[Consensus] SignerIndices Optimization (2/4) #2101
Conversation
zhangchiqing
force-pushed
the
leo/signer-indices
branch
4 times, most recently
from
d4149ff to
1935196
Compare
zhangchiqing
force-pushed
the
leo/signer-indices
branch
from
1935196 to
2086754
Compare
| @@ -150,8 +150,10 @@ func (f *Finalizer) MakeFinal(blockID flow.Identifier) error { | |||
| Guarantee: flow.CollectionGuarantee{ | |||
| CollectionID: payload.Collection.ID(), | |||
| ReferenceBlockID: payload.ReferenceBlockID, | |||
| SignerIDs: step.ParentVoterIDs, | |||
| Signature: step.ParentVoterSigData, | |||
| // TODO use signer indices for collection guarantee signer IDs | |||
There was a problem hiding this comment.
zhangchiqing
changed the base branch from
feature/signer-indices
to
leo/qc-use-signer-indices
| // the sigType will be [byte([1,1,0,0,0,0,0,0])], | ||
| // bit 1 indicates the signer at the same index in signerIndices signed random beacon sig | ||
| // bit 0 indicates the signer at the same index in signerIndices signed staking sig | ||
| func encodeSignerIndicesAndSigType(fullMembers []flow.Identifier, stakingSigners flow.IdentifierList, beaconSigners flow.IdentifierList) ([]byte, []byte, error) { |
There was a problem hiding this comment.
For me, it would be more intuitive to rename fullMembers to orderedCommittee
| @@ -112,6 +112,7 @@ func (c *CombinedVerifier) VerifyVote(signer *flow.Identity, sigData []byte, blo | |||
| // - model.ErrInvalidSignature if a signature is invalid | |||
| // - error if running into any unexpected exception (i.e. fatal error) | |||
| func (c *CombinedVerifier) VerifyQC(signers flow.IdentityList, sigData []byte, block *model.Block) error { | |||
| // TODO: remove this check, because we've checked the total stake have passed threshold | |||
There was a problem hiding this comment.
I feel like it's a sanity check, I would leave it.
There was a problem hiding this comment.
Even if we remove this check, the Unpack will fail anyway if signers is empty.
Also we are not supposed to return model.ErrInvalidFormat if sanity check fails, which is what confused me. When I saw this, I thought there was unhappy case from a user error, but actually not.
Since the later operation will fail even without this check, I would prefer to remove this check here to avoid confusion.
There was a problem hiding this comment.
⚠️
I think there are two aspects to this discussion:
- Should we have a check here?
- If the check fails, what error type should we return.
My thoughts regarding 1:
-
This is an implementation of the
Verifierinterface. -
The place where we check that the
total stake have passed thresholdis in theValidator:So this call from theflow-go/consensus/hotstuff/validator/validator.go
Lines 70 to 71 in 619a82e
Validatorinto theVerifier.VerifyQChappens through an API boundaryValidator [higher level code] --- API boundary ---> Verifier [lower level code] -
Now there are some important considerations:
-
The API specification
Verifier.VerifyQCdoes not mention the prerequisite that that higher level code must check first that the total stake has passed the threshold. -
The assumption that "total stake have passed threshold" is made by the
Verifier. In other words, we are making assumptions in the lower-level code about ordering of operations in the higher level code. I like to avoid any such assumptions if possible with reasonable effort. -
Lastly, I am not convinced about this statement
the Unpack will fail anyway if signers is empty.
If both
signersandsigDataare empty or nil, are we sure thatUnpackwill fail? I think it might actually succeed. But the crypto operations (specificallyAggregateBLSPublicKeys) will return an unexpected error, thereby crashing the receiving node.
In which order the higher level code executes its operations should ideally be up the higher level code and the lower level code should be agnostic to it. Otherwise, we make the code brittle; an engineer might re-order operations in the higher level code without being aware about implicit assumptions in the lower level code. After such a re-ordering of logic, the code might have uncovered edge cases, which could be exploited by malicious replicas.
-
Conclusion for 1:
Ideally, the code in CombinedVerifier.VerifyQC should handle any input without making assumptions about higher level code. This also included the case of empty inputs like signers and sigData as the ultimately were generated by an untrusted external actor. I think this is relatively simple to implement (see below).
My thoughts regarding 2:
- In general, an empty
signersslice indicates an invalid QC. - Nevertheless, @zhangchiqing has a good point:
- If the higher-level logic already checked that the "total stake have passed threshold",
signersbeing empty is an internal bug. However, there is no strong reason that theValidatormust perform in the checks in this order. - If the
Validatorchecked the signatures first (callingVerifier.VerifyQCfirst),len(signers) == 0would indicate a byzantine input.
- If the higher-level logic already checked that the "total stake have passed threshold",
Conclusion for 2:
I think that the semantics of this failure case depends on the order of checks within Validator. Therefore, we should allow Validator to distinguish the failure case of len(signers) == 0 from other failure cases. Thereby it can make its own decision whether this error is expected (caused by a byzantine input) or a symptom of an internal bug).
Argument also applies to CombinedVerifierV3
In CombinedVerifierV3, we do not check whether signers is empty. In a world where we first check the signatures, this code would actually be vulnerable to a crash attack. This is because AggregateBLSPublicKeys fails with an internal error if there are no signatures to aggregate:
There was a problem hiding this comment.
P.S. will be addressing this in my PR with suggested revisions.
There was a problem hiding this comment.
engine/collection/compliance/core.go
Outdated
| @@ -83,7 +83,7 @@ func (c *Core) OnBlockProposal(originID flow.Identifier, proposal *messages.Clus | |||
| Hex("payload_hash", header.PayloadHash[:]). | |||
| Time("timestamp", header.Timestamp). | |||
| Hex("proposer", header.ProposerID[:]). | |||
| Int("num_signers", len(header.ParentVoterIDs)). | |||
| // Int("num_signers", len(header.ParentVoterIDs)). | |||
There was a problem hiding this comment.
I commented this out because I haven't thought about what to replace with, but also don't want to forget about it.
Now the header only has ParentVoterIndices, I don't want to take extra query to parse the actual signers. Maybe we could simply log the entire ParentVoterIndices field?
| @@ -342,7 +342,7 @@ func TestFinalizer(t *testing.T) { | |||
| prov.AssertCalled(t, "SubmitLocal", &messages.SubmitCollectionGuarantee{ | |||
| Guarantee: flow.CollectionGuarantee{ | |||
| CollectionID: block1.Payload.Collection.ID(), | |||
| SignerIDs: block1.Header.ParentVoterIDs, | |||
| SignerIDs: []flow.Identifier{}, // block1.Header.ParentVoterIndices, | |||
|
|
||
| signerIndices, err := packer.EncodeSignerIdentifiersToIndices(in.participants.NodeIDs(), voterIDs) | ||
| if err != nil { | ||
| panic(fmt.Errorf("could not encode signer indices: %w", err)) |
There was a problem hiding this comment.
I think this panic just makes things more complicated, can we stick to require.NoError?
Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co>
Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co>
| stakingSignersLookup := stakingSigners.Lookup() | ||
| beaconSignersLookup := beaconSigners.Lookup() |
There was a problem hiding this comment.
Lets include some duplication checks here as sanity checks for the inputs:
| stakingSignersLookup := stakingSigners.Lookup() | |
| beaconSignersLookup := beaconSigners.Lookup() | |
| stakingSignersLookup := stakingSigners.Lookup() | |
| if len(stakingSignersLookup) != len(stakingSigners) { | |
| return nil, nil, fmt.Errorf("duplicated entries in staking signers %v", stakingSignersLookup) | |
| } | |
| beaconSignersLookup := beaconSigners.Lookup() | |
| if len(beaconSignersLookup) != len(beaconSigners) { | |
| return nil, nil, fmt.Errorf("duplicated entries in beacon signers %v", stakingSignersLookup) | |
| } |
module/packer/signer_indices.go
Outdated
| @@ -0,0 +1,65 @@ | |||
| package packer | |||
There was a problem hiding this comment.
I feel that signer_indices.go largely replicates logic that we already have here: ledger/common/bitutils/utils.go
I think you could just call the functions from bitutils directly in the application code. These functions were written to be widely applicable. Re-packaging the same algorithms into purpose-specific methods (like EncodeSignerIndices) duplicates code and adds an unnecessary level of abstraction to the code.
I would suggest to remove the code in this file in its entirety. In module/packer/signer_ids.go, just use the methods from the bitutil package.
There was a problem hiding this comment.
This file could at least re-use the tools from ledger/utils like MakeBitVector and SetBit.
There was a problem hiding this comment.
module/packer/signer_indices.go
Outdated
| } | ||
|
|
||
| // DecodeSignerIndices decodes the given compacted signer indices to a slice of indices. | ||
| func DecodeSignerIndices(indices []byte, count int) ([]int, error) { |
There was a problem hiding this comment.
I believe anywhere we use this function, the indices are subsequently translated into node identities right away. For example here:
flow-go/consensus/hotstuff/validator/validator.go
Lines 54 to 62 in 3ab8b59
But in this case, the validator could just directly
DecodeSignerIdentifiersFromIndices
| @@ -112,6 +112,7 @@ func (c *CombinedVerifier) VerifyVote(signer *flow.Identity, sigData []byte, blo | |||
| // - model.ErrInvalidSignature if a signature is invalid | |||
| // - error if running into any unexpected exception (i.e. fatal error) | |||
| func (c *CombinedVerifier) VerifyQC(signers flow.IdentityList, sigData []byte, block *model.Block) error { | |||
| // TODO: remove this check, because we've checked the total stake have passed threshold | |||
There was a problem hiding this comment.
⚠️
I think there are two aspects to this discussion:
- Should we have a check here?
- If the check fails, what error type should we return.
My thoughts regarding 1:
-
This is an implementation of the
Verifierinterface. -
The place where we check that the
total stake have passed thresholdis in theValidator:So this call from theflow-go/consensus/hotstuff/validator/validator.go
Lines 70 to 71 in 619a82e
Validatorinto theVerifier.VerifyQChappens through an API boundaryValidator [higher level code] --- API boundary ---> Verifier [lower level code] -
Now there are some important considerations:
-
The API specification
Verifier.VerifyQCdoes not mention the prerequisite that that higher level code must check first that the total stake has passed the threshold. -
The assumption that "total stake have passed threshold" is made by the
Verifier. In other words, we are making assumptions in the lower-level code about ordering of operations in the higher level code. I like to avoid any such assumptions if possible with reasonable effort. -
Lastly, I am not convinced about this statement
the Unpack will fail anyway if signers is empty.
If both
signersandsigDataare empty or nil, are we sure thatUnpackwill fail? I think it might actually succeed. But the crypto operations (specificallyAggregateBLSPublicKeys) will return an unexpected error, thereby crashing the receiving node.
In which order the higher level code executes its operations should ideally be up the higher level code and the lower level code should be agnostic to it. Otherwise, we make the code brittle; an engineer might re-order operations in the higher level code without being aware about implicit assumptions in the lower level code. After such a re-ordering of logic, the code might have uncovered edge cases, which could be exploited by malicious replicas.
-
Conclusion for 1:
Ideally, the code in CombinedVerifier.VerifyQC should handle any input without making assumptions about higher level code. This also included the case of empty inputs like signers and sigData as the ultimately were generated by an untrusted external actor. I think this is relatively simple to implement (see below).
My thoughts regarding 2:
- In general, an empty
signersslice indicates an invalid QC. - Nevertheless, @zhangchiqing has a good point:
- If the higher-level logic already checked that the "total stake have passed threshold",
signersbeing empty is an internal bug. However, there is no strong reason that theValidatormust perform in the checks in this order. - If the
Validatorchecked the signatures first (callingVerifier.VerifyQCfirst),len(signers) == 0would indicate a byzantine input.
- If the higher-level logic already checked that the "total stake have passed threshold",
Conclusion for 2:
I think that the semantics of this failure case depends on the order of checks within Validator. Therefore, we should allow Validator to distinguish the failure case of len(signers) == 0 from other failure cases. Thereby it can make its own decision whether this error is expected (caused by a byzantine input) or a symptom of an internal bug).
Argument also applies to CombinedVerifierV3
In CombinedVerifierV3, we do not check whether signers is empty. In a world where we first check the signatures, this code would actually be vulnerable to a crash attack. This is because AggregateBLSPublicKeys fails with an internal error if there are no signatures to aggregate:
| @@ -74,14 +78,12 @@ func (c *Cluster) Identities(blockID flow.Identifier, selector flow.IdentityFilt | |||
|
|
|||
| // use the initial cluster members for root block | |||
| if isRootBlock { | |||
| return c.initialClusterMembers.Filter(selector), nil | |||
| return c.initialClusterMembers, nil | |||
There was a problem hiding this comment.
Does initialClusterMembers exclude the ejected nodes?
The list returned from the non-root block snapshot below excludes the ejected nodes.
There was a problem hiding this comment.
Queries for the cluster's root block return the initial cluster members, without excluding any nodes ejected in the future. The reason is that the root block is defined at the same time as the initial cluster members are defined -- any ejections after that point shouldn't apply. Any ejections before that point should be reflected in the initial cluster members.
| // QuorumCertificateWithSignerIDs is a QuorumCertificate model with signer IDs instead of indices. | ||
| // it is needed for backward-compatibility with the FlowEpoch smart contract which generates QCs | ||
| // using signer IDs. | ||
| type QuorumCertificateWithSignerIDs struct { |
There was a problem hiding this comment.
[optional] BootstrappingQuorumCertifcate and QuorumCertificate could be easier names maybe
module/packer/signer_indices.go
Outdated
| @@ -0,0 +1,65 @@ | |||
| package packer | |||
There was a problem hiding this comment.
This file could at least re-use the tools from ledger/utils like MakeBitVector and SetBit.
module/packer/signer_indices.go
Outdated
|
|
||
| // EncodeSignerIndices encodes indices into compacted bit vector. Each bit represents whether the identity at | ||
| // that index is a signer. | ||
| // Note, the indices in the first argument must be in the strict increasing order, |
There was a problem hiding this comment.
if we re-use the tools from ledger/utils, I think this condition won't be required anymore.
| // 0,1,1,0,1,1,1,0,1,1 | ||
| // - Lastly, right-pad the resulting bit vector with 0 to full bytes. We have 10 committee members, | ||
| // so we pad to 2 bytes: | ||
| // 01101110 11000000 |
There was a problem hiding this comment.
Fyi, this is how bytes look like only for big endian cpus.
| // 01101110 11000000 | |
| // 01101110 11000000 (if big endianness) |
| // ↓ ↓ ↓ ↓ ↓ ↓ ↓ | ||
| // 0,1,0,1,1,1,1 | ||
| // - Again, we right-pad with zeros to full bytes, As we only had 7 signers, the sigType slice is 1byte long | ||
| // 01011110 |
There was a problem hiding this comment.
| // 01011110 | |
| // 01011110 (if big endianness) |
zhangchiqing
changed the title
zhangchiqing
requested review from
durkmurder,
AlexHentschel,
jordanschalm and
tarakby
| // constitutes an illegal input. | ||
| // * `stakingSigners` must be a subset of `fullMembers` | ||
| // * `beaconSigners` must be a subset of `fullMembers` | ||
| // Violation of any of these prerequisites results in an error return. |
There was a problem hiding this comment.
Very clear documentation 💯
* implement IdentitiesByIndices * implement encoding and decoding * remove IdentitiesByIndices * use ParentVoterIndices * use chainID * add ChainID * fix test case * remove file * sort assignment to canonical order * fix guarantee * fix execution ingestion core * use signer indices * add identifierOrder * use guarantor.FindGuarantors * fix tests * fix tests * fix tests * disable tests * fix tests * fix tests, add validation * fix fvm test * fix access tests * fix tests * fix tests * fix select_filter_test tests * fix access tests * fix access integration * fix access integration tests * revert fvm_test changes * update fvm_test * fix exec tests * fix ingestion engine tests * fix test cases * remove todo * fix error handling * add comment * fix tests * update logging * refactor * fix tests * remove function * fix error wrapping * update comment * update tests * remove unverified signature * revert mutator tests change * update comment * address comments * add tests * add check in NewClusterList to ensure the assignments are sorted in canonical order * rename method * consensus ingestion core log signer indices * remove tests log * refactor canonical order check * replace order.ByNodeIDAsc with order.Canonical * [Consensus] Refactor for guarantee signer indices (4/4) (#2204) * wip * wip * starting to fix tests * adding tests * happy path test * Added toDo for fixing tests for unhappy paths * • fixed packer tests • consolidated logic for checking the padded bits * re-gen mocks * fix validPadding * fix findguarantors * refactor ingestion/core.go * move FindGuarantors to protocol * remove commented code * fix name * fix tests * small refactor * fix import * Apply suggestions from code review Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> * fix error type * fix type * fix error message * update comments * update comment * update tests * fix identity_test * fix tests * fix unittest * fix cluster tests * fix tests * fixtures ingestion engine tests * fix execution_test * fix consensus inclusion tests * fix bootstrap constraint check * fix cycle dep from NewClusterList (#2225) Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com>
zhangchiqing
requested review from
ramtinms,
janezpodhostnik and
m4ksio
as code owners
* update interface * remove IdentitiesByIndices * remove TODO * address review comments * [Consensus] SignerIndices Optimization (2/4) (#2101) * implement IdentitiesByIndices * convert signer index * implement encoding and decoding * add test cases * remove signer indices file * fix Packer * add comments * remove IdentitiesByIndices * update mock * fix test cases * add comments * remove fields * fix ParentVoterIDs * fix verifier * fix mock * implement staking vote progressor * fix tests * move to module/packer * fix tests * fix validator test * fix validator test * use ParentVoterIndices * add QuorumCertificateWithSignerIDs * update blockSummary * move module * add test cases * remove comments * add check to EncodeSignerIndices * Apply suggestions from code review Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> * Apply suggestions from code review Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> * Apply suggestions from code review Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> * [Consensus] Use SignerIndices in CollectionGuarantee (3/4) (#2140) * implement IdentitiesByIndices * implement encoding and decoding * remove IdentitiesByIndices * use ParentVoterIndices * use chainID * add ChainID * fix test case * remove file * sort assignment to canonical order * fix guarantee * fix execution ingestion core * use signer indices * add identifierOrder * use guarantor.FindGuarantors * fix tests * fix tests * fix tests * disable tests * fix tests * fix tests, add validation * fix fvm test * fix access tests * fix tests * fix tests * fix select_filter_test tests * fix access tests * fix access integration * fix access integration tests * revert fvm_test changes * update fvm_test * fix exec tests * fix ingestion engine tests * fix test cases * remove todo * fix error handling * add comment * fix tests * update logging * refactor * fix tests * remove function * fix error wrapping * update comment * update tests * remove unverified signature * revert mutator tests change * update comment * address comments * add tests * add check in NewClusterList to ensure the assignments are sorted in canonical order * rename method * consensus ingestion core log signer indices * remove tests log * refactor canonical order check * replace order.ByNodeIDAsc with order.Canonical * [Consensus] Refactor for guarantee signer indices (4/4) (#2204) * wip * wip * starting to fix tests * adding tests * happy path test * Added toDo for fixing tests for unhappy paths * • fixed packer tests • consolidated logic for checking the padded bits * re-gen mocks * fix validPadding * fix findguarantors * refactor ingestion/core.go * move FindGuarantors to protocol * remove commented code * fix name * fix tests * small refactor * fix import * Apply suggestions from code review Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> * fix error type * fix type * fix error message * update comments * update comment * update tests * fix identity_test * fix tests * fix unittest * fix cluster tests * fix tests * fixtures ingestion engine tests * fix execution_test * fix consensus inclusion tests * fix bootstrap constraint check * fix cycle dep from NewClusterList (#2225) Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co>
* update interface * remove IdentitiesByIndices * remove TODO * address review comments * [Consensus] SignerIndices Optimization (2/4) (#2101) * implement IdentitiesByIndices * convert signer index * implement encoding and decoding * add test cases * remove signer indices file * fix Packer * add comments * remove IdentitiesByIndices * update mock * fix test cases * add comments * remove fields * fix ParentVoterIDs * fix verifier * fix mock * implement staking vote progressor * fix tests * move to module/packer * fix tests * fix validator test * fix validator test * use ParentVoterIndices * add QuorumCertificateWithSignerIDs * update blockSummary * move module * add test cases * remove comments * add check to EncodeSignerIndices * Apply suggestions from code review Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> * Apply suggestions from code review Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> * Apply suggestions from code review Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> * [Consensus] Use SignerIndices in CollectionGuarantee (3/4) (#2140) * implement IdentitiesByIndices * implement encoding and decoding * remove IdentitiesByIndices * use ParentVoterIndices * use chainID * add ChainID * fix test case * remove file * sort assignment to canonical order * fix guarantee * fix execution ingestion core * use signer indices * add identifierOrder * use guarantor.FindGuarantors * fix tests * fix tests * fix tests * disable tests * fix tests * fix tests, add validation * fix fvm test * fix access tests * fix tests * fix tests * fix select_filter_test tests * fix access tests * fix access integration * fix access integration tests * revert fvm_test changes * update fvm_test * fix exec tests * fix ingestion engine tests * fix test cases * remove todo * fix error handling * add comment * fix tests * update logging * refactor * fix tests * remove function * fix error wrapping * update comment * update tests * remove unverified signature * revert mutator tests change * update comment * address comments * add tests * add check in NewClusterList to ensure the assignments are sorted in canonical order * rename method * consensus ingestion core log signer indices * remove tests log * refactor canonical order check * replace order.ByNodeIDAsc with order.Canonical * [Consensus] Refactor for guarantee signer indices (4/4) (#2204) * wip * wip * starting to fix tests * adding tests * happy path test * Added toDo for fixing tests for unhappy paths * • fixed packer tests • consolidated logic for checking the padded bits * re-gen mocks * fix validPadding * fix findguarantors * refactor ingestion/core.go * move FindGuarantors to protocol * remove commented code * fix name * fix tests * small refactor * fix import * Apply suggestions from code review Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> * fix error type * fix type * fix error message * update comments * update comment * update tests * fix identity_test * fix tests * fix unittest * fix cluster tests * fix tests * fixtures ingestion engine tests * fix execution_test * fix consensus inclusion tests * fix bootstrap constraint check * fix cycle dep from NewClusterList (#2225) Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co>
* update interface * remove IdentitiesByIndices * remove TODO * address review comments * [Consensus] SignerIndices Optimization (2/4) (#2101) * implement IdentitiesByIndices * convert signer index * implement encoding and decoding * add test cases * remove signer indices file * fix Packer * add comments * remove IdentitiesByIndices * update mock * fix test cases * add comments * remove fields * fix ParentVoterIDs * fix verifier * fix mock * implement staking vote progressor * fix tests * move to module/packer * fix tests * fix validator test * fix validator test * use ParentVoterIndices * add QuorumCertificateWithSignerIDs * update blockSummary * move module * add test cases * remove comments * add check to EncodeSignerIndices * Apply suggestions from code review Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> * Apply suggestions from code review Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> * Apply suggestions from code review Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> * [Consensus] Use SignerIndices in CollectionGuarantee (3/4) (#2140) * implement IdentitiesByIndices * implement encoding and decoding * remove IdentitiesByIndices * use ParentVoterIndices * use chainID * add ChainID * fix test case * remove file * sort assignment to canonical order * fix guarantee * fix execution ingestion core * use signer indices * add identifierOrder * use guarantor.FindGuarantors * fix tests * fix tests * fix tests * disable tests * fix tests * fix tests, add validation * fix fvm test * fix access tests * fix tests * fix tests * fix select_filter_test tests * fix access tests * fix access integration * fix access integration tests * revert fvm_test changes * update fvm_test * fix exec tests * fix ingestion engine tests * fix test cases * remove todo * fix error handling * add comment * fix tests * update logging * refactor * fix tests * remove function * fix error wrapping * update comment * update tests * remove unverified signature * revert mutator tests change * update comment * address comments * add tests * add check in NewClusterList to ensure the assignments are sorted in canonical order * rename method * consensus ingestion core log signer indices * remove tests log * refactor canonical order check * replace order.ByNodeIDAsc with order.Canonical * [Consensus] Refactor for guarantee signer indices (4/4) (#2204) * wip * wip * starting to fix tests * adding tests * happy path test * Added toDo for fixing tests for unhappy paths * • fixed packer tests • consolidated logic for checking the padded bits * re-gen mocks * fix validPadding * fix findguarantors * refactor ingestion/core.go * move FindGuarantors to protocol * remove commented code * fix name * fix tests * small refactor * fix import * Apply suggestions from code review Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> * fix error type * fix type * fix error message * update comments * update comment * update tests * fix identity_test * fix tests * fix unittest * fix cluster tests * fix tests * fixtures ingestion engine tests * fix execution_test * fix consensus inclusion tests * fix bootstrap constraint check * fix cycle dep from NewClusterList (#2225) Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co>
* [Consensus] SignerIndices Optimization Interface changes (1/4) (#2047) * update interface * remove IdentitiesByIndices * remove TODO * address review comments * [Consensus] SignerIndices Optimization (2/4) (#2101) * implement IdentitiesByIndices * convert signer index * implement encoding and decoding * add test cases * remove signer indices file * fix Packer * add comments * remove IdentitiesByIndices * update mock * fix test cases * add comments * remove fields * fix ParentVoterIDs * fix verifier * fix mock * implement staking vote progressor * fix tests * move to module/packer * fix tests * fix validator test * fix validator test * use ParentVoterIndices * add QuorumCertificateWithSignerIDs * update blockSummary * move module * add test cases * remove comments * add check to EncodeSignerIndices * Apply suggestions from code review Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> * Apply suggestions from code review Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> * Apply suggestions from code review Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> * [Consensus] Use SignerIndices in CollectionGuarantee (3/4) (#2140) * implement IdentitiesByIndices * implement encoding and decoding * remove IdentitiesByIndices * use ParentVoterIndices * use chainID * add ChainID * fix test case * remove file * sort assignment to canonical order * fix guarantee * fix execution ingestion core * use signer indices * add identifierOrder * use guarantor.FindGuarantors * fix tests * fix tests * fix tests * disable tests * fix tests * fix tests, add validation * fix fvm test * fix access tests * fix tests * fix tests * fix select_filter_test tests * fix access tests * fix access integration * fix access integration tests * revert fvm_test changes * update fvm_test * fix exec tests * fix ingestion engine tests * fix test cases * remove todo * fix error handling * add comment * fix tests * update logging * refactor * fix tests * remove function * fix error wrapping * update comment * update tests * remove unverified signature * revert mutator tests change * update comment * address comments * add tests * add check in NewClusterList to ensure the assignments are sorted in canonical order * rename method * consensus ingestion core log signer indices * remove tests log * refactor canonical order check * replace order.ByNodeIDAsc with order.Canonical * [Consensus] Refactor for guarantee signer indices (4/4) (#2204) * wip * wip * starting to fix tests * adding tests * happy path test * Added toDo for fixing tests for unhappy paths * • fixed packer tests • consolidated logic for checking the padded bits * re-gen mocks * fix validPadding * fix findguarantors * refactor ingestion/core.go * move FindGuarantors to protocol * remove commented code * fix name * fix tests * small refactor * fix import * Apply suggestions from code review Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> * fix error type * fix type * fix error message * update comments * update comment * update tests * fix identity_test * fix tests * fix unittest * fix cluster tests * fix tests * fixtures ingestion engine tests * fix execution_test * fix consensus inclusion tests * fix bootstrap constraint check * fix cycle dep from NewClusterList (#2225) Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> * fix test cases * update flow dep * fix rpc convert * update go.mod * fix go.mod * fix testnet network * Remove unused travis yml * update mocks * upgrade flow * update mock * update go.sum * fix hotstuff integration tests * fix integration test * first commit * upgrade onflow/flow package to v0.3.0 (#2377) * add checksum * add checksum to signer indices * fix execution tests * fix execution tests * adding comments * fix ingestion tests * fix access tests * fix access tests * fix access tests * fix integration test * add validation * fix consensus integration tests * fix flakey tests * adding checks * fix flakey tests * fix check * fix order * fix sort * use crc32 to compute checksum * use canonical order * fix qc_test * Apply suggestions from code review Co-authored-by: Tarak Ben Youssef <50252200+tarakby@users.noreply.github.com> * update comments * added BackendSCciptsMetrics interface and update noop/collector * call the metrics * switched to counter * use BigEndian.PutUint32 * added buckets for script size * go fmt * added GetTransactionResultRTT metric * record GetTransactionResultRTT metric * record GetTransactionResultRTT metric * check unit tests * fix unit tests * improve signer indices logging * typo * moved start time into loop * go fmt * remove util * avoid race condition in validating blocks * add snapshot command * renamed methods and switched to histograms * add comment on usage * memory limit exception for service account * fixed typos (#2443) minor extension of error handling * fixed imports * address review comments * lint * fix comment * update tests for validPadding * refactor validPadding * chore(docker): fix parallel image builds * separated script size into two metrics * payload_size label * adding comments * chore(tests): fix load test Currently, test fails with the following error: ``` 5:21PM ERR account creation tx failed error="[Error Code: 1101] cadence runtime error Execution failed:\nerror: invalid public key: [248, 71, 184, 64, 62, 118, 6, 35, 180, 178, 53, 126, 38, 116, 202, 182, 91, 243, 157, 205, 89, 77, 199, 235, 192, 117, 38, 122, 5, 166, 65, 116, 192, 67, 8, 190, 19, 100, 174, 246, 253, 218, 181, 121, 11, 79, 74, 202, 139, 156, 247, 215, 109, 152, 90, 162, 48, 116, 13, 180, 101, 48, 1, 40, 106, 13, 47, 226, 2, 3, 130, 3, 232]\n --> 9d665e105234216749b51b3a301153c069b5c1047a1cf3f55e2ea38a5aa2c033:13:23\n |\n13 | let publicKey2 = PublicKey(\n | ^\n" ``` It looks like it tries to pass the encoded public key (along w/ algo, hash, and weight) to a function that expects a raw public key. Fix it by using the underlying PublicKey. * unquarantining 2 flaky tests that have been consistently passing in quarantine (#2455) * comments * fix function renaming * linter (#2457) * Add memory weight for atree encoded slabs * Add missing weights for cadence memory kinds * Update to latest cadence * Fix test * [BFT Testing] Corruptible Conduit Factory authenticating dictated messages. (#2441) * makes generating execution receipt exportable * (no branch): Auto stash before checking out "HEAD" * removes corrupted execution result * makes generating result approval exportable * adds result approval generation to ccf * fixes the tests * adds attestation fixture * adds message content as a parameter to message fixture * fixes bug with publish * wip * adds test for result approval * adds corrupted execution receipt test * adds todos to factory * refactors output types of wintermute orchestrator * fixes lint issue * removes unused variable * Update insecure/wintermute/helpers.go Co-authored-by: Misha <misha.rybalov@dapperlabs.com> * Update insecure/wintermute/helpers.go Co-authored-by: Misha <misha.rybalov@dapperlabs.com> * fixes lint * fixes receipt and approval bug with factory * adds pass through test for receipt * adds approval test * fixes lint * sorting imports * sorting imports Co-authored-by: Misha <misha.rybalov@dapperlabs.com> * go mod tidy * update Cadence * update atree Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> Co-authored-by: Kay-Zee <kan@axiomzen.co> Co-authored-by: Daniel Holmes <danielholmes@dapper.local> Co-authored-by: Tarak Ben Youssef <50252200+tarakby@users.noreply.github.com> Co-authored-by: bors[bot] <26634292+bors[bot]@users.noreply.github.com> Co-authored-by: danielholmes839 <danielh839@gmail.com> Co-authored-by: Bastian Müller <bastian@axiomzen.co> Co-authored-by: Daniel Holmes <43529937+danielholmes839@users.noreply.github.com> Co-authored-by: Alexey Ivanov <SaveTheRbtz@GMail.com> Co-authored-by: Misha <misha.rybalov@dapperlabs.com> Co-authored-by: Supun Setunga <supun.setunga@gmail.com> Co-authored-by: Yahya Hassanzadeh <yahya@dapperlabs.com> Co-authored-by: Robert E. Davidson III <45945043+robert-e-davidson3@users.noreply.github.com>
Build on top of #2047
This PR implements the SignerIndices optimization.
Note:
QuorumCertificateWithSignerIDs. See reasoning in commentmake lintpasses