Add proposal for tick verification in slots #6512
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| # Tick Verification | ||
|
|
||
| This design the criteria and validation of ticks in a slot. It also describes | ||
| error handling and slashing conditions encompassing how the system handles | ||
| transmissions that do not meet these requirements. | ||
|
|
||
| # Slot structure | ||
|
|
||
| Each slot must contain an expected `ticks_per_slot` number of ticks. The last | ||
| shred in a slot must contain only the entirety of the last tick, and nothing | ||
| else. The leader must also mark this shred containing the last tick with the | ||
| `LAST_SHRED_IN_SLOT` flag. Between ticks, there must be `hashes_per_tick` | ||
| number of hashes. | ||
|
|
||
| # Handling bad transmissions | ||
|
|
||
| Malicious transmissions `T` are handled in two ways: | ||
|
|
||
| 1) If a leader can generate some erronenous transmission `T` and also some | ||
| alternate transmission `T'` for the same slot without violating any slashing | ||
| rules for duplicate transmissions (for instance if `T'` is a subset of `T`), | ||
| then the cluster must handle the possibility of both transmissions being live. | ||
|
|
||
| Thus this means we cannot mark the erronenous transmission `T` as dead because | ||
| the cluster may have reached consensus on `T'`. These cases necessitate a | ||
| slashing proof to punish this bad behavior. | ||
|
|
||
| 2) Otherwise, we can simply mark the slot as dead and not playable. A slashing | ||
| proof may or may not be necessary depending on feasibility. | ||
|
|
||
| # Blocktree receiving shreds | ||
|
|
||
| When blocktree receives a new shred `s`, there are two cases: | ||
|
|
||
| 1) `s` is marked as `LAST_SHRED_IN_SLOT`, then check if there exists a shred | ||
| `s'` in blocktree for that slot where `s'.index > s.index` If so, together `s` | ||
| and `s'` constitute a slashing proof. | ||
|
|
||
| 2) Blocktree has already received a shred `s'` marked as `LAST_SHRED_IN_SLOT` | ||
| with index `i`. If `s.index > i`, then together `s` and `s'`constitute a | ||
| slashing proof. In this case, blocktree will also not insert `s`. | ||
|
|
||
| 3) Duplicate shreds for the same index are ignored. Non-duplicate shreds for | ||
| the same index are a slashable condition. Details for this case are covered | ||
| in the `Leader Duplicate Block Slashing` section. | ||
|
|
||
|
|
||
| # Replaying and validating ticks | ||
|
There was a problem hiding this comment. @jstarry I think these are the conditions related to your PR. The only case where we don't mark slots as dead is when we detect extra shreds that come after the |
||
|
|
||
| 1) Replay stage replays entries from blocktree, keeping track of the number of | ||
| ticks it has seen per slot, and verifying there are `hashes_per_tick` number of | ||
| hashes between ticcks. After the tick from this last shred has been played, | ||
| replay stage then checks the total number of ticks. | ||
|
|
||
| Failure scenario 1: If ever there are two consecutive ticks between which the | ||
| number of hashes is `!= hashes_per_tick`, mark this slot as dead. | ||
|
|
||
| Failure scenario 2: If the number of ticks != `ticks_per_slot`, mark slot as | ||
| dead. | ||
|
|
||
| Failure scenario 3: If the number of ticks reaches `ticks_per_slot`, but we still | ||
| haven't seen the `LAST_SHRED_IN_SLOT`, mark this slot as dead. | ||
|
|
||
| 2) When ReplayStage reaches a shred marked as the last shred, it checks if this | ||
| last shred is a tick. | ||
|
|
||
| Failure scenario: If the signed shred with the `LAST_SHRED_IN_SLOT` flag cannot | ||
| be deserialized into a tick (either fails to deserialize or deserializes into | ||
| an entry), mark this slot as dead. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it possible for the blocktree to receive two different shreds for the same index?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like we should add a case for that too
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nvm I see we have a separate proposal for this case (duplicate blocks) maybe link to it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ya that one's a nasty bugger. It hasn't been checked in yet, you mean link it here in this PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh I meant link in the book to the other proposal so that all the cases are covered for how to handle a new shred. Or for now, say proposal pending?