< bitcoin-git>
bitcoin/master df17fe0 Luke Dashjr: Bugfix: Qt/RPCConsole: Put column enum in the right places...
< bitcoin-git>
bitcoin/master 2044e37 Wladimir J. van der Laan: Merge #9266: Bugfix: Qt/RPCConsole: Put column enum in the right places...
< bitcoin-git>
[bitcoin] laanwj closed pull request #9266: Bugfix: Qt/RPCConsole: Put column enum in the right places (master...bugfix_datarole) https://github.com/bitcoin/bitcoin/pull/9266
< BlueMatt>
wumpus: I meant specifically my commit there
< BlueMatt>
maybe was needed to make the commits apply cleanly
< BlueMatt>
it just surprised me
< wumpus>
I wouldn't know that, best to ask gmaxwell
< wumpus>
but I suppose his reason for grabbing just that commit is that it intersected with #9053 in some way
< gribble>
https://github.com/bitcoin/bitcoin/issues/9053 | IBD using chainwork instead of height and not using header timestamps by gmaxwell · Pull Request #9053 · bitcoin/bitcoin · GitHub
< BlueMatt>
wumpus: yes, that was my guess
< BlueMatt>
nbd anyway
< cfields>
fyi, BlueMatt and I won't make it to the meeting today, we're on the other side of the world
< cfields>
also a bit slow to work through pr comments/review. certainly not ignoring though :)
< morcos>
btcdrak: i'm fine with you leaving that commit out, but how coudl that cause those errors?
< btcdrak>
morcos: It was totally fine locally, Travis threw up and it's just not worth my time fighting with it. Will have another go once merged.
< btcdrak>
even paveljanik was ok with it locally :/
< morcos>
weird..
< morcos>
sipa: this is minor, but i'm curious in loadmempool why you chose to use state.IsValid for reporting # of successes, it's certainly possible for the state to be valid but the tx not be accepted
< morcos>
btcdrak: unfortunately it still fails for me locally... since i gave you a weasly non-review of that json test data stuff, i'll see if i can track down the issue . especially weird that it passes travis sometimes
< btcdrak>
Did we update Univalue at all recently?
< btcdrak>
I fixed a bug in it which will break those json tests when we sync up
< MarcoFalke_>
We might want to wait for some of the fixes after testing with the JSONtestSuite
< sipa>
morcos: re state.IsValid for loadmempool... good point, i just didn't realize that
< morcos>
btcdrak: the reason it sometimes passes travis is somethign later changed in master to cause your PR to break
< morcos>
the merge that travis ran on for the PR that is up there now is an old merge, i think if you locally checkout a new merge it'll probably break for you
< btcdrak>
morcos: oh, thank you for looking at that. If that can be solved, I'll push the rebased version with your other fix in
< btcdrak>
oh, ofc, I'm not rebased to master... makes sense now
< morcos>
yeah but ideally travis would be running on your PR merged with master, its not clear to me how that works exactly or why its not the case here
< morcos>
i don't know the details of when travis decides it needs to rerun the merge
< btcdrak>
morcos: ok I can replicate it now locally!
< btcdrak>
at least with something to replicate I can investigate
< morcos>
sipa: so it's surprising that bugs like this don't happen more often
< morcos>
the only reason we caught this is btcdrak tried to do a new push... but if he hadn't, there would have been no merge conflict and it wouldn't have been caught... luckily in this case it resulted in a test failing
< morcos>
btcdrak: it's definitely 8837 and its a trivial fix fo ryou
< MarcoFalke_>
morcos: We have merge conflicts every couple of weeks. I'd propose to invalidate travis results after 2 or 3 weeks.
< MarcoFalke_>
* silent merge conflicts
< morcos>
MarcoFalke_: could there be a pre-merge button which reruns travis when wumpus or whoever thinks the PR is ready for merge? i guess it would be annoying to revisit it a second time, and scary to auto-merge if it passes
< morcos>
maybe someone else could be in charge or pressing the pre-merge button on almost ready to be merged PR's even if it doesn't catch them all, if it catches some and doesn't slow down wumpus, it'll be good
< MarcoFalke_>
I was more thinking of something automated. for pull in pulls: rerun if travis_result.age > 14 days;
< btcdrak>
morcos: great. I'll take a look in a bit
< morcos>
MarcoFalke_: yeah i was just thinking its more useful if its close to actual merge and unnecessary if its not
< gmaxwell>
it would be helpful if we could figure out the causes of varrious bits of failed dependency tracking, since it also effects users and not just travis.
< MarcoFalke_>
Would still catch some of the silent merge conflicts. If it is only done pre merge, it would slow down the merge process unnecessarily.
< MarcoFalke_>
If it passed, it is just wasted time. If it fails, the pull author needs go back anyway.
< gmaxwell>
BlueMatt: Because the thing actually being backported eliminated the checkpoint estimate of the number of blocks; so it needed that change of yours that eliminated a call to it. Otherwise the change was trivial and wouldn't have been backported.
< morcos>
If we're doign a wallet opperation, whats the rule of thumb with whether we open our CWalletDB with fFlushOnClose true or not?
< wumpus>
depends on whether data loss would lead to funds loss IIRC
< morcos>
For instance in AbandonTransaction I copied MarkConflicted which doesn't flush on close "for performance reasons" but in retrospect it seems almost everything else does flush on close and maybe is only because MarkConflicted gets called inside a loop
< wumpus>
in case of doubt, flush on close
< morcos>
so perhaps in the markconflicted case we should do a specific flush after all the conflicting has been done? (seems more important than abandon anyway)
< wumpus>
but is it critical? e.g., not just something that could be repeated after starting the client?
< wumpus>
though I don't think it hurts to do an explicit flush afterwards
< morcos>
wumpus: i don't know i'm out of my depth...
< wumpus>
although the wallet is being flushed+consolidated all the time, periodically, by the wallet flush thread if an update has been done - the point of flushonclose is just to do a flush immediately, for critical things
< morcos>
i'm not sure what how wallet state and chainstate are kept in sync
< wumpus>
the wallet stores the last position that it is synced to, it will rescan from there on on client start
< morcos>
yeah ok, thats what i was just seeing, so yeah maybe you're right... it not an issue..
< wumpus>
meeting time?
< jonasschnelli>
yes
< wumpus>
#startmeeting
< lightningbot>
Meeting started Thu Dec 8 19:00:40 2016 UTC. The chair is wumpus. Information about MeetBot at http://wiki.debian.org/MeetBot.
< gmaxwell>
There was previously a concern expressed (sorry, I forget who); that trying to reaccept to mempool all unconfirmed txn might be a cpu load for some wallet gunked up with unconfirmed transactions. I made this PR anyways, noting that it doesn't apply to abandoned or known conflicted txn, and I don't believe gunked up wallets exist at any real rate-- if they do, then that is its own problem.. and
< gmaxwell>
they could avoid a performance issue by abandoning. I hope this is convincing but I haven't had feedback on that point.
< gmaxwell>
Beyond that question, this is a really obvious bugfix for a somewhat embarassing misbehavior.
< wumpus>
well at least it's now possible to get rid of unconfirmed transactions by abandoning them
< morcos>
gmaxwell: that was (at least) me, but i made my mark on your PR.. suhas beat me down into being unable to succesfully argue my position
< wumpus>
there should be no need to have excessive numbers of unconfirmed transactinons
< sdaftuar>
gmaxwell: i agree with the PR and the backport, fwiw
< gmaxwell>
morcos: hah. I missed the was here. okay thats precisely what I was looking for.
< morcos>
but as for backporting...
< morcos>
maybe ok for that one... but i'm not so sure about #9262
< gmaxwell>
I just felt a little uncomfortable doing something I knew someone had expressed concern with; without making sure that we heard if concerns remained.
< gribble>
https://github.com/bitcoin/bitcoin/issues/9262 | Prefer coins that have fewer ancestors, sanity check txn before ATMP by instagibbs · Pull Request #9262 · bitcoin/bitcoin · GitHub
< morcos>
i feel like although these are definitely fixing poor behavior... they're also fairly large changes in behavior and it worries me that in a backport, they wont' get enough testing to be sure they don't raise new issues
< morcos>
personally i think we backport too much
< gmaxwell>
Well I think we must backport at least one of 9262 or 9290. If you backport 9290 I think there is less need to backport 9262 and if we only do one I'd prefer it be 9290.
< morcos>
backports should be for either critical or simple bugs
< morcos>
gmaxwell: why? that behavior has been like that for several major versions no?
< morcos>
do we think it is more of an issue now b/c of occasional mempool backlogs?
< gmaxwell>
The issue that these are collectively fixing are stuck coins in wallets which combined with user error can lead to funds loss. We are currently having resports from multiple users encountering it.
< gmaxwell>
morcos: ding ding.
< luke-jr>
backporting all bugfixes is fine if we do RCs IMO; critical/simple criteria mainly makes sense for security stuff
< sdaftuar>
i think 9290 is simple, and implements the behavior we all thought was already happening
< gmaxwell>
luke-jr: thats going offtopic but I don't fully agree.
< morcos>
yes, 9290 is pretty simple
< gmaxwell>
for 9262 if 9290 is in place there is an argument that the default behavior should change (don't refuse to create the failing txn.)
< gmaxwell>
which is another question.
< morcos>
i'd feel a bit easier about that one i guess... , and although i have no idea what might go wrong with 9262, you never know
< sipa>
do we have a patch that deal with ATMP failing in createtransactionm
< sipa>
?
< gmaxwell>
well as is 9262 adds another reason for a send rpc to fail, which is user visible. With 9290 there is a lot less reason for that. I felt that that behavior change was not very sutiable for backport which is why I created 9290.
< morcos>
yes, if we can briefly dive into that other question... one argument for refusing to create a failing tx is that if you try again you might succeed...
< sipa>
that would be much less invasive to backport
< morcos>
but not sure how deterministic the coin selection is
< michagogo>
o/
< gmaxwell>
morcos: since unconfirmed coins are a last resort already your odds are not good. with the rest of 9262 in place... your odds are probably nearly zero.
< morcos>
sipa: 9262 makes it much less likely that you will get to ATMP fail at least for the reason of chains.
< sipa>
morcos: i know, but it is not fully generic
< morcos>
gmaxwell: i disagree i think... since it all depends on how many coins you end up using as inputs, which is not a factor in our logic now
< instagibbs>
fully generic would be something like justCheck ATMP
< sipa>
morcos: i would be much more confortable with something that deals correctly with an occasional failurr, rather than trying our best to avoid failures
< gmaxwell>
The mempool chain limit change is transitory, which is why I believe avoid + rebroadcast is the right solution.
< morcos>
sipa: but as gmaxwell would probably argue, depending ont he reason for your failure you might want to do different things, so its maybe not a simple patch
< sipa>
morcos: well we can still use whatever logic to avoid the failure
< sipa>
but knowing that we don't get into hard-to-recover states would give more peace of mind
< gmaxwell>
morcos: for 9262 I say very low because if it was possible to avoid the failure it likely would have due to the prior selectcoins runs. the only time where a retry would work is where it couldn't be done with low count coins, could be done with midcount coins and the retry gets lucky.
< gmaxwell>
sipa: transitory failure is not a hard to recover state.
< gmaxwell>
at least not any worse than "I paid too little fee"
< morcos>
gmaxwell: no i don't think so.. some of your low count coins may have ancestors with other descendants.. you may choose a lot of low value low count coins, vs just 1 high value one.. etc..
< gmaxwell>
I believe (someone can correct) that there is now no way to get a failure there except a transitory one. But belt and suspenders could be fine.
< sipa>
gmaxwell: well at least you'd know your transaction was not broadcast immediately
< sipa>
gmaxwell: and i'm talking more generically than chain depth limits
< morcos>
gmaxwell: definitely can get non-transitory failures... i have some wallet that everytime i start the node tries to broadcast a too high fee tx
< gmaxwell>
sipa: you never really know that, since we have no monitoring to tell if the broadcasts were successful. I think we should seperately track successful broadcasts in the wallet. some lite wallets do this.
< sipa>
gmaxwell: ATMP is complicated
< morcos>
if it wasn't ATMP, then it wasn't broadcast
< gmaxwell>
morcos: yes but it can be ATMP and never broadcast.
< sipa>
gmaxwell: i mean: since we *can* recover from failure to ATMP, we should
< sdaftuar>
perhaps a simple backport would be to return the txid of the failed to ATMP transaction back to the RPC caller, once it's been added to the wallet?
< MarcoFalke_>
I am not against backporting 9290, but if we do, I'd prefer a small section in the release notes. Previously one could just resend the tx and figure out the problem later. Now, it might cause you to fund the same recipient twice.
< gmaxwell>
sipa: "recover", I don't think I agree. Backing out a send and returning an error is not recovery.
< sdaftuar>
that seems strictly better than prior behavior
< sdaftuar>
and after 9290, semi-reasonable
< gmaxwell>
It just pushes error handling downstream to a caller that likely has none.
< sipa>
are we sure that every ATMP failure is temporary?
< morcos>
to bring it back to what we should backport.. i'd say at most 9290 .. and lets concentrate on the more robust fix for 0.14
< gmaxwell>
MarcoFalke_: I am confused as to what you believe the effect of 9290 is.
< instagibbs>
sipa, I have some memory of absurd fee issue, but not on hand
< gmaxwell>
sipa: I believed that was the case, though morcos just pointed out something about a too-high-fee txn.
< gmaxwell>
I would agree that returning an error on non-temporary failures would be good.
< morcos>
the high fee code did change, so not sure if that got fixed
< sdaftuar>
morcos: i disagree with just doing 9290. the rpc situation is a disaster when you get an RPC failure for a created tx
< sipa>
gmaxwell: sendtoaddress can already fail in various ways before even attempting ATMP (for example, tx too large, insufficient funds, ..) that the caller needs to deal with
< morcos>
sdaftuar: its been like that forever though! i agree we should fix it, but we shouldn't be just now designing a fix to push out in a backport
< morcos>
it will not get sufficient testing
< gmaxwell>
morcos: it hasn't been like that forever because the failures are modulated by network conditions.
< MarcoFalke_>
gmaxwell: 9290 will put tx in your mempool that previously failed to be accepted while running. We did never do that. (only after restart)
< gmaxwell>
some people that never built unconfirmed chains are building them now.
< morcos>
i guess i just think we are close enough to 0.14, that we should concetnrate on a good and well tested fix for that
< gmaxwell>
MarcoFalke_: We did it at every restart. So you couldn't have counted on the behavior. And you also would have had no way of knowing that it failed on the very first try.
< morcos>
i'm always worried about unintended consequences of these things
< sdaftuar>
morcos: what is your objection to my proposal above, of returning the txid of the failed-to-accept-tomempool transaction, that is now in your wallet?
< sdaftuar>
i think that should be a simple change, and just tells the users what is going on
< wumpus>
I tend to agree with morcos - better to focus on a good solution for 0.14, then try to rush something for 0.13.2 last minute
< gmaxwell>
well I don't feel this is rushed. :)
< sipa>
sdaftuar: if we expect every such failure to be temporary, and start retrying automatically, i agree
< morcos>
sdaftuar: maybe nothing, but what do users do with it? abandon? (what if they've waited 20 mins and 9290 rebroadcasted it) i don' tknow it just seems .. like a band-aid
< CodeShark>
fwiw, in all my stuff I've separated the equivalent of "sendtoaddress" into at least two separate calls
< wumpus>
it's not even merged to master yet, and we're not sure of the consequences
< wumpus>
so yes it feels rushed
< sipa>
CodeShark: yes, so do we in the raw tx api
< sdaftuar>
morcos: right now though users are confused and think their money is gone -- at least this way they can see where it is
< morcos>
sdaftuar: were you proposing that it looks different than if it did get accepted, or you can't tell from the rpc return value
< MarcoFalke_>
gmaxwell: The rpc returns an error if it failed on the very first try, no?
< sipa>
i did not know we did not report a txid if ATMP fails
< wumpus>
simple fixes and things we're really sure about can be merged+backported last minute
< wumpus>
but it doesn't look to be the case here, given this discussion already
< instagibbs>
sipa, it's a very scary and useless message
< instagibbs>
well, now it propagates more
< morcos>
it seems to me you'd want to distinguish between it got ATMP and it didn't
< instagibbs>
but still scary
< sipa>
well i think we should either delete wallet txs that fail to ATMP at creation time, OR report the txid anyway
< sipa>
now people think the tx failed, but they're still rebroadcasting it
< sdaftuar>
sipa: i agree with that, though i'd be nervous about doing the first (delete wallet tx) in a backport
< wumpus>
yes that makes no sense to the user
< sipa>
sdaftuar: agree
< gmaxwell>
sipa: not just that, but it is holding coins up in their wallet.
< wumpus>
ideally the API should be atomic, either it succeeds or fails, not fails and still make a transaction
< sdaftuar>
morcos: i agree it'd be better to indicate somehow that the new tx isn't in the mempool,but perhaps we can't change the API like that in a backport... reporting the txid still seems better than current behavior though
< sdaftuar>
no different than if the tx was acepted and then evicted before relay
< gmaxwell>
MarcoFalke_: you're right.
< wumpus>
but it may be too much to fix in a backport in a release that we want out as soon as possible
< morcos>
sdaftuar: but that doesn't work very well for a tx that'll never go anywhere ...
< sipa>
can we do rebroadcast + report txid anyway in a backport?
< sdaftuar>
current behavior is even worse though for a tx that won't go anywhere
< sdaftuar>
you don't even know what tx to inspect/abandon!
< sipa>
and for 0.14 consider long chain avoidance + deletion of failed creations?
< wumpus>
although I'm not entirely sure when we want to do 0.13.2
< gmaxwell>
wumpus: I want to do 0.13.2
< morcos>
i mean if we do think this is such a large problem that it HAS to be addressed in a back port... then i'd argue we should include 9262, because at least if that works right, it means all the other functionality we'll backport will get used much less often
< wumpus>
gmaxwell: I'm asking when, not whether
< gmaxwell>
morcos: that was my thinking.
< sdaftuar>
i lean towards backporting 9262, myself
< gmaxwell>
wumpus: oops, I missed the word when.
< morcos>
i'd rather have a lot less people asking about rpc calls that look like they work but theres no tx in mempool or random rebroadcasts a day later when parts of the chain confirm
< sipa>
imho not reporting the txid of a tx that was added to your wallet is the worat bug here
< sipa>
*worst
< sdaftuar>
sipa: agree!
< jonasschnelli>
Agree
< jonasschnelli>
Reporting the txid seems worth a backport
< jonasschnelli>
And the API change is accaptable
< wumpus>
yes
< sipa>
i don't have much opinion on 9262
< gmaxwell>
morcos: I am unsure of how much reduction it will get. It will be a reduction, but at least 2 out of 3 people I've directly helped in this condition had no other coins in their wallet, as the wallet was created with a single large lump payment.
< CodeShark>
then a separate call to check whether it failed to broadcast?
< MarcoFalke_>
So reporting the txid would hide the fact that ATMP failed?
< gmaxwell>
the third, however, was making large chains pointlessly and their problem would have been avoided by 9262.
< sipa>
CodeShark: we can't make people change the way they use the api
< sipa>
not in the short term
< jonasschnelli>
9262 is great. But whats the reason for a backport? Is a wallet function, users can and should upgrade to 0.14?
< CodeShark>
imho, sendtoaddress should be deprecated in the long run
< morcos>
realistically speaking what's the date when 13.2 would be out vs 14.0.. and would people be more likely to want 13.2
< wumpus>
not in a backport at least
< CodeShark>
but yeah, nearterm compatibility is important
< wumpus>
CodeShark: we're talking about what to do in a backport
< sipa>
CodeShark: maybe, but that's totally off topic in this discussion
< gmaxwell>
My view on what we should eventually do: If a failure is perminante we should fail the send, and not save the txn. If the failure is temporary, we should return the txid and rebroadcast when we can. We should try to avoid creating temporary failures.
< wumpus>
not what to do in the long run
< CodeShark>
right
< gmaxwell>
I was of the view that the case where we will ever create a non-temporary failure now is basically non-existant already.
< sipa>
gmaxwell: it certainly seems infrequent
< gmaxwell>
so I haven't given any thought to the 'not save the txn' branch above.
< gmaxwell>
There may be fringe cases, so belt and suspenders would be good for robustness.
< jonasschnelli>
hmm.. not saving the tx would mean, the wallet rpc functions depend fully on the mempool policy?
< sipa>
so rebroadcast + avoid long chains + report txid anyway... all for 0.13.2?
< morcos>
if its really rare, it might be we just track failures to reaccept and when they hit a cerain number, stop trying and have a way of reproting those txs for manual abandonment
< wumpus>
when do we want to do 0.13.2?
< wumpus>
is it some short term thing or januari?
< gmaxwell>
As far as when 0.13.2 I've personally been spending almost all my recent attention on the remaining things I thought 0.13.2 needed. I had hoped in december.
< morcos>
sipa: it seems thats what people are arguing for
< jonasschnelli>
wumpus: +1 month after 0.14?
< wumpus>
this sounds like it still needs a lot of work and testing and new things
< morcos>
wumpus: reporting the txid anyway is probably super simple... just a question of thinking about the consequences
< sipa>
jonasschnelli: a new 0.13 after 0.14 makes little sense
< wumpus>
cfields also thought it was this week, he felt guilty he couldn't sign it this week :)
< gmaxwell>
These things (and the open backport PR) are the only things I'm perosnally tracking for 0.13.2 (I made a call in #bitcoin this morning for bugreports against 0.13.1 with an eye towards getting 0.13.2 ready).
< morcos>
so not unheard of that all these things could be merged into master by tomorrow
< wumpus>
morcos: they're not even in master yet, I'm not sure of merging so much new stuff into a backport
< morcos>
wumpus: well neither am i... i personally favor less emphasis on backports.. but i'm saying if we are going to do it, well lets get to it...
< wumpus>
I really think we should make a choice here and solve the worst problems for 0.13.2 instead of trying to rush everything into it
< gmaxwell>
I didn't even know about the rebroadcast behavior that 9290 fixed until discussion about this subject. :(
< wumpus>
could always do a 0.13.3 later
< wumpus>
jonasschnelli: I think the idea was to do it before 0.14. If after, none of these things are a problem
< gmaxwell>
This discussion revealed that we also need the return txid anyways change, that is also a serious bug.
< morcos>
i guess i believe that all or nothing makes sense, simply b/c anything less than the all sipa mentioned still leaves a big problem "rebroadcast + avoid long chains + report txid anyway."
< jonasschnelli>
wumpus: Yes. Right.
< morcos>
i would vote nothing, but i recognize i am outvoted
< sipa>
morcos: i think the long chain avoidance is the least important in that set
< wumpus>
but does the wallet get enough testing on 0.13.2 to warrant this?
< gmaxwell>
I do believe we could leave the avoidance out and at least not be buggy in any risky way. Just potentially creating a needlessly bad performance.
< wumpus>
I sometimes even doubt it gets enough testing on master
< MarcoFalke_>
The rc1 for 0.13.2 should probably happen in Dec, otherwise it will "overlap" with 0.14
< gmaxwell>
wumpus: I think wallet sometimes gets more testing on backport than on master.
< wumpus>
MarcoFalke_: agreed, and people will probably be away lot later this month
< luke-jr>
I think there'd be value in 0.13.x beyond 0.14, but realistically it won't get enough testing, so if we want a well-tested 0.13.x we should aim for before 0.14
< gmaxwell>
wumpus: perhaps we should table this and (1) get the things we have open into master. (2) get a return txid fix.
< morcos>
sipa: my reason for including the avoidance would be to limit the number of people affected by the other two changes.. but i guess i'm not sure how helpful it will be.. sure
< morcos>
it always worries me when we change the behavior
< morcos>
it seems people are always dependent on existing behvaior or using the bitcoind in a way we didn't anticipate
< CodeShark>
why not preserve the current behavior for the existing API call and instead create a new API call that has the desired behavior?
< jonasschnelli>
CodeShark: bugfix with a new feature? :)
< wumpus>
gmaxwell: I suppose what is in 0.13.2 right now is already enough for a release? we could do the wallet stuff in a 0.13.3
< gmaxwell>
Let my summarize the bug and why I think it's important to fix. Right now normal use of the wallet for some users can suffer inexplicible failures due to creating long transactions. These long transactions will look like the send failed, but it will still go into the wallet and _still_ be broadcast later potentially (After a restart). Users lose access to their funds and may falsely believe a
< morcos>
the avoidance (if its not buggy) just works magic behind the scenes
< gmaxwell>
wallet is empty. Users may double pay as a result.
< MarcoFalke_>
CodeShark: We'd end with an new API every release. :)
< CodeShark>
lol
< gmaxwell>
These are all serious money losing bugs. And are the most reported issue I've dealt with users for existing software.
< wumpus>
CodeShark: I think the point is fixing the current behavior
< CodeShark>
the current behavior is it still stores the transaction in the wallet even if ATMP fails?
< sipa>
CodeShark: this is all besides the issue. the current behaviour is clearly broken in numerous ways, and it should be fixed
< gmaxwell>
if not for that, I wouldn't bother with wanting any of this backported.
< sipa>
CodeShark: new APIs are possible that avoid some of the pitfalls we've learned about in earlier designs
< gmaxwell>
(not for the fact that people are hitting it and can lose money as a result)
< Chris_Stewart_5>
gmaxwell: 'long chains of txs' or just large txs for inexplicable failures?
< gmaxwell>
Chris_Stewart_5: large transactions will not cause the behavior I described.
< sipa>
CodeShark: yes
< MarcoFalke_>
Chris_Stewart_5: mempool chains.
< jonasschnelli>
Agree with gmaxwell: But I think we must at least offer a way how to detect this on the RPC consumer side and mention it in the release nots
< gmaxwell>
The send mail fail but the failure is clean and won't freeze the users funds and/or send anyways.
< jonasschnelli>
Reporting txid seems to be the sane way for a backport IMO
< gmaxwell>
I think reporting the txid is correct too. I agree.
< gmaxwell>
If its possible that the send will go through we must report the txid. Right now we don't.
< luke-jr>
another potential way to address this particular case, would be to simply toggle the default of -spendzeroconfchange I think?
< wumpus>
yes, if the transaction is added to the wallet it should be reported
< luke-jr>
not the best way, but perhaps good enough to solve the critical part of the issue
< morcos>
I'd rather spend less days arguing about it and more days testing the RC that fixes it... so can someone add the report txid anyway PR and lets merge that, #9262 and #9290 into master
< gribble>
https://github.com/bitcoin/bitcoin/issues/9262 | Prefer coins that have fewer ancestors, sanity check txn before ATMP by instagibbs · Pull Request #9262 · bitcoin/bitcoin · GitHub
< CodeShark>
I never thought sendtoaddress was a reliable call as far as error handling so I sort of stopped thinking about how to do the error handling from the app side - not sure what issues people have had because of this behavior
< morcos>
ha ha ha
< jonasschnelli>
sipa: I think you should also change the logprint ("CommitTransaction(): Error: Transaction not valid, %s\n"), but meh, OT.
< sdaftuar>
jonasschnelli: +1 :)
< sipa>
jonasschnelli: we don't know if it's not valid
< sipa>
jonasschnelli: wait, i don't see the change
< jonasschnelli>
"ATMP failed" or something.
< gmaxwell>
sipa: maybe that was the point of jonasschnelli's comment
< sipa>
ah!
< sipa>
i thought you said "change it TO ..."
< morcos>
thanks sipa
< jonasschnelli>
No. Just criticised the current one.
< jonasschnelli>
Yes. Thanks sipa.
< jonasschnelli>
Next time please faster
< gmaxwell>
so: action proposed, 9302, 9290, 9262 and help get them into master.
< luke-jr>
._.
< sdaftuar>
gmaxwell: concur
< luke-jr>
gmaxwell: sgtm
< morcos>
gmaxwell: i think thats the stable equilibrium... if 9262 seems dicey we can ditch, but i think its good
< morcos>
can we briefly discuss tx expiry if no one else has another unrelated topic
< gmaxwell>
yes, 9262 is the most optional, esp with the first two in.
< wumpus>
at least 9290 and 9302
< gmaxwell>
morcos: I would like to discuss expiry.
< wumpus>
the latter should obv get into master but not sure about 0.13.2
< instagibbs>
I still think preferential coin choosing should go in, even if we drop the abort
< wumpus>
5 minutes to go ^^
< instagibbs>
sorry, continue
< morcos>
i'd like to raise the time to at least 1 week... although we could use a few more heads thinking about whether there are any issues.. obv after 9290, it doesn't matter as much for gtting yhour own txs confirmed
< gmaxwell>
instagibbs: I'd like to default the abort to off, with the rest it won't be needed. We can discuss later.
< morcos>
but i think if we want to be able to fully utilize weekly cycles in the tx volume, then we need to have txs which sit around for a week or more to measure how long it takes them to get confirmed
< wumpus>
morcos: would it make much of a difference in practice? wouldn't the transactions be evicted due to the mempool limit first?
< luke-jr>
morcos: I can't think of any reason this wouldn't be okay. (but haven't given it thought before now)
< morcos>
i'm not really sure that the problems that expiry were meant to protect against are actually any more prevent with 3 days vs say 14
< gmaxwell>
morcos: I do believe I made the argument for a week way back when on this basis. OTOH, the mempool is simply not large enough to exploit the weekly cycle currently.
< wumpus>
morcos: apart from that I don't see any problems with it
< morcos>
wumpus: no.. any tx with fee rate > 1.5 sat / byte gets evicted b/c of 3 day limit and would otherwise get mined within a week (and usually does b/c of rebroadcast)
< instagibbs>
does the wallet "abort" if it drops from mempool, or does it resubmit
< sipa>
luke-jr: i think the expectation should be that everything in the mempool leaves it either due to accept/conflict or fee based eviction
< instagibbs>
I assume resubmits
< gmaxwell>
My view on the expiration is that it removes high fee cruft that got softforked out but is taking up your mempool.
< morcos>
gmaxwell: its way more than big enough for a week cycle
< morcos>
b/c remember it only has to hodl backlog
< sipa>
luke-jr: expiration is for things that somehow linger much longer
< morcos>
gmaxwell: yeah, but if thats actually happening 3 days is way too long, and is breaking yoru fee estimates already
< gmaxwell>
morcos: okay point so long as it is at least as big as the daily cycle, txn can persist through the week.
< luke-jr>
hmm
< wumpus>
instagibbs: abort right now, the idea of #9290 is to change that and make it reaccept on rebroadcast
< morcos>
ok, i'd propose 14 days, so we don't have this problem again... and lets just think about whether anyone can think of any problems with it
< gmaxwell>
morcos: in terms of fee estimates, we can address that by using a narrower filter... e.g. only consider transactions which are structurally similar to our own.. but a seperate topic.
< gmaxwell>
also the expiration hardly works now in any case.
< sdaftuar>
there's one other advantage of 3 days versusu a week, which is being able to double-spend a too-low-fee tx. after fee bumping, i think this reason largely goes away
< morcos>
i don't think we can really take advantage of it until we change fee estimates... but i'd rather have more of the network behaving similarilyh
< morcos>
and after 9290
< gmaxwell>
if you are connectable there are 'helpful' parties that connect and spam you with a zillion old txn.
< instagibbs>
morcos, that's too weeks of nodes not accepting fee bumps if you mess up and don't do bip125 (not sure how big an issue that is but still)
< morcos>
you have a tiny windo
< sdaftuar>
morcos: good point
< instagibbs>
even with manual bumping*
< gmaxwell>
instagibbs: I think it doesn't matter for replacement.
< morcos>
instagibbs: but after 9290 your tx comes again anyway, you just lose the information that its old
< gmaxwell>
Right now replacement of non-replacable transactions works even a day later fine, due to restarts and fullrbf miners.
< morcos>
i want to retain that information
< luke-jr>
instagibbs: if the fee is that excessively small though, it will get bumped out by non-conflicting transactions sooner probably
< gmaxwell>
instagibbs: also what luke said.
< morcos>
nothing with a fee rate > 1.5 sat / byte as ever been evicted due to low fee rate
< gmaxwell>
morcos: does it need to be 14 days or is 7 sufficient to exploit the weekly cycle?
< morcos>
i don't know... maybe 7.. but maybe you need more data points that are older than that to know things that don't get confirmed in 7 days
< morcos>
which is kind of importnat
< gmaxwell>
oh I see, for the estimator.
< sipa>
very short announcement: github now supports listing reviewers for your PR... always feel free to list me
< morcos>
anyway, all i wanted to do is raise the topic, so other people cna think of potential problems
< gmaxwell>
morcos: OKAY!
< gmaxwell>
morcos: just open an PR and set sipa as the reviewer. Done.
< wumpus>
#endmeeting
< lightningbot>
Meeting ended Thu Dec 8 20:02:43 2016 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)
< gmaxwell>
instagibbs: I think of the 9262 "failure" case as a lot like spendzeroconfchange-- basically we replace a messy error with an even worse error but one which is cleaner to deal with.
< gmaxwell>
(at least assuming the rebroadcast and txid return problems are solved)
< instagibbs>
sure, I don't mind if there's something better in place removing it or turning it off by default
< Chris_Stewart_5>
what does the acronym ATMP stand for?
< instagibbs>
AcceptToMemoryPool
< gmaxwell>
instagibbs: I think a proper mental model is that ignoring out of funds conditions-- which are likely "handled" by running getbalance before the send--, callers have no error handling on sendtoaddress.
< gmaxwell>
or another way of thinking about it: Users will have no error handling for an error condition which isn't either Obvious (out of funds) or Very easily encountered in practice (also out of funds)... even fairly advanced users will not handle errors unless we either have an error simulator that returns them or very clear documentation which says "here are all the errors you will have to handle".
< gmaxwell>
So given that I think we should assume the best handling users commonly have for sendtoaddress failure of "stop the world, something unexpected happened."
< btcdrak>
morcos: ok I think I fixed that PR. Fingers crossed on Travis.
< morcos>
btcdrak: i guess we won't be in favor of any soft forks that depend on tx version again
< btcdrak>
morcos: I wouldnt say that necessarily, it's just we never did and were relying of default values.
< btcdrak>
It reminds me that one shouldn't use API defaults for versioning.