-
Notifications
You must be signed in to change notification settings - Fork 175
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Collectioncompliance
, epochmgr
Engines Implement component.Component
#3248
Collectioncompliance
, epochmgr
Engines Implement component.Component
#3248
Conversation
component.Component
component.Component
component.Component
compliance
, epochmgr
Engines Implement component.Component
…omponent-pattern-ln-engine
// wait for shutdown to be commenced | ||
<-ctx.Done() | ||
// wait for compliance engine and event loop to shut down | ||
<-util.AllDone(components.prop, components.sync, components.voteAggregator, components.timeoutAggregator) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can itself shut down before other components to shut down?
would it miss a few events if it's shut down earlier?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can itself shut down before other components to shut down?
Do you mean, "can the epochmgr
engine shut down before the epoch components shut down?" (What is itself
referring to?)
would it miss a few events if it's shut down earlier?
Yes, although I think we can miss events regardless of the order in which we are shutting down. Shutting down means, we are either turning off an old cluster consensus or shutting down the whole node. In neither case are missed events problematic from my perspective.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I see. the ctx is actually the shut down signal itself.
I thought it was an engine's Done channel, actually we are moving away from that pattern.
Codecov Report
@@ Coverage Diff @@
## feature/active-pacemaker #3248 +/- ##
=========================================================
Coverage 55.26% 55.27%
=========================================================
Files 746 748 +2
Lines 69325 69350 +25
=========================================================
+ Hits 38314 38330 +16
- Misses 27880 27889 +9
Partials 3131 3131
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
// wait for shutdown to be commenced | ||
<-ctx.Done() | ||
// wait for compliance engine and event loop to shut down | ||
<-util.AllDone(components.prop, components.sync, components.voteAggregator, components.timeoutAggregator) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I see. the ctx is actually the shut down signal itself.
I thought it was an engine's Done channel, actually we are moving away from that pattern.
…github.com:onflow/flow-go into jordan/6263-compliance-component-pattern-ln-engine
CI Test Failure:
|
…omponent-pattern-ln-engine
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First batch of comments
return e.lm.Stopped() | ||
} | ||
e.log.Info().Msg("starting hotstuff") | ||
e.core.hotstuff.Start(ctx) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
since both hotstuff and compliance are separate module which implement component.Component
, do we want to start hotstuff from compliance engine? I would say we could start it as separate component, that would be more explicit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moreover it will simplify design of compliance engine
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Totally agree - might be better to do that along with MessageHub
though. I feel like changing it now would largely get clobbered by MessageHub
rewiring
engine/collection/epochmgr/engine.go
Outdated
} | ||
|
||
e.cm = component.NewComponentManagerBuilder(). | ||
AddWorker(e.handleEpochSetupPhaseStartedLoop). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we really need 3 different worker threads to dispatch very infrequent events? I feel like it's unnecessary
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
e.comp.SubmitLocal(synced) | ||
// forward the block to the compliance engine for validation and processing | ||
// we use the network.MessageProcessor interface here because the block is un-validated | ||
err := e.comp.Process(channels.SyncCluster(block.Header.ChainID), originID, synced) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we need to pass me.NodeID() here instead of originID, original sender is already part of SyncedClusterBlock
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I feel like we're mixing practices a bit here.
- We decided to use
Process
API, because the messages have not been validated (should be treated as originating from another node) - But passing
me.NodeID()
asoriginID
indicates the message originates from this node (trusted)
The MessageProcessor interface says
Lines 43 to 47 in 6a39c8c
// MessageProcessor represents a component which receives messages from the | |
// networking layer. Since these messages come from other nodes, which may | |
// be Byzantine, implementations must expect and handle arbitrary message inputs | |
// (including invalid message types, malformed messages, etc.). Because of this, | |
// node-internal messages should NEVER be submitted to a component using Process. |
Overall I think the API doesn't fit well with this usage pattern, where an untrusted message is passing through an internal component, without being validated first. Though setting originID
to the local node ID for an untrusted message seems like the worse of two not-great options here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure here. We need to define clear rules how should we treat such cases.
For instance sync engine doesn't do any checks so technically it's an untrusted input on other side it didn't come from network layer but from the sync engine.
I would treat this case as general one as if message comes from unknown origin and only use trusted callbacks when we actually need different processing logic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, for now I will do that and pass me.NodeID
with a comment.
Co-authored-by: Yurii Oleksyshyn <yuraolex@gmail.com>
…github.com:onflow/flow-go into jordan/6263-compliance-component-pattern-ln-engine
…omponent-pattern-ln-engine
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, thanks, very solid. The only thing is we need to decide on message passing pattern between different components, otherwise all good.
bors merge |
3294: Front-Load HotStuff Verification Pt. 1: Update Compliance Engines r=jordanschalm a=jordanschalm This PR modifies compliance engines to front-load HotStuff verification: * Once a block connects to the finalized state, we validate the proposal using HotStuff first, and only then attempt to extend the state (compliance checks) * This means, all blocks in storage have been fully validated (there is no need for a separate `MarkValid` step)⚠️ Depends on #3248 👉 Removing `MarkValid` will be done in a separate PR: #3303 Co-authored-by: Jordan Schalm <jordan@dapperlabs.com>
3294: Front-Load HotStuff Verification Pt. 1: Update Compliance Engines r=jordanschalm a=jordanschalm This PR modifies compliance engines to front-load HotStuff verification: * Once a block connects to the finalized state, we validate the proposal using HotStuff first, and only then attempt to extend the state (compliance checks) * This means, all blocks in storage have been fully validated (there is no need for a separate `MarkValid` step)⚠️ Depends on #3248 👉 Removing `MarkValid` will be done in a separate PR: #3303 Co-authored-by: Jordan Schalm <jordan@dapperlabs.com>
3294: Front-Load HotStuff Verification Pt. 1: Update Compliance Engines r=jordanschalm a=jordanschalm This PR modifies compliance engines to front-load HotStuff verification: * Once a block connects to the finalized state, we validate the proposal using HotStuff first, and only then attempt to extend the state (compliance checks) * This means, all blocks in storage have been fully validated (there is no need for a separate `MarkValid` step)⚠️ Depends on #3248 👉 Removing `MarkValid` will be done in a separate PR: #3303 Co-authored-by: Jordan Schalm <jordan@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co>
This PR updates
collection/compliance.Engine
andcollection/epochmgr.Engine
to implementcomponent.Component
(#3121, but for collection nodes).