forked from onflow/flow-go
-
Notifications
You must be signed in to change notification settings - Fork 0
/
core.go
436 lines (390 loc) · 17 KB
/
core.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
// (c) 2019 Dapper Labs - ALL RIGHTS RESERVED
package compliance
import (
"context"
"errors"
"fmt"
"time"
"github.com/rs/zerolog"
"go.opentelemetry.io/otel/attribute"
"github.com/onflow/flow-go/consensus/hotstuff"
"github.com/onflow/flow-go/consensus/hotstuff/model"
"github.com/onflow/flow-go/engine"
"github.com/onflow/flow-go/model/flow"
"github.com/onflow/flow-go/model/messages"
"github.com/onflow/flow-go/module"
"github.com/onflow/flow-go/module/compliance"
"github.com/onflow/flow-go/module/counters"
"github.com/onflow/flow-go/module/mempool"
"github.com/onflow/flow-go/module/metrics"
"github.com/onflow/flow-go/module/trace"
"github.com/onflow/flow-go/state"
"github.com/onflow/flow-go/state/protocol"
"github.com/onflow/flow-go/storage"
"github.com/onflow/flow-go/utils/logging"
)
// Core contains the central business logic for the main consensus' compliance engine.
// It is responsible for handling communication for the embedded consensus algorithm.
// CAUTION with CONCURRENCY:
// - At the moment, compliance.Core _can not_ process blocks concurrently. Callers of `OnBlockProposal`
// need to ensure single-threaded access.
// - The only exception is calls to `ProcessFinalizedView`, which is the only concurrency-safe
// method of compliance.Core
type Core struct {
log zerolog.Logger // used to log relevant actions with context
config compliance.Config
engineMetrics module.EngineMetrics
mempoolMetrics module.MempoolMetrics
hotstuffMetrics module.HotstuffMetrics
complianceMetrics module.ComplianceMetrics
proposalViolationNotifier hotstuff.ProposalViolationConsumer
tracer module.Tracer
headers storage.Headers
payloads storage.Payloads
state protocol.ParticipantState
// track latest finalized view/height - used to efficiently drop outdated or too-far-ahead blocks
finalizedView counters.StrictMonotonousCounter
finalizedHeight counters.StrictMonotonousCounter
pending module.PendingBlockBuffer // pending block cache
sync module.BlockRequester
hotstuff module.HotStuff
validator hotstuff.Validator
voteAggregator hotstuff.VoteAggregator
timeoutAggregator hotstuff.TimeoutAggregator
}
// NewCore instantiates the business logic for the main consensus' compliance engine.
func NewCore(
log zerolog.Logger,
collector module.EngineMetrics,
mempool module.MempoolMetrics,
hotstuffMetrics module.HotstuffMetrics,
complianceMetrics module.ComplianceMetrics,
proposalViolationNotifier hotstuff.ProposalViolationConsumer,
tracer module.Tracer,
headers storage.Headers,
payloads storage.Payloads,
state protocol.ParticipantState,
pending module.PendingBlockBuffer,
sync module.BlockRequester,
validator hotstuff.Validator,
hotstuff module.HotStuff,
voteAggregator hotstuff.VoteAggregator,
timeoutAggregator hotstuff.TimeoutAggregator,
config compliance.Config,
) (*Core, error) {
c := &Core{
log: log.With().Str("compliance", "core").Logger(),
config: config,
engineMetrics: collector,
tracer: tracer,
mempoolMetrics: mempool,
hotstuffMetrics: hotstuffMetrics,
complianceMetrics: complianceMetrics,
proposalViolationNotifier: proposalViolationNotifier,
headers: headers,
payloads: payloads,
state: state,
pending: pending,
sync: sync,
hotstuff: hotstuff,
validator: validator,
voteAggregator: voteAggregator,
timeoutAggregator: timeoutAggregator,
}
// initialize finalized boundary cache
final, err := c.state.Final().Head()
if err != nil {
return nil, fmt.Errorf("could not initialized finalized boundary cache: %w", err)
}
c.ProcessFinalizedBlock(final)
c.mempoolMetrics.MempoolEntries(metrics.ResourceProposal, c.pending.Size())
return c, nil
}
// OnBlockProposal handles incoming block proposals.
// No errors are expected during normal operation. All returned exceptions
// are potential symptoms of internal state corruption and should be fatal.
func (c *Core) OnBlockProposal(proposal flow.Slashable[*messages.BlockProposal]) error {
block := flow.Slashable[*flow.Block]{
OriginID: proposal.OriginID,
Message: proposal.Message.Block.ToInternal(),
}
header := block.Message.Header
blockID := header.ID()
finalHeight := c.finalizedHeight.Value()
finalView := c.finalizedView.Value()
span, _ := c.tracer.StartBlockSpan(context.Background(), header.ID(), trace.CONCompOnBlockProposal)
span.SetAttributes(
attribute.Int64("view", int64(header.View)),
attribute.String("origin_id", proposal.OriginID.String()),
attribute.String("proposer", header.ProposerID.String()),
)
traceID := span.SpanContext().TraceID().String()
defer span.End()
log := c.log.With().
Hex("origin_id", proposal.OriginID[:]).
Str("chain_id", header.ChainID.String()).
Uint64("block_height", header.Height).
Uint64("block_view", header.View).
Hex("block_id", logging.Entity(header)).
Hex("parent_id", header.ParentID[:]).
Hex("payload_hash", header.PayloadHash[:]).
Time("timestamp", header.Timestamp).
Hex("proposer", header.ProposerID[:]).
Hex("parent_signer_indices", header.ParentVoterIndices).
Str("traceID", traceID). // traceID is used to connect logs to traces
Uint64("finalized_height", finalHeight).
Uint64("finalized_view", finalView).
Logger()
log.Info().Msg("block proposal received")
// drop proposals below the finalized threshold
if header.Height <= finalHeight || header.View <= finalView {
log.Debug().Msg("dropping block below finalized boundary")
return nil
}
skipNewProposalsThreshold := c.config.GetSkipNewProposalsThreshold()
// ignore proposals which are too far ahead of our local finalized state
// instead, rely on sync engine to catch up finalization more effectively, and avoid
// large subtree of blocks to be cached.
if header.View > finalView+skipNewProposalsThreshold {
log.Debug().
Uint64("skip_new_proposals_threshold", skipNewProposalsThreshold).
Msg("dropping block too far ahead of locally finalized view")
return nil
}
// first, we reject all blocks that we don't need to process:
// 1) blocks already in the cache; they will already be processed later
// 2) blocks already on disk; they were processed and await finalization
// ignore proposals that are already cached
_, cached := c.pending.ByID(blockID)
if cached {
log.Debug().Msg("skipping already cached proposal")
return nil
}
// ignore proposals that were already processed
_, err := c.headers.ByBlockID(blockID)
if err == nil {
log.Debug().Msg("skipping already processed proposal")
return nil
}
if !errors.Is(err, storage.ErrNotFound) {
return fmt.Errorf("could not check proposal: %w", err)
}
// there are two possibilities if the proposal is neither already pending
// processing in the cache, nor has already been processed:
// 1) the proposal is unverifiable because the parent is unknown
// => we cache the proposal
// 2) the proposal is connected to finalized state through an unbroken chain
// => we verify the proposal and forward it to hotstuff if valid
// if the parent is a pending block (disconnected from the incorporated state), we cache this block as well.
// we don't have to request its parent block or its ancestor again, because as a
// pending block, its parent block must have been requested.
// if there was problem requesting its parent or ancestors, the sync engine's forward
// syncing with range requests for finalized blocks will request for the blocks.
_, found := c.pending.ByID(header.ParentID)
if found {
// add the block to the cache
_ = c.pending.Add(block)
c.mempoolMetrics.MempoolEntries(metrics.ResourceProposal, c.pending.Size())
return nil
}
// if the proposal is connected to a block that is neither in the cache, nor
// in persistent storage, its direct parent is missing; cache the proposal
// and request the parent
exists, err := c.headers.Exists(header.ParentID)
if err != nil {
return fmt.Errorf("could not check parent exists: %w", err)
}
if !exists {
_ = c.pending.Add(block)
c.mempoolMetrics.MempoolEntries(metrics.ResourceProposal, c.pending.Size())
c.sync.RequestBlock(header.ParentID, header.Height-1)
log.Debug().Msg("requesting missing parent for proposal")
return nil
}
// At this point, we should be able to connect the proposal to the finalized
// state and should process it to see whether to forward to hotstuff or not.
// processBlockAndDescendants is a recursive function. Here we trace the
// execution of the entire recursion, which might include processing the
// proposal's pending children. There is another span within
// processBlockProposal that measures the time spent for a single proposal.
err = c.processBlockAndDescendants(block)
c.mempoolMetrics.MempoolEntries(metrics.ResourceProposal, c.pending.Size())
if err != nil {
return fmt.Errorf("could not process block proposal: %w", err)
}
return nil
}
// processBlockAndDescendants is a recursive function that processes a block and
// its pending proposals for its children. By induction, any children connected
// to a valid proposal are validly connected to the finalized state and can be
// processed as well.
// No errors are expected during normal operation. All returned exceptions
// are potential symptoms of internal state corruption and should be fatal.
func (c *Core) processBlockAndDescendants(proposal flow.Slashable[*flow.Block]) error {
header := proposal.Message.Header
blockID := header.ID()
log := c.log.With().
Str("block_id", blockID.String()).
Uint64("block_height", header.Height).
Uint64("block_view", header.View).
Uint64("parent_view", header.ParentView).
Logger()
// process block itself
err := c.processBlockProposal(proposal.Message)
if err != nil {
if checkForAndLogOutdatedInputError(err, log) || checkForAndLogUnverifiableInputError(err, log) {
return nil
}
if invalidBlockErr, ok := model.AsInvalidProposalError(err); ok {
log.Err(err).Msg("received invalid block from other node (potential slashing evidence?)")
// notify consumers about invalid block
c.proposalViolationNotifier.OnInvalidBlockDetected(flow.Slashable[model.InvalidProposalError]{
OriginID: proposal.OriginID,
Message: *invalidBlockErr,
})
// notify VoteAggregator about the invalid block
err = c.voteAggregator.InvalidBlock(model.ProposalFromFlow(header))
if err != nil {
if mempool.IsBelowPrunedThresholdError(err) {
log.Warn().Msg("received invalid block, but is below pruned threshold")
return nil
}
return fmt.Errorf("unexpected error notifying vote aggregator about invalid block: %w", err)
}
return nil
}
// unexpected error: potentially corrupted internal state => abort processing and escalate error
return fmt.Errorf("failed to process block %x: %w", blockID, err)
}
// process all children
// do not break on invalid or outdated blocks as they should not prevent us
// from processing other valid children
children, has := c.pending.ByParentID(blockID)
if !has {
return nil
}
for _, child := range children {
cpr := c.processBlockAndDescendants(child)
if cpr != nil {
// unexpected error: potentially corrupted internal state => abort processing and escalate error
return cpr
}
}
// drop all the children that should have been processed now
c.pending.DropForParent(blockID)
return nil
}
// processBlockProposal processes the given block proposal. The proposal must connect to
// the finalized state.
// Expected errors during normal operations:
// - engine.OutdatedInputError if the block proposal is outdated (e.g. orphaned)
// - model.InvalidProposalError if the block proposal is invalid
// - engine.UnverifiableInputError if the block proposal cannot be verified
func (c *Core) processBlockProposal(proposal *flow.Block) error {
startTime := time.Now()
defer func() {
c.hotstuffMetrics.BlockProcessingDuration(time.Since(startTime))
}()
header := proposal.Header
blockID := header.ID()
span, ctx := c.tracer.StartBlockSpan(context.Background(), blockID, trace.ConCompProcessBlockProposal)
span.SetAttributes(
attribute.String("proposer", header.ProposerID.String()),
)
defer span.End()
hotstuffProposal := model.ProposalFromFlow(header)
err := c.validator.ValidateProposal(hotstuffProposal)
if err != nil {
if model.IsInvalidProposalError(err) {
return err
}
if errors.Is(err, model.ErrViewForUnknownEpoch) {
// We have received a proposal, but we don't know the epoch its view is within.
// We know:
// - the parent of this block is valid and was appended to the state (ie. we knew the epoch for it)
// - if we then see this for the child, one of two things must have happened:
// 1. the proposer maliciously created the block for a view very far in the future (it's invalid)
// -> in this case we can disregard the block
// 2. no blocks have been finalized within the epoch commitment deadline, and the epoch ended
// (breaking a critical assumption - see EpochCommitSafetyThreshold in protocol.Params for details)
// -> in this case, the network has encountered a critical failure
// - we assume in general that Case 2 will not happen, therefore this must be Case 1 - an invalid block
return engine.NewUnverifiableInputError("unverifiable proposal with view from unknown epoch: %w", err)
}
return fmt.Errorf("unexpected error validating proposal: %w", err)
}
log := c.log.With().
Str("chain_id", header.ChainID.String()).
Uint64("block_height", header.Height).
Uint64("block_view", header.View).
Hex("block_id", blockID[:]).
Hex("parent_id", header.ParentID[:]).
Hex("payload_hash", header.PayloadHash[:]).
Time("timestamp", header.Timestamp).
Hex("proposer", header.ProposerID[:]).
Hex("parent_signer_indices", header.ParentVoterIndices).
Logger()
log.Info().Msg("processing block proposal")
// see if the block is a valid extension of the protocol state
block := &flow.Block{
Header: proposal.Header,
Payload: proposal.Payload,
}
err = c.state.Extend(ctx, block)
if err != nil {
if state.IsInvalidExtensionError(err) {
// if the block proposes an invalid extension of the protocol state, then the block is invalid
return model.NewInvalidProposalErrorf(hotstuffProposal, "invalid extension of protocol state (block: %x, height: %d): %w", blockID, header.Height, err)
}
if state.IsOutdatedExtensionError(err) {
// protocol state aborted processing of block as it is on an abandoned fork: block is outdated
return engine.NewOutdatedInputErrorf("outdated extension of protocol state: %w", err)
}
// unexpected error: potentially corrupted internal state => abort processing and escalate error
return fmt.Errorf("unexpected exception while extending protocol state with block %x at height %d: %w", blockID, header.Height, err)
}
// notify vote aggregator about a new block, so that it can start verifying
// votes for it.
c.voteAggregator.AddBlock(hotstuffProposal)
// submit the model to hotstuff for processing
// TODO replace with pubsub https://github.com/dapperlabs/flow-go/issues/6395
log.Info().Msg("forwarding block proposal to hotstuff")
c.hotstuff.SubmitProposal(hotstuffProposal)
return nil
}
// ProcessFinalizedBlock performs pruning of stale data based on finalization event
// removes pending blocks below the finalized view
func (c *Core) ProcessFinalizedBlock(finalized *flow.Header) {
// remove all pending blocks at or below the finalized view
c.pending.PruneByView(finalized.View)
c.finalizedHeight.Set(finalized.Height)
c.finalizedView.Set(finalized.View)
// always record the metric
c.mempoolMetrics.MempoolEntries(metrics.ResourceProposal, c.pending.Size())
}
// checkForAndLogOutdatedInputError checks whether error is an `engine.OutdatedInputError`.
// If this is the case, we emit a log message and return true.
// For any error other than `engine.OutdatedInputError`, this function is a no-op
// and returns false.
func checkForAndLogOutdatedInputError(err error, log zerolog.Logger) bool {
if engine.IsOutdatedInputError(err) {
// child is outdated by the time we started processing it
// => node was probably behind and is catching up. Log as warning
log.Info().Msg("dropped processing of abandoned fork; this might be an indicator that the node is slightly behind")
return true
}
return false
}
// checkForAndLogUnverifiableInputError checks whether error is an `engine.UnverifiableInputError`.
// If this is the case, we emit a log message and return true.
// For any error other than `engine.UnverifiableInputError`, this function is a no-op
// and returns false.
func checkForAndLogUnverifiableInputError(err error, log zerolog.Logger) bool {
if engine.IsUnverifiableInputError(err) {
// the block cannot be validated
log.Warn().Err(err).Msg("received unverifiable block proposal; " +
"this might be an indicator that a malicious proposer is generating detached blocks very far ahead")
return true
}
return false
}