Async wallet scanner

[j-berman]

Ready for review.

I've observed the following speed-ups benchmarking versus wallet2:

Setup	% faster than wallet2
Remote node, clearnet	50-60% faster
Remote node, tor	40-45% faster
Local node	25-35% faster

Benchmark results can vary widely based on setup (client/node internet speeds and machines). Source for the scanner used to benchmark.

How it works

Assume the user's wallet must start scanning blocks from height 5000.

1. The scanner begins by launching 10 RPC requests in parallel to fetch chunks of blocks as follows:

request 0: { start_height: 5000, max_block_count: 20 }
request 1: { start_height: 5020, max_block_count: 20 }
...
request 9: { start_height: 5180, max_block_count: 20 }

2. As soon as any single request completes, the wallet immediately parses that chunk.
   • This is all in parallel. For example, as soon as request 7 responds, the wallet immediately begins parsing that chunk in parallel to any other chunks it's already parsing.
3. If a chunk does not include a total of max_block_count blocks, and the chunk is not the tip of the chain, this means there was a "gap" in the chunk request. The scanner launches another parallel RPC request to fill in the gap.
   • This gap can occur because the server will not return a chunk of blocks greater than 100mb or 20,000 txs via the /getblocks.bin RPC endpoint.
   • The gap is from (req.start_height + res.blocks.size()) to (req.start_height + req.max_block_count).
4. As soon as the scanner finishes parsing the chunk, it immediately submits another parallel RPC request.
5. In parallel, the scanner identifies a user's received (and spent) enotes in each chunk.
   • For example, as soon as request 7 responds and the wallet parses it, the wallet scans that chunk in parallel to any other chunks it's already scanning.
6. Once a single chunk is fully scanned locally, the scanner launches a parallel task to fetch and scan the next chunk.
7. Once the scanner reaches the tip of the chain (the terminal chunk), the scanner terminates.

Some technical highlights

• The wallet scanner in this PR is backwards compatible with existing daemons (though it would need to point to a daemon running the updates in this PR to realize the perf speed-up).
• On error cases such as the daemon going offline, the same wallet errors that wallet2 uses (that the wallet API expects) are propagated up to the higher-level Seraphis lib.
• The implementation in this PR uses an http client connection pool (reusing the epee http client) to support parallel network requests (related).
• A developer using the scanner can "bring their own blocks/network implementation" to the scanner by providing a callback function of the following type as a param to the async scanner constructor: std::function<bool(const cryptonote::COMMAND_RPC_GET_BLOCKS_FAST::request, cryptonote::COMMAND_RPC_GET_BLOCKS_FAST::response)>.
  • Thanks to this approach, in relatively short order, I could test swapping the epee http client for libcurl's easy interface (souce).

Major TODO's for this PR

• Cleanup the formatting, code structure, code names and commit history.
  • DONE
• Implement backwards compatibility so the scanner will work pointing to nodes running today.
  • DONE: also implemented multithreaded scanning so perf won't drop if pointing to a node not running this PR.
• Add unit tests.
  • DONE:
    • Added functional tests that the async scanner can scan the chain and identify various legacy txs constructed by wallet2.
    • Added core tests that scanning util can parse all legacy enote versions from different legacy tx types.
      • It would be nice to test that the scanner can fully scan all legacy version enotes (and decode amounts).
• Try to smooth out the scanner's progress.
  • The scanner completes scanning many chunks in intermittent waves and then sits waiting (uncomfortably) until the next wave of chunks; it doesn't scan in a steady stream.
  • DONE: reduced the max_chunk_size_hint from 1000 to 20 to fetch chunks 20 blocks at a time. Overall time to scan remains the same (potentially slightly faster) and feedback to the user on scanner progress is significantly smoother.

Other TODO's for this PR

• Pre-RCT enotes can be scanned by the Seraphis wallet lib, however, the Seraphis wallet lib does not scan enough data to be able to spend them via legacy wallet2 today (without an RPC request that would reveal the enote to the daemon).
  • The Seraphis wallet lib would at minimum need to keep track of the global output ID by amount in order to capture enough data to pass to wallet2 to spend a pre-RCT enote before the Seraphis fork.
    • The Seraphis wallet lib would need to keep track of the global output ID by amount forever if pre-RCT outputs must be spent in separate rings from RCT outputs (related).
  • UPDATE: this is being worked on here add LegacyEnoteOriginContext #40
• Move "mock" implementations to the "production-ready" sections they belong.
  • DONE: moved production-ready implementations into expected sections. Mocks that are not ready for production are kept as mocks.
• Complete TODO's in the code.
  • DONE: TODO's necessary an initial PR are done.
• As soon as the scanner encounters an error or encounters the terminal chunk, it should immediately cancel any pending tasks it's waiting on and error out quickly.
  • DONE: small chunk requests (1000 blocks at a time -> 20 blocks at a time) took care of this, the async scanner cancels pending tasks and errors out quickly.
• Remove the blockchain scanner utility from this PR (and all changes to existing wallet functions for this utility). It's there to help see how the scanner works.
  • DONE: the functional test now demonstrates how the scanner works)

Misc.

There are a few things from this PR I can PR to the Monero repo today in bite-sized PR's:

• Moving wallet error logic out of wallet2 and into wallet/wallet_errors.h. I did this so I could reuse wallet2's error logic in this PR, which the higher level wallet API also expects.
• Modifying the get_blocks.bin daemon RPC endpoint:
  • I added an optional max_block_count param to the request (not a breaking change)
  • If the request includes a start_height that is greater than the chain tip and the request field fail_on_high_height is false, then instead of erroring, the server returns empty blocks and the chain height.
  • The response includes an optional top block hash field in addition to the chain height.
    • TODO: make this field optional in the response so it's not a breaking change. (DONE)
• A new functional test for direct wallet2 <> live RPC daemon interactions (and a simple daemon RPC client helper that the test uses).

[UkoeHB]

Nice to see this coming along :)

[jeffro256]

These http_client_pool classes can probably go in the src/net folder, yeah?

[j-berman]

Agree, I'll throw them in there once it's in a ready-for-use state

[jeffro256]

Will we ever prune the list of HTTP clients?

[j-berman]

I think it makes sense that once the scanner finishes a full pass, only 1 connection should be kept open, the rest can be closed. Seems good housekeeping.

In the future, I think this connection pool could potentially be a good class to build multi-daemon functionality with (1 client -> many different daemons), in which case it may make sense to keep connections to different daemons open. But that's probably a discussion for another time, just putting the thought out since I know you were interested in pushing that architecture forward

[jeffro256]

Are there plans to make it stoppable in the future?

[j-berman]

If the wallet is scanning and the user changes their restore height or wants to use a different wallet, that should cleanly terminate the scanner

[UkoeHB]

If stopping from outside is needed, it can be easily implemented with an atomic signal. Not needed for the initial implementation.

[jeffro256]

Should this be marked private?

[j-berman]

I'm about to take a deeper pass at class structure and will probably make a lot of changes in line with this comment. Worth re-visiting after making those changes

[j-berman]

Probably worth holding off on a deeper review until it's ready, almost there :)

[j-berman]

Opened a separate issue to discuss since I don't think it needs to affect this PR: #41

[DangerousFreedom1984]

I still have to go through the scan_context_async_mock and maybe play with it in some unit_test to better understand and get used to it. Will do soon.

Awesome work! Thank you!

[DangerousFreedom1984]

Wouldnt it be better to have this whole block like this:

  // if a specific start height has been requested
  uint64_t top_height;
  top_hash = m_db->top_block_hash(&top_height);
  if(req_start_block > 0)
  {
    // if requested height is higher than our chain, return false -- we can't help
    total_height = top_height + 1;
    if (req_start_block >= total_height)
    {
      return false;
    }
    start_height = req_start_block;
  }
  else
  {
    if(!find_blockchain_supplement(qblock_ids, start_height))
    {
      return false;
    }
  }

  db_rtxn_guard rtxn_guard(m_db);
  total_height = top_height + 1;

So we avoid calling top_block_hash twice in some cases?

[j-berman]

The db_rtxn_guard seems to be there to guarantee a consistent view of the db. Even though the m_blockchain_lock is held, which should prevent the db from changing between the 2 db reads for the top block hash, it looks as though the 2 distinct db reads (1 before and 1 after the read txn guard) are there to protect against that scenario anyway (the blockchain changing between the 2 calls).

I would personally prefer to maintain the existing concurrency model and number of db calls for ease of review here.

[DangerousFreedom1984]

Why is this whole block necessary? Do the scanner needs to create its own new set of RPC functions to interact with the blockchain?

[j-berman]

These are boilerplate helper functions to construct the RPC requests in the functional tests. Grep daemon.generateblocks to see how it's used in both the .py tests and wallet_scanner.cpp as an example.

[DangerousFreedom1984]

Nice! How the performance of these two view_scan_chunk compare?

[j-berman]

On my machine with 8 threads and a pending chunk queue of size 10, there is no benefit to using this multithreaded enote finding context in the async scanner. My CPU is already maxxed out.

This enote finding context should only be useful when the pending chunk queue size is < number of threads available on the machine. Example scenario: when pointing the scanner to a daemon not running the changes from this PR, it's more efficient to use a pending chunk queue size of 1, and to use this multithreaded enote finding context, since the daemon does not yet know about the max_block_count request param. The perf gain for client-side scanning in this case is then sped up by a multiple of the number of threads on the machine.

[UkoeHB]

Part 1: everything except scan_context_async_mock.h/.cpp

It's looking great so far :)

[UkoeHB]

I'd move top_height to the places where it is set, I found this code pretty confusing at first.

[UkoeHB]

Do you have a way of detecting in the scanner if pointing to a daemon that doesn't return top block hashes?

[j-berman]

The get_version RPC endpoint returns the major and minor RPC version: https://github.com/monero-project/monero/blob/c8214782fb2a769c57382a999eaf099691c836e7/src/rpc/core_rpc_server.cpp#L2986

Wallets currently hit that endpoint first to determine if a daemon is compatible. Wallets will know which minor version returns top block hashes (and which won't fail the request on high height, and will respect max_block_count)

[UkoeHB]

Suggested change

	// Check if we have any clients available for use
	bool found_unused_client = false;
	for (std::size_t i = 0; i < m_http_client_pool.size(); ++i)
	{
	if (!m_http_client_pool[i].in_use)
	{
	http_client_index_out = i;
	found_unused_client = true;
	break;
	}
	}
	// Check if we have any clients available for use
	for (std::size_t i = 0; i < m_http_client_pool.size(); ++i)
	{
	if (m_http_client_pool[i].in_use)
	continue;
	m_http_client_pool[i].in_use = true;
	return i;
	}

Simpler, less nesting here and after. I am a huge fan of early-out/early-continue patterns like this.

[UkoeHB]

Normally I would say to put these test changes in a separate PR since they are unrelated to the async wallet scanner, but it's fine in this case.

[j-berman]

Hah, I actually was about to separate it when finalizing the PR and thought heh, I'm just gonna leave it. I initially wanted to use the scanner in these tests, but that would be a bit of a lift here

[UkoeHB]

Looks a bit jank

[UkoeHB]

This internally locks a mutex, which means you will have some random contention even though the window under lock is small. I'd add a todo to the connection pool to get away from the mutex.

[j-berman]

How would you design it to move away from the mutex? Seemed the simplest way to implement this conn_pool.rpc_command function, or else I figure the caller would need to handle synchronization, which seems unnecessary (it's a nice API! :) )

[UkoeHB]

I don't know either, but adding a todo will document that the perf could theoretically be improved if someone can figure it out.

[UkoeHB]

This is a bit brittle because it assumes this function completely owns all connections in the pool.

Even though this is a test, it's good to demo how to use the API robustly/correctly since this code will be used as a reference.

[j-berman]

Hm, I wrote it this way because I think the scanner should own all connections in the pool. If the client owns n open connections already when starting the scanner, the scanner can reuse those existing connections. If the client owns 0 open connections when starting the scanner, and the scanner opens 1 connection, then the client can reuse that connection in the future.

To harden this code, I could write a wrapper "Scanner" class that basically does what this scan_chain function does, and makes the conn_pool a private member variable of that class, but:

1. I still think the scanner should own all connections in the pool for the above reasons
2. I still think it would make sense to call this conn_pool.close_connections(1) when the scanner finishes a scan pass (maybe you think the caller is the better place to do that?)

Thoughts?

FWIW the reason I included this unimplemented close_connections function call was to demo how to use the API

[UkoeHB]

Hm, I wrote it this way because I think the scanner should own all connections in the pool.

I think it's fine to want that. The problem I see in this code is you're passing the pool by reference all the way from the top, which means it could be shared by who-knows-what. IMO the pool owner should be the one calling close_connections when it knows connections are no longer needed. So if necessary, pass by value in and out of top-level owners, then pass by ref down into the scanning code (which only makes requests, without calling close_connections).

[j-berman]

pass by value in and out of top-level owners

How bout I use a unique_ptr instead of this? That way it's clear the caller is the owner + passing in and out seems a bit like an anti-pattern

IMO the pool owner should be the one calling close_connections when it knows connections are no longer needed

Which line would you move close_connections to?

[UkoeHB]

Ok what you can do is 'claim' the connection pool at the top of this function, which creates a no-move/no-copy RAII wrapper that will remove connections and lock the pool when dropped. Creating the wrapper asserts there are no other claims to the pool (implying there are no connections in use).

Then panic if trying to launch a request on an unclaimed pool.

Basically make pool-use scoped.

[j-berman]

Ok basically did the above and thought more on it.. technically all the tests also assume the daemon and wallets aren't shared / in use by other owners too, but they could be in theory. Separately, I also wanted to restructure the tests into a class so I don't need to pass the daemon / wallet / conection pool through nested calls. So I implemented a wrapper accessor to each of them that checks for ownership of the respective mutex before allowing access

FWIW it's not really perfect as is, since the underlying daemon / wallet / connection pool can still be accessed without going through the accessors. Maybe you have more thoughts on a better approach still

[UkoeHB]

Review done

I did not validate all the edge conditions, but overall it looks correct.

[UkoeHB]

Suggested change

std::uint64_t m_max_chunk_size_hint;

Not initialized

[j-berman]

It's set in start_scanner. I gave it a default value in the latest

[UkoeHB]

I just realized AsyncLedgerChunk is unsafe because the threadpool reference can become invalid. I'll have to fix this in a follow-up.

[jeffro256]

This doesn't capture all the information needed to index legacy enotes. It might be better to make this std::vector<legacy_output_index_t>, one for each enote after #42 is merged. Alternatively, it could be a std::vector<uint64_t> with an additional bool is_rct field.

[j-berman]

Ya, it'll need that PR. I have a TODO in scan_context_async_mock for it

[j-berman]

Thank you for the detailed review :) Ready for re-review

[j-berman]

The get_version RPC endpoint returns the major and minor RPC version: https://github.com/monero-project/monero/blob/c8214782fb2a769c57382a999eaf099691c836e7/src/rpc/core_rpc_server.cpp#L2986

Wallets currently hit that endpoint first to determine if a daemon is compatible. Wallets will know which minor version returns top block hashes (and which won't fail the request on high height, and will respect max_block_count)

[j-berman]

Did you do any testing if it performs better with more txs processed per task?

Nay, going to punt that for now

[j-berman]

Hah, I actually was about to separate it when finalizing the PR and thought heh, I'm just gonna leave it. I initially wanted to use the scanner in these tests, but that would be a bit of a lift here

[j-berman]

Hm, I wrote it this way because I think the scanner should own all connections in the pool. If the client owns n open connections already when starting the scanner, the scanner can reuse those existing connections. If the client owns 0 open connections when starting the scanner, and the scanner opens 1 connection, then the client can reuse that connection in the future.

To harden this code, I could write a wrapper "Scanner" class that basically does what this scan_chain function does, and makes the conn_pool a private member variable of that class, but:

1. I still think the scanner should own all connections in the pool for the above reasons
2. I still think it would make sense to call this conn_pool.close_connections(1) when the scanner finishes a scan pass (maybe you think the caller is the better place to do that?)

Thoughts?

FWIW the reason I included this unimplemented close_connections function call was to demo how to use the API

[j-berman]

How would you design it to move away from the mutex? Seemed the simplest way to implement this conn_pool.rpc_command function, or else I figure the caller would need to handle synchronization, which seems unnecessary (it's a nice API! :) )

[j-berman]

Added a new boolean m_scanner_finished to capture this state

[j-berman]

Fair, re-worded the comment.

In addition to your other suggestions, it probably would take a decent amount of work for a future PR, but we could incorporate the ability to cancel in-progress http requests.

[j-berman]

It's set in start_scanner. I gave it a default value in the latest

[UkoeHB]

Looking good, minor comments

[UkoeHB]

Chunk context block ids should be cleared at the top of this function, since it's an out variable. And probably .reserve the correct capacity.

[j-berman]

Technically it should've been an inout variable, not supposed to clear in that function. I moved chunk context handling out to the caller for better clarity + added the .reserve in the latest

[UkoeHB]

I'd rename to close_and_clear_pending_queue.

[UkoeHB]

Suggested change

	get_reorg_avoidance_depth(reorg_avoidance_increment, force_reorg_avoidance_increment, num_reorg_avoidance_backoffs)
	get_reorg_avoidance_depth(reorg_avoidance_increment,
	force_reorg_avoidance_increment,
	num_reorg_avoidance_backoffs)

Your font size is too small :p

[UkoeHB]

Suggested change

	wait_until_pending_queue_clears();
	this->wait_until_pending_queue_clears();

[UkoeHB]

Suggested change

// Warning: fill_gap_if_needed will throw if we don't resize the chunk context before calling it

Don't think this adds clarity. In this code it's clear unscanned_chunk_out needs to be resized in order to insert blocks, it's independent of fill_gap_if_needed.

[UkoeHB]

What if a reorg replaces blocks without adding to chain length? Just wait until the chain gets longer to detect it?

[j-berman]

Good spot -- mishandled this circumstance with that round of changes. Check the latest

[UkoeHB]

Suggested change

	l_chunk_request = chunk_request,
	l_context_stop_flag = context_stop_signal.get_future().share(),
	l_data_stop_flag = data_stop_signal.get_future().share(),
	l_chunk_context = std::make_shared<std::promise<sp::scanning::ChunkContext>>(std::move(chunk_context_handle)),
	l_chunk_data = std::make_shared<std::promise<sp::scanning::ChunkData>>(std::move(chunk_data_handle)),
	l_context_join_token = context_join_token,
	l_data_join_token = data_join_token
	l_chunk_request = chunk_request,
	l_context_stop_flag = context_stop_signal.get_future().share(),
	l_data_stop_flag = data_stop_signal.get_future().share(),
	l_chunk_context = std::make_shared<std::promise<sp::scanning::ChunkContext>>(std::move(chunk_context_handle)),
	l_chunk_data = std::make_shared<std::promise<sp::scanning::ChunkData>>(std::move(chunk_data_handle)),
	l_context_join_token = context_join_token,
	l_data_join_token = data_join_token

[UkoeHB]

Drain the queue into a vec, then your aggregate wait function just loops the vec once to check all of the inner join conditions (join_condition_t is an alias for std::function<bool()>).

You still need the outer loop to check the pool for entries added by previously-removed tasks.

[j-berman]

I follow this suggestion and will do (also waiting to work until after sending all the stop signals should speed this up).

AFAIU checking the inner join conditions here is essentially checking that the join tokens are set to nullptr. But the tasks still can have more work they're doing after setting the join tokens. Example: the last this->try_launch_next_chunk_task(chunk_is_terminal_chunk); can execute and attempt to schedule a new task, even after we've drained the pending queue and waited on all inner join conditions. Am I missing something there?

[UkoeHB]

Yeah checking the join condition needs to synchronize with the end of the task, so you know if all tasks are finished and the queue is empty that the queue can't gain any more tasks.

I added a comment for fixing this.

[UkoeHB]

I'd add a comment explaining the safety model here. It only works because all tasks with copies of this are tracked in the pending queue. When the pending queue returns empty (after draining and working on all removed tasks), you know that there are no lingering tasks with copies of this.

[UkoeHB]

Once this is merged, please open as many PRs to monero core as possible to reduce the file overlap between this branch and core.

[UkoeHB]

Yeah you're right, this should not be set to nullptr here, the token should be set by dropping it when you exit.

[UkoeHB]

One comment remaining

[UkoeHB]

Ohh nice idea :)

[UkoeHB]

There can be more tasks in the queue after this because task insertion uses force_push. These loops need to be wrapped in another loop that continues until the queue is empty.

[j-berman]

The only way force_pop can return async::TokenQueueResult::SHUTTING_DOWN is if the queue is empty

monero/src/async/token_queue.h

Lines 109 to 110 in c742260

	if (m_queue.size() == 0 && m_is_shutting_down)
	return TokenQueueResult::SHUTTING_DOWN;

Since this function is holding m_async_scan_context_mutex, m_scanner_ready is false meaning no new tasks could be scheduled while the pending tasks are all running to completion, and we've now made sure to work until all pending tasks are done at this point, nothing can theoretically exist that uses force_push to insert a task in parallel at this point in this function

[j-berman]

Writing that comment^ made me re-check the "gap fill" edge case which wasn't checking m_scanner_ready before force_push. Done. That comment should hold now^

[j-berman]

Submitted PR's for the simple modifications to the core monero repo for the async scanner. If daemons run those changes, they'll be fully compatible with the async scanner in this PR.