feat(storage-proofs): implement rational post #763
Conversation
dignifiedquire
force-pushed
the
feat/rational-post
branch
from
f1f4886 to
c243861
Compare
There was a problem hiding this comment.
BLOCKING: This PR needs to generate and publish new Groth parameters.
Note: Breaking API Changes
generate_postchallenge_seedparameter becomes&ChallengeSeedgenerate_postnow accepts&[u64]forfaultsgenerate_posthas new return typeverify_postnow accepts&[u8]instead ofVec<Vec<u8>>forproofsverify_postchallenge_seedparameter becomes&ChallengeSeedverify_postnow accepts&[u64]forfaultsSectorClassdropsPoStProofPartitions
filecoin-proofs/src/api.rs
Outdated
|
|
||
| let commitments: Vec<_> = challenges | ||
| .iter() | ||
| .map(|c| commitments_all[c.sector as usize]) |
There was a problem hiding this comment.
BLOCKING: Please use Vec::get and early-return on a None instead of indexing into the thing directly (which will panic if there is no value corresponding to the provided index).
There was a problem hiding this comment.
Counterpoint: derive_challenges had damn well better make sure c.sector is in range, and if it's not then we risk generating an invalid PoSt and need the moral equivalent of a panic (although I agree that should be caught and handled gracefully at the API boundary).
There was a problem hiding this comment.
We don't have any panic-recovery tooling yet, so this will unwind the stack and crash the Filecoin node. Until we build those tools, please avoid using panics.
filecoin-proofs/src/api.rs
Outdated
|
|
||
| let commitments: Vec<_> = challenges | ||
| .iter() | ||
| .map(|c| commitments_all[c.sector as usize]) |
There was a problem hiding this comment.
Counterpoint: derive_challenges had damn well better make sure c.sector is in range, and if it's not then we risk generating an invalid PoSt and need the moral equivalent of a panic (although I agree that should be caught and handled gracefully at the API boundary).
filecoin-proofs/src/api.rs
Outdated
| ) | ||
| .unwrap() | ||
| } else { | ||
| panic!("faults are not yet supported") |
There was a problem hiding this comment.
I think we should give ReplicaInfo (or whatever you call it) a method which can convert it into a tree. We should pass those as private inputs, then only treeify them if the sector is challenged. This assumes there will be enough time to do that. This is a whole question I'm trying to get answers to now and will create an issue if necessary.
In any case, we can't hold all the trees in memory (and I think go-filecoin) is currently blowing up because of this.
|
|
||
| pub fn to_vec(&self) -> Vec<u8> { | ||
| let mut out = Vec::new(); | ||
| self.write(&mut out).expect("known allocation target"); |
There was a problem hiding this comment.
Why do you defile the holy MultiProof so?
yes, will do once this PR is fully settled and approved |
dignifiedquire
force-pushed
the
feat/rational-post
branch
from
6c40628 to
aa495ae
Compare
filecoin-proofs/src/api.rs
Outdated
| let challenged_replicas: Vec<_> = challenges | ||
| .iter() | ||
| .map(|c| { | ||
| if let Some(replica) = replicas.get(c.sector as usize) { |
There was a problem hiding this comment.
BLOCKING: replicas.get(c.sector as usize) is going to index into replicas by sector id. replicas is a Vec (i.e. not sector id-indexed data structure).
There was a problem hiding this comment.
How do I get the sector id from the the replica then?
There was a problem hiding this comment.
You'll need to extend ReplicaInfo to include this information, e.g.
#[derive(Clone, Debug, PartialEq, Eq, Hash)]
pub struct ReplicaInfo {
/// Path to the replica.
access: String,
/// The replica commitment.
commitment: Commitment,
sector_id: SectorId
}
There was a problem hiding this comment.
We should pause this thread until we're all on the same page regarding whether or not GeneratePoSt should accept a SectorSet (a sector id-indexed map) or an ordered list of sector ids.
storage-proofs/src/sector.rs
Outdated
| use byteorder::ByteOrder; | ||
|
|
||
| /// An ordered set of `SectorId`s. | ||
| pub type SectorSet = BTreeSet<SectorId>; |
There was a problem hiding this comment.
Suggestion: Change the name of this type to something other than SectorSet. SectorIdSet would be fine by me.
Rationale: The protocol already specifies SectorSet to be a map from sector id to replica commitment. Your type is not a map from sector id to replica commitment; I am certain that the name collision will cause some confusion in the future.
There was a problem hiding this comment.
changed to OrderedSectorSet
storage-proofs/src/rational_post.rs
Outdated
| let challenged_sector = u64::from(challenge.sector); | ||
| let challenged_leaf = challenge.leaf; | ||
|
|
||
| let tree = priv_inputs.trees[challenged_sector as usize]; |
There was a problem hiding this comment.
challenged_sector, which is the challenge.sector, seems to be used as an index into the trees here, but the type of challenge.Sector is SectorId. This seems like a mismatch.
| #[derive(Debug, Clone, PartialEq, Eq)] | ||
| pub struct Challenge { | ||
| // The index of the sector into the sector list. | ||
| pub sector: SectorId, |
There was a problem hiding this comment.
It it the index, or is it the Id?
There was a problem hiding this comment.
ID, forgot to update the comment
storage-proofs/src/rational_post.rs
Outdated
| .iter() | ||
| .zip(pub_inputs.commitments.iter()) | ||
| .map(|(challenge, commitment)| { | ||
| let challenged_sector = u64::from(challenge.sector); |
There was a problem hiding this comment.
Why are you turning a SectorId into a u64? It seems like this is defeating the type system and allowing you to look up a tree in an array by the integer value of its SectorId.
| faults.insert(1.into()); | ||
| let mut sectors = SectorSet::new(); | ||
| sectors.insert(0.into()); | ||
| sectors.insert(1.into()); |
There was a problem hiding this comment.
I think this test needs to be made more robust. It's not catching the fact that we're indexing into the trees using the SectorId and not the calculated challenge offset.
I believe the test will break and expose this if you change line 297 to read sectors.insert(2.into());.
We should also go further and add at least one more non-faulted sector and ensure that the test specifically validates that it has been selected correctly. In generally, we should avoid only inserting sectors whose SectorIds are consecutive, starting from 0 — since this is very special case in which SectorId and offset into an ordered set happen to be identical.
dignifiedquire
force-pushed
the
feat/rational-post
branch
from
d8d695b to
a65d77a
Compare
* feat(add SectorId type and transforms) * fixup(clippy) * feat(implement Display for SectorId) * fixup(derive Ord) * fixup(revert sector_id field change to sector as per spec)
dignifiedquire
force-pushed
the
feat/rational-post
branch
from
a65d77a to
78419f6
Compare
| /// The replica commitment. | ||
| commitment: Commitment, | ||
| /// Is this sector marked as a fault? | ||
| is_fault: bool, |
There was a problem hiding this comment.
Not necessary, but it might be nice to make this whole type be an Enum with faulty and non-faulty variants — the faulty version omitting the access. This would make it impossible to generate merkle trees from faulty sectors, potentially heading off some unpleasant failure modes we might accidentally stumble into if it's possible to do so.
|
|
||
| if let Some(tree) = priv_inputs.trees.get(&challenge.sector) { | ||
| if commitment != &tree.root() { | ||
| return Err(Error::InvalidCommitment); |
There was a problem hiding this comment.
Not sure this is the right name for the error here. The commitment is valid by definition, right?
Follows the definition in filecoin-project/specs#332
PRs for other repos