2020-10-16 16:44:30 -07:00
|
|
|
//! Checkpoint-based block verification.
|
2020-06-21 15:51:43 -07:00
|
|
|
//!
|
2020-10-16 16:44:30 -07:00
|
|
|
//! Checkpoint-based verification uses a list of checkpoint hashes to
|
|
|
|
|
//! speed up the initial chain sync for Zebra. This list is distributed
|
|
|
|
|
//! with Zebra.
|
2020-06-21 15:51:43 -07:00
|
|
|
//!
|
2020-10-16 16:44:30 -07:00
|
|
|
//! The checkpoint verifier queues pending blocks. Once there is a
|
|
|
|
|
//! chain from the previous checkpoint to a target checkpoint, it
|
|
|
|
|
//! verifies all the blocks in that chain, and sends accepted blocks to
|
|
|
|
|
//! the state service as finalized chain state, skipping contextual
|
|
|
|
|
//! verification checks.
|
2020-07-08 04:22:36 -07:00
|
|
|
//!
|
2020-10-16 16:44:30 -07:00
|
|
|
//! Verification starts at the first checkpoint, which is the genesis
|
|
|
|
|
//! block for the configured network.
|
2020-06-21 15:51:43 -07:00
|
|
|
|
|
|
|
|
use std::{
|
2020-11-24 19:55:15 -08:00
|
|
|
collections::{BTreeMap, HashSet},
|
2020-06-21 15:51:43 -07:00
|
|
|
future::Future,
|
2020-07-09 23:51:01 -07:00
|
|
|
ops::{Bound, Bound::*},
|
2020-06-21 15:51:43 -07:00
|
|
|
pin::Pin,
|
|
|
|
|
sync::Arc,
|
|
|
|
|
task::{Context, Poll},
|
|
|
|
|
};
|
2020-09-09 18:53:40 -07:00
|
|
|
|
|
|
|
|
use futures_util::FutureExt;
|
2020-09-21 11:54:06 -07:00
|
|
|
use thiserror::Error;
|
2020-07-08 04:22:36 -07:00
|
|
|
use tokio::sync::oneshot;
|
2020-09-02 21:23:57 -07:00
|
|
|
use tower::{Service, ServiceExt};
|
2020-06-21 15:51:43 -07:00
|
|
|
|
2020-10-09 02:05:09 -07:00
|
|
|
use tracing::instrument;
|
2020-08-15 15:45:37 -07:00
|
|
|
use zebra_chain::{
|
2020-08-16 11:42:02 -07:00
|
|
|
block::{self, Block},
|
2020-10-12 14:08:23 -07:00
|
|
|
parameters::{Network, GENESIS_PREVIOUS_BLOCK_HASH},
|
2020-08-15 15:45:37 -07:00
|
|
|
};
|
2020-09-09 18:53:40 -07:00
|
|
|
use zebra_state as zs;
|
|
|
|
|
|
2020-10-12 14:08:23 -07:00
|
|
|
use crate::BoxError;
|
2020-06-21 15:51:43 -07:00
|
|
|
|
2020-09-09 18:53:40 -07:00
|
|
|
pub(crate) mod list;
|
|
|
|
|
mod types;
|
|
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
mod tests;
|
|
|
|
|
|
|
|
|
|
pub(crate) use list::CheckpointList;
|
|
|
|
|
use types::{Progress, Progress::*};
|
2020-11-12 16:11:25 -08:00
|
|
|
use types::{TargetHeight, TargetHeight::*};
|
2020-07-08 04:22:36 -07:00
|
|
|
|
|
|
|
|
/// An unverified block, which is in the queue for checkpoint verification.
|
|
|
|
|
#[derive(Debug)]
|
|
|
|
|
struct QueuedBlock {
|
|
|
|
|
/// The block data.
|
|
|
|
|
block: Arc<Block>,
|
|
|
|
|
/// `block`'s cached header hash.
|
2020-08-15 23:20:01 -07:00
|
|
|
hash: block::Hash,
|
2020-07-08 04:22:36 -07:00
|
|
|
/// The transmitting end of the oneshot channel for this block's result.
|
2020-09-21 11:54:06 -07:00
|
|
|
tx: oneshot::Sender<Result<block::Hash, VerifyCheckpointError>>,
|
2020-07-08 04:22:36 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// A list of unverified blocks at a particular height.
|
|
|
|
|
///
|
2020-07-15 13:27:10 -07:00
|
|
|
/// Typically contains a single block, but might contain more if a peer
|
2020-07-08 04:22:36 -07:00
|
|
|
/// has an old chain fork. (Or sends us a bad block.)
|
2020-07-15 13:27:10 -07:00
|
|
|
///
|
|
|
|
|
/// The CheckpointVerifier avoids creating zero-block lists.
|
2020-07-08 04:22:36 -07:00
|
|
|
type QueuedBlockList = Vec<QueuedBlock>;
|
2020-06-21 15:51:43 -07:00
|
|
|
|
2020-07-15 13:27:10 -07:00
|
|
|
/// The maximum number of queued blocks at any one height.
|
|
|
|
|
///
|
|
|
|
|
/// This value is a tradeoff between:
|
|
|
|
|
/// - rejecting bad blocks: if we queue more blocks, we need fewer network
|
|
|
|
|
/// retries, but use a bit more CPU when verifying,
|
|
|
|
|
/// - avoiding a memory DoS: if we queue fewer blocks, we use less memory.
|
|
|
|
|
///
|
|
|
|
|
/// Memory usage is controlled by the sync service, because it controls block
|
|
|
|
|
/// downloads. When the verifier services process blocks, they reduce memory
|
|
|
|
|
/// usage by committing blocks to the disk state. (Or dropping invalid blocks.)
|
|
|
|
|
pub const MAX_QUEUED_BLOCKS_PER_HEIGHT: usize = 4;
|
|
|
|
|
|
2020-07-25 00:53:00 -07:00
|
|
|
/// We limit the maximum number of blocks in each checkpoint. Each block uses a
|
|
|
|
|
/// constant amount of memory for the supporting data structures and futures.
|
2020-10-25 18:49:24 -07:00
|
|
|
///
|
|
|
|
|
/// We choose a checkpoint gap that allows us to verify one checkpoint for
|
|
|
|
|
/// every `ObtainTips` or `ExtendTips` response.
|
|
|
|
|
///
|
|
|
|
|
/// `zcashd`'s maximum `FindBlocks` response size is 500 hashes. `zebrad` uses
|
|
|
|
|
/// 1 hash to verify the tip, and discards 1-2 hashes to work around `zcashd`
|
|
|
|
|
/// bugs. So the most efficient gap is slightly less than 500 blocks.
|
|
|
|
|
pub const MAX_CHECKPOINT_HEIGHT_GAP: usize = 400;
|
2020-07-25 00:53:00 -07:00
|
|
|
|
2021-01-13 01:10:48 -08:00
|
|
|
/// We limit the memory usage and download contention for each checkpoint,
|
|
|
|
|
/// based on the cumulative size of the serialized blocks in the chain.
|
|
|
|
|
///
|
|
|
|
|
/// Deserialized blocks (in memory) are slightly larger than serialized blocks
|
|
|
|
|
/// (on the network or disk). But they should be within a constant factor of the
|
|
|
|
|
/// serialized size.
|
|
|
|
|
pub const MAX_CHECKPOINT_BYTE_COUNT: u64 = 32 * 1024 * 1024;
|
|
|
|
|
|
2020-07-08 04:22:36 -07:00
|
|
|
/// A checkpointing block verifier.
|
|
|
|
|
///
|
|
|
|
|
/// Verifies blocks using a supplied list of checkpoints. There must be at
|
|
|
|
|
/// least one checkpoint for the genesis block.
|
|
|
|
|
#[derive(Debug)]
|
2020-09-02 21:23:57 -07:00
|
|
|
pub struct CheckpointVerifier<S>
|
|
|
|
|
where
|
2020-09-09 18:53:40 -07:00
|
|
|
S: Service<zs::Request, Response = zs::Response, Error = BoxError> + Send + Clone + 'static,
|
2020-09-02 21:23:57 -07:00
|
|
|
S::Future: Send + 'static,
|
|
|
|
|
{
|
2020-07-08 04:22:36 -07:00
|
|
|
/// The checkpoint list for this verifier.
|
|
|
|
|
checkpoint_list: CheckpointList,
|
|
|
|
|
|
2020-07-23 18:47:48 -07:00
|
|
|
/// The hash of the initial tip, if any.
|
2020-08-15 23:20:01 -07:00
|
|
|
initial_tip_hash: Option<block::Hash>,
|
2020-07-23 18:47:48 -07:00
|
|
|
|
2020-09-02 21:23:57 -07:00
|
|
|
/// The underlying state service, possibly wrapped in other services.
|
|
|
|
|
state_service: S,
|
|
|
|
|
|
2020-07-08 04:22:36 -07:00
|
|
|
/// A queue of unverified blocks.
|
|
|
|
|
///
|
|
|
|
|
/// Contains a list of unverified blocks at each block height. In most cases,
|
|
|
|
|
/// the checkpoint verifier will store zero or one block at each height.
|
|
|
|
|
///
|
|
|
|
|
/// Blocks are verified in order, once there is a chain from the previous
|
|
|
|
|
/// checkpoint to a target checkpoint.
|
|
|
|
|
///
|
|
|
|
|
/// The first checkpoint does not have any ancestors, so it only verifies the
|
|
|
|
|
/// genesis block.
|
2020-08-16 11:42:02 -07:00
|
|
|
queued: BTreeMap<block::Height, QueuedBlockList>,
|
2020-07-08 04:22:36 -07:00
|
|
|
|
|
|
|
|
/// The current progress of this verifier.
|
2020-08-16 11:42:02 -07:00
|
|
|
verifier_progress: Progress<block::Height>,
|
2020-07-08 04:22:36 -07:00
|
|
|
}
|
|
|
|
|
|
2020-09-02 21:23:57 -07:00
|
|
|
impl<S> CheckpointVerifier<S>
|
|
|
|
|
where
|
2020-09-09 18:53:40 -07:00
|
|
|
S: Service<zs::Request, Response = zs::Response, Error = BoxError> + Send + Clone + 'static,
|
2020-09-02 21:23:57 -07:00
|
|
|
S::Future: Send + 'static,
|
|
|
|
|
{
|
2020-07-21 06:11:51 -07:00
|
|
|
/// Return a checkpoint verification service for `network`, using the
|
2020-09-02 21:23:57 -07:00
|
|
|
/// hard-coded checkpoint list, and the provided `state_service`.
|
|
|
|
|
///
|
|
|
|
|
/// If `initial_tip` is Some(_), the verifier starts at that initial tip.
|
|
|
|
|
/// The initial tip can be between the checkpoints in the hard-coded
|
|
|
|
|
/// checkpoint list.
|
|
|
|
|
///
|
|
|
|
|
/// The checkpoint verifier holds a state service of type `S`, into which newly
|
|
|
|
|
/// verified blocks will be committed. This state is pluggable to allow for
|
|
|
|
|
/// testing or instrumentation.
|
2020-07-08 04:22:36 -07:00
|
|
|
///
|
2020-07-21 06:11:51 -07:00
|
|
|
/// This function should be called only once for a particular network, rather
|
|
|
|
|
/// than constructing multiple verification services for the same network. To
|
2020-07-23 18:47:48 -07:00
|
|
|
/// clone a CheckpointVerifier, you might need to wrap it in a
|
2020-07-21 06:11:51 -07:00
|
|
|
/// `tower::Buffer` service.
|
2020-10-17 23:24:38 -07:00
|
|
|
#[allow(dead_code)]
|
2020-09-10 09:49:13 -07:00
|
|
|
pub fn new(
|
|
|
|
|
network: Network,
|
|
|
|
|
initial_tip: Option<(block::Height, block::Hash)>,
|
|
|
|
|
state_service: S,
|
|
|
|
|
) -> Self {
|
2020-07-21 06:02:20 -07:00
|
|
|
let checkpoint_list = CheckpointList::new(network);
|
|
|
|
|
let max_height = checkpoint_list.max_height();
|
2020-07-23 18:47:48 -07:00
|
|
|
tracing::info!(
|
|
|
|
|
?max_height,
|
|
|
|
|
?network,
|
2020-09-10 09:49:13 -07:00
|
|
|
?initial_tip,
|
2020-07-23 18:47:48 -07:00
|
|
|
"initialising CheckpointVerifier"
|
|
|
|
|
);
|
2020-09-02 21:23:57 -07:00
|
|
|
Self::from_checkpoint_list(checkpoint_list, initial_tip, state_service)
|
2020-07-21 06:11:51 -07:00
|
|
|
}
|
|
|
|
|
|
2020-09-02 21:23:57 -07:00
|
|
|
/// Return a checkpoint verification service using `list`, `initial_tip`,
|
|
|
|
|
/// and `state_service`.
|
2020-07-21 06:11:51 -07:00
|
|
|
///
|
|
|
|
|
/// Assumes that the provided genesis checkpoint is correct.
|
|
|
|
|
///
|
2020-07-20 21:09:19 -07:00
|
|
|
/// Callers should prefer `CheckpointVerifier::new`, which uses the
|
2020-09-02 21:23:57 -07:00
|
|
|
/// hard-coded checkpoint lists, or `CheckpointList::from_list` if you need
|
|
|
|
|
/// to specify a custom checkpoint list. See those functions for more
|
|
|
|
|
/// details.
|
|
|
|
|
///
|
|
|
|
|
/// This function is designed for use in tests.
|
2020-07-21 06:11:51 -07:00
|
|
|
#[allow(dead_code)]
|
|
|
|
|
pub(crate) fn from_list(
|
2020-08-16 11:42:02 -07:00
|
|
|
list: impl IntoIterator<Item = (block::Height, block::Hash)>,
|
2020-09-10 09:49:13 -07:00
|
|
|
initial_tip: Option<(block::Height, block::Hash)>,
|
2020-09-02 21:23:57 -07:00
|
|
|
state_service: S,
|
2020-09-21 11:54:06 -07:00
|
|
|
) -> Result<Self, VerifyCheckpointError> {
|
2020-07-23 18:47:48 -07:00
|
|
|
Ok(Self::from_checkpoint_list(
|
2020-09-21 11:54:06 -07:00
|
|
|
CheckpointList::from_list(list).map_err(VerifyCheckpointError::CheckpointList)?,
|
2020-07-23 18:47:48 -07:00
|
|
|
initial_tip,
|
2020-09-02 21:23:57 -07:00
|
|
|
state_service,
|
2020-07-23 18:47:48 -07:00
|
|
|
))
|
2020-07-21 06:11:51 -07:00
|
|
|
}
|
|
|
|
|
|
2020-09-02 21:23:57 -07:00
|
|
|
/// Return a checkpoint verification service using `checkpoint_list`,
|
|
|
|
|
/// `initial_tip`, and `state_service`.
|
|
|
|
|
///
|
|
|
|
|
/// Assumes that the provided genesis checkpoint is correct.
|
2020-07-21 06:11:51 -07:00
|
|
|
///
|
2020-07-20 21:09:19 -07:00
|
|
|
/// Callers should prefer `CheckpointVerifier::new`, which uses the
|
2020-09-02 21:23:57 -07:00
|
|
|
/// hard-coded checkpoint lists. See that function for more details.
|
2020-07-23 18:47:48 -07:00
|
|
|
pub(crate) fn from_checkpoint_list(
|
|
|
|
|
checkpoint_list: CheckpointList,
|
2020-09-10 09:49:13 -07:00
|
|
|
initial_tip: Option<(block::Height, block::Hash)>,
|
2020-09-02 21:23:57 -07:00
|
|
|
state_service: S,
|
2020-07-23 18:47:48 -07:00
|
|
|
) -> Self {
|
2020-07-21 06:11:51 -07:00
|
|
|
// All the initialisers should call this function, so we only have to
|
|
|
|
|
// change fields or default values in one place.
|
2020-07-23 18:47:48 -07:00
|
|
|
let (initial_tip_hash, verifier_progress) = match initial_tip {
|
2020-09-10 09:49:13 -07:00
|
|
|
Some((height, hash)) => {
|
|
|
|
|
if height >= checkpoint_list.max_height() {
|
2020-07-23 18:47:48 -07:00
|
|
|
(None, Progress::FinalCheckpoint)
|
|
|
|
|
} else {
|
2021-01-11 18:28:56 -08:00
|
|
|
metrics::gauge!("checkpoint.verified.height", height.0 as f64);
|
|
|
|
|
metrics::gauge!("checkpoint.processing.next.height", height.0 as f64);
|
2020-09-10 09:49:13 -07:00
|
|
|
(Some(hash), Progress::InitialTip(height))
|
2020-07-23 18:47:48 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// We start by verifying the genesis block, by itself
|
|
|
|
|
None => (None, Progress::BeforeGenesis),
|
|
|
|
|
};
|
2020-07-21 06:11:51 -07:00
|
|
|
CheckpointVerifier {
|
|
|
|
|
checkpoint_list,
|
2020-07-23 18:47:48 -07:00
|
|
|
initial_tip_hash,
|
2020-09-02 21:23:57 -07:00
|
|
|
state_service,
|
2020-07-08 04:22:36 -07:00
|
|
|
queued: BTreeMap::new(),
|
2020-07-23 18:47:48 -07:00
|
|
|
verifier_progress,
|
2020-07-21 06:11:51 -07:00
|
|
|
}
|
2020-07-08 04:22:36 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Return the current verifier's progress.
|
|
|
|
|
///
|
2020-07-23 18:47:48 -07:00
|
|
|
/// If verification has not started yet, returns `BeforeGenesis`,
|
|
|
|
|
/// or `InitialTip(height)` if there were cached verified blocks.
|
2020-07-08 04:22:36 -07:00
|
|
|
///
|
|
|
|
|
/// If verification is ongoing, returns `PreviousCheckpoint(height)`.
|
|
|
|
|
/// `height` increases as checkpoints are verified.
|
|
|
|
|
///
|
|
|
|
|
/// If verification has finished, returns `FinalCheckpoint`.
|
2020-08-16 11:42:02 -07:00
|
|
|
fn previous_checkpoint_height(&self) -> Progress<block::Height> {
|
2020-07-08 04:22:36 -07:00
|
|
|
self.verifier_progress
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Return the start of the current checkpoint range.
|
|
|
|
|
///
|
|
|
|
|
/// Returns None if verification has finished.
|
2020-08-16 11:42:02 -07:00
|
|
|
fn current_start_bound(&self) -> Option<Bound<block::Height>> {
|
2020-07-08 04:22:36 -07:00
|
|
|
match self.previous_checkpoint_height() {
|
|
|
|
|
BeforeGenesis => Some(Unbounded),
|
2020-07-23 18:47:48 -07:00
|
|
|
InitialTip(height) | PreviousCheckpoint(height) => Some(Excluded(height)),
|
2020-07-08 04:22:36 -07:00
|
|
|
FinalCheckpoint => None,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Return the target checkpoint height that we want to verify.
|
|
|
|
|
///
|
|
|
|
|
/// If we need more blocks, returns `WaitingForBlocks`.
|
|
|
|
|
///
|
|
|
|
|
/// If the queued blocks are continuous from the previous checkpoint to a
|
|
|
|
|
/// target checkpoint, returns `Checkpoint(height)`. The target checkpoint
|
|
|
|
|
/// can be multiple checkpoints ahead of the previous checkpoint.
|
|
|
|
|
///
|
|
|
|
|
/// `height` increases as checkpoints are verified.
|
|
|
|
|
///
|
|
|
|
|
/// If verification has finished, returns `FinishedVerifying`.
|
2020-11-12 16:11:25 -08:00
|
|
|
fn target_checkpoint_height(&self) -> TargetHeight {
|
2020-07-08 04:22:36 -07:00
|
|
|
// Find the height we want to start searching at
|
2020-10-21 20:06:26 -07:00
|
|
|
let start_height = match self.previous_checkpoint_height() {
|
2020-07-08 04:22:36 -07:00
|
|
|
// Check if we have the genesis block as a special case, to simplify the loop
|
2020-08-16 11:42:02 -07:00
|
|
|
BeforeGenesis if !self.queued.contains_key(&block::Height(0)) => {
|
2020-09-03 15:06:21 -07:00
|
|
|
tracing::trace!("Waiting for genesis block");
|
|
|
|
|
metrics::counter!("checkpoint.waiting.count", 1);
|
2020-07-22 11:54:52 -07:00
|
|
|
return WaitingForBlocks;
|
|
|
|
|
}
|
2020-08-16 11:42:02 -07:00
|
|
|
BeforeGenesis => block::Height(0),
|
2020-07-23 18:47:48 -07:00
|
|
|
InitialTip(height) | PreviousCheckpoint(height) => height,
|
2020-07-08 04:22:36 -07:00
|
|
|
FinalCheckpoint => return FinishedVerifying,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// Find the end of the continuous sequence of blocks, starting at the
|
|
|
|
|
// last verified checkpoint. If there is no verified checkpoint, start
|
|
|
|
|
// *after* the genesis block (which we checked above).
|
|
|
|
|
//
|
|
|
|
|
// If `btree_map::Range` implements `ExactSizeIterator`, it would be
|
|
|
|
|
// much faster to walk the checkpoint list, and compare the length of
|
|
|
|
|
// the `btree_map::Range` to the block height difference between
|
|
|
|
|
// checkpoints. (In maps, keys are unique, so we don't need to check
|
|
|
|
|
// each height value.)
|
|
|
|
|
//
|
|
|
|
|
// But at the moment, this implementation is slightly faster, because
|
|
|
|
|
// it stops after the first gap.
|
2020-10-21 20:06:26 -07:00
|
|
|
let mut pending_height = start_height;
|
2020-07-08 04:22:36 -07:00
|
|
|
for (&height, _) in self.queued.range((Excluded(pending_height), Unbounded)) {
|
|
|
|
|
// If the queued blocks are continuous.
|
2020-08-16 11:42:02 -07:00
|
|
|
if height == block::Height(pending_height.0 + 1) {
|
2020-07-08 04:22:36 -07:00
|
|
|
pending_height = height;
|
|
|
|
|
} else {
|
2020-08-27 02:16:56 -07:00
|
|
|
let gap = height.0 - pending_height.0;
|
|
|
|
|
// Try to log a useful message when checkpointing has issues
|
|
|
|
|
tracing::trace!(contiguous_height = ?pending_height,
|
|
|
|
|
next_height = ?height,
|
|
|
|
|
?gap,
|
|
|
|
|
"Waiting for more checkpoint blocks");
|
2020-07-08 04:22:36 -07:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-10-21 20:06:26 -07:00
|
|
|
metrics::gauge!(
|
|
|
|
|
"checkpoint.queued.continuous.height",
|
2021-01-11 18:28:56 -08:00
|
|
|
pending_height.0 as f64
|
2020-10-21 20:06:26 -07:00
|
|
|
);
|
2020-07-08 04:22:36 -07:00
|
|
|
|
|
|
|
|
// Now find the start of the checkpoint range
|
|
|
|
|
let start = self.current_start_bound().expect(
|
|
|
|
|
"if verification has finished, we should have returned earlier in the function",
|
|
|
|
|
);
|
|
|
|
|
// Find the highest checkpoint below pending_height, excluding any
|
|
|
|
|
// previously verified checkpoints
|
|
|
|
|
let target_checkpoint = self
|
|
|
|
|
.checkpoint_list
|
|
|
|
|
.max_height_in_range((start, Included(pending_height)));
|
|
|
|
|
|
2020-09-03 15:06:21 -07:00
|
|
|
tracing::trace!(
|
2020-07-22 11:54:52 -07:00
|
|
|
checkpoint_start = ?start,
|
|
|
|
|
highest_contiguous_block = ?pending_height,
|
|
|
|
|
?target_checkpoint
|
|
|
|
|
);
|
|
|
|
|
|
2020-09-03 15:06:21 -07:00
|
|
|
if let Some(block::Height(target_checkpoint)) = target_checkpoint {
|
2020-10-21 20:06:26 -07:00
|
|
|
metrics::gauge!(
|
|
|
|
|
"checkpoint.processing.next.height",
|
2021-01-11 18:28:56 -08:00
|
|
|
target_checkpoint as f64
|
2020-10-21 20:06:26 -07:00
|
|
|
);
|
2020-09-03 15:06:21 -07:00
|
|
|
} else {
|
2020-10-21 20:06:26 -07:00
|
|
|
// Use the start height if there is no potential next checkpoint
|
2021-01-11 18:28:56 -08:00
|
|
|
metrics::gauge!("checkpoint.processing.next.height", start_height.0 as f64);
|
2020-09-03 15:06:21 -07:00
|
|
|
metrics::counter!("checkpoint.waiting.count", 1);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-08 04:22:36 -07:00
|
|
|
target_checkpoint
|
|
|
|
|
.map(Checkpoint)
|
|
|
|
|
.unwrap_or(WaitingForBlocks)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Return the most recently verified checkpoint's hash.
|
|
|
|
|
///
|
|
|
|
|
/// See `previous_checkpoint_height()` for details.
|
2020-08-15 23:20:01 -07:00
|
|
|
fn previous_checkpoint_hash(&self) -> Progress<block::Hash> {
|
2020-07-08 04:22:36 -07:00
|
|
|
match self.previous_checkpoint_height() {
|
|
|
|
|
BeforeGenesis => BeforeGenesis,
|
2020-07-23 18:47:48 -07:00
|
|
|
InitialTip(_) => self
|
|
|
|
|
.initial_tip_hash
|
|
|
|
|
.map(InitialTip)
|
|
|
|
|
.expect("initial tip height must have an initial tip hash"),
|
2020-07-08 04:22:36 -07:00
|
|
|
PreviousCheckpoint(height) => self
|
|
|
|
|
.checkpoint_list
|
|
|
|
|
.hash(height)
|
|
|
|
|
.map(PreviousCheckpoint)
|
|
|
|
|
.expect("every checkpoint height must have a hash"),
|
|
|
|
|
FinalCheckpoint => FinalCheckpoint,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Check that `height` is valid and able to be verified.
|
|
|
|
|
///
|
|
|
|
|
/// Returns an error if:
|
|
|
|
|
/// - the block's height is greater than the maximum checkpoint
|
|
|
|
|
/// - there are no checkpoints
|
|
|
|
|
/// - the block's height is less than or equal to the previously verified
|
|
|
|
|
/// checkpoint
|
|
|
|
|
/// - verification has finished
|
2020-09-21 11:54:06 -07:00
|
|
|
fn check_height(&self, height: block::Height) -> Result<(), VerifyCheckpointError> {
|
2020-07-08 04:22:36 -07:00
|
|
|
if height > self.checkpoint_list.max_height() {
|
2020-11-06 11:07:30 -08:00
|
|
|
Err(VerifyCheckpointError::TooHigh {
|
|
|
|
|
height,
|
|
|
|
|
max_height: self.checkpoint_list.max_height(),
|
|
|
|
|
})?;
|
2020-07-08 04:22:36 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
match self.previous_checkpoint_height() {
|
|
|
|
|
// Any height is valid
|
|
|
|
|
BeforeGenesis => {}
|
|
|
|
|
// Greater heights are valid
|
2020-07-23 18:47:48 -07:00
|
|
|
InitialTip(previous_height) | PreviousCheckpoint(previous_height)
|
|
|
|
|
if (height <= previous_height) =>
|
|
|
|
|
{
|
2020-11-06 11:07:30 -08:00
|
|
|
let e = Err(VerifyCheckpointError::AlreadyVerified {
|
|
|
|
|
height,
|
|
|
|
|
verified_height: previous_height,
|
|
|
|
|
});
|
2020-11-12 11:43:17 -08:00
|
|
|
tracing::trace!(?e);
|
2020-11-06 11:07:30 -08:00
|
|
|
e?;
|
2020-07-08 04:22:36 -07:00
|
|
|
}
|
2020-07-23 18:47:48 -07:00
|
|
|
InitialTip(_) | PreviousCheckpoint(_) => {}
|
2020-07-08 04:22:36 -07:00
|
|
|
// We're finished, so no checkpoint height is valid
|
2020-09-21 11:54:06 -07:00
|
|
|
FinalCheckpoint => Err(VerifyCheckpointError::Finished)?,
|
2020-07-08 04:22:36 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Increase the current checkpoint height to `verified_height`,
|
2020-08-16 11:42:02 -07:00
|
|
|
fn update_progress(&mut self, verified_height: block::Height) {
|
2020-11-05 22:25:03 -08:00
|
|
|
if let Some(max_height) = self.queued.keys().next_back() {
|
2021-01-11 18:28:56 -08:00
|
|
|
metrics::gauge!("checkpoint.queued.max.height", max_height.0 as f64);
|
2020-11-05 22:25:03 -08:00
|
|
|
} else {
|
2021-01-11 18:28:56 -08:00
|
|
|
// use f64::NAN as a sentinel value for "None", because 0 is a valid height
|
|
|
|
|
metrics::gauge!("checkpoint.queued.max.height", f64::NAN);
|
2020-11-05 22:25:03 -08:00
|
|
|
}
|
2021-01-11 18:28:56 -08:00
|
|
|
metrics::gauge!("checkpoint.queued_slots", self.queued.len() as f64);
|
2020-11-05 22:25:03 -08:00
|
|
|
|
2020-07-08 04:22:36 -07:00
|
|
|
// Ignore blocks that are below the previous checkpoint, or otherwise
|
|
|
|
|
// have invalid heights.
|
|
|
|
|
//
|
|
|
|
|
// We ignore out-of-order verification, such as:
|
|
|
|
|
// - the height is less than the previous checkpoint height, or
|
|
|
|
|
// - the previous checkpoint height is the maximum height (checkpoint verifies are finished),
|
|
|
|
|
// because futures might not resolve in height order.
|
|
|
|
|
if self.check_height(verified_height).is_err() {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Ignore heights that aren't checkpoint heights
|
|
|
|
|
if verified_height == self.checkpoint_list.max_height() {
|
2021-01-11 18:28:56 -08:00
|
|
|
metrics::gauge!("checkpoint.verified.height", verified_height.0 as f64);
|
2020-07-08 04:22:36 -07:00
|
|
|
self.verifier_progress = FinalCheckpoint;
|
|
|
|
|
} else if self.checkpoint_list.contains(verified_height) {
|
2021-01-11 18:28:56 -08:00
|
|
|
metrics::gauge!("checkpoint.verified.height", verified_height.0 as f64);
|
2020-07-08 04:22:36 -07:00
|
|
|
self.verifier_progress = PreviousCheckpoint(verified_height);
|
2020-07-23 18:47:48 -07:00
|
|
|
// We're done with the initial tip hash now
|
|
|
|
|
self.initial_tip_hash = None;
|
2020-07-08 04:22:36 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-25 12:16:09 -08:00
|
|
|
/// Check that the block height and Merkle root are valid.
|
2020-07-08 04:22:36 -07:00
|
|
|
///
|
2020-11-25 12:16:09 -08:00
|
|
|
/// Checking the Merkle root ensures that the block hash binds the block
|
|
|
|
|
/// contents. To prevent malleability (CVE-2012-2459), we also need to check
|
|
|
|
|
/// whether the transaction hashes are unique.
|
2020-09-21 11:54:06 -07:00
|
|
|
fn check_block(&self, block: &Block) -> Result<block::Height, VerifyCheckpointError> {
|
2020-07-08 04:22:36 -07:00
|
|
|
let block_height = block
|
|
|
|
|
.coinbase_height()
|
2020-11-06 11:07:30 -08:00
|
|
|
.ok_or(VerifyCheckpointError::CoinbaseHeight { hash: block.hash() })?;
|
2020-07-08 04:22:36 -07:00
|
|
|
self.check_height(block_height)?;
|
2020-11-25 12:16:09 -08:00
|
|
|
|
|
|
|
|
let transaction_hashes = block
|
|
|
|
|
.transactions
|
|
|
|
|
.iter()
|
|
|
|
|
.map(|tx| tx.hash())
|
|
|
|
|
.collect::<Vec<_>>();
|
|
|
|
|
let merkle_root = transaction_hashes.iter().cloned().collect();
|
|
|
|
|
|
|
|
|
|
// Check that the Merkle root is valid.
|
|
|
|
|
if block.header.merkle_root != merkle_root {
|
|
|
|
|
return Err(VerifyCheckpointError::BadMerkleRoot {
|
|
|
|
|
expected: block.header.merkle_root,
|
|
|
|
|
actual: merkle_root,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// To prevent malleability (CVE-2012-2459), we also need to check
|
|
|
|
|
// whether the transaction hashes are unique. Collecting into a HashSet
|
|
|
|
|
// deduplicates, so this checks that there are no duplicate transaction
|
|
|
|
|
// hashes, preventing Merkle root malleability.
|
|
|
|
|
if transaction_hashes.len() != transaction_hashes.iter().collect::<HashSet<_>>().len() {
|
|
|
|
|
return Err(VerifyCheckpointError::DuplicateTransaction);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-08 04:22:36 -07:00
|
|
|
Ok(block_height)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Queue `block` for verification, and return the `Receiver` for the
|
|
|
|
|
/// block's verification result.
|
|
|
|
|
///
|
|
|
|
|
/// Verification will finish when the chain to the next checkpoint is
|
|
|
|
|
/// complete, and the caller will be notified via the channel.
|
|
|
|
|
///
|
|
|
|
|
/// If the block does not have a coinbase height, sends an error on `tx`,
|
|
|
|
|
/// and does not queue the block.
|
2020-09-09 18:53:40 -07:00
|
|
|
fn queue_block(
|
|
|
|
|
&mut self,
|
|
|
|
|
block: Arc<Block>,
|
2020-09-21 11:54:06 -07:00
|
|
|
) -> oneshot::Receiver<Result<block::Hash, VerifyCheckpointError>> {
|
2020-07-08 04:22:36 -07:00
|
|
|
// Set up a oneshot channel to send results
|
|
|
|
|
let (tx, rx) = oneshot::channel();
|
|
|
|
|
|
2020-11-25 12:16:09 -08:00
|
|
|
// Check that the height and Merkle roots are valid.
|
2020-07-08 04:22:36 -07:00
|
|
|
let height = match self.check_block(&block) {
|
|
|
|
|
Ok(height) => height,
|
|
|
|
|
Err(error) => {
|
2020-11-12 14:38:47 -08:00
|
|
|
tx.send(Err(error)).expect("rx has not been dropped yet");
|
2020-07-08 04:22:36 -07:00
|
|
|
return rx;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2020-07-15 13:27:10 -07:00
|
|
|
// Since we're using Arc<Block>, each entry is a single pointer to the
|
|
|
|
|
// Arc. But there are a lot of QueuedBlockLists in the queue, so we keep
|
|
|
|
|
// allocations as small as possible.
|
|
|
|
|
let qblocks = self
|
|
|
|
|
.queued
|
|
|
|
|
.entry(height)
|
|
|
|
|
.or_insert_with(|| QueuedBlockList::with_capacity(1));
|
|
|
|
|
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
let hash = block.hash();
|
|
|
|
|
|
2020-11-12 14:38:47 -08:00
|
|
|
// Replace older requests by newer ones by swapping the oneshot.
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
for qb in qblocks.iter_mut() {
|
|
|
|
|
if qb.hash == hash {
|
2020-11-06 11:07:30 -08:00
|
|
|
let e = VerifyCheckpointError::NewerRequest { height, hash };
|
2020-11-12 14:38:47 -08:00
|
|
|
tracing::trace!(?e, "failing older of duplicate requests");
|
|
|
|
|
let old_tx = std::mem::replace(&mut qb.tx, tx);
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
let _ = old_tx.send(Err(e));
|
|
|
|
|
return rx;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-15 13:27:10 -07:00
|
|
|
// Memory DoS resistance: limit the queued blocks at each height
|
|
|
|
|
if qblocks.len() >= MAX_QUEUED_BLOCKS_PER_HEIGHT {
|
2020-09-21 11:54:06 -07:00
|
|
|
let e = VerifyCheckpointError::QueuedLimit;
|
2020-07-22 11:54:52 -07:00
|
|
|
tracing::warn!(?e);
|
|
|
|
|
let _ = tx.send(Err(e));
|
2020-07-15 13:27:10 -07:00
|
|
|
return rx;
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-08 04:22:36 -07:00
|
|
|
// Add the block to the list of queued blocks at this height
|
|
|
|
|
let new_qblock = QueuedBlock { block, hash, tx };
|
2020-07-15 13:27:10 -07:00
|
|
|
// This is a no-op for the first block in each QueuedBlockList.
|
|
|
|
|
qblocks.reserve_exact(1);
|
|
|
|
|
qblocks.push(new_qblock);
|
2020-07-08 04:22:36 -07:00
|
|
|
|
2020-10-21 20:06:26 -07:00
|
|
|
metrics::gauge!(
|
|
|
|
|
"checkpoint.queued.max.height",
|
|
|
|
|
self.queued
|
|
|
|
|
.keys()
|
|
|
|
|
.next_back()
|
|
|
|
|
.expect("queued has at least one entry")
|
2021-01-11 18:28:56 -08:00
|
|
|
.0 as f64
|
2020-10-21 20:06:26 -07:00
|
|
|
);
|
|
|
|
|
|
2020-07-23 10:56:52 -07:00
|
|
|
let is_checkpoint = self.checkpoint_list.contains(height);
|
2020-10-21 21:06:21 -07:00
|
|
|
tracing::debug!(?height, ?hash, ?is_checkpoint, "queued block");
|
2020-07-23 10:56:52 -07:00
|
|
|
|
2020-07-08 04:22:36 -07:00
|
|
|
rx
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// During checkpoint range processing, process all the blocks at `height`.
|
|
|
|
|
///
|
|
|
|
|
/// Returns the first valid block. If there is no valid block, returns None.
|
|
|
|
|
fn process_height(
|
|
|
|
|
&mut self,
|
2020-08-16 11:42:02 -07:00
|
|
|
height: block::Height,
|
2020-08-15 23:20:01 -07:00
|
|
|
expected_hash: block::Hash,
|
2020-07-08 04:22:36 -07:00
|
|
|
) -> Option<QueuedBlock> {
|
|
|
|
|
let mut qblocks = self
|
|
|
|
|
.queued
|
|
|
|
|
.remove(&height)
|
|
|
|
|
.expect("the current checkpoint range has continuous Vec<QueuedBlock>s");
|
|
|
|
|
assert!(
|
|
|
|
|
!qblocks.is_empty(),
|
|
|
|
|
"the current checkpoint range has continous Blocks"
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
// Check interim checkpoints
|
|
|
|
|
if let Some(checkpoint_hash) = self.checkpoint_list.hash(height) {
|
|
|
|
|
// We assume the checkpoints are valid. And we have verified back
|
|
|
|
|
// from the target checkpoint, so the last block must also be valid.
|
|
|
|
|
// This is probably a bad checkpoint list, a zebra bug, or a bad
|
|
|
|
|
// chain (in a testing mode like regtest).
|
|
|
|
|
assert_eq!(expected_hash, checkpoint_hash,
|
|
|
|
|
"checkpoints in the range should match: bad checkpoint list, zebra bug, or bad chain"
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Find a queued block at this height, which is part of the hash chain.
|
|
|
|
|
//
|
|
|
|
|
// There are two possible outcomes here:
|
2020-11-06 11:07:30 -08:00
|
|
|
// - one of the blocks matches the chain (the common case)
|
2020-07-08 04:22:36 -07:00
|
|
|
// - no blocks match the chain, verification has failed for this range
|
2020-11-06 11:07:30 -08:00
|
|
|
// If there are any side-chain blocks, they fail validation.
|
2020-07-08 04:22:36 -07:00
|
|
|
let mut valid_qblock = None;
|
|
|
|
|
for qblock in qblocks.drain(..) {
|
|
|
|
|
if qblock.hash == expected_hash {
|
|
|
|
|
if valid_qblock.is_none() {
|
|
|
|
|
// The first valid block at the current height
|
|
|
|
|
valid_qblock = Some(qblock);
|
|
|
|
|
} else {
|
2020-11-06 11:07:30 -08:00
|
|
|
unreachable!("unexpected duplicate block {:?} {:?}: duplicate blocks should be rejected before being queued",
|
|
|
|
|
height, qblock.hash);
|
2020-07-08 04:22:36 -07:00
|
|
|
}
|
|
|
|
|
} else {
|
2020-07-23 10:56:52 -07:00
|
|
|
tracing::info!(?height, ?qblock.hash, ?expected_hash,
|
2020-11-06 11:07:30 -08:00
|
|
|
"Side chain hash at height in CheckpointVerifier");
|
|
|
|
|
let _ = qblock
|
|
|
|
|
.tx
|
|
|
|
|
.send(Err(VerifyCheckpointError::UnexpectedSideChain {
|
|
|
|
|
found: qblock.hash,
|
|
|
|
|
expected: expected_hash,
|
|
|
|
|
}));
|
2020-07-08 04:22:36 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
valid_qblock
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-12 11:43:17 -08:00
|
|
|
/// Try to verify from the previous checkpoint to a target checkpoint.
|
2020-07-08 04:22:36 -07:00
|
|
|
///
|
|
|
|
|
/// Send `Ok` for the blocks that are in the chain, and `Err` for side-chain
|
|
|
|
|
/// blocks.
|
|
|
|
|
///
|
|
|
|
|
/// Does nothing if we are waiting for more blocks, or if verification has
|
|
|
|
|
/// finished.
|
|
|
|
|
fn process_checkpoint_range(&mut self) {
|
|
|
|
|
// If this code shows up in profiles, we can try the following
|
|
|
|
|
// optimisations:
|
|
|
|
|
// - only check the chain when the length of the queue is greater
|
|
|
|
|
// than or equal to the length of a checkpoint interval
|
|
|
|
|
// (note: the genesis checkpoint interval is only one block long)
|
|
|
|
|
// - cache the height of the last continuous chain as a new field in
|
|
|
|
|
// self, and start at that height during the next check.
|
|
|
|
|
|
|
|
|
|
// Return early if verification has finished
|
|
|
|
|
let previous_checkpoint_hash = match self.previous_checkpoint_hash() {
|
|
|
|
|
// Since genesis blocks are hard-coded in zcashd, and not verified
|
|
|
|
|
// like other blocks, the genesis parent hash is set by the
|
|
|
|
|
// consensus parameters.
|
2020-10-12 14:08:23 -07:00
|
|
|
BeforeGenesis => GENESIS_PREVIOUS_BLOCK_HASH,
|
2020-07-23 18:47:48 -07:00
|
|
|
InitialTip(hash) | PreviousCheckpoint(hash) => hash,
|
2020-07-08 04:22:36 -07:00
|
|
|
FinalCheckpoint => return,
|
|
|
|
|
};
|
|
|
|
|
// Return early if we're still waiting for more blocks
|
|
|
|
|
let (target_checkpoint_height, mut expected_hash) = match self.target_checkpoint_height() {
|
|
|
|
|
Checkpoint(height) => (
|
|
|
|
|
height,
|
|
|
|
|
self.checkpoint_list
|
|
|
|
|
.hash(height)
|
|
|
|
|
.expect("every checkpoint height must have a hash"),
|
|
|
|
|
),
|
2020-07-22 11:54:52 -07:00
|
|
|
WaitingForBlocks => {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2020-07-26 23:30:46 -07:00
|
|
|
FinishedVerifying => {
|
|
|
|
|
unreachable!("the FinalCheckpoint case should have returned earlier")
|
|
|
|
|
}
|
2020-07-08 04:22:36 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// Keep the old previous checkpoint height, to make sure we're making
|
|
|
|
|
// progress
|
|
|
|
|
let old_prev_check_height = self.previous_checkpoint_height();
|
|
|
|
|
|
|
|
|
|
// Work out which blocks and checkpoints we're checking
|
|
|
|
|
let current_range = (
|
|
|
|
|
self.current_start_bound()
|
|
|
|
|
.expect("earlier code checks if verification has finished"),
|
|
|
|
|
Included(target_checkpoint_height),
|
|
|
|
|
);
|
2020-08-16 11:42:02 -07:00
|
|
|
let range_heights: Vec<block::Height> = self
|
2020-07-08 04:22:36 -07:00
|
|
|
.queued
|
|
|
|
|
.range_mut(current_range)
|
|
|
|
|
.rev()
|
|
|
|
|
.map(|(key, _)| *key)
|
|
|
|
|
.collect();
|
|
|
|
|
// A list of pending valid blocks, in reverse chain order
|
|
|
|
|
let mut rev_valid_blocks = Vec::new();
|
|
|
|
|
|
|
|
|
|
// Check all the blocks, and discard all the bad blocks
|
|
|
|
|
for current_height in range_heights {
|
|
|
|
|
let valid_qblock = self.process_height(current_height, expected_hash);
|
|
|
|
|
if let Some(qblock) = valid_qblock {
|
|
|
|
|
expected_hash = qblock.block.header.previous_block_hash;
|
|
|
|
|
// Add the block to the end of the pending block list
|
|
|
|
|
// (since we're walking the chain backwards, the list is
|
|
|
|
|
// in reverse chain order)
|
|
|
|
|
rev_valid_blocks.push(qblock);
|
|
|
|
|
} else {
|
|
|
|
|
// The last block height we processed did not have any blocks
|
|
|
|
|
// with a matching hash, so chain verification has failed.
|
2020-08-05 22:26:26 -07:00
|
|
|
tracing::info!(
|
2020-07-23 10:56:52 -07:00
|
|
|
?current_height,
|
|
|
|
|
?current_range,
|
|
|
|
|
"No valid blocks at height in CheckpointVerifier"
|
|
|
|
|
);
|
2020-07-08 04:22:36 -07:00
|
|
|
|
|
|
|
|
// We kept all the matching blocks down to this height, in
|
|
|
|
|
// anticipation of the chain verifying. But the chain is
|
|
|
|
|
// incomplete, so we have to put them back in the queue.
|
|
|
|
|
//
|
|
|
|
|
// The order here shouldn't matter, but add the blocks in
|
|
|
|
|
// height order, for consistency.
|
|
|
|
|
for vblock in rev_valid_blocks.drain(..).rev() {
|
|
|
|
|
let height = vblock
|
|
|
|
|
.block
|
|
|
|
|
.coinbase_height()
|
|
|
|
|
.expect("queued blocks have a block height");
|
|
|
|
|
self.queued.entry(height).or_default().push(vblock);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Make sure the current progress hasn't changed
|
|
|
|
|
assert_eq!(
|
|
|
|
|
self.previous_checkpoint_height(),
|
|
|
|
|
old_prev_check_height,
|
|
|
|
|
"we must not change the previous checkpoint on failure"
|
|
|
|
|
);
|
|
|
|
|
// We've reduced the target
|
|
|
|
|
//
|
|
|
|
|
// This check should be cheap, because we just reduced the target
|
|
|
|
|
let current_target = self.target_checkpoint_height();
|
|
|
|
|
assert!(
|
|
|
|
|
current_target == WaitingForBlocks
|
|
|
|
|
|| current_target < Checkpoint(target_checkpoint_height),
|
|
|
|
|
"we must decrease or eliminate our target on failure"
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
// Stop verifying, and wait for the next valid block
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The checkpoint and the parent hash must match.
|
|
|
|
|
// See the detailed checkpoint comparison comment above.
|
|
|
|
|
assert_eq!(
|
|
|
|
|
expected_hash, previous_checkpoint_hash,
|
|
|
|
|
"the previous checkpoint should match: bad checkpoint list, zebra bug, or bad chain"
|
|
|
|
|
);
|
|
|
|
|
|
2020-09-03 15:06:21 -07:00
|
|
|
let block_count = rev_valid_blocks.len();
|
2020-09-02 19:50:16 -07:00
|
|
|
tracing::info!(?block_count, ?current_range, "verified checkpoint range");
|
2020-09-03 15:06:21 -07:00
|
|
|
metrics::counter!("checkpoint.verified.block.count", block_count as _);
|
2020-07-23 10:56:52 -07:00
|
|
|
|
2020-07-08 04:22:36 -07:00
|
|
|
// All the blocks we've kept are valid, so let's verify them
|
|
|
|
|
// in height order.
|
|
|
|
|
for qblock in rev_valid_blocks.drain(..).rev() {
|
|
|
|
|
// Sending can fail, but there's nothing we can do about it.
|
|
|
|
|
let _ = qblock.tx.send(Ok(qblock.hash));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Finally, update the checkpoint bounds
|
|
|
|
|
self.update_progress(target_checkpoint_height);
|
|
|
|
|
|
|
|
|
|
// Ensure that we're making progress
|
|
|
|
|
let new_progress = self.previous_checkpoint_height();
|
|
|
|
|
assert!(
|
|
|
|
|
new_progress > old_prev_check_height,
|
|
|
|
|
"we must make progress on success"
|
|
|
|
|
);
|
|
|
|
|
// We met the old target
|
|
|
|
|
if new_progress == FinalCheckpoint {
|
|
|
|
|
assert_eq!(
|
|
|
|
|
target_checkpoint_height,
|
|
|
|
|
self.checkpoint_list.max_height(),
|
|
|
|
|
"we finish at the maximum checkpoint"
|
|
|
|
|
);
|
|
|
|
|
} else {
|
|
|
|
|
assert_eq!(
|
|
|
|
|
new_progress,
|
|
|
|
|
PreviousCheckpoint(target_checkpoint_height),
|
|
|
|
|
"the new previous checkpoint must match the old target"
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
// We processed all available checkpoints
|
|
|
|
|
//
|
|
|
|
|
// We've cleared the target range, so this check should be cheap
|
|
|
|
|
let new_target = self.target_checkpoint_height();
|
|
|
|
|
assert!(
|
|
|
|
|
new_target == WaitingForBlocks || new_target == FinishedVerifying,
|
|
|
|
|
"processing must cover all available checkpoints"
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// CheckpointVerifier rejects pending futures on drop.
|
2020-09-02 21:23:57 -07:00
|
|
|
impl<S> Drop for CheckpointVerifier<S>
|
|
|
|
|
where
|
2020-09-09 18:53:40 -07:00
|
|
|
S: Service<zs::Request, Response = zs::Response, Error = BoxError> + Send + Clone + 'static,
|
2020-09-02 21:23:57 -07:00
|
|
|
S::Future: Send + 'static,
|
|
|
|
|
{
|
2020-07-08 04:22:36 -07:00
|
|
|
/// Send an error on `tx` for any `QueuedBlock`s that haven't been verified.
|
|
|
|
|
///
|
|
|
|
|
/// We can't implement `Drop` on QueuedBlock, because `send()` consumes
|
|
|
|
|
/// `tx`. And `tx` doesn't implement `Copy` or `Default` (for `take()`).
|
|
|
|
|
fn drop(&mut self) {
|
|
|
|
|
let drop_keys: Vec<_> = self.queued.keys().cloned().collect();
|
|
|
|
|
for key in drop_keys {
|
|
|
|
|
let mut qblocks = self
|
|
|
|
|
.queued
|
|
|
|
|
.remove(&key)
|
|
|
|
|
.expect("each entry is only removed once");
|
|
|
|
|
for qblock in qblocks.drain(..) {
|
|
|
|
|
// Sending can fail, but there's nothing we can do about it.
|
2020-09-21 11:54:06 -07:00
|
|
|
let _ = qblock.tx.send(Err(VerifyCheckpointError::Dropped));
|
2020-07-08 04:22:36 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-06-21 15:51:43 -07:00
|
|
|
|
2020-09-21 11:54:06 -07:00
|
|
|
#[derive(Debug, Error)]
|
|
|
|
|
pub enum VerifyCheckpointError {
|
|
|
|
|
#[error("checkpoint request after checkpointing finished")]
|
|
|
|
|
Finished,
|
2020-11-06 11:07:30 -08:00
|
|
|
#[error("block at {height:?} is higher than the maximum checkpoint {max_height:?}")]
|
|
|
|
|
TooHigh {
|
|
|
|
|
height: block::Height,
|
|
|
|
|
max_height: block::Height,
|
|
|
|
|
},
|
|
|
|
|
#[error("block {height:?} is less than or equal to the verified tip {verified_height:?}")]
|
|
|
|
|
AlreadyVerified {
|
|
|
|
|
height: block::Height,
|
|
|
|
|
verified_height: block::Height,
|
|
|
|
|
},
|
|
|
|
|
#[error("rejected older of duplicate verification requests for block at {height:?} {hash:?}")]
|
|
|
|
|
NewerRequest {
|
|
|
|
|
height: block::Height,
|
|
|
|
|
hash: block::Hash,
|
|
|
|
|
},
|
|
|
|
|
#[error("the block {hash:?} does not have a coinbase height")]
|
|
|
|
|
CoinbaseHeight { hash: block::Hash },
|
2020-11-24 19:55:15 -08:00
|
|
|
#[error("merkle root {actual:?} does not match expected {expected:?}")]
|
|
|
|
|
BadMerkleRoot {
|
|
|
|
|
actual: block::merkle::Root,
|
|
|
|
|
expected: block::merkle::Root,
|
|
|
|
|
},
|
|
|
|
|
#[error("duplicate transactions in block")]
|
|
|
|
|
DuplicateTransaction,
|
2020-09-21 11:54:06 -07:00
|
|
|
#[error("checkpoint verifier was dropped")]
|
|
|
|
|
Dropped,
|
|
|
|
|
#[error(transparent)]
|
|
|
|
|
CommitFinalized(BoxError),
|
|
|
|
|
#[error(transparent)]
|
|
|
|
|
CheckpointList(BoxError),
|
|
|
|
|
#[error("too many queued blocks at this height")]
|
|
|
|
|
QueuedLimit,
|
|
|
|
|
#[error("the block hash does not match the chained checkpoint hash, expected {expected:?} found {found:?}")]
|
2020-11-06 11:07:30 -08:00
|
|
|
UnexpectedSideChain {
|
2020-09-21 11:54:06 -07:00
|
|
|
expected: block::Hash,
|
|
|
|
|
found: block::Hash,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-21 15:51:43 -07:00
|
|
|
/// The CheckpointVerifier service implementation.
|
|
|
|
|
///
|
2020-07-08 04:22:36 -07:00
|
|
|
/// After verification, the block futures resolve to their hashes.
|
2020-09-02 21:23:57 -07:00
|
|
|
impl<S> Service<Arc<Block>> for CheckpointVerifier<S>
|
|
|
|
|
where
|
2020-09-09 18:53:40 -07:00
|
|
|
S: Service<zs::Request, Response = zs::Response, Error = BoxError> + Send + Clone + 'static,
|
2020-09-02 21:23:57 -07:00
|
|
|
S::Future: Send + 'static,
|
|
|
|
|
{
|
2020-08-15 23:20:01 -07:00
|
|
|
type Response = block::Hash;
|
2020-09-21 11:54:06 -07:00
|
|
|
type Error = VerifyCheckpointError;
|
2020-06-21 15:51:43 -07:00
|
|
|
type Future =
|
|
|
|
|
Pin<Box<dyn Future<Output = Result<Self::Response, Self::Error>> + Send + 'static>>;
|
|
|
|
|
|
|
|
|
|
fn poll_ready(&mut self, _: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
|
2020-09-10 14:29:27 -07:00
|
|
|
Poll::Ready(Ok(()))
|
2020-06-21 15:51:43 -07:00
|
|
|
}
|
|
|
|
|
|
2020-10-21 21:06:21 -07:00
|
|
|
#[instrument(name = "checkpoint", skip(self, block))]
|
2020-06-21 15:51:43 -07:00
|
|
|
fn call(&mut self, block: Arc<Block>) -> Self::Future {
|
2020-09-10 14:29:27 -07:00
|
|
|
// Immediately reject all incoming blocks that arrive after we've finished.
|
|
|
|
|
if let FinalCheckpoint = self.previous_checkpoint_height() {
|
2020-09-21 11:54:06 -07:00
|
|
|
return async { Err(VerifyCheckpointError::Finished) }.boxed();
|
2020-09-10 14:29:27 -07:00
|
|
|
}
|
|
|
|
|
|
2020-09-02 21:23:57 -07:00
|
|
|
let rx = self.queue_block(block.clone());
|
2020-11-12 11:43:17 -08:00
|
|
|
self.process_checkpoint_range();
|
2020-06-21 15:51:43 -07:00
|
|
|
|
2021-01-11 18:28:56 -08:00
|
|
|
metrics::gauge!("checkpoint.queued_slots", self.queued.len() as f64);
|
2020-11-12 11:43:17 -08:00
|
|
|
|
|
|
|
|
// Because the checkpoint verifier duplicates state from the state
|
|
|
|
|
// service (it tracks which checkpoints have been verified), we must
|
|
|
|
|
// commit blocks transactionally on a per-checkpoint basis. Otherwise,
|
|
|
|
|
// the checkpoint verifier's state could desync from the underlying
|
|
|
|
|
// state service. Among other problems, this could cause the checkpoint
|
|
|
|
|
// verifier to reject blocks not already in the state as
|
|
|
|
|
// already-verified.
|
2020-07-08 04:22:36 -07:00
|
|
|
//
|
2020-11-12 11:43:17 -08:00
|
|
|
// To commit blocks transactionally on a per-checkpoint basis, we must
|
|
|
|
|
// commit all verified blocks in a checkpoint range, regardless of
|
|
|
|
|
// whether or not the response futures for each block were dropped.
|
2020-07-08 04:22:36 -07:00
|
|
|
//
|
2020-11-12 11:43:17 -08:00
|
|
|
// We accomplish this by spawning a new task containing the
|
|
|
|
|
// commit-if-verified logic. This task will always execute, except if
|
|
|
|
|
// the program is interrupted, in which case there is no longer a
|
|
|
|
|
// checkpoint verifier to keep in sync with the state.
|
2020-09-10 10:34:59 -07:00
|
|
|
let mut state_service = self.state_service.clone();
|
2020-11-12 11:43:17 -08:00
|
|
|
let commit_finalized_block = tokio::spawn(async move {
|
2020-09-10 10:34:59 -07:00
|
|
|
let hash = rx
|
2020-09-09 18:53:40 -07:00
|
|
|
.await
|
2020-09-10 10:34:59 -07:00
|
|
|
.expect("CheckpointVerifier does not leave dangling receivers")?;
|
|
|
|
|
|
2020-11-12 11:43:17 -08:00
|
|
|
// Once we get a verified hash, we must commit it to the chain state
|
|
|
|
|
// as a finalized block, or exit the program, so .expect rather than
|
|
|
|
|
// propagate errors from the state service.
|
2020-09-10 10:34:59 -07:00
|
|
|
match state_service
|
|
|
|
|
.ready_and()
|
2020-09-21 11:54:06 -07:00
|
|
|
.await
|
2020-11-12 11:43:17 -08:00
|
|
|
.expect("Verified checkpoints must be committed transactionally")
|
state: introduce PreparedBlock, FinalizedBlock
This change introduces two new types:
- `PreparedBlock`, representing a block which has undergone semantic
validation and has been prepared for contextual validation;
- `FinalizedBlock`, representing a block which is ready to be finalized
immediately;
and changes the `Request::CommitBlock`,`Request::CommitFinalizedBlock`
variants to use these types instead of their previous fields.
This change solves the problem of passing data between semantic
validation and contextual validation, and cleans up the state code by
allowing it to pass around a bundle of data. Previously, the state code
just passed around an `Arc<Block>`, which forced it to needlessly
recompute block hashes and other data, and was incompatible with the
already-known but not-yet-implemented data transfer requirements, namely
passing in the Sprout and Sapling anchors computed during contextual
validation.
This commit propagates the `PreparedBlock` and `FinalizedBlock` types
through the state code but only uses their data opportunistically, e.g.,
changing .hash() computations to use the precomputed hash. In the
future, these structures can be extended to pass data through the
verification pipeline for reuse as appropriate. For instance, these
changes allow the sprout and sapling anchors to be propagated through
the state.
2020-11-21 01:16:14 -08:00
|
|
|
.call(zs::Request::CommitFinalizedBlock(block.into()))
|
2020-09-21 11:54:06 -07:00
|
|
|
.await
|
2020-11-12 11:43:17 -08:00
|
|
|
.expect("Verified checkpoints must be committed transactionally")
|
2020-09-09 18:53:40 -07:00
|
|
|
{
|
2020-09-10 10:34:59 -07:00
|
|
|
zs::Response::Committed(committed_hash) => {
|
|
|
|
|
assert_eq!(committed_hash, hash, "state must commit correct hash");
|
2020-09-02 21:23:57 -07:00
|
|
|
Ok(hash)
|
|
|
|
|
}
|
2020-09-10 10:34:59 -07:00
|
|
|
_ => unreachable!("wrong response for CommitFinalizedBlock"),
|
2020-09-02 21:23:57 -07:00
|
|
|
}
|
2020-11-12 11:43:17 -08:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
async move {
|
|
|
|
|
commit_finalized_block
|
|
|
|
|
.await
|
|
|
|
|
.expect("commit_finalized_block should not panic")
|
2020-06-21 15:51:43 -07:00
|
|
|
}
|
|
|
|
|
.boxed()
|
|
|
|
|
}
|
|
|
|
|
}
|
