fa58f40b898ba6c57655bf38a241fb10107d4a3a test: Slim down previous releases bdb check (MarcoFalke)
Pull request description:
The check iterates over several previous BDB-only releases to check that descriptor wallets are considered "corrupt" when loading. It is unclear why this needs to be done for more than one release.
Avoid the confusion by removing the unused releases from the test and from the download script.
ACKs for top commit:
achow101:
ACK fa58f40b898ba6c57655bf38a241fb10107d4a3a
rkrux:
ACK fa58f40b898ba6c57655bf38a241fb10107d4a3a
Tree-SHA512: 8084392481bfe1fba9b80bb865ffbdfa454e9e6e14e02c39fa3f61c1a596b1def2c531c5da1c7566e5fddb77ac7e56f19feabaaf9b5af043fa6c230d9e2370b5
fa48be3ba443d2436f754265b86331f84b866130 test: Force named args for RPCOverloadWrapper optional args (MarcoFalke)
aaaa45399ca3f9a5ed19c176b25e3165e1e4e0d9 test: Remove unused createwallet_passthrough (MarcoFalke)
cccc1f4e91902f2e95481630fd534b8c72452b44 test: Remove unused RPCOverloadWrapper is_cli field (MarcoFalke)
Pull request description:
This can avoid bugs and makes the test code easier to read, because the
order of positional args does not have to be known or assumed.
Also, contains two commits to remove dead code.
ACKs for top commit:
achow101:
ACK fa48be3ba443d2436f754265b86331f84b866130
rkrux:
tACK fa48be3ba443d2436f754265b86331f84b866130
janb84:
tACK [fa48be3](fa48be3ba4)
Tree-SHA512: d938fbc18be5035ad0d0e1ad2bf7297b2b66ede3bb2d3f10b8d27aa2a19d27a897b024a5f5a2a1cceca467837890729c26054928cb06acbe282b9e9eea94ae69
35e57fbe336cdcb348ff088fc04216f1f5cf2742 depends: Fix cross-compiling `qt` package from macOS to Windows (Hennadii Stepanov)
Pull request description:
Native packages cannot be used during cross-compiling. However, Qt still unconditionally tries to find them, which causes issues in some cases, such as when [cross-compiling from macOS to Windows](https://github.com/bitcoin/bitcoin/issues/32346).
This PR explicitly disables this unnecessary Qt behaviour.
Fixes https://github.com/bitcoin/bitcoin/issues/32346.
Here is a full workflow on my macOS Sequoia 15.4.1 (Intel):
```
% brew install make cmake ninja mingw-w64 nsis
% gmake -C depends -j 10 HOST=x86_64-w64-mingw32
% cmake -B build --toolchain depends/x86_64-w64-mingw32/toolchain.cmake
% cmake --build build -j 10 -t deploy
```
ACKs for top commit:
shahsb:
ACK 35e57fbe33
fanquake:
ACK 35e57fbe336cdcb348ff088fc04216f1f5cf2742
Tree-SHA512: 2822fb49bc84dd094dbd189d8a9ca0f023e1e48127db7beaefb9db92de53df63bb0f399c9c430c33941f9a9ee6976b9161d80467d889f7717385b9d1ea9fee43
77e553ab6a0a98d065884a83490f28eec6df0e23 build: refactor: hardening flags -> core_interface (David Gumberg)
00ba3ba30341a9073049125334f176d6c05d1b54 build: Drop option for disabling hardening (David Gumberg)
f57db75e91dec7e57a7eecfd5f6c914f278bc543 build: Use `-z noseparate-code` on NetBSD < 11.0 (David Gumberg)
Pull request description:
Follow up to #32038 which dropped `NO_HARDEN` from depends builds, this PR drops the `ENABLE_HARDENING` build option since disabling hardening of binaries should not be a supported or maintained use case. With this change, hardening flags are always enabled.
Individual hardening flags and options can still be disabled by appending flags, e.g.:
```bash
cmake -B build \
-DAPPEND_CPPFLAGS='-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -fno-stack-protector -fcf-protection=none -fno-stack-clash-protection' \
-DAPPEND_LDFLAGS='-Wl,-z,lazy -Wl,-z,norelro -Wl,-z,noseparate-code'
```
There is an issue with NetBSD 10.0's dynamic linker that makes one of the hardening linker flags, `-z separate-code`, [problematic](https://github.com/bitcoin/bitcoin/pull/28724#issuecomment-2589347934), so this PR also introduces a check to prevent the use of this flag in NetBSD versions < 11.0, (where this issue is [fixed](acf7fb3abf)). The fix for this [might be backported](https://mail-index.netbsd.org/tech-userlevel/2023/01/05/msg013670.html) to NetBSD 10.0.
I suggest reviewing the diff with whitespace changes hidden (`git diff -w` or using github's hide whitespace option)
ACKs for top commit:
hebasto:
re-ACK 77e553ab6a0a98d065884a83490f28eec6df0e23.
laanwj:
re-ACK 77e553ab6a0a98d065884a83490f28eec6df0e23
janb84:
ACK [77e553a](77e553ab6a)
vasild:
ACK 77e553ab6a0a98d065884a83490f28eec6df0e23
musaHaruna:
tested ACK [77e553](77e553ab6a)
Tree-SHA512: b149fb0371d12312c140255bf674c2bdc9f5272a5750a5b9ec5f192323364bb2ea8e164af13b9ab981ab3aa7ceb91b7a64785081e7458470e81c2f5228abf7b1
61f238e84ac6d24d8f420c2eabcbb2980d7fcb1e doc: Fix fuzz test_runner.py path (monlovesmango)
Pull request description:
This commit fixes the path listed in the documentation for the fuzz testing test_runner.py. Previously the --help option worked but running fuzz tests from the documented path did not.
ACKs for top commit:
kevkevinpal:
ACK [61f238e](61f238e84a)
maflcko:
lgtm ACK 61f238e84ac6d24d8f420c2eabcbb2980d7fcb1e
mabu44:
Tested ACK 61f238e84ac6d24d8f420c2eabcbb2980d7fcb1e
hebasto:
ACK 61f238e84ac6d24d8f420c2eabcbb2980d7fcb1e.
Tree-SHA512: e8770f38e49a428e0e7f0450db193ec90cc1e66c05bcde307763c065ac7051f3f05923bb3e0eca7a337da9c14cfd17512ff0d01ffa330796159d4f3552103b7f
71656bdfaa6bfe08ce9651246a3ef606f923351b gui: crash fix, disconnect numBlocksChanged() signal during shutdown (furszy)
Pull request description:
Aiming to fixbitcoin-core/gui#862.
The crash stems from the order of the shutdown procedure:
We first unset the client model, then destroy the wallet controller—but we leave
the internal wallet models (`m_wallets`) untouched for a brief period. As a result,
there’s a point in time where views still have connected signals and access to
wallet models that are not connected to any wallet controller.
Now.. since the `clientModel` is only replaced with nullptr locally and not destroyed
yet, signals like `numBlocksChanged` can still emit. Thus, when wallet views receive
them, they see a non-null wallet model ptr, and proceed to call backend functions
from a model that is being torn down.
As the shutdown procedure begins by unsetting `clientModel` from all views. It’s safe
to ignore events when `clientModel` is nullptr.
ACKs for top commit:
maflcko:
lgtm ACK 71656bdfaa6bfe08ce9651246a3ef606f923351b
pablomartin4btc:
re-ACK 71656bdfaa6bfe08ce9651246a3ef606f923351b
hebasto:
ACK 71656bdfaa6bfe08ce9651246a3ef606f923351b, I have reviewed the code and it looks OK.
Tree-SHA512: e6a369c40aad8a5a3da64e92daa10250006f60c53feef353a5580e1bdb17fe8e1ad102abf5419ddeff1caa703b69ab634265ef3b9cfef87e9304f97bfdd2c4aa
edd46566bd66cea7d7f4116429fe1c11d2187ba2 qt: Replace stray tfm::format to cerr with qWarning (laanwj)
Pull request description:
GUI warnings should go to the log, not to the console (which may not be connected at all).
ACKs for top commit:
hebasto:
ACK edd46566bd66cea7d7f4116429fe1c11d2187ba2, I have reviewed the code and it looks OK.
Tree-SHA512: 32944e00dae0c62bb23e3d7abd486b63e445702483ca03c74c3057ef942f06e771d4d3d3a58fd728582889d6b638fae11ecc536a25febfd89a28522b7d6d08ba
This commit fixes the path listed in the documentation for the fuzz
testing test_runner.py. Previously the --help option worked but running
fuzz tests from the documented path did not.
3dbd50a576be55941cb4b5034dc2171c03afb07c Fix failing util_time_GetTime test on Windows (VolodymyrBg)
Pull request description:
Remove unreliable steady clock time checking from the test that was causing CI failures primarily on Windows. The test previously tried to verify that steady_clock time increases after a 1ms sleep, but this approach is not reliable on all platforms where such a short sleep interval may not consistently result in observable clock changes.
This addresses issue #32197 where the test was reporting failures in the cross-built Windows CI environment. As noted in the discussion, the test is not critical to the functionality of Bitcoin Core, and removing the unreliable part is the most straightforward solution.
ACKs for top commit:
maflcko:
lgtm ACK 3dbd50a576be55941cb4b5034dc2171c03afb07c
achow101:
ACK 3dbd50a576be55941cb4b5034dc2171c03afb07c
laanwj:
re-ACK 3dbd50a576be55941cb4b5034dc2171c03afb07c
Tree-SHA512: 25c80558d9587c7845d3c14464e8d263c8bd9838a510faf44926e5cda5178aee10b03a52464246604e5d27544011d936442ecfa1e4cdaacb66d32c35f7213902
The crash stems from the order of the shutdown procedure:
We first unset the client model, then destroy the wallet controller—but we leave
the internal wallet models ('m_wallets') untouched for a brief period. As a result,
there’s a point in time where views still have connected signals and access to
wallet models that are not connected to any wallet controller.
Now.. since the clientModel is only replaced with nullptr locally and not destroyed
yet, signals like numBlocksChanged can still emit. Thus, when wallet views receive
them, they see a non-null wallet model ptr, and proceed to call backend functions
from a model that is being torn down.
As the shutdown procedure begins by unsetting clientModel from all views. It’s safe
to ignore events when clientModel is nullptr.
Remove unreliable steady clock time checking from the test that was causing
CI failures primarily on Windows. The test previously tried to verify that
steady_clock time increases after a 1ms sleep, but this approach is not reliable
on all platforms where such a short sleep interval may not consistently result
in observable clock changes.
This addresses issue #32197 where the test was reporting failures in the
cross-built Windows CI environment. As noted in the discussion, the test is not
critical to the functionality of Bitcoin Core, and removing the unreliable part
is the most straightforward solution.
Rename and refocus util_time_GetTime test to util_mocktime
Co-Authored-By: maflcko <6399679+maflcko@users.noreply.github.com>
facb9b327b9da39ce1e09ed56199be9efb19b5b8 scripted-diff: Use bpf_cflags (MarcoFalke)
fa0c1baaf89805182de56d6a2e8eed2265a94b40 test: Add imports for util bpf_cflags (MarcoFalke)
Pull request description:
On some Linux kernel versions, the bpf compiler invoked in the functional tests will issue a `-Wduplicate-decl-specifier` warning.
This seems harmless and should be fixed upstream in the Linux kernel.
Here, simply suppress it for now. Fixes https://github.com/bitcoin/bitcoin/issues/32322
ACKs for top commit:
laanwj:
Code review ACK facb9b327b9da39ce1e09ed56199be9efb19b5b8
hebasto:
ACK facb9b327b9da39ce1e09ed56199be9efb19b5b8, I have reviewed the code and it looks OK.
Tree-SHA512: 53387127e3c2a2dbfe05281b2d2e61efbd3c3adcc3b4bf2f11540042f86e1e8c06637f80d246310bc44ca0612318472f25545c1e1ca3636fda97d04381f9e905
3c3548a70eedb8dcf6a4a8d605a4a12e814c7cac validation: clarify final |= BLOCK_FAILED_VALID in InvalidateBlock (Matt Corallo)
aac5488909f72f8c5a91ca7f12398069b7cd9ce4 validation: correctly update BlockStatus for invalid block descendants (stratospher)
9e29653b424b324c753526fbbf9fdbc92e88244f test: check BlockStatus when InvalidateBlock is used (stratospher)
c99667583dd9b57612edf4c04611cd4857250600 validation: fix traversal condition to mark BLOCK_FAILED_CHILD (stratospher)
Pull request description:
This PR addresses 3 issues related to how `BLOCK_FAILED_CHILD` is set:
1. In `InvalidateBlock()`
- Previously, `BLOCK_FAILED_CHILD` was not being set when it should have been.
- This was due to an incorrect traversal condition, which is fixed in this PR.
2. In `SetBlockFailure()`
- `BLOCK_FAILED_VALID` is now cleared before setting `BLOCK_FAILED_CHILD`.
3. In `InvalidateBlock()`
- if block is already marked as `BLOCK_FAILED_CHILD`, don't mark it as `BLOCK_FAILED_VALID` again.
Also adds a unit test to check `BLOCK_FAILED_VALID` and `BLOCK_FAILED_CHILD` status in `InvalidateBlock()`.
<details>
<summary><h3>looking for feedback on an alternate approach</h3></summary>
<br>
An alternate approach could be removing `BLOCK_FAILED_CHILD` since even though we have a distinction between
`BLOCK_FAILED_VALID` and `BLOCK_FAILED_CHILD` in the codebase, we don't use it for anything. Whenever we check for BlockStatus, we use `BLOCK_FAILED_MASK` which encompasses both of them. See similar discussion in https://github.com/bitcoin/bitcoin/pull/16856.
I have a branch with this approach in https://github.com/stratospher/bitcoin/commits/2025_02_remove_block_failed_child/.
Compared to the version in #16856, it also resets `BLOCK_FAILED_CHILD` already on disk to `BLOCK_FAILED_VALID` when loading from disk so that we won't be in a dirty state in a no-`BLOCK_FAILED_CHILD`-world.
I'm not sure if it's a good idea to remove `BLOCK_FAILED_CHILD` though. would be curious to hear what others think of this approach.
thanks @ mzumsande for helpful discussion regarding this PR!
</details>
ACKs for top commit:
achow101:
ACK 3c3548a70eedb8dcf6a4a8d605a4a12e814c7cac
TheCharlatan:
Re-ACK 3c3548a70eedb8dcf6a4a8d605a4a12e814c7cac
mzumsande:
re-ACK 3c3548a70eedb8dcf6a4a8d605a4a12e814c7cac
Tree-SHA512: 83e0d29dea95b97519d4868135c965b86f6f43be50b15c0bd8f998b3476388fc7cc22b49c0c54ec532ae8222e57dfc436438f0c8e98f54757b384f220488b6a6
55b931934a34bab11446e8eed7bdaef92bb056de removed duplicate calling of GetDescriptorScriptPubKeyMan (Saikiran)
Pull request description:
Removed duplicate call to GetDescriptorScriptPubKeyMan and
Instead of checking linearly I have used find method so time complexity reduced significantly for GetDescriptorScriptPubKeyMan
after this fix improved performance of importdescriptor part refs https://github.com/bitcoin/bitcoin/issues/32013.
**Steps to reproduce in testnet environment**
**Input size:** 2 million address in the wallet
**Step1:** call importaddresdescriptor rpc method
observe the time it has taken.
**With the provided fix:**
Do the same steps again
observe the time it has taken.
There is a huge improvement in the performance. (previously it may take 5 to 6 seconds now it will take 1 seconds or less)
main changes i've made during this pr:
1. remove duplicate call to GetDescriptorScriptPubKeyMan method
2. And inside GetDescriptorScriptPubKeyMan method previously we checking **each address linearly** so each time it is calling HasWallet method which has aquired lock.
3. Now i've modified this logic call **find method on the map (O(logn)**) time it is taking, so only once we calling HasWallet method.
**Note:** Smaller inputs in the wallet you may not see the issue but huge wallet size it will definitely impact the performance.
ACKs for top commit:
achow101:
ACK 55b931934a34bab11446e8eed7bdaef92bb056de
w0xlt:
ACK 55b931934a
Tree-SHA512: 4a7fdbcbb4e55bd034e9cf28ab4e7ee3fb1745fc8847adb388c98a19c952a1fb66d7b54f0f28b4c2a75a42473923742b4a99fb26771577183a98e0bcbf87a8ca
Legacy wallets do not have the descriptors flag set. Don't load wallets
without the descriptors flag.
At the same time, we will no longer load BDB databases since they are
only used for legacy wallets.
Removes all legacy wallet specific functional tests.
Also removes the --descriptor and --legacy-wallet options as these are
no longer necessary with the legacy wallet removed.
faca46b0421b568e7e5fefe593420e773d0ec9af test: Run all benchmarks in the sanity check (MarcoFalke)
Pull request description:
It is unclear why not all benchmarks are run, given that:
* they only run as a sanity check (fastest version)
* no one otherwise runs them, not even CI
* issues have been missed due to this
ACKs for top commit:
l0rinc:
ACK faca46b0421b568e7e5fefe593420e773d0ec9af
BrandonOdiwuor:
Code Review ACK faca46b0421b568e7e5fefe593420e773d0ec9af
Tree-SHA512: 866f1ccff0313017dd313d5a218d7ee088b823601a129b9ed4c5819b0d57fd808d78e3ea28ca00714ae6b209df5312b7b9dea091b2b028821ff46b8ba263c48a
3669ecd4ccd8e7a1e2b1a9dcbe708c51c78e4d6c doc: Document fuzz build options (Anthony Towns)
c1d01f59acc2067ecbf8a8b42ba0d8e596694439 fuzz: enable running fuzz test cases in Debug mode (Anthony Towns)
Pull request description:
When building with
BUILD_FOR_FUZZING=OFF
BUILD_FUZZ_BINARY=ON
CMAKE_BUILD_TYPE=Debug
allow the fuzz binary to execute given test cases (without actual fuzzing) to make it easier to reproduce fuzz test failures in a more normal debug build.
In Debug builds, deterministic fuzz behaviour is controlled via a runtime variable, which is normally false, but set to true automatically in the fuzz binary, unless the FUZZ_NONDETERMINISM environment variable is set.
ACKs for top commit:
maflcko:
re-ACK 3669ecd4ccd8e7a1e2b1a9dcbe708c51c78e4d6c 🏉
marcofleon:
re ACK 3669ecd4ccd8e7a1e2b1a9dcbe708c51c78e4d6c
ryanofsky:
Code review ACK 3669ecd4ccd8e7a1e2b1a9dcbe708c51c78e4d6c with just variable renamed and documentation added since last review
Tree-SHA512: 5da5736462f98437d0aa1bd01aeacb9d46a9cc446a748080291067f7a27854c89f560f3a6481b760b9a0ea15a8d3ad90cd329ee2a008e5e347a101ed2516449e
cad39f86fb5a81f0e3b5116e8e989bab8af89718 bench: ensure wallet migration benchmark runs exactly once (Lőrinc)
c1f458aaa06d3e23f40b695dba07fb772b51fd58 ci: re-enable all benchmark runs (Lőrinc)
1da11dbc441790773502ffd5f60dc05191514a83 bench: clean up migrated descriptor wallets via loader teardown (Lőrinc)
Pull request description:
The low-priority `WalletMigration` benchmark existed for some time but was never run automatically in our CI.
Although the failure first surfaced on Windows as a hang during temporary directory cleanup, it could also be reproduced on Linux and macOS when forcing multiple iterations (e.g. via a long `--min-time`).
### Root causes
1. **Leaked open wallets on Windows**
`MigrateLegacyToDescriptor` produces two new descriptor wallets (the primary spendable wallet and a companion watch‑only wallet). Without unloading them, their database files remained open in the `WalletContext`, blocking directory removal and hanging the test harness.
<details><summary>Details</summary>
```bash
what(): filesystem error: cannot remove all: The process cannot access the file because it is being used by another process [C:\Users\RUNNER\~1\AppData\Local\Temp\test_common bitcoin\WalletMigration\d8ffd89a7700ce01c31f] [C:\Users\RUNNER~1\AppData\Local\Temp\test_common bitcoin\WalletMigration\d8ffd89a7700ce01c31f\regtest\wallet.dat]
```
</details>
2. **Undefined behavior on repeated runs**
The benchmark body calls `std::move(wallet)`, invalidating the local `wallet` pointer. Running more than one iteration causes a use-after-move by the sanitizers.
<details><summary>Details</summary>
```bash
error: bench_bitcoin 0x00067927: DW_TAG_member '_M_local_buf' refers to type 0x00000000000b3ba7 which extends beyond the bounds of 0x0006791d
* thread #1, name = 'b-test', stop reason = signal SIGSEGV: address not mapped to object (fault address: 0xc8)
* frame #0: 0x00005555556a3f33 bench_bitcoin`... basic_string<char>::length(this=<unavailable>) const at basic_string.h:1079:16
```
</details>
### Fixes
- **Automatic wallet teardown**
Wrap the benchmark in a `MakeWalletLoader` (owning a `WalletContext`), so that both migrated wallets are unloaded when the loader goes out of scope, eliminating any lingering open files.
- **Re-enable benchmarks in CI**
Drop the temporary filter in GitHub Actions. The `-sanity-check` run already executes each benchmark once, so `WalletMigration` now runs automatically without hangs or crashes.
- **Single iteration**
Configure the microbenchmark with `.epochs(1).epochIterations(1)`, ensuring the migration code runs exactly once and avoiding use-after-move.
No measurable change in benchmark performance.
ACKs for top commit:
maflcko:
review ACK cad39f86fb5a81f0e3b5116e8e989bab8af89718 🍥
furszy:
utACK cad39f86fb5a81
hebasto:
ACK cad39f86fb5a81f0e3b5116e8e989bab8af89718, tested on Ubuntu 25.04.
Tree-SHA512: 10343ce7ab9b63ba4f51a7673018215577ea7ec188e41d535a66d69d73b85bca6ba301c33f6920c02f8f7d686c75c65c4a4e9bdafb04b60be85d66aa743cfa20
fa653cb4169f03e4f327b18a1ff103d72dcc61f7 ci: Add missing -Wno-error=array-bounds to valgrind fuzz (MarcoFalke)
Pull request description:
Due to an upstream GCC issue, any debug/fuzz build which aborts on failed assumes will print a false positive array-bounds warning in `src/test/fuzz/txgraph.cpp`.
This also affects one CI task.
Fix the CI task by ignoring the error for now.
Fixes https://github.com/bitcoin/bitcoin/issues/32276
ACKs for top commit:
fanquake:
ACK fa653cb4169f03e4f327b18a1ff103d72dcc61f7 - checked native fuzz
Tree-SHA512: 0f6c5ec8d96e0bf96cd008e2de5db59e528086a67dcb77f3e59a0d83225d880a59e960d65c5bc8b5ae3de9d5d301bfc7737d95c282aa1bcc740a42561f610ca8
7f5a35cf4b31f176ff9138d21f3ec677ae7d1bcf doc: Add deps install notes for multiprocess (TheCharlatan)
Pull request description:
These just mirror the content in src/ipc/libmultiprocess/doc/install.md
ACKs for top commit:
Sjors:
re-ACK 7f5a35cf4b31f176ff9138d21f3ec677ae7d1bcf
ryanofsky:
Code review ACK 7f5a35cf4b31f176ff9138d21f3ec677ae7d1bcf just dropping dependencies.md update since last review
Tree-SHA512: f9bf4f54542323aa4a0600db874640e575e40355f08515331a27fb139e6e47ee58aa0c6635206f978696e3da7b5aa93efb45b181b02e99e308537fcb90bd6751
e34f12bdd417862874fe75f5c4c2126a35724de6 ci: Drop no longer necessary `-Wno-error=array-bounds` (Hennadii Stepanov)
Pull request description:
The build log of the "Linux->Windows cross" CI job no longer shows any `-Warray-bounds` compiler warnings. Therefore, there's no need to suppress them with `-Wno-error=array-bounds`.
I likely overlooked this when reviewing https://github.com/bitcoin/bitcoin/pull/29881, as I can run that CI job locally without such warnings even at commit 785649f3977517a4ba45c5d2fedfbda778fb52cb.
ACKs for top commit:
TheCharlatan:
ACK e34f12bdd417862874fe75f5c4c2126a35724de6
Tree-SHA512: ac66160866097538af6f196c0cb22d370427c59c071b0ddcb1a6717e233bbd3dfed4e090d266221c55ae0ddd3d5dffb0ca7ae01582eda07f25fb886a775b6ac5
The migration benchmark crashes if run more than once, because of `std::move(wallet)` and leaves subsequent iterations in an undefined state - avoiding `UndefinedBehaviorSanitizer` null‑dereference error.
