doc: Add non-thread-safe note to FeeFilterRounder::round() #19268
Conversation
maflcko
left a comment
maflcko
left a comment
There was a problem hiding this comment.
My preference would be to just document it. Unless this is the only random context without a lock held in the net_processing loop.
As soon as the net_processing loop is run in parallel, our sanitizers should point out any unsafe code, so there should be no risk in leaving the code as-is.
src/policy/fees.h
Outdated
| /** Create new FeeFilterRounder */ | ||
| explicit FeeFilterRounder(const CFeeRate& minIncrementalFee); | ||
|
|
||
| /** Quantize a minimum fee for privacy purpose before broadcast **/ |
There was a problem hiding this comment.
| /** Quantize a minimum fee for privacy purpose before broadcast **/ | |
| /** Quantize a minimum fee for privacy purpose before broadcast . Not thread-safe due to use of FastRandomContext **/ |
There was a problem hiding this comment.
If this is not going to be changed, it's probably better to make it an explicit global.
There was a problem hiding this comment.
Oh, I am not suggestion to never change this. This can be changed when net_processing is multi-threaded. Until then documentation and sanitizers are good enough to leave the code as is for now.
There was a problem hiding this comment.
Isn't it as thread safe as a class A { int a = 0; public: int increment() { return ++a; } }, which we'd solve by saying static A my_a GUARDED_BY(cs_main); ? And both could be made parallelisable by saying static thread_local A my_a; -- it's just that GUARDED_BY doesn't work with block-scope statics?
Just adding // protected by cs_main at the declaration of filterRounder, or moving it to be a module-level static and adding a GUARDED_BY(cs_main) seems better to me?
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsNo conflicts as of last run. |
|
Concept ACK. I don't have a strong opinion on taking either approach (mutex vs documentation-only) |
src/policy/fees.h
Outdated
| std::set<double> feeset; | ||
| FastRandomContext insecure_rand; | ||
| mutable Mutex m_random_context_mutex; | ||
| mutable FastRandomContext m_insecure_rand GUARDED_BY(m_random_context_mutex); |
There was a problem hiding this comment.
I think it'd make more sense to mark feeset as const, than marking the whole object as const, and the parts that change as mutable (given const X x;, then a = x.foo(); b = x.foo(); a == b ought to be true imo).
Adding a static std::set<double> make_feeset(const CFeeRate&) member function and using that to initialise feeset via the initializer list looks like it's enough?
src/policy/fees.h
Outdated
| /** Create new FeeFilterRounder */ | ||
| explicit FeeFilterRounder(const CFeeRate& minIncrementalFee); | ||
|
|
||
| /** Quantize a minimum fee for privacy purpose before broadcast **/ |
There was a problem hiding this comment.
Isn't it as thread safe as a class A { int a = 0; public: int increment() { return ++a; } }, which we'd solve by saying static A my_a GUARDED_BY(cs_main); ? And both could be made parallelisable by saying static thread_local A my_a; -- it's just that GUARDED_BY doesn't work with block-scope statics?
Just adding // protected by cs_main at the declaration of filterRounder, or moving it to be a module-level static and adding a GUARDED_BY(cs_main) seems better to me?
src/net_processing.cpp
Outdated
| CAmount currentFilter = m_mempool.GetMinFee(gArgs.GetArg("-maxmempool", DEFAULT_MAX_MEMPOOL_SIZE) * 1000000).GetFeePerK(); | ||
| int64_t timeNow = GetTimeMicros(); | ||
| if (timeNow > pto->m_tx_relay->nextSendTimeFeeFilter) { | ||
| static CFeeRate default_feerate(DEFAULT_MIN_RELAY_TX_FEE); |
There was a problem hiding this comment.
Can make default_feerate const too -- could make it constexpr even, so long as the constructors were also marked constexpr.
Co-authored-by: MarcoFalke <[email protected]>
|
Updated 877cca5 -> d842e6a (pr19268.01 -> pr19268.02):
|
hebasto
changed the title
|
self ACK d842e6a |
|
ACK d842e6a: explicit is better than implicit |
|
ACK d842e6a |
…r::round() d842e6a doc: Add non-thread-safe note to FeeFilterRounder::round() (Hennadii Stepanov) Pull request description: The `FastRandomContext` class is documented as not thread-safe. This PR adds a relevant note to the `FeeFilterRounder::round()` function declaration. Close bitcoin#19254 ACKs for top commit: MarcoFalke: self ACK d842e6a practicalswift: ACK d842e6a: explicit is better than implicit naumenkogs: ACK d842e6a Tree-SHA512: 538508f24b9cb29baece6a64108e2c5fc3960768c6475c4f2baf48a4a7bdb96dcef1a74d21a4822e1f8635e1375362986da4e3a20f5644129046a354c4b0a8a0
Summary: Co-authored-by: MarcoFalke <[email protected]> This is a backport of [[bitcoin/bitcoin#19268 | core#19268]] Test Plan: Proof-reading, check that our implementations of `FeeFilterRounder::round` are similar enough that the comment applies. Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D9995
7 participants
The
FastRandomContextclass is documented as not thread-safe.This PR adds a relevant note to the
FeeFilterRounder::round()function declaration.Close #19254