net: guard vRecvGetData with cs_vRecv and orphan_work_set with g_cs_orphans

[narula]

Add annotations to guard vRecvGetData and orphan_work_set and fix up places where they were accessed without a lock. There is no current data race because they happen to be accessed by only one thread, but this might not always be the case.

Original discussion: #18861 (comment)

[practicalswift]

Concept ACK

[jnewbery]

Concept ACK.

I've left a couple of style comments inline. Will review fully once this is rebased.

[narula]

The thread sanitizer is complaining about locking order; I'm looking into it.

[hebasto]

Concept ACK.

[hebasto]

@narula

The thread sanitizer is complaining about locking order; I'm looking into it.

Could I suggest some code reorganization to keep locking order constant:
https://github.com/hebasto/bitcoin/commits/pr19911-0908 ?

[jnewbery]

This would be a slight sequencing change, but perhaps we should either call ProcessGetData() here, or not call it in the GETDATA processing for consistency. It seems from this comment that the only reason we weren't calling ProcessGetData() here was that cs_main was being held, which is no longer the case.

[narula]

Would this be a behavior change?

[narula]

I've pushed a new series of commits which move vRecvGetData and orphan_work_set to Peer and then guard them appropriately. It's a bit more of a change, but happy to help move things over there if that's the end goal.

I do have some commits that move both vRecvGetData and orphan_work_set to the Peer struct in https://github.com/jnewbery/bitcoin/commits/2020-06-cs-main-split-needs-rebase (everything from
END move tx data to net processing // START move work queue data to net processing to END move work queue data to net processing // START move subversion to net_processing). It's slightly orthogonal to this PR, but perhaps we should just do that now while we're touching these fields?

@jnewbery I tried to cherry-pick some of your commits but they did not move cleanly given the scope of your branch's change; I also didn't do one of the renames you did to minimize the change. Let me know if there's an appropriate way to credit you.

[jnewbery]

Thanks Neha! A couple of small comments inline.

[DrahtBot]

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• tree-wide: De-globalize ChainstateManager #20158 (tree-wide: De-globalize ChainstateManager by dongcarl)
• net processing: Move peer_map to PeerManager #19910 (net processing: Move peer_map to PeerManager by jnewbery)
• net processing: Move block inventory state to net_processing #19829 (net processing: Move block inventory state to net_processing by jnewbery)
• Drop IO priority to idle while reading blocks for peer requests and startup verification #9245 (Drop IO priority to idle while reading blocks for peer requests and startup verification by luke-jr)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

[promag]

Concept ACK and almost code review ACK, still reviewing 939880b.

[jnewbery]

In commit Move m_orphan_work_set to net_processing, you're not removing CNode::m_orphan_work_set.

Other than that, looks good!

[narula]

In commit Move m_orphan_work_set to net_processing, you're not removing CNode::m_orphan_work_set.

Other than that, looks good!

Good catch, I lost that in the last rebase! Fixed.

[jnewbery]

Code review ACK da0988d

[hebasto]

Approach ACK da0988d.

Mind making the first rename commit a scripted-diff as well?

[hebasto]

8803aee, nit:

Suggested change

	if (peer == nullptr) return;
	if (!peer) return;

[narula]

I'm trying to be consistent with other ways this is checked in the file, for example

bitcoin/src/net_processing.cpp

Line 999 in 8803aee

if (peer == nullptr) return false;

and

bitcoin/src/net_processing.cpp

Line 1146 in 8803aee

if (peer == nullptr) return;

[hebasto]

I don't think it is required to be consistent with a bad style of the surrounding code. Are we going to check every raw/smart pointer against nullptr explicitly everywhere in the code?

[jnewbery]

I think both are fine. We don't express a preference in our style guide. I think @hebasto's suggestion is more idiomatic, and if I were writing those lines again, I'd use the !ptr form.

[hebasto]

8803aee, nit:

Suggested change

	if (peer == nullptr) return false;
	if (!peer) return false;

[hebasto]

673247b, nit:

Suggested change

	LOCK(g_cs_orphans);
	LOCK(::g_cs_orphans);

[hebasto]

2d9f2fc, nit:

Suggested change

	if (peer == nullptr) return;
	if (!peer) return;

[hebasto]

2d9f2fc, nit:

Suggested change

	std::deque<CInv>::iterator it = peer->vRecvGetData.begin();
	auto it = peer->vRecvGetData.begin();

[jnewbery]

We don't have guidance about auto usage in our style guide. I personally think auto should only be used if the type is immediately obvious from the surrounding code, and it's saving redundant and verbose keystrokes.

[hebasto]

We don't have guidance about auto usage in our style guide.

Yes. And I think we should have it.

I personally think auto should only be used if the type is immediately obvious from the surrounding code, and it's saving redundant and verbose keystrokes.

https://herbsutter.com/2013/08/12/gotw-94-solution-aaa-style-almost-always-auto/

[jnewbery]

Thanks @hebasto. I hadn't seen that particular blog post before, but I am familiar with the arguments for and against auto. Scott Meyers also dedicates a chapter to it in Exceptional Modern C++.

Here, I think it's useful to explicitly name the type, since CInv is part of the interface. Sure, we could switch out std::deque for another container at some point, but to know what it->IsGenTxMsg() is doing a few lines further down, you need to know that it is an iterator over some container of CInvs. I'd much rather the code told me that explicitly than having to go find out what m_getdata_requests is from somewhere else.

[hebasto]

ok.

[narula]

That is a very interesting post! I'm not sure I entirely agree with his reasoning against the readability argument, but perhaps we could debate that somewhere else :) I think this could go either way, and I prefer having the type explicit.

[hebasto]

2d9f2fc

nit: add braces or make one line?

[jnewbery]

Mind making the first rename commit a scripted-diff as well?

It can't be, since orphan_work_set is currently used as the name for both a member variable and a local variable.

[hebasto]

Mind making the first rename commit a scripted-diff as well?

It can't be, since orphan_work_set is currently used as the name for both a member variable and a local variable.

Indeed. Sorry.

[narula]

I think all comments have been addressed except the remaining review comments which I can summarize to the following nits:

1. change if (peer == nullptr) to if (!peer) in the places where I add a new nullptr check
2. fix up an existing if without braces: net: guard vRecvGetData with cs_vRecv and orphan_work_set with g_cs_orphans #19911 (comment) in a line I touch

I don't think these are important, and I already have one ACK on the code so I'd prefer not to change them. However, if others disagree, I can do so.

[hebasto]

ACK da0988d, I have reviewed the code and it looks correct, I agree it can be merged.

My only concern was resolved by @jnewbery. My other comments are non-blocking nits obviously.

I don't think these are important, and I already have one ACK on the code so I'd prefer not to change them. However, if others disagree, I can do so.

Now you've got two of them 😃

[maflcko]

review ACK da0988d 🐬

Show signature and timestamp

Signature:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

review ACK da0988daf1d665a4644ad3f1ddf3f8a8bdd88cde 🐬
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEE+rVPoUahrI9sLGYTzit1aX5ppUgFAlwqrYAACgkQzit1aX5p
pUh3Kwv/Z92YkezB0vKDt8zCSK2kekyViu2esvi5EQIv7t59sPpc1lksTFvC75lX
rmr8hVvOHb6l1pMTGEXLJHVgamn4B/xd5jnJCEGcI9GR1bamL6wRlSKLZEyhnVjV
Siyp7qPFIQPTQxUsUhgJxeLqqYWV1TLmxRvekBnwtfksqpHTBR6icrBsQpg7Nu7Q
f9uiggfUZq3UrnyzF9dJqYUG5CyGiymnRH9YUE89W+7cg/L7RllSQh6K5lrbeb9b
WwAbJL64iDR3Npv4d9bwIQkZNgadyZA8yYw/kskriD9Gt+Qxg7V0VnBbExhve3mp
vc2i6mpPqgDS0n4a+tv3pB7g4zvv9w8kLNt4wXiBIETVdbfH5acdDw3GvTOAhQBl
Nwu0KhCxCkXtWDP56vJo2D0V8WsaHMQv53DUAjsAKHot7c0ihXd+V3zhwUHhJXEP
d1BHU3W+II9DB0c2e9gXyiS/ZHWbEhzwvtdj2pVAtETJG6dt8gM9aEmdzh7Lnfga
QWbax8bo
=//W2
-----END PGP SIGNATURE-----

Timestamp of file with hash 350e455a9cfde318c3ab04c709fac25fca0a0b8205b4cfd5c3a0765e95f4dff4 -