const
Once the background validation chainstate has reached the height which is the base of the UTXO snapsh...
Definition: validation.h:1067
int64_t m_total_coinstip_cache
The total number of bytes available for us to use across all in-memory coins caches.
Definition: validation.h:1023
const CChainParams & GetParams() const
Definition: validation.h:933
const arith_uint256 & MinimumChainWork() const
Definition: validation.h:936
std::vector< unsigned char > GenerateCoinbaseCommitment(CBlock &block, const CBlockIndex *pindexPrev) const
Produce the necessary coinbase commitment for a block (modifies the hash, don't call for mined blocks...
MempoolAcceptResult ProcessTransaction(const CTransactionRef &tx, bool test_accept=false) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Try to add a transaction to the memory pool.
int64_t m_total_coinsdb_cache
The total number of bytes available for us to use across all leveldb coins databases.
Definition: validation.h:1027
bool IsInitialBlockDownload() const
Check whether we are doing an initial block download (synchronizing from disk or network)
void ReceivedBlockTransactions(const CBlock &block, CBlockIndex *pindexNew, const FlatFilePos &pos) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Mark a block as having its data received and checked (up to BLOCK_VALID_TRANSACTIONS).
bool ShouldCheckBlockIndex() const
Definition: validation.h:935
bool IsSnapshotValidated() const EXCLUSIVE_LOCKS_REQUIRED(
Is there a snapshot in use and has it been fully validated?
Definition: validation.h:1100
bool ProcessNewBlock(const std::shared_ptr< const CBlock > &block, bool force_processing, bool min_pow_checked, bool *new_block) LOCKS_EXCLUDED(cs_main)
Process an incoming block.
bool BackgroundSyncInProgress() const EXCLUSIVE_LOCKS_REQUIRED(GetMutex())
The state of a background sync (for net processing)
Definition: validation.h:1073
std::atomic< bool > m_cached_finished_ibd
Whether initial block download has ended and IsInitialBlockDownload should return false from now on.
Definition: validation.h:974
std::function< void()> restart_indexes
Function to restart active indexes; set dynamically to avoid a circular dependency on base/index....
Definition: validation.h:931
bool PopulateAndValidateSnapshot(Chainstate &snapshot_chainstate, AutoFile &coins_file, const node::SnapshotMetadata &metadata)
Internal helper for ActivateSnapshot().
const util::SignalInterrupt & m_interrupt
Definition: validation.h:960
void LoadExternalBlockFile(AutoFile &file_in, FlatFilePos *dbp=nullptr, std::multimap< uint256, FlatFilePos > *blocks_with_unknown_parent=nullptr)
Import blocks from an external file.
int ActiveHeight() const EXCLUSIVE_LOCKS_REQUIRED(GetMutex())
Definition: validation.h:1069
bool ActivateSnapshot(AutoFile &coins_file, const node::SnapshotMetadata &metadata, bool in_memory)
Construct and activate a Chainstate on the basis of UTXO snapshot data.
VersionBitsCache m_versionbitscache
Track versionbit status.
Definition: validation.h:1091
CBlockIndex * ActiveTip() const EXCLUSIVE_LOCKS_REQUIRED(GetMutex())
Definition: validation.h:1070
bool IsSnapshotActive() const
ChainstateManager(const util::SignalInterrupt &interrupt, Options options, node::BlockManager::Options blockman_options)
void CheckBlockIndex()
Make various assertions about the state of the block index.
const Options m_options
Definition: validation.h:961
bool LoadBlockIndex() EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Load the block tree and coins database from disk, initializing state if we're running with -reindex.
bool DetectSnapshotChainstate() EXCLUSIVE_LOCKS_REQUIRED(void ResetChainstates() EXCLUSIVE_LOCKS_REQUIRED(bool DeleteSnapshotChainstate() EXCLUSIVE_LOCKS_REQUIRED(Chainstate &ActivateExistingSnapshot(uint256 base_blockhash) EXCLUSIVE_LOCKS_REQUIRED(bool ValidatedSnapshotCleanup() EXCLUSIVE_LOCKS_REQUIRED(Chainstate &GetChainstateForIndexing() EXCLUSIVE_LOCKS_REQUIRED(std::pair< int, int > GetPruneRange(const Chainstate &chainstate, int last_height_can_prune) EXCLUSIVE_LOCKS_REQUIRED(std::optional< int > GetSnapshotBaseHeight() const EXCLUSIVE_LOCKS_REQUIRED(CCheckQueue< CScriptCheck > & GetCheckQueue()
When starting up, search the datadir for a chainstate based on a UTXO snapshot that is in the process...
Definition: validation.h:1274
std::optional< uint256 > SnapshotBlockhash() const
bool AcceptBlockHeader(const CBlockHeader &block, BlockValidationState &state, CBlockIndex **ppindex, bool min_pow_checked) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
If a block header hasn't already been seen, call CheckBlockHeader on it, ensure that it doesn't desce...
const uint256 & AssumedValidBlock() const
Definition: validation.h:937
void ReportHeadersPresync(const arith_uint256 &work, int64_t height, int64_t timestamp)
This is used by net_processing to report pre-synchronization progress of headers, as headers are not ...
arith_uint256 nLastPreciousChainwork
chainwork for the last block that preciousblock has been applied to.
Definition: validation.h:985
Chainstate &InitializeChainstate(CTxMemPool *mempool) EXCLUSIVE_LOCKS_REQUIRED(std::vector< Chainstate * GetAll)()
Instantiate a new chainstate.
Definition: validation.h:1036
std::set< CBlockIndex * > m_failed_blocks
In order to efficiently track invalidity of headers, we keep the set of blocks which we tried to conn...
Definition: validation.h:1016
bool ProcessNewBlockHeaders(const std::vector< CBlockHeader > &block, bool min_pow_checked, BlockValidationState &state, const CBlockIndex **ppindex=nullptr) LOCKS_EXCLUDED(cs_main)
Process incoming block headers.
kernel::Notifications & GetNotifications() const
Definition: validation.h:938
bool IsUsable(const Chainstate *const cs) const EXCLUSIVE_LOCKS_REQUIRED(
Return true if a chainstate is considered usable.
Definition: validation.h:917
const Consensus::Params & GetConsensus() const
Definition: validation.h:934
int32_t nBlockReverseSequenceId
Decreasing counter (used by subsequent preciousblock calls).
Definition: validation.h:983
node::BlockManager m_blockman
A single BlockManager instance is shared across each constructed chainstate to avoid duplicating bloc...
Definition: validation.h:965
bool AcceptBlock(const std::shared_ptr< const CBlock > &pblock, BlockValidationState &state, CBlockIndex **ppindex, bool fRequested, const FlatFilePos *dbp, bool *fNewBlock, bool min_pow_checked) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Sufficiently validate a block for disk storage (and store on disk).
A UTXO entry.
Definition: coins.h:32
bool IsCoinBase() const
Definition: coins.h:56
CTxOut out
unspent transaction output
Definition: coins.h:35
bool IsSpent() const
Either this coin never existed (see e.g.
Definition: coins.h:80
uint32_t nHeight
at which height this containing transaction was included in the active block chain
Definition: coins.h:41
unsigned int fCoinBase
whether containing transaction was a coinbase
Definition: coins.h:38
CoinsViews(DBParams db_params, CoinsViewOptions options)
This constructor initializes CCoinsViewDB and CCoinsViewErrorCatcher instances, but it does not creat...
Used to track blocks whose transactions were applied to the UTXO state as a part of a single Activate...
std::vector< PerBlockConnectTrace > blocksConnected
std::vector< PerBlockConnectTrace > & GetBlocksConnected()
void BlockConnected(CBlockIndex *pindex, std::shared_ptr< const CBlock > pblock)
cache implements a cache with properties similar to a cuckoo-set.
Definition: cuckoocache.h:163
DisconnectedBlockTransactions.
std::list< CTransactionRef > take()
Clear all data structures and return the list of transactions.
void removeForBlock(const std::vector< CTransactionRef > &vtx)
Remove any entries that are in this block.
std::vector< CTransactionRef > AddTransactionsFromBlock(const std::vector< CTransactionRef > &vtx)
Add transactions from the block, iterating through vtx in reverse order.
static GenTxid Wtxid(const uint256 &hash)
Definition: transaction.h:435
static GenTxid Txid(const uint256 &hash)
Definition: transaction.h:434
Different type to mark Mutex at global scope.
Definition: sync.h:140
void BlockDisconnected(const std::shared_ptr< const CBlock > &, const CBlockIndex *pindex)
void NewPoWValidBlock(const CBlockIndex *, const std::shared_ptr< const CBlock > &)
void UpdatedBlockTip(const CBlockIndex *, const CBlockIndex *, bool fInitialDownload)
void ChainStateFlushed(ChainstateRole, const CBlockLocator &)
void BlockChecked(const CBlock &, const BlockValidationState &)
void BlockConnected(ChainstateRole, const std::shared_ptr< const CBlock > &, const CBlockIndex *pindex)
bool IsValid() const
Definition: validation.h:122
std::string GetRejectReason() const
Definition: validation.h:126
std::string GetDebugMessage() const
Definition: validation.h:127
bool Error(const std::string &reject_reason)
Definition: validation.h:115
bool Invalid(Result result, const std::string &reject_reason="", const std::string &debug_message="")
Definition: validation.h:105
bool IsError() const
Definition: validation.h:124
Result GetResult() const
Definition: validation.h:125
std::string ToString() const
Definition: validation.h:128
bool IsInvalid() const
Definition: validation.h:123
int32_t ComputeBlockVersion(const CBlockIndex *pindexPrev, const Consensus::Params &params) EXCLUSIVE_LOCKS_REQUIRED(!m_mutex)
Determine what nVersion a new block should use.
void Clear() EXCLUSIVE_LOCKS_REQUIRED(!m_mutex)
Threshold condition checker that triggers when unknown versionbits are seen on the network.
int64_t EndTime(const Consensus::Params &params) const override
bool Condition(const CBlockIndex *pindex, const Consensus::Params &params) const override
int Threshold(const Consensus::Params &params) const override
int64_t BeginTime(const Consensus::Params &params) const override
int Period(const Consensus::Params &params) const override
WarningBitsConditionChecker(const ChainstateManager &chainman, int bit)
const ChainstateManager & m_chainman
256-bit unsigned big integer.
constexpr bool IsNull() const
Definition: uint256.h:42
std::string ToString() const
Definition: uint256.cpp:55
constexpr const unsigned char * data() const
Definition: uint256.h:65
constexpr unsigned char * begin()
Definition: uint256.h:68
double getdouble() const
Path class wrapper to block calls to the fs::path(std::string) implicit constructor and the fs::path:...
Definition: fs.h:33
A base class defining functions for notifying about certain kernel events.
virtual void headerTip(SynchronizationState state, int64_t height, int64_t timestamp, bool presync)
virtual void fatalError(const std::string &debug_message, const bilingual_str &user_message={})
The fatal error notification is sent to notify the user when an error occurs in kernel code that can'...
virtual void warning(const bilingual_str &warning)
virtual void progress(const bilingual_str &title, int progress_percent, bool resume_possible)
virtual InterruptResult blockTip(SynchronizationState state, CBlockIndex &index)
Maintains a tree of blocks (stored in m_block_index) which is consulted to determine where the most-w...
Definition: blockstorage.h:137
const kernel::BlockManagerOpts m_opts
Definition: blockstorage.h:249
bool ReadBlockFromDisk(CBlock &block, const FlatFilePos &pos) const
Functions for disk access for blocks.
RecursiveMutex cs_LastBlockFile
Definition: blockstorage.h:199
bool WriteUndoDataForBlock(const CBlockUndo &blockundo, BlockValidationState &state, CBlockIndex &block) EXCLUSIVE_LOCKS_REQUIRED(FlatFilePos SaveBlockToDisk(const CBlock &block, int nHeight, const FlatFilePos *dbp)
Store block on disk.
Definition: blockstorage.h:316
bool FlushChainstateBlockFile(int tip_height)
void FindFilesToPrune(std::set< int > &setFilesToPrune, int last_prune, const Chainstate &chain, ChainstateManager &chainman)
Prune block and undo files (blk???.dat and rev???.dat) so that the disk space used is less than a use...
CBlockIndex * LookupBlockIndex(const uint256 &hash) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
std::vector< CBlockIndex * > GetAllBlockIndices() EXCLUSIVE_LOCKS_REQUIRED(std::multimap< CBlockIndex *, CBlockIndex * > m_blocks_unlinked
All pairs A->B, where A (or one of its ancestors) misses transactions, but B has transactions.
Definition: blockstorage.h:278
std::set< CBlockIndex * > m_dirty_blockindex
Dirty block index entries.
Definition: blockstorage.h:234
bool LoadingBlocks() const
Definition: blockstorage.h:325
bool UndoReadFromDisk(CBlockUndo &blockundo, const CBlockIndex &index) const
bool CheckBlockDataAvailability(const CBlockIndex &upper_block LIFETIMEBOUND, const CBlockIndex &lower_block LIFETIMEBOUND) EXCLUSIVE_LOCKS_REQUIRED(const CBlockIndex *GetFirstStoredBlock(const CBlockIndex &start_block LIFETIMEBOUND, const CBlockIndex *lower_block=nullptr) EXCLUSIVE_LOCKS_REQUIRED(boo m_have_pruned)
Check if all blocks in the [upper_block, lower_block] range have data available.
Definition: blockstorage.h:344
void UnlinkPrunedFiles(const std::set< int > &setFilesToPrune) const
Actually unlink the specified files.
bool WriteBlockIndexDB() EXCLUSIVE_LOCKS_REQUIRED(bool LoadBlockIndexDB(const std::optional< uint256 > &snapshot_blockhash) EXCLUSIVE_LOCKS_REQUIRED(void ScanAndUnlinkAlreadyPrunedFiles() EXCLUSIVE_LOCKS_REQUIRED(CBlockIndex * AddToBlockIndex(const CBlockHeader &block, CBlockIndex *&best_header) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Remove any pruned block & undo files that are still on disk.
Definition: blockstorage.h:299
bool m_check_for_pruning
Global flag to indicate we should check to see if there are block/undo files that should be deleted.
Definition: blockstorage.h:229
bool IsPruneMode() const
Whether running in -prune mode.
Definition: blockstorage.h:319
void FindFilesToPruneManual(std::set< int > &setFilesToPrune, int nManualPruneHeight, const Chainstate &chain, ChainstateManager &chainman)
std::optional< int > m_snapshot_height
The height of the base block of an assumeutxo snapshot, if one is in use.
Definition: blockstorage.h:276
Metadata describing a serialized version of a UTXO set from which an assumeutxo Chainstate can be con...
Definition: utxo_snapshot.h:25
uint256 m_base_blockhash
The hash of the block that reflects the tip of the chain for the UTXO set contained in this snapshot.
Definition: utxo_snapshot.h:29
uint64_t m_coins_count
The number of coins in the UTXO set contained in this snapshot.
Definition: utxo_snapshot.h:33
std::string ToString() const
constexpr const std::byte * begin() const
std::string GetHex() const
constexpr const std::byte * data() const
256-bit opaque blob.
Definition: uint256.h:106
Helper class that manages an interrupt flag, and allows a thread or signal to interrupt another threa...
const Coin & AccessByTxid(const CCoinsViewCache &view, const Txid &txid)
Utility function to find any unspent output with a given txid.
Definition: coins.cpp:344
void AddCoins(CCoinsViewCache &cache, const CTransaction &tx, int nHeight, bool check_for_overwrite)
Utility function to add all of a transaction's outputs to a cache.
Definition: coins.cpp:117
static constexpr int NO_WITNESS_COMMITMENT
Index marker for when no witness commitment is present in a coinbase transaction.
Definition: validation.h:15
static constexpr size_t MINIMUM_WITNESS_COMMITMENT
Minimum size of a witness commitment structure.
Definition: validation.h:18
static int64_t GetBlockWeight(const CBlock &block)
Definition: validation.h:153
@ BLOCK_CHECKPOINT
the block failed to meet one of our checkpoints
@ BLOCK_HEADER_LOW_WORK
the block header may be on a too-little-work chain
@ BLOCK_INVALID_HEADER
invalid proof of work or time too old
@ BLOCK_CACHED_INVALID
this block was cached as being invalid and we didn't store the reason why
@ BLOCK_CONSENSUS
invalid by consensus rules (excluding any below reasons)
@ BLOCK_MISSING_PREV
We don't have the previous block the checked one is built on.
@ BLOCK_INVALID_PREV
A block this one builds on is invalid.
@ BLOCK_MUTATED
the block's data didn't match the data committed to by the PoW
@ BLOCK_TIME_FUTURE
block timestamp was > 2 hours in the future (or our clock is bad)
int GetWitnessCommitmentIndex(const CBlock &block)
Compute at which vout of the block's coinbase transaction the witness commitment occurs,...
Definition: validation.h:164
@ TX_MISSING_INPUTS
transaction was missing some of its inputs
@ TX_MEMPOOL_POLICY
violated mempool's fee/size/descendant/RBF/etc limits
@ TX_PREMATURE_SPEND
transaction spends a coinbase too early, or violates locktime/sequence locks
@ TX_INPUTS_NOT_STANDARD
inputs (covered by txid) failed policy rules
@ TX_WITNESS_STRIPPED
Transaction is missing a witness.
@ TX_CONFLICT
Tx already in mempool or conflicts with a tx in the chain (if it conflicts with another tx in mempool...
@ TX_NOT_STANDARD
otherwise didn't meet our local policy rules
@ TX_WITNESS_MUTATED
Transaction might have a witness prior to SegWit activation, or witness may have been malleated (whic...
@ TX_NO_MEMPOOL
this node does not have a mempool so can't validate the transaction
@ TX_CONSENSUS
invalid by consensus rules
@ TX_RECONSIDERABLE
fails some policy, but might be acceptable if submitted in a (different) package
static constexpr unsigned int LOCKTIME_VERIFY_SEQUENCE
Flags for nSequence and nLockTime locks.
Definition: consensus.h:28
static const unsigned int MAX_BLOCK_WEIGHT
The maximum allowed weight for a block, see BIP 141 (network rule)
Definition: consensus.h:15
static const unsigned int MAX_BLOCK_SERIALIZED_SIZE
The maximum allowed size for a serialized block, in bytes (only for buffer size limits)
Definition: consensus.h:13
static const int64_t MAX_BLOCK_SIGOPS_COST
The maximum allowed number of signature check operations in a block (network rule)
Definition: consensus.h:17
static const int COINBASE_MATURITY
Coinbase transaction outputs can only be spent after this number of new blocks (network rule)
Definition: consensus.h:19
static const int WITNESS_SCALE_FACTOR
Definition: consensus.h:21
RecursiveMutex cs_main
Mutex to guard access to validation specific variables, such as reading or changing the chainstate.
Definition: cs_main.cpp:8
bool DestroyDB(const std::string &path_str)
Definition: dbwrapper.cpp:37
bool DeploymentActiveAfter(const CBlockIndex *pindexPrev, const Consensus::Params &params, Consensus::BuriedDeployment dep, [[maybe_unused]] VersionBitsCache &versionbitscache)
Determine if a deployment is active for the next block.
bool DeploymentActiveAt(const CBlockIndex &index, const Consensus::Params &params, Consensus::BuriedDeployment dep, [[maybe_unused]] VersionBitsCache &versionbitscache)
Determine if a deployment is active for this block.
static const unsigned int MAX_DISCONNECTED_TX_POOL_BYTES
Maximum bytes for transactions to store for processing during reorg.
volatile double sum
Definition: examples.cpp:10
bool CheckDiskSpace(const fs::path &dir, uint64_t additional_bytes)
Definition: fs_helpers.cpp:94
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, unsigned int flags, const BaseSignatureChecker &checker, ScriptError *serror)
@ SCRIPT_VERIFY_NULLDUMMY
Definition: interpreter.h:64
@ SCRIPT_VERIFY_P2SH
Definition: interpreter.h:49
@ SCRIPT_VERIFY_WITNESS
Definition: interpreter.h:108
@ SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY
Definition: interpreter.h:99
@ SCRIPT_VERIFY_TAPROOT
Definition: interpreter.h:134
@ SCRIPT_VERIFY_DERSIG
Definition: interpreter.h:57
@ SCRIPT_VERIFY_CLEANSTACK
Definition: interpreter.h:94
@ SCRIPT_VERIFY_CHECKSEQUENCEVERIFY
Definition: interpreter.h:104
ChainstateRole
This enum describes the various roles a specific Chainstate instance can take.
Definition: chain.h:25
#define LogPrintLevel(category, level,...)
Definition: logging.h:252
#define LogPrint(category,...)
Definition: logging.h:264
#define LogError(...)
Definition: logging.h:242
#define LogDebug(category,...)
Definition: logging.h:260
#define LogPrintf(...)
Definition: logging.h:245
unsigned int nHeight
LockPoints lp
@ REPLACED
Removed for replacement.
@ REORG
Removed for reorganization.
uint256 BlockMerkleRoot(const CBlock &block, bool *mutated)
Definition: merkle.cpp:65
uint256 BlockWitnessMerkleRoot(const CBlock &block, bool *mutated)
Definition: merkle.cpp:75
std::array< uint8_t, 4 > MessageStartChars
unsigned int nonce
Definition: miner_tests.cpp:71
std::string FormatMoney(const CAmount n)
Money parsing/formatting utilities.
Definition: moneystr.cpp:16
@ REINDEX
Definition: logging.h:52
@ ALL
Definition: logging.h:73
@ VALIDATION
Definition: logging.h:62
@ PRUNE
Definition: logging.h:55
@ MEMPOOL
Definition: logging.h:43
@ BENCH
Definition: logging.h:45
bool CheckTxInputs(const CTransaction &tx, TxValidationState &state, const CCoinsViewCache &inputs, int nSpendHeight, CAmount &txfee)
Check whether all inputs of this transaction are valid (no double spends and amounts) This does not m...
Definition: tx_verify.cpp:168
@ DEPLOYMENT_DERSIG
Definition: params.h:26
@ DEPLOYMENT_CSV
Definition: params.h:27
@ DEPLOYMENT_SEGWIT
Definition: params.h:28
@ DEPLOYMENT_HEIGHTINCB
Definition: params.h:24
@ DEPLOYMENT_CLTV
Definition: params.h:25
static bool exists(const path &p)
Definition: fs.h:89
static std::string PathToString(const path &path)
Convert path object to a byte string.
Definition: fs.h:151
std::string get_filesystem_error_message(const fs::filesystem_error &e)
Definition: fs.cpp:118
std::function< FILE *(const fs::path &, const char *)> FopenFn
Definition: fs.h:209
bool IsInterrupted(const T &result)
static bool ComputeUTXOStats(CCoinsView *view, CCoinsStats &stats, T hash_obj, const std::function< void()> &interruption_point)
Calculate statistics about the unspent transaction output set.
Definition: coinstats.cpp:116
CoinStatsHashType
Definition: coinstats.h:26
const fs::path SNAPSHOT_BLOCKHASH_FILENAME
The file in the snapshot chainstate dir which stores the base blockhash.
Definition: utxo_snapshot.h:50
bool WriteSnapshotBaseBlockhash(Chainstate &snapshot_chainstate)
std::optional< uint256 > ReadSnapshotBaseBlockhash(fs::path chaindir)
std::unordered_map< uint256, CBlockIndex, BlockHasher > BlockMap
Definition: blockstorage.h:85
bool WriteSnapshotBaseBlockhash(Chainstate &snapshot_chainstate) EXCLUSIVE_LOCKS_REQUIRED(std::optional< uint256 > constexpr ReadSnapshotBaseBlockhash(fs::path chaindir) EXCLUSIVE_LOCKS_REQUIRED(std::string_view SNAPSHOT_CHAINSTATE_SUFFIX
Write out the blockhash of the snapshot base block that was used to construct this chainstate.
Definition: utxo_snapshot.h:65
std::optional< fs::path > FindSnapshotChainstateDir(const fs::path &data_dir)
Return a path to the snapshot-based chainstate dir, if one exists.
std::atomic_bool fReindex
bilingual_str ErrorString(const Result< T > &result)
Definition: result.h:81
static feebumper::Result CheckFeeRate(const CWallet &wallet, const CMutableTransaction &mtx, const CFeeRate &newFeerate, const int64_t maxTxSize, CAmount old_fee, std::vector< bilingual_str > &errors)
Check if the user provided a valid feeRate.
Definition: feebumper.cpp:66
std::shared_ptr< Chain::Notifications > m_notifications
Definition: interfaces.cpp:457
bool IsChildWithParents(const Package &package)
Context-free check that a package is exactly one child and its parents; not all parents need to be pr...
Definition: packages.cpp:119
bool IsWellFormedPackage(const Package &txns, PackageValidationState &state, bool require_sorted)
Context-free package policy checks:
Definition: packages.cpp:79
std::vector< CTransactionRef > Package
A package is an ordered list of transactions.
Definition: packages.h:50
@ PCKG_POLICY
The package itself is invalid (e.g. too many transactions).
@ PCKG_MEMPOOL_ERROR
Mempool logic error.
@ PCKG_TX
At least one tx is invalid.
std::optional< std::string > PaysMoreThanConflicts(const CTxMemPool::setEntries &iters_conflicting, CFeeRate replacement_feerate, const uint256 &txid)
Check that the feerate of the replacement transaction(s) is higher than the feerate of each of the tr...
Definition: rbf.cpp:132
std::optional< std::string > HasNoNewUnconfirmed(const CTransaction &tx, const CTxMemPool &pool, const CTxMemPool::setEntries &iters_conflicting)
The replacement transaction may only include an unconfirmed input if that input was included in one o...
Definition: rbf.cpp:85
std::optional< std::string > PaysForRBF(CAmount original_fees, CAmount replacement_fees, size_t replacement_vsize, CFeeRate relay_fee, const uint256 &txid)
The replacement transaction must pay more fees than the original transactions.
Definition: rbf.cpp:158
std::optional< std::string > EntriesAndTxidsDisjoint(const CTxMemPool::setEntries &ancestors, const std::set< Txid > &direct_conflicts, const uint256 &txid)
Check the intersection between two sets of transactions (a set of mempool entries and a set of txids)...
Definition: rbf.cpp:117
std::optional< std::string > GetEntriesForConflicts(const CTransaction &tx, CTxMemPool &pool, const CTxMemPool::setEntries &iters_conflicting, CTxMemPool::setEntries &all_conflicts)
Get all descendants of iters_conflicting.
Definition: rbf.cpp:57
bool AreInputsStandard(const CTransaction &tx, const CCoinsViewCache &mapInputs)
Check transaction inputs to mitigate two potential denial-of-service attacks:
Definition: policy.cpp:177
bool IsWitnessStandard(const CTransaction &tx, const CCoinsViewCache &mapInputs)
Check if the transaction is over standard P2WSH resources limit: 3600bytes witnessScript size,...
Definition: policy.cpp:211
bool IsStandardTx(const CTransaction &tx, const std::optional< unsigned > &max_datacarrier_bytes, bool permit_bare_multisig, const CFeeRate &dust_relay_fee, std::string &reason)
Check for standard transaction types.
Definition: policy.cpp:94
static constexpr unsigned int EXTRA_DESCENDANT_TX_SIZE_LIMIT
An extra transaction can be added to a package, as long as it only has one ancestor and is no larger ...
Definition: policy.h:78
static constexpr unsigned int STANDARD_LOCKTIME_VERIFY_FLAGS
Used as the flags parameter to sequence and nLocktime checks in non-consensus code.
Definition: policy.h:122
static constexpr unsigned int MAX_STANDARD_TX_SIGOPS_COST
The maximum number of sigops we're willing to relay/mine in a single tx.
Definition: policy.h:33
static constexpr unsigned int MIN_STANDARD_TX_NONWITNESS_SIZE
The minimum non-witness size for transactions we're willing to relay/mine: one larger than 64
Definition: policy.h:29
static constexpr unsigned int STANDARD_SCRIPT_VERIFY_FLAGS
Standard script verification flags that standard transactions will comply with.
Definition: policy.h:103
static constexpr unsigned int STANDARD_NOT_MANDATORY_VERIFY_FLAGS
For convenience, standard but not mandatory verify flags.
Definition: policy.h:119
unsigned int GetNextWorkRequired(const CBlockIndex *pindexLast, const CBlockHeader *pblock, const Consensus::Params &params)
Definition: pow.cpp:13
bool CheckProofOfWork(uint256 hash, unsigned int nBits, const Consensus::Params &params)
Check whether a block hash satisfies the proof-of-work requirement specified by nBits.
Definition: pow.cpp:125
static constexpr TransactionSerParams TX_NO_WITNESS
Definition: transaction.h:196
static constexpr TransactionSerParams TX_WITH_WITNESS
Definition: transaction.h:195
static CTransactionRef MakeTransactionRef(Tx &&txIn)
Definition: transaction.h:424
std::shared_ptr< const CTransaction > CTransactionRef
Definition: transaction.h:423
uint256 GetRandHash() noexcept
Definition: random.cpp:650
const char * prefix
Definition: rest.cpp:1007
reverse_range< T > reverse_iterate(T &x)
@ OP_RETURN
Definition: script.h:110
std::string ScriptErrorString(const ScriptError serror)
size_t GetSerializeSize(const T &t)
Definition: serialize.h:1116
bool CheckSignetBlockSolution(const CBlock &block, const Consensus::Params &consensusParams)
Extract signature and check whether a block has a valid solution.
Definition: signet.cpp:124
unsigned char * UCharCast(char *c)
Definition: span.h:288
std::string ToString(const T &t)
Locale-independent version of std::to_string.
Definition: string.h:109
Holds configuration for use during UTXO snapshot load and validation.
Definition: chainparams.h:47
AssumeutxoHash hash_serialized
The expected hash of the deserialized UTXO set.
Definition: chainparams.h:51
unsigned int nChainTx
Used to populate the nChainTx value, which is used during BlockManager::LoadBlockIndex().
Definition: chainparams.h:57
Describes a place in the block chain to another node such that if the other node doesn't have the sam...
Definition: block.h:124
std::vector< uint256 > vHave
Definition: block.h:134
A mutable version of CTransaction.
Definition: transaction.h:378
std::vector< CTxOut > vout
Definition: transaction.h:380
Holds various statistics on transactions within a chain.
Definition: chainparams.h:70
double dTxRate
estimated number of transactions per second after that timestamp
Definition: chainparams.h:73
int64_t nTime
UNIX timestamp of last known number of transactions.
Definition: chainparams.h:71
int64_t nTxCount
total number of transactions between genesis and that timestamp
Definition: chainparams.h:72
User-controlled performance and debug options.
Definition: txdb.h:44
Parameters that influence chain consensus.
Definition: params.h:74
uint32_t nMinerConfirmationWindow
Definition: params.h:106
std::map< uint256, uint32_t > script_flag_exceptions
Hashes of blocks that.
Definition: params.h:83
bool signet_blocks
If true, witness commitments contain a payload equal to a Bitcoin Script solution to the signet chall...
Definition: params.h:128
int nSubsidyHalvingInterval
Definition: params.h:76
int MinBIP9WarningHeight
Don't warn about unknown BIP 9 activations below this height.
Definition: params.h:99
uint32_t nRuleChangeActivationThreshold
Minimum blocks including miner confirmation of the total of 2016 blocks in a retargeting period,...
Definition: params.h:105
int64_t nPowTargetSpacing
Definition: params.h:112
Application-specific storage settings.
Definition: dbwrapper.h:33
fs::path path
Location in the filesystem where leveldb data will be stored.
Definition: dbwrapper.h:35
int nFile
Definition: flatfile.h:16
unsigned int nPos
Definition: flatfile.h:17
bool IsNull() const
Definition: flatfile.h:36
int64_t time
Definition: mempool_entry.h:31
Validation result for a transaction evaluated by MemPoolAccept (single or package).
Definition: validation.h:127
const ResultType m_result_type
Result type.
Definition: validation.h:136
const TxValidationState m_state
Contains information about why the transaction failed.
Definition: validation.h:139
static MempoolAcceptResult MempoolTxDifferentWitness(const uint256 &other_wtxid)
Definition: validation.h:186
@ INVALID
Fully validated, valid.
static MempoolAcceptResult Failure(TxValidationState state)
Definition: validation.h:163
static MempoolAcceptResult FeeFailure(TxValidationState state, CFeeRate effective_feerate, const std::vector< Wtxid > &wtxids_fee_calculations)
Definition: validation.h:167
static MempoolAcceptResult MempoolTx(int64_t vsize, CAmount fees)
Definition: validation.h:182
static MempoolAcceptResult Success(std::list< CTransactionRef > &&replaced_txns, int64_t vsize, CAmount fees, CFeeRate effective_feerate, const std::vector< Wtxid > &wtxids_fee_calculations)
Definition: validation.h:173
static time_point now() noexcept
Return current system time or mocked time, if set.
Definition: time.cpp:70
Validation result for package mempool acceptance.
Definition: validation.h:233
std::shared_ptr< const CBlock > pblock
PerBlockConnectTrace()=default
CBlockIndex * pindex
void Init(const T &tx, std::vector< CTxOut > &&spent_outputs, bool force=false)
Initialize this PrecomputedTransactionData with transaction data.
bool m_spent_outputs_ready
Whether m_spent_outputs is initialized.
Definition: interpreter.h:172
std::vector< CTxOut > m_spent_outputs
Definition: interpreter.h:170
const char * what() const noexcept override
Bilingual messages:
Definition: translation.h:18
bool empty() const
Definition: translation.h:29
std::string original
Definition: translation.h:19
An options struct for BlockManager, more ergonomically referred to as BlockManager::Options due to th...
An options struct for ChainstateManager, more ergonomically referred to as ChainstateManager::Options...
std::optional< bool > check_block_index
std::chrono::seconds max_tip_age
If the tip is older than this, the node is considered to be in initial block download.
Options struct containing limit options for a CTxMemPool.
int64_t descendant_count
The maximum allowed number of transactions in a package including the entry and its descendants.
int64_t descendant_size_vbytes
The maximum allowed size in virtual bytes of an entry and its descendants within a package.
int64_t ancestor_count
The maximum allowed number of transactions in a package including the entry and its ancestors.
int64_t ancestor_size_vbytes
The maximum allowed size in virtual bytes of an entry and its ancestors within a package.
#define AssertLockNotHeld(cs)
Definition: sync.h:147
#define LOCK(cs)
Definition: sync.h:257
#define WITH_LOCK(cs, code)
Run code while locking a mutex.
Definition: sync.h:301
#define EXCLUSIVE_LOCKS_REQUIRED(...)
Definition: threadsafety.h:49
#define LOCKS_EXCLUDED(...)
Definition: threadsafety.h:48
int64_t GetTime()
Definition: time.cpp:97
std::string FormatISO8601DateTime(int64_t nTime)
ISO 8601 formatting is preferred.
Definition: time.cpp:99
constexpr int64_t count_seconds(std::chrono::seconds t)
Definition: time.h:54
#define LOG_TIME_MILLIS_WITH_CATEGORY(end_msg, log_category)
Definition: timer.h:103
#define LOG_TIME_MILLIS_WITH_CATEGORY_MSG_ONCE(end_msg, log_category)
Definition: timer.h:105
#define strprintf
Format arguments and return the string or write to given std::ostream (see tinyformat::format doc for...
Definition: tinyformat.h:1162
#define TRACE6(context, event, a, b, c, d, e, f)
Definition: trace.h:38
#define TRACE5(context, event, a, b, c, d, e)
Definition: trace.h:37
#define TRACE2(context, event, a, b)
Definition: trace.h:34
#define TRACE7(context, event, a, b, c, d, e, f, g)
Definition: trace.h:39
bilingual_str _(const char *psz)
Translation function.
Definition: translation.h:74
bilingual_str Untranslated(std::string original)
Mark a bilingual_str as untranslated.
Definition: translation.h:48
bool CheckTransaction(const CTransaction &tx, TxValidationState &state)
Definition: tx_check.cpp:11
std::pair< int, int64_t > CalculateSequenceLocks(const CTransaction &tx, int flags, std::vector< int > &prevHeights, const CBlockIndex &block)
Calculates the block height and previous block's median time past at which the transaction will be co...
Definition: tx_verify.cpp:39
bool EvaluateSequenceLocks(const CBlockIndex &block, std::pair< int, int64_t > lockPair)
Definition: tx_verify.cpp:101
int64_t GetTransactionSigOpCost(const CTransaction &tx, const CCoinsViewCache &inputs, uint32_t flags)
Compute total signature operation cost of a transaction.
Definition: tx_verify.cpp:147
unsigned int GetLegacySigOpCount(const CTransaction &tx)
Auxiliary functions for transaction validation (ideally should not be exposed)
Definition: tx_verify.cpp:116
bool SequenceLocks(const CTransaction &tx, int flags, std::vector< int > &prevHeights, const CBlockIndex &block)
Check if transaction is final per BIP 68 sequence numbers and can be included in a block.
Definition: tx_verify.cpp:111
bool IsFinalTx(const CTransaction &tx, int nBlockHeight, int64_t nBlockTime)
Check if transaction is final and can be included in a block with the specified height and time.
Definition: tx_verify.cpp:17
bool TestLockPointValidity(CChain &active_chain, const LockPoints &lp)
Test whether the LockPoints height and time are still valid on the current chain.
Definition: txmempool.cpp:34
static const uint32_t MEMPOOL_HEIGHT
Fake height value used in Coin to signify they are only in the memory pool (since 0....
Definition: txmempool.h:46
uint256 uint256S(const char *str)
Definition: uint256.h:119
#define expect(bit)
bool SignalsOptInRBF(const CTransaction &tx)
Check whether the sequence numbers on this transaction are signaling opt-in to replace-by-fee,...
Definition: rbf.cpp:9
std::optional< std::string > PackageV3Checks(const CTransactionRef &ptx, int64_t vsize, const Package &package, const CTxMemPool::setEntries &mempool_ancestors)
Must be called for every transaction that is submitted within a package, even if not v3.
Definition: v3_policy.cpp:58
std::optional< std::pair< std::string, CTransactionRef > > SingleV3Checks(const CTransactionRef &ptx, const CTxMemPool::setEntries &mempool_ancestors, const std::set< Txid > &direct_conflicts, int64_t vsize)
Must be called for every transaction, even if not v3.
Definition: v3_policy.cpp:162
static void UpdateTipLog(const CCoinsViewCache &coins_tip, const CBlockIndex *tip, const CChainParams &params, const std::string &func_name, const std::string &prefix, const std::string &warning_messages) EXCLUSIVE_LOCKS_REQUIRED(
static bool NotifyHeaderTip(ChainstateManager &chainman) LOCKS_EXCLUDED(cs_main)
static CSHA256 g_scriptExecutionCacheHasher
static void LimitMempoolSize(CTxMemPool &pool, CCoinsViewCache &coins_cache) EXCLUSIVE_LOCKS_REQUIRED(
Definition: validation.cpp:266
static int64_t num_blocks_total
bool IsBlockMutated(const CBlock &block, bool check_witness_root)
Check if a block has been mutated (with respect to its merkle root and witness commitments).
static unsigned int GetBlockScriptFlags(const CBlockIndex &block_index, const ChainstateManager &chainman)
PackageMempoolAcceptResult ProcessNewPackage(Chainstate &active_chainstate, CTxMemPool &pool, const Package &package, bool test_accept, std::optional< CFeeRate > client_maxfeerate)
Validate (and maybe submit) a package to the mempool.
bool FatalError(Notifications &notifications, BlockValidationState &state, const std::string &strMessage, const bilingual_str &userMessage)
GlobalMutex g_best_block_mutex
Definition: validation.cpp:112
static SteadyClock::duration time_connect_total
std::condition_variable g_best_block_cv
Definition: validation.cpp:113
static bool pool cs
Definition: validation.cpp:401
MempoolAcceptResult AcceptToMemoryPool(Chainstate &active_chainstate, const CTransactionRef &tx, int64_t accept_time, bool bypass_limits, bool test_accept) EXCLUSIVE_LOCKS_REQUIRED(
Try to add a transaction to the mempool.
double GuessVerificationProgress(const ChainTxData &data, const CBlockIndex *pindex)
Guess how far we are in the verification process at the given block index require cs_main if pindex h...
bool CheckFinalTxAtTip(const CBlockIndex &active_chain_tip, const CTransaction &tx)
Definition: validation.cpp:142
CAmount GetBlockSubsidy(int nHeight, const Consensus::Params &consensusParams)
static SynchronizationState GetSynchronizationState(bool init)
int ApplyTxInUndo(Coin &&undo, CCoinsViewCache &view, const COutPoint &out)
Restore the UTXO in a Coin at a given COutPoint.
static bool ContextualCheckBlock(const CBlock &block, BlockValidationState &state, const ChainstateManager &chainman, const CBlockIndex *pindexPrev)
NOTE: This function is not currently invoked by ConnectBlock(), so we should consider upgrade issues ...
bool CheckSequenceLocksAtTip(CBlockIndex *tip, const LockPoints &lock_points)
Check if transaction will be BIP68 final in the next block to be created on top of tip.
Definition: validation.cpp:245
static SteadyClock::duration time_post_connect
static SteadyClock::duration time_chainstate
bool InitScriptExecutionCache(size_t max_size_bytes)
Initializes the script-execution cache.
bool HasValidProofOfWork(const std::vector< CBlockHeader > &headers, const Consensus::Params &consensusParams)
Check with the proof of work on each blockheader matches the value in nBits.
static constexpr std::chrono::hours DATABASE_FLUSH_INTERVAL
Time to wait between flushing chainstate to disk.
Definition: validation.cpp:94
static SteadyClock::duration time_forks
bool CheckInputScripts(const CTransaction &tx, TxValidationState &state, const CCoinsViewCache &inputs, unsigned int flags, bool cacheSigStore, bool cacheFullScriptStore, PrecomputedTransactionData &txdata, std::vector< CScriptCheck > *pvChecks=nullptr) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Check whether all of this transaction's input scripts succeed.
static bool CheckWitnessMalleation(const CBlock &block, bool expect_witness_commitment, BlockValidationState &state)
CheckWitnessMalleation performs checks for block malleation with regard to its witnesses.
static SteadyClock::duration time_verify
void UpdateCoins(const CTransaction &tx, CCoinsViewCache &inputs, CTxUndo &txundo, int nHeight)
static void AppendWarning(bilingual_str &res, const bilingual_str &warn)
Private helper function that concatenates warning messages.
static bool DeleteCoinsDBFromDisk(const fs::path db_path, bool is_snapshot) EXCLUSIVE_LOCKS_REQUIRED(
static bool CheckMerkleRoot(const CBlock &block, BlockValidationState &state)
static SteadyClock::duration time_check
static constexpr int PRUNE_LOCK_BUFFER
The number of blocks to keep below the deepest prune lock.
Definition: validation.cpp:110
bool IsBIP30Unspendable(const CBlockIndex &block_index)
Identifies blocks which coinbase output was subsequently overwritten in the UTXO set (see BIP30)
static SteadyClock::duration time_index
static bool CheckInputsFromMempoolAndCache(const CTransaction &tx, TxValidationState &state, const CCoinsViewCache &view, const CTxMemPool &pool, unsigned int flags, PrecomputedTransactionData &txdata, CCoinsViewCache &coins_tip) EXCLUSIVE_LOCKS_REQUIRED(cs_main
Checks to avoid mempool polluting consensus critical paths since cached signature and script validity...
static SteadyClock::duration time_connect
const std::vector< std::string > CHECKLEVEL_DOC
Documentation for argument 'checklevel'.
Definition: validation.cpp:97
static ChainstateManager::Options && Flatten(ChainstateManager::Options &&opts)
Apply default chain params to nullopt members.
bool CheckBlock(const CBlock &block, BlockValidationState &state, const Consensus::Params &consensusParams, bool fCheckPOW, bool fCheckMerkleRoot)
Functions for validating blocks and updating the block tree.
static constexpr std::chrono::hours MAX_FEE_ESTIMATION_TIP_AGE
Maximum age of our tip for us to be considered current for fee estimation.
Definition: validation.cpp:96
void PruneBlockFilesManual(Chainstate &active_chainstate, int nManualPruneHeight)
Prune block files up to a given height.
static void FlushSnapshotToDisk(CCoinsViewCache &coins_cache, bool snapshot_loaded)
static SteadyClock::duration time_undo
for(const CTxIn &txin :tx.vin)
Definition: validation.cpp:406
static CuckooCache::cache< uint256, SignatureCacheHasher > g_scriptExecutionCache
bool TestBlockValidity(BlockValidationState &state, const CChainParams &chainparams, Chainstate &chainstate, const CBlock &block, CBlockIndex *pindexPrev, bool fCheckPOW, bool fCheckMerkleRoot)
Check a block is completely valid from start to finish (only works on top of our current best block)
static bool IsCurrentForFeeEstimation(Chainstate &active_chainstate) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
Definition: validation.cpp:282
std::optional< LockPoints > CalculateLockPointsAtTip(CBlockIndex *tip, const CCoinsView &coins_view, const CTransaction &tx)
Definition: validation.cpp:200
AssertLockHeld(pool.cs)
static SteadyClock::duration time_total
static bool CheckBlockHeader(const CBlockHeader &block, BlockValidationState &state, const Consensus::Params &consensusParams, bool fCheckPOW=true)
arith_uint256 CalculateClaimedHeadersWork(const std::vector< CBlockHeader > &headers)
Return the sum of the claimed work on a given set of headers.
bool IsBIP30Repeat(const CBlockIndex &block_index)
Identifies blocks that overwrote an existing coinbase output in the UTXO set (see BIP30)
static SteadyClock::duration time_flush
static void SnapshotUTXOHashBreakpoint(const util::SignalInterrupt &interrupt)
static fs::path GetSnapshotCoinsDBPath(Chainstate &cs) EXCLUSIVE_LOCKS_REQUIRED(
uint256 g_best_block
Used to notify getblocktemplate RPC of new tips.
Definition: validation.cpp:114
static constexpr std::chrono::hours DATABASE_WRITE_INTERVAL
Time to wait between writing blocks/block index to disk.
Definition: validation.cpp:92
static bool ContextualCheckBlockHeader(const CBlockHeader &block, BlockValidationState &state, BlockManager &blockman, const ChainstateManager &chainman, const CBlockIndex *pindexPrev) EXCLUSIVE_LOCKS_REQUIRED(
Context-dependent validity checks.
static void LimitValidationInterfaceQueue(ValidationSignals &signals) LOCKS_EXCLUDED(cs_main)
assert(!tx.IsCoinBase())
static const unsigned int MIN_BLOCKS_TO_KEEP
Block files containing a block-height within MIN_BLOCKS_TO_KEEP of ActiveChain().Tip() will not be pr...
Definition: validation.h:66
SnapshotCompletionResult
Definition: validation.h:800
SynchronizationState
Current sync state passed to tip changed callbacks.
Definition: validation.h:80
VerifyDBResult
Definition: validation.h:390
CoinsCacheSizeState
Definition: validation.h:468
@ LARGE
The cache is at >= 90% capacity.
@ CRITICAL
The coins cache is in immediate need of a flush.
FlushStateMode
Definition: validation.h:425
DisconnectResult
Definition: validation.h:416
@ DISCONNECT_FAILED
Definition: validation.h:419
@ DISCONNECT_UNCLEAN
Definition: validation.h:418
@ DISCONNECT_OK
Definition: validation.h:417
static const int32_t VERSIONBITS_NUM_BITS
Total bits available for versionbits.
Definition: versionbits.h:20
static const int32_t VERSIONBITS_TOP_BITS
What bits to set in version for versionbits blocks.
Definition: versionbits.h:16
static const int32_t VERSIONBITS_TOP_MASK
What bitmask determines whether versionbits is in use.
Definition: versionbits.h:18
ThresholdState
BIP 9 defines a finite-state-machine to deploy a softfork in multiple stages.
Definition: versionbits.h:27
void SetfLargeWorkInvalidChainFound(bool flag)
Definition: warnings.cpp:29