There is a failure mode of IBFT whereby a validator fails to import
a block, and also fails to receive the NewBlock message from its
peers. This means said validator is unable to participate in
subsequent rounds, and may cause the network to halt.
To overcome this issue, if an IBFT validator receives messages from
a future height, it will update the "BestEstimatedHeight" of the
corresponding EthPeer object, such that the Synchroniser will
(eventually) download the requisite blocks - thus allowing the
IBFT network to continue to operate.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
It was identified during a demonstration that Pantheon, when running
in IBFT would show a "Bad Block Import" when a validator was added or
removed from the validator pool.
It was determined this was due to IBFT maintaining a single, 'global'
copy of the curent list of validators, which was updated when a block
was imported - thus when a block which had been imported vi IBFT
was then received via Eth block propogation, the validator list would
not align with the global list (as it had been updated in the IBFT
import).
The solution has been to utilise the VoteTallyCache as used in the
Clique implementation.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
With upcoming changes to remove the NewRound message, and place
the RoundChangeCertificate in the Proposal, it was decided to break
out the RoundChangeCertiifcate validation into a separate file
to minimise changes during message restructuring.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
This change moves blocks out from the signed portion of the IBFT messages (Proposal, RoundChange and NewRound).
This has grossly affected the message validators and message factories - but otherwise does not affect the general behaviour of the system (other than reducing message size of the NewRound messages).
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Two changes:
* Stream chains now take up less vertical lines, only breaking on
stream operations.
* Long annotations that span multiple lines no longer have a dangling
parentesis and indent 4 spaces.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
With a prior change swapping header validation for block
validation in the IBFT messages, the necessity to pass in the block
header was removed - though the code remained.
This change simplifies the MessageValidatorFactory interface to only
take the chain height (rather than the full parent header).
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
The IbftRoundFactory creates a MessageValidator for use within the
newly created round, however it does this bypassing the established
factory classes (MessageValidatorFactory).
This commit updates the IbftRoundFactory to use the correct API for
creating the message validator.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
The IBFT messages have been flattened such that the content within the
signed subtype can be accessed directly from the message interface.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
IBFT2.1 requires that message content be separated, thus concepts
at the message level must not leak into the business logic - eg
RoundChangeCertificate should not be created by the
RoundChangeManager - rather an intermediate type is to be inserted.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Moving to IBFT2.1 requires that validation be conducted
on the signeddata aspects of a message separately from the
'piggybacked' block.
Move Validators to using Messages
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* Create wrapper types for Ibft Signed messages
As future IBFT message will require only subsets of the data to be signed,
the message structures need to be modified such taht the signed-data
aspects can be a component of the message (Rather than the whole
message).
THis chnage starts this process by having a "flat" message which allows
clients to query the required round, and author of the message.
* Updated IbftHeightManager to new msgtypes
* Removed final from interface
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
As future IBFT message will require only subsets of the data to be signed,
the message structures need to be modified such taht the signed-data
aspects can be a component of the message (Rather than the whole
message).
This change starts this process by having a "flat" message which allows
clients to query the required round, and author of the message.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Messages which originate with the current node are logged in the
gossiper such that if a remote peer sends a packet which originated
from the local back to the local node, it should not go back out
again.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* Refactoring for more readable IBFT IT
* Renaming Roles to peers
* Moving the assert behaviour into the RoundChangePeers
* Renmaing prefix of assert to verify, grammar
* Reducing usage of getAllPeers()
* Dropping the getter for the peer list
* Dropping peer from method names, as it's now in the class name
* Spotless
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Makes Synchronizer responsible for deciding if it has enough peers or not rather than ProtocolManager.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* Add Privacy Cli options
* Wire up Precompiled contract configuration to Protocol Spec
* Rename createDefault to noPrivacy to indicate the defaults.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Nodes which are not validators in a network should not inject
IBFT messages to the consensus round, and should not gossip
received messages.
I.e. all events should ensure that they are only handled if
the node is a validator at the current height.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Ibft will no longer buffer round change messages for prior rounds.
While the messages buffered where discarded on round change, they
should not be buffered.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
This commit adds additional tests which fall outside of the existing
suite, and target spuriously behaved peers - i.e. illegal seals,
illformed RLP data etc.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
This allows individual items of the test framework to be replaced
during the test construction (i.e. eventqueue, clock, validator count).
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
This adds tests to ensure the IBFT capability handles the chain updating
"under" the state machine.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
The ibftGetValidatorsByBlockNumber and ibftGetValidatorsByBlockHash
both returned a list of Addresses, whichi when translated back into
JSON RPC responses, results in an incorrect 'shape'.
These RPC calls should (and now do) return a list of strings.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>