Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IF: Update finalizer safety information and rules for how a finalizer signs #2135

Merged
merged 90 commits into from
Feb 15, 2024
Merged

IF: Update finalizer safety information and rules for how a finalizer signs #2135

merged 90 commits into from
Feb 15, 2024

Conversation

greg7mdp
Copy link
Contributor

@greg7mdp greg7mdp commented Jan 24, 2024
edited
Loading

resolves #2070.

This PR implements support for managing a set of stateful finalizers (the local finalizers that this node is running).

It is important that the safety information for each finalizer (last vote and proposal lock) is preserved across nodeos invocations, since incorrect voting can lead to finality violations.

The safety information for all finalizers is saved in a file named safety.dat, which is by default located in {data_dir}/finalizers. This file preserves the safety information for not only the currently running finalizers, but for all thefinalizers who ever ran on this node with the same specified safety file location.

The currently running finalizers are always the first ones stored in the file, followed by all the inactive ones. After each vote, only the information for the currently running finalizers is written to the file, which is then flushed. This file update occurs before the vote is propagated.

The way the finalizer safety information is initialized (if not found in the persistent safety.dat file) is important, and described here. The initial configuration must be such that it will prevent safety violations, while still allowing liveness to eventually happen, so the finalizer can vote.

This specification may yet evolve, as the document is not 100% completed.

This PR also includes some other misceallenous changes:

  • update fc/crypto bls primitives to take std::span instead of std::vector, so we don't have to do unnecessary copies.
  • correct support for weak digest (which is the strong digest with the 4 characters "WEAK" appended at the end). since we couldn't use digest_type, a custom type weak_digest_t was defined.
  • extract a couple of utility functions from tester.cpp into a new file bls_utils.hpp, so that they can be reused in boost tests.

greg7mdp added 22 commits January 18, 2024 09:21
@greg7mdp
Start implementing finalizer safety - wip.
bc2549f
@greg7mdp
Finish initial implementation of finalizer::decide_vote().
e06936c
@greg7mdp
Minor fixes.
a02c3b9 
Minor cleanups.
@greg7mdp
Merge branch 'hotstuff_integration' of github.com:AntelopeIO/leap int…
f142d65 
…o gh_2070
@greg7mdp
remove duplicate definition from merge.
de92000
@greg7mdp
moved finalizer.cpp into hotstuff directory.
8674aaa
@greg7mdp
Update decide_vote, store proposal_ref including timestamp.
21fdd7c
@greg7mdp
Add finalizer_set struct and use it.
ead4ae2
@greg7mdp
remone unneeded is_last_vote_strong.
75860ff
@greg7mdp
Merge branch 'hotstuff_integration' of github.com:AntelopeIO/leap int…
8e27842 
…o gh_2070
@greg7mdp
Resolve merge conflicts.
83db966
@greg7mdp
Update decide_vote according to discussion from 1/22/24 meeting
62c0741
@greg7mdp
Fix mistake (comparison operator) in my previous checkin.
82a7327
@greg7mdp
Add support for the case where we don't find a previous qc in `assemb…
fccbb93 
…le_block`

In that case use `lib` block number and specify `weak`.
@greg7mdp
Merge branch 'hotstuff_integration' of github.com:AntelopeIO/leap int…
01ac2c1 
…o gh_2070
@greg7mdp
Use decide_vote
b920ddc
@greg7mdp
Avoid storing duplicate timestamp in finalizer::safety_information.
441ee6d
@greg7mdp
Add persistence for finalizer dafety information.
a4417ee
@greg7mdp
Small cleanups.
459d20c
@greg7mdp
Merge branch 'hotstuff_integration' of github.com:AntelopeIO/leap int…
4153370 
…o gh_2070
@greg7mdp
Move qc_data_t definition into controller.cpp.
ce67f45
@greg7mdp
Comment indentation change.
b8dfd6f
@greg7mdp greg7mdp changed the base branch from main to hotstuff_integration January 24, 2024 20:51
@greg7mdp greg7mdp marked this pull request as draft January 24, 2024 20:51
@greg7mdp greg7mdp requested a review from linh2931 February 14, 2024 21:02
linh2931
linh2931 reviewed Feb 15, 2024
View reviewed changes
libraries/chain/block_state.cpp Show resolved Hide resolved
libraries/chain/include/eosio/chain/block_header_state.hpp Outdated Show resolved Hide resolved
libraries/chain/include/eosio/chain/hotstuff/finalizer.hpp Outdated Show resolved Hide resolved
libraries/chain/hotstuff/finalizer.cpp Show resolved Hide resolved
libraries/chain/include/eosio/chain/hotstuff/finalizer.hpp
};

// ----------------------------------------------------------------------------------------
struct my_finalizers_t {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought this name again. It seems my_fianlizers is more accurate, as we are talking about the finalizers on the local node. In configuration instructions to BPs, local finalizer sounds more natural than my finalizers. my implies something at implementation level like a class or a file. @heifner @arhag ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a class name at the implementation level.

@greg7mdp greg7mdp mentioned this pull request Feb 15, 2024
Closed
@greg7mdp greg7mdp requested review from heifner and linh2931 February 15, 2024 20:39
linh2931
linh2931 reviewed Feb 15, 2024
View reviewed changes
unittests/finality_tests.cpp
@@ -453,6 +454,7 @@ BOOST_AUTO_TEST_CASE(delayed_strong_weak_lost_vote) { try {

BOOST_REQUIRE(cluster.produce_blocks_and_verify_lib_advancing());
} FC_LOG_AND_RETHROW() }
#endif
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe in Boost unit tests, when safety file is the default, those simulated weak vote tests should have passed. Should come back to revisit those later.

@greg7mdp greg7mdp merged commit e3156fe into hotstuff_integration Feb 15, 2024
26 checks passed
@greg7mdp greg7mdp deleted the gh_2070 branch February 15, 2024 23:02
@linh2931 linh2931 mentioned this pull request Feb 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ericpassmore ericpassmore ericpassmore left review comments

@linh2931 linh2931 linh2931 approved these changes

@heifner heifner heifner approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

IF: Update finalizer safety information and rules for how a finalizer signs
4 participants
@greg7mdp @ericpassmore @heifner @linh2931