2023-04-24 02:50:03 -04:00
|
|
|
use core::time::Duration;
|
2023-09-25 19:28:53 -04:00
|
|
|
use std::sync::Arc;
|
2023-04-24 02:50:03 -04:00
|
|
|
|
|
|
|
|
use rand_core::OsRng;
|
|
|
|
|
|
Add a cosigning protocol to ensure finalizations are unique (#433)
* Add a function to deterministically decide which Serai blocks should be co-signed
Has a 5 minute latency between co-signs, also used as the maximal latency
before a co-sign is started.
* Get all active tributaries we're in at a specific block
* Add and route CosignSubstrateBlock, a new provided TX
* Split queued cosigns per network
* Rename BatchSignId to SubstrateSignId
* Add SubstrateSignableId, a meta-type for either Batch or Block, and modularize around it
* Handle the CosignSubstrateBlock provided TX
* Revert substrate_signer.rs to develop (and patch to still work)
Due to SubstrateSigner moving when the prior multisig closes, yet cosigning
occurring with the most recent key, a single SubstrateSigner can be reused.
We could manage multiple SubstrateSigners, yet considering the much lower
specifications for cosigning, I'd rather treat it distinctly.
* Route cosigning through the processor
* Add note to rename SubstrateSigner post-PR
I don't want to do so now in order to preserve the diff's clarity.
* Implement cosign evaluation into the coordinator
* Get tests to compile
* Bug fixes, mark blocks without cosigners available as cosigned
* Correct the ID Batch preprocesses are saved under, add log statements
* Create a dedicated function to handle cosigns
* Correct the flow around Batch verification/queueing
Verifying `Batch`s could stall when a `Batch` was signed before its
predecessors/before the block it's contained in was cosigned (the latter being
inevitable as we can't sign a block containing a signed batch before signing
the batch).
Now, Batch verification happens on a distinct async task in order to not block
the handling of processor messages. This task is the sole caller of verify in
order to ensure last_verified_batch isn't unexpectedly mutated.
When the processor message handler needs to access it, or needs to queue a
Batch, it associates the DB TXN with a lock preventing the other task from
doing so.
This lock, as currently implemented, is a poor and inefficient design. It
should be modified to the pattern used for cosign management. Additionally, a
new primitive of a DB-backed channel may be immensely valuable.
Fixes a standing potential deadlock and a deadlock introduced with the
cosigning protocol.
* Working full-stack tests
After the last commit, this only required extending a timeout.
* Replace "co-sign" with "cosign" to make finding text easier
* Update the coordinator tests to support cosigning
* Inline prior_batch calculation to prevent panic on rotation
Noticed when doing a final review of the branch.
2023-11-15 16:57:21 -05:00
|
|
|
use tokio::{
|
|
|
|
|
sync::{mpsc, broadcast},
|
|
|
|
|
time::sleep,
|
|
|
|
|
};
|
2023-04-24 02:50:03 -04:00
|
|
|
|
|
|
|
|
use serai_db::MemDb;
|
|
|
|
|
|
|
|
|
|
use tributary::Tributary;
|
|
|
|
|
|
|
|
|
|
use crate::{
|
|
|
|
|
tributary::Transaction,
|
2023-10-14 14:56:02 -04:00
|
|
|
ActiveTributary, TributaryEvent,
|
2023-10-13 22:40:11 -04:00
|
|
|
p2p::handle_p2p_task,
|
2023-08-08 15:12:47 -04:00
|
|
|
tests::{
|
|
|
|
|
LocalP2p,
|
|
|
|
|
tributary::{new_keys, new_spec, new_tributaries},
|
|
|
|
|
},
|
2023-04-24 02:50:03 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#[tokio::test]
|
|
|
|
|
async fn handle_p2p_test() {
|
|
|
|
|
let keys = new_keys(&mut OsRng);
|
|
|
|
|
let spec = new_spec(&mut OsRng, &keys);
|
|
|
|
|
|
|
|
|
|
let mut tributaries = new_tributaries(&keys, &spec).await;
|
|
|
|
|
|
2023-09-25 19:28:53 -04:00
|
|
|
let mut tributary_senders = vec![];
|
2023-04-24 02:50:03 -04:00
|
|
|
let mut tributary_arcs = vec![];
|
2023-10-14 14:57:46 -04:00
|
|
|
for (p2p, tributary) in tributaries.drain(..) {
|
2023-09-25 19:28:53 -04:00
|
|
|
let tributary = Arc::new(tributary);
|
2023-04-24 02:50:03 -04:00
|
|
|
tributary_arcs.push(tributary.clone());
|
2023-09-25 19:28:53 -04:00
|
|
|
let (new_tributary_send, new_tributary_recv) = broadcast::channel(5);
|
Add a cosigning protocol to ensure finalizations are unique (#433)
* Add a function to deterministically decide which Serai blocks should be co-signed
Has a 5 minute latency between co-signs, also used as the maximal latency
before a co-sign is started.
* Get all active tributaries we're in at a specific block
* Add and route CosignSubstrateBlock, a new provided TX
* Split queued cosigns per network
* Rename BatchSignId to SubstrateSignId
* Add SubstrateSignableId, a meta-type for either Batch or Block, and modularize around it
* Handle the CosignSubstrateBlock provided TX
* Revert substrate_signer.rs to develop (and patch to still work)
Due to SubstrateSigner moving when the prior multisig closes, yet cosigning
occurring with the most recent key, a single SubstrateSigner can be reused.
We could manage multiple SubstrateSigners, yet considering the much lower
specifications for cosigning, I'd rather treat it distinctly.
* Route cosigning through the processor
* Add note to rename SubstrateSigner post-PR
I don't want to do so now in order to preserve the diff's clarity.
* Implement cosign evaluation into the coordinator
* Get tests to compile
* Bug fixes, mark blocks without cosigners available as cosigned
* Correct the ID Batch preprocesses are saved under, add log statements
* Create a dedicated function to handle cosigns
* Correct the flow around Batch verification/queueing
Verifying `Batch`s could stall when a `Batch` was signed before its
predecessors/before the block it's contained in was cosigned (the latter being
inevitable as we can't sign a block containing a signed batch before signing
the batch).
Now, Batch verification happens on a distinct async task in order to not block
the handling of processor messages. This task is the sole caller of verify in
order to ensure last_verified_batch isn't unexpectedly mutated.
When the processor message handler needs to access it, or needs to queue a
Batch, it associates the DB TXN with a lock preventing the other task from
doing so.
This lock, as currently implemented, is a poor and inefficient design. It
should be modified to the pattern used for cosign management. Additionally, a
new primitive of a DB-backed channel may be immensely valuable.
Fixes a standing potential deadlock and a deadlock introduced with the
cosigning protocol.
* Working full-stack tests
After the last commit, this only required extending a timeout.
* Replace "co-sign" with "cosign" to make finding text easier
* Update the coordinator tests to support cosigning
* Inline prior_batch calculation to prevent panic on rotation
Noticed when doing a final review of the branch.
2023-11-15 16:57:21 -05:00
|
|
|
let (cosign_send, _) = mpsc::unbounded_channel();
|
|
|
|
|
tokio::spawn(handle_p2p_task(p2p, cosign_send, new_tributary_recv));
|
2023-09-25 19:28:53 -04:00
|
|
|
new_tributary_send
|
2023-10-14 14:56:02 -04:00
|
|
|
.send(TributaryEvent::NewTributary(ActiveTributary { spec: spec.clone(), tributary }))
|
2023-09-25 19:28:53 -04:00
|
|
|
.map_err(|_| "failed to send ActiveTributary")
|
|
|
|
|
.unwrap();
|
|
|
|
|
tributary_senders.push(new_tributary_send);
|
2023-04-24 02:50:03 -04:00
|
|
|
}
|
|
|
|
|
let tributaries = tributary_arcs;
|
|
|
|
|
|
|
|
|
|
// After two blocks of time, we should have a new block
|
|
|
|
|
// We don't wait one block of time as we may have missed the chance for this block
|
|
|
|
|
sleep(Duration::from_secs((2 * Tributary::<MemDb, Transaction, LocalP2p>::block_time()).into()))
|
|
|
|
|
.await;
|
2023-09-25 19:28:53 -04:00
|
|
|
let tip = tributaries[0].tip().await;
|
2023-04-24 02:50:03 -04:00
|
|
|
assert!(tip != spec.genesis());
|
|
|
|
|
|
|
|
|
|
// Sleep one second to make sure this block propagates
|
|
|
|
|
sleep(Duration::from_secs(1)).await;
|
|
|
|
|
// Make sure every tributary has it
|
|
|
|
|
for tributary in &tributaries {
|
2023-09-25 19:28:53 -04:00
|
|
|
assert!(tributary.reader().block(&tip).is_some());
|
2023-04-24 02:50:03 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Then after another block of time, we should have yet another new block
|
|
|
|
|
sleep(Duration::from_secs(Tributary::<MemDb, Transaction, LocalP2p>::block_time().into())).await;
|
2023-09-25 19:28:53 -04:00
|
|
|
let new_tip = tributaries[0].tip().await;
|
2023-04-24 02:50:03 -04:00
|
|
|
assert!(new_tip != tip);
|
|
|
|
|
sleep(Duration::from_secs(1)).await;
|
|
|
|
|
for tributary in tributaries {
|
2023-09-25 19:28:53 -04:00
|
|
|
assert!(tributary.reader().block(&new_tip).is_some());
|
2023-04-24 02:50:03 -04:00
|
|
|
}
|
|
|
|
|
}
|