De-globalize ChainstateManager (consensus)

Oct 28, 2020

https://github.com/bitcoin/bitcoin/pull/20158

Host: dongcarl  -  PR author: dongcarl

The PR branch HEAD was 09daa42b at the time of this review club meeting.

Notes

• This is a draft PR which removes the g_chainman global variable and ::Chain{,state}Active() functions in favor of having callers either use or obtain local references to the relevant consensus-related object (ChainstateManager, CChainState, CChain, BlockManager, etc.).

• Prior to this PR, there were numerous references to the g_chainman global variable and ::Chain{,state}Active() functions, some of them even in contexts where a local ChainstateManager reference existed.

• This PR is a first step towards encapsulating our consensus engine, which allows for:

  • Clearer visibility into what currently lies in consensus codepaths and what depends on our consensus engine

  • Coalescing duplicate consensus initialization codepaths, mitigating against bugs that arise out of test/non-test initialization inconsistencies

• Some historical context can be gleaned from:

  • The introduction of CChainState in PR 10279

  • The introduction of BlockManager in PR 16194

  • The introduction of ChainstateManager in PR 17737

  • The addition of the chainman pointer to NodeContext in PR 18698

Questions

1. Did you review the PRs? Concept ACK, approach ACK, ACK, or NACK?.

2. How did the PRs linked in the historical context notes change the organization of validation.cpp? What kind of state/logic now belongs in each consensus-related object (ChainstateManager, CChainState, BlockManager)?

3. Where and how are the aforementioned consensus-related objects initialized?

4. What are the advantages and disadvantages of using global variables and functions?

5. Why are the first few fix commits in the branch necessary? Why does the previous code work prior to de-globalizing g_chainman and why doesn’t it work now without the fix?

Meeting Log

1

17:00

<dongcarl> #startmeeting

2

17:00

<jamesob> hi

3

17:00

<b10c> hi

4

17:00

<dongcarl> hello!

5

17:00

<michaelfolkson> hi

6

17:00

<emzy> hi

7

17:00

<@jnewbery> Hi folks! Welcome to Bitcoin Core PR Review Club. Feel free to say hi to let everyone know you're here

8

17:00

<rav3n> hi

9

17:00

<elle> hi!

10

17:00

<dappdever> hello

11

17:00

<@jnewbery> (or don't. Lurkers are also welcome!)

12

17:00

<@jnewbery> Anyone here for the first time?

13

17:01

<dappdever> I am!

14

17:01

<troygiorshev> hi!

15

17:01

<dongcarl> Welcome!

16

17:01

<@jnewbery> dappdever: welcome!

17

17:01

<Klopp> Hi allI am new (as a lurker)

18

17:01

<dongcarl> Alright, let's get started. I think this is the first Draft PR?

19

17:01

<dongcarl> Did everyone get a chance to review the PR? How about a quick y/n from everyone

20

17:02

<dappdever> y

21

17:02

<troygiorshev> y partial :D

22

17:02

<elle> y

23

17:02

<Klopp> n

24

17:02

<rav3n> n

25

17:02

<emzy> y

26

17:02

<b10c> n

27

17:02

<@jnewbery> 5/82 y

28

17:02

<michaelfolkson> At a high level

29

17:02

<dongcarl> Hehe it is quite a chonky one

30

17:02

<dongcarl> Let's delve into the questions!

31

17:02

<jonatack> hi

32

17:02

<MarcoFalke> 3/82 and concept

33

17:03

<dongcarl> At a high level: Concept ACK, approach ACK, ACK, or NACK?

34

17:03

<washroom> hi

35

17:03

<jonatack> will look at it after release branch-off

36

17:03

<jamesob> n

37

17:03

<jamesob> Concept ACK

38

17:04

<emzy> Concept ACK

39

17:04

<elle> Concept ACK

40

17:04

<@jnewbery> Big big concept ACK

41

17:04

<MarcoFalke> Concept ACK

42

17:04

<dappdever> concept ack

43

17:04

<troygiorshev> Concept ACK

44

17:04

<dongcarl> Alright, let's get into the details

45

17:05

<nehan> hi

46

17:05

<michaelfolkson> Concept ACK (assuming I've understood it). Is "consensus engine" another term for "libconsensus"?

47

17:05

<dongcarl> Oh good question!

48

17:05

<dongcarl> The way I've thought about it is that "consensus engine" is an encapsulation of how our consensus code works _currently_

49

17:06

<dongcarl> Next Q: How did the PRs linked in the historical context notes change the organization of validation.cpp? What kind of state/logic now belongs in each consensus-related object (ChainstateManager, CChainState, BlockManager)?

50

17:08

<dongcarl> For those needing a link: https://bitcoincore.reviews/20158

51

17:08

<michaelfolkson> BlockManager is chainstate agnostic block metadata

52

17:08

<elle> CChainState now owns mempool, blockfeeestimator and other things that represent our local view of the best chain.

53

17:08

<dappdever> It seems to have compartmentalized logic into objects, de-coupling a bit

54

17:08

<troygiorshev> CChainState is what will eventually become the libconsensus. It hold everything related to the curent tip of the chain.

55

17:09

<jamesob> troygiorshev: CChainstate and not ChainstateManager?

56

17:09

<MarcoFalke> jamesob: assumeutxo is not yet merged ;)

57

17:09

<jamesob> heh

58

17:10

<dongcarl> dappdever: You're right on that one! You can take a look at validation pre-10279 to see its state

59

17:10

<dongcarl> I call validation pre-10279 the "primordial soup of validation globals"

60

17:10

<troygiorshev> jamesob: yeah I think! Everything to do with, say, connecting blocks is part of CChainState? Might be CChainstate through ChainstateManager

61

17:10

<michaelfolkson> They both have chainstate in them though right? I want to understand the MarcoFalke joke

62

17:11

<@jnewbery> ChainstateManager can hold multiple chains. It was introduced as part of the assumeutxo project

63

17:11

<jamesob> at the moment, there's only one chainstate running around. But eventually there may be multiple. In any case, at the moment ChainstateManager is responsible for constructing chainstates, which involves e.g. injecting a BlockManager instance

64

17:12

<@jnewbery> currently there's only one chain - the chain that we consider to be the best. With assumeutxo, there would be multiple chains

65

17:12

<washroom> would ChainstateManager allow the daemon to run mainnet and signet simultaneously?

66

17:12

<@jnewbery> washroom: no

67

17:12

<dongcarl> elle michaelfolkson troygiorshev: True as well. A very rough approximation I have in my head: BlockManager = the blockchain/metadata, CChainState = everything related to current tip (UTXO, etc)

68

17:12

<michaelfolkson> Multiple chains ie the one we are assuming is ok from tip and the chain we are validating in the background?

69

17:12

<@jnewbery> All the chains would be running the same consensus parameters

70

17:12

<michaelfolkson> Surely you don't need more than two....

71

17:12

<jamesob> michaelfolkson: right

72

17:13

<nehan> multiple chains mean multiple mempools too?

73

17:13

<dongcarl> jamesob is quite the expert here, as he write two of the 4 PRs linked!

74

17:13

<jamesob> michaelfolkson: in concept, you could have n chainstates and validate n separate regions of the chain historically, simultaneously (maybe with something like utreexo) but that's way off

75

17:13

<washroom> jnewbery michaelfolkson ah I see now, a method to assess all available chain tips

76

17:14

<@jnewbery> hi nehan! No, only one mempool. We only have a mempool for transactions that we think can be added to the best current chain

77

17:14

<troygiorshev> dongcarl: and an eventual libconsensus api would most closely follow which class? CChainSate, no?

78

17:15

<washroom> mempool would just pertain to chain-tip extension rather than assessing or constructing branching consensus-equivalent chains -- right?

79

17:15

<jamesob> troygiorshev: if I had to guess, probably none - it would be some functional layer that accesses chainstate objects through the chainmanager... but defer to dongcarl there

80

17:15

<dongcarl> troygiorshev: I don't like to speculate about eventual APIs, because we're sooooo far from that right now. BUT I think a good intermediary goal is to encapsulate ChainstateManager and its dependencies first!

81

17:16

<@jnewbery> dongcarl: I agree. If there's obvious incremental improvements, we should do them, regardless of what the end state could be

82

17:16

<troygiorshev> jamesob dongcarl: ok!

83

17:17

<@jnewbery> even if we never get to libconsensus, simply cleaning up/encapsulating/modularizing are very beneficial

84

17:17

<washroom> +1

85

17:17

<dongcarl> jnewbery: +1

86

17:17

<dongcarl> Alright, feel free to keep discussing but here's the next topic: Where and how are the aforementioned consensus-related objects initialized?

87

17:17

<michaelfolkson> washroom: The start of the statement is right. But the assumeutxo project is validating from genesis in the background while assuming the tip is ok

88

17:18

<michaelfolkson> (Or at least the vanilla version is. And it isn't merged yet)

89

17:18

<dongcarl> bonus if you can identify some differences between constructing (as in C++ constructors) and initializing!

90

17:21

<dongcarl> Carl's tip for codebase navigation: try out sourcetrail! It's like grep, but you can click around and it understands C++/Python/etc

91

17:21

<troygiorshev> +1

92

17:22

<jamesob> hint: init.cpp

93

17:22

<@jnewbery> Construction means something very specific in C++. It's the operations that get called when a new object gets instantiated. Those operations include the initialization list, the constructor functions of any base classes and the constructor function of the class itself

94

17:22

<troygiorshev> ChainstateManager is a global g_chainman in validation.cpp, which is then pointed to by the NodeContext node in AppInitMain in init.cpp

95

17:23

<@jnewbery> I think initialization is more vague and means 'make sure the object is ready to use'

96

17:24

<troygiorshev> g_chainman is constructed, er, at some point before main() is run?

97

17:24

<@jnewbery> troygiorshev: yes, exactly

98

17:24

<dongcarl> troygiorshev: Yes!

99

17:24

* troygiorshev wipes sweat

100

17:24

<@jnewbery> we don't have control over when global objects are constructed, and it could even be before main()

101

17:25

<michaelfolkson> I thought initialization did not infer the initialized object was in a usable state. Just that it was initialized

102

17:25

<sipa> jnewbery: it has to be before main

103

17:25

<dongcarl> michaelfolkson: This is correct -> "construction did not infer the constructed object was in a usable state. Just that it was constructed"

104

17:26

<troygiorshev> sipa: as long as it's a global in the global namespace, right?

105

17:26

<sipa> troygiorshev: right

106

17:26

<@jnewbery> often, initialization happens during construction, but if initialization requires some context, then obviously we can't initialize the object during construction if it's a global

107

17:27

<sipa> jnewbery: what do you mean by initialization in this context?

108

17:28

<dongcarl> Exactly what jnewbery said! If a variable is a global, and it needs some context to get initialized to steady state, then we need a two-step initialization. See: InitializeChainstate

109

17:29

<sipa> oh, initialization as in an application-level concept, ok

110

17:29

<dongcarl> Ah I should clarify, what I mean by initialization is "making the object ready to use/at stead-state"

111

17:29

<dongcarl> Yup!

112

17:29

<@jnewbery> sipa: I mean things like what dongcarl said. Make the object ready to use.

113

17:30

<dongcarl> So ChainstateManager is constructed as a global and initialized in init.cpp... Anywhere else it's initialized?

114

17:30

<jamesob> (fwiw, here's the C++ definition of initialization: https://en.cppreference.com/w/cpp/language/initialization)

115

17:30

<@jnewbery> sipa: does this: https://stackoverflow.com/a/1271692/933705 only apply to objects with internal linkage? ie if they're in the global namespace then the have to be constructed before main?

116

17:31

<sipa> jnewbery: it may also be outdated; C++11 added guarantees around initialization order

117

17:32

<@jnewbery> sipa: ah. thanks!

118

17:32

<@jnewbery> jamesob: I think that's just for simple types. It doesn't say anything about classes

119

17:32

<sipa> ah, they may be right - that globals are only guaranteed to be initialized before calling any function in the same compilation unit

120

17:32

<dappdever> @dongcarl it seems that init.cpp is the only caller of InitiatilizeChainState

121

17:33

<dongcarl> Hint for my small q: take a look at how our test framework starts up

122

17:34

<dappdever> copied from the global chainman?

123

17:34

<troygiorshev> c++ stackoverflow being outdated about a compilation question really embodies spooky season

124

17:34

<sipa> jnewbery: c++11 added a guarantee that local static variables are only initialized once, even when the function is called simultaneously from multiple threads for the first time

125

17:35

<nehan> testing setup calls it

126

17:35

<dongcarl> dappdever: Not copied, per se, but in both init and TestingSetup, we point node.chainman to the g_chainman!

127

17:35

<dongcarl> nehan: Bingo!

128

17:36

<dappdever> ah, yes, got it!

129

17:36

<dongcarl> The reason why this is important from a higher level is to realize that we've got two different initialization codepaths

130

17:36

<dongcarl> And because of that, it is possible to have differences between how our test framework initializes, and how our software actually works

131

17:37

<nehan> can you talk more about that? why does the test setup do this outside of initializing a node?

132

17:37

<nehan> oh -- these are the C++ tests. nevermind.

133

17:37

<dongcarl> nehan: Hehe yeah, it _is_ initializing a node!

134

17:38

<dongcarl> Okay, let's get to the next one!

135

17:38

<nehan> followup question: why does the code path for the test setup "count" as a different code path that one should care about?

136

17:38

<MarcoFalke> Ideally the unit tests would re-use most of the init.cpp logic

137

17:38

<dongcarl> nehan: Because I don't think the test framework ever calls AppInitMain

138

17:38

<nehan> MarcoFalke: would that require factoring it out of main()?

139

17:39

<nehan> dongcarl: right, that. why not?

140

17:39

<@jnewbery> nehan: take a look at setup_common to see how the unit tests set up their environment

141

17:39

<michaelfolkson> MarcoFalke: Unless you're testing the init.cpp logic. But that would be functional testing...?

142

17:40

<troygiorshev> Is this a consious choice (along the lines of keeping Arrange Act Assert separate) or is it force on us?

143

17:40

<MarcoFalke> Well, if the unit tests need to spin up a node, they should do it as similar as AppInitMain as possible

144

17:40

<dongcarl> I'm not sure there's a reason why it's done the way it is right now. However, what I think would be a nice goal to have: an initialization codepath that's used by all binaries with the right toggles.

145

17:41

<@jnewbery> Take a look at the logic inside init.cpp. A lot of the code there is actually initializing the individual sub-components. We need to do the same setup inside our unit tests, otherwise we're not actually testing the code paths that run in production

146

17:41

<dappdever> do the new chainmanager tests use the same setup code? It seems like they no longer use the global instance (?)

147

17:41

<troygiorshev> dongcarl jnewbery: ok thanks

148

17:41

<dongcarl> As always jnewbery, puts it nicely :-)

149

17:42

<dongcarl> Let's move on to the next one so we have time!

150

17:42

<@jnewbery> I think it'd be nice if as much of the initialization of the subcomponents was done within those subcomponents, perhaps inside the constructor function. That way the unit tests could just instantiate that subcomponent and know that it's testing what will actually run on the live system

151

17:42

<dongcarl> What are the advantages and disadvantages of using global variables and functions?

152

17:42

<MarcoFalke> jnewbery: Indeed. And removing globals helps there

153

17:43

<dongcarl> dappdever: Take a look here! :-) https://github.com/bitcoin/bitcoin/pull/20158/commits/5cb0350d5c1e14c3cd6153bd9166b80c53b12f83

154

17:43

<@jnewbery> And then of course we'd be able to unit test units of our code, without worrying about global state interfering

155

17:43

<MarcoFalke> advantage of globals would be less verbosity in code and if there can only be one instance of an object, passing it around explicitly doesn't help code clarity

156

17:43

<elle> dongcarl: advantages: easy access from all over. disadvantages: easy access from all over. Plus: hard to mock for tests. Also: not always known if the object is yet initialised (in its steady state)

157

17:43

<troygiorshev> advantage: can access from anywhere. disadvantage: can access from anywhere...

158

17:44

<@jnewbery> troygiorshev: :)

159

17:44

<dongcarl> elle: Hehe exactly!

160

17:44

<troygiorshev> elle: well said!

161

17:44

<dappdever> if globals can be modified from anywhere, it seems like a security risk

162

17:44

<michaelfolkson> Lots of disadvantages mostly covered. Thread safety too

163

17:44

<nehan> it's easy to get lazy and not have good encapsulation and abstraction

164

17:45

<michaelfolkson> Getting rid of globals is also a pain

165

17:45

<MarcoFalke> michaelfolkson: I'd say thread safety is another orthogonal issue

166

17:45

<dongcarl> nehan: ...and end up needing a 80 commit PR to clean it up haha

167

17:46

<sipa> dongcarl: squash it all

168

17:46

<MarcoFalke> Our NodeContext is not thread safe. It just happens to be modified in at most one thread at a time

169

17:46

<sipa> (not a serious suggestion)

170

17:46

<dongcarl> I like what I'm hearing from everyone

171

17:47

<dappdever> do globals perform better because there is less initiatlization?

172

17:47

<nehan> is there a reason setup_common.cpp doesn't call AppInitMain()? what makes it hard to do so, if anything?

173

17:47

<michaelfolkson> I guess I'm saying use of globals can impact thread safety but avoiding them doesn't guarantee it MarcoFalke

174

17:47

<dongcarl> nehan: Hmmm... Don't think there is. MarcoFalke?

175

17:48

<MarcoFalke> nehan: Good question. I think AppInitMain does too much (like calling weird compat code I don't understand)

176

17:48

<dongcarl> dappdever: Since initialization is mostly a one-and-done affair, the performance impact is not something we'd be too concerned about. I also doubt there's any performance gains to be made from being global.

177

17:48

<nehan> seems like that would be best, if possible, to test the initialization flow (as you pointed out)

178

17:49

<MarcoFalke> AppInitMain also parses from the argsmanager, but unit tests historically didn't use "command line" args for initialization

179

17:49

<dongcarl> nehan: Agreed, this is definitely in my list of followup projects :-)

180

17:50

<dongcarl> Alright the last one is a little tricky, so let's leave some time for it!

181

17:50

<nehan> dongcarl: ok! I haven't looked closely yet at the differences between TestingSetup() and AppInitMain() but will do so

182

17:50

<dongcarl> Why are the first few fix commits in the branch necessary? Why does the previous code work prior to de-globalizing g_chainman and why doesn’t it work now without the fix?

183

17:50

<@jnewbery> nehan: At that point, you're arguably not unit testing - it'd be closer to integration testing

184

17:50

<dongcarl> I'm talking about https://github.com/bitcoin/bitcoin/pull/20158/commits/22d44a3caf47701a7d16761751563e446e5f2bdf

185

17:50

<@jnewbery> with unit testing you want to be able to isolate each individual component

186

17:50

<dongcarl> https://github.com/bitcoin/bitcoin/pull/20158/commits/e4be2ad63c4acbe22266174cac77caf7ce5d9215

187

17:50

<dongcarl> and https://github.com/bitcoin/bitcoin/pull/20158/commits/1ca9317560335cf0f2cb8d69d2c12edc7b6d1526

188

17:51

<nehan> jnewbery: one could think of it as unit testing the initialization function. i'm not sure it's in any way bad to test the same code path used in actual use, if possible.

189

17:51

<MarcoFalke> good point jnewbery. AppInitMain should also be split up to accomodate the testing setups that don't need all the node components.

190

17:51

<nehan> MarcoFalke: yeah, maybe it can be split up so the unit tests can use pieces

191

17:52

<dongcarl> COALESCE THE INIT CODEPATHS 2020

192

17:52

<MarcoFalke> Most tests don't even need a chain. (low level net tests for example)

193

17:52

<MarcoFalke> dongcarl: good luck getting that done in 2020 ;)

194

17:53

<@jnewbery> nehan: yes, a unit test that tests initialization is fine. But you shouldn't need to initialize the whole system if you just want to test one or a few subcomponent

195

17:53

<nehan> dongcarl: i will make hats

196

17:53

<dongcarl> Hehe

197

17:53

<nehan> jnewbery: agreed!

198

17:53

<sipa> dongcarl: last-minute presidential campaign?

199

17:53

<dongcarl> For those looking at the first few commits: please ignore "test: Add new ChainTestingSetup and use it"

200

17:53

<jamesob> sipa: I'm writing him in regardless

201

17:54

<dongcarl> legoooo

202

17:55

<dappdever> @dongcarl are the tests using the same instance of m_node across tests, whereas before each tests was creating the chain from a new node instance?

203

17:57

<dongcarl> dappdever: Close! It does have something to do with m_node. It's mostly because after this PR, the code will now reach for the chainman inside the local context instead of g_chainman. So it's important that the local node context contains the chainman we want to work with instead of not having one!

204

17:57

<dongcarl> Alright we're nearing the end now!

205

17:58

<dongcarl> I want to thank everyone who came out and participated, jnewbery for organizing!

206

17:58

<@jnewbery> Anyone have any last minute questions?

207

17:58

<dongcarl> Any last questions?

208

17:58

<dongcarl> Heh

209

17:58

<troygiorshev> when undraft and merge

210

17:58

<washroom> wait there are voters who didn't write in dongcarl ?

211

17:58

<dongcarl> Surprised me too!

212

17:59

<washroom> : P

213

17:59

<dongcarl> troygiorshev: As soon as I'm 100% that it's bug-free!

214

17:59

<@jnewbery> dongcarl: how do you plan to get this merged? are you going to slice off parts of it into smaller PRs?

215

17:59

<MarcoFalke> dongcarl: How are you going to split up the pull?

216

18:00

<dongcarl> Aha! I think the FIX commits will definitely be split off first. Those are very easy.

217

18:00

<troygiorshev> not all of us are ryanofsky and can review it all in one go :)

218

18:00

<michaelfolkson> 82 commits. Split into groups of 5 haha

219

18:00

<michaelfolkson> (Joke)

220

18:00

<dongcarl> I can split out the rest of the commits into 7 bundles for review and discussions.

221

18:01

<dongcarl> However, I would hope that we can get it merged in quick succession

222

18:01

<dongcarl> As a lot of the benefits come from the latter bundles of commits

223

18:01

<dongcarl> Oh time's up!

224

18:01

<@jnewbery> dongcarl: great. Feel free to announce them in this channel so people know where to look

225

18:01

<dongcarl> jnewbery: Will do!

226

18:01

<dongcarl> #endmeeting

227

18:01

<washroom> ty dongcarl

228

18:01

<troygiorshev> thanks dongcarl!

229

18:01

<emzy> Thank you dongcarl, jnewbery and all.

230

18:01

<nehan> thanks!

231

18:01

<@jnewbery> Thanks Carl. That was great!

232

18:01

<dappdever> thank you!~

233

18:01

<dongcarl> Thank y'all!

234

18:02

<michaelfolkson> Thanks dongcarl!

235

18:04

<jonatack> Thank you, Carl! 🏆