coins: compact chainstate regularly after post-IBD flushes #35465

Problem: https://github.com/bitcoin-core/leveldb-subtree/pull/61 disabled read-triggered seek compactions to avoid large chainstate write amplification from random UTXO lookups. That avoids repeated read-driven rewrites, but fragmented LevelDB layouts no longer self-repair during IBD.

During IBD, this can leave validation reading through too many SSTables in compactible levels, putting pressure on LevelDB's table-cache/open-file/mmap budget. After IBD, normal chainstate churn can also leave obsolete entries behind until ordinary LevelDB compaction naturally reaches the affected levels.

Fix: After each completed full chainstate flush, decide whether to compact the chainstate.

After IBD compact randomly with 1/1000 probability per full flush. This spreads compactions across nodes and keeps recurring maintenance stateless, without storing last-compaction height or timestamp metadata in the chainstate database. Compaction runs on a background thread (utxocompact) so it does not block validation.

<!--e57a25ab6845829454e8d69fc972939a-->

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

<!--006a51241073e994b41acfe9ec718e94-->

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/35465.

<!--021abf342d371248e50ceaed478a90ca-->

Reviews

See the guideline for information on the review process.

If your review is incorrectly listed, please copy-paste <code>&lt;!--meta-tag:bot-skip--&gt;</code> into the comment that the bot should ignore.

<!--174a7506f384e20aa4161008e828411d-->

Conflicts

Reviewers, this pull request conflicts with the following ones:

• #34897 (indexes: Don't commit ahead of the flushed chainstate by mzumsande)
• #34320 (coins: delegate CCoinsViewDB::HaveCoin to GetCoin by l0rinc)
• #30342 (kernel, logging: Pass Logger instances to kernel objects by ryanofsky)
• #24230 (indexes: Stop using node internal types and locking cs_main, improve sync logic by ryanofsky)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

<!--5faf32d7da4f0f540f40219e4f7537a3-->

<!--85328a0da195eb286784d51f73fa0af9-->

🚧 At least one of the CI tasks failed. _{Task test ancestor commits: https://github.com/bitcoin/bitcoin/actions/runs/26963717717/job/79561784206} _{LLM reason (✨ experimental): CI failed because CTest reported 1 failing test: coins_tests.}

<details><summary>Hints</summary>

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

• Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.

• A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.

• An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

</details>

Concept ACK

I tested this on mainnet with a pruned IBD with default min work params. The compaction is triggered after 938344 is connected on the scheduler thread, and completes in 2m 32s while 110 blocks were connected on msghand thread. The resulting chainstate size after 952425 was 12GB. Doing the same IBD on master had a chainstate size of 15GB.

However, the current size of the chainstate db of 11GB is rather unfortunate, since it straddles L4 and L5. Most files would naturally sit at L4, but a full compaction moves all files to L5. This means that when spending any UTXO, the tombstone entry will never reach L5 until 11 GB of new data is added. This means that in a year the db could be 22 GB even if there is a net negative growth in the UTXO set. So, because of this I think instead we will need to have a scheduled compaction instead of doing this only once.

I ran an experiment with a chainstate synced up to 952529.

First, we took the chainstate that is ~14.7 GB and erased every entry via an iterator and batch write. Since many files are in L4, size compaction was able to erase many of them, reducing chainstate size by over 4 GB. Still, not ideal since our empty chainstate db is still over 10 GB!

Second, I took the synced chainstate and did a manual full compaction on it (what this PR aims to do). This reduced the size of the db to ~10.6 GB, but every file is now on L5. Then I did the same as above, erasing every single entry. Now, the empty db balloons to around ~16 GB. This can be explained because size compaction no longer pushes any entries past L4 until there's more than 10 GB of new data.

So, I think this PR has a decent approach to scheduling the compaction, but I think we need to also schedule a compaction randomly every month or two. After triggering another manual compaction, both dbs correctly reduce to size 0.

I have also measured the performance; the extra compaction doesn't add any meaningful slowdown.

<details><summary>reindex-chainstate without and with compaction</summary>

for DBCACHE in 5000; do     COMMITS="47da4f9b716d11294d4fb0f30b04a7bcf128cc14 4bcac7f699457fb001410a49795d48e4941b27bd";     STOP=950059; CC=gcc; CXX=g++;     BASE_DIR="/mnt/my_storage"; DATA_DIR="$BASE_DIR/BitcoinData"; LOG_DIR="$BASE_DIR/logs";     (echo ""; for c in $COMMITS; do git fetch -q origin "$c" 2>/dev/null || true; git log -1 --pretty='%h %s' $c || exit 1; done) &&     (echo "" && echo "$(date -I) | reindex-chainstate | ${STOP} blocks | dbcache ${DBCACHE} | $(hostname) | $(uname -m) | $(lscpu | grep 'Model name' | head -1 | cut -d: -f2 | xargs) | $(nproc) cores | $(free -h | awk '/^Mem:/{print $2}') RAM | $(lsblk -no ROTA $(df --output=source $BASE_DIR | tail -1) | grep -q 1 && echo HDD || echo SSD)"; echo "") &&     hyperfine     --sort command     --runs 1     --export-json "$BASE_DIR/rdx-$(sed -E 's/[^ ]+/\L&/g;s/[.]/_/g;s/ /-/g'<<<"$COMMITS")-$STOP-$DBCACHE-$CC.json"     --parameter-list COMMIT ${COMMITS// /,}     --prepare "killall -9 bitcoind 2>/dev/null; rm -f ./build/bin/bitcoind; git clean -fxd; git reset --hard {COMMIT} && \
      cmake -B build -G Ninja -DCMAKE_BUILD_TYPE=Release && ninja -C build bitcoind -j1 && \
      ./build/bin/bitcoind -datadir=$DATA_DIR -stopatheight=$STOP -dbcache=1000 -printtoconsole=0; sleep 20; rm -f $DATA_DIR/debug.log; rm -rfd $DATA_DIR/indexes;"     --conclude "killall bitcoind || true; sleep 5; grep -q 'height=0' $DATA_DIR/debug.log && grep -q 'Disabling script verification at block [#1](/bitcoin-bitcoin/1/)' $DATA_DIR/debug.log && grep -q 'height=$STOP' $DATA_DIR/debug.log && grep 'Bitcoin Core version' $DATA_DIR/debug.log | grep -q \"\$(git rev-parse --short=12 {COMMIT})\"; \
                cp $DATA_DIR/debug.log $LOG_DIR/debug-{COMMIT}-$(date +%s).log"     "COMPILER=$CC ./build/bin/bitcoind -datadir=$DATA_DIR -stopatheight=$STOP -dbcache=$DBCACHE -reindex-chainstate -blocksonly -connect=0 -printtoconsole=0"; done

47da4f9b71 Merge bitcoin/bitcoin#35410: net: use the proxy if overriden when doing v2->v1 reconnections
4bcac7f699 validation: compact chainstate at minimum work

2026-06-04 | reindex-chainstate | 950059 blocks | dbcache 5000 | umbrel | x86_64 | Intel(R) N150 | 4 cores | 15Gi RAM | SSD

Benchmark 1: COMPILER=gcc ./build/bin/bitcoind -datadir=/mnt/my_storage/BitcoinData -stopatheight=950059 -dbcache=5000 -reindex-chainstate -blocksonly -connect=0 -printtoconsole=0 (COMMIT = 47da4f9b716d11294d4fb0f30b04a7bcf128cc14)
  Time (abs ≡):        34274.786 s               [User: 32144.272 s, System: 3560.024 s]

Benchmark 2: COMPILER=gcc ./build/bin/bitcoind -datadir=/mnt/my_storage/BitcoinData -stopatheight=950059 -dbcache=5000 -reindex-chainstate -blocksonly -connect=0 -printtoconsole=0 (COMMIT = 4bcac7f699457fb001410a49795d48e4941b27bd)
  Time (abs ≡):        34745.423 s               [User: 32484.966 s, System: 3508.027 s]

Relative speed comparison
        1.00          COMPILER=gcc ./build/bin/bitcoind -datadir=/mnt/my_storage/BitcoinData -stopatheight=950059 -dbcache=5000 -reindex-chainstate -blocksonly -connect=0 -printtoconsole=0 (COMMIT = 47da4f9b716d11294d4fb0f30b04a7bcf128cc14)
        1.01          COMPILER=gcc ./build/bin/bitcoind -datadir=/mnt/my_storage/BitcoinData -stopatheight=950059 -dbcache=5000 -reindex-chainstate -blocksonly -connect=0 -printtoconsole=0 (COMMIT = 4bcac7f699457fb001410a49795d48e4941b27bd)

</details>

The logs also show that compaction happened close to the assumevalid height:

<details><summary>Compaction logs</summary>

cat ../logs/debug-4bcac7f699457fb001410a49795d48e4941b27bd-1780604207.log | grep -C4 compaction
2026-06-05T14:56:31Z Enabling script verification at block [#938344](/bitcoin-bitcoin/938344/) (00000000000000000001731222e3df1a47a0944429559d4c4e4caf53e71676e5): block height above assumevalid height.
2026-06-05T14:56:31Z UpdateTip: new best=00000000000000000001731222e3df1a47a0944429559d4c4e4caf53e71676e5 height=938344 version=0x2004a000 log2_work=96.100823 tx=1315808700 date='2026-02-25T21:37:38Z' progress=0.965842 cache=1973.3MiB(6654179txo)
2026-06-05T14:56:32Z UpdateTip: new best=0000000000000000000157898e02aeb20f847dd3ef8973abe68510119b7e6a33 height=938345 version=0x26946000 log2_work=96.100834 tx=1315811999 date='2026-02-25T21:49:08Z' progress=0.965844 cache=1973.3MiB(6661457txo)
2026-06-05T14:56:32Z UpdateTip: new best=0000000000000000000009325afaa03dd4686deea9781d754a82d2b7ba4ceba8 height=938346 version=0x34000000 log2_work=96.100844 tx=1315815668 date='2026-02-25T22:28:46Z' progress=0.965853 cache=1973.3MiB(6672983txo)
2026-06-05T14:56:32Z Starting chainstate compaction of /mnt/my_storage/BitcoinData/chainstate
2026-06-05T14:59:55Z Finished chainstate compaction of /mnt/my_storage/BitcoinData/chainstate
2026-06-05T14:59:55Z UpdateTip: new best=000000000000000000003028d4699d1d2566de2934ca3f2301d990a95e7db0fc height=938347 version=0x22644000 log2_work=96.100855 tx=1315819222 date='2026-02-25T22:31:42Z' progress=0.965853 cache=1973.3MiB(6679310txo)
2026-06-05T14:59:55Z UpdateTip: new best=000000000000000000009c20b9c211fd01503cfcabf44c939f83bc54d9a89b2c height=938348 version=0x20866000 log2_work=96.100865 tx=1315820982 date='2026-02-25T22:35:24Z' progress=0.965854 cache=1973.3MiB(6681830txo)
2026-06-05T14:59:56Z UpdateTip: new best=00000000000000000001c0bc82a20646b8daadc382af5f06486f016e931cf332 height=938349 version=0x20036000 log2_work=96.100876 tx=1315824111 date='2026-02-25T22:45:22Z' progress=0.965857 cache=1973.3MiB(6686145txo)
2026-06-05T14:59:56Z UpdateTip: new best=00000000000000000001dc00d7c939a9d780c72dc64e378c8c9638d3e8401ace height=938350 version=0x23f2c000 log2_work=96.100886 tx=1315826175 date='2026-02-25T22:55:02Z' progress=0.965859 cache=1973.3MiB(6690199txo)

</details>

Compaction took ~3.5 minutes, but it seems to have been blocking new block connections - I'm not yet sure why (cc: @andrewtoth).

This means that in a year the db could be 22 GB even if there is a net negative growth in the UTXO set

I'm still trying to simulate this, will get back to you on it.

but I think we need to also schedule a compaction randomly every month or two

That was my original approach, to schedule one every 10k blocks after IBD. I'll investigate it, thanks a lot for the measurements.

Since the last push, chainstate compaction no longer runs through the validation-interface queue (blocking block connections). CCoinsViewDB::CompactFull() now starts a one-shot background compaction job, so validation only force-syncs the latest chainstate before triggering the work.

The first compaction is still deterministic when the active chain leaves IBD. After that, recurring maintenance is randomized: each post-IBD full chainstate flush has a 1/1000 chance to start compaction. With the current roughly hourly flush cadence, that averages to about six weeks.

If we are doing a compaction randomly after every full_flush_completed, then I don't see a need for the min work check. Since it's done in the background, we can randomly compact during IBD too. There's no need for logic that tracks IBD state. That should simplify the logic here quite a bit.

Is there a way to prevent the compaction from occurring during shutdown? We flush a few times during shutdown and it would not be great if it triggered a compaction that prevented shutdown for several minutes.

We should use a named TraceThread for the compaction thread.

<!--85328a0da195eb286784d51f73fa0af9-->

🚧 At least one of the CI tasks failed. _{Task Windows-cross to x86_64, ucrt: https://github.com/bitcoin/bitcoin/actions/runs/27151249634/job/80142552112} _{LLM reason (✨ experimental): CI failed at the link step due to an undefined reference to util::TraceThread(...) when building libbitcoinkernel.dll.}

<details><summary>Hints</summary>

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

• Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.

• A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.

• An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

</details>

ACK d15668d53558ac78953b50634e8272d5bc55d654

Nice approach with randomly compacting every 1000 flushes.

Tested by setting flush_ratio to 1 and DATABASE_WRITE_INTERVAL_... to be between 5 and 7 minutes.

Compaction was triggered every periodic flush in the background.

No compaction was triggered on shutdown.

Not convinced we need to not compact during IBD. There doesn't seem to be sufficient rationale to have a check for this and not just compact as well if one of the flushes during IBD is chosen.

PR description should be updated. The motivation for this is not about pressure on leveldb data structures, but on the disk footprint of the chainstate db. Also, can mention #35298 is fixed by this.