-
Notifications
You must be signed in to change notification settings - Fork 774
fix(chain): prefer block producer-matching parent in skip approval resolution #15597
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
ssavenko-near
wants to merge
6
commits into
master
Choose a base branch
from
slavas/fix-fork-parent
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+175
−21
Open
Changes from all commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
66a954e
fix(chain): prefer block producer-matching parent in skip approval re…
ssavenko-near 5c2b177
disable the test for SPICE
ssavenko-near d608977
review comments
ssavenko-near 64af9b3
test: port skip approval test to test-loop
darioush 8489cb4
doc: clarify run_until confirms distinct epoch ids
darioush 670cb1e
review comments
ssavenko-near File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Some comments aren't visible on the classic Files Changed page.
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,120 @@ | ||
| use crate::setup::builder::TestLoopBuilder; | ||
| use near_async::time::Duration; | ||
| use near_client::client_actor::AdvProduceBlockHeightSelection; | ||
| use near_o11y::testonly::init_test_logger; | ||
| use near_primitives::block::{Approval, ApprovalInner, ApprovalType}; | ||
| use near_primitives::hash::CryptoHash; | ||
| use near_primitives::test_utils::create_test_signer; | ||
|
|
||
| /// Regression test ensuring that `collect_block_approval`, when multiple blocks | ||
| /// exist at a skip approval's `parent_height`, prefers a parent hash under | ||
| /// which the current node is the block producer for `target_height`, so the | ||
| /// approval is not silently dropped. | ||
| /// | ||
| /// This test runs in multiple trials because the pre-fix behavior was | ||
| /// non-deterministic: an arbitrary hash was picked from `HashMap` iteration | ||
| /// order, which accidentally matched the current node's producer schedule in | ||
| /// roughly half the cases. Each trial: | ||
| /// - advance to the first block of a new epoch (fork_height), | ||
| /// - fork: produce a skip block at fork_height whose parent is at | ||
| /// fork_height - 2, so the skip block stays in the *previous* epoch while | ||
| /// the canonical block at fork_height is in the new epoch, | ||
| /// - scan for a target_height > fork_height where the two epochs disagree | ||
| /// on the block producer, choosing the producer under the skip epoch as | ||
| /// fork_producer (the only node that has both sibling blocks in its | ||
| /// store — others reject the adversarial skip for NotEnoughApprovals), | ||
| /// - inject a self-Skip(fork_height) approval into fork_producer and | ||
| /// assert it reaches doomslug. | ||
| #[test] | ||
| fn test_skip_approval_prefers_producer_matching_parent() { | ||
| init_test_logger(); | ||
|
Comment on lines
+28
to
+30
|
||
|
|
||
| let epoch_length = 10; | ||
| let num_validators = 2; | ||
| let mut env = | ||
| TestLoopBuilder::new().validators(num_validators, 0).epoch_length(epoch_length).build(); | ||
|
|
||
| // Advance past the first couple of epochs — they can share rng seeds and | ||
| // produce the same block-producer schedule, making "different epoch" | ||
| // forks indistinguishable. | ||
| env.validator_runner().run_until_new_epoch(); | ||
| env.validator_runner().run_until_new_epoch(); | ||
|
|
||
| // 4 trials leave a ~6% false-pass probability of the prior ~50% | ||
| // non-deterministic behavior (HashMap iteration order). | ||
| let mut need_success = 4; | ||
| let mut iter = 0; | ||
| while need_success > 0 { | ||
| iter += 1; | ||
| assert!(iter <= 20, "ran out of iterations without finding enough testable boundaries"); | ||
|
|
||
| env.validator_runner().run_until_new_epoch(); | ||
| let fork_height = env.validator().head().height; | ||
| let canonical_epoch = env.validator().head().epoch_id; | ||
|
|
||
| let prev_block_hash = env | ||
| .validator() | ||
| .client() | ||
| .chain | ||
| .chain_store() | ||
| .get_block_hash_by_height(fork_height - 2) | ||
| .unwrap(); | ||
| let epoch_manager = env.validator().client().epoch_manager.clone(); | ||
| let skip_epoch = epoch_manager.get_epoch_id_from_prev_block(&prev_block_hash).unwrap(); | ||
| if skip_epoch == canonical_epoch { | ||
| tracing::warn!(fork_height, "no epoch boundary, skipping trial"); | ||
| continue; | ||
| } | ||
|
|
||
| let fork_producer = epoch_manager.get_block_producer(&skip_epoch, fork_height).unwrap(); | ||
| let Some(target_height) = (fork_height + 2..fork_height + 50).find_map(|target_height| { | ||
| let p_canonical = | ||
| epoch_manager.get_block_producer(&canonical_epoch, target_height).ok()?; | ||
| let p_skip = epoch_manager.get_block_producer(&skip_epoch, target_height).ok()?; | ||
| (p_canonical != p_skip && p_skip == fork_producer).then_some(target_height) | ||
| }) else { | ||
| tracing::warn!(fork_height, "no usable target_height, skipping trial"); | ||
| continue; | ||
| }; | ||
|
|
||
| // Produce a skip block at fork_height whose parent is at fork_height - 2, | ||
| // creating a sibling of the canonical block at fork_height in a | ||
| // different epoch. | ||
| env.node_for_account_mut(&fork_producer).client_actor().adv_produce_blocks_on( | ||
| 1, | ||
| true, | ||
| AdvProduceBlockHeightSelection::SelectedHeightOnSelectedBlock { | ||
| produced_block_height: fork_height, | ||
| base_block_height: fork_height - 2, | ||
| }, | ||
| ); | ||
|
|
||
| // Wait for the fork block to land in fork_producer's chain store. | ||
| // `adv_produce_blocks_on` schedules async block processing, so the | ||
| // fork is not visible immediately. `get_all_block_hashes_by_height` | ||
| // returns a map keyed by epoch id, so `keys().len() >= 2` confirms | ||
| // the two siblings are in two different epochs. | ||
| env.runner_for_account(&fork_producer).run_until( | ||
| |node| { | ||
| let blocks = | ||
| node.client().chain.chain_store().get_all_block_hashes_by_height(fork_height); | ||
| blocks.keys().len() >= 2 | ||
| }, | ||
| Duration::seconds(10), | ||
| ); | ||
|
|
||
| let signer = create_test_signer(fork_producer.as_str()); | ||
| let approval = Approval::new(CryptoHash::default(), fork_height, target_height, &signer); | ||
| assert!(matches!(approval.inner, ApprovalInner::Skip(_))); | ||
|
|
||
| let mut node = env.node_for_account_mut(&fork_producer); | ||
| let client = &mut node.client_actor().client; | ||
| client.collect_block_approval(&approval, ApprovalType::SelfApproval); | ||
| assert!( | ||
| !client.doomslug.approval_status_at_height(&target_height).approvals.is_empty(), | ||
| "approval should reach doomslug at fork_height {fork_height}", | ||
| ); | ||
|
|
||
| need_success -= 1; | ||
| } | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
resolve_skip_parentalways iterates over all hashes whenmy_account_idisNonebecause the.find(..)predicate can never succeed. This is a small but unnecessary performance regression vs the previousnext()behavior. Consider an early return whenmy_account_id.is_none()(or restructure to computefirstviaiter.next()and only do the producer-matching scan whenSome).