pezkuwichain/pezkuwi-subxt
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-subxt.git synced 2026-06-24 20:41:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

statement-distribution: validator disabling (#1841)

Browse Source 
Closes #1591.

The purpose of this PR is filter out backing statements from the network
signed by disabled validators. This is just an optimization, since we
will do filtering in the runtime in #1863 to avoid nodes to filter
garbage out at block production time.

- [x] Ensure it's ok to fiddle with the mask of manifests
- [x] Write more unit tests
- [x] Test locally
- [x] simple zombienet test
- [x] PRDoc

---------

Co-authored-by: Tsvetomir Dimitrov <tsvetomir@parity.io>
This commit is contained in:
ordian
2024-01-10 10:32:52 +01:00
committed by GitHub
parent 01ea45c3a1
commit a4195326b9
14 changed files with 1577 additions and 833 deletions
Download Patch File Download Diff File Expand all files Collapse all files
polkadot/roadmap/implementers-guide/src/node/backing/statement-distribution.md
+25
View File
@@ -123,6 +123,31 @@ only send "importable" statements to the backing subsystem itself.
backable and part of the hypothetical frontier.
- Note that requesting is not an implicit acknowledgement, and an explicit acknowledgement must be sent upon receipt.
### Disabled validators
After a validator is disabled in the runtime, other validators should no longer
accept statements from it. Filtering out of statements from disabled validators
on the node side is purely an optimization, as it will be done in the runtime
as well.
Because we use the state of the active leaves to
check whether a validator is disabled instead of the relay parent, the notion
of being disabled is inherently racy:
- the responder has learned about the disabled validator before the requester
- the receiver has witnessed the disabled validator after sending the request
We could have sent a manifest to a peer, then received information about
disabling, and then receive a request. This can break an invariant of the grid
mode:
- the response is required to indicate quorum
Due to the above, there should be no response at all for grid requests when
the backing threshold is no longer met as a result of disabled validators.
In addition to that, we add disabled validators to the request's unwanted
mask. This ensures that the sender will not send statements from disabled
validators (at least from the perspective of the receiver at the moment of the
request). This doesn't fully avoid race conditions, but tries to minimize them.
## Messages
### Incoming