ChainSync client: allow to prevent historical MsgRollBackward/MsgAwaitReply
#1186
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
amesgen
commented
Jul 22, 2024
...boros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ChainSync/Client.hs
Outdated
Show resolved
Hide resolved
amesgen
force-pushed
the
amesgen/historical-rollbacks
branch
from
f6f07b6
to
843011f
Compare
nfrisby
reviewed
Jul 23, 2024
ouroboros-consensus-diffusion/src/ouroboros-consensus-diffusion/Ouroboros/Consensus/Node.hs
Outdated
Show resolved
Hide resolved
ouroboros-consensus-diffusion/src/ouroboros-consensus-diffusion/Ouroboros/Consensus/Node.hs
Outdated
Show resolved
Hide resolved
ouroboros-consensus-diffusion/src/ouroboros-consensus-diffusion/Ouroboros/Consensus/Node.hs
Outdated
Show resolved
Hide resolved
...boros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ChainSync/Client.hs
Outdated
Show resolved
Hide resolved
...boros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ChainSync/Client.hs
Outdated
Show resolved
Hide resolved
...boros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ChainSync/Client.hs
Outdated
Show resolved
Hide resolved
...ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ChainSync/Client/HistoricalRollbacks.hs
Outdated
Show resolved
Hide resolved
...ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ChainSync/Client/HistoricalRollbacks.hs
Outdated
Show resolved
Hide resolved
ouroboros-consensus/test/consensus-test/Test/Consensus/MiniProtocol/ChainSync/Client.hs
Outdated
Show resolved
Hide resolved
ouroboros-consensus/test/consensus-test/Test/Consensus/MiniProtocol/ChainSync/Client.hs
Show resolved
Hide resolved
amesgen
force-pushed
the
amesgen/historical-rollbacks
branch
from
ace7071
to
0e1d128
Compare
amesgen
commented
Jul 25, 2024
ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Storage/ChainDB/Impl/Query.hs
Outdated
Show resolved
Hide resolved
Comment on lines
+651
to
+658
| , -- Here, we make use of the fact that the blocks generated for this | ||
| -- test have dense slot numbers (ie there are no empty slots). | ||
| let oldestRewound = | ||
| withOrigin firstSlot succ $ pointSlot rollbackPoint |
There was a problem hiding this comment.
A future test for false negatives (eg one that ensures that running with maxRollbackAge - 1 sometimes fails) would catch if the generator changed in the future; but I think this is fine for now.
...boros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ChainSync/Client.hs
Outdated
Show resolved
Hide resolved
...boros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ChainSync/Client.hs
Outdated
Show resolved
Hide resolved
...ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ChainSync/Client/HistoricalRollbacks.hs
Outdated
Show resolved
Hide resolved
amesgen
force-pushed
the
amesgen/historical-rollbacks
branch
4 times, most recently
from
97ad8b8
to
db38bf0
Compare
nfrisby
approved these changes
Jul 25, 2024
ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Storage/ChainDB/Impl/Query.hs
Outdated
Show resolved
Hide resolved
amesgen
force-pushed
the
amesgen/historical-rollbacks
branch
from
db38bf0
to
609b4ec
Compare
amesgen
changed the title
MsgRollBackward/MsgAwaitReply
amesgen
requested review from
jasagredo,
fraser-iohk,
dnadales and
RenateEilers
as code owners
amesgen
commented
Aug 8, 2024
...rc/ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ChainSync/Client/HistoricityCheck.hs
Show resolved
Hide resolved
dnadales
approved these changes
Aug 12, 2024
...oros-consensus-diffusion/changelog.d/20240722_170436_alexander.esgen_historical_rollbacks.md
Outdated
Show resolved
Hide resolved
| -- Duration in seconds of one Cardano mainnet Shelley stability window | ||
| -- (3k/f slots times one second per slot) plus one extra hour as a | ||
| -- safety margin. | ||
| , gcHistoricityCutoff = Just $ HistoricityCutoff $ 3 * 2160 * 20 + 3600 |
There was a problem hiding this comment.
Isn't this too Cardano specific? And somewhat related, is it ok to have these constants hardcoded here?
There was a problem hiding this comment.
Yes, this is specific to Cardano mainnet; like many other constants in this area (e.g. the timeouts, protocol-level size limits, the GSM MaxCaughtUpAge).
...oros-consensus-diffusion/src/ouroboros-consensus-diffusion/Ouroboros/Consensus/NodeKernel.hs
Show resolved
Hide resolved
...rc/ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ChainSync/Client/HistoricityCheck.hs
Show resolved
Hide resolved
nfrisby
reviewed
Sep 3, 2024
ouroboros-consensus-diffusion/src/ouroboros-consensus-diffusion/Ouroboros/Consensus/Node.hs
Outdated
Show resolved
Hide resolved
ouroboros-consensus-diffusion/test/consensus-test/Test/Consensus/PeerSimulator/ChainSync.hs
Outdated
Show resolved
Hide resolved
ouroboros-consensus-diffusion/test/consensus-test/Test/Consensus/PeerSimulator/ChainSync.hs
Show resolved
Hide resolved
ouroboros-consensus/changelog.d/20240722_170344_alexander.esgen_historical_rollbacks.md
Outdated
Show resolved
Hide resolved
...rc/ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ChainSync/Client/HistoricityCheck.hs
Outdated
Show resolved
Hide resolved
...rc/ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ChainSync/Client/HistoricityCheck.hs
Outdated
Show resolved
Hide resolved
...rc/ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ChainSync/Client/HistoricityCheck.hs
Show resolved
Hide resolved
ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Storage/ChainDB/Impl/Query.hs
Show resolved
Hide resolved
ouroboros-consensus/test/consensus-test/Test/Consensus/MiniProtocol/ChainSync/Client.hs
Outdated
Show resolved
Hide resolved
This is in preparation for allowing to prevent historical rollbacks.
This is in preparation for allowing to prevent historical rollbacks.
Concretely, `MsgRollBackward` and `MsgAwaitReply` beyond a certain age
We only test for false positives, not for false negatives.
amesgen
force-pushed
the
amesgen/historical-rollbacks
branch
from
609b4ec
to
0be8e0a
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR enables the ChainSync client to disconnect from peers who send historical
MsgRollBackwardandMsgAwaitReplymessages, ie rollbacks that no honest caught-up peer would send as the corresponding blocks are already immutable for them, andMsgAwaitReplys that would indicate a chain whose tip is way behind the wall-clock.This is relevant for the ChainSync Jumping (CSJ) optimization (part of Ouroboros Genesis): CSJ handles
MsgAwaitReplyand rollbacks to before a point that a peer previously acknowledged by "disengaging" that peer, ie running full ChainSync with them. This is the right thing to do when we are almost caught-up; however, during syncing the historical chain, this causes extra network load (albeit symmetrical) and CPU load.We define a
MsgRollBackward/MsgAwaitReplyto be historical if the Genesis State Machine has not yet concluded that we are caught up and the wall-clock time of the slot of the oldest rewound header (if any) or the previous tip of the candidate fragment, respectively, is older than a configuration value, the historicity cutoff. In this PR, we set it to the duration of one mainnet stability window plus one hour as extra margin (so36 h + 1 h = 37 h). Future work might include getting this duration out of the HFC.We also modify the existing ChainSync client test to test for false positives; false negatives can be tested by manually modifying the code (such as subtracting a constant from
historicityCutoff, or introducing bugs in the actual implementation); we defer a standalone test for false negatives (similar to #526).The PR is intended to be reviewed commit by commit.