pezkuwichain/pezkuwi-subxt
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-subxt.git synced 2026-06-14 02:51:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement Lean BEEFY (#10882)

Browse Source 
Simplified BEEFY worker logic based on the invariant that GRANDPA
will always finalize 1st block of each new session, meaning BEEFY
worker is guaranteed to receive finality notification for the
BEEFY mandatory blocks.

Under these conditions the current design is as follows:
- session changes are detected based on BEEFY Digest present in
  BEEFY mandatory blocks,
- on each new session new `Rounds` of voting is created, with old
  rounds being dropped (for gossip rounds, last 3 are still alive
  so votes are still being gossiped),
- after processing finality for a block, the worker votes if
  a new voting target has become available as a result of said
  block finality processing,
- incoming votes as well as self-created votes are processed
  and signed commitments are created for completed BEEFY voting
  rounds,
- the worker votes if a new voting target becomes available
  once a round successfully completes.

On worker startup, the current validator set is retrieved from
the BEEFY pallet. If it is the genesis validator set, worker
starts voting right away considering Block #1 as session start.

Otherwise (not genesis), the worker will vote starting with
mandatory block of the next session.

Later on when we add the BEEFY initial-sync (catch-up) logic,
the worker will sync all past mandatory blocks Signed Commitments
and will be able to start voting right away.

BEEFY mandatory block is the block with header containing the BEEFY
`AuthoritiesChange` Digest, this block is guaranteed to be finalized
by GRANDPA.

This session-boundary block is signed by the ending-session's
validator set. Next blocks will be signed by the new session's
validator set. This behavior is consistent with what GRANDPA does
as well.

Also drop the limit N on active gossip rounds. In an adversarial
network, a bad actor could create and gossip N invalid votes with
round numbers larger than the current correct round number. This
would lead to votes for correct rounds to no longer be gossiped.

Add unit-tests for all components, including full voter consensus
tests.

Signed-off-by: Adrian Catangiu <adrian@parity.io>
Co-authored-by: Tomasz Drwięga <tomusdrw@users.noreply.github.com>
Co-authored-by: David Salami <Wizdave97>
This commit is contained in:
Adrian Catangiu
2022-03-25 17:31:42 +02:00
committed by GitHub
parent 52967f17de
commit 498e8c181f
12 changed files with 1812 additions and 565 deletions
Download Patch File Download Diff File Expand all files Collapse all files
substrate/client/beefy/src/round.rs
+261 -101
View File
@@ -16,7 +16,10 @@
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
use std::{collections::BTreeMap, hash::Hash};
use std::{
collections::{BTreeMap, HashMap},
hash::Hash,
};
use log::{debug, trace};
@@ -24,25 +27,33 @@ use beefy_primitives::{
crypto::{Public, Signature},
ValidatorSet, ValidatorSetId,
};
use sp_arithmetic::traits::AtLeast32BitUnsigned;
use sp_runtime::traits::MaybeDisplay;
use sp_runtime::traits::{Block, NumberFor};
/// Tracks for each round which validators have voted/signed and
/// whether the local `self` validator has voted/signed.
///
/// Does not do any validation on votes or signatures, layers above need to handle that (gossip).
#[derive(Default)]
struct RoundTracker {
votes: Vec<(Public, Signature)>,
self_vote: bool,
votes: HashMap<Public, Signature>,
}
impl RoundTracker {
fn add_vote(&mut self, vote: (Public, Signature)) -> bool {
// this needs to handle equivocations in the future
if self.votes.contains(&vote) {
fn add_vote(&mut self, vote: (Public, Signature), self_vote: bool) -> bool {
if self.votes.contains_key(&vote.0) {
return false
}
self.votes.push(vote);
self.self_vote = self.self_vote || self_vote;
self.votes.insert(vote.0, vote.1);
true
}
fn has_self_vote(&self) -> bool {
self.self_vote
}
fn is_done(&self, threshold: usize) -> bool {
self.votes.len() >= threshold
}
@@ -53,74 +64,125 @@ fn threshold(authorities: usize) -> usize {
authorities - faulty
}
pub(crate) struct Rounds<Payload, Number> {
rounds: BTreeMap<(Payload, Number), RoundTracker>,
/// Keeps track of all voting rounds (block numbers) within a session.
/// Only round numbers > `best_done` are of interest, all others are considered stale.
///
/// Does not do any validation on votes or signatures, layers above need to handle that (gossip).
pub(crate) struct Rounds<Payload, B: Block> {
rounds: BTreeMap<(Payload, NumberFor<B>), RoundTracker>,
best_done: Option<NumberFor<B>>,
session_start: NumberFor<B>,
validator_set: ValidatorSet<Public>,
prev_validator_set: ValidatorSet<Public>,
}
impl<P, N> Rounds<P, N>
impl<P, B> Rounds<P, B>
where
P: Ord + Hash,
N: Ord + AtLeast32BitUnsigned + MaybeDisplay,
P: Ord + Hash + Clone,
B: Block,
{
pub(crate) fn new(validator_set: ValidatorSet<Public>) -> Self {
Rounds { rounds: BTreeMap::new(), validator_set }
pub(crate) fn new(
session_start: NumberFor<B>,
validator_set: ValidatorSet<Public>,
prev_validator_set: ValidatorSet<Public>,
) -> Self {
Rounds {
rounds: BTreeMap::new(),
best_done: None,
session_start,
validator_set,
prev_validator_set,
}
}
}
impl<H, N> Rounds<H, N>
impl<P, B> Rounds<P, B>
where
H: Ord + Hash + Clone,
N: Ord + AtLeast32BitUnsigned + MaybeDisplay + Clone,
P: Ord + Hash + Clone,
B: Block,
{
pub(crate) fn validator_set_id(&self) -> ValidatorSetId {
self.validator_set.id()
}
pub(crate) fn validators(&self) -> &[Public] {
self.validator_set.validators()
}
pub(crate) fn add_vote(&mut self, round: &(H, N), vote: (Public, Signature)) -> bool {
if self.validator_set.validators().iter().any(|id| vote.0 == *id) {
self.rounds.entry(round.clone()).or_default().add_vote(vote)
pub(crate) fn validator_set_id_for(&self, block_number: NumberFor<B>) -> ValidatorSetId {
if block_number > self.session_start {
self.validator_set.id()
} else {
false
self.prev_validator_set.id()
}
}
pub(crate) fn is_done(&self, round: &(H, N)) -> bool {
pub(crate) fn validators_for(&self, block_number: NumberFor<B>) -> &[Public] {
if block_number > self.session_start {
self.validator_set.validators()
} else {
self.prev_validator_set.validators()
}
}
pub(crate) fn validator_set(&self) -> &ValidatorSet<Public> {
&self.validator_set
}
pub(crate) fn session_start(&self) -> &NumberFor<B> {
&self.session_start
}
pub(crate) fn should_self_vote(&self, round: &(P, NumberFor<B>)) -> bool {
Some(round.1.clone()) > self.best_done &&
self.rounds.get(round).map(|tracker| !tracker.has_self_vote()).unwrap_or(true)
}
pub(crate) fn add_vote(
&mut self,
round: &(P, NumberFor<B>),
vote: (Public, Signature),
self_vote: bool,
) -> bool {
if Some(round.1.clone()) <= self.best_done {
debug!(
target: "beefy",
"🥩 received vote for old stale round {:?}, ignoring",
round.1
);
false
} else if !self.validator_set.validators().iter().any(|id| vote.0 == *id) {
debug!(
target: "beefy",
"🥩 received vote {:?} from validator that is not in the validator set, ignoring",
vote
);
false
} else {
self.rounds.entry(round.clone()).or_default().add_vote(vote, self_vote)
}
}
pub(crate) fn try_conclude(
&mut self,
round: &(P, NumberFor<B>),
) -> Option<Vec<Option<Signature>>> {
let done = self
.rounds
.get(round)
.map(|tracker| tracker.is_done(threshold(self.validator_set.len())))
.unwrap_or(false);
trace!(target: "beefy", "🥩 Round #{} done: {}", round.1, done);
debug!(target: "beefy", "🥩 Round #{} done: {}", round.1, done);
if done {
// remove this and older (now stale) rounds
let signatures = self.rounds.remove(round)?.votes;
self.rounds.retain(|&(_, number), _| number > round.1);
self.best_done = self.best_done.clone().max(Some(round.1.clone()));
trace!(target: "beefy", "🥩 Concluded round #{}", round.1);
done
}
pub(crate) fn drop(&mut self, round: &(H, N)) -> Option<Vec<Option<Signature>>> {
trace!(target: "beefy", "🥩 About to drop round #{}", round.1);
let signatures = self.rounds.remove(round)?.votes;
Some(
self.validator_set
.validators()
.iter()
.map(|authority_id| {
signatures.iter().find_map(|(id, sig)| {
if id == authority_id {
Some(sig.clone())
} else {
None
}
})
})
.collect(),
)
Some(
self.validator_set
.validators()
.iter()
.map(|authority_id| signatures.get(authority_id).cloned())
.collect(),
)
} else {
None
}
}
}
@@ -128,13 +190,52 @@ where
mod tests {
use sc_network_test::Block;
use sp_core::H256;
use sp_runtime::traits::NumberFor;
use beefy_primitives::{crypto::Public, ValidatorSet};
use super::Rounds;
use super::{threshold, RoundTracker, Rounds};
use crate::keystore::tests::Keyring;
#[test]
fn round_tracker() {
let mut rt = RoundTracker::default();
let bob_vote = (Keyring::Bob.public(), Keyring::Bob.sign(b"I am committed"));
let threshold = 2;
// self vote not added yet
assert!(!rt.has_self_vote());
// adding new vote allowed
assert!(rt.add_vote(bob_vote.clone(), false));
// adding existing vote not allowed
assert!(!rt.add_vote(bob_vote, false));
// self vote still not added yet
assert!(!rt.has_self_vote());
// vote is not done
assert!(!rt.is_done(threshold));
let alice_vote = (Keyring::Alice.public(), Keyring::Alice.sign(b"I am committed"));
// adding new vote (self vote this time) allowed
assert!(rt.add_vote(alice_vote, true));
// self vote registered
assert!(rt.has_self_vote());
// vote is now done
assert!(rt.is_done(threshold));
}
#[test]
fn vote_threshold() {
assert_eq!(threshold(1), 1);
assert_eq!(threshold(2), 2);
assert_eq!(threshold(3), 3);
assert_eq!(threshold(4), 3);
assert_eq!(threshold(100), 67);
assert_eq!(threshold(300), 201);
}
#[test]
fn new_rounds() {
sp_tracing::try_init_simple();
@@ -145,116 +246,175 @@ mod tests {
)
.unwrap();
let rounds = Rounds::<H256, NumberFor<Block>>::new(validators);
assert_eq!(42, rounds.validator_set_id());
let session_start = 1u64.into();
let rounds = Rounds::<H256, Block>::new(session_start, validators.clone(), validators);
assert_eq!(42, rounds.validator_set_id_for(session_start));
assert_eq!(1, *rounds.session_start());
assert_eq!(
&vec![Keyring::Alice.public(), Keyring::Bob.public(), Keyring::Charlie.public()],
rounds.validators()
rounds.validators_for(session_start)
);
}
#[test]
fn add_vote() {
fn add_and_conclude_votes() {
sp_tracing::try_init_simple();
let validators = ValidatorSet::<Public>::new(
vec![Keyring::Alice.public(), Keyring::Bob.public(), Keyring::Charlie.public()],
vec![
Keyring::Alice.public(),
Keyring::Bob.public(),
Keyring::Charlie.public(),
Keyring::Eve.public(),
],
Default::default(),
)
.unwrap();
let round = (H256::from_low_u64_le(1), 1);
let mut rounds = Rounds::<H256, NumberFor<Block>>::new(validators);
let session_start = 1u64.into();
let mut rounds = Rounds::<H256, Block>::new(session_start, validators.clone(), validators);
// no self vote yet, should self vote
assert!(rounds.should_self_vote(&round));
// add 1st good vote
assert!(rounds.add_vote(
&(H256::from_low_u64_le(1), 1),
(Keyring::Alice.public(), Keyring::Alice.sign(b"I am committed"))
&round,
(Keyring::Alice.public(), Keyring::Alice.sign(b"I am committed")),
true
));
// round not concluded
assert!(rounds.try_conclude(&round).is_none());
// self vote already present, should not self vote
assert!(!rounds.should_self_vote(&round));
assert!(!rounds.is_done(&(H256::from_low_u64_le(1), 1)));
// invalid vote
// double voting not allowed
assert!(!rounds.add_vote(
&(H256::from_low_u64_le(1), 1),
(Keyring::Dave.public(), Keyring::Dave.sign(b"I am committed"))
&round,
(Keyring::Alice.public(), Keyring::Alice.sign(b"I am committed")),
true
));
assert!(!rounds.is_done(&(H256::from_low_u64_le(1), 1)));
// invalid vote (Dave is not a validator)
assert!(!rounds.add_vote(
&round,
(Keyring::Dave.public(), Keyring::Dave.sign(b"I am committed")),
false
));
assert!(rounds.try_conclude(&round).is_none());
// add 2nd good vote
assert!(rounds.add_vote(
&(H256::from_low_u64_le(1), 1),
(Keyring::Bob.public(), Keyring::Bob.sign(b"I am committed"))
&round,
(Keyring::Bob.public(), Keyring::Bob.sign(b"I am committed")),
false
));
// round not concluded
assert!(rounds.try_conclude(&round).is_none());
assert!(!rounds.is_done(&(H256::from_low_u64_le(1), 1)));
// add 3rd good vote
assert!(rounds.add_vote(
&(H256::from_low_u64_le(1), 1),
(Keyring::Charlie.public(), Keyring::Charlie.sign(b"I am committed"))
&round,
(Keyring::Charlie.public(), Keyring::Charlie.sign(b"I am committed")),
false
));
// round concluded
assert!(rounds.try_conclude(&round).is_some());
assert!(rounds.is_done(&(H256::from_low_u64_le(1), 1)));
// Eve is a validator, but round was concluded, adding vote disallowed
assert!(!rounds.add_vote(
&round,
(Keyring::Eve.public(), Keyring::Eve.sign(b"I am committed")),
false
));
}
#[test]
fn drop() {
fn multiple_rounds() {
sp_tracing::try_init_simple();
let validators = ValidatorSet::<Public>::new(
vec![Keyring::Alice.public(), Keyring::Bob.public(), Keyring::Charlie.public()],
vec![
Keyring::Alice.public(),
Keyring::Bob.public(),
Keyring::Charlie.public(),
Keyring::Dave.public(),
],
Default::default(),
)
.unwrap();
let mut rounds = Rounds::<H256, NumberFor<Block>>::new(validators);
let session_start = 1u64.into();
let mut rounds = Rounds::<H256, Block>::new(session_start, validators.clone(), validators);
// round 1
rounds.add_vote(
assert!(rounds.add_vote(
&(H256::from_low_u64_le(1), 1),
(Keyring::Alice.public(), Keyring::Alice.sign(b"I am committed")),
);
rounds.add_vote(
true,
));
assert!(rounds.add_vote(
&(H256::from_low_u64_le(1), 1),
(Keyring::Bob.public(), Keyring::Bob.sign(b"I am committed")),
);
false,
));
assert!(rounds.add_vote(
&(H256::from_low_u64_le(1), 1),
(Keyring::Charlie.public(), Keyring::Charlie.sign(b"I am committed")),
false,
));
// round 2
rounds.add_vote(
assert!(rounds.add_vote(
&(H256::from_low_u64_le(2), 2),
(Keyring::Alice.public(), Keyring::Alice.sign(b"I am again committed")),
);
rounds.add_vote(
true,
));
assert!(rounds.add_vote(
&(H256::from_low_u64_le(2), 2),
(Keyring::Bob.public(), Keyring::Bob.sign(b"I am again committed")),
);
false,
));
assert!(rounds.add_vote(
&(H256::from_low_u64_le(2), 2),
(Keyring::Charlie.public(), Keyring::Charlie.sign(b"I am again committed")),
false,
));
// round 3
rounds.add_vote(
assert!(rounds.add_vote(
&(H256::from_low_u64_le(3), 3),
(Keyring::Alice.public(), Keyring::Alice.sign(b"I am still committed")),
);
rounds.add_vote(
true,
));
assert!(rounds.add_vote(
&(H256::from_low_u64_le(3), 3),
(Keyring::Bob.public(), Keyring::Bob.sign(b"I am still committed")),
);
false,
));
assert!(rounds.add_vote(
&(H256::from_low_u64_le(3), 3),
(Keyring::Charlie.public(), Keyring::Charlie.sign(b"I am still committed")),
false,
));
assert_eq!(3, rounds.rounds.len());
// drop unknown round
assert!(rounds.drop(&(H256::from_low_u64_le(5), 5)).is_none());
// conclude unknown round
assert!(rounds.try_conclude(&(H256::from_low_u64_le(5), 5)).is_none());
assert_eq!(3, rounds.rounds.len());
// drop round 2
let signatures = rounds.drop(&(H256::from_low_u64_le(2), 2)).unwrap();
assert_eq!(2, rounds.rounds.len());
// conclude round 2
let signatures = rounds.try_conclude(&(H256::from_low_u64_le(2), 2)).unwrap();
assert_eq!(1, rounds.rounds.len());
assert_eq!(
signatures,
vec![
Some(Keyring::Alice.sign(b"I am again committed")),
Some(Keyring::Bob.sign(b"I am again committed")),
Some(Keyring::Charlie.sign(b"I am again committed")),
None
]
);