mempool: Fix missing locking in CTxMemPool::check(…) and CTxMemPool::setSanityCheck(…)

[practicalswift]

Fix missing locking in CTxMemPool::check(const CCoinsViewCache *pcoins):

• reading variable mapTx requires holding mutex cs
• reading variable mapNextTx requires holding mutex cs
• reading variable nCheckFrequency requires holding mutex cs

Fix missing locking in CTxMemPool::setSanityCheck(double dFrequency):

• writing variable nCheckFrequency requires holding mutex cs

[promag]

ACK 2abe610.

Unrelated, but should read nCheckFrequency with the lock too?

[practicalswift]

@promag Yes, nCheckFrequency should probably be guarded by the mutex cs too. Good catch!

I'll ping in @MarcoFalke and @TheBlueMatt for a comment. What do you say? :-)

$ git blame src/txmempool.h | grep nCheckFrequency
fada0c42 (MarcoFalke               2016-04-03 11:49:36 +0200 415)     uint32_t nCheckFrequency; //!< Value n means that n times in 2^32 we check.
53a6590f (Matt Corallo             2017-09-11 15:43:49 -0400 510)     void setSanityCheck(double dFrequency = 1.0) { nCheckFrequency = static_cast<uint32_t>(dFrequency * 4294967295.0); }
$ git grep -E '(nCheckFrequency|setSanityCheck)'
src/init.cpp:        mempool.setSanityCheck(1.0 / ratio);
src/qt/test/rpcnestedtests.cpp:    //mempool.setSanityCheck(1.0);
src/test/test_bitcoin.cpp:        mempool.setSanityCheck(1.0);
src/txmempool.cpp:    nCheckFrequency = 0;
src/txmempool.cpp:                if (nCheckFrequency != 0) assert(!coin.IsSpent());
src/txmempool.cpp:    if (nCheckFrequency == 0)
src/txmempool.cpp:    if (GetRand(std::numeric_limits<uint32_t>::max()) >= nCheckFrequency)
src/txmempool.h:    uint32_t nCheckFrequency; //!< Value n means that n times in 2^32 we check.
src/txmempool.h:    void setSanityCheck(double dFrequency = 1.0) { nCheckFrequency = static_cast<uint32_t>(dFrequency * 4294967295.0); }

[promag]

Actually nCheckFrequency doesn't change, only set in

src/init.cpp:        mempool.setSanityCheck(1.0 / ratio);

[TheBlueMatt]

Technically there is no issue here - mempool (should only be) modified with cs_main and mempool.check is only called with cs_main. Indeed, probably just move the lock to the top of the function. Unless you want to go to the trouble of making nCheckFrequency a const, best to fix it for the static analysis just like the rest.

[practicalswift]

@TheBlueMatt @promag Thanks for reviewing! An updated version has now been pushed taking into account the formal locking requirements of nCheckFrequency too. Please re-review :-)

[practicalswift]

Added a commit with the Clang thread safety analysis annotations to facilitate reviewing. @promag, would you mind re-reviewing? :-)

[practicalswift]

Updated with annotations moved over to the header files.

The EXCLUSIVE_LOCKS_REQUIRED(mempool.cs) annotations for BlockAssembler::SkipMapTxEntry and BlockAssembler::addPackageTxs should be placed in miner.h rather than miner.cpp, but the existence of mempool (and hence mempool.cs) is not currently not known in miner.h. Would extern CTxMemPool mempool; be acceptable in miner.h?

[TheBlueMatt]

As mentioned before, please do not place EXCLUSIVE_LOCKS_REQUIRED annotations on class member function declarations instead of their definitions. Placing them on declarations makes the annotations incredibly brittle and, thus, largely useless. Better to leave them off than to add them in a place where the order of functions in a file matters.

[practicalswift]

@TheBlueMatt Sorry, I had missed moving the annotations for SkipMapTxEntry, addPackageTxs, UpdateChildrenForRemoval and CalculateDescendants. Now fixed! Please re-review :-)

[sipa]

utACK 661db1d63afcea4016ccb7f97fda6cde7f719826

[practicalswift]

Rebased!

[practicalswift]

@promag @sipa Would you mind re-reviewing?

@MarcoFalke Would you mind reviewing? :-)

[maflcko]

utACK 47782b4