You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

401 lines
13 KiB

7 years ago
7 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
new pubsub package comment out failing consensus tests for now rewrite rpc httpclient to use new pubsub package import pubsub as tmpubsub, query as tmquery make event IDs constants EventKey -> EventTypeKey rename EventsPubsub to PubSub mempool does not use pubsub rename eventsSub to pubsub new subscribe API fix channel size issues and consensus tests bugs refactor rpc client add missing discardFromChan method add mutex rename pubsub to eventBus remove IsRunning from WSRPCConnection interface (not needed) add a comment in broadcastNewRoundStepsAndVotes rename registerEventCallbacks to broadcastNewRoundStepsAndVotes See https://dave.cheney.net/2014/03/19/channel-axioms stop eventBuses after reactor tests remove unnecessary Unsubscribe return subscribe helper function move discardFromChan to where it is used subscribe now returns an err this gives us ability to refuse to subscribe if pubsub is at its max capacity. use context for control overflow cache queries handle err when subscribing in replay_test rename testClientID to testSubscriber extract var set channel buffer capacity to 1 in replay_file fix byzantine_test unsubscribe from single event, not all events refactor httpclient to return events to appropriate channels return failing testReplayCrashBeforeWriteVote test fix TestValidatorSetChanges refactor code a bit fix testReplayCrashBeforeWriteVote add comment fix TestValidatorSetChanges fixes from Bucky's review update comment [ci skip] test TxEventBuffer update changelog fix TestValidatorSetChanges (2nd attempt) only do wg.Done when no errors benchmark event bus create pubsub server inside NewEventBus only expose config params (later if needed) set buffer capacity to 0 so we are not testing cache new tx event format: key = "Tx" plus a tag {"tx.hash": XYZ} This should allow to subscribe to all transactions! or a specific one using a query: "tm.events.type = Tx and tx.hash = '013ABF99434...'" use TimeoutCommit instead of afterPublishEventNewBlockTimeout TimeoutCommit is the time a node waits after committing a block, before it goes into the next height. So it will finish everything from the last block, but then wait a bit. The idea is this gives it time to hear more votes from other validators, to strengthen the commit it includes in the next block. But it also gives it time to hear about new transactions. waitForBlockWithUpdatedVals rewrite WAL crash tests Task: test that we can recover from any WAL crash. Solution: the old tests were relying on event hub being run in the same thread (we were injecting the private validator's last signature). when considering a rewrite, we considered two possible solutions: write a "fuzzy" testing system where WAL is crashing upon receiving a new message, or inject failures and trigger them in tests using something like https://github.com/coreos/gofail. remove sleep no cs.Lock around wal.Save test different cases (empty block, non-empty block, ...) comments add comments test 4 cases: empty block, non-empty block, non-empty block with smaller part size, many blocks fixes as per Bucky's last review reset subscriptions on UnsubscribeAll use a simple counter to track message for which we panicked also, set a smaller part size for all test cases
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
7 years ago
7 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
new pubsub package comment out failing consensus tests for now rewrite rpc httpclient to use new pubsub package import pubsub as tmpubsub, query as tmquery make event IDs constants EventKey -> EventTypeKey rename EventsPubsub to PubSub mempool does not use pubsub rename eventsSub to pubsub new subscribe API fix channel size issues and consensus tests bugs refactor rpc client add missing discardFromChan method add mutex rename pubsub to eventBus remove IsRunning from WSRPCConnection interface (not needed) add a comment in broadcastNewRoundStepsAndVotes rename registerEventCallbacks to broadcastNewRoundStepsAndVotes See https://dave.cheney.net/2014/03/19/channel-axioms stop eventBuses after reactor tests remove unnecessary Unsubscribe return subscribe helper function move discardFromChan to where it is used subscribe now returns an err this gives us ability to refuse to subscribe if pubsub is at its max capacity. use context for control overflow cache queries handle err when subscribing in replay_test rename testClientID to testSubscriber extract var set channel buffer capacity to 1 in replay_file fix byzantine_test unsubscribe from single event, not all events refactor httpclient to return events to appropriate channels return failing testReplayCrashBeforeWriteVote test fix TestValidatorSetChanges refactor code a bit fix testReplayCrashBeforeWriteVote add comment fix TestValidatorSetChanges fixes from Bucky's review update comment [ci skip] test TxEventBuffer update changelog fix TestValidatorSetChanges (2nd attempt) only do wg.Done when no errors benchmark event bus create pubsub server inside NewEventBus only expose config params (later if needed) set buffer capacity to 0 so we are not testing cache new tx event format: key = "Tx" plus a tag {"tx.hash": XYZ} This should allow to subscribe to all transactions! or a specific one using a query: "tm.events.type = Tx and tx.hash = '013ABF99434...'" use TimeoutCommit instead of afterPublishEventNewBlockTimeout TimeoutCommit is the time a node waits after committing a block, before it goes into the next height. So it will finish everything from the last block, but then wait a bit. The idea is this gives it time to hear more votes from other validators, to strengthen the commit it includes in the next block. But it also gives it time to hear about new transactions. waitForBlockWithUpdatedVals rewrite WAL crash tests Task: test that we can recover from any WAL crash. Solution: the old tests were relying on event hub being run in the same thread (we were injecting the private validator's last signature). when considering a rewrite, we considered two possible solutions: write a "fuzzy" testing system where WAL is crashing upon receiving a new message, or inject failures and trigger them in tests using something like https://github.com/coreos/gofail. remove sleep no cs.Lock around wal.Save test different cases (empty block, non-empty block, ...) comments add comments test 4 cases: empty block, non-empty block, non-empty block with smaller part size, many blocks fixes as per Bucky's last review reset subscriptions on UnsubscribeAll use a simple counter to track message for which we panicked also, set a smaller part size for all test cases
8 years ago
  1. package consensus
  2. import (
  3. "bytes"
  4. "errors"
  5. "fmt"
  6. "hash/crc32"
  7. "io"
  8. "reflect"
  9. //"strconv"
  10. //"strings"
  11. "time"
  12. abci "github.com/tendermint/abci/types"
  13. //auto "github.com/tendermint/tmlibs/autofile"
  14. cmn "github.com/tendermint/tmlibs/common"
  15. "github.com/tendermint/tmlibs/log"
  16. "github.com/tendermint/tendermint/proxy"
  17. sm "github.com/tendermint/tendermint/state"
  18. "github.com/tendermint/tendermint/types"
  19. "github.com/tendermint/tendermint/version"
  20. )
  21. var crc32c = crc32.MakeTable(crc32.Castagnoli)
  22. // Functionality to replay blocks and messages on recovery from a crash.
  23. // There are two general failure scenarios: failure during consensus, and failure while applying the block.
  24. // The former is handled by the WAL, the latter by the proxyApp Handshake on restart,
  25. // which ultimately hands off the work to the WAL.
  26. //-----------------------------------------
  27. // recover from failure during consensus
  28. // by replaying messages from the WAL
  29. // Unmarshal and apply a single message to the consensus state
  30. // as if it were received in receiveRoutine
  31. // Lines that start with "#" are ignored.
  32. // NOTE: receiveRoutine should not be running
  33. func (cs *ConsensusState) readReplayMessage(msg *TimedWALMessage, newStepCh chan interface{}) error {
  34. // skip meta messages
  35. if _, ok := msg.Msg.(EndHeightMessage); ok {
  36. return nil
  37. }
  38. // for logging
  39. switch m := msg.Msg.(type) {
  40. case types.EventDataRoundState:
  41. cs.Logger.Info("Replay: New Step", "height", m.Height, "round", m.Round, "step", m.Step)
  42. // these are playback checks
  43. ticker := time.After(time.Second * 2)
  44. if newStepCh != nil {
  45. select {
  46. case mi := <-newStepCh:
  47. m2 := mi.(types.EventDataRoundState)
  48. if m.Height != m2.Height || m.Round != m2.Round || m.Step != m2.Step {
  49. return fmt.Errorf("RoundState mismatch. Got %v; Expected %v", m2, m)
  50. }
  51. case <-ticker:
  52. return fmt.Errorf("Failed to read off newStepCh")
  53. }
  54. }
  55. case msgInfo:
  56. peerKey := m.PeerKey
  57. if peerKey == "" {
  58. peerKey = "local"
  59. }
  60. switch msg := m.Msg.(type) {
  61. case *ProposalMessage:
  62. p := msg.Proposal
  63. cs.Logger.Info("Replay: Proposal", "height", p.Height, "round", p.Round, "header",
  64. p.BlockPartsHeader, "pol", p.POLRound, "peer", peerKey)
  65. case *BlockPartMessage:
  66. cs.Logger.Info("Replay: BlockPart", "height", msg.Height, "round", msg.Round, "peer", peerKey)
  67. case *VoteMessage:
  68. v := msg.Vote
  69. cs.Logger.Info("Replay: Vote", "height", v.Height, "round", v.Round, "type", v.Type,
  70. "blockID", v.BlockID, "peer", peerKey)
  71. }
  72. cs.handleMsg(m)
  73. case timeoutInfo:
  74. cs.Logger.Info("Replay: Timeout", "height", m.Height, "round", m.Round, "step", m.Step, "dur", m.Duration)
  75. cs.handleTimeout(m, cs.RoundState)
  76. default:
  77. return fmt.Errorf("Replay: Unknown TimedWALMessage type: %v", reflect.TypeOf(msg.Msg))
  78. }
  79. return nil
  80. }
  81. // replay only those messages since the last block.
  82. // timeoutRoutine should run concurrently to read off tickChan
  83. func (cs *ConsensusState) catchupReplay(csHeight int) error {
  84. // set replayMode
  85. cs.replayMode = true
  86. defer func() { cs.replayMode = false }()
  87. // Ensure that ENDHEIGHT for this height doesn't exist
  88. // NOTE: This is just a sanity check. As far as we know things work fine without it,
  89. // and Handshake could reuse ConsensusState if it weren't for this check (since we can crash after writing ENDHEIGHT).
  90. gr, found, err := cs.wal.SearchForEndHeight(uint64(csHeight))
  91. if err != nil {
  92. return err
  93. }
  94. if gr != nil {
  95. if err := gr.Close(); err != nil {
  96. return err
  97. }
  98. }
  99. if found {
  100. return fmt.Errorf("WAL should not contain #ENDHEIGHT %d.", csHeight)
  101. }
  102. // Search for last height marker
  103. gr, found, err = cs.wal.SearchForEndHeight(uint64(csHeight - 1))
  104. if err == io.EOF {
  105. cs.Logger.Error("Replay: wal.group.Search returned EOF", "#ENDHEIGHT", csHeight-1)
  106. } else if err != nil {
  107. return err
  108. }
  109. if !found {
  110. return errors.New(cmn.Fmt("Cannot replay height %d. WAL does not contain #ENDHEIGHT for %d.", csHeight, csHeight-1))
  111. }
  112. defer gr.Close() // nolint: errcheck
  113. cs.Logger.Info("Catchup by replaying consensus messages", "height", csHeight)
  114. var msg *TimedWALMessage
  115. dec := WALDecoder{gr}
  116. for {
  117. msg, err = dec.Decode()
  118. if err == io.EOF {
  119. break
  120. } else if err != nil {
  121. return err
  122. }
  123. // NOTE: since the priv key is set when the msgs are received
  124. // it will attempt to eg double sign but we can just ignore it
  125. // since the votes will be replayed and we'll get to the next step
  126. if err := cs.readReplayMessage(msg, nil); err != nil {
  127. return err
  128. }
  129. }
  130. cs.Logger.Info("Replay: Done")
  131. return nil
  132. }
  133. //--------------------------------------------------------------------------------
  134. // Parses marker lines of the form:
  135. // #ENDHEIGHT: 12345
  136. /*
  137. func makeHeightSearchFunc(height int) auto.SearchFunc {
  138. return func(line string) (int, error) {
  139. line = strings.TrimRight(line, "\n")
  140. parts := strings.Split(line, " ")
  141. if len(parts) != 2 {
  142. return -1, errors.New("Line did not have 2 parts")
  143. }
  144. i, err := strconv.Atoi(parts[1])
  145. if err != nil {
  146. return -1, errors.New("Failed to parse INFO: " + err.Error())
  147. }
  148. if height < i {
  149. return 1, nil
  150. } else if height == i {
  151. return 0, nil
  152. } else {
  153. return -1, nil
  154. }
  155. }
  156. }*/
  157. //----------------------------------------------
  158. // Recover from failure during block processing
  159. // by handshaking with the app to figure out where
  160. // we were last and using the WAL to recover there
  161. type Handshaker struct {
  162. state *sm.State
  163. store types.BlockStore
  164. logger log.Logger
  165. nBlocks int // number of blocks applied to the state
  166. }
  167. func NewHandshaker(state *sm.State, store types.BlockStore) *Handshaker {
  168. return &Handshaker{state, store, log.NewNopLogger(), 0}
  169. }
  170. func (h *Handshaker) SetLogger(l log.Logger) {
  171. h.logger = l
  172. }
  173. func (h *Handshaker) NBlocks() int {
  174. return h.nBlocks
  175. }
  176. // TODO: retry the handshake/replay if it fails ?
  177. func (h *Handshaker) Handshake(proxyApp proxy.AppConns) error {
  178. // handshake is done via info request on the query conn
  179. res, err := proxyApp.Query().InfoSync(abci.RequestInfo{version.Version})
  180. if err != nil {
  181. return errors.New(cmn.Fmt("Error calling Info: %v", err))
  182. }
  183. blockHeight := int(res.LastBlockHeight) // XXX: beware overflow
  184. appHash := res.LastBlockAppHash
  185. h.logger.Info("ABCI Handshake", "appHeight", blockHeight, "appHash", fmt.Sprintf("%X", appHash))
  186. // TODO: check version
  187. // replay blocks up to the latest in the blockstore
  188. _, err = h.ReplayBlocks(appHash, blockHeight, proxyApp)
  189. if err != nil {
  190. return errors.New(cmn.Fmt("Error on replay: %v", err))
  191. }
  192. h.logger.Info("Completed ABCI Handshake - Tendermint and App are synced", "appHeight", blockHeight, "appHash", fmt.Sprintf("%X", appHash))
  193. // TODO: (on restart) replay mempool
  194. return nil
  195. }
  196. // Replay all blocks since appBlockHeight and ensure the result matches the current state.
  197. // Returns the final AppHash or an error
  198. func (h *Handshaker) ReplayBlocks(appHash []byte, appBlockHeight int, proxyApp proxy.AppConns) ([]byte, error) {
  199. storeBlockHeight := h.store.Height()
  200. stateBlockHeight := h.state.LastBlockHeight
  201. h.logger.Info("ABCI Replay Blocks", "appHeight", appBlockHeight, "storeHeight", storeBlockHeight, "stateHeight", stateBlockHeight)
  202. // If appBlockHeight == 0 it means that we are at genesis and hence should send InitChain
  203. if appBlockHeight == 0 {
  204. validators := types.TM2PB.Validators(h.state.Validators)
  205. if _, err := proxyApp.Consensus().InitChainSync(abci.RequestInitChain{validators}); err != nil {
  206. return nil, err
  207. }
  208. }
  209. // First handle edge cases and constraints on the storeBlockHeight
  210. if storeBlockHeight == 0 {
  211. return appHash, h.checkAppHash(appHash)
  212. } else if storeBlockHeight < appBlockHeight {
  213. // the app should never be ahead of the store (but this is under app's control)
  214. return appHash, sm.ErrAppBlockHeightTooHigh{storeBlockHeight, appBlockHeight}
  215. } else if storeBlockHeight < stateBlockHeight {
  216. // the state should never be ahead of the store (this is under tendermint's control)
  217. cmn.PanicSanity(cmn.Fmt("StateBlockHeight (%d) > StoreBlockHeight (%d)", stateBlockHeight, storeBlockHeight))
  218. } else if storeBlockHeight > stateBlockHeight+1 {
  219. // store should be at most one ahead of the state (this is under tendermint's control)
  220. cmn.PanicSanity(cmn.Fmt("StoreBlockHeight (%d) > StateBlockHeight + 1 (%d)", storeBlockHeight, stateBlockHeight+1))
  221. }
  222. // Now either store is equal to state, or one ahead.
  223. // For each, consider all cases of where the app could be, given app <= store
  224. if storeBlockHeight == stateBlockHeight {
  225. // Tendermint ran Commit and saved the state.
  226. // Either the app is asking for replay, or we're all synced up.
  227. if appBlockHeight < storeBlockHeight {
  228. // the app is behind, so replay blocks, but no need to go through WAL (state is already synced to store)
  229. return h.replayBlocks(proxyApp, appBlockHeight, storeBlockHeight, false)
  230. } else if appBlockHeight == storeBlockHeight {
  231. // We're good!
  232. return appHash, h.checkAppHash(appHash)
  233. }
  234. } else if storeBlockHeight == stateBlockHeight+1 {
  235. // We saved the block in the store but haven't updated the state,
  236. // so we'll need to replay a block using the WAL.
  237. if appBlockHeight < stateBlockHeight {
  238. // the app is further behind than it should be, so replay blocks
  239. // but leave the last block to go through the WAL
  240. return h.replayBlocks(proxyApp, appBlockHeight, storeBlockHeight, true)
  241. } else if appBlockHeight == stateBlockHeight {
  242. // We haven't run Commit (both the state and app are one block behind),
  243. // so replayBlock with the real app.
  244. // NOTE: We could instead use the cs.WAL on cs.Start,
  245. // but we'd have to allow the WAL to replay a block that wrote it's ENDHEIGHT
  246. h.logger.Info("Replay last block using real app")
  247. return h.replayBlock(storeBlockHeight, proxyApp.Consensus())
  248. } else if appBlockHeight == storeBlockHeight {
  249. // We ran Commit, but didn't save the state, so replayBlock with mock app
  250. abciResponses := h.state.LoadABCIResponses()
  251. mockApp := newMockProxyApp(appHash, abciResponses)
  252. h.logger.Info("Replay last block using mock app")
  253. return h.replayBlock(storeBlockHeight, mockApp)
  254. }
  255. }
  256. cmn.PanicSanity("Should never happen")
  257. return nil, nil
  258. }
  259. func (h *Handshaker) replayBlocks(proxyApp proxy.AppConns, appBlockHeight, storeBlockHeight int, mutateState bool) ([]byte, error) {
  260. // App is further behind than it should be, so we need to replay blocks.
  261. // We replay all blocks from appBlockHeight+1.
  262. //
  263. // Note that we don't have an old version of the state,
  264. // so we by-pass state validation/mutation using sm.ExecCommitBlock.
  265. // This also means we won't be saving validator sets if they change during this period.
  266. //
  267. // If mutateState == true, the final block is replayed with h.replayBlock()
  268. var appHash []byte
  269. var err error
  270. finalBlock := storeBlockHeight
  271. if mutateState {
  272. finalBlock -= 1
  273. }
  274. for i := appBlockHeight + 1; i <= finalBlock; i++ {
  275. h.logger.Info("Applying block", "height", i)
  276. block := h.store.LoadBlock(i)
  277. appHash, err = sm.ExecCommitBlock(proxyApp.Consensus(), block, h.logger)
  278. if err != nil {
  279. return nil, err
  280. }
  281. h.nBlocks += 1
  282. }
  283. if mutateState {
  284. // sync the final block
  285. return h.replayBlock(storeBlockHeight, proxyApp.Consensus())
  286. }
  287. return appHash, h.checkAppHash(appHash)
  288. }
  289. // ApplyBlock on the proxyApp with the last block.
  290. func (h *Handshaker) replayBlock(height int, proxyApp proxy.AppConnConsensus) ([]byte, error) {
  291. mempool := types.MockMempool{}
  292. block := h.store.LoadBlock(height)
  293. meta := h.store.LoadBlockMeta(height)
  294. if err := h.state.ApplyBlock(types.NopEventBus{}, proxyApp, block, meta.BlockID.PartsHeader, mempool); err != nil {
  295. return nil, err
  296. }
  297. h.nBlocks += 1
  298. return h.state.AppHash, nil
  299. }
  300. func (h *Handshaker) checkAppHash(appHash []byte) error {
  301. if !bytes.Equal(h.state.AppHash, appHash) {
  302. panic(errors.New(cmn.Fmt("Tendermint state.AppHash does not match AppHash after replay. Got %X, expected %X", appHash, h.state.AppHash)).Error())
  303. }
  304. return nil
  305. }
  306. //--------------------------------------------------------------------------------
  307. // mockProxyApp uses ABCIResponses to give the right results
  308. // Useful because we don't want to call Commit() twice for the same block on the real app.
  309. func newMockProxyApp(appHash []byte, abciResponses *sm.ABCIResponses) proxy.AppConnConsensus {
  310. clientCreator := proxy.NewLocalClientCreator(&mockProxyApp{
  311. appHash: appHash,
  312. abciResponses: abciResponses,
  313. })
  314. cli, _ := clientCreator.NewABCIClient()
  315. err := cli.Start()
  316. if err != nil {
  317. panic(err)
  318. }
  319. return proxy.NewAppConnConsensus(cli)
  320. }
  321. type mockProxyApp struct {
  322. abci.BaseApplication
  323. appHash []byte
  324. txCount int
  325. abciResponses *sm.ABCIResponses
  326. }
  327. func (mock *mockProxyApp) DeliverTx(tx []byte) abci.ResponseDeliverTx {
  328. r := mock.abciResponses.DeliverTx[mock.txCount]
  329. mock.txCount += 1
  330. return *r
  331. }
  332. func (mock *mockProxyApp) EndBlock(req abci.RequestEndBlock) abci.ResponseEndBlock {
  333. mock.txCount = 0
  334. return *mock.abciResponses.EndBlock
  335. }
  336. func (mock *mockProxyApp) Commit() abci.ResponseCommit {
  337. return abci.ResponseCommit{Code: abci.CodeType_OK, Data: mock.appHash}
  338. }