The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32895.

Reviews

See the guideline for information on the review process.

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• #33034 (wallet: Store transactions in a separate sqlite table by achow101)
• #32685 (wallet: Allow read-only database access for info and dump commands by PeterWrighten)
• #32636 (Split CWallet::Create() into CreateNew and LoadExisting by davidgumberg)
• #32489 (wallet: Add exportwatchonlywallet RPC to export a watchonly version of a wallet by achow101)
• #27865 (wallet: Track no-longer-spendable TXOs separately by achow101)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

LLM Linter (✨ experimental)

Possible typos and grammar issues:

• “when a upgrade-downgrade-upgrade was performed” -> “when an upgrade-downgrade-upgrade was performed” [‘upgrade’ begins with a vowel sound, so needs “an”]
• “LastClientFEatures” -> “LastClientFeatures” [capitalization typo in comment]

^{drahtbot_id_4_m}

I wonder if this can be uncoupled from CLIENT_VERSION, because the coupling is confusing and makes testing harder:

• It is confusing, because switching between versions that kept the wallet code the same will pretend that there was a relevant upgrade/downgrade, even though the wallet behavior is exactly identical.
• CLIENT_VERSION on the development branch is changed every 6 months, not when a new wallet feature was added that needs to deal with un-upgraded material. I know that running from the master branch is not supported and devs will have to deal with un-upgraded material themselves, but it seems easy to fix (and cleaner) to just introduce a new variable in the wallet that is equal to the current CLIENT_VERSION and then handle it separately and explicitly from now on.

Concept ACK. It shouldn't hurt to add more metadata to help detect when there might be a mix of old data in a newer format and new data in an older format in the same wallet.

Conceptually, I think we could always detect these cases by just scanning the entire wallet for data that needs to be upgraded on loading. But having this extra metadata is nice because it can avoid slowing down wallet loading by avoiding unnecessary upgrade rescans.

On the approach in e94ef51, I think it is ok, but would suggest some ways it might be improved:

• I agree with Marco's comment that it would be great to move away from CLIENT_VERSION and use something independent of the node version.
  • A downside of this suggestion is that the PR might not be able to reuse the existing VERSION field and might need to introduce 2 new fields instead of 1. I think the tradeoff could be worth it though.
• It would be nice to avoid version numbers altogether and use feature flags instead, defining new feature flags when new data fields are introduced, and writing supported feature flags to LAST_OPENED_FEATURES & LAST_DECRYPTED_FEATURES fields on wallet loading.
  • This would not require introducing a new data type since we already have a WalletFlags enum. New internal and external features could just be new (nonmandatory) WalletFlags values.
  • IMO, flags are better than version numbers because they decouple code that implements new features from the merge and release process. They also make code more readable and maintainable because checks like if (last_opened_supported_specific_feature_x) are more obvious than if (last_opened_version > some_version_number_with_collection_of_features)
• I assume we don't care about detecting upgrades & downgrades to versions before v24.0 which wouldn't overwrite the VERSION field on opening. But if we did, it'd be possible to detect this by writing last_opened and last_decrypted metadata to a file alongside the wallet database instead of inside the wallet database, and touching the file whenever the database is flushed. This way, if the database file modification time was greater than metadata file modification time, you could infer that the database had been loaded by an older version in the meantime and needs to be upgraded. Wouldn't recommend this approach because it is more complicated, but wanted to mention it as an alternative to introducing new database fields.

I wonder if this can be uncoupled from CLIENT_VERSION, because the coupling is confusing and makes testing harder:

Definitely, however I'd like to be able to reuse the existing "version" record which mostly has the desired behavior since v24.0. The detection only works because of older versions overwriting the field with their CLIENT_VERSION. Introducing a new field now means that we cannot detect when an upgraded wallet was opened in any version older than v30.0 (assuming this is merged for the next release). The timeline would be too soon for any newly introduced features in say v31.0 or v32.0 (and I've got a few things in mind already that would utilize this). I'm already not particularly thrilled by the fact that the current implementation can only detect down to 24.0 as I expect that users doing upgrade-downgrade-upgrade with even older versions is commonplace.

Conceptually, I think we could always detect these cases by just scanning the entire wallet for data that needs to be upgraded on loading.

I don't think that is actually viable as it would largely end up performing the upgrade on all loads regardless of whether the upgrade has already been done.

Maybe I am missing something obvious, but my suggestion was not to introduce a new field/record. It was to re-use the existing field (and value) and manually handle the value going forward only when needed.

That is, old wallets will (obviously) continue to write their CLIENT_VERSION to the version record. Also, any new wallet will continue to write a value of the current CLIENT_VERSION to it, just like on the current development branch (this is unchanged as well). The only change is that for the next release, the wallet will continue to write the same value as today, unless a feature was added that requires bumping the version, in which case the version is bumped in the pull request introducing the feature.

Maybe I am missing something obvious, but my suggestion was not to introduce a new field/record. It was to re-use the existing field (and value) and manually handle the value going forward only when needed.

Sorry, I was responding to @ryanofsky's comment at the same time since they were very similar.

I think that may be workable.

I've updated the PR to do a combination of @maflcko's and @ryanofsky's suggestions.

The new approach decouples version from CLIENT_VERSION. It also writes out a set of client specific feature flags into two new records: lastopenedfeatures and lastdecryptedfeatures. However, these feature flags are separate from the existing wallet feature flags.

I believe this preserves the behavior of detecting downgrades down to v24.0, while also giving us the flexibility of a new field and feature flags.

nit: Commit 3662960 appears to have CI failures.

I believe that's only because the tasks were canceled by a new push.