Mamy Ratsimbazafy ce897fe83f
[Split fork choice PR] Derisk-ed attestation checks changes (#1154)
* Derisked attestation pool improvements

* tune down frequent logs

* VoteTracker logging
2020-06-10 08:58:12 +02:00

520 lines
18 KiB
Nim

# beacon_chain
# Copyright (c) 2018-2020 Status Research & Development GmbH
# Licensed and distributed under either of
# * MIT license (license terms in the root directory or at https://opensource.org/licenses/MIT).
# * Apache v2 license (license terms in the root directory or at https://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.
{.push raises: [Defect].}
import
# Standard library
std/tables, std/options, std/typetraits,
# Internal
../spec/[datatypes, digest],
# Fork choice
./fork_choice_types
# https://github.com/ethereum/eth2.0-specs/blob/v0.11.1/specs/phase0/fork-choice.md
# This is a port of https://github.com/sigp/lighthouse/pull/804
# which is a port of "Proto-Array": https://github.com/protolambda/lmd-ghost
# See also:
# - Protolambda port of Lighthouse: https://github.com/protolambda/eth2-py-hacks/blob/ae286567/proto_array.py
# - Prysmatic writeup: https://hackmd.io/bABJiht3Q9SyV3Ga4FT9lQ#High-level-concept
# - Gasper Whitepaper: https://arxiv.org/abs/2003.03052
# Helper
# ----------------------------------------------------------------------
func tiebreak(a, b: Eth2Digest): bool =
## Fork-Choice tie-break between 2 digests
## Currently implemented as `>=` (greater or equal)
## on the binary representation
for i in 0 ..< a.data.len:
if a.data[i] < b.data[i]:
return false
elif a.data[i] > b.data[i]:
return true
# else we have equality so far
return true
template getOrFailcase*[K, V](table: Table[K, V], key: K, failcase: untyped): V =
## Get a value from a Nim Table, turning KeyError into
## the "failcase"
block:
# TODO: try/except expression with Nim v1.2.0:
# https://github.com/status-im/nim-beacon-chain/pull/865#discussion_r404856551
var value: V
try:
value = table[key]
except KeyError:
failcase
value
template unsafeGet*[K, V](table: Table[K, V], key: K): V =
## Get a value from a Nim Table, turning KeyError into
## an AssertionError defect
getOrFailcase(table, key):
doAssert false, "The " & astToStr(table) & " table shouldn't miss a key"
# Forward declarations
# ----------------------------------------------------------------------
func maybe_update_best_child_and_descendant(self: var ProtoArray, parent_index: Index, child_index: Index): ForkChoiceError
func node_is_viable_for_head(self: ProtoArray, node: ProtoNode): bool
func node_leads_to_viable_head(self: ProtoArray, node: ProtoNode): tuple[viable: bool, err: ForkChoiceError]
# ProtoArray routines
# ----------------------------------------------------------------------
func apply_score_changes*(
self: var ProtoArray,
deltas: var openarray[Delta],
justified_epoch: Epoch,
finalized_epoch: Epoch
): ForkChoiceError =
## Iterate backwards through the array, touching all nodes and their parents
## and potentially the best-child of each parent.
##
## The structure of `self.nodes` array ensures that the child of each node
## is always touched before it's aprent.
##
## For each node the following is done:
##
## 1. Update the node's weight with the corresponding delta.
## 2. Backpropagate each node's delta to its parent's delta.
## 3. Compare the current node with the parent's best-child,
## updating if the current node should become the best-child
## 4. If required, update the parent's best-descendant with the current node or its best-descendant
if deltas.len != self.indices.len:
return ForkChoiceError(
kind: fcErrInvalidDeltaLen,
deltasLen: deltas.len,
indicesLen: self.indices.len
)
self.justified_epoch = justified_epoch
self.finalized_epoch = finalized_epoch
# Iterate backwards through all the indices in `self.nodes`
for node_index in countdown(self.nodes.len - 1, 0):
template node: untyped {.dirty.}= self.nodes[node_index]
## Alias
# This cannot raise the IndexError exception, how to tell compiler?
if node.root == default(Eth2Digest):
continue
if node_index notin {0..deltas.len-1}:
# TODO: Here `deltas.len == self.indices.len` from the previous check
# and we can probably assume that
# `self.indices.len == self.nodes.len` by construction
# and avoid this check in a loop or altogether
return ForkChoiceError(
kind: fcErrInvalidNodeDelta,
index: node_index
)
let node_delta = deltas[node_index]
# Apply the delta to the node
# We fail fast if underflow, which shouldn't happen.
# Note that delta can be negative but weight cannot
let weight = node.weight + node_delta
if weight < 0:
return ForkChoiceError(
kind: fcErrDeltaUnderflow,
index: node_index
)
node.weight = weight
# If the node has a parent, try to update its best-child and best-descendant
if node.parent.isSome():
# TODO: Nim `options` module could use some {.inline.}
# and a mutable overload for unsafeGet
# and a "no exceptions" (only panics) implementation.
let parent_index = node.parent.unsafeGet()
if parent_index notin {0..deltas.len-1}:
return ForkChoiceError(
kind: fcErrInvalidParentDelta,
index: parent_index
)
# Back-propagate the nodes delta to its parent.
deltas[parent_index] += node_delta
let err = self.maybe_update_best_child_and_descendant(parent_index, node_index)
if err.kind != fcSuccess:
return err
return ForkChoiceSuccess
func on_block*(
self: var ProtoArray,
slot: Slot,
root: Eth2Digest,
hasParentInForkChoice: bool,
parent: Eth2Digest,
state_root: Eth2Digest,
justified_epoch: Epoch,
finalized_epoch: Epoch
): ForkChoiceError =
## Register a block with the fork choice
## A block `hasParentInForkChoice` may be false
## on fork choice initialization:
## - either from Genesis
## - or from a finalized state loaded from database
# Note: if parent is an "Option" type, we can run out of stack space.
# If the block is already known, ignore it
if root in self.indices:
return ForkChoiceSuccess
var parent_index: Option[int]
if not hasParentInForkChoice:
# Genesis (but Genesis might not be default(Eth2Digest))
parent_index = none(int)
elif parent notin self.indices:
return ForkChoiceError(
kind: fcErrUnknownParent,
child_root: root,
parent_root: parent
)
else:
parent_index = some(self.indices.unsafeGet(parent))
let node_index = self.nodes.len
let node = ProtoNode(
slot: slot,
state_root: state_root,
root: root,
parent: parent_index,
justified_epoch: justified_epoch,
finalized_epoch: finalized_epoch,
weight: 0,
best_child: none(int),
best_descendant: none(int)
)
self.indices[node.root] = node_index
self.nodes.add node # TODO: if this is costly, we can setLen + construct the node in-place
if parent_index.isSome(): # parent_index is always valid except for Genesis
let err = self.maybe_update_best_child_and_descendant(parent_index.unsafeGet(), node_index)
if err.kind != fcSuccess:
return err
return ForkChoiceSuccess
func find_head*(
self: var ProtoArray,
head: var Eth2Digest,
justified_root: Eth2Digest
): ForkChoiceError =
## Follows the best-descendant links to find the best-block (i.e. head-block)
##
## ⚠️ Warning
## The result may not be accurate if `on_new_block`
## is not followed by `apply_score_changes` as `on_new_block` does not
## update the whole tree.
let justified_index = self.indices.getOrFailcase(justified_root):
return ForkChoiceError(
kind: fcErrJustifiedNodeUnknown,
block_root: justified_root
)
if justified_index notin {0..self.nodes.len-1}:
return ForkChoiceError(
kind: fcErrInvalidJustifiedIndex,
index: justified_index
)
template justified_node: untyped {.dirty.} = self.nodes[justified_index]
# Alias, IndexError are defects
let best_descendant_index = block:
if justified_node.best_descendant.isSome():
justified_node.best_descendant.unsafeGet()
else:
justified_index
if best_descendant_index notin {0..self.nodes.len-1}:
return ForkChoiceError(
kind: fcErrInvalidBestDescendant,
index: best_descendant_index
)
template best_node: untyped {.dirty.} = self.nodes[best_descendant_index]
# Alias, IndexError are defects
# Perform a sanity check to ensure the node can be head
if not self.node_is_viable_for_head(best_node):
return ForkChoiceError(
kind: fcErrInvalidBestNode,
start_root: justified_root,
justified_epoch: self.justified_epoch,
finalized_epoch: self.finalized_epoch,
head_root: justified_node.root,
head_justified_epoch: justified_node.justified_epoch,
head_finalized_epoch: justified_node.finalized_epoch
)
head = best_node.root
return ForkChoiceSuccess
# TODO: pruning can be made cheaper by keeping the new offset as a field
# in proto_array instead of scanning the table to substract the offset.
# In that case pruning can always be done and does not need a threshold for efficiency.
# https://github.com/protolambda/eth2-py-hacks/blob/ae286567/proto_array.py
func maybe_prune*(
self: var ProtoArray,
finalized_root: Eth2Digest
): ForkChoiceError =
## Update the tree with new finalization information.
## The tree is pruned if and only if:
## - The `finalized_root` and finalized epoch are different from current
## - The number of nodes in `self` is at least `self.prune_threshold`
##
## Returns error if:
## - The finalized epoch is less than the current one
## - The finalized epoch matches the current one but the finalized root is different
## - Internal error due to invalid indices in `self`
let finalized_index = self.indices.getOrFailcase(finalized_root):
return ForkChoiceError(
kind: fcErrFinalizedNodeUnknown,
block_root: finalized_root
)
if finalized_index < self.prune_threshold:
# Pruning small numbers of nodes incurs more overhead than leaving them as is
return ForkChoiceSuccess
# Remove the `self.indices` key/values for the nodes slated for deletion
if finalized_index notin {0..self.nodes.len-1}:
return ForkChoiceError(
kind: fcErrInvalidNodeIndex,
index: finalized_index
)
for node_index in 0 ..< finalized_index:
self.indices.del(self.nodes[node_index].root)
# Drop all nodes prior to finalization.
# This is done in-place with `moveMem` to avoid costly reallocations.
static: doAssert ProtoNode.supportsCopyMem(), "ProtoNode must be a trivial type"
let tail = self.nodes.len - finalized_index
# TODO: can we have an unallocated `self.nodes`? i.e. self.nodes[0] is nil
moveMem(self.nodes[0].addr, self.nodes[finalized_index].addr, tail * sizeof(ProtoNode))
self.nodes.setLen(tail)
# Adjust the indices map
for index in self.indices.mvalues():
index -= finalized_index
if index < 0:
return ForkChoiceError(
kind: fcErrIndexUnderflow,
underflowKind: fcUnderflowIndices
)
# Iterate through all the existing nodes and adjust their indices to match
# the new layout of `self.nodes`
for node in self.nodes.mitems():
# If `node.parent` is less than `finalized_index`, set it to None
if node.parent.isSome():
let new_parent = node.parent.unsafeGet() - finalized_index
if new_parent < 0:
node.parent = none(Index)
else:
node.parent = some(new_parent)
if node.best_child.isSome():
let new_best_child = node.best_child.unsafeGet() - finalized_index
if new_best_child < 0:
return ForkChoiceError(
kind: fcErrIndexUnderflow,
underflowKind: fcUnderflowBestChild
)
node.best_child = some(new_best_child)
if node.best_descendant.isSome():
let new_best_descendant = node.best_descendant.unsafeGet() - finalized_index
if new_best_descendant < 0:
return ForkChoiceError(
kind: fcErrIndexUnderflow,
underflowKind: fcUnderflowBestDescendant
)
node.best_descendant = some(new_best_descendant)
return ForkChoiceSuccess
func maybe_update_best_child_and_descendant(
self: var ProtoArray,
parent_index: Index,
child_index: Index): ForkChoiceError =
## Observe the parent at `parent_index` with respect to the child at `child_index` and
## potentiatlly modify the `parent.best_child` and `parent.best_descendant` values
##
## There are four scenarios:
##
## 1. The child is already the best child
## but it's now invalid due to a FFG change and should be removed.
## 2. The child is already the best child
## and the parent is updated with the new best descendant
## 3. The child is not the best child but becomes the best child
## 4. The child is not the best child and does not become the best child
if child_index notin {0..self.nodes.len-1}:
return ForkChoiceError(
kind: fcErrInvalidNodeIndex,
index: child_index
)
if parent_index notin {0..self.nodes.len-1}:
return ForkChoiceError(
kind: fcErrInvalidNodeIndex,
index: parent_index
)
# Aliases
template child: untyped {.dirty.} = self.nodes[child_index]
template parent: untyped {.dirty.} = self.nodes[parent_index]
let (child_leads_to_viable_head, err) = self.node_leads_to_viable_head(child)
if err.kind != fcSuccess:
return err
let # Aliases to the 3 possible (best_child, best_descendant) tuples
change_to_none = (none(Index), none(Index))
change_to_child = (
some(child_index),
# Nim `options` module doesn't implement option `or`
if child.best_descendant.isSome(): child.best_descendant
else: some(child_index)
)
no_change = (parent.best_child, parent.best_descendant)
# TODO: state-machine? The control-flow is messy
let (new_best_child, new_best_descendant) = block:
if parent.best_child.isSome:
let best_child_index = parent.best_child.unsafeGet()
if best_child_index == child_index and not child_leads_to_viable_head:
# The child is already the best-child of the parent
# but it's not viable to be the head block => remove it
change_to_none
elif best_child_index == child_index:
# If the child is the best-child already, set it again to ensure
# that the best-descendant of the parent is up-to-date.
change_to_child
else:
if best_child_index notin {0..self.nodes.len-1}:
return ForkChoiceError(
kind: fcErrInvalidBestDescendant,
index: best_child_index
)
let best_child = self.nodes[best_child_index]
let (best_child_leads_to_viable_head, err) = self.node_leads_to_viable_head(best_child)
if err.kind != fcSuccess:
return err
if child_leads_to_viable_head and not best_child_leads_to_viable_head:
# The child leads to a viable head, but the current best-child doesn't
change_to_child
elif not child_leads_to_viable_head and best_child_leads_to_viable_head:
# The best child leads to a viable head, but the child doesn't
no_change
elif child.weight == best_child.weight:
# Tie-breaker of equal weights by root
if child.root.tiebreak(best_child.root):
change_to_child
else:
no_change
else: # Choose winner by weight
if child.weight >= best_child.weight:
change_to_child
else:
no_change
else:
if child_leads_to_viable_head:
# There is no current best-child and the child is viable
change_to_child
else:
# There is no current best-child but the child is not viable
no_change
self.nodes[parent_index].best_child = new_best_child
self.nodes[parent_index].best_descendant = new_best_descendant
return ForkChoiceSuccess
func node_leads_to_viable_head(
self: ProtoArray, node: ProtoNode
): tuple[viable: bool, err: ForkChoiceError] =
## Indicates if the node itself or its best-descendant are viable
## for blockchain head
let best_descendant_is_viable_for_head = block:
if node.best_descendant.isSome():
let best_descendant_index = node.best_descendant.unsafeGet()
if best_descendant_index notin {0..self.nodes.len-1}:
return (
false,
ForkChoiceError(
kind: fcErrInvalidBestDescendant,
index: best_descendant_index
)
)
let best_descendant = self.nodes[best_descendant_index]
self.node_is_viable_for_head(best_descendant)
else:
false
return (
best_descendant_is_viable_for_head or
self.node_is_viable_for_head(node),
ForkChoiceSuccess
)
func node_is_viable_for_head(self: ProtoArray, node: ProtoNode): bool =
## This is the equivalent of `filter_block_tree` function in eth2 spec
## https://github.com/ethereum/eth2.0-specs/blob/v0.10.0/specs/phase0/fork-choice.md#filter_block_tree
##
## Any node that has a different finalized or justified epoch
## should not be viable for the head.
(
(node.justified_epoch == self.justified_epoch) or
(self.justified_epoch == Epoch(0))
) and (
(node.finalized_epoch == self.finalized_epoch) or
(self.finalized_epoch == Epoch(0))
)
# Sanity checks
# ----------------------------------------------------------------------
# Sanity checks on internal private procedures
when isMainModule:
import nimcrypto/hash
echo "Sanity checks on fork choice tiebreaks"
block:
let a = Eth2Digest.fromHex("0x0000000000000001000000000000000000000000000000000000000000000000")
let b = Eth2Digest.fromHex("0x0000000000000000000000000000000000000000000000000000000000000000") # sha256(1)
doAssert tiebreak(a, b)
block:
let a = Eth2Digest.fromHex("0x0000000000000002000000000000000000000000000000000000000000000000")
let b = Eth2Digest.fromHex("0x0000000000000001000000000000000000000000000000000000000000000000") # sha256(1)
doAssert tiebreak(a, b)
block:
let a = Eth2Digest.fromHex("0xD86E8112F3C4C4442126F8E9F44F16867DA487F29052BF91B810457DB34209A4") # sha256(2)
let b = Eth2Digest.fromHex("0x7C9FA136D4413FA6173637E883B6998D32E1D675F88CDDFF9DCBCF331820F4B8") # sha256(1)
doAssert tiebreak(a, b)