Handling of disabled validators in backing subsystem #1259
Conversation
tdimitrov
force-pushed
the
tsv-disabling-backing
branch
from
b5c6f07
to
f52256e
Compare
tdimitrov
force-pushed
the
tsv-disabling-node-side
branch
from
3ee35c8
to
936216d
Compare
tdimitrov
force-pushed
the
tsv-disabling-backing
branch
from
f52256e
to
24b5df5
Compare
|
Also discussed in #635 (comment) where I'm not in favor of disabling approval checkers, and definitely not grandpa voters, but yes it's harmless to disable backers, which makes it good to disable backers. |
|
Looks sane, we would ideally also ignore dispute statements, or at least dispute initiations. |
|
What happens if we revert the block where a validator was disabled to a block where he isn't? |
| .any(|disabled_val_idx| *disabled_val_idx == *validator_idx) | ||
| } | ||
|
|
||
| pub fn local_validator_is_disabled(&self) -> Option<bool> { |
There was a problem hiding this comment.
Why do we need to return Option ?
There was a problem hiding this comment.
self.validator is an Option. Afair the code can be executed in cases where the local node is not a validator?
I decided to return an Option here too and handle it at the caller.
|
We should also look into adding a new zombienet test. |
Yes, but this is part of I'm splitting the work in smaller PRs so that they are easier for review. All the work goes in https://github.com/paritytech/polkadot-sdk/tree/tsv-disabling-node-side
Good question. The first thing that comes to my mind is we should count its vote, but I haven't thought about this in detail yet. |
|
It would be better to handle this on the statement-distribution layer instead, i.e. since there are no changes there in this PR we will currently both accept and distribute statements from disabled validators, even though the backing system does not import them. What I would suggest is this:
A modification to the statement-dist
|
Co-authored-by: ordian <write@reusable.software>
| // TODO: https://github.com/paritytech/polkadot-sdk/issues/1940 | ||
| // Once runtime ver `DISABLED_VALIDATORS_RUNTIME_REQUIREMENT` is released remove this `if` | ||
| // statement, add `request_from_runtime` call to the `try_join!` call above and use | ||
| // `try_runtime_api!` to get `disabled_validators` | ||
| let disabled_validators = if has_required_runtime( | ||
| ctx.sender(), | ||
| parent, | ||
| RuntimeApiRequest::DISABLED_VALIDATORS_RUNTIME_REQUIREMENT, | ||
| ) | ||
| .await | ||
| { | ||
| let disabled_validators = request_from_runtime(parent, ctx.sender(), |tx| { | ||
| RuntimeApiRequest::DisabledValidators(tx) | ||
| }) | ||
| .await | ||
| .await | ||
| .map_err(Error::JoinMultiple)?; | ||
|
|
||
| let disabled_validators = try_runtime_api!(disabled_validators); | ||
| disabled_validators | ||
| } else { | ||
| gum::debug!(target: LOG_TARGET, "Runtime doesn't support `DisabledValidators` - continuing with an empty disabled validators set"); | ||
| vec![] | ||
| }; | ||
|
|
There was a problem hiding this comment.
This code needs to stay until we release v8: #1940
There was a problem hiding this comment.
can we extract that into subsystem-util or somewhere where statement-distribution and dispute-coordinator can reuse it?
There was a problem hiding this comment.
Yes, I was thinking about the same and I started working on it but against master.
My idea is to have a wrapper around request_from_runtime which does a version check and optionally returns a fallback version. I'll open a PR against master because I think this will be useful in general. We can backport it here easily after that.
There was a problem hiding this comment.
I went into a macro rabbit hole. I'll just extract this implementation here and finish the other version in a more appropriate time.
There was a problem hiding this comment.
Sure, sounds good. However, I didn't mean to use a macro for that, just a regular function should be OK.
…so that it can be reused in other subsystems
* tsv-disabling: (39 commits) Handling of disabled validators in backing subsystem (#1259) Switch trie cache random seed (#1935) Expose prometheus metrics for minimal-relay-chain node in collators (#1942) Do not force collators to update after enabling async backing (#1920) Pin PRDoc image to v0.0.5 until we are ready for v0.0.6 (#1947) [prdoc] Start BEEFY gadget by default for Polkadot nodes (#1945) Update bridges subtree (#1944) bump zombienet version (#1931) [FRAME] Message Queue use proper overweight limit (#1873) Cumulus: Allow aura to use initialized collation request receiver (#1911) Use prebuilt try-runtime binary in CI (#1898) Update kusama/polkadot bootnodes (#1895) Introduce XcmFeesToAccount fee manager (#1234) upgraded review bot to v2.1.0 (#1908) Trading trait and deal with metadata in Mutate trait for nonfungibles_v2 (#1561) Add Runtime Missing Crate Descriptions (#1909) Switch to the release env (#1910) Bump paritytech/review-bot from 2.0.1 to 2.1.0 (#1924) Bump actions/checkout from 4.1.0 to 4.1.1 (#1925) Start BEEFY client by default for Polkadot nodes (#1913) ...
Handles validator disabling in the backing subsystem. The PR introduces two changes: 1. Don't import statements from disabled validators. 2. Don't validate and second if the local validator is disabled. The purpose of this change is first to ignore statements from disabled validators on the node side. This is an optimisation as these statements are supposed to be cleared in the runtime too (still not implemented at the moment). Additionally if the local node is a validator which is disabled - don't process any new candidates. --------- Co-authored-by: ordian <noreply@reusable.software> Co-authored-by: ordian <write@reusable.software>
Handles validator disabling in the backing subsystem. The PR introduces two changes: 1. Don't import statements from disabled validators. 2. Don't validate and second if the local validator is disabled. The purpose of this change is first to ignore statements from disabled validators on the node side. This is an optimisation as these statements are supposed to be cleared in the runtime too (still not implemented at the moment). Additionally if the local node is a validator which is disabled - don't process any new candidates. --------- Co-authored-by: ordian <noreply@reusable.software> Co-authored-by: ordian <write@reusable.software>
Handles validator disabling in the backing subsystem. The PR introduces two changes:
The purpose of this change is first to ignore statements from disabled validators on the node side. This is an optimisation as these statements are supposed to be cleared in the runtime too (still not implemented at the moment). Additionally if the local node is a validator which is disabled - don't process any new candidates.