zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6772 Commits
183 Branches
291 MiB
Tree: 124d0db1e0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '124d0db1e0'
${ noResults }
tendermint/docs/architecture/adr-030-consensus-refactor.md

152 lines
4.0 KiB
Raw Normal View History

consensus: Add ADR for first stage consensus refactor (#2462)
6 years ago
 
  1. # ADR 030: Consensus Refactor

  2. 

  3. ## Context

  4. 

  5. One of the biggest challenges this project faces is to proof that the
  6. implementations of the specifications are correct, much like we strive to
  7. formaly verify our alogrithms and protocols we should work towards high
  8. confidence about the correctness of our program code. One of those is the core
  9. of Tendermint - Consensus - which currently resides in the `consensus` package.
  10. Over time there has been high friction making changes to the package due to the
  11. algorithm being scattered in a side-effectful container (the current
  12. `ConsensusState`). In order to test the algorithm a large object-graph needs to
  13. be set up and even than the non-deterministic parts of the container makes will
  14. prevent high certainty. Where ideally we have a 1-to-1 representation of the
  15. [spec](https://github.com/tendermint/spec), ready and easy to test for domain
  16. experts.
  17. 

  18. Addresses:
  19. 

  20. - [#1495](https://github.com/tendermint/tendermint/issues/1495)
  21. - [#1692](https://github.com/tendermint/tendermint/issues/1692)
  22. 

  23. ## Decision

  24. 

  25. To remedy these issues we plan a gradual, non-invasive refactoring of the
  26. `consensus` package. Starting of by isolating the consensus alogrithm into
  27. a pure function and a finite state machine to address the most pressuring issue
  28. of lack of confidence. Doing so while leaving the rest of the package in tact
  29. and have follow-up optional changes to improve the sepration of concerns.
  30. 

  31. ### Implementation changes

  32. 

  33. The core of Consensus can be modelled as a function with clear defined inputs:
  34. 

  35. * `State` - data container for current round, height, etc.
  36. * `Event`- significant events in the network
  37. 

  38. producing clear outputs;
  39. 

  40. * `State` - updated input
  41. * `Message` - signal what actions to perform
  42. 

  43. ```go
  44. type Event int
  45. 

  46. const (
  47. 	EventUnknown Event = iota
  48. 	EventProposal
  49. 	Majority23PrevotesBlock
  50. 	Majority23PrecommitBlock
  51. 	Majority23PrevotesAny
  52. 	Majority23PrecommitAny
  53. 	TimeoutNewRound
  54. 	TimeoutPropose
  55. 	TimeoutPrevotes
  56. 	TimeoutPrecommit
  57. )
  58. 

  59. type Message int
  60. 

  61. const (
  62. 	MeesageUnknown Message = iota
  63. 	MessageProposal
  64. 	MessageVotes
  65. 	MessageDecision
  66. )
  67. 

  68. type State struct {
  69. 	height      uint64
  70. 	round       uint64
  71. 	step        uint64
  72. 	lockedValue interface{} // TODO: Define proper type.
  73. 	lockedRound interface{} // TODO: Define proper type.
  74. 	validValue  interface{} // TODO: Define proper type.
  75. 	validRound  interface{} // TODO: Define proper type.
  76. 	// From the original notes: valid(v)
  77. 	valid       interface{} // TODO: Define proper type.
  78. 	// From the original notes: proposer(h, r)
  79. 	proposer    interface{} // TODO: Define proper type.
  80. }
  81. 

  82. func Consensus(Event, State) (State, Message) {
  83. 	// Consolidate implementation.
  84. }
  85. ```
  86. 

  87. Tracking of relevant information to feed `Event` into the function and act on
  88. the output is left to the `ConsensusExecutor` (formerly `ConsensusState`). 
  89. 

  90. Benefits for testing surfacing nicely as testing for a sequence of events
  91. against algorithm could be as simple as the following example:
  92. 

  93. ``` go
  94. func TestConsensusXXX(t *testing.T) {
  95. 	type expected struct {
  96. 		message Message
  97. 		state   State
  98. 	}
  99. 

  100. 	// Setup order of events, initial state and expectation.
  101. 	var (
  102. 		events = []struct {
  103. 			event Event
  104. 			want  expected
  105. 		}{
  106. 		// ...
  107. 		}
  108. 		state = State{
  109. 		// ...
  110. 		}
  111. 	)
  112. 

  113. 	for _, e := range events {
  114. 		sate, msg = Consensus(e.event, state)
  115. 

  116. 		// Test message expectation.
  117. 		if msg != e.want.message {
  118. 			t.Fatalf("have %v, want %v", msg, e.want.message)
  119. 		}
  120. 

  121. 		// Test state expectation.
  122. 		if !reflect.DeepEqual(state, e.want.state) {
  123. 			t.Fatalf("have %v, want %v", state, e.want.state)
  124. 		}
  125. 	}
  126. }
  127. ```
  128. 

  129. ### Implementation roadmap

  130. 

  131. * implement proposed implementation
  132. * replace currently scattered calls in `ConsensusState` with calls to the new
  133.   `Consensus` function
  134. * rename `ConsensusState` to `ConsensusExecutor` to avoid confusion
  135. * propose design for improved separation and clear information flow between
  136.   `ConsensusExecutor` and `ConsensusReactor`
  137. 

  138. ## Status

  139. 

  140. Draft.
  141. 

  142. ## Consequences

  143. 

  144. ### Positive

  145. 

  146. - isolated implementation of the algorithm
  147. - improved testability - simpler to proof correctness
  148. - clearer separation of concerns - easier to reason
  149. 

  150. ### Negative

  151. 

  152. ### Neutral