backport: bitcoin#24322, #25064, #25065, #25168, #25281, #25290, #25307, #25487, #25607 (kernel backports)

[knst]

Issue being fixed or feature implemented

This PR is a batch of backports of the libdashkernel project, see for details: bitcoin#24303

What was done?

This PR introduces a libdashkernel static library linking in the minimal list of files necessary to use our consensus engine as-is. dash-chainstate introduced in #24304 now will link against libdashkernel.

Beside that other backports are done:

• kernel 2c/n ([kernel 2c/n] Introduce kernel::Context, encapsulate global init/teardown bitcoin/bitcoin#25065)
• kernel 3a/n ([kernel 3a/n] Decouple CTxMemPool from ArgsManager bitcoin/bitcoin#25290)
• kernel 3d/n ([kernel 3d/n] Misc ChainstateManager::Options fixups bitcoin/bitcoin#25607)
• kernel 3b/n ([kernel 3b/n] Decouple {Dump,Load}Mempool from ArgsManager bitcoin/bitcoin#25487)

How Has This Been Tested?

src/dash-chainstate -datadir=/.dashcore still succeed.

Unit & functional tests succeed.

Breaking Changes

N/A

Checklist:

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added or updated relevant unit/integration/functional/e2e tests
• I have made corresponding changes to the documentation
• I have assigned this pull request to a milestone

[github-actions]

⚠️ Potential Merge Conflicts Detected

This PR has potential conflicts with the following open PRs:

• backport: bitcoin#25717, #25960, #25963, #25978, #26012, #26172, #26184, #26355, #26387, #26954, #30761 (anti-DOS headers sync) #7318 - backport: bitcoin#25717, #25960, #25963, #25978, #26012, #26172, #26184, #26355, #26387, #26954, #30761 (anti-DOS headers sync)
• refactor: break circular dependency over net_processing and dkgsessionhandler #7314 - refactor: break circular dependency over net_processing and dkgsessionhandler
• backport: Merge bitcoin/bitcoin#28857 , 29458, (partial) 29236, 29459, 29479, 29615, 29433 #7292 - backport: Merge bitcoin/bitcoin#28857 , 29458, (partial) 29236, 29459, 29479, 29615, 29433
• backport: bitcoin#18933, #23123, #23147, #23549, #26074, #26207, #26307, #26341, #26352, #26656, #26886, #26996, #27035 #7192 - backport: bitcoin#18933, #23123, #23147, #23549, #26074, #26207, #26307, #26341, #26352, #26656, #26886, #26996, #27035
• backport: Merge bitcoin#30170, 30026, 30017, 29961, 29904, 29910, 29849 #7257 - backport: Merge bitcoin#30170, 30026, 30017, 29961, 29904, 29910, 29849
• backport: Merge bitcoin#28486, 28969, 27921, 27177, 26331 #7187 - backport: Merge bitcoin#28486, 28969, 27921, 27177, 26331

Please coordinate with the authors of these PRs to avoid merge conflicts.

[thepastaclaw]

✅ Review complete (commit 4614356)

[coderabbitai]

Walkthrough

This PR adds kernel context, kernel sanity checks, and mempool persistence APIs. It refactors mempool, chainstate, and validation code to use kernel-backed options, explicit paths, and adjusted-time callbacks. It also updates node startup, peer management, mining, RPC, tests, build wiring, and lint/functional test inputs to match the new interfaces.

Sequence Diagram(s)

sequenceDiagram
  participant Init as init.cpp
  participant NodeContext as node::NodeContext
  participant KernelContext as kernel::Context
  participant ChainstateManager as ChainstateManager
  participant CTxMemPool as CTxMemPool
  participant MempoolPersist as kernel::DumpMempool
  Init->>NodeContext: create kernel context and mempool options
  NodeContext->>KernelContext: construct
  Init->>ChainstateManager: construct with ChainstateManager::Options
  Init->>CTxMemPool: construct with MemPoolOptions
  Init->>MempoolPersist: DumpMempool(mempool, MempoolPath(args))

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120+ minutes

Possibly related PRs

• dashpay/dash#7234: Touches the same dash-chainstate build wiring in configure.ac and src/Makefile.am.
• dashpay/dash#6530: Also changes mempool ancestor-limit plumbing and CTxMemPool/validation-related code paths.

Suggested reviewers

• thepastaclaw
• UdjinM6

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/rpc/rawtransaction.cpp (1)

379-407: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Incomplete migration from global Params() to chainman parameters across RPC endpoints. The refactoring updates getrawtransaction() to use the active chainman's consensus parameters instead of the global singleton, but similar operations in getrawtransactionmulti() and gettxchainlocks() still use the global Params(). This creates inconsistent consensus parameter sourcing across functionally identical RPC endpoints and conflicts with the PR's stated goal to decouple from global singletons.

• src/rpc/rawtransaction.cpp#L379-L407: correctly migrated to chainman.GetParams() and chainman.GetConsensus().
• src/rpc/rawtransaction.cpp#L524-L524: replace Params().GetConsensus() with chainman.GetConsensus() in the GetTransaction call within getrawtransactionmulti().
• src/rpc/rawtransaction.cpp#L670-L670: replace Params().GenesisBlock().hashMerkleRoot with chainman.GetParams().GenesisBlock().hashMerkleRoot in the genesis check within gettxchainlocks().
• src/rpc/rawtransaction.cpp#L679-L679: replace Params().GetConsensus() with chainman.GetConsensus() in the GetTransaction call within gettxchainlocks().

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/rpc/rawtransaction.cpp` around lines 379 - 407, The code mixes global
Params()/GetConsensus() with chainman; unify to use chainman as done in the
anchor region: in src/rpc/rawtransaction.cpp (lines 379-407) the pattern is
correct; for src/rpc/rawtransaction.cpp (line 524) inside
getrawtransactionmulti() replace Params().GetConsensus() with
chainman.GetConsensus() in the GetTransaction call; for
src/rpc/rawtransaction.cpp (line 670) inside gettxchainlocks() replace
Params().GenesisBlock().hashMerkleRoot with
chainman.GetParams().GenesisBlock().hashMerkleRoot for the genesis coinbase
check; and for src/rpc/rawtransaction.cpp (line 679) inside gettxchainlocks()
replace Params().GetConsensus() with chainman.GetConsensus() in the
GetTransaction call so all RPCs consistently use chainman for params/consensus
(adjust include/use of chainman variable if needed).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@configure.ac`:
- Around line 1800-1804: The AC_MSG_ERROR currently triggers whenever
build_experimental_kernel_lib = "no" even if chainstate isn't requested; change
the logic so the error is emitted only when both build_bitcoin_chainstate =
"yes" and build_experimental_kernel_lib = "no". Concretely, replace the
top-level if that checks build_experimental_kernel_lib with a conditional that
tests both variables (e.g., if test "$build_bitcoin_chainstate" = "yes" && test
"$build_experimental_kernel_lib" = "no"; then AC_MSG_ERROR(...); else
AM_CONDITIONAL([BUILD_BITCOIN_CHAINSTATE], [test $build_bitcoin_chainstate =
"yes"]) fi), leaving the AM_CONDITIONAL for BUILD_BITCOIN_CHAINSTATE unchanged.

In `@src/kernel/checks.h`:
- Around line 14-19: The enum value ERROR_CHRONO is unreachable because
kernel::SanityChecks() never returns it while AppInitSanityChecks still handles
it; fix by either implementing the missing chrono sanity check in
kernel::SanityChecks() so it can return SanityCheckError::ERROR_CHRONO (add a
chrono validity test and return that enum on failure), or remove ERROR_CHRONO
from the SanityCheckError enum and delete the corresponding case in
AppInitSanityChecks (and update any switch/default logic). Ensure the chosen
change keeps enum and switch consistent and compile-clean by updating any
related tests/comments referencing ERROR_CHRONO.

In `@src/node/chainstate.cpp`:
- Line 251: The comparison in VerifyLoadedChainstate uses GetTime() directly,
bypassing the injected time callback; replace the hardcoded GetTime() call with
the provided get_unix_time_seconds() callback so the check if (tip && tip->nTime
> ...) becomes consistent with the injected time source (update the code in
VerifyLoadedChainstate where tip->nTime is compared to GetTime() +
MAX_FUTURE_BLOCK_TIME to use get_unix_time_seconds() instead).

In `@src/test/fuzz/tx_pool.cpp`:
- Around line 120-131: The code currently constructs a CTxMemPool via
MakeMempool but then UB-ly downcasts tx_pool_ to MockedTxPool with
*static_cast<MockedTxPool*>(&tx_pool_); fix this by actually constructing a
MockedTxPool instead of a CTxMemPool where the cast is used: either change the
declaration tx_pool_ to be MockedTxPool (and update MakeMempool to return a
MockedTxPool or add a MakeMockedMempool helper that builds the same Options and
constructs a MockedTxPool), and remove the static_cast usages; do not leave a
CTxMemPool and cast it to MockedTxPool. Ensure references to CTxMemPool,
MockedTxPool, tx_pool_, MakeMempool and the static_cast sites are updated
consistently.

In `@src/test/mempool_tests.cpp`:
- Around line 20-24: The test currently static_casts m_node.mempool to
MemPoolTest&, which is UB because m_node.mempool is actually a
std::unique_ptr<CTxMemPool>; fix by constructing a real MemPoolTest object
instead of a CTxMemPool: replace the
std::make_unique<CTxMemPool>(MemPoolOptionsForTest(m_node)) allocation with
std::make_unique<MemPoolTest>(MemPoolOptionsForTest(m_node)) so the dynamic type
matches MemPoolTest, or alternatively change the fixture/member type that holds
m_node.mempool from std::unique_ptr<CTxMemPool> to std::unique_ptr<MemPoolTest>
and initialize it with MemPoolOptionsForTest(m_node); ensure all usages that
rely on CTxMemPool still compile against the MemPoolTest subclass.

---

Outside diff comments:
In `@src/rpc/rawtransaction.cpp`:
- Around line 379-407: The code mixes global Params()/GetConsensus() with
chainman; unify to use chainman as done in the anchor region: in
src/rpc/rawtransaction.cpp (lines 379-407) the pattern is correct; for
src/rpc/rawtransaction.cpp (line 524) inside getrawtransactionmulti() replace
Params().GetConsensus() with chainman.GetConsensus() in the GetTransaction call;
for src/rpc/rawtransaction.cpp (line 670) inside gettxchainlocks() replace
Params().GenesisBlock().hashMerkleRoot with
chainman.GetParams().GenesisBlock().hashMerkleRoot for the genesis coinbase
check; and for src/rpc/rawtransaction.cpp (line 679) inside gettxchainlocks()
replace Params().GetConsensus() with chainman.GetConsensus() in the
GetTransaction call so all RPCs consistently use chainman for params/consensus
(adjust include/use of chainman variable if needed).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: e36e1775-c57a-44f6-ab45-54cb8d77291c

📥 Commits

Reviewing files that changed from the base of the PR and between 7fcc54a and a1acc28.

📒 Files selected for processing (87)

• ci/dash/lint-tidy.sh
• ci/test/00_setup_env_native_nowallet_libbitcoinkernel.sh
• configure.ac
• contrib/devtools/iwyu/bitcoin.core.imp
• src/Makefile.am
• src/Makefile.test_fuzz.include
• src/bitcoin-chainstate.cpp
• src/bitcoind.cpp
• src/bls/bls.cpp
• src/bls/bls.h
• src/deploymentstatus.h
• src/evo/mnhftx.cpp
• src/fs.h
• src/init.cpp
• src/init.h
• src/init/common.cpp
• src/init/common.h
• src/kernel/bitcoinkernel.cpp
• src/kernel/chainstatemanager_opts.h
• src/kernel/checks.cpp
• src/kernel/checks.h
• src/kernel/context.cpp
• src/kernel/context.h
• src/kernel/mempool_limits.h
• src/kernel/mempool_options.h
• src/kernel/mempool_persist.cpp
• src/kernel/mempool_persist.h
• src/mempool_args.cpp
• src/mempool_args.h
• src/net_processing.cpp
• src/net_processing.h
• src/node/blockstorage.cpp
• src/node/blockstorage.h
• src/node/chainstate.cpp
• src/node/chainstate.h
• src/node/context.cpp
• src/node/context.h
• src/node/interfaces.cpp
• src/node/mempool_persist_args.cpp
• src/node/mempool_persist_args.h
• src/node/miner.cpp
• src/node/miner.h
• src/policy/fees.cpp
• src/policy/fees.h
• src/policy/fees_args.cpp
• src/policy/fees_args.h
• src/policy/packages.h
• src/policy/policy.h
• src/rest.cpp
• src/rpc/blockchain.cpp
• src/rpc/fees.cpp
• src/rpc/mempool.cpp
• src/rpc/mining.cpp
• src/rpc/rawtransaction.cpp
• src/rpc/txoutproof.cpp
• src/test/block_reward_reallocation_tests.cpp
• src/test/blockfilter_index_tests.cpp
• src/test/denialofservice_tests.cpp
• src/test/dynamic_activation_thresholds_tests.cpp
• src/test/evo_deterministicmns_tests.cpp
• src/test/fuzz/mempool_utils.h
• src/test/fuzz/policy_estimator.cpp
• src/test/fuzz/policy_estimator_io.cpp
• src/test/fuzz/tx_pool.cpp
• src/test/fuzz/validation_load_mempool.cpp
• src/test/mempool_tests.cpp
• src/test/miner_tests.cpp
• src/test/net_peer_connection_tests.cpp
• src/test/txpackage_tests.cpp
• src/test/util/mining.cpp
• src/test/util/setup_common.cpp
• src/test/util/setup_common.h
• src/test/util/txmempool.cpp
• src/test/util/txmempool.h
• src/test/validation_block_tests.cpp
• src/test/validation_chainstate_tests.cpp
• src/test/validation_chainstatemanager_tests.cpp
• src/txmempool.cpp
• src/txmempool.h
• src/util/system.cpp
• src/util/system.h
• src/validation.cpp
• src/validation.h
• test/functional/mempool_expiry.py
• test/functional/mempool_persist.py
• test/lint/lint-circular-dependencies.py
• test/lint/spelling.ignore-words.txt

💤 Files with no reviewable changes (3)

• src/init/common.h
• src/init/common.cpp
• src/bls/bls.cpp

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Error fires unconditionally when kernel library is disabled.

Lines 1800-1802 error if build_experimental_kernel_lib = "no" regardless of whether build_bitcoin_chainstate is enabled. This breaks valid configurations where users disable the kernel library but also don't want chainstate (e.g., ./configure --without-experimental-kernel-lib alone).

The error should only fire when chainstate is explicitly enabled and the kernel library is disabled.

🐛 Proposed fix

-if test "$build_experimental_kernel_lib" = "no"; then
-AC_MSG_ERROR([experimental dash-chainstate cannot be built without the experimental dashkernel library. Use --with-experimental-kernel-lib]);
-else
-  AM_CONDITIONAL([BUILD_BITCOIN_CHAINSTATE], [test $build_bitcoin_chainstate = "yes"])
-fi
+if test "$build_bitcoin_chainstate" = "yes" && test "$build_experimental_kernel_lib" = "no"; then
+  AC_MSG_ERROR([experimental dash-chainstate cannot be built without the experimental dashkernel library. Use --with-experimental-kernel-lib])
+fi
+AM_CONDITIONAL([BUILD_BITCOIN_CHAINSTATE], [test $build_bitcoin_chainstate = "yes"])

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@configure.ac` around lines 1800 - 1804, The AC_MSG_ERROR currently triggers
whenever build_experimental_kernel_lib = "no" even if chainstate isn't
requested; change the logic so the error is emitted only when both
build_bitcoin_chainstate = "yes" and build_experimental_kernel_lib = "no".
Concretely, replace the top-level if that checks build_experimental_kernel_lib
with a conditional that tests both variables (e.g., if test
"$build_bitcoin_chainstate" = "yes" && test "$build_experimental_kernel_lib" =
"no"; then AC_MSG_ERROR(...); else AM_CONDITIONAL([BUILD_BITCOIN_CHAINSTATE],
[test $build_bitcoin_chainstate = "yes"]) fi), leaving the AM_CONDITIONAL for
BUILD_BITCOIN_CHAINSTATE unchanged.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for chrono-related sanity checks or time validation functions

rg -n "chrono.*sanity|time.*sanity|epoch.*check" --type=cpp -C3

Repository: dashpay/dash

Length of output: 1461

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== ERROR_CHRONO usages =="
rg -n "ERROR_CHRONO" -S --type=cpp --type=h --type=hpp -g'*.cpp' -g'*.h' -g'*.hpp' -g'*.cc' .

echo
echo "== SanityChecks declaration/definition =="
rg -n "SanityChecks" src/kernel/checks.h src/kernel/checks.cpp src/kernel/checks.cc src/kernel/checks.h.*

# Show enum + function area in checks.h (small window)
echo
echo "== checks.h enum/function context =="
if [ -f src/kernel/checks.h ]; then
  sed -n '1,120p' src/kernel/checks.h | nl -ba | sed -n '1,120p'
fi

# Show implementation in checks.cpp (small window around matches)
echo
echo "== checks.cpp SanityChecks implementation context =="
if [ -f src/kernel/checks.cpp ]; then
  rg -n "SanityChecks" src/kernel/checks.cpp
  # Print region around the first match
  line=$(rg -n "SanityChecks" src/kernel/checks.cpp | head -n1 | cut -d: -f1)
  start=$(( line>60 ? line-60 : 1 ))
  end=$(( line+180 ))
  sed -n "${start},${end}p" src/kernel/checks.cpp | nl -ba | sed -n '1,260p'
elif [ -f src/kernel/checks.cc ]; then
  rg -n "SanityChecks" src/kernel/checks.cc
fi

# Show init.cpp switch area around referenced lines
echo
echo "== init.cpp around 1491-1493 =="
if [ -f src/init.cpp ]; then
  sed -n '1460,1520p' src/init.cpp | nl -ba | sed -n '1,120p'
fi

Repository: dashpay/dash

Length of output: 128

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== ERROR_CHRONO usages (cpp/h/cc only) =="
rg -n "ERROR_CHRONO" -S src -g'*.cpp' -g'*.h' -g'*.cc' || true

echo
echo "== SanityChecks declaration/definition =="
ls -1 src/kernel | rg -n "checks\.(h|cpp|cc)$" || true
rg -n "SanityChecks" -S src/kernel/checks.* src/kernel/*checks* || true

echo
echo "== checks.h enum context =="
if [ -f src/kernel/checks.h ]; then
  nl -ba src/kernel/checks.h | sed -n '1,120p'
fi

echo
echo "== checks.cpp SanityChecks context =="
if [ -f src/kernel/checks.cpp ]; then
  rg -n "SanityChecks" src/kernel/checks.cpp
  line=$(rg -n "SanityChecks" src/kernel/checks.cpp | head -n1 | cut -d: -f1)
  start=$(( line>80 ? line-80 : 1 ))
  end=$(( line+220 ))
  nl -ba src/kernel/checks.cpp | sed -n "${start},${end}p"
elif [ -f src/kernel/checks.cc ]; then
  rg -n "SanityChecks" src/kernel/checks.cc
fi

echo
echo "== init.cpp around 1491-1493 =="
if [ -f src/init.cpp ]; then
  nl -ba src/init.cpp | sed -n '1460,1525p'
fi

Repository: dashpay/dash

Length of output: 710

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== checks.h (first 80 lines) =="
if [ -f src/kernel/checks.h ]; then
  cat -n src/kernel/checks.h | sed -n '1,80p'
fi

echo
echo "== checks.cpp (show SanityChecks implementation region) =="
if [ -f src/kernel/checks.cpp ]; then
  rg -n "SanityChecks\\(const Context&\\)" src/kernel/checks.cpp || true
  # print beginning plus function body area
  cat -n src/kernel/checks.cpp | sed -n '1,220p'
fi

echo
echo "== init.cpp (around ERROR_CHRONO handling and surrounding switch) =="
if [ -f src/init.cpp ]; then
  cat -n src/init.cpp | sed -n '1460,1525p'
fi

echo
echo "== Explicit searches inside checks.cpp for ERROR_CHRONO =="
if [ -f src/kernel/checks.cpp ]; then
  rg -n "ERROR_CHRONO" src/kernel/checks.cpp || true
fi

Repository: dashpay/dash

Length of output: 5133

---

Fix unreachable ERROR_CHRONO handling by implementing the missing chrono sanity check or removing the dead enum case.

kernel::SanityChecks() in src/kernel/checks.cpp only returns ERROR_ECC, ERROR_BLS, or ERROR_RANDOM (otherwise std::nullopt) and never returns ERROR_CHRONO, but AppInitSanityChecks in src/init.cpp still handles kernel::SanityCheckError::ERROR_CHRONO, making that switch branch unreachable/misleading. Consider either implementing the chrono check to return ERROR_CHRONO or dropping ERROR_CHRONO from SanityCheckError/the switch.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/kernel/checks.h` around lines 14 - 19, The enum value ERROR_CHRONO is
unreachable because kernel::SanityChecks() never returns it while
AppInitSanityChecks still handles it; fix by either implementing the missing
chrono sanity check in kernel::SanityChecks() so it can return
SanityCheckError::ERROR_CHRONO (add a chrono validity test and return that enum
on failure), or remove ERROR_CHRONO from the SanityCheckError enum and delete
the corresponding case in AppInitSanityChecks (and update any switch/default
logic). Ensure the chosen change keeps enum and switch consistent and
compile-clean by updating any related tests/comments referencing ERROR_CHRONO.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Honor the injected time callback here.

VerifyLoadedChainstate() still takes get_unix_time_seconds, but this comparison now bypasses it and hardcodes GetTime(). That makes custom/mock time sources ineffective and reintroduces the global timedata dependency this backport is supposed to remove.

Suggested fix

-            if (tip && tip->nTime > GetTime() + MAX_FUTURE_BLOCK_TIME) {
+            const int64_t now = get_unix_time_seconds();
+            if (tip && tip->nTime > now + MAX_FUTURE_BLOCK_TIME) {
                 return ChainstateLoadVerifyError::ERROR_BLOCK_FROM_FUTURE;
             }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (tip && tip->nTime > GetTime() + MAX_FUTURE_BLOCK_TIME) {
	const int64_t now = get_unix_time_seconds();
	if (tip && tip->nTime > now + MAX_FUTURE_BLOCK_TIME) {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/node/chainstate.cpp` at line 251, The comparison in
VerifyLoadedChainstate uses GetTime() directly, bypassing the injected time
callback; replace the hardcoded GetTime() call with the provided
get_unix_time_seconds() callback so the check if (tip && tip->nTime > ...)
becomes consistent with the injected time source (update the code in
VerifyLoadedChainstate where tip->nTime is compared to GetTime() +
MAX_FUTURE_BLOCK_TIME to use get_unix_time_seconds() instead).

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail
rg -n -C2 'struct MockedTxPool|CTxMemPool tx_pool_\{MakeMempool\(node\)\}|static_cast<MockedTxPool\*>\(&tx_pool_\)' src/test/fuzz/tx_pool.cpp

Repository: dashpay/dash

Length of output: 666

---

Fix UB from downcasting CTxMemPool to MockedTxPool in tx_pool fuzz test.
tx_pool_ is declared as CTxMemPool (CTxMemPool tx_pool_{MakeMempool(node)};), but then it’s cast to MockedTxPool& via *static_cast<MockedTxPool*>(&tx_pool_) (also repeated at the second block around lines ~330-332). This is UB unless the object was actually constructed as MockedTxPool, but MakeMempool() constructs/returns a CTxMemPool.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/test/fuzz/tx_pool.cpp` around lines 120 - 131, The code currently
constructs a CTxMemPool via MakeMempool but then UB-ly downcasts tx_pool_ to
MockedTxPool with *static_cast<MockedTxPool*>(&tx_pool_); fix this by actually
constructing a MockedTxPool instead of a CTxMemPool where the cast is used:
either change the declaration tx_pool_ to be MockedTxPool (and update
MakeMempool to return a MockedTxPool or add a MakeMockedMempool helper that
builds the same Options and constructs a MockedTxPool), and remove the
static_cast usages; do not leave a CTxMemPool and cast it to MockedTxPool.
Ensure references to CTxMemPool, MockedTxPool, tx_pool_, MakeMempool and the
static_cast sites are updated consistently.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail
fd -p "setup_common.cpp" src/test src --exec rg -n -C3 'm_node\.mempool\s*=' {}
fd -p "setup_common.h" src/test src --exec rg -n -C3 'mempool' {}
rg -n -C2 'class MemPoolTest|static_cast<MemPoolTest&>\(\*Assert\(m_node\.mempool\)\)' src/test/mempool_tests.cpp

Repository: dashpay/dash

Length of output: 5973

---

Avoid UB: don’t cast m_node.mempool to MemPoolTest& when it’s a CTxMemPool.

At line 433, m_node.mempool is instantiated as std::make_unique<CTxMemPool>(MemPoolOptionsForTest(m_node)), so static_cast<MemPoolTest&>(*Assert(m_node.mempool)) requires the dynamic type to be MemPoolTest; otherwise the behavior is undefined.

Fix by constructing a real MemPoolTest instance (using the same MemPoolOptionsForTest(m_node)) and using that object in the test, or by changing the fixture to store a MemPoolTest rather than CTxMemPool.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/test/mempool_tests.cpp` around lines 20 - 24, The test currently
static_casts m_node.mempool to MemPoolTest&, which is UB because m_node.mempool
is actually a std::unique_ptr<CTxMemPool>; fix by constructing a real
MemPoolTest object instead of a CTxMemPool: replace the
std::make_unique<CTxMemPool>(MemPoolOptionsForTest(m_node)) allocation with
std::make_unique<MemPoolTest>(MemPoolOptionsForTest(m_node)) so the dynamic type
matches MemPoolTest, or alternatively change the fixture/member type that holds
m_node.mempool from std::unique_ptr<CTxMemPool> to std::unique_ptr<MemPoolTest>
and initialize it with MemPoolOptionsForTest(m_node); ensure all usages that
rely on CTxMemPool still compile against the MemPoolTest subclass.

[thepastaclaw]

Code Review

Verified all six agent findings against the worktree at 9a2c79d. One blocking configure regression in the new --with-experimental-kernel-lib check: the guard fires whenever the kernel lib is disabled even though dash-chainstate is opt-in and defaults to no, so a plain --with-experimental-kernel-lib=no aborts configure. Three small backport-cleanup leftovers (stale Dump/LoadMempool declarations in validation.h, duplicate common/bloom.h line in Makefile.am, dead init::UnsetGlobals comment in bitcoin-chainstate.cpp) and two harmless adaptation residues (unused get_unix_time_seconds parameter, unreachable ERROR_CHRONO enum value) are kept as suggestions/nitpicks.

🔴 1 blocking | 🟡 1 suggestion(s) | 💬 4 nitpick(s)

1 additional finding(s) omitted (not in diff).

🤖 Prompt for all review comments with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `configure.ac`:
- [BLOCKING] configure.ac:1799-1805: --with-experimental-kernel-lib=no aborts configure even when dash-chainstate is not requested
  The new guard at configure.ac:1800 fires on `build_experimental_kernel_lib = no` unconditionally, but `build_bitcoin_chainstate` defaults to `no` (line 777) and is also forced to `no` at line 1460. The result: any invocation of `./configure --with-experimental-kernel-lib=no` (or any future path that disables the kernel library) bails out with an error about dash-chainstate, even though dash-chainstate was never requested. The check must be gated on `build_bitcoin_chainstate = yes` so it only triggers when the user actually asked for dash-chainstate while explicitly disabling the kernel library. As a bonus, the `AM_CONDITIONAL` must be emitted unconditionally so automake does not see a conditionally-defined conditional.

In `src/validation.h`:
- [SUGGESTION] src/validation.h:1110-1116: Stale global LoadMempool/DumpMempool declarations left behind after move to kernel::
  bitcoin#25487 moves DumpMempool/LoadMempool into the kernel:: namespace with new signatures (taking dump_path / load_path) and the upstream hunk removes the old declarations from validation.h. This Dash backport correctly relocates the definitions to src/kernel/mempool_persist.cpp and updates callers via `using kernel::DumpMempool; using kernel::LoadMempool;`, but validation.h still advertises the old global-namespace declarations together with the `FopenFn` alias:

      using FopenFn = std::function<FILE*(const fs::path&, const char*)>;
      bool DumpMempool(const CTxMemPool& pool, FopenFn = fsbridge::fopen, bool skip_file_commit = false);
      bool LoadMempool(CTxMemPool& pool, CChainState& active_chainstate, FopenFn = fsbridge::fopen);

  No definitions match these signatures anywhere in the tree, so any future TU that includes validation.h and calls `LoadMempool(pool, chainstate)` will compile and then fail at link time with an undefined reference instead of the clear compile error it should get. Drop the dead declarations (and the now-unused `FopenFn` alias if nothing else uses it) to match the upstream cleanup.

[thepastaclaw]

🔴 Blocking: --with-experimental-kernel-lib=no aborts configure even when dash-chainstate is not requested

The new guard at configure.ac:1800 fires on build_experimental_kernel_lib = no unconditionally, but build_bitcoin_chainstate defaults to no (line 777) and is also forced to no at line 1460. The result: any invocation of ./configure --with-experimental-kernel-lib=no (or any future path that disables the kernel library) bails out with an error about dash-chainstate, even though dash-chainstate was never requested. The check must be gated on build_bitcoin_chainstate = yes so it only triggers when the user actually asked for dash-chainstate while explicitly disabling the kernel library. As a bonus, the AM_CONDITIONAL must be emitted unconditionally so automake does not see a conditionally-defined conditional.

Suggested change

	AC_MSG_CHECKING([whether to build experimental dash-chainstate])
	AM_CONDITIONAL([BUILD_BITCOIN_CHAINSTATE], [test $build_bitcoin_chainstate = "yes"])
	if test "$build_experimental_kernel_lib" = "no"; then
	AC_MSG_ERROR([experimental dash-chainstate cannot be built without the experimental dashkernel library. Use --with-experimental-kernel-lib]);
	else
	AM_CONDITIONAL([BUILD_BITCOIN_CHAINSTATE], [test $build_bitcoin_chainstate = "yes"])
	fi
	AC_MSG_RESULT($build_bitcoin_chainstate)
	AC_MSG_CHECKING([whether to build experimental dash-chainstate])
	if test "$build_bitcoin_chainstate" = "yes" && test "$build_experimental_kernel_lib" = "no"; then
	AC_MSG_ERROR([experimental dash-chainstate cannot be built without the experimental dashkernel library. Use --with-experimental-kernel-lib])
	fi
	AM_CONDITIONAL([BUILD_BITCOIN_CHAINSTATE], [test $build_bitcoin_chainstate = "yes"])
	AC_MSG_RESULT($build_bitcoin_chainstate)

_{source: ['codex']}

[thepastaclaw]

💬 Nitpick: Duplicate common/bloom.h entry in BITCOIN_CORE_H

The header-sorting commit in this PR produced a duplicate: common/bloom.h \ is listed on both line 196 and line 197 of BITCOIN_CORE_H. It does not break the build but the second copy is dead and should be removed.

Suggested change

	common/bloom.h \
	common/bloom.h \
	coins.h \
	common/bloom.h \
	common/run_command.h \

_{source: ['claude']}

[thepastaclaw]

💬 Nitpick: Stale comment references removed init::UnsetGlobals()

This PR removes init::SetGlobals/init::UnsetGlobals (their work moved into kernel::Context's ctor/dtor), but the teardown comment in bitcoin-chainstate.cpp still says // Tear down Dash kernel objects before init::UnsetGlobals().. The referenced function no longer exists; teardown is now driven by the kernel_context RAII destructor. Refresh (or drop) the comment so it no longer points at a removed symbol.

Suggested change

	// Tear down Dash kernel objects before init::UnsetGlobals().
	// Tear down Dash kernel objects before kernel_context's destructor runs.

_{source: ['claude']}

[thepastaclaw]

💬 Nitpick: Unused get_unix_time_seconds parameter retained from partial bitcoin#25168 adaptation

bitcoin#25168 (fa4ee53) removed the std::function<int64_t()> get_unix_time_seconds parameter from VerifyLoadedChainstate and replaced its single use with GetTime(). This backport applied the body change (chainstate.cpp:251 uses GetTime()) but kept the parameter in both the declaration (chainstate.h:134) and definition (chainstate.cpp:239). All callers (init.cpp, bitcoin-chainstate.cpp, setup_common.cpp) still pass a static_cast<int64_t(*)()>(GetTime) that is ignored. Non-blocking — no missing prerequisite — but the dead-parameter signature diverges from upstream for no Dash-specific reason and can be tightened in a follow-up.

_{source: ['claude']}

[thepastaclaw]

💬 Nitpick: SanityCheckError::ERROR_CHRONO unreachable after BLS-substitution adaptation of bitcoin#25065

The Dash adaptation of bitcoin#25065 correctly substitutes BLSInit() (returning ERROR_BLS) for the upstream chrono check, but the ERROR_CHRONO enum value is still defined here and the corresponding case is preserved in init.cpp's switch. ChronoSanityCheck was never backported and is not referenced anywhere in src/, so ERROR_CHRONO is unreachable. Harmless, just clutter — can be dropped for cleanliness.

_{source: ['claude']}

[thepastaclaw]

Code Review

Delta between previously reviewed SHA 9a2c79d and current head a1acc28 is empty — no new source changes. Both reviewer agents independently re-validated all 6 prior findings against the current head and found them STILL VALID; I verified each one in the worktree. One blocking issue (configure.ac --with-experimental-kernel-lib=no guard), one suggestion (stale validation.h declarations), and four nitpicks are carried forward.

🟡 1 suggestion(s)

1 additional finding(s) omitted (not in diff).

5 carried-forward finding(s) already raised on this PR; not re-posting as new inline comments.

🤖 Prompt for all review comments with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `src/validation.h`:
- [SUGGESTION] src/validation.h:1110-1116: Stale global LoadMempool/DumpMempool declarations left behind after move to kernel::
  Verified at a1acc28a — validation.h:1110-1116 still declares `using FopenFn = std::function<FILE*(const fs::path&, const char*)>;` plus `DumpMempool(const CTxMemPool&, FopenFn, bool)` and `LoadMempool(CTxMemPool&, CChainState&, FopenFn)` in the global namespace. bitcoin#25487 moved these into `kernel::` with new path-taking signatures and the upstream hunk removed these declarations from validation.h. This backport correctly relocated the definitions to src/kernel/mempool_persist.cpp and updates callers via `using kernel::DumpMempool; using kernel::LoadMempool;`, but the old global declarations remain advertised with no matching definitions. A future TU that includes validation.h and calls `LoadMempool(pool, chainstate)` will compile and then fail at link time with an undefined reference instead of producing a clear compile error. Drop the dead declarations and the now-unused `FopenFn` alias to match the upstream cleanup.

[thepastaclaw]

Code Review — correction / carry-forward

Correction: the review system briefly posted auto-resolve replies on several prior threads even though this recheck verified those findings are still valid. I removed those incorrect auto-resolve replies.

I re-reviewed current head a1acc28a4ba1737d8bba27498b3a9ea1dd288fe0 cumulatively and checked the requested delta git diff 9a2c79db..a1acc28a4ba1737d8bba27498b3a9ea1dd288fe0. The delta is empty, and all six prior findings remain valid at the current head:

• STILL VALID / blocking: configure.ac — --with-experimental-kernel-lib=no still aborts configure even when dash-chainstate is not requested.
• STILL VALID / suggestion: src/validation.h — stale global LoadMempool / DumpMempool declarations remain after the move to kernel::.
• STILL VALID / nitpick: src/Makefile.am — duplicate common/bloom.h remains in BITCOIN_CORE_H.
• STILL VALID / nitpick: src/bitcoin-chainstate.cpp — stale comment still references removed init::UnsetGlobals().
• STILL VALID / nitpick: src/node/chainstate.cpp — unused get_unix_time_seconds parameter remains from the partial bitcoin#25168 adaptation.
• STILL VALID / nitpick: src/kernel/checks.h — unreachable SanityCheckError::ERROR_CHRONO remains after the BLS-substitution adaptation of bitcoin#25065.

No new latest-delta findings were found. Requesting changes is still warranted because the carried-forward configure issue is blocking.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 461435620a

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Gate the kernel-lib error on chainstate being enabled

When a user explicitly disables the experimental kernel library with --without-experimental-kernel-lib while leaving --enable-experimental-util-chainstate at its default no, configure still enters this branch and aborts. The dependency error should only be raised when chainstate was requested; otherwise a normal opt-out of the experimental library makes non-chainstate builds fail unnecessarily.

Useful? React with 👍 / 👎.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/validation.cpp (1)

4342-4379: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Restore bls_legacy_scheme on every exit path.

TestBlockValidity() snapshots the global flag, but every failure return before the tail restore skips putting it back. If any of the validation calls in this function flip the scheme and then fail, later validations inherit the wrong global state. Please move the restore into a scope-exit/RAII guard so it runs on both success and error paths.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/validation.cpp` around lines 4342 - 4379, TestBlockValidity currently
snapshots bls::bls_legacy_scheme into a local bls_legacy_scheme but only
restores it at the end, skipping all early returns; wrap that snapshot in an
RAII/scope-exit guard so the original value is restored on every exit (success
or any early return) — e.g. after auto bls_legacy_scheme =
bls::bls_legacy_scheme.load(); create a small scope_guard that calls
bls::bls_legacy_scheme.store(bls_legacy_scheme) in its destructor, remove the
manual tail restore block that checks and stores the value, and leave all
existing checks (ContextualCheckBlockHeader, CheckBlock, ContextualCheckBlock,
chainstate.ConnectBlock, etc.) unchanged so the guard handles restoration even
when those calls return early.

♻️ Duplicate comments (1)

src/test/fuzz/tx_pool.cpp (1)

120-131: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Constructing CTxMemPool then downcasting to MockedTxPool is UB.

Line 120 returns a base CTxMemPool, but Line 155 and Line 331 cast those objects to MockedTxPool&. That downcast is invalid unless the object was originally constructed as MockedTxPool.

Suggested fix

 struct MockedTxPool : public CTxMemPool {
+    using CTxMemPool::CTxMemPool;
+
     void RollingFeeUpdate() EXCLUSIVE_LOCKS_REQUIRED(!cs)
     {
         LOCK(cs);
         lastRollingFeeUpdate = GetTime();
         blockSinceLastRollingFeeBump = true;
     }
 };
@@
-CTxMemPool MakeMempool(const NodeContext& node)
+MockedTxPool MakeMempool(const NodeContext& node)
 {
@@
-    return CTxMemPool{mempool_opts};
+    return MockedTxPool{mempool_opts};
 }
@@
-    CTxMemPool tx_pool_{MakeMempool(node)};
-    MockedTxPool& tx_pool = *static_cast<MockedTxPool*>(&tx_pool_);
+    MockedTxPool tx_pool{MakeMempool(node)};
@@
-    CTxMemPool tx_pool_{MakeMempool(node)};
-    MockedTxPool& tx_pool = *static_cast<MockedTxPool*>(&tx_pool_);
+    MockedTxPool tx_pool{MakeMempool(node)};

#!/bin/bash
set -euo pipefail
# Verify the base construction + derived downcast pattern is present.
rg -n -C2 'MockedTxPool|MakeMempool\(|static_cast<MockedTxPool\*>\(&tx_pool_\)' src/test/fuzz/tx_pool.cpp

Also applies to: 154-156, 330-332

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/test/fuzz/tx_pool.cpp` around lines 120 - 131, Make MakeMempool construct
and return a polymorphic heap object (avoid slicing) instead of returning
CTxMemPool by value: change the signature of MakeMempool to return
std::unique_ptr<CTxMemPool> and return
std::make_unique<MockedTxPool>(mempool_opts) (use MockedTxPool's constructor
that accepts mempool_opts); then update call sites that currently take the
returned value (and that do static_cast<MockedTxPool*>(&tx_pool_) or
static_cast<MockedTxPool&>(...)) to hold the std::unique_ptr and either
dynamic_cast the pointer to MockedTxPool* (and check for null) or otherwise use
the CTxMemPool virtual interface so no downcast is needed—this ensures
MakeMempool, CTxMemPool, MockedTxPool, and places referencing tx_pool_ are
consistent and avoid undefined behavior.

🧹 Nitpick comments (1)

src/kernel/context.cpp (1)

25-27: BLSInit() is safe to call twice (allocator callback assignment), but the sanity-check error path is redundant

• kernel::Context::Context() calls BLSInit() (src/kernel/context.cpp:25-27), and kernel::SanityChecks() calls it again (src/kernel/checks.cpp:19-20).
• BLSInit() (src/bls/bls.cpp:431-437) only invokes bls::BLS::SetSecureAllocator(secure_allocate, secure_free) and unconditionally returns true; it does not perform the one-time relic/BLS library initialization.
• bls::BLS::SetSecureAllocator (src/dashbls/src/bls.cpp:72-78) only assigns global callback function pointers, so repeated calls just overwrite the same callbacks.
• One-time BLS library init happens separately via bool BLSInitResult = BLS::Init(); (src/dashbls/src/bls.cpp:29), so the kernel startup path isn’t duplicating that init.

Optional cleanup: since BLSInit() can’t fail, the if (!BLSInit()) { ... ERROR_BLS } branch in src/kernel/checks.cpp is unnecessary.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/kernel/context.cpp` around lines 25 - 27, The constructor call to
BLSInit() in src/kernel/context.cpp (lines 25-27) is fine and requires no
change; remove the redundant BLSInit() invocation and its failing-branch in
src/kernel/checks.cpp (lines 19-20) — delete the if (!BLSInit()) { ... ERROR_BLS
} block (or at minimum the BLSInit() call and related error handling) since
BLSInit() cannot fail and the one-time library init occurs elsewhere.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/kernel/checks.cpp`:
- Around line 13-27: SanityChecks currently never returns
SanityCheckError::ERROR_CHRONO; update the SanityChecks(const Context&)
implementation to invoke the chrono sanity check and return ERROR_CHRONO on
failure (e.g., call the existing chrono-check function — name it
ChronoSanityCheck() or the actual project function that validates
monotonic/chrono behavior — and if it returns false, return
SanityCheckError::ERROR_CHRONO); alternatively, if no chrono check exists,
remove the ERROR_CHRONO enum and any caller handling (e.g., in src/init.cpp) so
the public contract and callers stay consistent.

---

Outside diff comments:
In `@src/validation.cpp`:
- Around line 4342-4379: TestBlockValidity currently snapshots
bls::bls_legacy_scheme into a local bls_legacy_scheme but only restores it at
the end, skipping all early returns; wrap that snapshot in an RAII/scope-exit
guard so the original value is restored on every exit (success or any early
return) — e.g. after auto bls_legacy_scheme = bls::bls_legacy_scheme.load();
create a small scope_guard that calls
bls::bls_legacy_scheme.store(bls_legacy_scheme) in its destructor, remove the
manual tail restore block that checks and stores the value, and leave all
existing checks (ContextualCheckBlockHeader, CheckBlock, ContextualCheckBlock,
chainstate.ConnectBlock, etc.) unchanged so the guard handles restoration even
when those calls return early.

---

Duplicate comments:
In `@src/test/fuzz/tx_pool.cpp`:
- Around line 120-131: Make MakeMempool construct and return a polymorphic heap
object (avoid slicing) instead of returning CTxMemPool by value: change the
signature of MakeMempool to return std::unique_ptr<CTxMemPool> and return
std::make_unique<MockedTxPool>(mempool_opts) (use MockedTxPool's constructor
that accepts mempool_opts); then update call sites that currently take the
returned value (and that do static_cast<MockedTxPool*>(&tx_pool_) or
static_cast<MockedTxPool&>(...)) to hold the std::unique_ptr and either
dynamic_cast the pointer to MockedTxPool* (and check for null) or otherwise use
the CTxMemPool virtual interface so no downcast is needed—this ensures
MakeMempool, CTxMemPool, MockedTxPool, and places referencing tx_pool_ are
consistent and avoid undefined behavior.

---

Nitpick comments:
In `@src/kernel/context.cpp`:
- Around line 25-27: The constructor call to BLSInit() in src/kernel/context.cpp
(lines 25-27) is fine and requires no change; remove the redundant BLSInit()
invocation and its failing-branch in src/kernel/checks.cpp (lines 19-20) —
delete the if (!BLSInit()) { ... ERROR_BLS } block (or at minimum the BLSInit()
call and related error handling) since BLSInit() cannot fail and the one-time
library init occurs elsewhere.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: a24de521-92cd-4f11-ac40-1d970d8854a3

📥 Commits

Reviewing files that changed from the base of the PR and between a1acc28 and 4614356.

📒 Files selected for processing (88)

• ci/dash/lint-tidy.sh
• ci/test/00_setup_env_native_nowallet_libbitcoinkernel.sh
• configure.ac
• contrib/devtools/iwyu/bitcoin.core.imp
• src/Makefile.am
• src/Makefile.test_fuzz.include
• src/bitcoin-chainstate.cpp
• src/bitcoind.cpp
• src/bls/bls.h
• src/bls/bls_worker.cpp
• src/bls/bls_worker.h
• src/deploymentstatus.h
• src/evo/mnhftx.cpp
• src/fs.h
• src/init.cpp
• src/init.h
• src/init/common.cpp
• src/init/common.h
• src/kernel/bitcoinkernel.cpp
• src/kernel/chainstatemanager_opts.h
• src/kernel/checks.cpp
• src/kernel/checks.h
• src/kernel/context.cpp
• src/kernel/context.h
• src/kernel/mempool_limits.h
• src/kernel/mempool_options.h
• src/kernel/mempool_persist.cpp
• src/kernel/mempool_persist.h
• src/mempool_args.cpp
• src/mempool_args.h
• src/net_processing.cpp
• src/net_processing.h
• src/node/blockstorage.cpp
• src/node/blockstorage.h
• src/node/chainstate.cpp
• src/node/chainstate.h
• src/node/context.cpp
• src/node/context.h
• src/node/interfaces.cpp
• src/node/mempool_persist_args.cpp
• src/node/mempool_persist_args.h
• src/node/miner.cpp
• src/node/miner.h
• src/policy/fees.cpp
• src/policy/fees.h
• src/policy/fees_args.cpp
• src/policy/fees_args.h
• src/policy/packages.h
• src/policy/policy.h
• src/rest.cpp
• src/rpc/blockchain.cpp
• src/rpc/fees.cpp
• src/rpc/mempool.cpp
• src/rpc/mining.cpp
• src/rpc/rawtransaction.cpp
• src/rpc/txoutproof.cpp
• src/test/block_reward_reallocation_tests.cpp
• src/test/blockfilter_index_tests.cpp
• src/test/denialofservice_tests.cpp
• src/test/dynamic_activation_thresholds_tests.cpp
• src/test/evo_deterministicmns_tests.cpp
• src/test/fuzz/mempool_utils.h
• src/test/fuzz/policy_estimator.cpp
• src/test/fuzz/policy_estimator_io.cpp
• src/test/fuzz/tx_pool.cpp
• src/test/fuzz/validation_load_mempool.cpp
• src/test/mempool_tests.cpp
• src/test/miner_tests.cpp
• src/test/net_peer_connection_tests.cpp
• src/test/txpackage_tests.cpp
• src/test/util/mining.cpp
• src/test/util/setup_common.cpp
• src/test/util/setup_common.h
• src/test/util/txmempool.cpp
• src/test/util/txmempool.h
• src/test/validation_block_tests.cpp
• src/test/validation_chainstate_tests.cpp
• src/test/validation_chainstatemanager_tests.cpp
• src/txmempool.cpp
• src/txmempool.h
• src/util/system.cpp
• src/util/system.h
• src/validation.cpp
• src/validation.h
• test/functional/mempool_expiry.py
• test/functional/mempool_persist.py
• test/lint/lint-circular-dependencies.py
• test/lint/spelling.ignore-words.txt

💤 Files with no reviewable changes (3)

• src/init/common.h
• src/init/common.cpp
• src/bls/bls.h

✅ Files skipped from review due to trivial changes (10)

• test/lint/spelling.ignore-words.txt
• src/node/context.cpp
• ci/test/00_setup_env_native_nowallet_libbitcoinkernel.sh
• ci/dash/lint-tidy.sh
• contrib/devtools/iwyu/bitcoin.core.imp
• src/evo/mnhftx.cpp
• src/policy/packages.h
• src/test/validation_chainstate_tests.cpp
• src/policy/fees_args.cpp
• test/functional/mempool_expiry.py

🚧 Files skipped from review as they are similar to previous changes (50)

• src/test/fuzz/mempool_utils.h
• src/kernel/checks.h
• src/test/mempool_tests.cpp
• src/test/util/mining.cpp
• src/test/miner_tests.cpp
• src/kernel/mempool_limits.h
• src/Makefile.test_fuzz.include
• src/rpc/txoutproof.cpp
• src/rest.cpp
• src/mempool_args.h
• src/node/blockstorage.cpp
• src/node/blockstorage.h
• src/kernel/context.h
• src/test/txpackage_tests.cpp
• src/test/validation_chainstatemanager_tests.cpp
• src/bitcoind.cpp
• src/test/validation_block_tests.cpp
• test/lint/lint-circular-dependencies.py
• src/init.h
• src/deploymentstatus.h
• src/test/util/txmempool.h
• src/net_processing.h
• src/policy/fees.h
• src/node/miner.h
• src/test/denialofservice_tests.cpp
• src/fs.h
• src/util/system.h
• src/kernel/mempool_persist.h
• src/kernel/chainstatemanager_opts.h
• src/node/miner.cpp
• src/policy/fees_args.h
• src/rpc/blockchain.cpp
• src/kernel/mempool_options.h
• src/node/context.h
• src/test/evo_deterministicmns_tests.cpp
• src/util/system.cpp
• src/policy/policy.h
• src/node/chainstate.h
• configure.ac
• src/net_processing.cpp
• src/policy/fees.cpp
• src/txmempool.h
• src/txmempool.cpp
• src/node/interfaces.cpp
• src/node/chainstate.cpp
• src/validation.h
• src/rpc/fees.cpp
• src/rpc/mining.cpp
• src/init.cpp
• src/Makefile.am

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

ERROR_CHRONO is never produced.

kernel/checks.h publishes SanityCheckError::ERROR_CHRONO, and src/init.cpp:1473-1501 already treats it as a real startup failure, but this implementation can only return ECC/BLS/RANDOM. That silently drops one branch of the new kernel sanity-check contract instead of surfacing it through the advertised API. Add the missing chrono sanity check here, or remove the enum value and caller handling so the contract stays honest.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/kernel/checks.cpp` around lines 13 - 27, SanityChecks currently never
returns SanityCheckError::ERROR_CHRONO; update the SanityChecks(const Context&)
implementation to invoke the chrono sanity check and return ERROR_CHRONO on
failure (e.g., call the existing chrono-check function — name it
ChronoSanityCheck() or the actual project function that validates
monotonic/chrono behavior — and if it returns false, return
SanityCheckError::ERROR_CHRONO); alternatively, if no chrono check exists,
remove the ERROR_CHRONO enum and any caller handling (e.g., in src/init.cpp) so
the public contract and callers stay consistent.

[thepastaclaw]

Code Review

Cumulative review of PR #7361 at 4614356. The latest delta (a1acc28..4614356) is a small housekeeping pass — wrapping Dash BLS APIs in #ifndef BUILD_BITCOIN_INTERNAL for libdashkernel exclusion and removing one stale using node::ShouldPersistMempool in rpc/mempool.cpp. No new defects in the delta. All six prior findings from a1acc28 remain unaddressed and are carried forward verbatim. The blocking issue remains configure.ac aborting when --with-experimental-kernel-lib=no is passed even without dash-chainstate being requested.

🟡 1 suggestion(s)

1 additional finding(s) omitted (not in diff).

5 carried-forward finding(s) already raised on this PR; not re-posting as new inline comments.

🤖 Prompt for all review comments with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `src/validation.h`:
- [SUGGESTION] src/validation.h:1110-1116: Stale global LoadMempool/DumpMempool declarations left behind after move to kernel::
  Carried forward — STILL VALID at 461435620a. Verified: validation.h:1110-1116 still declares `using FopenFn = std::function<FILE*(const fs::path&, const char*)>;` plus `DumpMempool(const CTxMemPool&, FopenFn, bool)` and `LoadMempool(CTxMemPool&, CChainState&, FopenFn)` in the global namespace. bitcoin#25487 moved these into kernel:: with new path-taking signatures (definitions now live at src/kernel/mempool_persist.cpp); the upstream hunk removed these prototypes from validation.h. Callers in-tree correctly use `using kernel::DumpMempool; using kernel::LoadMempool;`, but the old globals are still advertised with no matching definitions. A future translation unit including validation.h that calls `LoadMempool(pool, chainstate)` will compile successfully and then fail at link time with an undefined reference instead of producing a clear compile error. Drop the dead declarations and the now-unused FopenFn alias, and have callers include kernel/mempool_persist.h directly.