mining: add cooldown to createNewBlock() immediately after IBD #34184

Sjors commented at 5:17 AM on December 31, 2025: member

As reported in #33994, connected mining clients will receive a flood of new templates if the node is still going through IBD or catching up on the last 24 hours. This PR fixes that using an optional cooldown mechanism, only applied to createNewBlock().

First, cooldown waits for IBD. Then, as the tip keeps moving forward, it waits a few seconds to see if the tip updated. If so, it restarts the timer and waits again. The trade-offs for this mechanism are explained below.

Because this PR changes createNewBlock() from a method that returns quickly to one that can block for minutes, we rely on #34568 to fix a bug in our .capnp definition, adding the missing context to createNewBlock (and checkBlock).

The second commit then adds an interrupt() method so that clients can cleanly disconnect.

Rationale

The cooldown argument is optional, and not used by internal non-IPC code, for two reasons:

The mechanism wreaks havoc on the functional test suite, which would require very careful mock time handling to work around. But that's pointless, because only IPC clients need it.
It needs to be optional for IPC clients too, because in some situations, like a signet with only one miner, waiting for IBD can mean being stuck forever.

The reason it's only applied to createNewBlock() is that this is the first method called by clients; waitNext() is a method on the interface returned by createNewBlock(), at which point the cooldown is done.

After IBD, we wait N seconds if the header is N blocks ahead of the tip, with a minimum of 3 and a maximum of 20 seconds. The minimum waiting time is short enough that it shouldn't be annoying or confusing for someone manually starting up a client. While the maximum should be harmless if it happens spuriously (which it shouldn't).

If the minimum wait is too short, clients get a burst of templates, as observed in the original issue. We can't entirely rule this out without a lot of additional complexity (like scanning our own log file for heuristics). This PR should make it a lot less likely, and thanks to the IBD wait also limit it to one day worth of blocks (-maxtipage).

Some test runs on an M4 MacBook Pro, where I had a node catch up on the last few days worth of blocks:

As the chart shows, sometimes it takes longer than 3 seconds. But it turns out that in all those cases there were quite a few headers ahead of the tip. It also demonstrates that it's important to first wait for IBD, because it's less likely a random tip update takes longer than 20 seconds.

modified sv2-apps: https://github.com/Sjors/sv2-apps/tree/2026/02/cooldown
test script: https://gist.github.com/Sjors/feb6122c97acc2b9e6d66b168614609c#file-run_mainnet_pool_loop-zsh
chart script: https://gist.github.com/Sjors/feb6122c97acc2b9e6d66b168614609c#file-tip_interval_charts-py

DrahtBot renamed this:
~~mining: add cooldown to createNewBlock() immediately after IBD~~
mining: add cooldown to createNewBlock() immediately after IBD
on Dec 31, 2025

DrahtBot added the label Mining on Dec 31, 2025

DrahtBot commented at 5:23 AM on December 31, 2025: contributor

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/34184.

Reviews

See the guideline for information on the review process.

Type	Reviewers
ACK	ryanofsky, enirox001
Concept ACK	ismaelsadeeq
Stale ACK	bensig, w0xlt

If your review is incorrectly listed, please copy-paste <code></code> into the comment that the bot should ignore.

Conflicts

Reviewers, this pull request conflicts with the following ones:

#34644 (mining: add submitBlock to IPC Mining interface by w0xlt)
#34020 (mining: add getTransactions(ByWitnessID) IPC methods by Sjors)
#33966 (refactor: disentangle miner startup defaults from runtime options by Sjors)
#33922 (mining: add getMemoryLoad() and track template non-mempool memory footprint by Sjors)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

LLM Linter (✨ experimental)

Possible typos and grammar issues:

@retval std::nullptr if the node is shut down or interrupt() is called. -> @retval nullptr if the node is shut down or interrupt() is called. [std::nullptr is not a valid C++ token; the intended value is the keyword nullptr (or std::nullptr_t).]

Possible places where named args for integral literals may be used (e.g. func(x, /*named_arg=*/0) in C++, and func(x, named_arg=0) in Python):

std::clamp(*remaining, 3, 20) in src/node/miner.cpp

Possible places where comparison-specific test macros should replace generic comparisons:

test/functional/interface_ipc_mining.py: "template = await mining_create_block_template(mining, stack, ctx, self.default_block_create_options)\n assert template is not None" -> Use assert_not_equal(template, None) (or assert_equal) helper: assert_not_equal(template, None)

2026-02-20 15:51:38

Sjors force-pushed on Dec 31, 2025

DrahtBot added the label CI failed on Dec 31, 2025

Sjors force-pushed on Dec 31, 2025

Sjors commented at 7:28 AM on December 31, 2025: member

Switched to avoid mock time for the cooldown mechanism (it's possible, but would require additional refactoring).

Added a constraint to ignore alternative header branches. This probably doesn't matter in real life, but it does in tests. E.g. the assume_utxo test "Check importing a snapshot where current chain-tip is not an ancestor of the snapshot block but has less work" creates an alternative chain of blocks despite having better headers (but not their blocks). In real life this implies a giant block witholding attack.

DrahtBot removed the label CI failed on Dec 31, 2025

bensig commented at 12:46 AM on January 3, 2026: contributor

ACK e8b01c43bb05f1a52adf1279280a744111b8dc45

Tested on macOS - interface_ipc.py passes.

Code review:

Using SteadyClock for the cooldown (independent of mocktime) is the right call
BestHeaderAheadOfActiveTip() correctly uses ancestor check to ignore competing branches
1s timeout prevents DoS from header-only attacks while still allowing catch-up during final IBD

Nice fix for #33994

DrahtBot added the label Needs rebase on Jan 13, 2026

Sjors force-pushed on Jan 22, 2026

Sjors commented at 9:02 AM on January 22, 2026: member

Rebased.

DrahtBot removed the label Needs rebase on Jan 22, 2026

in src/node/miner.cpp:464 in c02c2832f7 outdated

 459 | +        }
 460 | +        if (!best_header_ahead) break;
 461 | +
 462 | +        WAIT_LOCK(kernel_notifications.m_tip_block_mutex, lock);
 463 | +        kernel_notifications.m_tip_block_cv.wait_until(lock, cooldown_deadline, [&]() EXCLUSIVE_LOCKS_REQUIRED(kernel_notifications.m_tip_block_mutex) {
 464 | +            const auto tip_block = kernel_notifications.TipBlock();

w0xlt commented at 6:43 AM on January 27, 2026:

Runtime assertion for consistency with WaitAndCreateNewBlock pattern.

            AssertLockHeld(kernel_notifications.m_tip_block_mutex);
            const auto tip_block = kernel_notifications.TipBlock();

Sjors commented at 10:41 AM on January 27, 2026:

There's other places where we don't bother with AssertLockHeld for an inline function. It seems a bit overkill.

in src/node/miner.cpp:465 in c02c2832f7

 460 | +        if (!best_header_ahead) break;
 461 | +
 462 | +        WAIT_LOCK(kernel_notifications.m_tip_block_mutex, lock);
 463 | +        kernel_notifications.m_tip_block_cv.wait_until(lock, cooldown_deadline, [&]() EXCLUSIVE_LOCKS_REQUIRED(kernel_notifications.m_tip_block_mutex) {
 464 | +            const auto tip_block = kernel_notifications.TipBlock();
 465 | +            return tip_block && *tip_block != last_tip_hash;

w0xlt commented at 6:44 AM on January 27, 2026:

This makes the wait wakes immediately on shutdown signal.

            return (tip_block && *tip_block != last_tip_hash) || chainman.m_interrupt;

Sjors commented at 10:49 AM on January 27, 2026:

Taken.

w0xlt commented at 6:44 AM on January 27, 2026: contributor

Approach ACK

Sjors force-pushed on Jan 27, 2026

w0xlt commented at 5:58 PM on January 27, 2026: contributor

ACK https://github.com/bitcoin/bitcoin/pull/34184/commits/9817657d463ff1d8502a5edf0641e88b9b1d4853

in src/node/miner.h:167 in 9817657d46

 162 | @@ -163,6 +163,14 @@ std::optional<BlockRef> GetTip(ChainstateManager& chainman);
 163 |   * Returns the current tip, or nullopt if the node is shutting down. */
 164 |  std::optional<BlockRef> WaitTipChanged(ChainstateManager& chainman, KernelNotifications& kernel_notifications, const uint256& current_tip, MillisecondsDouble& timeout);
 165 |  
 166 | +/**
 167 | + * Pause block template creation when the best header chain is ahead of the tip.

ryanofsky commented at 2:09 PM on January 28, 2026:

In commit "mining: createNewBlock() waits if tip is updating" (9817657d463ff1d8502a5edf0641e88b9b1d4853)

This is a little vague. I think it would be helpful to describe this in terms of observable behavior, maybe:

/**
 * Wait while the best known header extends the current chain tip
 * AND at least one block per second is being added to the tip.
 *
 * Returns false if interrupted.
 */

Might also be good to add the "not safe to keep waiting" info from your commit description, and maybe say something about how we think this is safe to use for createNewBlock since miners should only call it once on startup, but are avoiding it in waitNext.

Sjors commented at 3:00 PM on January 29, 2026:

Taken. I moved some text from the commit message to the comment here.

in src/validation.cpp:6313 in 9817657d46

6309 | @@ -6310,6 +6310,16 @@ void ChainstateManager::RecalculateBestHeader()
6310 |      }
6311 |  }
6312 |  
6313 | +bool ChainstateManager::BestHeaderAheadOfActiveTip() const

ryanofsky commented at 2:10 PM on January 28, 2026:

In commit "mining: createNewBlock() waits if tip is updating" (9817657d463ff1d8502a5edf0641e88b9b1d4853)

Maybe s/Active/Current/ here, can also use CurrentChain() below.

in src/node/miner.cpp:460 in 9817657d46

 455 | +        bool best_header_ahead{false};
 456 | +        {
 457 | +            LOCK(::cs_main);
 458 | +            best_header_ahead = chainman.BestHeaderAheadOfActiveTip();
 459 | +        }
 460 | +        if (!best_header_ahead) break;

ryanofsky commented at 2:20 PM on January 28, 2026:

In commit "mining: createNewBlock() waits if tip is updating" (9817657d463ff1d8502a5edf0641e88b9b1d4853)

Could collapse lines 454-460 to just:

while (WITH_LOCK(::cs_main, return chainman.BestHeaderAheadOfActiveTip())) {

I feel like that would be easier to understand without the bool and break. Or maybe better just lock cs_main inside BestHeaderAheadOfActiveTip so this can be:

while (chainman.BestHeaderAheadOfActiveTip()) {

Sjors commented at 3:00 PM on January 29, 2026:

Nice, taken.

in test/functional/interface_ipc.py:291 in 9817657d46 outdated

 287 | +                async with destroying((await mining.createNewBlock(opts)).result, ctx):
 288 | +                    pass
 289 | +                # Lower-bound only: a heavily loaded CI host might still exceed 0.9s
 290 | +                # even without the cooldown, so this can miss regressions but avoids
 291 | +                # spurious failures.
 292 | +                assert_greater_than_or_equal(time.time() - start, 0.9)

ryanofsky commented at 2:35 PM on January 28, 2026:

In commit "mining: createNewBlock() waits if tip is updating" (9817657d463ff1d8502a5edf0641e88b9b1d4853)

Since this check uses a delay, if there is a way you could move this test to a separate test function (not run_mining_test) i think that would be very good.

I'm concerned about interface_ipc test getting harder to maintain and slower to run, and would like to move towards using separate test methods like #34284, so we can still have fast update/test cycles by being able to run specific tests.

Sjors commented at 3:00 PM on January 29, 2026:

I'm looking into splitting the mining ipc tests out entirely. Will leave this line untouched for now, as one second isn't too bad.

Sjors commented at 7:09 PM on January 29, 2026:

See #34452. No preference on merge order, either should be easy to rebase.

ryanofsky approved

ryanofsky commented at 3:06 PM on January 28, 2026: contributor

Code review ACK 9817657d463ff1d8502a5edf0641e88b9b1d4853. This seems like probably the simplest change that can resolve #33994.

I guess I have two lingering concerns about it:

This can cause the createNewBlock function to block for potentially a very long time when it didn't before and createNewBlock doesn't currently have any cancellation option other than shutting down the node. So it could make it hard for IPC clients to disconnect cleanly, and I suspect we may want to follow up here by adding some timeout or cancellation mechanism.
I'm not very sure about effectiveness of the cooldown strategy, and wouldn't be surprised if there were cases where it didn't work well but it does seem like a good starting point, and pretty conservative.

Sjors force-pushed on Jan 29, 2026

Sjors commented at 3:01 PM on January 29, 2026: member

I added a commit that allows interrupting both createNewBlock() and waitTipChanged().

in src/node/interfaces.cpp:1003 in b57da688c2 outdated

 999 | @@ -995,6 +1000,7 @@ class MinerImpl : public Mining
1000 |      NodeContext* context() override { return &m_node; }
1001 |      ChainstateManager& chainman() { return *Assert(m_node.chainman); }
1002 |      KernelNotifications& notifications() { return *Assert(m_node.notifications); }
1003 | +    bool m_interrupt{false};

ryanofsky commented at 6:23 PM on January 29, 2026:

In commit "mining: add interrupt()" (b57da688c21233e852c5afe5c5afafd3cae84e91)

Would be good to note that notifications().m_tip_block_mutex must be held while accessing this variable because it is accessed from multiple threads. Not sure if it would be possible to add a GUARDED_BY annotation but that could be nice.

More importantly, we may want to consider moving this variable somewhere else. A side-effect of adding the variable here is that it makes the MinerImpl class have state, which can be bad because now destroying the Mining object while createNewBlock or waitNext calls are in progress can cause segfaults. This could cause the node to crash with existing IPC clients if they destroy Mining objects early, or if they just disconnect during a waitNext call and the Mining object is garbage collected before it returns.

For these reasons I think it might be good to move the MinerImpl::m_interrupt variable somewhere else like KernelNotifications::m_blocktemplate_request_interrupted. This would be hackier than the current solution but I think worth it to avoid node crashes triggered by IPC.

(In the longer term a better solution would be to provide an interfaces::Interrupt type that could be passed to waitNext and createBlockTemplate methods as additional method argument. These methods could then attach a std::function<void()> lambda to run whatever code they need when an interrupt is triggered. Clients would then have the ability to cancel individual calls by triggering the Interrupt object. Internally, the cancellation could be implemented either by making a separate RPC call or by using Cap'n Proto's native allowCancellation mechanism.)

Sjors commented at 7:40 PM on January 29, 2026:

I mostly just cloned the pattern we used for waitNext(). Does it have a similar issue?

Will give it some thought, but if it's too complicated then I'll move the commit to a followup PR.

ryanofsky commented at 9:11 PM on January 29, 2026:

re: #34184 (review)

I mostly just cloned the pattern we used for waitNext(). Does it have a similar issue?

You are right, I misremembered the way interruptWait was implemented and it does follow a similar pattern, and the issue is not as bad as I thought.

The issue is actually pretty hard to trigger because the Cap'n Proto's internal reference counting keeps the BlockTemplate object alive by default until the waitNext call returns. So a client would have to explicitly call destroy on the BlockTemplate object in that case or the Mining object in this case for there to be a crash.

So I think the current implementation of this is ok and unlikely to lead to any accidental crashes.

I did go ahead and implement my suggestion before realizing the problem was not so bad, so will paste it here for reference, but your current solution seems cleaner and I'd recommend keeping it.

--- a/src/node/interfaces.cpp
+++ b/src/node/interfaces.cpp
@@ -929,7 +929,7 @@ public:
 
     void interruptWait() override
     {
-        InterruptWait(notifications(), m_interrupt_wait);
+        InterruptWait(notifications(), &m_interrupt_wait);
     }
 
     const BlockAssembler::Options m_assemble_options;
@@ -964,7 +964,7 @@ public:
 
     std::optional<BlockRef> waitTipChanged(uint256 current_tip, MillisecondsDouble timeout) override
     {
-        return WaitTipChanged(chainman(), notifications(), current_tip, timeout, m_interrupt);
+        return WaitTipChanged(chainman(), notifications(), current_tip, timeout);
     }
 
     std::unique_ptr<BlockTemplate> createNewBlock(const BlockCreateOptions& options) override
@@ -976,7 +976,7 @@ public:
         // Avoid generating a new template immediately after connecting a block while
         // our best known header chain still has more work. This prevents a burst of
         // block templates during the final catch-up moments after IBD.
-        if (!CooldownIfHeadersAhead(chainman(), notifications(), *maybe_tip, m_interrupt)) return {};
+        if (!CooldownIfHeadersAhead(chainman(), notifications(), *maybe_tip)) return {};
 
         BlockAssembler::Options assemble_options{options};
         ApplyArgsManOptions(*Assert(m_node.args), assemble_options);
@@ -985,7 +985,7 @@ public:
 
     void interrupt() override
     {
-        InterruptWait(notifications(), m_interrupt);
+        InterruptWait(notifications());
     }
 
     bool checkBlock(const CBlock& block, const node::BlockCheckOptions& options, std::string& reason, std::string& debug) override
@@ -1000,7 +1000,6 @@ public:
     NodeContext* context() override { return &m_node; }
     ChainstateManager& chainman() { return *Assert(m_node.chainman); }
     KernelNotifications& notifications() { return *Assert(m_node.notifications); }
-    bool m_interrupt{false};
     NodeContext& m_node;
 };
 } // namespace
--- a/src/node/kernel_notifications.h
+++ b/src/node/kernel_notifications.h
@@ -61,6 +61,14 @@ public:
     //! Might be unset during an early shutdown.
     std::optional<uint256> TipBlock() EXCLUSIVE_LOCKS_REQUIRED(m_tip_block_mutex);
 
+    //! Whether a createNewBlock() / waitNext() cancellation has been requested.
+    //! Having this variable here hacky, but avoids the problem of
+    //! createNewBlock not being interruptible during IBD by mining clients, and
+    //! avoids memory safety issues that would occur if the variable was
+    //! somewhere else. An idea for getting rid of this is described in
+    //! [#34184 (review)](/bitcoin-bitcoin/34184/#discussion_r2742950202)
+    bool m_blocktemplate_request_interrupted GUARDED_BY(m_tip_block_mutex);
+
 private:
     const std::function<bool()>& m_shutdown_request;
     std::atomic<int>& m_exit_status;
--- a/src/node/miner.cpp
+++ b/src/node/miner.cpp
@@ -341,13 +341,27 @@ void AddMerkleRootAndCoinbase(CBlock& block, CTransactionRef coinbase, uint32_t
     block.fChecked = false;
 }
 
-void InterruptWait(KernelNotifications& kernel_notifications, bool& interrupt_wait)
+void InterruptWait(KernelNotifications& kernel_notifications, bool* interrupt_wait)
 {
     LOCK(kernel_notifications.m_tip_block_mutex);
-    interrupt_wait = true;
+    kernel_notifications.m_blocktemplate_request_interrupted = true;
+    if (interrupt_wait) *interrupt_wait = true;
     kernel_notifications.m_tip_block_cv.notify_all();
 }
 
+static bool Interrupted(const KernelNotifications& kernel_notifications, const bool* interrupt_wait = nullptr) EXCLUSIVE_LOCKS_REQUIRED(kernel_notifications.m_tip_block_mutex)
+{
+    return kernel_notifications.m_blocktemplate_request_interrupted || (interrupt_wait && *interrupt_wait);
+}
+
+static bool ResetInterrupt(KernelNotifications& kernel_notifications, bool* interrupt_wait = nullptr) EXCLUSIVE_LOCKS_REQUIRED(kernel_notifications.m_tip_block_mutex)
+{
+    if (!Interrupted(kernel_notifications, interrupt_wait)) return false;
+    kernel_notifications.m_blocktemplate_request_interrupted = false;
+    if (interrupt_wait) *interrupt_wait = false;
+    return true;
+}
+
 std::unique_ptr<CBlockTemplate> WaitAndCreateNewBlock(ChainstateManager& chainman,
                                                       KernelNotifications& kernel_notifications,
                                                       CTxMemPool* mempool,
@@ -379,12 +393,9 @@ std::unique_ptr<CBlockTemplate> WaitAndCreateNewBlock(ChainstateManager& chainma
                 // method on BlockTemplate and no template could have been
                 // generated before a tip exists.
                 tip_changed = Assume(tip_block) && tip_block != block_template->block.hashPrevBlock;
-                return tip_changed || chainman.m_interrupt || interrupt_wait;
+                return tip_changed || chainman.m_interrupt || Interrupted(kernel_notifications, &interrupt_wait);
             });
-            if (interrupt_wait) {
-                interrupt_wait = false;
-                return nullptr;
-            }
+            if (ResetInterrupt(kernel_notifications, &interrupt_wait)) return nullptr;
         }
 
         if (chainman.m_interrupt) return nullptr;
@@ -445,7 +456,7 @@ std::optional<BlockRef> GetTip(ChainstateManager& chainman)
     return BlockRef{tip->GetBlockHash(), tip->nHeight};
 }
 
-bool CooldownIfHeadersAhead(ChainstateManager& chainman, KernelNotifications& kernel_notifications, const BlockRef& last_tip, bool& interrupt)
+bool CooldownIfHeadersAhead(ChainstateManager& chainman, KernelNotifications& kernel_notifications, const BlockRef& last_tip)
 {
     constexpr auto COOLDOWN{1s};
     // Use a steady clock so cooldown is independent of mocktime.
@@ -455,12 +466,9 @@ bool CooldownIfHeadersAhead(ChainstateManager& chainman, KernelNotifications& ke
         WAIT_LOCK(kernel_notifications.m_tip_block_mutex, lock);
         kernel_notifications.m_tip_block_cv.wait_until(lock, cooldown_deadline, [&]() EXCLUSIVE_LOCKS_REQUIRED(kernel_notifications.m_tip_block_mutex) {
             const auto tip_block = kernel_notifications.TipBlock();
-            return chainman.m_interrupt || interrupt || (tip_block && *tip_block != last_tip_hash);
+            return chainman.m_interrupt || Interrupted(kernel_notifications) || (tip_block && *tip_block != last_tip_hash);
         });
-        if (chainman.m_interrupt || interrupt) {
-            interrupt = false;
-            return false;
-        }
+        if (chainman.m_interrupt || ResetInterrupt(kernel_notifications)) return false;
 
         // If the tip changed during the wait, extend the deadline
         const auto tip_block = kernel_notifications.TipBlock();
@@ -477,7 +485,7 @@ bool CooldownIfHeadersAhead(ChainstateManager& chainman, KernelNotifications& ke
     return true;
 }
 
-std::optional<BlockRef> WaitTipChanged(ChainstateManager& chainman, KernelNotifications& kernel_notifications, const uint256& current_tip, MillisecondsDouble& timeout, bool& interrupt)
+std::optional<BlockRef> WaitTipChanged(ChainstateManager& chainman, KernelNotifications& kernel_notifications, const uint256& current_tip, MillisecondsDouble& timeout)
 {
     Assume(timeout >= 0ms); // No internal callers should use a negative timeout
     if (timeout < 0ms) timeout = 0ms;
@@ -490,21 +498,15 @@ std::optional<BlockRef> WaitTipChanged(ChainstateManager& chainman, KernelNotifi
         // always returns valid tip information when possible and only
         // returns null when shutting down, not when timing out.
         kernel_notifications.m_tip_block_cv.wait(lock, [&]() EXCLUSIVE_LOCKS_REQUIRED(kernel_notifications.m_tip_block_mutex) {
-            return kernel_notifications.TipBlock() || chainman.m_interrupt || interrupt;
+            return kernel_notifications.TipBlock() || chainman.m_interrupt || Interrupted(kernel_notifications);
         });
-        if (chainman.m_interrupt || interrupt) {
-            interrupt = false;
-            return {};
-        }
+        if (chainman.m_interrupt || ResetInterrupt(kernel_notifications)) return {};
         // At this point TipBlock is set, so continue to wait until it is
         // different then `current_tip` provided by caller.
         kernel_notifications.m_tip_block_cv.wait_until(lock, deadline, [&]() EXCLUSIVE_LOCKS_REQUIRED(kernel_notifications.m_tip_block_mutex) {
-            return Assume(kernel_notifications.TipBlock()) != current_tip || chainman.m_interrupt || interrupt;
+            return Assume(kernel_notifications.TipBlock()) != current_tip || chainman.m_interrupt || Interrupted(kernel_notifications);
         });
-    }
-    if (chainman.m_interrupt || interrupt) {
-        interrupt = false;
-        return {};
+        if (chainman.m_interrupt || ResetInterrupt(kernel_notifications)) return {};
     }
 
     // Must release m_tip_block_mutex before getTip() locks cs_main, to
--- a/src/node/miner.h
+++ b/src/node/miner.h
@@ -143,7 +143,7 @@ void AddMerkleRootAndCoinbase(CBlock& block, CTransactionRef coinbase, uint32_t
 
 
 /* Interrupt a blocking call. */
-void InterruptWait(KernelNotifications& kernel_notifications, bool& interrupt_wait);
+void InterruptWait(KernelNotifications& kernel_notifications, bool* interrupt_wait = nullptr);
 /**
  * Return a new block template when fees rise to a certain threshold or after a
  * new tip; return nullopt if timeout is reached.
@@ -163,7 +163,7 @@ std::optional<BlockRef> GetTip(ChainstateManager& chainman);
  * Returns the current tip, or nullopt if the node is shutting down or interrupt()
  * is called.
  */
-std::optional<BlockRef> WaitTipChanged(ChainstateManager& chainman, KernelNotifications& kernel_notifications, const uint256& current_tip, MillisecondsDouble& timeout, bool& interrupt);
+std::optional<BlockRef> WaitTipChanged(ChainstateManager& chainman, KernelNotifications& kernel_notifications, const uint256& current_tip, MillisecondsDouble& timeout);
 
 /**
  * Wait while the best known header extends the current chain tip AND at least
@@ -177,11 +177,10 @@ std::optional<BlockRef> WaitTipChanged(ChainstateManager& chainman, KernelNotifi
  * once per connected client. Subsequent templates are provided by waitNext().
  *
  * [@param](/bitcoin-bitcoin/contributor/param/) last_tip tip at the start of the cooldown window.
- * [@param](/bitcoin-bitcoin/contributor/param/) interrupt set to true to interrupt the cooldown.
  *
  * [@returns](/bitcoin-bitcoin/contributor/returns/) false if interrupted.
  */
-bool CooldownIfHeadersAhead(ChainstateManager& chainman, KernelNotifications& kernel_notifications, const BlockRef& last_tip, bool& interrupt);
+bool CooldownIfHeadersAhead(ChainstateManager& chainman, KernelNotifications& kernel_notifications, const BlockRef& last_tip);
 } // namespace node
 
 #endif // BITCOIN_NODE_MINER_H

</details>

ryanofsky commented at 7:33 PM on January 29, 2026: contributor

Code review b57da688c21233e852c5afe5c5afafd3cae84e91. Thanks for the updates! Documentation update and while loop simplification since last review look good. I'm concerned about the new MinerImpl::m_interrupt variable, however, since I can see it leading to segfaults if clients destroy the Mining interface too early (even if they don't call the interrupt method). So I suggested moving the variable to the KernelNotications class to avoid this.

in src/node/miner.cpp:506 in b57da688c2

 505 | +            return Assume(kernel_notifications.TipBlock()) != current_tip || chainman.m_interrupt || interrupt;
 506 |          });
 507 |      }
 508 | -    if (chainman.m_interrupt) return {};
 509 | +    if (chainman.m_interrupt || interrupt) {
 510 | +        interrupt = false;

ryanofsky commented at 8:39 PM on January 29, 2026:

In commit "mining: add interrupt()" (b57da688c21233e852c5afe5c5afafd3cae84e91)

There is a thread safety issue here because interrupt is accessed without m_tip_block_mutex and it could be written by another thread calling the interrupt method. Could be fixed by moving these checks one line up into the block above

Sjors commented at 11:38 AM on January 30, 2026:

Done, and added a link to your more elaborate solution in the commit message.

ryanofsky commented at 9:15 PM on January 29, 2026: contributor

Code review b57da688c21233e852c5afe5c5afafd3cae84e91. There's a small thread safety bug in the second commit (see below), but the previous concern I had about crashes isn't really an issue, and the current implementation of cancellation here seems pretty good.

Sjors referenced this in commit 1ae88d1688 on Jan 30, 2026

Sjors force-pushed on Jan 30, 2026

ryanofsky commented at 8:03 PM on January 30, 2026: contributor

Code review ACK 1ae88d1688958fe567a087ec591015ea832aa8f0, just fixing missing lock on the interrupt variable and adding some comments since last review

DrahtBot requested review from w0xlt on Jan 30, 2026

w0xlt commented at 6:10 AM on January 31, 2026: contributor

reACK https://github.com/bitcoin/bitcoin/pull/34184/changes/1ae88d1688958fe567a087ec591015ea832aa8f0

Sjors commented at 9:12 AM on January 31, 2026: member

@plebhash can you take this for a spin?

DrahtBot added the label Needs rebase on Feb 2, 2026

plebhash commented at 1:52 PM on February 3, 2026: none

@plebhash can you take this for a spin?

I checked out this branch, compiled it, launched it on testnet4 and hooked SRI Pool via IPC.

my testnet4 datadir had been off for a few days, so I left it catch up while observing Pool logs.

there was a flood of NewTemplate + SetNewPrevHash messages, just like the behavior reported on https://github.com/bitcoin/bitcoin/issues/33994

Sjors referenced this in commit 984434bfa0 on Feb 3, 2026

Sjors force-pushed on Feb 3, 2026

Sjors commented at 1:56 PM on February 3, 2026: member

Rebased for trivial conflict after #32420. @plebhash ok that's bad news. It seems unlikely that your node needs more than 1 second to connect testnet4 blocks. Can you share the node log in a gist so we can see if there's any 1+ second gaps that could explain this?

plebhash commented at 2:47 PM on February 3, 2026: none

@plebhash ok that's bad news. It seems unlikely that your node needs more than 1 second to connect testnet4 blocks. Can you share the node log in a gist so we can see if there's any 1+ second gaps that could explain this?

bitcoin-node logs: https://gist.github.com/plebhash/41000992b96bfca123141a47cf5c424d
SRI Pool logs: https://gist.github.com/plebhash/ac803825cb72e8b77d7be44b52ee74ba

you should be able to reproduce:

git clone https://github.com/stratum-mining/sv2-apps -b v0.2.0
cd pool-apps/pool
cargo run -- -c config-examples/testnet4/pool-config-bitcoin-core-ipc-example.toml

this is assuming you want to use testnet4 under default datadir... for setup variations:

for a different network, there's also config-examples/{mainnet, signet}
for non-default datadir, edit pool-config-bitcoin-core-ipc-example.toml and uncomment data_dir field

DrahtBot removed the label Needs rebase on Feb 3, 2026

Sjors commented at 3:53 PM on February 3, 2026: member

I was able to reproduce the issue with testnet4.

Sjors marked this as a draft on Feb 3, 2026

ryanofsky commented at 4:40 PM on February 3, 2026: contributor

From the logs it looks like waitNext calls are churning, not createNewBlock calls, so just adding the cooldown delay to createNewBlock does not help.

A possible fix might be to add an additional delay to createNewBlock so it waits to be connected to peers before returning, although this could also be fragile.

Another fix might be to add the 1 block/second cooldown delay to waitNext as well. This seems like it should be ok although there might be a bigger risk waitNext blocking when it shouldn't. Maybe adjusting the cooldown to delay to block if 2 blocks were connected in last second instead of 1 block (or something like that) might be safer if adding the cooldown to waitNext

Sjors commented at 6:33 PM on February 3, 2026: member

I was thinking of just increasing the cooldown. As long as it's only on createNewBlock() that seems safe.

From my own testing with syncing testnet4 from sratch on an M4 Apple Silicon machine, gaps of 1 second are common. Once I switched to a 3 second cool down, the pool behaved.

I also tried the 3 second cool down while syncing a mainnet node, but 3 seconds isn't long enough on my machine. Just picking a bigger number would be annoying in the normal case.

I tried a slightly fancier heuristic: cooldown is extended by the number of blocks remaining in seconds, capped at 20.

Combined with also gating behind IsInitialBlockDownload() (which considers -maxtipage) it should work most of the time. In particular this deals with the (fairly common) situation where the node doesn't get any headers / blocks from its peers for a minute or so after startup. Just checking for connections isn't enough.

Will push some code later.

#29565 would be quite handy for testing this.

(the experiment caused the node to segfault as I triggered unclean pool shutdowns with timeout, I believe that's a known issue being worked on)

Sjors commented at 8:00 PM on February 3, 2026: member

This is exceedingly hard to test / debug, due to a combination of four issues:

getting a node in a "almost done syncing" state is tedious (the trick it to kill -9 the node when it reaches the tip, so it has to start over)
the node will crash if the client ungraciously exists
the sv2 client doesn't know about the interrupt method yet (since this PR introduces it)
createNewBlock doesn't have a context argument (known issue) so a second connection quietly fails to establish (in case of a test sscript that tries to connect a second time)

Once I clean up the code, I'll publish a gist with some patches to make testing easier without increasing the scope of this PR. @ryanofsky regarding (4), I'm puzzled why interrupt() works at all in the functional test. Shouldn't the lack context cause the IPC server thread to block, thus never getting the interrupt message?

self.log.debug("interrupt() should abort createNewBlock() during cooldown")
async def create_block():
    result = await mining.createNewBlock(opts)
    # interrupt() causes createNewBlock to return nullptr
    assert_equal(result._has("result"), False)

await wait_and_do(create_block(), mining.interrupt())

Sjors commented at 8:32 PM on February 3, 2026: member

@ismaelsadeeq is going to be so excited if I need to pull in #33936 and make this a breaking IPC change (in which case I'll also delete the previously deprecated methods, though probably in a followup).

Sjors referenced this in commit 299f15677b on Feb 4, 2026

Sjors force-pushed on Feb 4, 2026

Sjors commented at 4:36 PM on February 4, 2026: member

Alright, I made some changes...

First, I added a commit to pass missing context to createNewBlock (and checkBlock). This is a breaking API change, so it bumps the makeMining version and throws a nice error for older clients. That's tested in the functional test, and I also saw it with the sv2 Rust client. At this point, at least with the change in this PR, I don't think it's worth trying to work around this bug, as it's confusing at best.

Next, I made cooldown an optional argument. This is because the mechanism ended up breaking the functional test suite, especially waiting for IBD. And in some situations, like a signet with only one miner, waiting for IBD could mean being stuck forever.

So cooldown waits for IBD and then as the tip keeps moving forward, it waits a bit to see if new blocks come in. But how long to wait?

I decided on a minimum of 3 seconds. That short enough that it's not going to annoy someone who manually starts up a client. And at least on my M4 MacBook Pro on mainnet, it works. I'll share some (not pretty) code to test this later.

As the chart shows, sometimes it takes longer than 3 seconds. But it turns out that in all those cases there were quite a few headers ahead of the tip. So the cooldown mechanism has another heuristic: wait N seconds if the header is N blocks ahead of the tip, with a minimum of 3 and a maximum of 20.

I'm sure we could tweak this numbers further and have the node analyse it's own log files for perfection, but ultimately it's just an educated guess. If we wait too long, it's slightly annoying, but 3 - 20 seconds isn't terrible. If we wait too short, clients get a burst of templates. That can lead to others issues, but I guess in the worst case they can just restart, reconnect and try again a minute later. The code itself seems acceptably simple.

DrahtBot added the label CI failed on Feb 4, 2026

Sjors referenced this in commit 4756af92d2 on Feb 4, 2026

Sjors force-pushed on Feb 4, 2026

Sjors commented at 5:30 PM on February 4, 2026: member

I moved run_deprecated_mining_test down to avoid running into #34284.

Links to the (vibe coded) scripts used for the experiment and chart are at the bottom of the PR description.

DrahtBot removed the label CI failed on Feb 4, 2026

Sjors marked this as ready for review on Feb 4, 2026

in src/interfaces/init.h:42 in a47fd4298d

  38 | @@ -39,6 +39,7 @@ class Init
  39 |      virtual Ipc* ipc() { return nullptr; }
  40 |      virtual bool canListenIpc() { return false; }
  41 |      virtual const char* exeName() { return nullptr; }
  42 | +    virtual void makeMiningV2() { throw std::runtime_error("Old mining interface (@2) not supported. Please update your client!"); }

ryanofsky commented at 5:07 PM on February 5, 2026:

In commit "mining: pass missing context to BlockTemplate methods" (c236980ad64aabf6b9bf5119b92a599d8e707d0b)

I feel like it would be simpler just to stay backwards compatible, instead breaking compatibility with existing IPC clients over this cooldown feature. Should be doable with less code, just:

--- a/src/ipc/capnp/mining.capnp
+++ b/src/ipc/capnp/mining.capnp
@@ -17,8 +17,12 @@ interface Mining $Proxy.wrap("interfaces::Mining") {
     isInitialBlockDownload [@1](/bitcoin-bitcoin/contributor/1/) (context :Proxy.Context) -> (result: Bool);
     getTip [@2](/bitcoin-bitcoin/contributor/2/) (context :Proxy.Context) -> (result: Common.BlockRef, hasResult: Bool);
     waitTipChanged [@3](/bitcoin-bitcoin/contributor/3/) (context :Proxy.Context, currentTip: Data, timeout: Float64) -> (result: Common.BlockRef);
-    createNewBlock [@4](/bitcoin-bitcoin/contributor/4/) (options: BlockCreateOptions) -> (result: BlockTemplate);
-    checkBlock [@5](/bitcoin-bitcoin/contributor/5/) (block: Data, options: BlockCheckOptions) -> (reason: Text, debug: Text, result: Bool);
+    createNewBlock [@6](/bitcoin-bitcoin/contributor/6/) (context :Proxy.Context, options: BlockCreateOptions) -> (result: BlockTemplate);
+    checkBlock [@7](/bitcoin-bitcoin/contributor/7/) (context :Proxy.Context, block: Data, options: BlockCheckOptions) -> (reason: Text, debug: Text, result: Bool);
+
+    # DEPRECATED: older versions of methods which don't take a context argument (so can't run asynchronously).
+    createNewBlockOld4 [@4](/bitcoin-bitcoin/contributor/4/) (options: BlockCreateOptions) -> (result: BlockTemplate) $Proxy.name("createNewBlock");
+    checkBlockOld5 [@5](/bitcoin-bitcoin/contributor/5/) (block: Data, options: BlockCheckOptions) -> (reason: Text, debug: Text, result: Bool) $Proxy.name("checkBlock");
 }

Plus an update to the python test to pass the context.

Sjors commented at 11:12 AM on February 7, 2026:

Responded in the main thread.

in src/ipc/capnp/init.capnp:25 in a47fd4298d

  18 | @@ -19,5 +19,8 @@ using Mining = import "mining.capnp";
  19 |  interface Init $Proxy.wrap("interfaces::Init") {
  20 |      construct @0 (threadMap: Proxy.ThreadMap) -> (threadMap :Proxy.ThreadMap);
  21 |      makeEcho @1 (context :Proxy.Context) -> (result :Echo.Echo);
  22 | -    makeMining @2 (context :Proxy.Context) -> (result :Mining.Mining);
  23 | +    makeMining @3 (context :Proxy.Context) -> (result :Mining.Mining);
  24 | +
  25 | +    # DEPRECATED: no longer supported; server returns an error.
  26 | +    makeMiningV2 @2 () -> ();

ryanofsky commented at 5:13 PM on February 5, 2026:

In commit "mining: pass missing context to BlockTemplate methods" (c236980ad64aabf6b9bf5119b92a599d8e707d0b)

(If not using other suggestion for staying backwards compatible)

I think I suggested this V2 suffix in another issue, but now I think another suffix like Old2 might be less confusing because V2 sounds like it indicates a newer version of the method.

Sjors commented at 11:34 AM on February 7, 2026:

Changed to makeMiningDeprecatedV2

in src/node/miner.cpp:460 in a98510d805 outdated

 451 | @@ -452,6 +452,38 @@ std::optional<BlockRef> GetTip(ChainstateManager& chainman)
 452 |      return BlockRef{tip->GetBlockHash(), tip->nHeight};
 453 |  }
 454 |  
 455 | +bool CooldownIfHeadersAhead(ChainstateManager& chainman, KernelNotifications& kernel_notifications, const BlockRef& last_tip)
 456 | +{
 457 | +    uint256 last_tip_hash{last_tip.hash};
 458 | +
 459 | +    while (const std::optional<int> remaining = chainman.BlocksAheadOfTip()) {
 460 | +        const int cooldown_seconds = std::clamp(*remaining, 3, 20);

ryanofsky commented at 5:23 PM on February 5, 2026:

In commit "mining: add cooldown argument to createNewBlock()" (617eb13ec178154bdfd1a2f41496912d87bf17fc)

Like this, clever!

ismaelsadeeq commented at 3:09 PM on February 11, 2026:

In "mining: add cooldown argument to createNewBlock()" 0d4cf7041af41e6371473f7df93301d7100cea3e

Three seconds minimum seems a bit much, IMO, should just be 1?

Sjors commented at 4:30 PM on February 11, 2026:

Based on my and Plebhash' testing that's not enough. There are plenty of multi second gaps even on a fast machine, see the chart in PR description.

ismaelsadeeq commented at 8:28 AM on February 12, 2026:

It's heuristics anyway, no strong opinion here.

in src/node/interfaces.cpp:985 in 4756af92d2

 981 | @@ -982,18 +982,23 @@ class MinerImpl : public Mining
 982 |              // forever if no block was mined in the past day.
 983 |              while (chainman().IsInitialBlockDownload()) {
 984 |                  maybe_tip = waitTipChanged(maybe_tip->hash, MillisecondsDouble{1000});
 985 | -                if (!maybe_tip) return {};
 986 | +                if (!maybe_tip || m_interrupt) return {};

ryanofsky commented at 5:42 PM on February 5, 2026:

In commit "mining: add interrupt()" (299f15677b3d32b878f79945128c977dc8eaedfd)

Would probably change this to:

if (!maybe_tip || chainman().m_interrupt || WITH_LOCK(notifications().m_tip_block_mutex, return m_interrupt)) return {};

since it's not safe to check this->m_interrupt without the mutex and it is probably good to include chainman().m_interrupt for completeness, even though waitTipChanged recently checked it.

Sjors commented at 11:34 AM on February 7, 2026:

Good catch, seems I ignored my own source code comment.

I renamed it to m_interrupt_mining and also renamed the CooldownIfHeadersAhead argument, because it got confusing.

ryanofsky approved

ryanofsky commented at 6:00 PM on February 5, 2026: contributor

Code review ACK 299f15677b3d32b878f79945128c977dc8eaedfd. Since last review, createNewBlock was fixed (by adding context parameter) to be actually interruptible, and cooldown was made optional and off by default, wait for chainman().IsInitialBlockDownload() was added, and CooldownIfHeadersAhead internal logic was improved to wait longer when there are more blocks waiting to be connected, instead of returning as soon as more than 1 second elapses between connecting blocks.

All of these changes seem very nice. I left suggestions for keeping backwards compatibility and fixing a missing lock with I think would be good to apply but probably not critical.

DrahtBot added the label Needs rebase on Feb 7, 2026

Sjors force-pushed on Feb 7, 2026

Sjors referenced this in commit e629a8262c on Feb 7, 2026

Sjors commented at 11:35 AM on February 7, 2026: member

Rebased after the test split in #34452.

Re: #34184 (review)

I'd like to stick to making this a breaking change, assuming it's merged before the v31 branch-off. We quite recently effectively bumped the minium requirement from v30 to v30.2 by removing the older releases, so we lost strong backward compatibility anyway. With v31 coming in two months, it seems fine to do a little cleanup.

I also haven't seen other breaking changes on the horizon (unless I overlooked them), so I don't expect this to happen again soon.

DrahtBot removed the label Needs rebase on Feb 7, 2026

ryanofsky approved

ryanofsky commented at 8:44 PM on February 9, 2026: contributor

Code review ACK e629a8262c083d4d210689961a4bbeb41851c0af. Changes since last review were rebasing to fix test conflicts and renaming the interrupt variable and adding a missing lock around one access.

I still feel like it would be better to replace the first commit breaking compatibility with the simpler change suggested in #34184 (review) which keeps compatibility.

But I can understand being in a hurry to break compatibility when dealing with bugs in older clients & the pace of review here.

So assuming you do want to keep the commit which breaks compatibility (eaa1209ea4462d1221e049891fb588adb5cf60d3), I'd suggest two more changes from my notes about things to fix in the next version bump. One would be to credit @plebhash for first pointing out the missing Context arguments in his comment #33575 (comment). I think he was the first person to notice that. The other would be to fix inconsistent defaults between C++ and Cap'n Proto interfaces, since changing default values also breaks backwards compatibility and the current missing defaults can lead to unnecessary problems and boilerplate in clients. Assigning consistent defaults should be possible with:

--- a/src/ipc/capnp/mining.capnp
+++ b/src/ipc/capnp/mining.capnp
@@ -12,11 +12,15 @@ using Proxy = import "/mp/proxy.capnp";
 $Proxy.include("interfaces/mining.h");
 $Proxy.includeTypes("ipc/capnp/mining-types.h");
 
+const maxMoney :Int64 = 2100000000000000;
+const maxDouble :Float64 = 1.7976931348623157e308;
+const defaultBlockReservedWeight :UInt32 = 8000;
+
 interface Mining $Proxy.wrap("interfaces::Mining") {
     isTestChain [@0](/bitcoin-bitcoin/contributor/0/) (context :Proxy.Context) -> (result: Bool);
     isInitialBlockDownload [@1](/bitcoin-bitcoin/contributor/1/) (context :Proxy.Context) -> (result: Bool);
     getTip [@2](/bitcoin-bitcoin/contributor/2/) (context :Proxy.Context) -> (result: Common.BlockRef, hasResult: Bool);
-    waitTipChanged [@3](/bitcoin-bitcoin/contributor/3/) (context :Proxy.Context, currentTip: Data, timeout: Float64) -> (result: Common.BlockRef);
+    waitTipChanged [@3](/bitcoin-bitcoin/contributor/3/) (context :Proxy.Context, currentTip: Data, timeout: Float64 = .maxDouble) -> (result: Common.BlockRef);
     createNewBlock [@4](/bitcoin-bitcoin/contributor/4/) (context :Proxy.Context, options: BlockCreateOptions, cooldown: Bool) -> (result: BlockTemplate);
     checkBlock [@5](/bitcoin-bitcoin/contributor/5/) (context :Proxy.Context, block: Data, options: BlockCheckOptions) -> (reason: Text, debug: Text, result: Bool);
     interrupt [@6](/bitcoin-bitcoin/contributor/6/) () -> ();
@@ -39,19 +43,19 @@ interface BlockTemplate $Proxy.wrap("interfaces::BlockTemplate") {
 }
 
 struct BlockCreateOptions $Proxy.wrap("node::BlockCreateOptions") {
-    useMempool [@0](/bitcoin-bitcoin/contributor/0/) :Bool $Proxy.name("use_mempool");
-    blockReservedWeight [@1](/bitcoin-bitcoin/contributor/1/) :UInt64 $Proxy.name("block_reserved_weight");
-    coinbaseOutputMaxAdditionalSigops [@2](/bitcoin-bitcoin/contributor/2/) :UInt64 $Proxy.name("coinbase_output_max_additional_sigops");
+    useMempool [@0](/bitcoin-bitcoin/contributor/0/) :Bool = true $Proxy.name("use_mempool");
+    blockReservedWeight [@1](/bitcoin-bitcoin/contributor/1/) :UInt64 = .defaultBlockReservedWeight $Proxy.name("block_reserved_weight");
+    coinbaseOutputMaxAdditionalSigops [@2](/bitcoin-bitcoin/contributor/2/) :UInt64 = 400 $Proxy.name("coinbase_output_max_additional_sigops");
 }
 
 struct BlockWaitOptions $Proxy.wrap("node::BlockWaitOptions") {
-    timeout [@0](/bitcoin-bitcoin/contributor/0/) : Float64 $Proxy.name("timeout");
-    feeThreshold [@1](/bitcoin-bitcoin/contributor/1/) : Int64 $Proxy.name("fee_threshold");
+    timeout [@0](/bitcoin-bitcoin/contributor/0/) : Float64 = .maxDouble $Proxy.name("timeout");
+    feeThreshold [@1](/bitcoin-bitcoin/contributor/1/) : Int64 = .maxMoney $Proxy.name("fee_threshold");
 }
 
 struct BlockCheckOptions $Proxy.wrap("node::BlockCheckOptions") {
-    checkMerkleRoot [@0](/bitcoin-bitcoin/contributor/0/) :Bool $Proxy.name("check_merkle_root");
-    checkPow [@1](/bitcoin-bitcoin/contributor/1/) :Bool $Proxy.name("check_pow");
+    checkMerkleRoot [@0](/bitcoin-bitcoin/contributor/0/) :Bool = true $Proxy.name("check_merkle_root");
+    checkPow [@1](/bitcoin-bitcoin/contributor/1/) :Bool = true $Proxy.name("check_pow");
 }
 
 struct CoinbaseTx $Proxy.wrap("node::CoinbaseTx") {

</details>

PR also seems fine it its current form, though and these are just suggestions.

DrahtBot requested review from w0xlt on Feb 9, 2026

Sjors commented at 9:04 PM on February 9, 2026: member

I'd suggest two more changes

I'll amend the commit to give credit if I need to touch it again.

The additional interface changes are in different methods, so I prefer to do them as a followup PR. I'll also drop the previously deprected methods there.

in src/interfaces/mining.h:156 in 0d4cf7041a outdated

 154 | +     *                     signets with only one miner.
 155 |       * @retval BlockTemplate a block template.
 156 |       * @retval std::nullptr if the node is shut down.
 157 |       */
 158 | -    virtual std::unique_ptr<BlockTemplate> createNewBlock(const node::BlockCreateOptions& options = {}) = 0;
 159 | +    virtual std::unique_ptr<BlockTemplate> createNewBlock(const node::BlockCreateOptions& options = {}, bool cooldown = false) = 0;

ismaelsadeeq commented at 2:31 PM on February 11, 2026:

In "mining: add cooldown argument to createNewBlock()" 0d4cf7041af41e6371473f7df93301d7100cea3e

Shouldn't it be the other way around, cooldown true? You do not cool down when on a custom setup?

Sjors commented at 4:17 PM on February 11, 2026:

The vast majority of code paths is in test code, so this default is easier (less code churn). Since IPC clients (unless they use libmultiprocess) can't take advantage of the default value anyway, might as well use false.

ryanofsky commented at 4:19 AM on February 12, 2026:

Since IPC clients (unless they use libmultiprocess) can't take advantage of the default value anyway, might as well use false.

I don't think I have an opinion on what the default should be, but wanted to point out that Cap'n Proto supports setting default values, so IPC clients should be able to take advantage of whatever default is set.

I opened #34568 just now which sets defaults for other parameters. The only restriction capnproto has on defaults is that you can only set them when fields and parameters are first introduced. One a field exists changing its default is not backwards compatible (because on the wire default values are always 0 and internally it uses some trickery to map 0 to whatever the declared default value is).

Sjors commented at 11:53 AM on February 12, 2026:

Ok, that's useful to know. I'll take a look at this PR. Will hold on to false until that lands though.

in src/interfaces/mining.h:152 in 0d4cf7041a outdated

 149 | -     *
 150 |       * @param[in] options options for creating the block
 151 | +     * @param[in] cooldown wait for tip to be connected and IBD to complete.
 152 | +     *                     If the best header is ahead of the tip, wait for the
 153 | +     *                     tip to catch up. Recommended, except for regtest and
 154 | +     *                     signets with only one miner.

ismaelsadeeq commented at 2:33 PM on February 11, 2026:

In "mining: add cooldown argument to createNewBlock()" 0d4cf7041af41e6371473f7df93301d7100cea3e

nit: no need to mention all the custom setups that don't need cooldown; highlight that we return immediately.

Sjors commented at 4:19 PM on February 11, 2026:

Even though the default in our c++ code is false (see above), the recommendation for real clients is true, with these two exceptions.

in src/node/interfaces.cpp:986 in 0d4cf7041a outdated

 983 | +            // because on regtest and single miner signets this would wait
 984 | +            // forever if no block was mined in the past day.
 985 | +            while (chainman().IsInitialBlockDownload()) {
 986 | +                maybe_tip = waitTipChanged(maybe_tip->hash, MillisecondsDouble{1000});
 987 | +                if (!maybe_tip) return {};
 988 | +            }

ismaelsadeeq commented at 2:52 PM on February 11, 2026:

In "mining: add cooldown argument to createNewBlock()" 0d4cf7041af41e6371473f7df93301d7100cea3e

Hmm, when the node loses connectivity briefly during IBD, or experiences block stalling due to poor peers or any other reason, this will return empty. Why not have it wait until IBD is done or interrupt during shutdown using a conditional variable (It is safe to block in this case because we are not in the final catch up yet) ?

Sjors commented at 4:23 PM on February 11, 2026:

No, we return empty if the node shuts down or the call is interrupted. If there's a timeout, waitTipChanged returns the current tip, not nullopt.

This loop just checks once per second if we're still in IBD.

ismaelsadeeq commented at 4:54 PM on February 11, 2026:

That makes sense, thanks for clarifying.

in src/node/miner.cpp:461 in 0d4cf7041a

 456 | +{
 457 | +    uint256 last_tip_hash{last_tip.hash};
 458 | +
 459 | +    while (const std::optional<int> remaining = chainman.BlocksAheadOfTip()) {
 460 | +        const int cooldown_seconds = std::clamp(*remaining, 3, 20);
 461 | +        // Use a steady clock so cooldown is independent of mocktime.

ismaelsadeeq commented at 3:04 PM on February 11, 2026:

In "mining: add cooldown argument to createNewBlock()" 0d4cf7041af41e6371473f7df93301d7100cea3e

Why not mockable steady clock? It also moves forward only and will allow for testing some scenarios??

Sjors commented at 4:34 PM on February 11, 2026:

In an earlier version of this PR the cooldown would also happen in the test framework by default, so using mock time was a headache. But now it's gated behind the cooldown argument. I'll look into using a mockable stead clock if I need to retouch.

Sjors commented at 4:33 PM on February 12, 2026:

Done!

in src/node/interfaces.cpp:973 in 0d4cf7041a outdated

 966 | @@ -967,10 +967,27 @@ class MinerImpl : public Mining
 967 |          return WaitTipChanged(chainman(), notifications(), current_tip, timeout);
 968 |      }
 969 |  
 970 | -    std::unique_ptr<BlockTemplate> createNewBlock(const BlockCreateOptions& options) override
 971 | +    std::unique_ptr<BlockTemplate> createNewBlock(const BlockCreateOptions& options, bool cooldown) override
 972 |      {
 973 |          // Ensure m_tip_block is set so consumers of BlockTemplate can rely on that.
 974 | -        if (!waitTipChanged(uint256::ZERO, MillisecondsDouble::max())) return {};
 975 | +        std::optional<BlockRef> maybe_tip{waitTipChanged(uint256::ZERO, MillisecondsDouble::max())};

ismaelsadeeq commented at 3:13 PM on February 11, 2026:

In "mining: add cooldown argument to createNewBlock()" 0d4cf7041af41e6371473f7df93301d7100cea3e

Should this implementation code move to miner?

Sjors commented at 4:32 PM on February 11, 2026:

Maybe, but at the moment both cooldown and interrupt are specific to IPC.

ismaelsadeeq commented at 3:25 PM on February 11, 2026: member

Concept ACK

I briefly looked at this, you could still mine on a stale tip even with this when your node stalls for a bit for any reason.

But I get the point, mining on a stale, is far better than waiting forever.

I have some suggestions below.

DrahtBot added the label Needs rebase on Feb 12, 2026

ryanofsky referenced this in commit e555eb86e9 on Feb 12, 2026

Sjors commented at 1:49 PM on February 12, 2026: member

Trying to rebase after #33965, but this is trickier than I expected due to the interaction of 418b7995ddfbc88764f1f0ceabf8993808b08bd8 with eaa1209ea4462d1221e049891fb588adb5cf60d3. Apparently libmultiprocess doesn't propagate the minimum weight exception now that it runs in another thread (because we add @context).

I'm looking for a workaround that doesn't involve patching libmultiprocess.

ryanofsky referenced this in commit 6c614ba31a on Feb 12, 2026

ryanofsky referenced this in commit fc60bd4540 on Feb 12, 2026

Sjors referenced this in commit fe297f0976 on Feb 12, 2026

Sjors force-pushed on Feb 12, 2026

Sjors commented at 4:22 PM on February 12, 2026: member

I ended up including the test workaround ad8e5f93b0db5ceb9b4331f88b54de6ca593fcbf from #34568 (along with the test framework tweaks in 1f1b089a44331feb7262f95a88437e47f52eb743). Added a note in the PR description that the merge order between this and #34568 doesn't matter.

I also switched to mockable steady clock in the test, see #34184 (review).

DrahtBot removed the label Needs rebase on Feb 12, 2026

ryanofsky referenced this in commit 0548a95f94 on Feb 12, 2026

ryanofsky referenced this in commit 3afebda53c on Feb 12, 2026

ryanofsky approved

ryanofsky commented at 8:53 PM on February 12, 2026: contributor

Code review ACK fe297f0976c1a2f8e2be3ad598bc287f71a7f8f9. Just rebased due to conflicts with #33965, added workaround to deal with new exception thrown by createNewBlock in that PR, added cooldown=True to python test, and switching from SteadyClock -> MockableSteadyClock since last review.

I'd like if #34568 could be merged before this PR so this PR could be cleaner and more narrowly focused on implementing the cooldown feature, and so the mining interface number wouldn't need to be bumped twice (or bumped once with an intermediate period where incompatible schemas could silently break clients).

I also think it would be good to add cooldown: Bool = true to the .capnp file if we think this is a better default behavior. It should be ok for capnp default value to be different from c++ if updating the c++ value would create too much churn in unit tests.

Just my thoughts though. PR is already in good shape as-is.

DrahtBot requested review from ismaelsadeeq on Feb 12, 2026

Sjors commented at 7:46 AM on February 13, 2026: member

I'd like if #34568 could be merged before this PR

That's fine by me.

I also think it would be good to add cooldown: Bool = true to the .capnp file if we think this is a better default behavior.

Good idea. Since it's a new method, that's not a breaking change. It does make the diff bigger because I need to opt-out everywhere, but if we merge #34568 that reduces the PR diff.

Sjors referenced this in commit f24385eede on Feb 13, 2026

Sjors force-pushed on Feb 13, 2026

Sjors referenced this in commit 9c54cb116a on Feb 13, 2026

Sjors force-pushed on Feb 13, 2026

DrahtBot added the label CI failed on Feb 13, 2026

DrahtBot commented at 9:32 AM on February 13, 2026: contributor

🚧 At least one of the CI tasks failed. Task macOS native: https://github.com/bitcoin/bitcoin/actions/runs/21979984946/job/63499970158 LLM reason (✨ experimental): testnet4_miner_tests timed out (Timeout) causing the CI to fail.

<details><summary>Hints</summary>

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

</details>

Sjors commented at 9:34 AM on February 13, 2026: member

I missed one /*cooldown=*/false spot. Also pulled in the latest versions of the two commits from #34568 (just a commit message change).

Sjors commented at 9:41 AM on February 13, 2026: member

Making my life easier by rebasing this on top of #34568, which is in good shape, and marking as draft until that's merged.

(I have a release note too, will push on the next update)

Sjors marked this as a draft on Feb 13, 2026

Sjors referenced this in commit 6428ed1839 on Feb 13, 2026

Sjors force-pushed on Feb 13, 2026

DrahtBot removed the label CI failed on Feb 13, 2026

ryanofsky referenced this in commit 70de5cc2d2 on Feb 17, 2026

Sjors referenced this in commit f5d84de0aa on Feb 20, 2026

Sjors force-pushed on Feb 20, 2026

Sjors commented at 10:58 AM on February 20, 2026: member

Rebased after #34568 landed, ready for review again.

Should be tagged for v31.

Sjors marked this as ready for review on Feb 20, 2026

ryanofsky added this to the milestone 31.0 on Feb 20, 2026

in test/functional/interface_ipc_mining.py:269 in d5ac2bc64f

 265 | @@ -242,7 +266,7 @@ async def async_routine():
 266 |              self.log.debug("Enforce minimum reserved weight for IPC clients too")
 267 |              opts.blockReservedWeight = 0
 268 |              try:
 269 | -                await mining.createNewBlock(ctx, opts)
 270 | +                await mining.createNewBlock(ctx, opts, cooldown=False)

ryanofsky commented at 1:39 PM on February 20, 2026:

In commit "mining: add cooldown argument to createNewBlock()" (d5ac2bc64f19be57e658d723311eca268cee5249)

Any particular reason for specifying cooldown=False here? Would seem simpler to follow line 296 and use default behavior unless there's a reason to override it. Or if there is a reason to override it, add a comment indicating why

Sjors commented at 1:59 PM on February 20, 2026:

I set it to false for all tests, but I guess it makes to not do that for IPC tests. I'll try that.

ryanofsky approved

ryanofsky commented at 1:41 PM on February 20, 2026: contributor

Code review ACK 1e0288800e1f58a21462a07196c2a78de7b09518. Only changes since last review were switching cooldown default from false to true, rebasing, and adding release notes.

Might also be good to remove "Based on #34568" from the description to keep it simpler now the other PR is merged

mining: add cooldown argument to createNewBlock()

At startup, if the needs to catch up, connected mining clients will
receive a flood of new templates as new blocks are connected.

Fix this by adding a cooldown argument to createNewBlock(). When set
to true, block template creation is briefly paused while the best
header chain is ahead of the tip.

This wait only happens when the best header extends the current tip,
to ignore competing branches.

Additionally, cooldown waits for isInitialBlockDownload() to latch to
false, which happens when there is less than a day of blocks left to sync.

When cooldown is false createNewBlock() returns immediately. The argument
is optional, because many tests are negatively impacted by this
mechanism, and single miner signets could end up stuck if no block
was mined for a day.

The getblocktemplate RPC also opts out, because it would add a delay
to each call.

Fixes #33994

a11297a904

mining: add interrupt()

Both waitTipChanged() and createNewBlock() can take a long time to
return. Add a way for clients to interrupt them.

The new m_interrupt_mining is safely accessed with a lock on
m_tip_block_mutex, but it has no guard annotation. A more thorough
solution is discussed here:
https://github.com/bitcoin/bitcoin/pull/34184#discussion_r2743566474

1e82fa498c

doc: release note for IPC cooldown and interrupt fcaec2544b

Sjors force-pushed on Feb 20, 2026

Sjors commented at 3:50 PM on February 20, 2026: member

Updated PR description to remove reference to the merged #34568.

Adjusted interface_ipc_mining.py to reflect that the cooldown default is now False.

ryanofsky approved

ryanofsky commented at 5:04 PM on February 20, 2026: contributor

Code review ACK fcaec2544b32226fd5357a88506fe080058d25bc. Only changes since last review were removing two cooldown arguments from the mining IPC test to simplify it

satsfy referenced this in commit 1c6ed568b4 on Feb 21, 2026

in test/functional/interface_ipc_mining.py:169 in a11297a904

 165 | +                assert_greater_than_or_equal(time.time() - start, 0.9)
 166 | +
 167 | +                header_only_peer.peer_disconnect()
 168 | +                self.connect_nodes(0, 1)
 169 | +                self.sync_all()
 170 | +

enirox001 commented at 5:48 PM on February 23, 2026:

In commit "mining: add cooldown argument to createNewBlock()" (a11297a904)

The existing test verifies that createNewBlock() blocks while headers are ahead of the tip.

This proposed follow-up test the complementary property, that it wakes up promptly once submitblock advances the tip, rather than waiting for the cooldown timer to expire on its own.

index 5095583a0e..067e2d9217 100755
--- a/test/functional/interface_ipc_mining.py
+++ b/test/functional/interface_ipc_mining.py
@@ -171,6 +171,32 @@ class IPCMiningTest(BitcoinTestFramework):
                 # spurious failures.
                 assert_greater_than_or_equal(time.time() - start, 0.9)
 
+                self.log.debug("createNewBlock() should wake up immediately after sync")
+                results = {}
+
+                async def create_block_with_timing():
+                    bg_start = time.time()
+                    res = await mining.createNewBlock(ctx, self.default_block_create_options)
+                    results['duration'] = time.time() - bg_start
+                    results['success'] = res._has("result")
+
+                task = asyncio.create_task(create_block_with_timing())
+                await asyncio.sleep(0.5)
+                assert not task.done(), "createNewBlock() returned early — cooldown did not engage"
+                block_hex = self.nodes[1].getblock(node1_block_hash, False)
+                self.nodes[0].submitblock(block_hex)
+
+                try:
+                    await asyncio.wait_for(task, timeout=10.0)
+                except asyncio.TimeoutError:
+                    task.cancel()
+                    raise AssertionError("createNewBlock() did not wake up within 10s after submitblock")
+
+                assert_equal(results['success'], True)
+                assert_greater_than_or_equal(results['duration'], 0.5)
+

Sjors commented at 12:19 PM on February 24, 2026:

@enirox001 would you like to open a PR with this test and the other documentation followup?

enirox001 commented at 8:49 AM on February 27, 2026:

Yes, I'll put that together.

As @ryanofsky suggested in #34422, I'm going to combine this test addition with a quick refactor of make_mining_ctx to keep the test suite clean and avoid duplication. I'll open the follow-up PR shortly

ryanofsky commented at 6:04 PM on April 2, 2026:

re: #34184 (review)

This proposed follow-up test the complementary property, that it wakes up promptly

This was added in #34727

in src/node/interfaces.cpp:993 in 1e82fa498c

 990 |          BlockAssembler::Options assemble_options{options};
 991 |          ApplyArgsManOptions(*Assert(m_node.args), assemble_options);
 992 |          return std::make_unique<BlockTemplateImpl>(assemble_options, BlockAssembler{chainman().ActiveChainstate(), context()->mempool.get(), assemble_options}.CreateNewBlock(), m_node);
 993 |      }
 994 |  
 995 | +    void interrupt() override

enirox001 commented at 5:52 PM on February 23, 2026:

In commit "mining: add interrupt()" (1e82fa498c)

nano nit: The current naming is quite similar to interruptWait(). Explicitly documenting that this specifically targets the createNewBlock wait loop clarifies that these control two different internal primitives.

ismaelsadeeq commented at 4:31 PM on February 25, 2026:

Instead of documenting, we should flip it the other way around.

interrupt, which is the generic function that toggles the boolean value. Then interruptWait for waitNext, and interruptMining for Mining.

ryanofsky commented at 4:52 PM on February 25, 2026:

Sounds reasonable. Ultimately though I'd like to drop all these separate interrupt methods and instead add interfaces::Interrupt C++ arguments to the waiting methods that would let them detect and handle cancellations done with cap'n proto's native cancellation mechanism

enirox001 commented at 6:01 PM on February 23, 2026: contributor

ACK fcaec2544b

Verified on Fedora 43 with a clean build. Functional tests pass including interface_ipc_mining.py

I have included a few suggestions and nits below

ryanofsky assigned ryanofsky on Feb 24, 2026

ryanofsky merged this on Feb 24, 2026

ryanofsky closed this on Feb 24, 2026

Sjors deleted the branch on Feb 24, 2026

in src/node/interfaces.cpp:979 in a11297a904

 975 | +            // Do not return a template during IBD, because it can have long
 976 | +            // pauses and sometimes takes a while to get started. Although this
 977 | +            // is useful in general, it's gated behind the cooldown argument,
 978 | +            // because on regtest and single miner signets this would wait
 979 | +            // forever if no block was mined in the past day.
 980 | +            while (chainman().IsInitialBlockDownload()) {

ismaelsadeeq commented at 4:28 PM on February 25, 2026:

In "mining: add cooldown argument to createNewBlock()" a11297a9048e0d910915e1a37b2be467c057a78d

IIUC, when a chainstate is loaded via loadtxoutset, the behaviour is that you keep connecting on top of the active loaded chainstate and cooldown based on it.

in doc/release-notes-34184.md:5 in fcaec2544b

   0 | @@ -0,0 +1,8 @@
   1 | +Mining IPC
   2 | +----------
   3 | +
   4 | +- `Mining.createNewBlock` now has a `cooldown` behavior (enabled by default)
   5 | +  that waits for IBD to finish and for the tip to catch up. This usually

ismaelsadeeq commented at 4:33 PM on February 25, 2026:

In fcaec2544b32226fd5357a88506fe080058d25bc "doc: release note for IPC cooldown and interrupt"

nit: No guarantee here, mention that it opportunistically waits for IBD to finish.

ismaelsadeeq commented at 4:33 PM on February 25, 2026: member

Post merge ACK fcaec2544b32226fd5357a88506fe080058d25bc

Sjors referenced this in commit 47db0392ea on Mar 4, 2026

Sjors referenced this in commit 076b0f3e6a on Mar 4, 2026

Sjors referenced this in commit 83d487b2bc on Mar 5, 2026

chriszeng1010 referenced this in commit 295477010a on Mar 17, 2026

chriszeng1010 referenced this in commit aa4becaed6 on Mar 17, 2026

achow101 referenced this in commit 4ecf473c36 on Mar 24, 2026