Proposed 1.9.2-rc1 #4219
Proposed 1.9.2-rc1 #4219
Conversation
|
Important Note for Reviewers, Maintainers and other interested parties: This PR includes commit c4d707a, which changes the default vote for two amendments: the previously introduced Prior to this commit, the two fix amendments had a default vote of no and this changes the vote to yes. Considering that both of these amendments correct bugs (as opposed to introducing new features) and that, even if activated, their code is dormant and will remain gated under the Note that, while not presently used outside the inactive NFT code, the fixes introduced in the |
|
While I'm in favour of this, a default YES vote would initiate the timer once sufficient are updated and would cause an early amendment block if sufficient didn't change their vote to no. This may be a problem. |
This is a good point to make: these amendments, despite being a "nop" until the We should rethink the way amendments are proposed how they work, especially vis-à-vis amendments that are dependent on some other amendment. |
|
Ultimately, the resolution would be to have trusted validators who were timely, proactive in discussing and engaging with the voting process on our UNL lists. |
|
So, obviously there's some controversy about setting the two fix amendments to "default yet". I've noticed some vigorous conversations on Twitter and the Mattermost channels, perhaps in the Discord too. I think this is important to discuss publicly and transparently. As I wrote earlier, "[c]onsidering that both of these amendments correct bugs (as opposed to introducing new features) and that, even if activated, their code is dormant and will remain gated under the featureNonFungibleTokensV1 amendment (which defaulted and continues to default to a no) the impact of this change should be minimal." I think my analysis is reasonable but my conclusion is not: the impact is not minimal, in the sense that if these amendments activate, anyone running 1.8.x, 1.9.0 or 1.9.1 will become amendment blocked for no real reason: the amendments don't do anything. Broadly, these raises some questions about the flexibility of the amendment code and whether it should be improved to allow, inter alia, the possibility of an amendment that activates but doesn't amendment block anyone, because it's dependent on another amendment. But I don't want to detract from the issue at hand: changing the default vote for the fixes. Again, I believe this is a change that I can defend rationally, but I understand that it may be controversial, especially given the broader context. I hope people will chime in here and we can have a productive and meaningful conversation that results in consensus on the way forward, regardless of what that consensus is. Thanks! |
|
Why don't we add the option for an amendment to default on the setting of another amendment? |
Interesting suggestion. We'd discussed something like this before. I think having "conditional amendments" is a good idea: "A requires B" or "C implies D, E and F" but we don't have that and coding it would, itself, require an amendment. So chicken and egg for this case. But certainly worth considering. |
|
Well, servers could just not propose Amendment A until they see also Amendment B supported on the network by default if A would be broken without B. |
|
While I am somehow in favour of a default yes, if dependencies exist, we shouldn't do it this time. Our main target, for now, should be getting as many nodes updated as possible, as soon as possible. From a dUNL standpoint we should be fine, its the rest of the network we need to worry about. As mentioned before, we aren't even sure if outdated nodes will have an impact but the risk is too high from my point of view.
Moving forward that's something that needs to be looked into to avoid similar sitations. |
|
Nodes being amendment blocked for no real material reason (i.e. |
I agree, as I believe it’s a lot easier for people to follow one voting process (instead of waiting for two fixes and main amendment). And then it sets a precedent for how to deal with similar situations in the future, without making changes to support dependency amendments or similar. |
|
So, I'm trying to decide on what to do with this PR.
So, about
Would appreciate feedback on what people think is the right next step here. |
|
Option 3 |
|
I am in favour of Option 3 |
|
Option 3 |
|
Option 3 is the most logical. Having said that, a voter who has voted to ACCEPT, who becomes unaware of any fix and the subsequent deprecation of the amendment, by it being replaced with a newer version, will have their vote recorded as REJECT despite them thinking they had voted to ENABLE. Currently there is no way to know that a vote you have cast has been changed or removed without checking your voting status. |
|
I would go with option 3. |
|
I would go for option 3. |
|
Option 3 😊 |
|
Option 3 makes the most sense for me 👌 |
|
Option 3 is best IMO since it compiles all the current NFT-related amendments into a single amendment providing a better decision making process for all rippled node operators. |
|
Option 3 sounds the best. |
|
Option 3 |
|
Option 3 sounds like a winner! |
|
im good with option 3 |
|
Option three looks like a solid choice to me. |
| // The functionality of the "NonFungibleTokensV1_1" amendment is | ||
| // precisely the functionality of the following three amendments | ||
| // so if their status is ever queried individually, we inject an | ||
| // extra check here to simplify the checking elsewhere. | ||
| if (feature == featureNonFungibleTokensV1 || | ||
| feature == fixNFTokenNegOffer || feature == fixNFTokenDirV1) | ||
| { | ||
| if (impl_->enabled(featureNonFungibleTokensV1_1)) | ||
| return true; | ||
| } | ||
|
|
There was a problem hiding this comment.
The only downside to doing it this way is that this check will need to be made on every call to enabled. It's a tiny downside, since it's a simple check. But what do you think of, instead of this check, you modify Change::applyAmendment. If the enabled feature is featureNonFungibleTokensV1_1, you add the other three to the amendments list, too?
rippled/src/ripple/app/tx/impl/Change.cpp
Lines 195 to 197 in 83aa1c1
There was a problem hiding this comment.
I thought about this (and prepared a branch to do just that, actually) but a couple of people that I floated that idea by felt that it was weird, because it could result in an amendment that doesn't, on its own, have majority appearing to get arbitrarily enabled.
I do think that's a better option in the long term and will likely introduce a PR to make that possible, but I don't think it's the right option here.
| @@ -337,6 +337,7 @@ extern uint256 const featureNonFungibleTokensV1; | |||
| extern uint256 const featureExpandedSignerList; | |||
| extern uint256 const fixNFTokenDirV1; | |||
| extern uint256 const fixNFTokenNegOffer; | |||
| extern uint256 const featureNonFungibleTokensV1_1; | |||
There was a problem hiding this comment.
You need to increment numFeatures.
rippled/src/ripple/protocol/Feature.h
Line 77 in 83aa1c1
src/ripple/protocol/impl/Rules.cpp
Outdated
| @@ -17,10 +17,10 @@ | |||
| */ | |||
| //============================================================================== | |||
|
|
|||
| #include <ripple/protocol/Feature.h> | |||
| //#include <ripple/protocol/Indexes.h> | |||
There was a problem hiding this comment.
May as well remove the commented line.
|
It also turns out that the |
|
Per the discussion here and in the mattermost chat, I reverted the commit that changed the default votes for the two fix amendments and have, instead, introduced a new amendment, Assuming that this is merged, it should be interpreted as a recommendation by the maintainers of the reference implementation of the protocol that any operators who wish to vote for activation of the XLS-20 NFT enhancements vote in favor of |
The existing code properly parses the network_id parameter from the the configuration file, but it does not properly set up the code to use the value correctly. As a result the configured `network_id` is ignored.
ThreadSafetyAnalysis was used to identify race conditions in this file. This analysis was modivated by a (rare) crash while running unit tests. Add locks to Shard flagged by ThreadSafetyAnalysis
While there should never be a missing node when copying the SHAMap, rippled should not terminate when there's an error rotating the database. This patch aborts the database rotation rather than aborting rippled.
A few unit tests have historically generated a lot of noise to the console from log writes. This noise was not useful and made it harder to locate actual test failures. By changing the log level of these tests from - severities::kError to - severities::kDisabled it was possible to remove that noise coming from the logs.
The existing code would, incorrectly, allow negative amounts in offers for non-fungible tokens. Such offers would be handled very differently depending on the context: a direct offer would fail with an error code indicating an internal processing error, whereas brokered offers would improperly succeed. This commit introduces the `fixNFTokenNegOffer` amendment that detects such offers during creation and returns an appropriate error code. The commit also extends the existing code to allow for buy offers that contain a `Destination` field, so that a specific broker can be set in the offer.
An incorrect SQL query could cause the server to improperly configure its voting state after a restart; typically, this would manifest as an apparent failure to store a vote which the administrator of the server had configured. This commit fixes the broken SQL and ensures that amendment votes are properly reloaded post-restart and closes #4220.
The peer discovery protocol depends on peers exchanging messages listing IP addresses for other peers. Under normal circumstances, these messages should not be sent frequently; the existing code would track the earliest time a new message should be processed, but did not actually enforce that limit.
The XLS-20 implementation contained two bugs that would require the introduction of amendments. This complicates the adoption of XLS-20 by requiring a staggered amendment activation, first of the two fix amendments, followed by the `NonFungibleTokensV1` amendment. After consideration, the consensus among node operators is that the process should be simplified by the introduction of a new amendment that, if enabled, would behaves as if the `NonFungibleTokensV1` and the two fix amendments (`fixNFTokenDirV1` and `fixNFTokenNegOffer`) were activated at once. This commit implements this proposal; it does not introduce any new functionality or additional features, above and beyond that offered by the existing amendments.
The existing spinlock code, used to protect SHAMapInnerNode child lists, has a mistake that can allow the same child to be repeatedly locked under some circumstances. The bug was in the `SpinBitLock::lock` loop condition check and would result in the loop terminating early. This commit fixes this and further simplifies the lock loop making the correctness of the code easier to verify without sacrificing performance. It also promotes the spinlock class from an implementation detail to a more general purpose, easier to use lock class with clearer semantics. Two different lock types now allow developers to easily grab either a single spinlock from an a group of spinlocks (packed in an unsigned integer) or to grab all of the spinlocks at once. While this commit makes spinlocks more widely available to developers, they are rarely the best tool for the job. Use them judiciously and only after careful consideration.
nbougalis
dismissed
ximinez’s stale review
The concerns raised have been addressed.
Roll-up PR for 1.9.2-rc, the first release candidate for 1.9.2, which introduces a fix for the amendment voting persistence issue described in #4220, as well as a fix for "negative offers" for NFTs.
Primarily, this release will introduce a new amendment,
NonFungibleTokensV1_1which is a combination of three amendments:NonFungibleTokensV1,fixNFTokenDirV1andfixNFTokenNegOffer. The maintainers of the reference implementation of the protocol recommend that operators that wish to vote for activation of the XLS-20 NFT enhancements vote in favor ofNonFungibleTokensV1_1instead ofNonFungibleTokensV1.If merged, this release will: