Bugfix: RPC: savemempool: Don't save until LoadMempool() is finished

[jtimon]

Fixes #12142

The tests are a little bit slow, mempool_persist.py goes from about 20 s to about 120 s in my hardware.
Perhaps there's a better way to test this.

[instagibbs]

this also cannot complete when -persistmempool is false, yes? Might want to add that to RPC notes, or set it to true always if persist is false.

[luke-jr]

I think it's probably important that this works if -persistmempool is false.

[TheBlueMatt]

Indeed, definitely needs to work with -persistmempool false, that's the whole point of the savemempool command. AFAICT the current implementation does work in that case.

[jtimon]

I agree it's best it works in that case, just didn't thought about it initially. But for the record, I'm using savemempool with -persistmempool to true, because I want to read it on restart too!
I think the whole point of savemempool is to cover use cases where for whatever reason (in my case, an insufficient knowledge of docker-compose) you can't or don't always let the daemon exit gracefully.

[instagibbs]

is this test essentially racing the mempool acceptance?

[jtimon]

stopping the node the mempool is dumped and starting the node, LoadMempool gets called again, hopefully with enough work ahead to catch the error when calling savemempool on the next line.

[maflcko]

I don't see a reason to make it fail when nopersistmempool

[maflcko]

Move down two lines to break out of this scope?

[jtimon]

Modified so that savemempool keeps working when -persistmempool=0 as discussed.

[maflcko]

style-nit: Might use g_is_mempool_loaded{false} for compile-time narrowing check.

[jtimon]

Fixed

[TheBlueMatt]

It would be nice to drop fDumpMempoolLater and only have one global for "mempool was loaded". Should be able to set g_is_mempool_loaded to !fRequestShutdown here, and then check -persistmempool before flushing during shutdown to avoid changing behavior without adding another boolean.

[jtimon]

Perhaps I'm not understanding the code, but what I assumed is that fDumpMempoolLater is set to !fRequestShutdown instead of true to avoid more than one thread dumping the mempool. But in this case we want all threads to work with savemempool once the mempool is loaded.
Am I confused about this or missing something?

[TheBlueMatt]

There is only one shutdown thread, not sure what you mean "more than one thread dumping the mempool". !fRequestShutdown is a check to make sure LoadMempool() didn't quit early, but its also safe to re-use that in RPC as if fRequestShutdown is set we'll be shutting down soon anyway, so RPCs can fail.

[jtimon]

Alright, I wasn't understanding why !fRequestShutdown was set, it seems we can have a single boolean then and drop fDumpMempoolLater.

[TheBlueMatt]

Would be nice to give a different error message here.

[promag]

Agree, with the corresponding test.

[promag]

Should the g_is_mempool_loaded check be inside of DumpMempool? No need to see g_is_mempool_loaded in the RPC code.

Note that with this change there is no need for a functional test, just a c++ test DumpMempool.

[jtimon]

Well, if I put it inside DumpMempool() then I can't have the different meesage, right?
I don't have a strong opinion about putting it inside and removing the functional test, I would like to hear what others think before doing it. I'll change the error message for now.

[TheBlueMatt]

Indeed, definitely needs to work with -persistmempool false, that's the whole point of the savemempool command. AFAICT the current implementation does work in that case.

[promag]

Concept ACK.

BTW, Should the RPC server start after the mempool is loaded?

[promag]

Agree, with the corresponding test.

[promag]

Should the g_is_mempool_loaded check be inside of DumpMempool? No need to see g_is_mempool_loaded in the RPC code.

Note that with this change there is no need for a functional test, just a c++ test DumpMempool.

[jtimon]

I guess starting the rpc server only after the mempool is loaded is another solution, but I'm not sure it is better.
Unified the 2 bool globals and separated the error message.

[gmaxwell]

Why is there still an argument check here? The setting of g_is_mempool_loaded appears to me to be unconditional now.

[maflcko]

The code seems correct, but is just badly documented.

What about

const bool is_supposed_to_load_mempool{gArgs.GetArg("-persistmempool", DEFAULT_PERSIST_MEMPOOL)};
if (!g_is_mempool_loaded && is_supposed_to_load_mempool) {

[jtimon]

Well, it is now not needed since the g_is_mempool_loaded is set out of the if gArgs.GetArg("-persistmempool".... I was thinking that perhaps we should allow to dump even before g_is_mempool_loaded is set if -persistmempool=0 (since in that case it's not loading it anyway).
But perhaps it's better that it waits for that line to be run when -persistmempool=0 too.
Or perhaps the we can set g_is_mempool_loaded only conditionally like fDumpMempoolLater was.

No strong opinion, I'm happy with any of the possible variations on this. But I don't think it's a matter of documentation. It's just choosing what we want here.

[maflcko]

Why would there be anything in mempool, when -persistmempool=0 and you are not yet connected to any peers? So there wouldn't be any need to allow savemempool.

We are mostly nitpicking here, and I don't care too much what variation you pick, but the current code seems confusion/hard to read, otherwise we woulnd't have this conversation.

[jtimon]

Alright, I'll just remove the gArgs.GetArg("-persistmempool", DEFAULT_PERSIST_MEMPOOL) condition from here and leave it as it was right before.

[jtimon]

Fixed.

[maflcko]

utACK 5b80af6322036c141ffce8fb7f10f5d40b8bc0f0 (didn't look at tests)

[maflcko]

A comment explaining why this is needed?

[jtimon]

I guess perhaps it is not needed...

[maflcko]

Please remove it, when it is not needed. Starting and stopping nodes is where a ton of time is wasted in the test framework.

[maflcko]

I assume you can modify the self.stop_nodes() a few lines above to say self.stop_node(1)

[maflcko]

How will this not create too long mempool chains?

[jtimon]

I'm not sure I understand the question. What's the problem?

[maflcko]

Currently the mempool only accepts a chain of up to 26 unconfirmed transactions, since coin selection is not deterministic, I assume we will run into travis failures at some point.

Also, IIRC the wallet is extremely slow with coin selection, when a lot of the coins are unconfirmed change. There might be some helper functions in the test framework that can create a ton of spam transactions.

[maflcko]

Test takes 7-8 Minutes on travis. Should be fixed before merge.

[maflcko]

Test is failing for me locally. You might as well leave out the test and ask for some Tested ACKs instead.

[jtimon]

@MarcoFalke Sure, I'm happy to leave out the test if I get some tested acks. It's an edge case anyway and seems expensive to test this way, filling the mempool enough so that the loading takes long enough to get the error (plus that varies with the machine and machine load [this seems close to the minimum in my machine but it's not enough on yours and it's too much on travis]).
Additionally it is quite simple IMO to see this is correct without the tests with very little grep since it's only +9-4 without the tests.

[jtimon]

Needed rebase

[maflcko]

I am guessing you wouldn't have to rebase if you just dropped the test commit. Since I am going to NACK on merging the test commit for the reasons provided above, you might as well remove it.

[jtimon]

Yes, I'm also for removing it. I was just waiting for more people to agree with us and some tested ACKs as you said.

EDIT: but, no, it needed rebase and not for the tests, new code close to the one I was changing was changed in https://github.com/bitcoin/bitcoin/pull/12266/files#diff-c865a8939105e6350a50af02766291b7R204

[greenaddress]

BTW, Should the RPC server start after the mempool is loaded?

Seems to me this issue is not just about saving mempool but also about any RPC that interacts with the mempool like fetching raw transactions and so on - thus I also think it may be a good idea to not start the rpc server until the service is up and loaded the mempool - am I missing something?

[jtimon]

Rebased and added several commits inspired by @promag 's last suggestion but without looking much at WalletRescanReserver::reserver() and trying to do things with atomic booleans in mempool instead.

We can squash, leave for later PRs or reject forever each of the newly proposed commits.

I wish I could go as far as s/LoadMempool(/mempool.Load(/ and s/DumpMempool(/mempool.Dump(/ , moving code from validation.cpp to txmempool.cpp, but at some point we need to just fix #12142 and leave later improvements for later PRs.

[promag]

without looking much at WalletRescanReserver::reserver() and trying to do things with atomic booleans in mempool instead.

Any reason to do differently?

Not sure about representing the state with 2 atomic booleans. Will review later.

[jtimon]

@promag Yeah, sorry for pushing a half-baked thought. Please, let me come back to this again before you review it, perhaps I can convince myself it doesn't make sense and I save you some time.

EDIT: Or perhaps we can just leave it as it previously was and leave your request for a following PR, but I think it makes a lot of sense and it shouldn't be that hard if I hadn't tried to simplify the wheel.

[maflcko]

Please remove unrelated move of variables from a bug fix pull request

[maflcko]

What is the status of this? Seems stale and can be closed?

[jtimon]

I'm sorry @MarcoFalke IIRC the status is that the first commit has been around for long and tested by myself many times (but I'm trusting my rebases on the same ting now), but then after @promag 's review and test (he gave a tested ack for the first commit), I got very excited about a suggestion he made to upgrade this PR to fix more related things. I think he is totally right in his suggestion of apart from not allowing saving the mempool until it has been loaded, also just return an error as suggested when you call the rpc to save the mempool and it's already in the process of saving.

But instead of listening to @promag and copy a part of the codebase that already works for the same king of thing, I tried to re-invent the wheel because I thought I could implement it simpler and I failed so far.

I suggest that we merge the first commit which is very simple and even has had tests in the past (until people asked them to be removed for being slow and non-deterministic) and also been tested manually (not very hard to test manually, btw). Then someone (ehem, promag) could create another so that no thread dares to save the mempool while already saving it. Please ping me to test that second part, since it's as easy to test manually as this one,

As a user that never gives more the daemon more than 60 secs to gracefully exit and thus depends on this rpc call to persist the mempool, I can just always wait longer for the first save, I can at most miss mempool data while re-deploying too often. Being prevented from calling savemempool twice is I think a cool improvement but not that much for users that are calling savemempool with a cron process like me (and I imagine, most savemempool users).

[promag]

I'm fine with @jtimon suggestion to move the fix forward. I can then submit a PR to improve concurrency.

[jtimon]

I'm assuming an agreement from @MarcoFalke 's lack of response.
Just in case, the branch that is not tested and that is trying to solve @promag 's very legitimate concern is in https://github.com/jtimon/bitcoin/tree/b16-bugfix-savemempool-extend. I will review or at a minimum test his more reasonable future proposal. But I tried to make it in an unorthodox way I would like to study more than I know the way @promag 's knows how to do it.
But please let's fix this first.

[laanwj]

utACK cb1e319