Replica Validation Refactor #2170
Conversation
types/src/v0/impls/state.rs
Outdated
| // TODO 2 seconds of tolerance should be enough for reasonably | ||
| // configured nodes, but we should make this configurable. | ||
| if self.proposal.header.timestamp().abs_diff(system_time) > 2 { |
There was a problem hiding this comment.
Does it make sense for this value to live in the chain config? Given we have the chain config here, implementing this be low effort.
There was a problem hiding this comment.
Requires some thought. Putting it in chain config means we require an upgrade to modify it. Maybe we can just pass it in on the command line.
There was a problem hiding this comment.
Ah, I wasn't aware the chain config was immutable between upgrades. What's the reasoning for that?
There was a problem hiding this comment.
It's meant to be immutable configuration for the block_chain. Part of blockchain the safety concerns I think.
tbro
force-pushed
the
tb/validated_state_transition_refactor
branch
from
cc46f2a to
1f1615e
Compare
tbro
force-pushed
the
tb/validated_state_transition_refactor
branch
from
fc0cab9 to
5756051
Compare
tbro
requested review from
philippecamacho,
ImJeremyHe,
sveitser,
jbearer and
imabdulbasit
as code owners
tbro
force-pushed
the
tb/validated_state_transition_refactor
branch
from
910ce81 to
f7926c1
Compare
| proposal_state.block_merkle_tree.commitment(), | ||
| proposal.block_merkle_tree_root() | ||
| ); | ||
| // ValidatedTransition::new( |
There was a problem hiding this comment.
Is this intentionally left commented out?
There was a problem hiding this comment.
Humm I thought this was previously commented in relation to the above TODO... Maybe I got confused will double check.
| } | ||
| /// Type to hold cloned validated state and provide validation methods. | ||
| #[derive(Debug)] | ||
| pub(crate) struct ValidatedTransition<'a> { |
There was a problem hiding this comment.
A bit of a nitpick: the transition is only validated if validate() does not return an error but given current naming one might expect it to be validated upon creation unless one actually inspects the return type. I'm totally fine with the current name just thinking maybe we can make it even clearer at some point.
There was a problem hiding this comment.
Its a tough one. It's a type that only exists to facilitate a state transition by encapsulating validation logic. The state is actually held in ValidatedState. Open to ideas, but I don't have any at the time being.
types/src/v0/impls/state.rs
Outdated
| .. | ||
| } = state; | ||
| // Validate timestamp hasn't drifted too much from system time. | ||
| // Do this check first so we don't add unnecessary drift. |
There was a problem hiding this comment.
Nit: comment is now potentially misleading because in this function the drift check is done last.
There was a problem hiding this comment.
I think we can move the comment about this check being time sensitive up to the doc string of validate_timestamp.
| #[derive(Debug)] | ||
| pub(crate) struct Proposal<'a> { | ||
| header: &'a Header, | ||
| block_size: u32, |
There was a problem hiding this comment.
There is also a Proposal type in hotshot that we use in this repo, so I think we can use a different name here. ProposalValidationInput? A bit of a mouthful 🙄
types/src/v0/impls/state.rs
Outdated
| self.validate_fee()?; | ||
| self.validate_fee_merkle_tree()?; | ||
| self.validate_block_merkle_tree()?; | ||
| self.validate_proposed_finalized()?; |
There was a problem hiding this comment.
| self.validate_proposed_finalized()?; | |
| self.validate_l1_finalized()?; |
|
|
||
| charge_fee( | ||
| &mut validated_state, | ||
| validated_state.charge_fees( |
There was a problem hiding this comment.
Should we do the fee charging as part of apply_proposal?
| Header::V3(_) => panic!("You called `Header.next()` on unimplemented version (v3)"), | ||
| } | ||
| } | ||
| /// Replaces builder signature w/ invalid one. |
There was a problem hiding this comment.
| /// Replaces builder signature w/ invalid one. | |
| /// Replaces builder signature w/ a valid one from a random key pair |
?
There was a problem hiding this comment.
The intent is convey that signature validation will fail because we are adding a signature that doesn't match the fee_info. It is therefore invalid (relative to what it will be validated against).
There was a problem hiding this comment.
Thinking again I see your point... The signature is structurally valid but will fail verification.
types/src/v0/impls/state.rs
Outdated
| } | ||
|
|
||
| impl<'a> ValidatedTransition<'a> { | ||
| async fn mock(instance: NodeState, parent: &'a Header, proposal: Proposal<'a>) -> Self { |
types/src/v0/impls/state.rs
Outdated
| @@ -1259,4 +1855,112 @@ mod test { | |||
|
|
|||
| validate_builder_fee(&header).unwrap(); | |||
| } | |||
|
|
|||
| // #[async_std::test] | |||
* add `Proposal` and `ValidatedTransition` types * move validation to isolated methods. * add doc comments to methods * update error enum * update tests * less clones * only get vid byte len once
Replace references to `validate_proposal` /w `ValidatedTransition`. Remove `validate_proposal_error_cases` as it nightmarish to navigate that and error cases are more thoroughly tested in unit tests now.
`validate_proposal` fn no longer exists
- Move the validate function to the top so it shows up first in docs. - Try to provide more context in doc strings.
now hotshot prints the same thing
I was going to move this test but decided not to.
and the TODO that goes w/ it
tbro
force-pushed
the
tb/validated_state_transition_refactor
branch
from
da1f3f4 to
3ea125f
Compare
Closes #2090
This PR:
Refactors contents of
validate_and_apply_headerby introducing two new internal (non-pub) types. This should facilitate:Basically this PR:
ProposalandValidatedTransitiontypesReview
Most important changes are isolated
./types/src/v0/impls/state.rs. Many unit tests have been added there. Tests should pass and you should be convinced that there is sufficient coverage. Small changes were made to./types/src/v0/impls/header.rswhere we previously had testing for this validation in the form of high level success cases and eror cases tests. The success case test has been renamed and the error case test removed in favor of the more comprehensive error case tests in the new unit tests.Review Documentation
You can run
just docand navigate here in your browser:./target/doc/espresso_types/v0/impls/state/struct.ValidatedTransition.html