The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• #26551 (net_processing: Track orphans by who provided them by ajtowns)
• #26295 (Replace global g_cs_orphans lock with local by ajtowns)
• #25880 (p2p: Make stalling timeout adaptive during IBD by mzumsande)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

Concept ACK. Originally suggested in #19988 (comment)

Thanks @jnewbery for linking the previous discussion! I was looking through the old PRs yesterday and didn't come across that comment.

If there's to be a separate lock, I'm not convinced it makes sense to push the lock all the way into the Impl class -- having m_impl GUARDED_BY(m_impl_mutex) in TxRequestTracker, or having m_txrequest GUARDED_BY(m_txrequest_mutex) seem more sensible to me, and the latter allows you to take the lock outside of the various for loops, rather than repeatedly taking it and dropping it on each iteration.

@ajtowns I'm not sure if I am on the same page about this but I am willing to be convinced. I used AddrMan (and the dev notes) as a reference for choosing the current design (i.e. putting the lock inside the Impl class).

• Would you be in favor of refactoring our existing modules to externalize their locks? (e.g. AddrManImpl::cs)
• Should our developer docs be updated? (I think our lock conventions are a bit all over the place, similar to general coding style, so maybe it helps to clarify our preferences?)

I think the arguments from the original PR still apply though -- this doesn't meaningfully allow any more parallelism / reduce blocking as far as I can see.

I have been looking at reducing cs_main usage within net processing because I don't think that our networking code should be locking cs_main (our main validation lock) as much as it currently does. Reducing the scope of cs_main to validation seems like a good direction to be heading in (especially w.r.t. the kernel project). This PR seemed like an easy small step in that direction (similar to #26140) as it does remove two LOCK(cs_main) call sites.

@ajtowns I'm not sure if I am on the same page about this but I am willing to be convinced. I used AddrMan (and the dev notes) as a reference for choosing the current design (i.e. putting the lock inside the Impl class).

* Would you be in favor of refactoring our existing modules to externalize their locks? (e.g. `AddrManImpl::cs`)

In general, I think it's better to leave things alone if we're not making things substantially more reliable/simple/efficient.

For locking, I think the best approach on all of those axes is "having a reference to an object means you can manipulate it; if you can't manipulate it, you don't have a reference to in the first place"; but that's often hard to achieve.

Maybe compare with what @vasild's proposing in #25390 -- with that you'd just say Synced<TxRequestTracker> m_txrequest and write either m_txrequest->Foo(); to do a single operation that takes then releases the lock, or { auto proxy = *m_txrequest; proxy->Foo(); proxy->Bar(); } to do multiple operations while the lock's held. Meanwhile, if you're not doing threading (like in the unit/fuzz tests) you just allocate a TxRequestTracker directly, and don't worry about locks at all. (Unfortunately, I don't think the implementation there quite works right/clang isn't clever enough to properly understand it, and I haven't been able to come up with a better one. Err, except, maybe...)

I have been looking at reducing cs_main usage within net processing because I don't think that our networking code should be locking cs_main (our main validation lock) as much as it currently does. Reducing the scope of cs_main to validation seems like a good direction to be heading in (especially w.r.t. the kernel project). This PR seemed like an easy small step in that direction (similar to #26140) as it does remove two LOCK(cs_main) call sites.

Yeah... Kind of feel like it's probably better spending coding/review time on the hard steps though? For cs_main, having dedicated, non-global, locks for blockstorage, block indexes, and coin states, so that you don't need cs_main there, seems like the priority. For net, getting rid of CNodeState entirely and passing around Peer& objects seems worthwhile, and I think maybe adding an opaque PeerRef to CNode would allow avoiding the extra map and ensure the Peer object doesn't get deallocated before the CNode object does... We could also perhaps have more things under "only accessed by the message processing thread" by having that thread make read-only copies of the data available to other threads in advance, which would then reduce contention...

Concept ACK.

Maybe compare with what @vasild's proposing in #25390 -- with that you'd just say Synced<TxRequestTracker> m_txrequest and write either m_txrequest->Foo(); to do a single operation that takes then releases the lock, or { auto proxy = *m_txrequest; proxy->Foo(); proxy->Bar(); } to do multiple operations while the lock's held.

It makes me think that such an issue should be resolved at TxRequestTracker class's API level. An object which self maintains its state in multi-threading environment is preferable (less error prone, easy to reason about etc).

Could also move it out of the cs_main scope in FinalizeNode?

Rebased, added a method to remove multiple transactions from the tracker at once (to avoid locking the internal lock over and over again), and renamed m_txrequest_mutex -> m_mutex.

Could also move it out of the cs_main scope in FinalizeNode?

I am not sure about it. In PeerManagerImpl::FinalizeNode():

LOCK(cs_main);
...
m_txrequest.DisconnectedPeer(nodeid);
...
assert(m_txrequest.Size() == 0);

hmm, wait! is that a bug in this PR? If somebody modifies (adds to) m_txrequest after DisconnectedPeer() and before the assert() then the assert() will be triggered. And the point of this PR is to be able to access (add to) m_txrequest without cs_main from anywhere 💣 🔥

Maybe return the size from DisconnectedPeer() after the deletion and later assert that the returned size was 0 in FinalizeNode()?

hmm, wait! is that a bug in this PR? If somebody modifies (adds to) m_txrequest after DisconnectedPeer() and before the assert() then the assert() will be triggered. And the point of this PR is to be able to access (add to) m_txrequest without cs_main from anywhere

I don't think it is currently but it almost is! The assert(m_txrequest.Size() == 0); is gated by if (m_node_state.empty()) so no other peer can modify (add txs) m_txrequest.

I will still change this as that seems a little brittle wrt future changes.

How? It seems that the assumption in FinalizeNode() is that m_node_state is modified together/atomically with m_txrequest.

Yes, the current code is fine, but then it is fine even without this PR. The aim is to make it future proof.

Returning the size from DisconnectedPeer() like I suggested above seems to have its own (theoretical) flaw - it could return 1, afterwards m_node_state could become empty by another thread, we would enter the if and the assert would fail because 1 != 0.

Maybe just delete the assert? Or expose the mutex of m_txrequest, lock it before DisconnectedPeer() and unlock it after the assert ❓

🐙 This pull request conflicts with the target branch and needs rebase.

There hasn't been much activity lately and the patch still needs rebase. What is the status here?

• Is it still relevant? ➡️ Please solve the conflicts to make it ready for review and to ensure the CI passes.
• Is it no longer relevant? ➡️ Please close.
• Did the author lose interest or time to work on this? ➡️ Please close it and mark it 'Up for grabs' with the label, so that it can be picked up in the future.

Closing this for now, can be marked up for grabs.

#26151 (comment) needs to be addressed for this to move forward. Imo, the interface of TxRequestTracker should change to internally enforce the MAX_PEER_TX_ANNOUNCEMENTS and MAX_PEER_TX_REQUEST_IN_FLIGHT limits.