Align HeadLogic: require snapshot not too far in the future

[ch1bo]

The first of multiple PRs about aligning the HeadLogic with the spec.

• Changes the off-chain protocol logic to be more strict in allowed snapshot numbers on ReqSn and AckSn as specified. Some of our HeadLogic tests were allowing these "too far in the future" snapshots, but the BehaviorSpec seems unimpacted by this change.

• Introduces LastSeenSnapshot to cover for an intermediate state where we have completed a snapshot, but not yet received or sent a new ReqSn.

• Adds an explicit RequireFailed logic outcome error to identify the "detect cheating" cases. These are currently just logged like other non progress updates of HeadLogic, but we could handle these by closing the head or so.

• Refactors more of the off-chain protocol into CPS-style to align better with the spec.

---

• [ ] CHANGELOG updated
• [ ] Documentation updated
• Added and/or updated haddocks
• No new TODOs introduced or explained herafter

[github-actions]

Transactions Costs

Sizes and execution budgets for Hydra protocol transactions. Note that unlisted parameters are currently using arbitrary values and results are not fully deterministic and comparable to previous runs.

Metadata
Generated at	2023-02-24 17:45:40.828718407 UTC
Max. memory units	14000000
Max. CPU units	10000000000
Max. tx size (kB)	16384

Script summary

Name	Hash	Size (Bytes)
μHead	N/A	4600
νInitial	7bb44e248f92ae5d2c4c744244b469d59a5bfa8a5d8ce9b6b27e5750	5530
νCommit	70c545fc894ada81ad46715bac1a11fa755b3e3a1d94f03254a4d397	2473
νHead	58cef84ce7e80b1b3089a10d825da2f41ec1cb5ad923d9f39d842f3c	9998

Cost of Init Transaction

Parties	Tx size	% max Mem	% max CPU	Min fee ₳
1	5197	15.07	5.97	0.54
2	5399	18.91	7.47	0.59
3	5604	18.41	7.18	0.60
5	6017	24.08	9.35	0.68
10	7042	35.19	13.52	0.84
35	12168	97.48	37.14	1.74

Cost of Commit Transaction

Currently only one UTxO per commit allowed (this is about to change soon)

UTxO	Tx size	% max Mem	% max CPU	Min fee ₳
1	633	21.11	8.54	0.41

Cost of CollectCom Transaction

Parties	UTxO (bytes)	Tx size	% max Mem	% max CPU	Min fee ₳
1	57	13260	21.98	8.80	0.97
2	114	13604	36.97	14.94	1.16
3	171	13956	54.30	22.12	1.36
4	228	14311	75.00	30.70	1.61
5	285	14662	97.55	40.13	1.87

Cost of Close Transaction

Parties	Tx size	% max Mem	% max CPU	Min fee ₳
1	10612	16.60	7.11	0.80
2	10670	16.04	7.00	0.80
3	10934	19.43	8.67	0.85
5	11297	22.40	10.45	0.90
10	12156	30.21	14.80	1.04
47	15199	62.80	29.09	1.54

Cost of Contest Transaction

Parties	Tx size	% max Mem	% max CPU	Min fee ₳
1	10648	21.47	8.96	0.86
2	10806	22.80	9.70	0.88
3	11005	25.43	11.11	0.92
5	11327	28.47	12.73	0.97
10	12153	37.60	17.36	1.11
35	16368	81.79	40.54	1.82

Cost of Abort Transaction

Some variation because of random mixture of still initial and already committed outputs.

Parties	Tx size	% max Mem	% max CPU	Min fee ₳
1	15307	27.77	11.81	1.13
2	15203	36.10	15.09	1.22
3	15632	57.24	24.45	1.48
4	16151	86.27	37.35	1.83

Cost of FanOut Transaction

Involves spending head output and burning head tokens. Uses ada-only UTxO for better comparability.

Parties	UTxO	UTxO (bytes)	Tx size	% max Mem	% max CPU	Min fee ₳
5	0	0	15182	9.20	3.80	0.92
5	1	57	15219	10.72	4.68	0.94
5	5	285	15363	17.08	8.31	1.02
5	10	568	15541	24.70	12.71	1.13
5	20	1137	15895	39.96	21.52	1.33
5	30	1710	16265	54.98	30.24	1.53
5	33	1880	16372	59.56	32.88	1.59

[github-actions]

Test Results

289 tests  +11   283 ✔️ +11   14m 59s ⏱️ - 1m 26s
  98 suites +  4       6 💤 ±  0 
    5 files   +  1       0 ❌ ±  0 

Results for commit 42df7a6. ± Comparison against base commit 130301c.

This pull request removes 2 and adds 13 tests. Note that renamed tests count towards both.

Hydra.HeadLogic/Coordinated Head Protocol ‑ wait given too new snapshots from the leader
Hydra.HeadLogic/Coordinated Head Protocol ‑ waits if we receive a future snapshot

Hydra.HeadLogic/Coordinated Head Protocol ‑ rejects if we receive a too far future snapshot
Hydra.HeadLogic/Coordinated Head Protocol ‑ rejects too-new snapshots from the leader
Hydra.TUI.Options ‑ parses --cardano-signing-key option
Hydra.TUI.Options ‑ parses --connect option
Hydra.TUI.Options ‑ parses --network-id option
Hydra.TUI.Options ‑ parses --node-socket option
Hydra.TUI/end-to-end smoke tests ‑ display feedback long enough
Hydra.TUI/end-to-end smoke tests ‑ doesn't allow multiple initializations
Hydra.TUI/end-to-end smoke tests ‑ starts & renders
Hydra.TUI/end-to-end smoke tests ‑ supports the full Head life cycle
…

♻️ This comment has been updated with latest results.

[pgrange]

I appreciate:

• the link in the comments with the names used in the spec
• meaningful and focused commits which make the PR easier to read

To make it perfect I would:

• add a breaking change entry about the API to the changelog
• revert the Refactor onOpenNEtworkReqSn as I don't see more meaning expressed after than before
• amend Refactor onOpenNetworkAckSn to checks like in spec to remove requireAckSn which is introduced but not tested

[ch1bo]

@pgrange

add a breaking change entry about the API to the changelog

I was doubting it's a breaking change and indeed, SeenSnapshot is not used in api.yaml, but only in the logs.yaml. I will move it.

revert the Refactor onOpenNEtworkReqSn as I don't see more meaning expressed after than before

I would have preferred a comment in that commit. I disagree, I think it aligns much better with the spec and should make it even clear to non-haskellers that it's a similar control flow.

amend Refactor onOpenNetworkAckSn to checks like in spec to remove requireAckSn which is introduced but not tested

It is tested. Not unit tested, but indirectly via BehaviorSpec, where the error outcome does not matter.. as long as the snapshot does not get confirmed. I'll keep it.

[ffakenz]

why did we remove this?

[ch1bo]

It was the only failAfter and the other tests would block until veryLong happens (in simulated time). I also changed veryLong to be oneMonth in another PR IIRC.