Generalize expiry based de-duplication, dsmr

[tsachiherman]

What ?

Integrate the generic de-deduplication logic into the dsmr

[tsachiherman]

All sounds like great ideas, thanks!

…

On Mon, Nov 25, 2024, 1:27 PM aaronbuchwald ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In x/dsmr/node.go <#1810 (comment)>: > @@ -172,19 +193,28 @@ func (n *Node[T]) BuildChunk( return chunk, n.storage.AddLocalChunkWithCert(chunk, &chunkCert) } -func (n *Node[T]) BuildBlock(parent Block, timestamp int64) (Block, error) { - if timestamp <= parent.Timestamp { +// BuildBlock(ctx context.Context, parentView state.View, parent *ExecutionBlock) (*ExecutionBlock, *ExecutedBlock, merkledb.View, error) can we remove this comment? ------------------------------ In x/dsmr/node_test.go <#1810 (comment)>: > +func newTestingLog() logging.Logger { + return logging.NewLogger("dsmr") +} we can replacing this with logging.NoLog{} ------------------------------ In x/dsmr/node_test.go <#1810 (comment)>: > +func newTestingTracer(t *testing.T) trace.Tracer { + tracer, err := trace.New(trace.Config{}) + require.NoError(t, err) + return tracer +} we can replace this with trace.Noop ------------------------------ In x/dsmr/node_test.go <#1810 (comment)>: > +type testingChainIndex struct{} + +func (*testingChainIndex) GetExecutionBlock(context.Context, ids.ID) (validitywindow.ExecutionBlock[*ChunkCertificate], error) { + return nil, nil +} + +func newChainIndexer() ChainIndex { + return &testingChainIndex{} +} We should add unit tests for the newly added functionality here. What do you think of the following cases? - skip duplicate chunks in build block - return an error if all available chunks are duplicates in build block - duplicate chunk within a block - duplicate chunk that between the block we are executing and the last accepted block - duplicate chunk inside of the accepted validity window - propagate an error if we fail to fetch a block during de-duplication — Reply to this email directly, view it on GitHub <#1810 (review)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AF2OOH6AKK7BDRFH2ESZGB32CNT2VAVCNFSM6AAAAABSJTMZI2VHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDINJZGMZDKMZVGM> . You are receiving this because you were assigned.Message ID: ***@***.***>

[aaronbuchwald]

We do this check twice now in chain since we previously handled this within NewExecutionBlock

We should only apply the check once, which do you think is the better place for it? The other addition within NewExecutionBlock is pre-populating the signature job. It would probably be better to remove that from the execution block and handle it in AsyncVerify. One good reason to do this is that handling this within ParseBlock can be a DoS vector.

[tsachiherman]

I don't see why testing this twice is an issue on it's own, and I think that I have a better solution here;
Testing it in NewExecutionBlock is not ideal from my perspective, as it should be construction step ( i.e. no errors ).
How do you feel about the following:
in ExecutionBlock, we would add the following function:

func (b *ExecutionBlock) ValidateDuplicateTransactions() error {
    if len(b.Txs) != b.txsSet.Len() {
        ErrDuplicateTx
    }
    return nil

than in validitywindow.go VerifyExpiryReplayProtection, we can just call this method:

   ...
   if err := blk.ValidateDuplicateTransactions(); err != nil {
      return err
   }
   ...

and remove the test from NewExecutionBlock

[aaronbuchwald]

Can we remove this check from this PR?

We should enforce timestamp >= parent timestamp (should allow them to be equal in case a block builder pushes the timestamp ahead of wall clock time for some nodes.

We should not allow the case that a malicious node builds a block with a timestamp that we consider valid less than 1s ahead of our wall clock time, but still ahead of our wall clock time, such that when we build a block on top of it, we fail because the current timestamp is ahead of our local timestamp.

We should update the check applied in BuildBlock imo.

We should also never execute the genesis block, so the check for parentBlock.Hght > 0 should be removed.

[aaronbuchwald]

Fetching a non-existing block should return an error, can we return database.ErrNotFound if the block is not available?

[joshua-kim]

I find the ux of us using the sentinel database.ErrNotFound experience to be very awkward. This is due to the existing interface definition and not the changes in this PR though.... if we had something like GetExecutionBlock() (ExecutionBlock[T], bool, error) we wouldn't have to introspect the error and could just return an error if error is non-nil and check the bool if it just wasn't there.

[joshua-kim]

Can we use set.Set here?

[joshua-kim]

I think these are duplicated - GetSlot is meant to be Expiry

[joshua-kim]

Should we use time.Duration here?

[joshua-kim]

nit: min(0, oldestAllowed)

[joshua-kim]

Nits:

1. receiver name should just be t
2. id -> blkID or blockID

[joshua-kim]

I don't care which we pick, but we should be consistent on the naming of either Foo() or GetFoo().

[tsachiherman]

I'm going to dodge this one by saying that this method is no longer needed.

[joshua-kim]

This seems weird because these are not returning txs

[tsachiherman]

yes, I agree. let's discuss this as a group ?

[aaronbuchwald]

Can we use the term containers?

[joshua-kim]

nit: make these (logger + tracer) the first args in this fn

[joshua-kim]

Seems like we're doing this to avoid the caller depending on an internal package. I'm wondering if it even makes sense for validitywindow to be in internal at all... should this just be merged into dsmr?

[tsachiherman]

@aaronbuchwald asked to remove this section completely.

[joshua-kim]

This exposes the internal/emap package into the caller. I think the previous wrapping pattern where we wrapped this interface w/ a type that implemented the emap interface actually looked cleaner.

[tsachiherman]

once merged, we won't need wrapping interface anymore. . unless I'm missing something ?

[aaronbuchwald]

I think @joshua-kim 's point is to have the internal type implemented as makes sense in this package and then wrap it with another type that converts between that structure and the required interface when we need to use it in the validity window or expiry map where we need a specific interface. Correct me if I'm wrong @joshua-kim

[tsachiherman]

done

[aaronbuchwald]

Can we rename this to a neutral name instead of txs like containers?

[aaronbuchwald]

Can we rename the local variables here?

[aaronbuchwald]

same comment on tx.GetID() here

[aaronbuchwald]

Can we move the cert set to the execution block type?

[aaronbuchwald]

This test case looks like it should pass because calling Accept should mark the block as accepted and make sure it's part of the index.

[aaronbuchwald]

Agree with @joshua-kim here that it does not make sense to test this way since a user of this package should never call AddLocalChunkWithCert directly.

The way we'd hit this case is by attempting to build a block with a chunk that is in our pool, but has not been included in an accepted block yet (and therefore has not been removed from that pool).

[aaronbuchwald]

I'm not sure the validity window should be separate from the nodes, since each node maintains its own index

[tsachiherman]

it's not the validity window itself, but rather the validity window duration. The index remains the same.

[aaronbuchwald]

The indexer is usually part of the node itself so sharing it across each node in tests seems like an anti-pattern

[tsachiherman]

I could create an indexer per node, if you think it would be better.. but it would be a bit of over engineering solution given that it's being used to retrieve previously accepted blocks. Please let me know if you think it's the right move and I'll make it so.

[aaronbuchwald]

Is this meant to be using ids.GenerateTestID() ?

[tsachiherman]

no; but good catch. It needed to be a way to way to reproduce consistent duplicate chunks. I'd updated the code to use ids.Empty.Prefix(uint64(chunkExpiry))

[aaronbuchwald]

Suggested change

	// create the block so that we can test it against the execute directly.
	// create the block so that we can test it against Execute directly.

[aaronbuchwald]

Should we generate actual IDs instead of ids.Empty since these will technically be invalid?

[aaronbuchwald]

If BuildBlock succeeds, it seems that we are expecting it to build the same block that we have produced locally. Should we be checking that they're the same here?

[tsachiherman]

if the BuildBlock won't return any of the expected errors, than it would return a valid block. However, I'm not sure how easy it would be to compare it to the testing block we've created. I'll add ParentID, Height and Timestamp.

[joshua-kim]

Isn't this a test over the duplicate chunk case?

[tsachiherman]

no; after

	r.NoError(node.Verify(context.Background(), node.LastAccepted, blk))
	r.NoError(node.Accept(context.Background(), blk))

I intentionally did not add the newly accepted block to the indexer.
As a result, when

r.ErrorIs(node.Verify(context.Background(), node.LastAccepted, blkNext), database.ErrNotFound)

is called, it wouldn't have that block in the indexer, and would generate the database.ErrNotFound error.

[tsachiherman]

as far as I can tell, this is the only test that we have that cover this case.
( obviously, it shouldn't happen on any real VM that index all it's accepted blocks )

[joshua-kim]

Why are we getting database.ErrNotFound here? It seems to me like this would fail verification because this block references a chunk that contains duplicated txs

[tsachiherman]

it wouldn't be the same transactions since ids.GenerateTestID() is random.

[joshua-kim]

1. I think we should unexport this type since it's not needed downstream of dsmr, since we're only using this type within the validity window.
2. Can we call this something like validityWindowBlock? We're going to be introducing another ExecutedBlock type which will be too similar to this type name.

[tsachiherman]

Sure, wasn't aware of that, and would gladly rename the data structure.

[joshua-kim]

nit: move all testing types to bottom of file

[joshua-kim]

This block isn't valid, I think we need to call BuildChunk -> BuildBlock -> Verify before calling Accept. As an unrelated note I don't think we need this block at all for this test.

[joshua-kim]

Do we want this indexer to be shared across all node instances?

[aaronbuchwald]

I would prefer not since the "indexer" is unique per node in practice

[joshua-kim]

nit: Use node.LastAccepted instead of referencing blk for the parent to build off of

[joshua-kim]

I feel like instead of having a single test case that checks:

1. Build a duplicate chunk, have it fail, and build a new chunk and see if it passes

It would just make more sense to have this split into separate test cases:

1. Build a Chunk, it should pass
2. Build a duplicate chunk, it should fail
3. Build a chunk, build a duplicate chunk, should pass with a single chunk in the block

[joshua-kim]

Can we use BuildBlock after calling BuildChunk instead of initializing the block through the struct?

[joshua-kim]

Should dsmr be updating the chain index? Or are we expecting that someone else is responsible for updating it (current behavior)?

[aaronbuchwald]

The snow refactor separates the chain index from Accept, so it's reasonable imo to do the same thing here imo

[aaronbuchwald]

The indexer is usually part of the node itself so sharing it across each node in tests seems like an anti-pattern

[aaronbuchwald]

Should this be an argument to create new nodes instead of setting it after constructing the nodes?

[aaronbuchwald]

The snow refactor separates the chain index from Accept, so it's reasonable imo to do the same thing here imo

[aaronbuchwald]

I would prefer not since the "indexer" is unique per node in practice