This repository has been archived by the owner on Nov 7, 2023. It is now read-only.
Implement ViewChange message type #204
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sergefdrv
requested review from
ynamiki and
nhoriguchi
and removed request for
ynamiki
nhoriguchi
reviewed
May 17, 2021
| // whereas any valid view-change certificate is | ||
| // equivalent to any other valid one. Moreover, | ||
| // messages in the message log and view-change | ||
| // certificate are authenticated on their own. |
There was a problem hiding this comment.
Maybe I miss something, but It seems to me unclear why we don't have to include message log into signed data. I think that each message has a signature, but the order of messages in the log is not signed, so could a malicious replica intentionally reorder the log and disturb the replay after view change?
There was a problem hiding this comment.
Messages in the message log are required to be sequential in the counter value assigned by USIG. So any reordering, omission, or duplication of messages in the log will be detected when validating integrity of the ViewChange message.
I will add this explanation to the comment.
added 7 commits
May 17, 2021 17:42
This commit defines abstract interface for VIEW-CHANGE message type. Since the checkpoint feature is to be considered later, the interface omits a method to get the latest stable checkpoint, for simplicity. Besides that, ViewChange message is augmented with a quorum of ReqViewChange messages, dubbed "view-change certificate", for the following reason. Whenever a replica decides to terminate the current view and start the view change operation, it must make sure that other correct replicas will eventually do the same. Otherwise some other correct replica might stay in the old view for arbitrary long time, and the replica that started view change would stop making any progress waiting for other correct replicas. A replica terminates the current view and generates its ViewChange message once it has collected a quorum of valid ReqViewChange messages from different replicas referring to the subsequent view number. Thus, a simple way to ensure liveness would be to justify the ViewChange message with a quorum of ReqViewChange messages. This quorum will ensure view change is also triggered in any correct replica that processes the ViewChange message. Signed-off-by: Sergey Fedorov <sergey.fedorov@neclab.eu>
WrapMessage function wraps a Protobuf structure of any message type into a generic Message structure. It borrows from marshalMessage function from messages/protobuf package. The new function will help to convert messages from API into Protobuf representation. Signed-off-by: Sergey Fedorov <sergey.fedorov@neclab.eu>
MessageFromAPI function will help to convert any message from its API representation into a Protobuf structure of the corresponding type. Signed-off-by: Sergey Fedorov <sergey.fedorov@neclab.eu>
This function will help to convert any message from Protobuf into API representation. Signed-off-by: Sergey Fedorov <sergey.fedorov@neclab.eu>
The new function will help to convert any message from its API representation into a Protobuf structure of the corresponding type. If the message was created by this package, the Protobuf structure is taken directly from the underlying message structure, falling back into creating a new Protobuf structure otherwise. Signed-off-by: Sergey Fedorov <sergey.fedorov@neclab.eu>
Signed-off-by: Sergey Fedorov <sergey.fedorov@neclab.eu>
Signed-off-by: Sergey Fedorov <sergey.fedorov@neclab.eu>
sergefdrv
force-pushed
the
view-change-message
branch
from
5d0f23f to
b5ffd9a
Compare
|
Summary of changes: adjusted comment in |
@nhoriguchi Thanks for reviewing it |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces and implements
ViewChangemessage type.ViewChangemessage will be generated when handlingReqViewChangemessages (#177).