failure indicating commitments

[ptrus]

The E2E tests with increased epoch times (#3322) discovered a failure edge case that can happen if the storage committee becomes unavailable after proposer already proposes a batch, but before any of the nodes submit a commitment. In that case the nodes currently abort the processing and wait for a round failure. Since there is no submitted commitments the round failure only happens at the next epoch transition.

This PR adds support for failure indicating commitments (which were first proposed as part of the ADR 0005), which solve the above mentioned issue since compute nodes can now submit a failure indicating commitment and with it trigger a round failure.

NOTE: only the subset (support for failure indicating commitments) of the mentioned ADR is implemented here.

TODO:

• probably some more tests
• check for other scenarios where a failure indicating commitment should be submitted by an executor node (currently only the mentioned failure scenario was fixed)

[codecov]

Codecov Report

Merging #3391 into master will decrease coverage by 0.09%.
The diff coverage is 63.27%.

@@            Coverage Diff             @@
##           master    #3391      +/-   ##
==========================================
- Coverage   66.03%   65.93%   -0.10%     
==========================================
  Files         371      371              
  Lines       33285    33367      +82     
==========================================
+ Hits        21979    22002      +23     
- Misses       8075     8127      +52     
- Partials     3231     3238       +7     

Impacted Files	Coverage Δ
go/common/version/version.go	80.00% <ø> (ø)
go/worker/compute/executor/committee/node.go	61.95% <44.15%> (-1.23%)	⬇️
go/roothash/api/commitment/pool.go	76.09% <67.21%> (+3.60%)	⬆️
go/roothash/api/commitment/executor.go	77.64% <93.93%> (+9.12%)	⬆️
go/consensus/tendermint/apps/roothash/roothash.go	74.05% <100.00%> (ø)
go/roothash/tests/tester.go	88.43% <100.00%> (ø)
go/runtime/host/mock/mock.go	84.90% <100.00%> (ø)
go/runtime/host/sandbox/sandbox.go	65.74% <0.00%> (-9.85%)	⬇️
go/worker/keymanager/handler.go	61.22% <0.00%> (-6.13%)	⬇️
go/consensus/tendermint/full/services.go	77.11% <0.00%> (-5.94%)	⬇️
... and 37 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d7ec215...66063cc. Read the comment docs.

[kostko]

We should also probably submit a failure in case the runtime fails to process a batch, e.g. here:

oasis-core/go/worker/compute/executor/committee/node.go

Line 1447 in bb1aa48

n.abortBatchLocked(errRuntimeAborted)

[ptrus]

We should also probably submit a failure in case the runtime fails to process a batch, e.g. here:

Added, not sure how to best test these cases maybe with byzantine-storage tests, need to think about it a bit, but probably can be done in a separate PR.

[kostko]

Yeah we should add Byzantine tests for all these cases, can you open an issue for it?

[ptrus]

Yeah we should add Byzantine tests for all these cases, can you open an issue for it?

#3414

[kostko]

I don't think we need one as there is one below and nothing interesting happens inbetween.

[kostko]

Since this body is longer, maybe invert the check so less stuff is indented?