[Dynamic Protocol State] Refactor Epoch Commitment Deadline Enforcement #5108
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. Update bootstrapping to use DynamicProtocolState rather than
protocol.Epoch API, resolving a TODO and simplifying that method
2. Removes the committed_epoch_final_view metric. We originally added
this metric with the idea that it would provide a way to see how much
time you have minimally, until the next time when EFM could possibly
be triggered. However:
- it is not used
- it is somewhat misleading, as EFM can actually be triggered at
other points than the final view of the committed epoch in
some circumstances
- if we do want to alert on something like this in the future,
it can be created from other metrics:
- cur_epoch_final_view, cur_view, cur_epoch_phase
- remove expectation of removed metric - fix call to indexFirstHeight in bootstrapping - fix boolean conditional in EpochPhase method
Co-authored-by: Yurii Oleksyshyn <yuraolex@gmail.com>
Base automatically changed from
jordan/4649-epoch-status
to
feature/dynamic-protocol-state
December 11, 2023 19:22
…or-epoch-commit-deadline
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## feature/dynamic-protocol-state #5108 +/- ##
==================================================================
- Coverage 56.51% 56.50% -0.01%
==================================================================
Files 987 987
Lines 92539 92531 -8
==================================================================
- Hits 52298 52289 -9
- Misses 36396 36400 +4
+ Partials 3845 3842 -3
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
durkmurder
reviewed
Dec 13, 2023
durkmurder
approved these changes
Dec 13, 2023
Co-authored-by: Yurii Oleksyshyn <yuraolex@gmail.com>
AlexHentschel
approved these changes
Dec 15, 2023
There was a problem hiding this comment.
There a lots of mentions of "EECC" in this file. Not sure, did we want to replace those with "EFM" 😅 (?)
There was a problem hiding this comment.
Did a project-wide replace in 8e69496
| @@ -269,3 +273,16 @@ func (m *stateMutator) transitionToEpochFallbackMode(results []*flow.ExecutionRe | |||
| } | |||
| return dbUpdates, nil | |||
| } | |||
|
|
|||
| // epochFallbackTriggeredByIncorporatingCandidate checks whether incorporating the input block | |||
| // would trigger epoch fallback mode (EFM) along the current fork. In particular, we trigger epoch | |||
There was a problem hiding this comment.
in scientific literature, it is common practise to set abbreviations su ch as EFM in square brackets. Would suggest to adopt this convention also in our code:
// would trigger epoch fallback mode [EFM] along the current fork.| // epochFallbackTriggeredByIncorporatingCandidate checks whether incorporating the input block | ||
| // would trigger epoch fallback mode (EFM) along the current fork. In particular, we trigger epoch | ||
| // fallback mode when: | ||
| // 1. The next epoch has not been committed as of B (EpochPhase < flow.EpochPhaseCommitted) AND |
There was a problem hiding this comment.
would be inclined to use the same representation as in code:
Suggested change
| // 1. The next epoch has not been committed as of B (EpochPhase < flow.EpochPhaseCommitted) AND | |
| // 1. The next epoch has not been committed as of B (EpochPhase ≠ flow.EpochPhaseCommitted) AND |
This holds independently of the internal order of EpochPhase
Comment on lines
277
to
288
| // epochFallbackTriggeredByIncorporatingCandidate checks whether incorporating the input block | ||
| // would trigger epoch fallback mode (EFM) along the current fork. In particular, we trigger epoch | ||
| // fallback mode when: | ||
| // 1. The next epoch has not been committed as of B (EpochPhase < flow.EpochPhaseCommitted) AND | ||
| // 2. B is the first incorporated block with view greater than or equal to the epoch commitment | ||
| // deadline for the current epoch | ||
| func epochFallbackTriggeredByIncorporatingCandidate(candidateView, safetyThreshold, finalView uint64, phase flow.EpochPhase) bool { | ||
| if phase == flow.EpochPhaseCommitted { // Requirement 1 | ||
| return false | ||
| } | ||
| return candidateView+safetyThreshold >= finalView // Requirement 2 | ||
| } |
There was a problem hiding this comment.
Algorithmically it is correct I think, but I got stuck on it because there were a few details that I wasn't aware of. I think we can increase code clarity and documentation coverage notably if we changed the signature of the method just a bit.
Suggested change
| // epochFallbackTriggeredByIncorporatingCandidate checks whether incorporating the input block | |
| // would trigger epoch fallback mode (EFM) along the current fork. In particular, we trigger epoch | |
| // fallback mode when: | |
| // 1. The next epoch has not been committed as of B (EpochPhase < flow.EpochPhaseCommitted) AND | |
| // 2. B is the first incorporated block with view greater than or equal to the epoch commitment | |
| // deadline for the current epoch | |
| func epochFallbackTriggeredByIncorporatingCandidate(candidateView, safetyThreshold, finalView uint64, phase flow.EpochPhase) bool { | |
| if phase == flow.EpochPhaseCommitted { // Requirement 1 | |
| return false | |
| } | |
| return candidateView+safetyThreshold >= finalView // Requirement 2 | |
| } | |
| // epochFallbackTriggeredByIncorporatingCandidate checks whether incorporating the input block B | |
| // would trigger epoch fallback mode [EFM] along the current fork. We trigger epoch fallback mode | |
| // when: | |
| // 1. The next epoch has not been committed as of B (EpochPhase ≠ flow.EpochPhaseCommitted) AND | |
| // 2. B is the first incorporated block with view greater than or equal to the epoch commitment | |
| // deadline for the current epoch | |
| // | |
| // In protocol terms, condition 1 means that an EpochCommit service event for the upcoming epoch has | |
| // not yet been sealed as of block B. Formally, a service event S is considered sealed as of block B if: | |
| // - S was emitted during execution of some block A, s.t. A is an ancestor of B. | |
| // - The seal for block A was included in some block C, s.t C is an ancestor of B. | |
| // | |
| // For further details see `params.EpochCommitSafetyThreshold()`. | |
| func epochFallbackTriggeredByIncorporatingCandidate(candidateView uint64, params protocol.GlobalParams, parentState *flow.RichProtocolStateEntry) bool { | |
| if parentState.EpochPhase() == flow.EpochPhaseCommitted { // Requirement 1 | |
| return false | |
| } | |
| return candidateView+params.EpochCommitSafetyThreshold() >= parentState.CurrentEpochSetup.FinalView // Requirement 2 | |
| } |
Here, I have used params and parentState instead of the derived values, because then I can easily refer to them in the documentation
| // epoch service event or an invalid state transition previously in this fork. | ||
| // Case 2: Incorporating the candidate block is itself an invalid epoch transition. | ||
| // | ||
| // In either case, Epoch Fallback Mode (EFM) has been tentatively triggered on this fork, |
There was a problem hiding this comment.
Suggested change
| // In either case, Epoch Fallback Mode (EFM) has been tentatively triggered on this fork, | |
| // In either case, Epoch Fallback Mode [EFM] has been tentatively triggered on this fork, |
Comment on lines
+270
to
+272
| // if a state machine constructor returns an error, the stateMutator constructor should fail | ||
| // and propagate the error to the caller | ||
| s.Run("state machine constructor returns error", func() { |
There was a problem hiding this comment.
thank you for the also testing the error path 🤩
jordanschalm
merged commit 292b541
into
feature/dynamic-protocol-state
53 checks passed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR addresses #5104, using this suggestion:
Changes
stateMutatormodulestateMutatorconstructor