Generalize expiry based de-duplication, dsmr

[tsachiherman]

What ?

Integrate the generic de-deduplication logic into the dsmr

[aaronbuchwald]

we can defer this to the VM to maintain a chain index for us that we pass in - similar to how we handle this in the existing chain/ package

[tsachiherman]

np

[aaronbuchwald]

can we remove this comment?

[tsachiherman]

All sounds like great ideas, thanks!

…

On Mon, Nov 25, 2024, 1:27 PM aaronbuchwald ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In x/dsmr/node.go <#1810 (comment)>: > @@ -172,19 +193,28 @@ func (n *Node[T]) BuildChunk( return chunk, n.storage.AddLocalChunkWithCert(chunk, &chunkCert) } -func (n *Node[T]) BuildBlock(parent Block, timestamp int64) (Block, error) { - if timestamp <= parent.Timestamp { +// BuildBlock(ctx context.Context, parentView state.View, parent *ExecutionBlock) (*ExecutionBlock, *ExecutedBlock, merkledb.View, error) can we remove this comment? ------------------------------ In x/dsmr/node_test.go <#1810 (comment)>: > +func newTestingLog() logging.Logger { + return logging.NewLogger("dsmr") +} we can replacing this with logging.NoLog{} ------------------------------ In x/dsmr/node_test.go <#1810 (comment)>: > +func newTestingTracer(t *testing.T) trace.Tracer { + tracer, err := trace.New(trace.Config{}) + require.NoError(t, err) + return tracer +} we can replace this with trace.Noop ------------------------------ In x/dsmr/node_test.go <#1810 (comment)>: > +type testingChainIndex struct{} + +func (*testingChainIndex) GetExecutionBlock(context.Context, ids.ID) (validitywindow.ExecutionBlock[*ChunkCertificate], error) { + return nil, nil +} + +func newChainIndexer() ChainIndex { + return &testingChainIndex{} +} We should add unit tests for the newly added functionality here. What do you think of the following cases? - skip duplicate chunks in build block - return an error if all available chunks are duplicates in build block - duplicate chunk within a block - duplicate chunk that between the block we are executing and the last accepted block - duplicate chunk inside of the accepted validity window - propagate an error if we fail to fetch a block during de-duplication — Reply to this email directly, view it on GitHub <#1810 (review)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AF2OOH6AKK7BDRFH2ESZGB32CNT2VAVCNFSM6AAAAABSJTMZI2VHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDINJZGMZDKMZVGM> . You are receiving this because you were assigned.Message ID: ***@***.***>

[aaronbuchwald]

We do this check twice now in chain since we previously handled this within NewExecutionBlock

We should only apply the check once, which do you think is the better place for it? The other addition within NewExecutionBlock is pre-populating the signature job. It would probably be better to remove that from the execution block and handle it in AsyncVerify. One good reason to do this is that handling this within ParseBlock can be a DoS vector.

[tsachiherman]

I don't see why testing this twice is an issue on it's own, and I think that I have a better solution here;
Testing it in NewExecutionBlock is not ideal from my perspective, as it should be construction step ( i.e. no errors ).
How do you feel about the following:
in ExecutionBlock, we would add the following function:

func (b *ExecutionBlock) ValidateDuplicateTransactions() error {
    if len(b.Txs) != b.txsSet.Len() {
        ErrDuplicateTx
    }
    return nil

than in validitywindow.go VerifyExpiryReplayProtection, we can just call this method:

   ...
   if err := blk.ValidateDuplicateTransactions(); err != nil {
      return err
   }
   ...

and remove the test from NewExecutionBlock

[aaronbuchwald]

Should we create a set of chunk cert IDs to make this faster? Could also leave for now and add only if needed.

[tsachiherman]

I'm perfectly fine adding it. will do.

[tsachiherman]

done.

[aaronbuchwald]

Can we remove the type declaration block in favor of simply declaring the node type? We do not use this style anywhere else in the codebase, so would prefer not to introduce it here.

[aaronbuchwald]

Why differentiate this error? This handling seems overly complicated to provide a different error type

[tsachiherman]

I thought that you've explicitly asked for a separate error when all the certs are duplicate.. did I get it wrong ?

[aaronbuchwald]

Ah I meant a separate test case if we attempt to build an empty block: #1810

[tsachiherman]

oh.. yes, I can do that.

[tsachiherman]

done.

[aaronbuchwald]

Can we remove this check from this PR?

We should enforce timestamp >= parent timestamp (should allow them to be equal in case a block builder pushes the timestamp ahead of wall clock time for some nodes.

We should not allow the case that a malicious node builds a block with a timestamp that we consider valid less than 1s ahead of our wall clock time, but still ahead of our wall clock time, such that when we build a block on top of it, we fail because the current timestamp is ahead of our local timestamp.

We should update the check applied in BuildBlock imo.

We should also never execute the genesis block, so the check for parentBlock.Hght > 0 should be removed.

[aaronbuchwald]

Fetching a non-existing block should return an error, can we return database.ErrNotFound if the block is not available?

[joshua-kim]

I find the ux of us using the sentinel database.ErrNotFound experience to be very awkward. This is due to the existing interface definition and not the changes in this PR though.... if we had something like GetExecutionBlock() (ExecutionBlock[T], bool, error) we wouldn't have to introspect the error and could just return an error if error is non-nil and check the bool if it just wasn't there.

[joshua-kim]

Can we use set.Set here?

[joshua-kim]

I think these are duplicated - GetSlot is meant to be Expiry

[joshua-kim]

Should we use time.Duration here?

[joshua-kim]

nit: min(0, oldestAllowed)

[joshua-kim]

Nits:

1. receiver name should just be t
2. id -> blkID or blockID

[joshua-kim]

I don't care which we pick, but we should be consistent on the naming of either Foo() or GetFoo().

[tsachiherman]

I'm going to dodge this one by saying that this method is no longer needed.

[joshua-kim]

This seems weird because these are not returning txs

[tsachiherman]

yes, I agree. let's discuss this as a group ?

[aaronbuchwald]

Can we use the term containers?

[joshua-kim]

nit: make these (logger + tracer) the first args in this fn

[joshua-kim]

Seems like we're doing this to avoid the caller depending on an internal package. I'm wondering if it even makes sense for validitywindow to be in internal at all... should this just be merged into dsmr?

[tsachiherman]

@aaronbuchwald asked to remove this section completely.

[joshua-kim]

This exposes the internal/emap package into the caller. I think the previous wrapping pattern where we wrapped this interface w/ a type that implemented the emap interface actually looked cleaner.

[tsachiherman]

once merged, we won't need wrapping interface anymore. . unless I'm missing something ?

[aaronbuchwald]

I think @joshua-kim 's point is to have the internal type implemented as makes sense in this package and then wrap it with another type that converts between that structure and the required interface when we need to use it in the validity window or expiry map where we need a specific interface. Correct me if I'm wrong @joshua-kim

[tsachiherman]

done

[aaronbuchwald]

Can we use the term containers?

[aaronbuchwald]

Ah I meant a separate test case if we attempt to build an empty block: #1810

[aaronbuchwald]

I think @joshua-kim 's point is to have the internal type implemented as makes sense in this package and then wrap it with another type that converts between that structure and the required interface when we need to use it in the validity window or expiry map where we need a specific interface. Correct me if I'm wrong @joshua-kim

[aaronbuchwald]

Why are we adding the boolean here?

[joshua-kim]

My guess is that this is to return true/false, and use the error if something goes wrong instead of just returning the block type + an error, and you have to introspect the error using a check against database.ErrNotFound.

[tsachiherman]

@aaronbuchwald see @joshua-kim's request above to change the function signature to GetExecutionBlock() (ExecutionBlock[T], bool, error)

[aaronbuchwald]

When is it valid to not have an execution block that the validity window requests?

We should always have a window of blocks that goes past the time validity window. I am not sure of any case where not having a block ie. returning false should not also be treated as an error. Unless there is such a case, I think we're better off just returning an error and not adding to the return type here.

[aaronbuchwald]

I don't think we should return a boolean for hasBlock here, but if we did not have the block, we would not be able correctly verify the block. It's not safe to mark a block as passing verification if we are missing the information required to verify it, we must guarantee we don't reach a point like that in the first place.

[tsachiherman]

you're correct. I'll be adding an error case here which would be returned in case the hasBlock is false ( since it shouldn't happen ).

[joshua-kim]

We should be building this block through node.BuildBlock and calling Verify prior to calling Accept (see other tests as an example). This is technically not a valid block because it references an unknown parent instead of the last accepted block which would be caught if Verify was called on it. Building a block should generally take the form of calling BuildChunk -> BuildBlock -> Verify -> Accept

[joshua-kim]

We shouldn't have to call this, since the chunk cert is already added locally once the chunk is finished being built from node.BuildChunk, and remote chunks are added within Accept if we don't have them (ref).

I also think this is a weird way of writing the test because we're manually injecting the chunk into the database instead of testing how this would happen through the actual user-flow of dsmr. Maybe a better way would be to test the cases where you are calling BuildChunk a second time w/ the same args to make a duplicate chunk, and trying to build + accept the block? We should also test the case where a peer sends us a block referencing a duplicate chunk that we try to verify and fail.

[joshua-kim]

Can we just move this to the test body? It's only used once so I find that this makes the test more confusing to read.

[tsachiherman]

sure.

[joshua-kim]

nit: In our codebase we usually just call this tests

[joshua-kim]

Can we use newTestNode here? I think it would simplify a lot of the setup

[joshua-kim]

nit: can we move this to a const block at the top of the file?

[joshua-kim]

nit: can we call this something like testValidityWindow + an interface check at the top of this file?

[joshua-kim]

My guess is that this is to return true/false, and use the error if something goes wrong instead of just returning the block type + an error, and you have to introspect the error using a check against database.ErrNotFound.

[joshua-kim]

nit: ok is usually idiomatic in go for existence checks

[aaronbuchwald]

Can we rename this to a neutral name instead of txs like containers?