wallet: Only fail rescan when blocks have actually been pruned

MarcoFalke commented at 5:55 pm on April 22, 2019: member

This brings the behaviour of the import* calls closer to importmulti. After this change, the difference between importmulti and the other import* calls is

that in importmulti you can “opt-out” of scanning early blocks by setting a later timestamp.
that in importmulti the wallet will successfully import the data, but fail to rescan. Whereas in the other calls, the wallet will abort before importing the data.

MarcoFalke force-pushed on Apr 22, 2019

gmaxwell commented at 6:44 pm on April 22, 2019: contributor

Concept ACK.

There is an argument against doing things like this: that it’s better to fail deterministically rather than fail randomly at some point in the future and have created incorrect expectations of functionality. But setting prune to some large “future” amount is a perfectly reasonable configuration. And this doesn’t cause it to fail randomly, but rather work until it doesn’t. So I don’t believe the general argument against this sort of thing offsets the benefit.

ryanofsky commented at 7:16 pm on April 22, 2019: member

This seems to affect importaddress, importpubkey, importprivkey, and importwallet but not importmulti. I wonder how the new behavior compares to importmulti behavior, and if there’s a difference, whether that’s justified.

DrahtBot commented at 7:30 pm on April 22, 2019: member

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

No conflicts as of last run.

MarcoFalke commented at 7:34 pm on April 22, 2019: member

@ryanofsky The only difference between importmulti and the other calls is that in importmulti you can “opt-out” of scanning early blocks by setting a later timestamp. Otherwise, my change makes all calls behave in the same way.

Edit: I believe the only difference is that importmulti will import the keys and then fail the rescan, whereas the other calls will exit early and not attempt to import anything.

DrahtBot added the label RPC/REST/ZMQ on Apr 22, 2019

DrahtBot added the label Tests on Apr 22, 2019

DrahtBot added the label Wallet on Apr 22, 2019

MarcoFalke force-pushed on Apr 23, 2019

promag commented at 8:12 pm on April 24, 2019: member

Edit: I believe the only difference is that importmulti will import the keys and then fail the rescan, whereas the other calls will exit early and not attempt to import anything.

Why a different behavior? It’s already possible to call importmulti ... '{"rescan": false}' and then rescanblockchain ...? I think RPCs should (try to) be atomic so that the client doesn’t have to figure out what succeeded or not.

MarcoFalke commented at 8:23 pm on April 24, 2019: member

Why a different behavior?

I don’t know. I didn’t write the importmulti RPC and I don’t plan to change it in this pull request.

in src/interfaces/chain.cpp:328 in fad8451939 outdated

325@@ -326,7 +326,11 @@ class ChainImpl : public Chain
326     CFeeRate relayIncrementalFee() override { return ::incrementalRelayFee; }
327     CFeeRate relayDustFee() override { return ::dustRelayFee; }
328     CAmount maxTxFee() override { return ::maxTxFee; }
329-    bool getPruneMode() override { return ::fPruneMode; }
330+    bool havePruned() override

promag commented at 8:33 pm on April 24, 2019:

Move to the chain lock?

MarcoFalke commented at 8:58 pm on April 24, 2019:

Why?

MarcoFalke commented at 9:00 pm on April 24, 2019:

Sorry for the brief reply, but see here:

https://github.com/bitcoin/bitcoin/blob/fad84519391a05f2ad42381cca9135323b709657/src/interfaces/chain.h#L69-L73

The chain lock is deprecated and will be removed in the future.

in src/wallet/rpcdump.cpp:160 in fad8451939 outdated

156@@ -157,8 +157,8 @@ UniValue importprivkey(const JSONRPCRequest& request)
157         if (!request.params[2].isNull())
158             fRescan = request.params[2].get_bool();
159 
160-        if (fRescan && pwallet->chain().getPruneMode()) {
161-            throw JSONRPCError(RPC_WALLET_ERROR, "Rescan is disabled in pruned mode");
162+        if (fRescan && pwallet->chain().havePruned()) {

promag commented at 8:38 pm on April 24, 2019:

A block can be pruned before RescanWallet (L202). What would be the error then?

MarcoFalke commented at 8:57 pm on April 24, 2019:

It will throw an error "Rescan was unable to fully rescan the blockchain. Some transactions may be missing."

promag commented at 8:41 pm on April 24, 2019: member

@MarcoFalke I wasn’t suggesting changing that behavior.

Concept ACK. Correct me if I’m wrong, but it doesn’t have to fail if all required blocks are available right?

MarcoFalke commented at 9:03 pm on April 24, 2019: member

Concept ACK. Correct me if I’m wrong, but it doesn’t have to fail if all required blocks are available right?

importmulti does not fail the rescan when all blocks after the timestamp are available, but it fails after the import if a block is missing. the other import* (after my change) also do not fail the rescan when all blocks after time=0 are available. However, they fail before the import if a block is missing.

MarcoFalke force-pushed on Apr 27, 2019

DrahtBot added the label Needs rebase on Apr 27, 2019

DrahtBot removed the label Needs rebase on Apr 27, 2019

MarcoFalke force-pushed on Apr 29, 2019

luke-jr commented at 6:02 am on May 1, 2019: member

Let’s use prune height instead, so rescanblockchain can be picky about it?

MarcoFalke commented at 2:02 pm on May 1, 2019: member

I am not touching rescanblockchain at all. Could you explain what you mean?

luke-jr commented at 11:26 pm on May 1, 2019: member

I mean it would make sense to use a common interface with rescanblockchain, which would need prune-height rather than have-pruned.

MarcoFalke commented at 1:10 pm on May 2, 2019: member

Oh, the RPCs I touch are already deprecated in favor of importmulti, so I’d rather not add features to them.

luke-jr commented at 6:17 pm on May 2, 2019: member

I’m commenting on the src/interfaces changes specifically.

MarcoFalke commented at 6:21 pm on May 2, 2019: member

Ah. Yeah, since we don’t store the prune height, this would complicate my changes slightly. I think the additional code can be added later (when needed in rescanblockchain).

jnewbery added this to the "Blockers" column in a project

jnewbery commented at 5:25 pm on May 3, 2019: member

I’m a little concerned about this change. Anywhere that havePruned() is called without cs_main is racy, since a block may be pruned after havePruned() is called. We therefore need to make sure that the code after those havePruned() calls is robust against being run when blocks have been pruned. If that’s the case, why not just remove the chain().getPruneMode() check entirely and let the error-handling in the later code handle when a block is missing?

The four call sites in rpcdump do not hold cs_main. The call site in CreateWalletFromFile() does hold cs_main indirectly through locked_chain, but a goal is to remove that lock.

MarcoFalke commented at 5:49 pm on May 3, 2019: member

@jnewbery The check is only there to provide a nice error message. As you correctly observe it is not needed for correctness. Should I clarify that with a comment?

The error message otherwise would be #15870 (review)

jnewbery commented at 5:57 pm on May 3, 2019: member

The check is only there to provide a nice error message. As you correctly observe it is not needed for correctness. Should I clarify that with a comment?

Yes, that sounds good. Thanks!

in test/functional/wallet_import_rescan.py:42 in fa9fa5d647 outdated

38@@ -40,9 +39,6 @@ class Variant(collections.namedtuple("Variant", "call data rescan prune")):
39     """Helper for importing one key and verifying scanned transactions."""
40 
41     def try_rpc(self, func, *args, **kwargs):
42-        if self.expect_disabled:
43-            assert_raises_rpc_error(-4, "Rescan is disabled in pruned mode", func, *args, **kwargs)
44-        else:
45             return func(*args, **kwargs)

jnewbery commented at 6:59 pm on May 3, 2019:

nit: indentation

EDIT: just remove this function entirely

MarcoFalke commented at 7:33 pm on May 3, 2019:

Done

jnewbery commented at 7:00 pm on May 3, 2019: member

utACK fa9fa5d647092710aa03dadf92433584e9fe26a3

Will happily reACK a squashed branch.

MarcoFalke force-pushed on May 3, 2019

jnewbery commented at 7:46 pm on May 3, 2019: member

utACK fa9f3cc89442e9b332a27b81b04201bb4a0caf28

in src/wallet/rpcdump.cpp:157 in fa9f3cc894 outdated

156@@ -157,8 +157,11 @@ UniValue importprivkey(const JSONRPCRequest& request)
157         if (!request.params[2].isNull())

jonatack commented at 4:11 pm on May 6, 2019:

MarcoFalke commented at 6:07 pm on May 6, 2019:

Done with a scripted diff

in src/wallet/wallet.cpp:4223 in fa9f3cc894 outdated

4220@@ -4221,8 +4221,11 @@ std::shared_ptr<CWallet> CWallet::CreateWalletFromFile(interfaces::Chain& chain,
4221     {
4222         //We can't rescan beyond non-pruned blocks, stop and throw an error
4223         //this might happen if a user uses an old wallet within a pruned node

jonatack commented at 4:13 pm on May 6, 2019:

Nit: space after // in lines 4222 and 4223

jonatack commented at 4:16 pm on May 6, 2019:

Perhaps out of PR scope but the docs in lines 4222 and 4223 could be clearer, e.g. is “error” the end of a sentence and “this” the start of a sentence, or…

MarcoFalke commented at 5:03 pm on May 6, 2019:

This is only a dev comment, so no need to over-optimize. Will take specific suggestions if I need to touch this pull for other reasons, though.

jnewbery commented at 5:20 pm on May 6, 2019:

I don’t think “no need to over-optimize” is a helpful response. The grammar is wrong. Why not correct it?

MarcoFalke commented at 6:07 pm on May 6, 2019:

Added a dot and space if that is what you meant

in src/wallet/rpcdump.cpp:589 in fa9f3cc894 outdated

581@@ -573,7 +582,10 @@ UniValue importwallet(const JSONRPCRequest& request)
582                 },
583             }.ToString());
584 
585-    if (pwallet->chain().getPruneMode()) {
586+    if (pwallet->chain().havePruned()) {
587+        // Exit early and print an error.
588+        // If a block is pruned after this check, we will import the key(s),
589+        // but fail the rescan with a generic error.
590         throw JSONRPCError(RPC_WALLET_ERROR, "Importing wallets is disabled in pruned mode");

jonatack commented at 4:36 pm on May 6, 2019:

Does the code doc in 588 correspond correctly with the error message in 589?

MarcoFalke commented at 5:01 pm on May 6, 2019:

Yes, “importing wallet” means “importing key(s)”, I believe.

ryanofsky commented at 4:05 pm on May 15, 2019:

Maybe s/in pruned mode/when blocks are pruned/ for consistency with the other error messages.

MarcoFalke commented at 6:11 pm on May 15, 2019:

Done (and added a release note)

in src/wallet/rpcdump.cpp:324 in fa9f3cc894 outdated

321-        throw JSONRPCError(RPC_WALLET_ERROR, "Rescan is disabled in pruned mode");
322+    if (fRescan && pwallet->chain().havePruned()) {
323+        // Exit early and print an error.
324+        // If a block is pruned after this check, we will import the key(s),
325+        // but fail the rescan with a generic error.
326+        throw JSONRPCError(RPC_WALLET_ERROR, "Rescan is disabled when blocks are pruned");

jonatack commented at 4:45 pm on May 6, 2019:

Would it be worth extracting this code block repeated in importprivkey, importaddress, importpubkey, and importwallet (the latter with a different error message).

0    if (fRescan && pwallet->chain().havePruned()) {
1        // Exit early and print an error.
2        // If a block is pruned after this check, we will import the key(s),
3        // but fail the rescan with a generic error.
4        throw JSONRPCError(RPC_WALLET_ERROR, "Rescan is disabled when blocks are pruned");
5    }

Edit: I understand it may be a premature or unnecessary optimisation. Just an observation.

MarcoFalke commented at 5:02 pm on May 6, 2019:

Yeah, could make sense. Will do if I have to touch for other reasons.

promag commented at 1:44 pm on May 16, 2019:

faf3729242c5e9486e137e549f05bf20bd3908a0

Yeah, in a follow up is fine.

jonatack commented at 4:56 pm on May 6, 2019: member

A few code comments. More documentation and tests might make this change and the expected behavior before/after clearer, at least to me.

wallet: Only fail rescan when blocks have actually been pruned faf3729242

scripted-diff: Bump copyright headers in wallet

-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./src/wallet/
-END VERIFY SCRIPT-

aaaa57c2aa

MarcoFalke force-pushed on May 6, 2019

sipa commented at 10:59 pm on May 9, 2019: member

Concept ACK. My first read of this was that it’d permit rescanning pruned chains, as long as the to-be-rescanned blocks are not pruned, but it seems to just be about whether or not any blocks are actually pruned (independent of the ones to be rescanned), right?

MarcoFalke commented at 12:22 pm on May 10, 2019: member

The legacy calls would always rescan the whole chain. As soon as one block is pruned, it fails.

wpaulino commented at 4:40 am on May 15, 2019: none

Out of scope for this PR but somewhat related – would there be any reason to not attempt to fetch the pruned blocks from the P2P network to allow the rescan to happen?

MarcoFalke commented at 12:00 pm on May 15, 2019: member

Jup, but that might be something to do only after #15946

in test/functional/wallet_import_rescan.py:44 in faf3729242 outdated

37@@ -39,23 +38,17 @@
38 class Variant(collections.namedtuple("Variant", "call data rescan prune")):
39     """Helper for importing one key and verifying scanned transactions."""
40 
41-    def try_rpc(self, func, *args, **kwargs):
42-        if self.expect_disabled:
43-            assert_raises_rpc_error(-4, "Rescan is disabled in pruned mode", func, *args, **kwargs)

ryanofsky commented at 5:07 pm on May 15, 2019:

Now there is no longer any test coverage for the “rescan is disabled” cases, but I’m not sure if there’s an easy way to add it back. Maybe a pruneblockchain RPC call could be added.

MarcoFalke commented at 5:50 pm on May 15, 2019:

If a test was added, it should also (or more importantly) test importmulti, so I am not actually decreasing test coverage here.

MarcoFalke commented at 5:51 pm on May 15, 2019:

I agree that a test would be nice for that case, but can be done in a follow up pull request.

ryanofsky commented at 6:01 pm on May 15, 2019:

it should also (or more importantly) test importmulti

In case it helps, there is currently a unit test for importmulti behavior with pruning: https://github.com/bitcoin/bitcoin/blob/2d16fb7a2b6a9e5a2535295d2de03e27c2438d1f/src/wallet/test/wallet_tests.cpp#L158

ryanofsky approved

ryanofsky commented at 5:17 pm on May 15, 2019: member

utACK aaaa57c2aad3a6278559ae3db5d953c847c6ffcb. The change seems fine, though it’s not really clear what the motivation for it is. It might be good to add a release note describing the change and what benefits it has from a user perspective.

jamesob commented at 5:23 pm on May 15, 2019: member

utACK https://github.com/bitcoin/bitcoin/pull/15870/commits/aaaa57c2aad3a6278559ae3db5d953c847c6ffcb

Makes a lot of sense to allow rescanning for as long as we can as @gmaxwell notes above - and indeed it might even be prudent for most users to set a future-proofing prune value that reflects their disk limitations at startup time. Better that your node start pruning vs. run out of disk space and exit.

Maybe in the future we could even default to such a thing based on the datadir device if pruning-enabled-but-not-done-yet behavior is equivalent to a non-pruning node. Or introduce an “adaptive” pruning mode, which periodically polls for available disk space and adjusts the prune target accordingly. But of course this is all out of scope for this change.

promag commented at 5:29 pm on May 15, 2019: member

@jamesob you mean an option to ensure a minimum free space?

[doc] rpcwallet: Only fail rescan when blocks have been pruned fa7e311e16

in src/wallet/rpcdump.cpp:589 in fa7e311e16

586-        throw JSONRPCError(RPC_WALLET_ERROR, "Importing wallets is disabled in pruned mode");
587+    if (pwallet->chain().havePruned()) {
588+        // Exit early and print an error.
589+        // If a block is pruned after this check, we will import the key(s),
590+        // but fail the rescan with a generic error.
591+        throw JSONRPCError(RPC_WALLET_ERROR, "Importing wallets is disabled when blocks are pruned");

promag commented at 1:53 pm on May 16, 2019:

fa7e311e169349bfcf1dab8b980724e8ddf4e749

This should be in 1s commit.

in src/wallet/rpcdump.cpp:585 in faf3729242 outdated

581@@ -573,7 +582,10 @@ UniValue importwallet(const JSONRPCRequest& request)
582                 },
583             }.ToString());
584 
585-    if (pwallet->chain().getPruneMode()) {
586+    if (pwallet->chain().havePruned()) {

promag commented at 1:55 pm on May 16, 2019:

faf3729242c5e9486e137e549f05bf20bd3908a0

The dump file contains timestamps so, correct me if I’m wrong, it could only throw this error if earliest is pruned - the same for importmulti if timestamps are given.

Edit: especially when manual pruning.

MarcoFalke commented at 3:20 pm on May 16, 2019:

Sounds like a nice follow up pull request

promag commented at 1:58 pm on May 16, 2019: member

This PR would be just fine without aaaa57c2aad3a6278559ae3db5d953c847c6ffcb IMO.

utACK fa7e311e169349bfcf1dab8b980724e8ddf4e749.

jamesob commented at 2:13 pm on May 16, 2019: member

@jamesob you mean an option to ensure a minimum free space?

If you mean “prune as little as possible and only until necessitated by lack of space,” yes. Some kind of adaptive prune would just be a measure to avoid hitting an out-of-disk error for as long as possible. But this is out of scope in terms of this PR so maybe I’ll file an issue later or something.

in src/interfaces/chain.cpp:330 in fa7e311e16

324@@ -325,7 +325,11 @@ class ChainImpl : public Chain
325     CFeeRate relayMinFee() override { return ::minRelayTxFee; }
326     CFeeRate relayIncrementalFee() override { return ::incrementalRelayFee; }
327     CFeeRate relayDustFee() override { return ::dustRelayFee; }
328-    bool getPruneMode() override { return ::fPruneMode; }
329+    bool havePruned() override
330+    {
331+        LOCK(cs_main);

jnewbery commented at 2:50 pm on May 16, 2019:

I’m not suggesting you change this PR, but for future reference we now have a handy WITH_LOCK macro: https://github.com/bitcoin/bitcoin/blob/fd61b9fc22faaa946ca43211c6c43b40ca4a860c/src/sync.h#L209

MarcoFalke commented at 3:20 pm on May 16, 2019:

I fail to see how this makes the code any easier to read

jnewbery commented at 2:50 pm on May 16, 2019: member

utACK fa7e311e169349bfcf1dab8b980724e8ddf4e749

MarcoFalke referenced this in commit d5931f3676 on May 16, 2019

MarcoFalke merged this on May 16, 2019

MarcoFalke closed this on May 16, 2019

MarcoFalke deleted the branch on May 16, 2019

Sjors commented at 3:54 pm on May 16, 2019: member

post-merge utACK

laanwj removed this from the "Blockers" column in a project

sidhujag referenced this in commit 3fd8014a38 on May 18, 2019

kittywhiskers referenced this in commit 889bf5e84a on Dec 4, 2021

kittywhiskers referenced this in commit 7d38e0d29f on Dec 8, 2021

kittywhiskers referenced this in commit bdc75ccd74 on Dec 8, 2021

kittywhiskers referenced this in commit cfaeeedfca on Dec 12, 2021

kittywhiskers referenced this in commit 5970c36f91 on Dec 13, 2021

kittywhiskers referenced this in commit 9d77298cbe on Dec 13, 2021

kittywhiskers referenced this in commit 73085c6526 on Dec 13, 2021

DrahtBot locked this on Dec 16, 2021

wallet: Only fail rescan when blocks have actually been pruned #15870

Conflicts