Merge branch 'master' into brapse/blockchain-v2-riri-routine

.circleci/config.yml

@@ -1,136 +1,126 @@
-version: 2
+version: 2.1
 
-defaults: &defaults
-  working_directory: /go/src/github.com/tendermint/tendermint
-  docker:
-    - image: circleci/golang
-  environment:
-    GOBIN: /tmp/workspace/bin
-
-docs_update_config: &docs_update_config
-  working_directory: ~/repo
-  docker:
-    - image: tendermintdev/jq_curl
-  environment:
-    AWS_REGION: us-east-1
+executors:
+  golang:
+    docker:
+      - image: tendermintdev/docker-tendermint-build
+    working_directory: /go/src/github.com/tendermint/tendermint
+    environment:
+      GOBIN: /tmp/bin
+  release:
+    machine: true
+  docs:
+    docker:
+      - image: tendermintdev/jq_curl
+    environment:
+      AWS_REGION: us-east-1
 
-release_management_docker: &release_management_docker
-  machine: true
+commands:
+  run_test:
+    parameters:
+      script_path:
+        type: string
+    steps:
+      - attach_workspace:
+          at: /tmp/bin
+      - restore_cache:
+          name: "Restore source code cache"
+          keys:
+            - go-src-v1-{{ .Revision }}
+      - checkout
+      - restore_cache:
+          name: "Restore go modules cache"
+          keys:
+            - go-mod-v1-{{ checksum "go.sum" }}
+      - run:
+          name: "Running test"
+          command: |
+            bash << parameters.script_path >>
 
 jobs:
   setup_dependencies:
-    <<: *defaults
+    executor: golang
     steps:
-      - run: mkdir -p /tmp/workspace/bin
-      - run: mkdir -p /tmp/workspace/profiles
       - checkout
       - restore_cache:
+          name: "Restore go modules cache"
           keys:
-            - v4-pkg-cache
+            - go-mod-v1-{{ checksum "go.sum" }}
       - run:
-          name: tools
           command: |
-            export PATH="$GOBIN:$PATH"
-            make get_tools
+            mkdir -p /tmp/bin
       - run:
-          name: binaries
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make install install_abci
-      - persist_to_workspace:
-          root: /tmp/workspace
-          paths:
-            - bin
-            - profiles
+          name: Cache go modules
+          command: make go-mod-cache
+      - run:
+          name: tools
+          command: make tools
+      - run:
+          name: "Build binaries"
+          command: make install install_abci
       - save_cache:
-          key: v4-pkg-cache
+          name: "Save go modules cache"
+          key: go-mod-v1-{{ checksum "go.sum" }}
           paths:
-            - /go/pkg
+            - "/go/pkg/mod"
       - save_cache:
-          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
+          name: "Save source code cache"
+          key: go-src-v1-{{ .Revision }}
           paths:
-            - /go/src/github.com/tendermint/tendermint
-
-  build_slate:
-    <<: *defaults
-    steps:
-      - attach_workspace:
-          at: /tmp/workspace
-      - restore_cache:
-          key: v4-pkg-cache
-      - restore_cache:
-          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      - run:
-          name: slate docs
-          command: |
-            set -ex
-            export PATH="$GOBIN:$PATH"
-            make build-slate
+            - ".git"
+      - persist_to_workspace:
+          root: "/tmp/bin"
+          paths:
+            - "."
 
   test_abci_apps:
-    <<: *defaults
+    executor: golang
     steps:
-      - attach_workspace:
-          at: /tmp/workspace
-      - restore_cache:
-          key: v4-pkg-cache
-      - restore_cache:
-          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      - run:
-          name: Run abci apps tests
-          command: |
-            export PATH="$GOBIN:$PATH"
-            bash abci/tests/test_app/test.sh
+      - run_test:
+          script_path: abci/tests/test_app/test.sh
 
   # if this test fails, fix it and update the docs at:
   # https://github.com/tendermint/tendermint/blob/develop/docs/abci-cli.md
   test_abci_cli:
-    <<: *defaults
+    executor: golang
     steps:
-      - attach_workspace:
-          at: /tmp/workspace
-      - restore_cache:
-          key: v4-pkg-cache
-      - restore_cache:
-          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      - run:
-          name: Run abci-cli tests
-          command: |
-            export PATH="$GOBIN:$PATH"
-            bash abci/tests/test_cli/test.sh
+      - run_test:
+          script_path: abci/tests/test_cli/test.sh
 
   test_apps:
-    <<: *defaults
+    executor: golang
     steps:
-      - attach_workspace:
-          at: /tmp/workspace
-      - restore_cache:
-          key: v4-pkg-cache
-      - restore_cache:
-          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      - run: sudo apt-get update && sudo apt-get install -y --no-install-recommends bsdmainutils
-      - run:
-          name: Run tests
-          command: bash test/app/test.sh
+      - run_test:
+          script_path: test/app/test.sh
+
+  test_persistence:
+    executor: golang
+    steps:
+      - run_test:
+          script_path: test/persist/test_failure_indices.sh
 
   test_cover:
-    <<: *defaults
+    executor: golang
     parallelism: 4
     steps:
-      - attach_workspace:
-          at: /tmp/workspace
       - restore_cache:
-          key: v4-pkg-cache
+          name: "Restore source code cache"
+          keys:
+            - go-src-v1-{{ .Revision }}
+      - checkout
       - restore_cache:
-          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      - run: mkdir -p /tmp/logs
+          name: "Restore go module cache"
+          keys:
+            - go-mod-v2-{{ checksum "go.sum" }}
       - run:
-          name: Run tests
+          name: "Run tests"
           command: |
+            export VERSION="$(git describe --tags --long | sed 's/v\(.*\)/\1/')"
+            export GO111MODULE=on
+            mkdir -p /tmp/logs /tmp/workspace/profiles
             for pkg in $(go list github.com/tendermint/tendermint/... | circleci tests split --split-by=timings); do
               id=$(basename "$pkg")
-
-              GO111MODULE=on go test -v -timeout 5m -mod=readonly -race -coverprofile=/tmp/workspace/profiles/$id.out -covermode=atomic "$pkg" | tee "/tmp/logs/$id-$RANDOM.log"
+              go test -v -timeout 5m -mod=readonly -race -coverprofile=/tmp/workspace/profiles/$id.out -covermode=atomic "$pkg" | tee "/tmp/logs/$id-$RANDOM.log"
             done
       - persist_to_workspace:
           root: /tmp/workspace
@@ -139,19 +129,6 @@ jobs:
       - store_artifacts:
           path: /tmp/logs
 
-  test_persistence:
-    <<: *defaults
-    steps:
-      - attach_workspace:
-          at: /tmp/workspace
-      - restore_cache:
-          key: v4-pkg-cache
-      - restore_cache:
-          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      - run:
-          name: Run tests
-          command: bash test/persist/test_failure_indices.sh
-
   localnet:
     working_directory: /home/circleci/.go_workspace/src/github.com/tendermint/tendermint
     machine:
@@ -187,19 +164,22 @@ jobs:
           path: /home/circleci/project/test/p2p/logs
 
   upload_coverage:
-    <<: *defaults
+    executor: golang
     steps:
       - attach_workspace:
           at: /tmp/workspace
       - restore_cache:
-          key: v4-pkg-cache
+          name: "Restore source code cache"
+          keys:
+            - go-src-v1-{{ .Revision }}
+      - checkout
       - restore_cache:
-          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
+          name: "Restore go module cache"
+          keys:
+            - go-mod-v2-{{ checksum "go.sum" }}
       - run:
           name: gather
           command: |
-            set -ex
-
             echo "mode: atomic" > coverage.txt
             for prof in $(ls /tmp/workspace/profiles/); do
               tail -n +2 /tmp/workspace/profiles/"$prof" >> coverage.txt
@@ -209,18 +189,22 @@ jobs:
           command: bash .circleci/codecov.sh -f coverage.txt
 
   deploy_docs:
-    <<: *docs_update_config
+    executor: docs
     steps:
+      - restore_cache:
+          name: "Restore source code cache"
+          keys:
+            - go-src-v1-{{ .Revision }}
       - checkout
       - run:
           name: Trigger website build
           command: |
             curl --silent \
-                 --show-error \
-                 -X POST \
-                 --header "Content-Type: application/json" \
-                 -d "{\"branch\": \"$CIRCLE_BRANCH\"}" \
-                 "https://circleci.com/api/v1.1/project/github/$CIRCLE_PROJECT_USERNAME/$WEBSITE_REPO_NAME/build?circle-token=$TENDERBOT_API_TOKEN" > response.json
+                --show-error \
+                -X POST \
+                --header "Content-Type: application/json" \
+                -d "{\"branch\": \"$CIRCLE_BRANCH\"}" \
+                "https://circleci.com/api/v1.1/project/github/$CIRCLE_PROJECT_USERNAME/$WEBSITE_REPO_NAME/build?circle-token=$TENDERBOT_API_TOKEN" > response.json
 
             RESULT=`jq -r '.status' response.json`
             MESSAGE=`jq -r '.message' response.json`
@@ -233,8 +217,12 @@ jobs:
             fi
 
   prepare_build:
-    <<: *defaults
+    executor: golang
     steps:
+      - restore_cache:
+          name: "Restore source code cache"
+          keys:
+            - go-src-v1-{{ .Revision }}
       - checkout
       - run:
           name: Get next release number
@@ -250,8 +238,7 @@ jobs:
             echo "export CIRCLE_TAG=\"${NEXT_TAG}\"" > release-version.source
       - run:
           name: Build dependencies
-          command: |
-            make get_tools
+          command: make tools
       - persist_to_workspace:
           root: .
           paths:
@@ -262,11 +249,16 @@ jobs:
             - "/go/pkg/mod"
 
   build_artifacts:
-    <<: *defaults
+    executor: golang
     parallelism: 4
     steps:
+      - restore_cache:
+          name: "Restore source code cache"
+          keys:
+            - go-src-v1-{{ .Revision }}
       - checkout
       - restore_cache:
+          name: "Restore release dependencies cache"
           keys:
             - v2-release-deps-{{ checksum "go.sum" }}
       - attach_workspace:
@@ -287,13 +279,17 @@ jobs:
             - "tendermint_linux_amd64"
 
   release_artifacts:
-    <<: *defaults
+    executor: golang
     steps:
+      - restore_cache:
+          name: "Restore source code cache"
+          keys:
+            - go-src-v1-{{ .Revision }}
       - checkout
       - attach_workspace:
           at: /tmp/workspace
       - run:
-          name: Deploy to GitHub
+          name: "Deploy to GitHub"
           command: |
             # Setting CIRCLE_TAG because we do not tag the release ourselves.
             source /tmp/workspace/release-version.source
@@ -315,27 +311,36 @@ jobs:
             python -u scripts/release_management/github-publish.py --id "${RELEASE_ID}"
 
   release_docker:
-    <<: *release_management_docker
+    machine:
+      image: ubuntu-1604:201903-01
     steps:
+      - restore_cache:
+          name: "Restore source code cache"
+          keys:
+            - go-src-v1-{{ .Revision }}
       - checkout
       - attach_workspace:
           at: /tmp/workspace
       - run:
-          name: Deploy to Docker Hub
+          name: "Deploy to Docker Hub"
           command: |
             # Setting CIRCLE_TAG because we do not tag the release ourselves.
             source /tmp/workspace/release-version.source
             cp /tmp/workspace/tendermint_linux_amd64 DOCKER/tendermint
             docker build --label="tendermint" --tag="tendermint/tendermint:${CIRCLE_TAG}" --tag="tendermint/tendermint:latest" "DOCKER"
-            docker login -u "${DOCKERHUB_USER}" --password-stdin <<< "${DOCKERHUB_PASS}"
+            docker login -u "${DOCKERHUB_USER}" --password-stdin \<<< "${DOCKERHUB_PASS}"
             docker push "tendermint/tendermint"
             docker logout
 
   reproducible_builds:
-    <<: *defaults
+    executor: golang
     steps:
       - attach_workspace:
           at: /tmp/workspace
+      - restore_cache:
+          name: "Restore source code cache"
+          keys:
+            - go-src-v1-{{ .Revision }}
       - checkout
       - setup_remote_docker:
           docker_layer_caching: true
@@ -359,6 +364,35 @@ jobs:
       - store_artifacts:
           path: /go/src/github.com/tendermint/tendermint/tendermint-*.tar.gz
 
+  # Test RPC implementation against the swagger documented specs
+  contract_tests:
+    working_directory: /home/circleci/.go_workspace/src/github.com/tendermint/tendermint
+    machine:
+      image: circleci/classic:latest
+    environment:
+      GOBIN: /home/circleci/.go_workspace/bin
+      GOPATH: /home/circleci/.go_workspace/
+      GOOS: linux
+      GOARCH: amd64
+    parallelism: 1
+    steps:
+      - checkout
+      - run:
+          name: Test RPC endpoints against swagger documentation
+          command: |
+            set -x
+            export PATH=~/.local/bin:$PATH
+
+            # install node and dredd
+            ./scripts/get_nodejs.sh
+
+            # build the binaries with a proper version of Go
+            docker run --rm -v "$PWD":/go/src/github.com/tendermint/tendermint -w /go/src/github.com/tendermint/tendermint golang make build-linux build-contract-tests-hooks
+
+            # This docker image works with go 1.7, we can install here the hook handler that contract-tests is going to use
+            go get github.com/snikch/goodman/cmd/goodman
+            make contract-tests
+
 workflows:
   version: 2
   test-suite:
@@ -397,6 +431,10 @@ workflows:
               only:
                 - master
                 - /v[0-9]+\.[0-9]+/
+      - contract_tests:
+          requires:
+            - setup_dependencies
+
   release:
     jobs:
       - prepare_build

.gitignore

@@ -43,3 +43,5 @@ terraform.tfstate.backup
 terraform.tfstate.d
 
 .vscode
+
+profile\.out

.golangci.yml

@@ -9,14 +9,10 @@ linters:
     - maligned
     - errcheck
     - interfacer
-    - unconvert
-    - goconst
     - unparam
-    - nakedret
     - lll
     - gochecknoglobals
     - gochecknoinits
-    - scopelint
     - stylecheck
 # linters-settings:
 #   govet:
@@ -29,9 +25,6 @@ linters:
 #     suggest-new: true
 #   dupl:
 #     threshold: 100
-#   goconst:
-#     min-len: 2
-#     min-occurrences: 2
 #   depguard:
 #     list-type: blacklist
 #     packages:

CHANGELOG.md

@@ -1,5 +1,32 @@
 # Changelog
 
+## v0.32.3
+
+*August 28, 2019*
+
+@climber73 wrote the [Writing a Tendermint Core application in Java
+(gRPC)](https://github.com/tendermint/tendermint/blob/master/docs/guides/java.md)
+guide.
+
+Special thanks to external contributors on this release:
+@gchaincl, @bluele, @climber73
+
+Friendly reminder, we have a [bug bounty
+program](https://hackerone.com/tendermint).
+
+### IMPROVEMENTS:
+
+- [consensus] [\#3839](https://github.com/tendermint/tendermint/issues/3839) Reduce "Error attempting to add vote" message severity (Error -> Info)
+- [mempool] [\#3877](https://github.com/tendermint/tendermint/pull/3877) Make `max_tx_bytes` configurable instead of `max_msg_bytes` (@bluele)
+- [privval] [\#3370](https://github.com/tendermint/tendermint/issues/3370) Refactor and simplify validator/kms connection handling. Please refer to [this comment](https://github.com/tendermint/tendermint/pull/3370#issue-257360971) for details
+- [rpc] [\#3880](https://github.com/tendermint/tendermint/issues/3880) Document endpoints with `swagger`, introduce contract tests of implementation against documentation
+
+### BUG FIXES:
+
+- [config] [\#3868](https://github.com/tendermint/tendermint/issues/3868) Move misplaced `max_msg_bytes` into mempool section (@bluele)
+- [rpc] [\#3910](https://github.com/tendermint/tendermint/pull/3910) Fix DATA RACE in HTTP client (@gchaincl)
+- [store] [\#3893](https://github.com/tendermint/tendermint/issues/3893) Fix "Unregistered interface types.Evidence" panic
+
 ## v0.32.2
 
 *July 31, 2019*
@@ -17,20 +44,20 @@ program](https://hackerone.com/tendermint).
 
 ### FEATURES:
 
+- [blockchain] [\#3561](https://github.com/tendermint/tendermint/issues/3561) Add early version of the new blockchain reactor, which is supposed to be more modular and testable compared to the old version. To try it, you'll have to change `version` in the config file, [here](https://github.com/tendermint/tendermint/blob/master/config/toml.go#L303) NOTE: It's not ready for a production yet. For further information, see [ADR-40](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-040-blockchain-reactor-refactor.md) & [ADR-43](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-043-blockchain-riri-org.md)
+- [mempool] [\#3826](https://github.com/tendermint/tendermint/issues/3826) Make `max_msg_bytes` configurable(@bluele)
 - [node] [\#3846](https://github.com/tendermint/tendermint/pull/3846) Allow replacing existing p2p.Reactor(s) using [`CustomReactors`
   option](https://godoc.org/github.com/tendermint/tendermint/node#CustomReactors).
   Warning: beware of accidental name clashes. Here is the list of existing
   reactors: MEMPOOL, BLOCKCHAIN, CONSENSUS, EVIDENCE, PEX.
-- [p2p] [\#3834](https://github.com/tendermint/tendermint/issues/3834) Do not write 'Couldn't connect to any seeds' error log if there are no seeds in config file
 - [rpc] [\#3818](https://github.com/tendermint/tendermint/issues/3818) Make `max_body_bytes` and `max_header_bytes` configurable(@bluele)
-- [mempool] [\#3826](https://github.com/tendermint/tendermint/issues/3826) Make `max_msg_bytes` configurable(@bluele)
-- [blockchain] [\#3561](https://github.com/tendermint/tendermint/issues/3561) Add early version of the new blockchain reactor, which is supposed to be more modular and testable compared to the old version. To try it, you'll have to change `version` in the config file, [here](https://github.com/tendermint/tendermint/blob/master/config/toml.go#L303) NOTE: It's not ready for a production yet. For further information, see [ADR-40](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-040-blockchain-reactor-refactor.md) & [ADR-43](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-043-blockchain-riri-org.md)
+- [rpc] [\#2252](https://github.com/tendermint/tendermint/issues/2252) Add `/broadcast_evidence` endpoint to submit double signing and other types of evidence
 
 ### IMPROVEMENTS:
 
 - [abci] [\#3809](https://github.com/tendermint/tendermint/issues/3809) Recover from application panics in `server/socket_server.go` to allow socket cleanup (@ruseinov)
-- [rpc] [\#2252](https://github.com/tendermint/tendermint/issues/2252) Add `/broadcast_evidence` endpoint to submit double signing and other types of evidence
 - [p2p] [\#3664](https://github.com/tendermint/tendermint/issues/3664) p2p/conn: reuse buffer when write/read from secret connection(@guagualvcha)
+- [p2p] [\#3834](https://github.com/tendermint/tendermint/issues/3834) Do not write 'Couldn't connect to any seeds' error log if there are no seeds in config file
 - [rpc] [\#3076](https://github.com/tendermint/tendermint/issues/3076) Improve transaction search performance
 
 ### BUG FIXES:

CHANGELOG_PENDING.md

@@ -1,4 +1,4 @@
-## v0.32.3
+## v0.32.4
 
 \*\*
 
@@ -19,8 +19,10 @@ program](https://hackerone.com/tendermint).
 
 ### IMPROVEMENTS:
 
-- [consensus] \#3839 Reduce "Error attempting to add vote" message severity (Error -> Info)
+- [rpc] \#2010 Add NewHTTPWithClient and NewJSONRPCClientWithHTTPClient (note these and NewHTTP, NewJSONRPCClient functions panic if remote is invalid) (@gracenoah)
+- [rpc] \#3984 Add `MempoolClient` interface to `Client` interface
 
 ### BUG FIXES:
 
-- [config] \#3868 move misplaced `max_msg_bytes` into mempool section
+- [consensus] \#3908 Wait `timeout_commit` to pass even if `create_empty_blocks` is `false`
+- [mempool] \#3968 Fix memory loading error on 32-bit machines (@jon-certik)

CONTRIBUTING.md

@@ -2,7 +2,7 @@
 
 Thank you for considering making contributions to Tendermint and related repositories! Start by taking a look at the [coding repo](https://github.com/tendermint/coding) for overall information on repository workflow and standards.
 
-Please follow standard github best practices: fork the repo, branch from the tip of `master`, make some commits, and submit a pull request to `master`. 
+Please follow standard github best practices: fork the repo, branch from the tip of `master`, make some commits, and submit a pull request to `master`.
 See the [open issues](https://github.com/tendermint/tendermint/issues) for things we need help with!
 
 Before making a pull request, please open an issue describing the
@@ -21,16 +21,16 @@ Please make sure to use `gofmt` before every commit - the easiest way to do this
 
 Please note that Go requires code to live under absolute paths, which complicates forking.
 While my fork lives at `https://github.com/ebuchman/tendermint`,
-the code should never exist at  `$GOPATH/src/github.com/ebuchman/tendermint`.
+the code should never exist at `$GOPATH/src/github.com/ebuchman/tendermint`.
 Instead, we use `git remote` to add the fork as a new remote for the original repo,
-`$GOPATH/src/github.com/tendermint/tendermint `, and do all the work there.
+`$GOPATH/src/github.com/tendermint/tendermint`, and do all the work there.
 
 For instance, to create a fork and work on a branch of it, I would:
 
-  * Create the fork on github, using the fork button.
-  * Go to the original repo checked out locally (i.e. `$GOPATH/src/github.com/tendermint/tendermint`)
-  * `git remote rename origin upstream`
-  * `git remote add origin git@github.com:ebuchman/basecoin.git`
+- Create the fork on github, using the fork button.
+- Go to the original repo checked out locally (i.e. `$GOPATH/src/github.com/tendermint/tendermint`)
+- `git remote rename origin upstream`
+- `git remote add origin git@github.com:ebuchman/basecoin.git`
 
 Now `origin` refers to my fork and `upstream` refers to the tendermint version.
 So I can `git push -u origin master` to update my fork, and make pull requests to tendermint from there.
@@ -38,8 +38,8 @@ Of course, replace `ebuchman` with your git handle.
 
 To pull in updates from the origin repo, run
 
-  * `git fetch upstream`
-  * `git rebase upstream/master` (or whatever branch you want)
+- `git fetch upstream`
+- `git rebase upstream/master` (or whatever branch you want)
 
 ## Dependencies
 
@@ -113,7 +113,7 @@ removed from the header in rpc responses as well.
 
 ## Branching Model and Release
 
-The main development branch is master. 
+The main development branch is master.
 
 Every release is maintained in a release branch named `vX.Y.Z`.
 
@@ -140,36 +140,35 @@ easy to reference the pull request where a change was introduced.
 
 #### Major Release
 
-1. start on `master` 
+1. start on `master`
 2. run integration tests (see `test_integrations` in Makefile)
 3. prepare release in a pull request against `master` (to be squash merged):
-    - copy `CHANGELOG_PENDING.md` to top of `CHANGELOG.md`
-    - run `python ./scripts/linkify_changelog.py CHANGELOG.md` to add links for
-      all issues
-    - run `bash ./scripts/authors.sh` to get a list of authors since the latest
-      release, and add the github aliases of external contributors to the top of
-      the changelog. To lookup an alias from an email, try `bash
-      ./scripts/authors.sh <email>`
-    - reset the `CHANGELOG_PENDING.md`
-    - bump versions
+   - copy `CHANGELOG_PENDING.md` to top of `CHANGELOG.md`
+   - run `python ./scripts/linkify_changelog.py CHANGELOG.md` to add links for
+     all issues
+   - run `bash ./scripts/authors.sh` to get a list of authors since the latest
+     release, and add the github aliases of external contributors to the top of
+     the changelog. To lookup an alias from an email, try `bash ./scripts/authors.sh <email>`
+   - reset the `CHANGELOG_PENDING.md`
+   - bump versions
 4. push your changes with prepared release details to `vX.X` (this will trigger the release `vX.X.0`)
 5. merge back to master (don't squash merge!)
 
 #### Minor Release
 
-If there were no breaking changes and you need to create a release nonetheless, 
-the procedure is almost exactly like with a new release above. 
+If there were no breaking changes and you need to create a release nonetheless,
+the procedure is almost exactly like with a new release above.
 
 The only difference is that in the end you create a pull request against the existing `X.X` branch.
 The branch name should match the release number you want to create.
-Merging this PR will trigger the next release. 
-For example, if the PR is against an existing 0.34 branch which already contains a v0.34.0 release/tag, 
+Merging this PR will trigger the next release.
+For example, if the PR is against an existing 0.34 branch which already contains a v0.34.0 release/tag,
 the patch version will be incremented and the created release will be v0.34.1.
 
 #### Backport Release
 
 1. start from the existing release branch you want to backport changes to (e.g. v0.30)
-Branch to a release/vX.X.X branch locally (e.g. release/v0.30.7)
+   Branch to a release/vX.X.X branch locally (e.g. release/v0.30.7)
 2. cherry pick the commit(s) that contain the changes you want to backport (usually these commits are from squash-merged PRs which were already reviewed)
 3. steps 2 and 3 from [Major Release](#major-release)
 4. push changes to release/vX.X.X branch
@@ -183,3 +182,16 @@ If they have `.go` files in the root directory, they will be automatically
 tested by circle using `go test -v -race ./...`. If not, they will need a
 `circle.yml`. Ideally, every repo has a `Makefile` that defines `make test` and
 includes its continuous integration status using a badge in the `README.md`.
+
+### RPC Testing
+
+If you contribute to the RPC endpoints it's important to document your changes in the [Swagger file](./docs/spec/rpc/swagger.yaml)
+To test your changes you should install `nodejs` and run:
+
+```bash
+npm i -g dredd
+make build-linux build-contract-tests-hooks
+make contract-tests
+```
+
+This command will popup a network and check every endpoint against what has been documented

DOCKER/Dockerfile.abci

@@ -15,7 +15,7 @@ RUN apt-get update && apt-get install -y \
 
 COPY Gopkg.toml /go/src/github.com/tendermint/abci/
 COPY Gopkg.lock /go/src/github.com/tendermint/abci/
-RUN make get_tools
+RUN make tools
 
 # see https://github.com/golang/dep/issues/1312
 RUN dep ensure -vendor-only

DOCKER/Dockerfile.build_c-amazonlinux

@@ -0,0 +1,28 @@
+FROM amazonlinux:2
+
+RUN yum -y update && \
+    yum -y install wget
+
+RUN wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
+    rpm -ivh epel-release-latest-7.noarch.rpm
+
+RUN yum -y groupinstall "Development Tools"
+RUN yum -y install leveldb-devel which
+
+ENV GOVERSION=1.12.9
+
+RUN cd /tmp && \
+    wget https://dl.google.com/go/go${GOVERSION}.linux-amd64.tar.gz && \
+    tar -C /usr/local -xf go${GOVERSION}.linux-amd64.tar.gz && \
+    mkdir -p /go/src && \
+    mkdir -p /go/bin
+
+ENV PATH=$PATH:/usr/local/go/bin:/go/bin
+ENV GOBIN=/go/bin
+ENV GOPATH=/go/src
+
+RUN mkdir -p /tendermint
+WORKDIR /tendermint
+
+CMD ["/usr/bin/make", "build_c"]
+

DOCKER/Makefile

@@ -13,4 +13,7 @@ build_testing:
 push_develop:
 	docker push "tendermint/tendermint:develop"
 
+build_amazonlinux_buildimage:
+	docker build -t "tendermint/tendermint:build_c-amazonlinux" -f Dockerfile.build_c-amazonlinux .
+
 .PHONY: build build_develop push push_develop

Makefile

@@ -7,8 +7,6 @@ GOBIN?=${GOPATH}/bin
 PACKAGES=$(shell go list ./...)
 OUTPUT?=build/tendermint
 
-export GO111MODULE = on
-
 INCLUDE = -I=. -I=${GOPATH}/src -I=${GOPATH}/src/github.com/gogo/protobuf/protobuf
 BUILD_TAGS?='tendermint'
 LD_FLAGS = -X github.com/tendermint/tendermint/version.GitCommit=`git rev-parse --short=8 HEAD` -s -w
@@ -16,7 +14,9 @@ BUILD_FLAGS = -mod=readonly -ldflags "$(LD_FLAGS)"
 
 all: check build test install
 
-check: check_tools
+# The below include contains the tools.
+include scripts/devtools/Makefile
+include tests.mk
 
 ########################################
 ### Build Tendermint
@@ -28,7 +28,7 @@ build_c:
 	CGO_ENABLED=1 go build $(BUILD_FLAGS) -tags "$(BUILD_TAGS) cleveldb" -o $(OUTPUT) ./cmd/tendermint/
 
 build_race:
-	CGO_ENABLED=0 go build -race $(BUILD_FLAGS) -tags $(BUILD_TAGS) -o $(OUTPUT) ./cmd/tendermint
+	CGO_ENABLED=1 go build -race $(BUILD_FLAGS) -tags $(BUILD_TAGS) -o $(OUTPUT) ./cmd/tendermint
 
 install:
 	CGO_ENABLED=0 go install $(BUILD_FLAGS) -tags $(BUILD_TAGS) ./cmd/tendermint
@@ -71,22 +71,6 @@ install_abci:
 dist:
 	@BUILD_TAGS=$(BUILD_TAGS) sh -c "'$(CURDIR)/scripts/dist.sh'"
 
-########################################
-### Tools & dependencies
-
-check_tools:
-	@# https://stackoverflow.com/a/25668869
-	@echo "Found tools: $(foreach tool,$(notdir $(GOTOOLS)),\
-        $(if $(shell which $(tool)),$(tool),$(error "No $(tool) in PATH")))"
-
-get_tools:
-	@echo "--> Installing tools"
-	./scripts/get_tools.sh
-
-update_tools:
-	@echo "--> Updating tools"
-	./scripts/get_tools.sh
-
 #For ABCI and libs
 get_protoc:
 	@# https://github.com/google/protobuf/releases
@@ -100,6 +84,16 @@ get_protoc:
 		cd .. && \
 		rm -rf protobuf-3.6.1
 
+go-mod-cache: go.sum
+	@echo "--> Download go modules to local cache"
+	@go mod download
+.PHONY: go-mod-cache
+
+go.sum: go.mod
+	@echo "--> Ensure dependencies have not been modified"
+	@go mod verify
+	@go mod tidy
+
 draw_deps:
 	@# requires brew install graphviz or apt-get install graphviz
 	go get github.com/RobotsAndPencils/goviz
@@ -146,100 +140,6 @@ protoc_grpc: rpc/grpc/types.pb.go
 
 protoc_merkle: crypto/merkle/merkle.pb.go
 
-########################################
-### Testing
-
-## required to be run first by most tests
-build_docker_test_image:
-	docker build -t tester -f ./test/docker/Dockerfile .
-
-### coverage, app, persistence, and libs tests
-test_cover:
-	# run the go unit tests with coverage
-	bash test/test_cover.sh
-
-test_apps:
-	# run the app tests using bash
-	# requires `abci-cli` and `tendermint` binaries installed
-	bash test/app/test.sh
-
-test_abci_apps:
-	bash abci/tests/test_app/test.sh
-
-test_abci_cli:
-	# test the cli against the examples in the tutorial at:
-	# ./docs/abci-cli.md
-	# if test fails, update the docs ^
-	@ bash abci/tests/test_cli/test.sh
-
-test_persistence:
-	# run the persistence tests using bash
-	# requires `abci-cli` installed
-	docker run --name run_persistence -t tester bash test/persist/test_failure_indices.sh
-
-	# TODO undockerize
-	# bash test/persist/test_failure_indices.sh
-
-test_p2p:
-	docker rm -f rsyslog || true
-	rm -rf test/logs || true
-	mkdir test/logs
-	cd test/
-	docker run -d -v "logs:/var/log/" -p 127.0.0.1:5514:514/udp --name rsyslog voxxit/rsyslog
-	cd ..
-	# requires 'tester' the image from above
-	bash test/p2p/test.sh tester
-	# the `docker cp` takes a really long time; uncomment for debugging
-	#
-	# mkdir -p test/p2p/logs && docker cp rsyslog:/var/log test/p2p/logs
-
-test_integrations:
-	make build_docker_test_image
-	make get_tools
-	make install
-	make test_cover
-	make test_apps
-	make test_abci_apps
-	make test_abci_cli
-	make test_libs
-	make test_persistence
-	make test_p2p
-
-test_release:
-	@go test -tags release $(PACKAGES)
-
-test100:
-	@for i in {1..100}; do make test; done
-
-vagrant_test:
-	vagrant up
-	vagrant ssh -c 'make test_integrations'
-
-### go tests
-test:
-	@echo "--> Running go test"
-	@go test -p 1 $(PACKAGES)
-
-test_race:
-	@echo "--> Running go test --race"
-	@go test -p 1 -v -race $(PACKAGES)
-
-# uses https://github.com/sasha-s/go-deadlock/ to detect potential deadlocks
-test_with_deadlock:
-	make set_with_deadlock
-	make test
-	make cleanup_after_test_with_deadlock
-
-set_with_deadlock:
-	find . -name "*.go" | grep -v "vendor/" | xargs -n 1 sed -i.bak 's/sync.RWMutex/deadlock.RWMutex/'
-	find . -name "*.go" | grep -v "vendor/" | xargs -n 1 sed -i.bak 's/sync.Mutex/deadlock.Mutex/'
-	find . -name "*.go" | grep -v "vendor/" | xargs -n 1 goimports -w
-
-# cleanes up after you ran test_with_deadlock
-cleanup_after_test_with_deadlock:
-	find . -name "*.go" | grep -v "vendor/" | xargs -n 1 sed -i.bak 's/deadlock.RWMutex/sync.RWMutex/'
-	find . -name "*.go" | grep -v "vendor/" | xargs -n 1 sed -i.bak 's/deadlock.Mutex/sync.Mutex/'
-	find . -name "*.go" | grep -v "vendor/" | xargs -n 1 goimports -w
 
 ########################################
 ### Formatting, linting, and vetting
@@ -269,12 +169,19 @@ build-docker:
 ### Local testnet using docker
 
 # Build linux binary on other platforms
-build-linux: get_tools
+build-linux: tools
 	GOOS=linux GOARCH=amd64 $(MAKE) build
 
 build-docker-localnode:
 	@cd networks/local && make
 
+# Runs `make build_c` from within an Amazon Linux (v2)-based Docker build
+# container in order to build an Amazon Linux-compatible binary. Produces a
+# compatible binary at ./build/tendermint
+build_c-amazonlinux:
+	$(MAKE) -C ./DOCKER build_amazonlinux_buildimage
+	docker run --rm -it -v `pwd`:/tendermint tendermint/tendermint:build_c-amazonlinux
+
 # Run a 4-node testnet locally
 localnet-start: localnet-stop build-docker-localnode
 	@if ! [ -f build/node0/config/genesis.json ]; then docker run --rm -v $(CURDIR)/build:/tendermint:Z tendermint/localnode testnet --config /etc/tendermint/config-template.toml --v 4 --o . --populate-persistent-peers --starting-ip-address 192.167.10.2; fi
@@ -304,11 +211,27 @@ sentry-stop:
 	@if [ -z "$(DO_API_TOKEN)" ]; then echo "DO_API_TOKEN environment variable not set." ; false ; fi
 	cd networks/remote/terraform && terraform destroy -var DO_API_TOKEN="$(DO_API_TOKEN)" -var SSH_KEY_FILE="$(HOME)/.ssh/id_rsa.pub"
 
-# meant for the CI, inspect script & adapt accordingly
-build-slate:
-	bash scripts/slate.sh
+# Build hooks for dredd, to skip or add information on some steps
+build-contract-tests-hooks:
+ifeq ($(OS),Windows_NT)
+	go build -mod=readonly $(BUILD_FLAGS) -o build/contract_tests.exe ./cmd/contract_tests
+else
+	go build -mod=readonly $(BUILD_FLAGS) -o build/contract_tests ./cmd/contract_tests
+endif
+
+# Run a nodejs tool to test endpoints against a localnet
+# The command takes care of starting and stopping the network
+# prerequisits: build-contract-tests-hooks build-linux
+# the two build commands were not added to let this command run from generic containers or machines.
+# The binaries should be built beforehand
+contract-tests:
+	dredd
 
 # To avoid unintended conflicts with file names, always add to .PHONY
 # unless there is a reason not to.
 # https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html
-.PHONY: check build build_race build_abci dist install install_abci check_tools get_tools update_tools draw_deps get_protoc protoc_abci protoc_libs gen_certs clean_certs grpc_dbserver test_cover test_apps test_persistence test_p2p test test_race test_integrations test_release test100 vagrant_test fmt rpc-docs build-linux localnet-start localnet-stop build-docker build-docker-localnode sentry-start sentry-config sentry-stop build-slate protoc_grpc protoc_all build_c install_c test_with_deadlock cleanup_after_test_with_deadlock lint
+.PHONY: check build build_race build_abci dist install install_abci check_tools tools update_tools draw_deps \
+ 	get_protoc protoc_abci protoc_libs gen_certs clean_certs grpc_dbserver fmt rpc-docs build-linux localnet-start \
+ 	localnet-stop build-docker build-docker-localnode sentry-start sentry-config sentry-stop protoc_grpc protoc_all \
+ 	build_c install_c test_with_deadlock cleanup_after_test_with_deadlock lint build-contract-tests-hooks contract-tests \
+	build_c-amazonlinux

README.md

@@ -74,9 +74,8 @@ and the [contributing guidelines](CONTRIBUTING.md) when submitting code.
 Join the larger community on the [forum](https://forum.cosmos.network/) and the [chat](https://riot.im/app/#/room/#tendermint:matrix.org).
 
 To learn more about the structure of the software, watch the [Developer
-Sessions](https://www.youtube.com/playlist?list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv)
-and read some [Architectural
-Decision Records](https://github.com/tendermint/tendermint/tree/master/docs/architecture).
+Sessions](/docs/DEV_SESSIONS.md) and read some [Architectural Decision
+Records](https://github.com/tendermint/tendermint/tree/master/docs/architecture).
 
 Learn more by reading the code and comparing it to the
 [specification](https://github.com/tendermint/tendermint/tree/develop/docs/spec).

ROADMAP.md

@@ -1,23 +0,0 @@
-# Roadmap
-
-BREAKING CHANGES:
-- Better support for injecting randomness
-- Upgrade consensus for more real-time use of evidence
-
-FEATURES:
-- Use the chain as its own CA for nodes and validators
-- Tooling to run multiple blockchains/apps, possibly in a single process
-- State syncing (without transaction replay)
-- Add authentication and rate-limitting to the RPC
-
-IMPROVEMENTS:
-- Improve subtleties around mempool caching and logic
-- Consensus optimizations:
-	- cache block parts for faster agreement after round changes
-	- propagate block parts rarest first
-- Better testing of the consensus state machine (ie. use a DSL)
-- Auto compiled serialization/deserialization code instead of go-wire reflection
-
-BUG FIXES:
-- Graceful handling/recovery for apps that have non-determinism or fail to halt
-- Graceful handling/recovery for violations of safety, or liveness

Vagrantfile

@@ -57,6 +57,6 @@ Vagrant.configure("2") do |config|
 
     # get all deps and tools, ready to install/test
     su - vagrant  -c 'source /home/vagrant/.bash_profile'
-    su - vagrant -c 'cd /home/vagrant/go/src/github.com/tendermint/tendermint && make get_tools'
+    su - vagrant -c 'cd /home/vagrant/go/src/github.com/tendermint/tendermint && make tools'
   SHELL
 end

abci/example/kvstore/kvstore_test.go

@@ -18,6 +18,11 @@ import (
 	"github.com/tendermint/tendermint/abci/types"
 )
 
+const (
+	testKey   = "abc"
+	testValue = "def"
+)
+
 func testKVStore(t *testing.T, app types.Application, tx []byte, key, value string) {
 	req := types.RequestDeliverTx{Tx: tx}
 	ar := app.DeliverTx(req)
@@ -46,12 +51,12 @@ func testKVStore(t *testing.T, app types.Application, tx []byte, key, value stri
 
 func TestKVStoreKV(t *testing.T) {
 	kvstore := NewKVStoreApplication()
-	key := "abc"
+	key := testKey
 	value := key
 	tx := []byte(key)
 	testKVStore(t, kvstore, tx, key, value)
 
-	value = "def"
+	value = testValue
 	tx = []byte(key + "=" + value)
 	testKVStore(t, kvstore, tx, key, value)
 }
@@ -62,12 +67,12 @@ func TestPersistentKVStoreKV(t *testing.T) {
 		t.Fatal(err)
 	}
 	kvstore := NewPersistentKVStoreApplication(dir)
-	key := "abc"
+	key := testKey
 	value := key
 	tx := []byte(key)
 	testKVStore(t, kvstore, tx, key, value)
 
-	value = "def"
+	value = testValue
 	tx = []byte(key + "=" + value)
 	testKVStore(t, kvstore, tx, key, value)
 }
@@ -90,7 +95,7 @@ func TestPersistentKVStoreInfo(t *testing.T) {
 	height = int64(1)
 	hash := []byte("foo")
 	header := types.Header{
-		Height: int64(height),
+		Height: height,
 	}
 	kvstore.BeginBlock(types.RequestBeginBlock{Hash: hash, Header: header})
 	kvstore.EndBlock(types.RequestEndBlock{Height: header.Height})
@@ -272,12 +277,12 @@ func TestClientServer(t *testing.T) {
 
 func runClientTests(t *testing.T, client abcicli.Client) {
 	// run some tests....
-	key := "abc"
+	key := testKey
 	value := key
 	tx := []byte(key)
 	testClient(t, client, tx, key, value)
 
-	value = "def"
+	value = testValue
 	tx = []byte(key + "=" + value)
 	testClient(t, client, tx, key, value)
 }

abci/example/kvstore/persistent_kvstore.go

@@ -198,7 +198,7 @@ func (app *PersistentKVStoreApplication) execValidatorTx(tx []byte) types.Respon
 	}
 
 	// update
-	return app.updateValidator(types.Ed25519ValidatorUpdate(pubkey, int64(power)))
+	return app.updateValidator(types.Ed25519ValidatorUpdate(pubkey, power))
 }
 
 // add, update, or remove a validator

abci/tests/test_app/test.sh

@@ -3,9 +3,8 @@ set -e
 
 # These tests spawn the counter app and server by execing the ABCI_APP command and run some simple client tests against it
 
-export GO111MODULE=on
-
 # Get the directory of where this script is.
+export PATH="$GOBIN:$PATH"
 SOURCE="${BASH_SOURCE[0]}"
 while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done
 DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"

abci/tests/test_cli/test.sh

@@ -2,6 +2,7 @@
 set -e
 
 # Get the root directory.
+export PATH="$GOBIN:$PATH"
 SOURCE="${BASH_SOURCE[0]}"
 while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done
 DIR="$( cd -P "$( dirname "$SOURCE" )/../.." && pwd )"

abci/types/protoreplace/protoreplace.go

@@ -40,7 +40,7 @@ func main() {
 		}
 		if writeImportTime && !wroteImport {
 			wroteImport = true
-			fmt.Fprintf(outFile, "import \"github.com/tendermint/go-wire/data\"\n")
+			fmt.Fprintf(outFile, "import \"github.com/tendermint/go-amino/data\"\n")
 
 		}
 		if gotPackageLine {

blockchain/v0/reactor_test.go

@@ -6,13 +6,13 @@ import (
 	"testing"
 	"time"
 
+	"github.com/pkg/errors"
 	"github.com/tendermint/tendermint/store"
 
 	"github.com/stretchr/testify/assert"
 
 	abci "github.com/tendermint/tendermint/abci/types"
 	cfg "github.com/tendermint/tendermint/config"
-	cmn "github.com/tendermint/tendermint/libs/common"
 	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/mock"
 	"github.com/tendermint/tendermint/p2p"
@@ -60,7 +60,7 @@ func newBlockchainReactor(logger log.Logger, genDoc *types.GenesisDoc, privVals
 	proxyApp := proxy.NewAppConns(cc)
 	err := proxyApp.Start()
 	if err != nil {
-		panic(cmn.ErrorWrap(err, "error start app"))
+		panic(errors.Wrap(err, "error start app"))
 	}
 
 	blockDB := dbm.NewMemDB()
@@ -69,7 +69,7 @@ func newBlockchainReactor(logger log.Logger, genDoc *types.GenesisDoc, privVals
 
 	state, err := sm.LoadStateFromDBOrGenesisDoc(stateDB, genDoc)
 	if err != nil {
-		panic(cmn.ErrorWrap(err, "error constructing state from genesis file"))
+		panic(errors.Wrap(err, "error constructing state from genesis file"))
 	}
 
 	// Make the BlockchainReactor itself.
@@ -103,7 +103,7 @@ func newBlockchainReactor(logger log.Logger, genDoc *types.GenesisDoc, privVals
 
 		state, err = blockExec.ApplyBlock(state, blockID, thisBlock)
 		if err != nil {
-			panic(cmn.ErrorWrap(err, "error apply block"))
+			panic(errors.Wrap(err, "error apply block"))
 		}
 
 		blockStore.SaveBlock(thisBlock, thisParts, lastCommit)
@@ -246,6 +246,86 @@ func TestBadBlockStopsPeer(t *testing.T) {
 	assert.True(t, lastReactorPair.reactor.Switch.Peers().Size() < len(reactorPairs)-1)
 }
 
+func TestBcBlockRequestMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName      string
+		requestHeight int64
+		expectErr     bool
+	}{
+		{"Valid Request Message", 0, false},
+		{"Valid Request Message", 1, false},
+		{"Invalid Request Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			request := bcBlockRequestMessage{Height: tc.requestHeight}
+			assert.Equal(t, tc.expectErr, request.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestBcNoBlockResponseMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName          string
+		nonResponseHeight int64
+		expectErr         bool
+	}{
+		{"Valid Non-Response Message", 0, false},
+		{"Valid Non-Response Message", 1, false},
+		{"Invalid Non-Response Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			nonResponse := bcNoBlockResponseMessage{Height: tc.nonResponseHeight}
+			assert.Equal(t, tc.expectErr, nonResponse.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestBcStatusRequestMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName      string
+		requestHeight int64
+		expectErr     bool
+	}{
+		{"Valid Request Message", 0, false},
+		{"Valid Request Message", 1, false},
+		{"Invalid Request Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			request := bcStatusRequestMessage{Height: tc.requestHeight}
+			assert.Equal(t, tc.expectErr, request.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestBcStatusResponseMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName       string
+		responseHeight int64
+		expectErr      bool
+	}{
+		{"Valid Response Message", 0, false},
+		{"Valid Response Message", 1, false},
+		{"Invalid Response Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			response := bcStatusResponseMessage{Height: tc.responseHeight}
+			assert.Equal(t, tc.expectErr, response.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
 //----------------------------------------------
 // utility funcs
 

blockchain/v1/peer_test.go

@@ -125,6 +125,7 @@ func TestPeerGetAndRemoveBlock(t *testing.T) {
 	}
 
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			// try to get the block
 			b, err := peer.BlockAtHeight(tt.height)
@@ -167,6 +168,7 @@ func TestPeerAddBlock(t *testing.T) {
 	}
 
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			// try to get the block
 			err := peer.AddBlock(makeSmallBlock(int(tt.height)), 10)

blockchain/v1/pool.go

@@ -191,7 +191,7 @@ func (pool *BlockPool) makeRequestBatch(maxNumRequests int) []int {
 	// - FSM timed out on waiting to advance the block execution due to missing blocks at h or h+1
 	// Determine the number of requests needed by subtracting the number of requests already made from the maximum
 	// allowed
-	numNeeded := int(maxNumRequests) - len(pool.blocks)
+	numNeeded := maxNumRequests - len(pool.blocks)
 	for len(pool.plannedRequests) < numNeeded {
 		if pool.nextRequestHeight > pool.MaxPeerHeight {
 			break

blockchain/v1/pool_test.go

@@ -77,10 +77,10 @@ func makeBlockPool(bcr *testBcR, height int64, peers []BpPeer, blocks map[int64]
 	bPool.MaxPeerHeight = maxH
 	for h, p := range blocks {
 		bPool.blocks[h] = p.id
-		bPool.peers[p.id].RequestSent(int64(h))
+		bPool.peers[p.id].RequestSent(h)
 		if p.create {
 			// simulate that a block at height h has been received
-			_ = bPool.peers[p.id].AddBlock(types.MakeBlock(int64(h), txs, nil, nil), 100)
+			_ = bPool.peers[p.id].AddBlock(types.MakeBlock(h, txs, nil, nil), 100)
 		}
 	}
 	return bPool
@@ -159,6 +159,7 @@ func TestBlockPoolUpdatePeer(t *testing.T) {
 	}
 
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			pool := tt.pool
 			err := pool.UpdatePeer(tt.args.id, tt.args.height)
@@ -232,6 +233,7 @@ func TestBlockPoolRemovePeer(t *testing.T) {
 	}
 
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			tt.pool.RemovePeer(tt.args.peerID, tt.args.err)
 			assertBlockPoolEquivalent(t, tt.poolWanted, tt.pool)
@@ -272,6 +274,7 @@ func TestBlockPoolRemoveShortPeers(t *testing.T) {
 	}
 
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			pool := tt.pool
 			pool.removeShortPeers()
@@ -317,6 +320,7 @@ func TestBlockPoolSendRequestBatch(t *testing.T) {
 	}
 
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			resetPoolTestResults()
 
@@ -421,6 +425,7 @@ func TestBlockPoolAddBlock(t *testing.T) {
 	}
 
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			err := tt.pool.AddBlock(tt.args.peerID, tt.args.block, tt.args.blockSize)
 			assert.Equal(t, tt.errWanted, err)
@@ -473,6 +478,7 @@ func TestBlockPoolFirstTwoBlocksAndPeers(t *testing.T) {
 	}
 
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			pool := tt.pool
 			gotFirst, gotSecond, err := pool.FirstTwoBlocksAndPeers()
@@ -544,6 +550,7 @@ func TestBlockPoolInvalidateFirstTwoBlocks(t *testing.T) {
 	}
 
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			tt.pool.InvalidateFirstTwoBlocks(errNoPeerResponse)
 			assertBlockPoolEquivalent(t, tt.poolWanted, tt.pool)
@@ -584,6 +591,7 @@ func TestProcessedCurrentHeightBlock(t *testing.T) {
 	}
 
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			tt.pool.ProcessedCurrentHeightBlock()
 			assertBlockPoolEquivalent(t, tt.poolWanted, tt.pool)
@@ -642,6 +650,7 @@ func TestRemovePeerAtCurrentHeight(t *testing.T) {
 	}
 
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			tt.pool.RemovePeerAtCurrentHeights(errNoPeerResponse)
 			assertBlockPoolEquivalent(t, tt.poolWanted, tt.pool)

blockchain/v1/reactor_fsm_test.go

@@ -140,7 +140,7 @@ func sBlockRespEv(current, expected string, peerID p2p.ID, height int64, prevBlo
 		data: bReactorEventData{
 			peerID: peerID,
 			height: height,
-			block:  types.MakeBlock(int64(height), txs, nil, nil),
+			block:  types.MakeBlock(height, txs, nil, nil),
 			length: 100},
 		wantState:     expected,
 		wantNewBlocks: append(prevBlocks, height),
@@ -157,7 +157,7 @@ func sBlockRespEvErrored(current, expected string,
 		data: bReactorEventData{
 			peerID: peerID,
 			height: height,
-			block:  types.MakeBlock(int64(height), txs, nil, nil),
+			block:  types.MakeBlock(height, txs, nil, nil),
 			length: 100},
 		wantState:        expected,
 		wantErr:          wantErr,
@@ -211,6 +211,7 @@ type testFields struct {
 
 func executeFSMTests(t *testing.T, tests []testFields, matchRespToReq bool) {
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			// Create test reactor
 			testBcR := newTestReactor(tt.startingHeight)
@@ -220,6 +221,7 @@ func executeFSMTests(t *testing.T, tests []testFields, matchRespToReq bool) {
 			}
 
 			for _, step := range tt.steps {
+				step := step
 				assert.Equal(t, step.currentState, testBcR.fsm.state.name)
 
 				var heightBefore int64
@@ -769,7 +771,7 @@ forLoop:
 	for i := 0; i < int(numBlocks); i++ {
 
 		// Add the makeRequestEv step periodically.
-		if i%int(maxRequestsPerPeer) == 0 {
+		if i%maxRequestsPerPeer == 0 {
 			testSteps = append(
 				testSteps,
 				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
@@ -786,7 +788,7 @@ forLoop:
 		numBlocksReceived++
 
 		// Add the processedBlockEv step periodically.
-		if numBlocksReceived >= int(maxRequestsPerPeer) || height >= numBlocks {
+		if numBlocksReceived >= maxRequestsPerPeer || height >= numBlocks {
 			for j := int(height) - numBlocksReceived; j < int(height); j++ {
 				if j >= int(numBlocks) {
 					// This is the last block that is processed, we should be in "finished" state.
@@ -829,7 +831,7 @@ func makeCorrectTransitionSequenceWithRandomParameters() testFields {
 	maxRequestsPerPeer := cmn.RandIntn(maxRequestsPerPeerTest) + 1
 
 	// Generate the maximum number of total pending requests, >= maxRequestsPerPeer.
-	maxPendingRequests := cmn.RandIntn(maxTotalPendingRequestsTest-int(maxRequestsPerPeer)) + maxRequestsPerPeer
+	maxPendingRequests := cmn.RandIntn(maxTotalPendingRequestsTest-maxRequestsPerPeer) + maxRequestsPerPeer
 
 	// Generate the number of blocks to be synced.
 	numBlocks := int64(cmn.RandIntn(maxNumBlocksInChainTest)) + startingHeight
@@ -862,6 +864,7 @@ func TestFSMCorrectTransitionSequences(t *testing.T) {
 	}
 
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			// Create test reactor
 			testBcR := newTestReactor(tt.startingHeight)
@@ -871,6 +874,7 @@ func TestFSMCorrectTransitionSequences(t *testing.T) {
 			}
 
 			for _, step := range tt.steps {
+				step := step
 				assert.Equal(t, step.currentState, testBcR.fsm.state.name)
 
 				oldNumStatusRequests := testBcR.numStatusRequests

blockchain/v1/reactor_test.go

@@ -8,10 +8,10 @@ import (
 	"testing"
 	"time"
 
+	"github.com/pkg/errors"
 	"github.com/stretchr/testify/assert"
 	abci "github.com/tendermint/tendermint/abci/types"
 	cfg "github.com/tendermint/tendermint/config"
-	cmn "github.com/tendermint/tendermint/libs/common"
 	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/mock"
 	"github.com/tendermint/tendermint/p2p"
@@ -78,7 +78,7 @@ func newBlockchainReactor(logger log.Logger, genDoc *types.GenesisDoc, privVals
 	proxyApp := proxy.NewAppConns(cc)
 	err := proxyApp.Start()
 	if err != nil {
-		panic(cmn.ErrorWrap(err, "error start app"))
+		panic(errors.Wrap(err, "error start app"))
 	}
 
 	blockDB := dbm.NewMemDB()
@@ -87,7 +87,7 @@ func newBlockchainReactor(logger log.Logger, genDoc *types.GenesisDoc, privVals
 
 	state, err := sm.LoadStateFromDBOrGenesisDoc(stateDB, genDoc)
 	if err != nil {
-		panic(cmn.ErrorWrap(err, "error constructing state from genesis file"))
+		panic(errors.Wrap(err, "error constructing state from genesis file"))
 	}
 
 	// Make the BlockchainReactor itself.
@@ -117,7 +117,7 @@ func newBlockchainReactor(logger log.Logger, genDoc *types.GenesisDoc, privVals
 
 		state, err = blockExec.ApplyBlock(state, blockID, thisBlock)
 		if err != nil {
-			panic(cmn.ErrorWrap(err, "error apply block"))
+			panic(errors.Wrap(err, "error apply block"))
 		}
 
 		blockStore.SaveBlock(thisBlock, thisParts, lastCommit)
@@ -317,6 +317,86 @@ outerFor:
 	assert.True(t, lastReactorPair.bcR.Switch.Peers().Size() < len(reactorPairs)-1)
 }
 
+func TestBcBlockRequestMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName      string
+		requestHeight int64
+		expectErr     bool
+	}{
+		{"Valid Request Message", 0, false},
+		{"Valid Request Message", 1, false},
+		{"Invalid Request Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			request := bcBlockRequestMessage{Height: tc.requestHeight}
+			assert.Equal(t, tc.expectErr, request.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestBcNoBlockResponseMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName          string
+		nonResponseHeight int64
+		expectErr         bool
+	}{
+		{"Valid Non-Response Message", 0, false},
+		{"Valid Non-Response Message", 1, false},
+		{"Invalid Non-Response Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			nonResponse := bcNoBlockResponseMessage{Height: tc.nonResponseHeight}
+			assert.Equal(t, tc.expectErr, nonResponse.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestBcStatusRequestMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName      string
+		requestHeight int64
+		expectErr     bool
+	}{
+		{"Valid Request Message", 0, false},
+		{"Valid Request Message", 1, false},
+		{"Invalid Request Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			request := bcStatusRequestMessage{Height: tc.requestHeight}
+			assert.Equal(t, tc.expectErr, request.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestBcStatusResponseMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName       string
+		responseHeight int64
+		expectErr      bool
+	}{
+		{"Valid Response Message", 0, false},
+		{"Valid Response Message", 1, false},
+		{"Invalid Response Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			response := bcStatusResponseMessage{Height: tc.responseHeight}
+			assert.Equal(t, tc.expectErr, response.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
 //----------------------------------------------
 // utility funcs
 

blockchain/v2/schedule.go

@@ -0,0 +1,387 @@
+// nolint:unused
+package v2
+
+import (
+	"fmt"
+	"math"
+	"math/rand"
+	"time"
+
+	"github.com/tendermint/tendermint/p2p"
+)
+
+type Event interface{}
+
+type blockState int
+
+const (
+	blockStateUnknown blockState = iota
+	blockStateNew
+	blockStatePending
+	blockStateReceived
+	blockStateProcessed
+)
+
+func (e blockState) String() string {
+	switch e {
+	case blockStateUnknown:
+		return "Unknown"
+	case blockStateNew:
+		return "New"
+	case blockStatePending:
+		return "Pending"
+	case blockStateReceived:
+		return "Received"
+	case blockStateProcessed:
+		return "Processed"
+	default:
+		return fmt.Sprintf("unknown blockState: %d", e)
+	}
+}
+
+type peerState int
+
+const (
+	peerStateNew = iota
+	peerStateReady
+	peerStateRemoved
+)
+
+func (e peerState) String() string {
+	switch e {
+	case peerStateNew:
+		return "New"
+	case peerStateReady:
+		return "Ready"
+	case peerStateRemoved:
+		return "Removed"
+	default:
+		return fmt.Sprintf("unknown peerState: %d", e)
+	}
+}
+
+type scPeer struct {
+	peerID      p2p.ID
+	state       peerState
+	height      int64
+	lastTouched time.Time
+	lastRate    int64
+}
+
+func newScPeer(peerID p2p.ID) *scPeer {
+	return &scPeer{
+		peerID:      peerID,
+		state:       peerStateNew,
+		height:      -1,
+		lastTouched: time.Time{},
+	}
+}
+
+// The schedule is a composite data structure which allows a scheduler to keep
+// track of which blocks have been scheduled into which state.
+type schedule struct {
+	initHeight int64
+	// a list of blocks in which blockState
+	blockStates map[int64]blockState
+
+	// a map of peerID to schedule specific peer struct `scPeer` used to keep
+	// track of peer specific state
+	peers map[p2p.ID]*scPeer
+
+	// a map of heights to the peer we are waiting for a response from
+	pendingBlocks map[int64]p2p.ID
+
+	// the time at which a block was put in blockStatePending
+	pendingTime map[int64]time.Time
+
+	// the peerID of the peer which put the block in blockStateReceived
+	receivedBlocks map[int64]p2p.ID
+}
+
+func newSchedule(initHeight int64) *schedule {
+	sc := schedule{
+		initHeight:     initHeight,
+		blockStates:    make(map[int64]blockState),
+		peers:          make(map[p2p.ID]*scPeer),
+		pendingBlocks:  make(map[int64]p2p.ID),
+		pendingTime:    make(map[int64]time.Time),
+		receivedBlocks: make(map[int64]p2p.ID),
+	}
+
+	sc.setStateAtHeight(initHeight, blockStateNew)
+
+	return &sc
+}
+
+func (sc *schedule) addPeer(peerID p2p.ID) error {
+	if _, ok := sc.peers[peerID]; ok {
+		return fmt.Errorf("Cannot add duplicate peer %s", peerID)
+	}
+	sc.peers[peerID] = newScPeer(peerID)
+	return nil
+}
+
+func (sc *schedule) touchPeer(peerID p2p.ID, time time.Time) error {
+	peer, ok := sc.peers[peerID]
+	if !ok {
+		return fmt.Errorf("Couldn't find peer %s", peerID)
+	}
+
+	if peer.state == peerStateRemoved {
+		return fmt.Errorf("Tried to touch peer in peerStateRemoved")
+	}
+
+	peer.lastTouched = time
+
+	return nil
+}
+
+func (sc *schedule) removePeer(peerID p2p.ID) error {
+	peer, ok := sc.peers[peerID]
+	if !ok {
+		return fmt.Errorf("Couldn't find peer %s", peerID)
+	}
+
+	if peer.state == peerStateRemoved {
+		return fmt.Errorf("Tried to remove peer %s in peerStateRemoved", peerID)
+	}
+
+	for height, pendingPeerID := range sc.pendingBlocks {
+		if pendingPeerID == peerID {
+			sc.setStateAtHeight(height, blockStateNew)
+			delete(sc.pendingTime, height)
+			delete(sc.pendingBlocks, height)
+		}
+	}
+
+	for height, rcvPeerID := range sc.receivedBlocks {
+		if rcvPeerID == peerID {
+			sc.setStateAtHeight(height, blockStateNew)
+			delete(sc.receivedBlocks, height)
+		}
+	}
+
+	peer.state = peerStateRemoved
+
+	return nil
+}
+
+func (sc *schedule) setPeerHeight(peerID p2p.ID, height int64) error {
+	peer, ok := sc.peers[peerID]
+	if !ok {
+		return fmt.Errorf("Can't find peer %s", peerID)
+	}
+
+	if peer.state == peerStateRemoved {
+		return fmt.Errorf("Cannot set peer height for a peer in peerStateRemoved")
+	}
+
+	if height < peer.height {
+		return fmt.Errorf("Cannot move peer height lower. from %d to %d", peer.height, height)
+	}
+
+	peer.height = height
+	peer.state = peerStateReady
+	for i := sc.minHeight(); i <= height; i++ {
+		if sc.getStateAtHeight(i) == blockStateUnknown {
+			sc.setStateAtHeight(i, blockStateNew)
+		}
+	}
+
+	return nil
+}
+
+func (sc *schedule) getStateAtHeight(height int64) blockState {
+	if height < sc.initHeight {
+		return blockStateProcessed
+	} else if state, ok := sc.blockStates[height]; ok {
+		return state
+	} else {
+		return blockStateUnknown
+	}
+}
+
+func (sc *schedule) getPeersAtHeight(height int64) []*scPeer {
+	peers := []*scPeer{}
+	for _, peer := range sc.peers {
+		if peer.height >= height {
+			peers = append(peers, peer)
+		}
+	}
+
+	return peers
+}
+
+func (sc *schedule) peersInactiveSince(duration time.Duration, now time.Time) []p2p.ID {
+	peers := []p2p.ID{}
+	for _, peer := range sc.peers {
+		if now.Sub(peer.lastTouched) > duration {
+			peers = append(peers, peer.peerID)
+		}
+	}
+
+	return peers
+}
+
+func (sc *schedule) peersSlowerThan(minSpeed int64) []p2p.ID {
+	peers := []p2p.ID{}
+	for _, peer := range sc.peers {
+		if peer.lastRate < minSpeed {
+			peers = append(peers, peer.peerID)
+		}
+	}
+
+	return peers
+}
+
+func (sc *schedule) setStateAtHeight(height int64, state blockState) {
+	sc.blockStates[height] = state
+}
+
+func (sc *schedule) markReceived(peerID p2p.ID, height int64, size int64, now time.Time) error {
+	peer, ok := sc.peers[peerID]
+	if !ok {
+		return fmt.Errorf("Can't find peer %s", peerID)
+	}
+
+	if peer.state == peerStateRemoved {
+		return fmt.Errorf("Cannot receive blocks from removed peer %s", peerID)
+	}
+
+	if state := sc.getStateAtHeight(height); state != blockStatePending || sc.pendingBlocks[height] != peerID {
+		return fmt.Errorf("Received block %d from peer %s without being requested", height, peerID)
+	}
+
+	pendingTime, ok := sc.pendingTime[height]
+	if !ok || now.Sub(pendingTime) <= 0 {
+		return fmt.Errorf("Clock error. Block %d received at %s but requested at %s",
+			height, pendingTime, now)
+	}
+
+	peer.lastRate = size / int64(now.Sub(pendingTime).Seconds())
+
+	sc.setStateAtHeight(height, blockStateReceived)
+	delete(sc.pendingBlocks, height)
+	delete(sc.pendingTime, height)
+
+	sc.receivedBlocks[height] = peerID
+
+	return nil
+}
+
+func (sc *schedule) markPending(peerID p2p.ID, height int64, time time.Time) error {
+	peer, ok := sc.peers[peerID]
+	if !ok {
+		return fmt.Errorf("Can't find peer %s", peerID)
+	}
+
+	state := sc.getStateAtHeight(height)
+	if state != blockStateNew {
+		return fmt.Errorf("Block %d should be in blockStateNew but was %s", height, state)
+	}
+
+	if peer.state != peerStateReady {
+		return fmt.Errorf("Cannot schedule %d from %s in %s", height, peerID, peer.state)
+	}
+
+	if height > peer.height {
+		return fmt.Errorf("Cannot request height %d from peer %s who is at height %d",
+			height, peerID, peer.height)
+	}
+
+	sc.setStateAtHeight(height, blockStatePending)
+	sc.pendingBlocks[height] = peerID
+	// XXX: to make this more accurate we can introduce a message from
+	// the IO routine which indicates the time the request was put on the wire
+	sc.pendingTime[height] = time
+
+	return nil
+}
+
+func (sc *schedule) markProcessed(height int64) error {
+	state := sc.getStateAtHeight(height)
+	if state != blockStateReceived {
+		return fmt.Errorf("Can't mark height %d received from block state %s", height, state)
+	}
+
+	delete(sc.receivedBlocks, height)
+
+	sc.setStateAtHeight(height, blockStateProcessed)
+
+	return nil
+}
+
+// allBlockProcessed returns true if all blocks are in blockStateProcessed and
+// determines if the schedule has been completed
+func (sc *schedule) allBlocksProcessed() bool {
+	for _, state := range sc.blockStates {
+		if state != blockStateProcessed {
+			return false
+		}
+	}
+	return true
+}
+
+// highest block | state == blockStateNew
+func (sc *schedule) maxHeight() int64 {
+	var max int64 = 0
+	for height, state := range sc.blockStates {
+		if state == blockStateNew && height > max {
+			max = height
+		}
+	}
+
+	return max
+}
+
+// lowest block | state == blockStateNew
+func (sc *schedule) minHeight() int64 {
+	var min int64 = math.MaxInt64
+	for height, state := range sc.blockStates {
+		if state == blockStateNew && height < min {
+			min = height
+		}
+	}
+
+	return min
+}
+
+func (sc *schedule) pendingFrom(peerID p2p.ID) []int64 {
+	heights := []int64{}
+	for height, pendingPeerID := range sc.pendingBlocks {
+		if pendingPeerID == peerID {
+			heights = append(heights, height)
+		}
+	}
+	return heights
+}
+
+func (sc *schedule) selectPeer(peers []*scPeer) *scPeer {
+	// FIXME: properPeerSelector
+	s := rand.NewSource(time.Now().Unix())
+	r := rand.New(s)
+
+	return peers[r.Intn(len(peers))]
+}
+
+// XXX: this duplicates the logic of peersInactiveSince and peersSlowerThan
+func (sc *schedule) prunablePeers(peerTimout time.Duration, minRecvRate int64, now time.Time) []p2p.ID {
+	prunable := []p2p.ID{}
+	for peerID, peer := range sc.peers {
+		if now.Sub(peer.lastTouched) > peerTimout || peer.lastRate < minRecvRate {
+			prunable = append(prunable, peerID)
+		}
+	}
+
+	return prunable
+}
+
+func (sc *schedule) numBlockInState(targetState blockState) uint32 {
+	var num uint32 = 0
+	for _, state := range sc.blockStates {
+		if state == targetState {
+			num++
+		}
+	}
+	return num
+}

blockchain/v2/schedule_test.go

@@ -0,0 +1,272 @@
+package v2
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/tendermint/tendermint/p2p"
+)
+
+func TestScheduleInit(t *testing.T) {
+	var (
+		initHeight int64 = 5
+		sc               = newSchedule(initHeight)
+	)
+
+	assert.Equal(t, blockStateNew, sc.getStateAtHeight(initHeight))
+	assert.Equal(t, blockStateProcessed, sc.getStateAtHeight(initHeight-1))
+	assert.Equal(t, blockStateUnknown, sc.getStateAtHeight(initHeight+1))
+}
+
+func TestAddPeer(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		peerIDTwo  p2p.ID = "2"
+		sc                = newSchedule(initHeight)
+	)
+
+	assert.Nil(t, sc.addPeer(peerID))
+	assert.Nil(t, sc.addPeer(peerIDTwo))
+	assert.Error(t, sc.addPeer(peerID))
+}
+
+func TestTouchPeer(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		sc                = newSchedule(initHeight)
+		now               = time.Now()
+	)
+
+	assert.Error(t, sc.touchPeer(peerID, now),
+		"Touching an unknown peer should return errPeerNotFound")
+
+	assert.Nil(t, sc.addPeer(peerID),
+		"Adding a peer should return no error")
+	assert.Nil(t, sc.touchPeer(peerID, now),
+		"Touching a peer should return no error")
+
+	threshold := 10 * time.Second
+	assert.Empty(t, sc.peersInactiveSince(threshold, now.Add(9*time.Second)),
+		"Expected no peers to have been touched over 9 seconds")
+	assert.Containsf(t, sc.peersInactiveSince(threshold, now.Add(11*time.Second)), peerID,
+		"Expected one %s to have been touched over 10 seconds ago", peerID)
+}
+
+func TestPeerHeight(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		peerHeight int64  = 20
+		sc                = newSchedule(initHeight)
+	)
+
+	assert.NoError(t, sc.addPeer(peerID),
+		"Adding a peer should return no error")
+	assert.NoError(t, sc.setPeerHeight(peerID, peerHeight))
+	for i := initHeight; i <= peerHeight; i++ {
+		assert.Equal(t, sc.getStateAtHeight(i), blockStateNew,
+			"Expected all blocks to be in blockStateNew")
+		peerIDs := []p2p.ID{}
+		for _, peer := range sc.getPeersAtHeight(i) {
+			peerIDs = append(peerIDs, peer.peerID)
+		}
+
+		assert.Containsf(t, peerIDs, peerID,
+			"Expected %s to have block %d", peerID, i)
+	}
+}
+
+func TestTransitionPending(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		peerIDTwo  p2p.ID = "2"
+		peerHeight int64  = 20
+		sc                = newSchedule(initHeight)
+		now               = time.Now()
+	)
+
+	assert.NoError(t, sc.addPeer(peerID),
+		"Adding a peer should return no error")
+	assert.Nil(t, sc.addPeer(peerIDTwo),
+		"Adding a peer should return no error")
+
+	assert.Error(t, sc.markPending(peerID, peerHeight, now),
+		"Expected scheduling a block from a peer in peerStateNew to fail")
+
+	assert.NoError(t, sc.setPeerHeight(peerID, peerHeight),
+		"Expected setPeerHeight to return no error")
+	assert.NoError(t, sc.setPeerHeight(peerIDTwo, peerHeight),
+		"Expected setPeerHeight to return no error")
+
+	assert.NoError(t, sc.markPending(peerID, peerHeight, now),
+		"Expected markingPending new block to succeed")
+	assert.Error(t, sc.markPending(peerIDTwo, peerHeight, now),
+		"Expected markingPending by a second peer to fail")
+
+	assert.Equal(t, blockStatePending, sc.getStateAtHeight(peerHeight),
+		"Expected the block to to be in blockStatePending")
+
+	assert.NoError(t, sc.removePeer(peerID),
+		"Expected removePeer to return no error")
+
+	assert.Equal(t, blockStateNew, sc.getStateAtHeight(peerHeight),
+		"Expected the block to to be in blockStateNew")
+
+	assert.Error(t, sc.markPending(peerID, peerHeight, now),
+		"Expected markingPending removed peer to fail")
+
+	assert.NoError(t, sc.markPending(peerIDTwo, peerHeight, now),
+		"Expected markingPending on a ready peer to succeed")
+
+	assert.Equal(t, blockStatePending, sc.getStateAtHeight(peerHeight),
+		"Expected the block to to be in blockStatePending")
+}
+
+func TestTransitionReceived(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		peerIDTwo  p2p.ID = "2"
+		peerHeight int64  = 20
+		blockSize  int64  = 1024
+		sc                = newSchedule(initHeight)
+		now               = time.Now()
+		receivedAt        = now.Add(1 * time.Second)
+	)
+
+	assert.NoError(t, sc.addPeer(peerID),
+		"Expected adding peer %s to succeed", peerID)
+	assert.NoError(t, sc.addPeer(peerIDTwo),
+		"Expected adding peer %s to succeed", peerIDTwo)
+	assert.NoError(t, sc.setPeerHeight(peerID, peerHeight),
+		"Expected setPeerHeight to return no error")
+	assert.NoErrorf(t, sc.setPeerHeight(peerIDTwo, peerHeight),
+		"Expected setPeerHeight on %s to %d to succeed", peerIDTwo, peerHeight)
+	assert.NoError(t, sc.markPending(peerID, initHeight, now),
+		"Expected markingPending new block to succeed")
+
+	assert.Error(t, sc.markReceived(peerIDTwo, initHeight, blockSize, receivedAt),
+		"Expected marking markReceived from a non requesting peer to fail")
+
+	assert.NoError(t, sc.markReceived(peerID, initHeight, blockSize, receivedAt),
+		"Expected marking markReceived on a pending block to succeed")
+
+	assert.Error(t, sc.markReceived(peerID, initHeight, blockSize, receivedAt),
+		"Expected marking markReceived on received block to fail")
+
+	assert.Equalf(t, blockStateReceived, sc.getStateAtHeight(initHeight),
+		"Expected block %d to be blockHeightReceived", initHeight)
+
+	assert.NoErrorf(t, sc.removePeer(peerID),
+		"Expected removePeer removing %s to succeed", peerID)
+
+	assert.Equalf(t, blockStateNew, sc.getStateAtHeight(initHeight),
+		"Expected block %d to be blockStateNew", initHeight)
+
+	assert.NoErrorf(t, sc.markPending(peerIDTwo, initHeight, now),
+		"Expected markingPending  %d from %s to succeed", initHeight, peerIDTwo)
+	assert.NoErrorf(t, sc.markReceived(peerIDTwo, initHeight, blockSize, receivedAt),
+		"Expected marking markReceived %d from %s to succeed", initHeight, peerIDTwo)
+	assert.Equalf(t, blockStateReceived, sc.getStateAtHeight(initHeight),
+		"Expected block %d to be blockStateReceived", initHeight)
+}
+
+func TestTransitionProcessed(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		peerHeight int64  = 20
+		blockSize  int64  = 1024
+		sc                = newSchedule(initHeight)
+		now               = time.Now()
+		receivedAt        = now.Add(1 * time.Second)
+	)
+
+	assert.NoError(t, sc.addPeer(peerID),
+		"Expected adding peer %s to succeed", peerID)
+	assert.NoErrorf(t, sc.setPeerHeight(peerID, peerHeight),
+		"Expected setPeerHeight on %s to %d to succeed", peerID, peerHeight)
+	assert.NoError(t, sc.markPending(peerID, initHeight, now),
+		"Expected markingPending new block to succeed")
+	assert.NoError(t, sc.markReceived(peerID, initHeight, blockSize, receivedAt),
+		"Expected marking markReceived on a pending block to succeed")
+
+	assert.Error(t, sc.markProcessed(initHeight+1),
+		"Expected marking %d as processed to fail", initHeight+1)
+	assert.NoError(t, sc.markProcessed(initHeight),
+		"Expected marking %d as processed to succeed", initHeight)
+
+	assert.Equalf(t, blockStateProcessed, sc.getStateAtHeight(initHeight),
+		"Expected block %d to be blockStateProcessed", initHeight)
+
+	assert.NoError(t, sc.removePeer(peerID),
+		"Expected removing peer %s to succeed", peerID)
+
+	assert.Equalf(t, blockStateProcessed, sc.getStateAtHeight(initHeight),
+		"Expected block %d to be blockStateProcessed", initHeight)
+}
+
+func TestMinMaxHeight(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		peerHeight int64  = 20
+		sc                = newSchedule(initHeight)
+		now               = time.Now()
+	)
+
+	assert.Equal(t, initHeight, sc.minHeight(),
+		"Expected min height to be the initialized height")
+
+	assert.Equal(t, initHeight, sc.maxHeight(),
+		"Expected max height to be the initialized height")
+
+	assert.NoError(t, sc.addPeer(peerID),
+		"Adding a peer should return no error")
+
+	assert.NoError(t, sc.setPeerHeight(peerID, peerHeight),
+		"Expected setPeerHeight to return no error")
+
+	assert.Equal(t, peerHeight, sc.maxHeight(),
+		"Expected max height to increase to peerHeight")
+
+	assert.Nil(t, sc.markPending(peerID, initHeight, now.Add(1*time.Second)),
+		"Expected marking initHeight as pending to return no error")
+
+	assert.Equal(t, initHeight+1, sc.minHeight(),
+		"Expected marking initHeight as pending to move minHeight forward")
+}
+
+func TestPeersSlowerThan(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		peerHeight int64  = 20
+		blockSize  int64  = 1024
+		sc                = newSchedule(initHeight)
+		now               = time.Now()
+		receivedAt        = now.Add(1 * time.Second)
+	)
+
+	assert.NoError(t, sc.addPeer(peerID),
+		"Adding a peer should return no error")
+
+	assert.NoError(t, sc.setPeerHeight(peerID, peerHeight),
+		"Expected setPeerHeight to return no error")
+
+	assert.NoError(t, sc.markPending(peerID, peerHeight, now),
+		"Expected markingPending on to return no error")
+
+	assert.NoError(t, sc.markReceived(peerID, peerHeight, blockSize, receivedAt),
+		"Expected markingPending on to return no error")
+
+	assert.Empty(t, sc.peersSlowerThan(blockSize-1),
+		"expected no peers to be slower than blockSize-1 bytes/sec")
+
+	assert.Containsf(t, sc.peersSlowerThan(blockSize+1), peerID,
+		"expected %s to be slower than blockSize+1 bytes/sec", peerID)
+}

cmd/contract_tests/main.go

@@ -0,0 +1,34 @@
+package main
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/snikch/goodman/hooks"
+	"github.com/snikch/goodman/transaction"
+)
+
+func main() {
+	// This must be compiled beforehand and given to dredd as parameter, in the meantime the server should be running
+	h := hooks.NewHooks()
+	server := hooks.NewServer(hooks.NewHooksRunner(h))
+	h.BeforeAll(func(t []*transaction.Transaction) {
+		fmt.Println(t[0].Name)
+	})
+	h.BeforeEach(func(t *transaction.Transaction) {
+		if strings.HasPrefix(t.Name, "Tx") ||
+			// We need a proper example of evidence to broadcast
+			strings.HasPrefix(t.Name, "Info > /broadcast_evidence") ||
+			// We need a proper example of path and data
+			strings.HasPrefix(t.Name, "ABCI > /abci_query") ||
+			// We need to find a way to make a transaction before starting the tests,
+			// that hash should replace the dummy one in hte swagger file
+			strings.HasPrefix(t.Name, "Info > /tx") {
+			t.Skip = true
+			fmt.Printf("%s Has been skipped\n", t.Name)
+		}
+	})
+	server.Serve()
+	defer server.Listener.Close()
+	fmt.Print("FINE")
+}

cmd/priv_val_server/main.go

@@ -48,15 +48,17 @@ func main() {
 		os.Exit(1)
 	}
 
-	rs := privval.NewSignerServiceEndpoint(logger, *chainID, pv, dialer)
-	err := rs.Start()
+	sd := privval.NewSignerDialerEndpoint(logger, dialer)
+	ss := privval.NewSignerServer(sd, *chainID, pv)
+
+	err := ss.Start()
 	if err != nil {
 		panic(err)
 	}
 
 	// Stop upon receiving SIGTERM or CTRL-C.
 	cmn.TrapSignal(logger, func() {
-		err := rs.Stop()
+		err := ss.Stop()
 		if err != nil {
 			panic(err)
 		}

cmd/tendermint/commands/lite.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"net/url"
 
+	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 
 	cmn "github.com/tendermint/tendermint/libs/common"
@@ -80,7 +81,7 @@ func runProxy(cmd *cobra.Command, args []string) error {
 	logger.Info("Constructing Verifier...")
 	cert, err := proxy.NewVerifier(chainID, home, node, logger, cacheSize)
 	if err != nil {
-		return cmn.ErrorWrap(err, "constructing Verifier")
+		return errors.Wrap(err, "constructing Verifier")
 	}
 	cert.SetLogger(logger)
 	sc := proxy.SecureClient(node, cert)
@@ -88,7 +89,7 @@ func runProxy(cmd *cobra.Command, args []string) error {
 	logger.Info("Starting proxy...")
 	err = proxy.StartProxy(sc, listenAddr, logger, maxOpenConnections)
 	if err != nil {
-		return cmn.ErrorWrap(err, "starting proxy")
+		return errors.Wrap(err, "starting proxy")
 	}
 
 	// Run forever

config/config.go

@@ -2,6 +2,7 @@ package config
 
 import (
 	"fmt"
+	"net/http"
 	"os"
 	"path/filepath"
 	"time"
@@ -385,7 +386,7 @@ func DefaultRPCConfig() *RPCConfig {
 	return &RPCConfig{
 		ListenAddress:          "tcp://127.0.0.1:26657",
 		CORSAllowedOrigins:     []string{},
-		CORSAllowedMethods:     []string{"HEAD", "GET", "POST"},
+		CORSAllowedMethods:     []string{http.MethodHead, http.MethodGet, http.MethodPost},
 		CORSAllowedHeaders:     []string{"Origin", "Accept", "Content-Type", "X-Requested-With", "X-Server-Time"},
 		GRPCListenAddress:      "",
 		GRPCMaxOpenConnections: 900,
@@ -637,7 +638,7 @@ type MempoolConfig struct {
 	Size        int    `mapstructure:"size"`
 	MaxTxsBytes int64  `mapstructure:"max_txs_bytes"`
 	CacheSize   int    `mapstructure:"cache_size"`
-	MaxMsgBytes int    `mapstructure:"max_msg_bytes"`
+	MaxTxBytes  int    `mapstructure:"max_tx_bytes"`
 }
 
 // DefaultMempoolConfig returns a default configuration for the Tendermint mempool
@@ -651,7 +652,7 @@ func DefaultMempoolConfig() *MempoolConfig {
 		Size:        5000,
 		MaxTxsBytes: 1024 * 1024 * 1024, // 1GB
 		CacheSize:   10000,
-		MaxMsgBytes: 1024 * 1024, // 1MB
+		MaxTxBytes:  1024 * 1024, // 1MB
 	}
 }
 
@@ -684,8 +685,8 @@ func (cfg *MempoolConfig) ValidateBasic() error {
 	if cfg.CacheSize < 0 {
 		return errors.New("cache_size can't be negative")
 	}
-	if cfg.MaxMsgBytes < 0 {
-		return errors.New("max_msg_bytes can't be negative")
+	if cfg.MaxTxBytes < 0 {
+		return errors.New("max_tx_bytes can't be negative")
 	}
 	return nil
 }

config/config_test.go

@@ -1,6 +1,7 @@
 package config
 
 import (
+	"reflect"
 	"testing"
 	"time"
 
@@ -52,3 +53,116 @@ func TestTLSConfiguration(t *testing.T) {
 	cfg.RPC.TLSKeyFile = "/abs/path/to/file.key"
 	assert.Equal("/abs/path/to/file.key", cfg.RPC.KeyFile())
 }
+
+func TestBaseConfigValidateBasic(t *testing.T) {
+	cfg := TestBaseConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	// tamper with log format
+	cfg.LogFormat = "invalid"
+	assert.Error(t, cfg.ValidateBasic())
+}
+
+func TestRPCConfigValidateBasic(t *testing.T) {
+	cfg := TestRPCConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	fieldsToTest := []string{
+		"GRPCMaxOpenConnections",
+		"MaxOpenConnections",
+		"MaxSubscriptionClients",
+		"MaxSubscriptionsPerClient",
+		"TimeoutBroadcastTxCommit",
+		"MaxBodyBytes",
+		"MaxHeaderBytes",
+	}
+
+	for _, fieldName := range fieldsToTest {
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(-1)
+		assert.Error(t, cfg.ValidateBasic())
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(0)
+	}
+}
+
+func TestP2PConfigValidateBasic(t *testing.T) {
+	cfg := TestP2PConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	fieldsToTest := []string{
+		"MaxNumInboundPeers",
+		"MaxNumOutboundPeers",
+		"FlushThrottleTimeout",
+		"MaxPacketMsgPayloadSize",
+		"SendRate",
+		"RecvRate",
+	}
+
+	for _, fieldName := range fieldsToTest {
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(-1)
+		assert.Error(t, cfg.ValidateBasic())
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(0)
+	}
+}
+
+func TestMempoolConfigValidateBasic(t *testing.T) {
+	cfg := TestMempoolConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	fieldsToTest := []string{
+		"Size",
+		"MaxTxsBytes",
+		"CacheSize",
+		"MaxTxBytes",
+	}
+
+	for _, fieldName := range fieldsToTest {
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(-1)
+		assert.Error(t, cfg.ValidateBasic())
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(0)
+	}
+}
+
+func TestFastSyncConfigValidateBasic(t *testing.T) {
+	cfg := TestFastSyncConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	// tamper with version
+	cfg.Version = "v1"
+	assert.NoError(t, cfg.ValidateBasic())
+
+	cfg.Version = "invalid"
+	assert.Error(t, cfg.ValidateBasic())
+}
+
+func TestConsensusConfigValidateBasic(t *testing.T) {
+	cfg := TestConsensusConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	fieldsToTest := []string{
+		"TimeoutPropose",
+		"TimeoutProposeDelta",
+		"TimeoutPrevote",
+		"TimeoutPrevoteDelta",
+		"TimeoutPrecommit",
+		"TimeoutPrecommitDelta",
+		"TimeoutCommit",
+		"CreateEmptyBlocksInterval",
+		"PeerGossipSleepDuration",
+		"PeerQueryMaj23SleepDuration",
+	}
+
+	for _, fieldName := range fieldsToTest {
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(-1)
+		assert.Error(t, cfg.ValidateBasic())
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(0)
+	}
+}
+
+func TestInstrumentationConfigValidateBasic(t *testing.T) {
+	cfg := TestInstrumentationConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	// tamper with maximum open connections
+	cfg.MaxOpenConnections = -1
+	assert.Error(t, cfg.ValidateBasic())
+}

config/toml.go

@@ -294,8 +294,9 @@ max_txs_bytes = {{ .Mempool.MaxTxsBytes }}
 # Size of the cache (used to filter transactions we saw earlier) in transactions
 cache_size = {{ .Mempool.CacheSize }}
 
-# Limit the size of TxMessage
-max_msg_bytes = {{ .Mempool.MaxMsgBytes }}
+# Maximum size of a single transaction.
+# NOTE: the max size of a tx transmitted over the network is {max_tx_bytes} + {amino overhead}.
+max_tx_bytes = {{ .Mempool.MaxTxBytes }}
 
 ##### fast sync configuration options #####
 [fastsync]

consensus/reactor_test.go

@@ -18,6 +18,8 @@ import (
 	"github.com/tendermint/tendermint/abci/example/kvstore"
 	abci "github.com/tendermint/tendermint/abci/types"
 	cfg "github.com/tendermint/tendermint/config"
+	cstypes "github.com/tendermint/tendermint/consensus/types"
+	cmn "github.com/tendermint/tendermint/libs/common"
 	"github.com/tendermint/tendermint/libs/log"
 	mempl "github.com/tendermint/tendermint/mempool"
 	"github.com/tendermint/tendermint/p2p"
@@ -632,3 +634,260 @@ func capture() {
 	count := runtime.Stack(trace, true)
 	fmt.Printf("Stack of %d bytes: %s\n", count, trace)
 }
+
+//-------------------------------------------------------------
+// Ensure basic validation of structs is functioning
+
+func TestNewRoundStepMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName               string
+		messageHeight          int64
+		messageRound           int
+		messageStep            cstypes.RoundStepType
+		messageLastCommitRound int
+		expectErr              bool
+	}{
+		{"Valid Message", 0, 0, 0x01, 1, false},
+		{"Invalid Message", -1, 0, 0x01, 1, true},
+		{"Invalid Message", 0, -1, 0x01, 1, true},
+		{"Invalid Message", 0, 0, 0x00, 1, true},
+		{"Invalid Message", 0, 0, 0x00, 0, true},
+		{"Invalid Message", 1, 0, 0x01, 0, true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			message := NewRoundStepMessage{
+				Height:          tc.messageHeight,
+				Round:           tc.messageRound,
+				Step:            tc.messageStep,
+				LastCommitRound: tc.messageLastCommitRound,
+			}
+
+			assert.Equal(t, tc.expectErr, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestNewValidBlockMessageValidateBasic(t *testing.T) {
+	testBitArray := cmn.NewBitArray(1)
+	testCases := []struct {
+		testName          string
+		messageHeight     int64
+		messageRound      int
+		messageBlockParts *cmn.BitArray
+		expectErr         bool
+	}{
+		{"Valid Message", 0, 0, testBitArray, false},
+		{"Invalid Message", -1, 0, testBitArray, true},
+		{"Invalid Message", 0, -1, testBitArray, true},
+		{"Invalid Message", 0, 0, cmn.NewBitArray(0), true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			message := NewValidBlockMessage{
+				Height:     tc.messageHeight,
+				Round:      tc.messageRound,
+				BlockParts: tc.messageBlockParts,
+			}
+
+			message.BlockPartsHeader.Total = 1
+
+			assert.Equal(t, tc.expectErr, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestProposalPOLMessageValidateBasic(t *testing.T) {
+	testBitArray := cmn.NewBitArray(1)
+	testCases := []struct {
+		testName                string
+		messageHeight           int64
+		messageProposalPOLRound int
+		messageProposalPOL      *cmn.BitArray
+		expectErr               bool
+	}{
+		{"Valid Message", 0, 0, testBitArray, false},
+		{"Invalid Message", -1, 0, testBitArray, true},
+		{"Invalid Message", 0, -1, testBitArray, true},
+		{"Invalid Message", 0, 0, cmn.NewBitArray(0), true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			message := ProposalPOLMessage{
+				Height:           tc.messageHeight,
+				ProposalPOLRound: tc.messageProposalPOLRound,
+				ProposalPOL:      tc.messageProposalPOL,
+			}
+
+			assert.Equal(t, tc.expectErr, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestBlockPartMessageValidateBasic(t *testing.T) {
+	testPart := new(types.Part)
+	testCases := []struct {
+		testName      string
+		messageHeight int64
+		messageRound  int
+		messagePart   *types.Part
+		expectErr     bool
+	}{
+		{"Valid Message", 0, 0, testPart, false},
+		{"Invalid Message", -1, 0, testPart, true},
+		{"Invalid Message", 0, -1, testPart, true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			message := BlockPartMessage{
+				Height: tc.messageHeight,
+				Round:  tc.messageRound,
+				Part:   tc.messagePart,
+			}
+
+			assert.Equal(t, tc.expectErr, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+
+	message := BlockPartMessage{Height: 0, Round: 0, Part: new(types.Part)}
+	message.Part.Index = -1
+
+	assert.Equal(t, true, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+}
+
+func TestHasVoteMessageValidateBasic(t *testing.T) {
+	const (
+		validSignedMsgType   types.SignedMsgType = 0x01
+		invalidSignedMsgType types.SignedMsgType = 0x03
+	)
+
+	testCases := []struct {
+		testName      string
+		messageHeight int64
+		messageRound  int
+		messageType   types.SignedMsgType
+		messageIndex  int
+		expectErr     bool
+	}{
+		{"Valid Message", 0, 0, validSignedMsgType, 0, false},
+		{"Invalid Message", -1, 0, validSignedMsgType, 0, true},
+		{"Invalid Message", 0, -1, validSignedMsgType, 0, true},
+		{"Invalid Message", 0, 0, invalidSignedMsgType, 0, true},
+		{"Invalid Message", 0, 0, validSignedMsgType, -1, true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			message := HasVoteMessage{
+				Height: tc.messageHeight,
+				Round:  tc.messageRound,
+				Type:   tc.messageType,
+				Index:  tc.messageIndex,
+			}
+
+			assert.Equal(t, tc.expectErr, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestVoteSetMaj23MessageValidateBasic(t *testing.T) {
+	const (
+		validSignedMsgType   types.SignedMsgType = 0x01
+		invalidSignedMsgType types.SignedMsgType = 0x03
+	)
+
+	validBlockID := types.BlockID{}
+	invalidBlockID := types.BlockID{
+		Hash: cmn.HexBytes{},
+		PartsHeader: types.PartSetHeader{
+			Total: -1,
+			Hash:  cmn.HexBytes{},
+		},
+	}
+
+	testCases := []struct {
+		testName       string
+		messageHeight  int64
+		messageRound   int
+		messageType    types.SignedMsgType
+		messageBlockID types.BlockID
+		expectErr      bool
+	}{
+		{"Valid Message", 0, 0, validSignedMsgType, validBlockID, false},
+		{"Invalid Message", -1, 0, validSignedMsgType, validBlockID, true},
+		{"Invalid Message", 0, -1, validSignedMsgType, validBlockID, true},
+		{"Invalid Message", 0, 0, invalidSignedMsgType, validBlockID, true},
+		{"Invalid Message", 0, 0, validSignedMsgType, invalidBlockID, true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			message := VoteSetMaj23Message{
+				Height:  tc.messageHeight,
+				Round:   tc.messageRound,
+				Type:    tc.messageType,
+				BlockID: tc.messageBlockID,
+			}
+
+			assert.Equal(t, tc.expectErr, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestVoteSetBitsMessageValidateBasic(t *testing.T) {
+	const (
+		validSignedMsgType   types.SignedMsgType = 0x01
+		invalidSignedMsgType types.SignedMsgType = 0x03
+	)
+
+	validBlockID := types.BlockID{}
+	invalidBlockID := types.BlockID{
+		Hash: cmn.HexBytes{},
+		PartsHeader: types.PartSetHeader{
+			Total: -1,
+			Hash:  cmn.HexBytes{},
+		},
+	}
+	testBitArray := cmn.NewBitArray(1)
+
+	testCases := []struct {
+		testName       string
+		messageHeight  int64
+		messageRound   int
+		messageType    types.SignedMsgType
+		messageBlockID types.BlockID
+		messageVotes   *cmn.BitArray
+		expectErr      bool
+	}{
+		{"Valid Message", 0, 0, validSignedMsgType, validBlockID, testBitArray, false},
+		{"Invalid Message", -1, 0, validSignedMsgType, validBlockID, testBitArray, true},
+		{"Invalid Message", 0, -1, validSignedMsgType, validBlockID, testBitArray, true},
+		{"Invalid Message", 0, 0, invalidSignedMsgType, validBlockID, testBitArray, true},
+		{"Invalid Message", 0, 0, validSignedMsgType, invalidBlockID, testBitArray, true},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.testName, func(t *testing.T) {
+			message := VoteSetBitsMessage{
+				Height: tc.messageHeight,
+				Round:  tc.messageRound,
+				Type:   tc.messageType,
+				// Votes:   tc.messageVotes,
+				BlockID: tc.messageBlockID,
+			}
+
+			assert.Equal(t, tc.expectErr, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}

consensus/replay.go

@@ -246,7 +246,7 @@ func (h *Handshaker) Handshake(proxyApp proxy.AppConns) error {
 		return fmt.Errorf("Error calling Info: %v", err)
 	}
 
-	blockHeight := int64(res.LastBlockHeight)
+	blockHeight := res.LastBlockHeight
 	if blockHeight < 0 {
 		return fmt.Errorf("Got a negative last block height (%d) from the app", blockHeight)
 	}

consensus/replay_test.go

@@ -123,6 +123,7 @@ func TestWALCrash(t *testing.T) {
 	}
 
 	for i, tc := range testCases {
+		tc := tc
 		consensusReplayConfig := ResetConfig(fmt.Sprintf("%s_%d", t.Name(), i))
 		t.Run(tc.name, func(t *testing.T) {
 			crashWALandCheckLiveness(t, consensusReplayConfig, tc.initFn, tc.heightToStop)

consensus/state.go

@@ -537,7 +537,7 @@ func (cs *ConsensusState) updateToState(state sm.State) {
 		// We add timeoutCommit to allow transactions
 		// to be gathered for the first block.
 		// And alternative solution that relies on clocks:
-		//  cs.StartTime = state.LastBlockTime.Add(timeoutCommit)
+		// cs.StartTime = state.LastBlockTime.Add(timeoutCommit)
 		cs.StartTime = cs.config.Commit(tmtime.Now())
 	} else {
 		cs.StartTime = cs.config.Commit(cs.CommitTime)
@@ -756,9 +756,25 @@ func (cs *ConsensusState) handleTimeout(ti timeoutInfo, rs cstypes.RoundState) {
 func (cs *ConsensusState) handleTxsAvailable() {
 	cs.mtx.Lock()
 	defer cs.mtx.Unlock()
-	// we only need to do this for round 0
-	cs.enterNewRound(cs.Height, 0)
-	cs.enterPropose(cs.Height, 0)
+
+	// We only need to do this for round 0.
+	if cs.Round != 0 {
+		return
+	}
+
+	switch cs.Step {
+	case cstypes.RoundStepNewHeight: // timeoutCommit phase
+		if cs.needProofBlock(cs.Height) {
+			// enterPropose will be called by enterNewRound
+			return
+		}
+
+		// +1ms to ensure RoundStepNewRound timeout always happens after RoundStepNewHeight
+		timeoutCommit := cs.StartTime.Sub(tmtime.Now()) + 1*time.Millisecond
+		cs.scheduleTimeout(timeoutCommit, cs.Height, 0, cstypes.RoundStepNewRound)
+	case cstypes.RoundStepNewRound: // after timeoutCommit
+		cs.enterPropose(cs.Height, 0)
+	}
 }
 
 //-----------------------------------------------------------------------------
@@ -766,7 +782,7 @@ func (cs *ConsensusState) handleTxsAvailable() {
 // Used internally by handleTimeout and handleMsg to make state transitions
 
 // Enter: `timeoutNewHeight` by startTime (commitTime+timeoutCommit),
-// 	or, if SkipTimeout==true, after receiving all precommits from (height,round-1)
+// 	or, if SkipTimeoutCommit==true, after receiving all precommits from (height,round-1)
 // Enter: `timeoutPrecommits` after any +2/3 precommits from (height,round-1)
 // Enter: +2/3 precommits for nil at (height,round-1)
 // Enter: +2/3 prevotes any or +2/3 precommits for block or any from (height, round)
@@ -1458,7 +1474,7 @@ func (cs *ConsensusState) addProposalBlockPart(msg *BlockPartMessage, peerID p2p
 		_, err = cdc.UnmarshalBinaryLengthPrefixedReader(
 			cs.ProposalBlockParts.GetReader(),
 			&cs.ProposalBlock,
-			int64(cs.state.ConsensusParams.Block.MaxBytes),
+			cs.state.ConsensusParams.Block.MaxBytes,
 		)
 		if err != nil {
 			return added, err
@@ -1672,10 +1688,10 @@ func (cs *ConsensusState) addVote(vote *types.Vote, peerID p2p.ID) (added bool,
 		}
 
 	default:
-		panic(fmt.Sprintf("Unexpected vote type %X", vote.Type)) // go-wire should prevent this.
+		panic(fmt.Sprintf("Unexpected vote type %X", vote.Type)) // go-amino should prevent this.
 	}
 
-	return
+	return added, err
 }
 
 func (cs *ConsensusState) signVote(type_ types.SignedMsgType, hash []byte, header types.PartSetHeader) (*types.Vote, error) {

consensus/state_test.go

@@ -189,7 +189,7 @@ func TestStateBadProposal(t *testing.T) {
 	if len(stateHash) == 0 {
 		stateHash = make([]byte, 32)
 	}
-	stateHash[0] = byte((stateHash[0] + 1) % 255)
+	stateHash[0] = (stateHash[0] + 1) % 255
 	propBlock.AppHash = stateHash
 	propBlockParts := propBlock.MakePartSet(partSize)
 	blockID := types.BlockID{Hash: propBlock.Hash(), PartsHeader: propBlockParts.Header()}
@@ -364,7 +364,7 @@ func TestStateLockNoPOL(t *testing.T) {
 	// lets add one for a different block
 	hash := make([]byte, len(theBlockHash))
 	copy(hash, theBlockHash)
-	hash[0] = byte((hash[0] + 1) % 255)
+	hash[0] = (hash[0] + 1) % 255
 	signAddVotes(cs1, types.PrecommitType, hash, thePartSetHeader, vs2)
 	ensurePrecommit(voteCh, height, round) // precommit
 

consensus/wal_test.go

@@ -86,6 +86,8 @@ func TestWALEncoderDecoder(t *testing.T) {
 	b := new(bytes.Buffer)
 
 	for _, msg := range msgs {
+		msg := msg
+
 		b.Reset()
 
 		enc := NewWALEncoder(b)

crypto/merkle/proof.go

@@ -3,7 +3,7 @@ package merkle
 import (
 	"bytes"
 
-	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/pkg/errors"
 )
 
 //----------------------------------------
@@ -44,11 +44,11 @@ func (poz ProofOperators) Verify(root []byte, keypath string, args [][]byte) (er
 		key := op.GetKey()
 		if len(key) != 0 {
 			if len(keys) == 0 {
-				return cmn.NewError("Key path has insufficient # of parts: expected no more keys but got %+v", string(key))
+				return errors.Errorf("Key path has insufficient # of parts: expected no more keys but got %+v", string(key))
 			}
 			lastKey := keys[len(keys)-1]
 			if !bytes.Equal(lastKey, key) {
-				return cmn.NewError("Key mismatch on operation #%d: expected %+v but got %+v", i, string(lastKey), string(key))
+				return errors.Errorf("Key mismatch on operation #%d: expected %+v but got %+v", i, string(lastKey), string(key))
 			}
 			keys = keys[:len(keys)-1]
 		}
@@ -58,10 +58,10 @@ func (poz ProofOperators) Verify(root []byte, keypath string, args [][]byte) (er
 		}
 	}
 	if !bytes.Equal(root, args[0]) {
-		return cmn.NewError("Calculated root hash is invalid: expected %+v but got %+v", root, args[0])
+		return errors.Errorf("Calculated root hash is invalid: expected %+v but got %+v", root, args[0])
 	}
 	if len(keys) != 0 {
-		return cmn.NewError("Keypath not consumed all")
+		return errors.New("Keypath not consumed all")
 	}
 	return nil
 }
@@ -92,7 +92,7 @@ func (prt *ProofRuntime) RegisterOpDecoder(typ string, dec OpDecoder) {
 func (prt *ProofRuntime) Decode(pop ProofOp) (ProofOperator, error) {
 	decoder := prt.decoders[pop.Type]
 	if decoder == nil {
-		return nil, cmn.NewError("unrecognized proof type %v", pop.Type)
+		return nil, errors.Errorf("unrecognized proof type %v", pop.Type)
 	}
 	return decoder(pop)
 }
@@ -102,7 +102,7 @@ func (prt *ProofRuntime) DecodeProof(proof *Proof) (ProofOperators, error) {
 	for _, pop := range proof.Ops {
 		operator, err := prt.Decode(pop)
 		if err != nil {
-			return nil, cmn.ErrorWrap(err, "decoding a proof operator")
+			return nil, errors.Wrap(err, "decoding a proof operator")
 		}
 		poz = append(poz, operator)
 	}
@@ -122,7 +122,7 @@ func (prt *ProofRuntime) VerifyAbsence(proof *Proof, root []byte, keypath string
 func (prt *ProofRuntime) Verify(proof *Proof, root []byte, keypath string, args [][]byte) (err error) {
 	poz, err := prt.DecodeProof(proof)
 	if err != nil {
-		return cmn.ErrorWrap(err, "decoding proof")
+		return errors.Wrap(err, "decoding proof")
 	}
 	return poz.Verify(root, keypath, args)
 }

crypto/merkle/proof_key_path.go

@@ -6,7 +6,7 @@ import (
 	"net/url"
 	"strings"
 
-	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/pkg/errors"
 )
 
 /*
@@ -87,7 +87,7 @@ func (pth KeyPath) String() string {
 // Each key must use a known encoding.
 func KeyPathToKeys(path string) (keys [][]byte, err error) {
 	if path == "" || path[0] != '/' {
-		return nil, cmn.NewError("key path string must start with a forward slash '/'")
+		return nil, errors.New("key path string must start with a forward slash '/'")
 	}
 	parts := strings.Split(path[1:], "/")
 	keys = make([][]byte, len(parts))
@@ -96,13 +96,13 @@ func KeyPathToKeys(path string) (keys [][]byte, err error) {
 			hexPart := part[2:]
 			key, err := hex.DecodeString(hexPart)
 			if err != nil {
-				return nil, cmn.ErrorWrap(err, "decoding hex-encoded part #%d: /%s", i, part)
+				return nil, errors.Wrapf(err, "decoding hex-encoded part #%d: /%s", i, part)
 			}
 			keys[i] = key
 		} else {
 			key, err := url.PathUnescape(part)
 			if err != nil {
-				return nil, cmn.ErrorWrap(err, "decoding url-encoded part #%d: /%s", i, part)
+				return nil, errors.Wrapf(err, "decoding url-encoded part #%d: /%s", i, part)
 			}
 			keys[i] = []byte(key) // TODO Test this with random bytes, I'm not sure that it works for arbitrary bytes...
 		}

crypto/merkle/proof_simple_value.go

@@ -4,8 +4,9 @@ import (
 	"bytes"
 	"fmt"
 
+	"github.com/pkg/errors"
+
 	"github.com/tendermint/tendermint/crypto/tmhash"
-	cmn "github.com/tendermint/tendermint/libs/common"
 )
 
 const ProofOpSimpleValue = "simple:v"
@@ -39,12 +40,12 @@ func NewSimpleValueOp(key []byte, proof *SimpleProof) SimpleValueOp {
 
 func SimpleValueOpDecoder(pop ProofOp) (ProofOperator, error) {
 	if pop.Type != ProofOpSimpleValue {
-		return nil, cmn.NewError("unexpected ProofOp.Type; got %v, want %v", pop.Type, ProofOpSimpleValue)
+		return nil, errors.Errorf("unexpected ProofOp.Type; got %v, want %v", pop.Type, ProofOpSimpleValue)
 	}
 	var op SimpleValueOp // a bit strange as we'll discard this, but it works.
 	err := cdc.UnmarshalBinaryLengthPrefixed(pop.Data, &op)
 	if err != nil {
-		return nil, cmn.ErrorWrap(err, "decoding ProofOp.Data into SimpleValueOp")
+		return nil, errors.Wrap(err, "decoding ProofOp.Data into SimpleValueOp")
 	}
 	return NewSimpleValueOp(pop.Key, op.Proof), nil
 }
@@ -64,7 +65,7 @@ func (op SimpleValueOp) String() string {
 
 func (op SimpleValueOp) Run(args [][]byte) ([][]byte, error) {
 	if len(args) != 1 {
-		return nil, cmn.NewError("expected 1 arg, got %v", len(args))
+		return nil, errors.Errorf("expected 1 arg, got %v", len(args))
 	}
 	value := args[0]
 	hasher := tmhash.New()
@@ -73,12 +74,12 @@ func (op SimpleValueOp) Run(args [][]byte) ([][]byte, error) {
 
 	bz := new(bytes.Buffer)
 	// Wrap <op.Key, vhash> to hash the KVPair.
-	encodeByteSlice(bz, []byte(op.key)) // does not error
-	encodeByteSlice(bz, []byte(vhash))  // does not error
+	encodeByteSlice(bz, op.key) // does not error
+	encodeByteSlice(bz, vhash)  // does not error
 	kvhash := leafHash(bz.Bytes())
 
 	if !bytes.Equal(kvhash, op.Proof.LeafHash) {
-		return nil, cmn.NewError("leaf hash mismatch: want %X got %X", op.Proof.LeafHash, kvhash)
+		return nil, errors.Errorf("leaf hash mismatch: want %X got %X", op.Proof.LeafHash, kvhash)
 	}
 
 	return [][]byte{

crypto/merkle/proof_test.go

@@ -3,9 +3,9 @@ package merkle
 import (
 	"testing"
 
+	"github.com/pkg/errors"
 	"github.com/stretchr/testify/assert"
 	amino "github.com/tendermint/go-amino"
-	cmn "github.com/tendermint/tendermint/libs/common"
 )
 
 const ProofOpDomino = "test:domino"
@@ -34,7 +34,7 @@ func DominoOpDecoder(pop ProofOp) (ProofOperator, error) {
 	var op DominoOp // a bit strange as we'll discard this, but it works.
 	err := amino.UnmarshalBinaryLengthPrefixed(pop.Data, &op)
 	if err != nil {
-		return nil, cmn.ErrorWrap(err, "decoding ProofOp.Data into SimpleValueOp")
+		return nil, errors.Wrap(err, "decoding ProofOp.Data into SimpleValueOp")
 	}
 	return NewDominoOp(string(pop.Key), op.Input, op.Output), nil
 }
@@ -50,10 +50,10 @@ func (dop DominoOp) ProofOp() ProofOp {
 
 func (dop DominoOp) Run(input [][]byte) (output [][]byte, err error) {
 	if len(input) != 1 {
-		return nil, cmn.NewError("Expected input of length 1")
+		return nil, errors.New("Expected input of length 1")
 	}
 	if string(input[0]) != dop.Input {
-		return nil, cmn.NewError("Expected input %v, got %v",
+		return nil, errors.Errorf("Expected input %v, got %v",
 			dop.Input, string(input[0]))
 	}
 	return [][]byte{[]byte(dop.Output)}, nil

crypto/merkle/rfc6962_test.go

@@ -56,6 +56,7 @@ func TestRFC6962Hasher(t *testing.T) {
 			got:  innerHash([]byte("N123"), []byte("N456")),
 		},
 	} {
+		tc := tc
 		t.Run(tc.desc, func(t *testing.T) {
 			wantBytes, err := hex.DecodeString(tc.want)
 			if err != nil {

crypto/merkle/simple_proof.go

@@ -2,10 +2,9 @@ package merkle
 
 import (
 	"bytes"
-	"errors"
 	"fmt"
 
-	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/pkg/errors"
 )
 
 // SimpleProof represents a simple Merkle proof.
@@ -75,11 +74,11 @@ func (sp *SimpleProof) Verify(rootHash []byte, leaf []byte) error {
 		return errors.New("Proof index cannot be negative")
 	}
 	if !bytes.Equal(sp.LeafHash, leafHash) {
-		return cmn.NewError("invalid leaf hash: wanted %X got %X", leafHash, sp.LeafHash)
+		return errors.Errorf("invalid leaf hash: wanted %X got %X", leafHash, sp.LeafHash)
 	}
 	computedHash := sp.ComputeRootHash()
 	if !bytes.Equal(computedHash, rootHash) {
-		return cmn.NewError("invalid root hash: wanted %X got %X", rootHash, computedHash)
+		return errors.Errorf("invalid root hash: wanted %X got %X", rootHash, computedHash)
 	}
 	return nil
 }

crypto/multisig/bitarray/compact_bit_array_test.go

@@ -21,7 +21,7 @@ func randCompactBitArray(bits int) (*CompactBitArray, []byte) {
 		}
 	}
 	// Set remaining bits
-	for i := uint8(0); i < 8-uint8(bA.ExtraBitsStored); i++ {
+	for i := uint8(0); i < 8-bA.ExtraBitsStored; i++ {
 		bA.SetIndex(numBytes*8+int(i), src[numBytes-1]&(uint8(1)<<(8-i)) > 0)
 	}
 	return bA, src
@@ -72,6 +72,7 @@ func TestJSONMarshalUnmarshal(t *testing.T) {
 	}
 
 	for _, tc := range testCases {
+		tc := tc
 		t.Run(tc.bA.String(), func(t *testing.T) {
 			bz, err := json.Marshal(tc.bA)
 			require.NoError(t, err)
@@ -131,6 +132,7 @@ func TestCompactMarshalUnmarshal(t *testing.T) {
 	}
 
 	for _, tc := range testCases {
+		tc := tc
 		t.Run(tc.bA.String(), func(t *testing.T) {
 			bz := tc.bA.CompactMarshal()
 
@@ -165,12 +167,15 @@ func TestCompactBitArrayNumOfTrueBitsBefore(t *testing.T) {
 		{`"______________xx"`, []int{14, 15}, []int{0, 1}},
 	}
 	for tcIndex, tc := range testCases {
+		tc := tc
+		tcIndex := tcIndex
 		t.Run(tc.marshalledBA, func(t *testing.T) {
 			var bA *CompactBitArray
 			err := json.Unmarshal([]byte(tc.marshalledBA), &bA)
 			require.NoError(t, err)
 
 			for i := 0; i < len(tc.bAIndex); i++ {
+
 				require.Equal(t, tc.trueValueIndex[i], bA.NumTrueBitsBefore(tc.bAIndex[i]), "tc %d, i %d", tcIndex, i)
 			}
 		})

crypto/secp256k1/secp256k1_internal_test.go

@@ -29,6 +29,7 @@ func Test_genPrivKey(t *testing.T) {
 		{"valid because 0 < 1 < N", validOne, false},
 	}
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			if tt.shouldPanic {
 				require.Panics(t, func() {

crypto/secp256k1/secp256k1_test.go

@@ -100,6 +100,7 @@ func TestGenPrivKeySecp256k1(t *testing.T) {
 		{"another seed used in cosmos tests #3", []byte("")},
 	}
 	for _, tt := range tests {
+		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			gotPrivKey := secp256k1.GenPrivKeySecp256k1(tt.secret)
 			require.NotNil(t, gotPrivKey)

docs/DEV_SESSIONS.md

@@ -0,0 +1,33 @@
+# Developer Sessions
+
+The Tendermint Core developer call is comprised of both [Interchain
+Foundation](http://interchain.io/) and [All in Bits](https://tendermint.com/)
+team members discussing the development of [Tendermint
+BFT](https://github.com/tendermint/tendermint) and related research. The goal
+of the Tendermint Core developer calls is to provide transparency into the
+decision making process, technical information, update cycles etc.
+
+## List
+
+| Date            | Topic                                     | Link(s)                                                                                                           |
+| --------------- | ----------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
+| August 2019     | Part Three: Tendermint Lite Client        | [YouTube](https://www.youtube.com/watch?v=whyL6UrKe7I&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=5)         |
+| August 2019     | Fork Accountability                       | [YouTube](https://www.youtube.com/watch?v=Jph-4PGtdPo&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=4)         |
+| July 2019       | Part Two: Tendermint Lite Client          | [YouTube](https://www.youtube.com/watch?v=gTjG7jNNdKQ&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=6)         |
+| July 2019       | Part One: Tendermint Lite Client          | [YouTube](https://www.youtube.com/watch?v=C6fH_sgPJzA&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=7)         |
+| June 2019       | Testnet Deployments                       | [YouTube](https://www.youtube.com/watch?v=gYA6no7tRlM&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=10)        |
+| June 2019       | Blockchain Reactor Refactor               | [YouTube](https://www.youtube.com/watch?v=JLBGH8yxABk&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=11)        |
+| June 2019       | Tendermint Rust Libraries                 | [YouTube](https://www.youtube.com/watch?v=-WXKdyoGHwA&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=9)         |
+| May 2019        | Merkle Tree Deep Dive                     | [YouTube](https://www.youtube.com/watch?v=L3bt2Uw8ICg&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=8)         |
+| May 2019        | Remote Signer Refactor                    | [YouTube](https://www.youtube.com/watch?v=eUyXXEEuBzQ&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=12)        |
+| May 2019        | Introduction to Ansible                   | [YouTube](https://www.youtube.com/watch?v=72clQLjzPg4&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=14&t=0s)   |  |  |
+| April 2019      | Tendermint State Sync Design Discussion   | [YouTube](https://www.youtube.com/watch?v=4k23j2QHwrM&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=11)        |
+| April 2019      | ADR-036 - Blockchain Reactor Refactor     | [YouTube](https://www.youtube.com/watch?v=TW2xC1LwEkE&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=10)        |
+| April 2019      | Verifying Distributed Algorithms          | [YouTube](https://www.youtube.com/watch?v=tMd4lgPVBxE&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=9)         |
+| April 2019      | Byzantine Model Checker Presentation      | [YouTube](https://www.youtube.com/watch?v=rdXl4VCQyow&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=8)         |
+| January 2019    | Proposer Selection in Idris               | [YouTube](https://www.youtube.com/watch?v=hWZdc9c1aH8&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=7)         |
+| January 2019    | Current Mempool Design                    | [YouTube](https://www.youtube.com/watch?v=--iGIYYiLu4&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=6)         |
+| December 2018   | ABCI Proxy App                            | [YouTube](https://www.youtube.com/watch?v=s6sQ2HOVHdo&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=5)         |
+| October 2018    | DB Performance                            | [YouTube](https://www.youtube.com/watch?v=jVSNHi4l0fQ&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=4)         |
+| October 2018    | Alternative Mempool Algorithms            | [YouTube](https://www.youtube.com/watch?v=XxH5ZtM4vMM&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=2)         |
+| October 2018    | Tendermint Termination                    | [YouTube](https://www.youtube.com/watch?v=YBZjecfjeIk&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv)                 |

docs/app-dev/abci-cli.md

@@ -15,7 +15,7 @@ mkdir -p $GOPATH/src/github.com/tendermint
 cd $GOPATH/src/github.com/tendermint
 git clone https://github.com/tendermint/tendermint.git
 cd tendermint
-make get_tools
+make tools
 make install_abci
 ```
 

docs/app-dev/getting-started.md

@@ -27,7 +27,7 @@ Then run
 ```
 go get github.com/tendermint/tendermint
 cd $GOPATH/src/github.com/tendermint/tendermint
-make get_tools
+make tools
 make install_abci
 ```
 

docs/architecture/adr-025-commit.md

@@ -5,7 +5,8 @@
 Currently the `Commit` structure contains a lot of potentially redundant or unnecessary data.
 It contains a list of precommits from every validator, where the precommit
 includes the whole `Vote` structure. Thus each of the commit height, round,
-type, and blockID are repeated for every validator, and could be deduplicated.
+type, and blockID are repeated for every validator, and could be deduplicated,
+leading to very significant savings in block size.
 
 ```
 type Commit struct {
@@ -24,21 +25,40 @@ type Vote struct {
     Signature        []byte    `json:"signature"`
 }
 ```
-References:
-[#1648](https://github.com/tendermint/tendermint/issues/1648)
-[#2179](https://github.com/tendermint/tendermint/issues/2179)
-[#2226](https://github.com/tendermint/tendermint/issues/2226)
 
-## Proposed Solution
+The original tracking issue for this is [#1648](https://github.com/tendermint/tendermint/issues/1648).
+We have discussed replacing the `Vote` type in `Commit` with a new `CommitSig`
+type, which includes at minimum the vote signature. The `Vote` type will
+continue to be used in the consensus reactor and elsewhere.
 
-We can improve efficiency by replacing the usage of the `Vote` struct with a subset of each vote, and by storing the constant values (`Height`, `Round`, `BlockID`) in the Commit itself.
+A primary question is what should be included in the `CommitSig` beyond the
+signature. One current constraint is that we must include a timestamp, since
+this is how we calculuate BFT time, though we may be able to change this [in the
+future](https://github.com/tendermint/tendermint/issues/2840).
+
+Other concerns here include:
+
+- Validator Address [#3596](https://github.com/tendermint/tendermint/issues/3596) -
+    Should the CommitSig include the validator address? It is very convenient to
+    do so, but likely not necessary. This was also discussed in [#2226](https://github.com/tendermint/tendermint/issues/2226).
+- Absent Votes [#3591](https://github.com/tendermint/tendermint/issues/3591) -
+    How to represent absent votes? Currently they are just present as `nil` in the
+    Precommits list, which is actually problematic for serialization
+- Other BlockIDs [#3485](https://github.com/tendermint/tendermint/issues/3485) -
+    How to represent votes for nil and for other block IDs? We currently allow
+    votes for nil and votes for alternative block ids, but just ignore them
+
+
+## Decision
+
+Deduplicate the fields and introduce `CommitSig`:
 
 ```
 type Commit struct {
     Height  int64
     Round   int
     BlockID    BlockID      `json:"block_id"`
-    Precommits []*CommitSig `json:"precommits"`
+    Precommits []CommitSig `json:"precommits"`
 }
 
 type CommitSig struct {
@@ -60,19 +80,54 @@ const (
 
 ```
 
-Note the need for an extra byte to indicate whether the signature is for the BlockID or for nil.
-This byte can also be used to indicate an absent vote, rather than using a nil object like we currently do,
-which has been [problematic for compatibility between Amino and proto3](https://github.com/tendermint/go-amino/issues/260).
-
-Note we also continue to store the `ValidatorAddress` in the `CommitSig`.
-While this still takes 20-bytes per signature, it ensures that the Commit has all
-information necessary to reconstruct Vote, which simplifies mapping between Commit and Vote objects
-and with debugging. It also may be necessary for the light-client to know which address a signature corresponds to if
-it is trying to verify a current commit with an older validtor set.
+Re the concerns outlined in the context:
+
+**Timestamp**: Leave the timestamp for now. Removing it and switching to
+proposer based time will take more analysis and work, and will be left for a
+future breaking change. In the meantime, the concerns with the current approach to
+BFT time [can be
+mitigated](https://github.com/tendermint/tendermint/issues/2840#issuecomment-529122431).
+
+**ValidatorAddress**: we include it in the `CommitSig` for now. While this
+does increase the block size unecessarily (20-bytes per validator), it has some ergonomic and debugging advantages:
+
+- `Commit` contains everything necessary to reconstruct `[]Vote`, and doesn't depend on additional access to a `ValidatorSet`
+- Lite clients can check if they know the validators in a commit without
+  re-downloading the validator set
+- Easy to see directly in a commit which validators signed what without having
+  to fetch the validator set
+
+If and when we change the `CommitSig` again, for instance to remove the timestamp,
+we can reconsider whether the ValidatorAddress should be removed.
+
+**Absent Votes**: we include absent votes explicitly with no Signature or
+Timestamp but with the ValidatorAddress. This should resolve the serialization
+issues and make it easy to see which validator's votes failed to be included.
+
+**Other BlockIDs**: We use a single byte to indicate which blockID a `CommitSig`
+is for. The only options are:
+    - `Absent` - no vote received from the this validator, so no signature
+    - `Nil` - validator voted Nil - meaning they did not see a polka in time
+    - `Commit` - validator voted for this block
+
+Note this means we don't allow votes for any other blockIDs. If a signature is
+included in a commit, it is either for nil or the correct blockID. According to
+the Tendermint protocol and assumptions, there is no way for a correct validator to
+precommit for a conflicting blockID in the same round an actual commit was
+created. This was the consensus from
+[#3485](https://github.com/tendermint/tendermint/issues/3485)
+
+We may want to consider supporting other blockIDs later, as a way to capture
+evidence that might be helpful. We should clarify if/when/how doing so would
+actually help first. To implement it, we could change the `Commit.BlockID`
+field to a slice, where the first entry is the correct block ID and the other
+entries are other BlockIDs that validators precommited before. The BlockIDFlag
+enum can be extended to represent these additional block IDs on a per block
+basis.
 
 ## Status
 
-Proposed
+Accepted
 
 ## Consequences
 

docs/architecture/adr-042-state-sync.md

@@ -0,0 +1,239 @@
+# ADR 042: State Sync Design
+
+## Changelog
+
+2019-06-27: Init by EB
+2019-07-04: Follow up by brapse
+
+## Context
+StateSync is a feature which would allow a new node to receive a
+snapshot of the application state without downloading blocks or going
+through consensus. Once downloaded, the node could switch to FastSync
+and eventually participate in consensus. The goal of StateSync is to
+facilitate setting up a new node as quickly as possible.
+
+## Considerations
+Because Tendermint doesn't know anything about the application state,
+StateSync will broker messages between nodes and through
+the ABCI to an opaque applicaton. The implementation will have multiple
+touch points on both the tendermint code base and ABCI application.
+
+* A StateSync reactor to facilitate peer communication - Tendermint
+* A Set of ABCI messages to transmit application state to the reactor - Tendermint
+* A Set of MultiStore APIs for exposing snapshot data to the ABCI - ABCI application
+* A Storage format with validation and performance considerations - ABCI application
+
+### Implementation Properties
+Beyond the approach, any implementation of StateSync can be evaluated
+across different criteria:
+
+* Speed: Expected throughput of producing and consuming snapshots
+* Safety: Cost of pushing invalid snapshots to a node
+* Liveness: Cost of preventing a node from receiving/constructing a snapshot
+* Effort: How much effort does an implementation require
+
+### Implementation Question
+* What is the format of a snapshot
+    * Complete snapshot 
+    * Ordered IAVL key ranges
+    * Compressed individually chunks which can be validated
+* How is data validated
+    * Trust a peer with it's data blindly
+    * Trust a majority of peers
+    * Use light client validation to validate each chunk against consensus
+      produced merkle tree root
+* What are the performance characteristics
+    * Random vs sequential reads
+    * How parallelizeable is the scheduling algorithm
+
+### Proposals
+Broadly speaking there are two approaches to this problem which have had
+varying degrees of discussion and progress. These approach can be
+summarized as:
+
+**Lazy:** Where snapshots are produced dynamically at request time. This
+solution would use the existing data structure.
+**Eager:** Where snapshots are produced periodically and served from disk at
+request time. This solution would create an auxiliary data structure
+optimized for batch read/writes.
+
+Additionally the propsosals tend to vary on how they provide safety
+properties. 
+
+**LightClient** Where a client can aquire the merkle root from the block
+headers synchronized from a trusted validator set. Subsets of the application state,
+called chunks can therefore be validated on receipt to ensure each chunk
+is part of the merkle root.
+
+**Majority of Peers** Where manifests of chunks along with checksums are
+downloaded and compared against versions provided by a majority of
+peers.
+
+#### Lazy StateSync
+An [initial specification](https://docs.google.com/document/d/15MFsQtNA0MGBv7F096FFWRDzQ1vR6_dics5Y49vF8JU/edit?ts=5a0f3629) was published by Alexis Sellier.
+In this design, the state has a given `size` of primitive elements (like
+keys or nodes), each element is assigned a number from 0 to `size-1`,
+and chunks consists of a range of such elements.  Ackratos raised
+[some concerns](https://docs.google.com/document/d/1npGTAa1qxe8EQZ1wG0a0Sip9t5oX2vYZNUDwr_LVRR4/edit)
+about this design, somewhat specific to the IAVL tree, and mainly concerning
+performance of random reads and of iterating through the tree to determine element numbers
+(ie. elements aren't indexed by the element number).
+
+An alternative design was suggested by Jae Kwon in
+[#3639](https://github.com/tendermint/tendermint/issues/3639) where chunking
+happens lazily and in a dynamic way: nodes request key ranges from their peers,
+and peers respond with some subset of the
+requested range and with notes on how to request the rest in parallel from other
+peers. Unlike chunk numbers, keys can be verified directly. And if some keys in the
+range are ommitted, proofs for the range will fail to verify.
+This way a node can start by requesting the entire tree from one peer,
+and that peer can respond with say the first few keys, and the ranges to request
+from other peers.
+
+Additionally, per chunk validation tends to come more naturally to the
+Lazy approach since it tends to use the existing structure of the tree
+(ie. keys or nodes) rather than state-sync specific chunks. Such a
+design for tendermint was originally tracked in
+[#828](https://github.com/tendermint/tendermint/issues/828).
+
+#### Eager StateSync
+Warp Sync as implemented in Parity
+["Warp Sync"](https://wiki.parity.io/Warp-Sync-Snapshot-Format.html) to rapidly
+download both blocks and state snapshots from peers. Data is carved into ~4MB
+chunks and snappy compressed. Hashes of snappy compressed chunks are stored in a
+manifest file which co-ordinates the state-sync. Obtaining a correct manifest
+file seems to require an honest majority of peers. This means you may not find
+out the state is incorrect until you download the whole thing and compare it
+with a verified block header. 
+
+A similar solution was implemented by Binance in
+[#3594](https://github.com/tendermint/tendermint/pull/3594)
+based on their initial implementation in
+[PR #3243](https://github.com/tendermint/tendermint/pull/3243)
+and [some learnings](https://docs.google.com/document/d/1npGTAa1qxe8EQZ1wG0a0Sip9t5oX2vYZNUDwr_LVRR4/edit).
+Note this still requires the honest majority peer assumption.
+
+As an eager protocol, warp-sync can efficiently compress larger, more
+predicatable chunks once per snapshot and service many new peers. By
+comparison lazy chunkers would have to compress each chunk at request
+time.
+
+### Analysis of Lazy vs Eager
+Lazy vs Eager have more in common than they differ. They all require
+reactors on the tendermint side, a set of ABCI messages and a method for
+serializing/deserializing snapshots facilitated by a SnapshotFormat.
+
+The biggest difference between Lazy and Eager proposals is in the
+read/write patterns necessitated by serving a snapshot chunk.
+Specifically, Lazy State Sync performs random reads to the underlying data
+structure while Eager can optimize for sequential reads.
+
+This distinctin between approaches was demonstrated by Binance's
+[ackratos](https://github.com/ackratos) in their implementation of [Lazy
+State sync](https://github.com/tendermint/tendermint/pull/3243), The
+[analysis](https://docs.google.com/document/d/1npGTAa1qxe8EQZ1wG0a0Sip9t5oX2vYZNUDwr_LVRR4/)
+of the performance, and follow up implementation of [Warp
+Sync](http://github.com/tendermint/tendermint/pull/3594).
+
+#### Compairing Security Models
+There are several different security models which have been
+discussed/proposed in the past but generally fall into two categories.
+
+Light client validation: In which the node receiving data is expected to
+first perform a light client sync and have all the nessesary block
+headers. Within the trusted block header (trusted in terms of from a
+validator set subject to [weak
+subjectivity](https://github.com/tendermint/tendermint/pull/3795)) and
+can compare any subset of keys called a chunk against the merkle root.
+The advantage of light client validation is that the block headers are
+signed by validators which have something to lose for malicious
+behaviour. If a validator were to provide an invalid proof, they can be
+slashed.
+
+Majority of peer validation: A manifest file containing a list of chunks
+along with checksums of each chunk is downloaded from a
+trusted source. That source can be a community resource similar to
+[sum.golang.org](https://sum.golang.org) or downloaded from the majority
+of peers. One disadantage of the majority of peer security model is the
+vuliberability to eclipse attacks in which a malicious users looks to
+saturate a target node's peer list and produce a manufactured picture of
+majority.
+
+A third option would be to include snapshot related data in the
+block header. This could include the manifest with related checksums and be
+secured through consensus. One challenge of this approach is to
+ensure that creating snapshots does not put undo burden on block
+propsers by synchronizing snapshot creation and block creation. One
+approach to minimizing the burden is for snapshots for height
+`H` to be included in block `H+n` where `n` is some `n` block away,
+giving the block propser enough time to complete the snapshot
+asynchronousy.
+
+## Proposal: Eager StateSync With Per Chunk Light Client Validation
+The conclusion after some concideration of the advantages/disadvances of
+eager/lazy and different security models is to produce a state sync
+which eagerly produces snapshots and uses light client validation. This
+approach has the performance advantages of pre-computing efficient
+snapshots which can streamed to new nodes on demand using sequential IO.
+Secondly, by using light client validation we cna validate each chunk on
+receipt and avoid the potential eclipse attack of majority of peer based
+security.
+
+### Implementation
+Tendermint is responsible for downloading and verifying chunks of
+AppState from peers. ABCI Application is responsible for taking
+AppStateChunk objects from TM and constructing a valid state tree whose
+root corresponds with the AppHash of syncing block. In particular we
+will need implement:
+
+* Build new StateSync reactor brokers message transmission between the peers
+  and the ABCI application
+* A set of ABCI Messages
+* Design SnapshotFormat as an interface which can:
+    * validate chunks
+    * read/write chunks from file
+    * read/write chunks to/from application state store
+    * convert manifests into chunkRequest ABCI messages
+* Implement SnapshotFormat for cosmos-hub with concrete implementation for:
+    * read/write chunks in a way which can be:
+        * parallelized across peers
+        * validated on receipt
+    * read/write to/from IAVL+ tree
+
+![StateSync Architecture Diagram](img/state-sync.png)
+
+## Implementation Path
+* Create StateSync reactor based on  [#3753](https://github.com/tendermint/tendermint/pull/3753)
+* Design SnapshotFormat with an eye towards cosmos-hub implementation
+* ABCI message to send/receive SnapshotFormat
+* IAVL+ changes to support SnapshotFormat
+* Deliver Warp sync (no chunk validation)
+* light client implementation for weak subjectivity
+* Deliver StateSync with chunk validation
+
+## Status
+
+Proposed
+
+## Concequences
+
+### Neutral
+
+### Positive
+* Safe & performant state sync design substantiated with real world implementation experience
+* General interfaces allowing application specific innovation
+* Parallizable implementation trajectory with reasonable engineering effort
+
+### Negative
+* Static Scheduling lacks opportunity for real time chunk availability optimizations
+
+## References
+[sync: Sync current state without full replay for Applications](https://github.com/tendermint/tendermint/issues/828) - original issue
+[tendermint state sync proposal](https://docs.google.com/document/d/15MFsQtNA0MGBv7F096FFWRDzQ1vR6_dics5Y49vF8JU/edit?ts=5a0f3629) - Cloudhead proposal
+[tendermint state sync proposal 2](https://docs.google.com/document/d/1npGTAa1qxe8EQZ1wG0a0Sip9t5oX2vYZNUDwr_LVRR4/edit) - ackratos proposal
+[proposal 2 implementation](https://github.com/tendermint/tendermint/pull/3243)  - ackratos implementation
+[WIP General/Lazy State-Sync pseudo-spec](https://github.com/tendermint/tendermint/issues/3639) - Jae Proposal
+[Warp Sync Implementation](https://github.com/tendermint/tendermint/pull/3594) - ackratos
+[Chunk Proposal](https://github.com/tendermint/tendermint/pull/3799) - Bucky proposed
+
+

docs/architecture/adr-044-lite-client-with-weak-subjectivity.md

@@ -0,0 +1,141 @@
+# ADR 044: Lite Client with Weak Subjectivity
+
+## Changelog
+* 13-07-2019: Initial draft
+* 14-08-2019: Address cwgoes comments
+
+## Context
+
+The concept of light clients was introduced in the Bitcoin white paper. It
+describes a watcher of distributed consensus process that only validates the
+consensus algorithm and not the state machine transactions within.
+
+Tendermint light clients allow bandwidth & compute-constrained devices, such as smartphones, low-power embedded chips, or other blockchains to
+efficiently verify the consensus of a Tendermint blockchain. This forms the
+basis of safe and efficient state synchronization for new network nodes and
+inter-blockchain communication (where a light client of one Tendermint instance
+runs in another chain's state machine).
+
+In a network that is expected to reliably punish validators for misbehavior
+by slashing bonded stake and where the validator set changes
+infrequently, clients can take advantage of this assumption to safely
+synchronize a lite client without downloading the intervening headers.
+
+Light clients (and full nodes) operating in the Proof Of Stake context need a
+trusted block height from a trusted source that is no older than 1 unbonding
+window plus a configurable evidence submission synchrony bound. This is called “weak subjectivity”.
+
+Weak subjectivity is required in Proof of Stake blockchains because it is
+costless for an attacker to buy up voting keys that are no longer bonded and
+fork the network at some point in its prior history. See Vitalik’s post at
+[Proof of Stake: How I Learned to Love Weak
+Subjectivity](https://blog.ethereum.org/2014/11/25/proof-stake-learned-love-weak-subjectivity/).
+
+Currently, Tendermint provides a lite client implementation in the
+[lite](https://github.com/tendermint/tendermint/tree/master/lite) package. This
+lite client implements a bisection algorithm that tries to use a binary search
+to find the minimum number of block headers where the validator set voting
+power changes are less than < 1/3rd. This interface does not support weak
+subjectivity at this time. The Cosmos SDK also does not support counterfactual
+slashing, nor does the lite client have any capacity to report evidence making
+these systems *theoretically unsafe*.
+
+NOTE: Tendermint provides a somewhat different (stronger) light client model
+than Bitcoin under eclipse, since the eclipsing node(s) can only fool the light
+client if they have two-thirds of the private keys from the last root-of-trust.
+
+## Decision
+
+### The Weak Subjectivity Interface
+
+Add the weak subjectivity interface for when a new light client connects to the
+network or when a light client that has been offline for longer than the
+unbonding period connects to the network. Specifically, the node needs to
+initialize the following structure before syncing from user input:
+
+```
+type TrustOptions struct {
+    // Required: only trust commits up to this old.
+    // Should be equal to the unbonding period minus some delta for evidence reporting.
+    TrustPeriod time.Duration `json:"trust-period"`
+
+    // Option 1: TrustHeight and TrustHash can both be provided
+    // to force the trusting of a particular height and hash.
+    // If the latest trusted height/hash is more recent, then this option is
+    // ignored.
+    TrustHeight int64  `json:"trust-height"`
+    TrustHash   []byte `json:"trust-hash"`
+
+    // Option 2: Callback can be set to implement a confirmation
+    // step if the trust store is uninitialized, or expired.
+    Callback func(height int64, hash []byte) error
+}
+```
+
+The expectation is the user will get this information from a trusted source
+like a validator, a friend, or a secure website. A more user friendly
+solution with trust tradeoffs is that we establish an https based protocol with
+a default end point that populates this information. Also an on-chain registry
+of roots-of-trust (e.g. on the Cosmos Hub) seems likely in the future.
+
+### Linear Verification
+
+The linear verification algorithm requires downloading all headers
+between the `TrustHeight` and the `LatestHeight`. The lite client downloads the
+full header for the provided `TrustHeight` and then proceeds to download `N+1`
+headers and applies the [Tendermint validation
+rules](https://github.com/tendermint/tendermint/blob/master/docs/spec/blockchain/blockchain.md#validation)
+to each block.
+
+### Bisecting Verification
+
+Bisecting Verification is a more bandwidth and compute intensive mechanism that
+in the most optimistic case requires a light client to only download two block
+headers to come into synchronization.
+
+The bisection algorithm proceeds in the following fashion. The client downloads
+and verifies the full block header for `TrustHeight` and then  fetches
+`LatestHeight` blocker header. The client then verifies the `LatestHeight`
+header. Finally the client attempts to verify the `LatestHeight` header with
+voting powers taken from `NextValidatorSet` in the `TrustHeight` header. This
+verification will succeed if the validators from `TrustHeight` still have > 2/3
++1 of voting power in the `LatestHeight`. If this succeeds, the client is fully
+synchronized. If this fails, then following Bisection Algorithm should be
+executed.
+
+The Client tries to download the block at the mid-point block between
+`LatestHeight` and `TrustHeight` and attempts that same algorithm as above
+using `MidPointHeight` instead of `LatestHeight` and a different threshold -
+1/3 +1 of voting power for *non-adjacent headers*. In the case the of failure,
+recursively perform the `MidPoint` verification until success then start over
+with an updated `NextValidatorSet` and `TrustHeight`.
+
+If the client encounters a forged header, it should submit the header along
+with some other intermediate headers as the evidence of misbehavior to other
+full nodes. After that, it can retry the bisection using another full node. An
+optimal client will cache trusted headers from the previous run to minimize
+network usage.
+
+---
+
+Check out the formal specification
+[here](https://github.com/tendermint/tendermint/blob/master/docs/spec/consensus/light-client.md).
+
+## Status
+
+Accepted.
+
+## Consequences
+
+### Positive
+
+* light client which is safe to use (it can go offline, but not for too long)
+
+### Negative
+
+* complexity of bisection
+
+### Neutral
+
+* social consensus can be prone to errors (for cases where a new light client
+  joins a network or it has been offline for too long)

docs/guides/go-built-in.md

@@ -448,6 +448,12 @@ defer db.Close()
 app := NewKVStoreApplication(db)
 ```
 
+For **Windows** users, restarting this app will make badger throw an error as it requires value log to be truncated. For more information on this, visit [here](https://github.com/dgraph-io/badger/issues/744). 
+This can be avoided by setting the truncate option to true, like this:
+```go
+db, err := badger.Open(badger.DefaultOptions("/tmp/badger").WithTruncate(true))
+```
+
 Then we use it to create a Tendermint Core `Node` instance:
 
 ```go

docs/guides/go.md

@@ -388,6 +388,12 @@ defer db.Close()
 app := NewKVStoreApplication(db)
 ```
 
+For **Windows** users, restarting this app will make badger throw an error as it requires value log to be truncated. For more information on this, visit [here](https://github.com/dgraph-io/badger/issues/744). 
+This can be avoided by setting the truncate option to true, like this:
+```go
+db, err := badger.Open(badger.DefaultOptions("/tmp/badger").WithTruncate(true))
+```
+
 Then we start the ABCI server and add some signal handling to gracefully stop
 it upon receiving SIGTERM or Ctrl-C. Tendermint Core will act as a client,
 which connects to our server and send us transactions and other messages.

docs/guides/java.md

@@ -0,0 +1,600 @@
+# Creating an application in Java
+
+## Guide Assumptions
+
+This guide is designed for beginners who want to get started with a Tendermint
+Core application from scratch. It does not assume that you have any prior
+experience with Tendermint Core.
+
+Tendermint Core is Byzantine Fault Tolerant (BFT) middleware that takes a state
+transition machine (your application) - written in any programming language - and securely
+replicates it on many machines.
+
+By following along with this guide, you'll create a Tendermint Core project
+called kvstore, a (very) simple distributed BFT key-value store. The application (which should
+implementing the blockchain interface (ABCI)) will be written in Java.
+
+This guide assumes that you are not new to JVM world. If you are new please see [JVM Minimal Survival Guide](https://hadihariri.com/2013/12/29/jvm-minimal-survival-guide-for-the-dotnet-developer/#java-the-language-java-the-ecosystem-java-the-jvm) and [Gradle Docs](https://docs.gradle.org/current/userguide/userguide.html).
+
+## Built-in app vs external app
+
+If you use Golang, you can run your app and Tendermint Core in the same process to get maximum performance.
+[Cosmos SDK](https://github.com/cosmos/cosmos-sdk) is written this way.
+Please refer to [Writing a built-in Tendermint Core application in Go](./go-built-in.md) guide for details.
+
+If you choose another language, like we did in this guide, you have to write a separate app,
+which will communicate with Tendermint Core via a socket (UNIX or TCP) or gRPC.
+This guide will show you how to build external application using RPC server.
+
+Having a separate application might give you better security guarantees as two
+processes would be communicating via established binary protocol. Tendermint
+Core will not have access to application's state.
+
+## 1.1 Installing Java and Gradle
+
+Please refer to [the Oracle's guide for installing JDK](https://www.oracle.com/technetwork/java/javase/downloads/index.html).
+
+Verify that you have installed Java successfully:
+
+```sh
+$ java -version
+java version "12.0.2" 2019-07-16
+Java(TM) SE Runtime Environment (build 12.0.2+10)
+Java HotSpot(TM) 64-Bit Server VM (build 12.0.2+10, mixed mode, sharing)
+```
+
+You can choose any version of Java higher or equal to 8.
+This guide is written using Java SE Development Kit 12.
+
+Make sure you have `$JAVA_HOME` environment variable set:
+
+```sh
+$ echo $JAVA_HOME
+/Library/Java/JavaVirtualMachines/jdk-12.0.2.jdk/Contents/Home
+```
+
+For Gradle installation, please refer to [their official guide](https://gradle.org/install/).
+
+## 1.2 Creating a new Java project
+
+We'll start by creating a new Gradle project.
+
+```sh
+$ export KVSTORE_HOME=~/kvstore
+$ mkdir $KVSTORE_HOME
+$ cd $KVSTORE_HOME
+```
+
+Inside the example directory run:
+```sh
+gradle init --dsl groovy --package io.example --project-name example --type java-application --test-framework junit
+```
+This will create a new project for you. The tree of files should look like:
+```sh
+$ tree
+.
+|-- build.gradle
+|-- gradle
+|   `-- wrapper
+|       |-- gradle-wrapper.jar
+|       `-- gradle-wrapper.properties
+|-- gradlew
+|-- gradlew.bat
+|-- settings.gradle
+`-- src
+    |-- main
+    |   |-- java
+    |   |   `-- io
+    |   |       `-- example
+    |   |           `-- App.java
+    |   `-- resources
+    `-- test
+        |-- java
+        |   `-- io
+        |       `-- example
+        |           `-- AppTest.java
+        `-- resources
+```
+
+When run, this should print "Hello world." to the standard output.
+
+```sh
+$ ./gradlew run
+> Task :run
+Hello world.
+```
+
+## 1.3 Writing a Tendermint Core application
+
+Tendermint Core communicates with the application through the Application
+BlockChain Interface (ABCI). All message types are defined in the [protobuf
+file](https://github.com/tendermint/tendermint/blob/develop/abci/types/types.proto).
+This allows Tendermint Core to run applications written in any programming
+language.
+
+### 1.3.1 Compile .proto files
+
+Add the following piece to the top of the `build.gradle`:
+```groovy
+buildscript {
+    repositories {
+        mavenCentral()
+    }
+    dependencies {
+        classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.8'
+    }
+}
+```
+
+Enable the protobuf plugin in the `plugins` section of the `build.gradle`:
+```groovy
+plugins {
+    id 'com.google.protobuf' version '0.8.8'
+}
+```
+
+Add the following code to `build.gradle`:
+```groovy
+protobuf {
+    protoc {
+        artifact = "com.google.protobuf:protoc:3.7.1"
+    }
+    plugins {
+        grpc {
+            artifact = 'io.grpc:protoc-gen-grpc-java:1.22.1'
+        }
+    }
+    generateProtoTasks {
+        all()*.plugins {
+            grpc {}
+        }
+    }
+}
+```
+
+Now we should be ready to compile the `*.proto` files.
+
+
+Copy the necessary `.proto` files to your project:
+```sh
+mkdir -p \
+  $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/abci/types \
+  $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/crypto/merkle \
+  $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/libs/common \
+  $KVSTORE_HOME/src/main/proto/github.com/gogo/protobuf/gogoproto
+
+cp $GOPATH/src/github.com/tendermint/tendermint/abci/types/types.proto \
+   $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/abci/types/types.proto
+cp $GOPATH/src/github.com/tendermint/tendermint/crypto/merkle/merkle.proto \
+   $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/crypto/merkle/merkle.proto
+cp $GOPATH/src/github.com/tendermint/tendermint/libs/common/types.proto \
+   $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/libs/common/types.proto
+cp $GOPATH/src/github.com/gogo/protobuf/gogoproto/gogo.proto \
+   $KVSTORE_HOME/src/main/proto/github.com/gogo/protobuf/gogoproto/gogo.proto
+```
+
+Add these dependencies to `build.gradle`:
+```groovy
+dependencies {
+    implementation 'io.grpc:grpc-protobuf:1.22.1'
+    implementation 'io.grpc:grpc-netty-shaded:1.22.1'
+    implementation 'io.grpc:grpc-stub:1.22.1'
+}
+```
+
+To generate all protobuf-type classes run:
+```sh
+./gradlew generateProto
+```
+To verify that everything went smoothly, you can inspect the `build/generated/` directory:
+```sh
+$ tree build/generated/
+build/generated/
+|-- source
+|   `-- proto
+|       `-- main
+|           |-- grpc
+|           |   `-- types
+|           |       `-- ABCIApplicationGrpc.java
+|           `-- java
+|               |-- com
+|               |   `-- google
+|               |       `-- protobuf
+|               |           `-- GoGoProtos.java
+|               |-- common
+|               |   `-- Types.java
+|               |-- merkle
+|               |   `-- Merkle.java
+|               `-- types
+|                   `-- Types.java
+```
+
+### 1.3.2 Implementing ABCI
+
+The resulting `$KVSTORE_HOME/build/generated/source/proto/main/grpc/types/ABCIApplicationGrpc.java` file
+contains the abstract class `ABCIApplicationImplBase`, which is an interface we'll need to implement.
+
+Create `$KVSTORE_HOME/src/main/java/io/example/KVStoreApp.java` file with the following content:
+```java
+package io.example;
+
+import io.grpc.stub.StreamObserver;
+import types.ABCIApplicationGrpc;
+import types.Types.*;
+
+class KVStoreApp extends ABCIApplicationGrpc.ABCIApplicationImplBase {
+    
+    // methods implementation
+
+}
+```
+
+Now I will go through each method of `ABCIApplicationImplBase` explaining when it's called and adding
+required business logic.
+
+### 1.3.3 CheckTx
+
+When a new transaction is added to the Tendermint Core, it will ask the
+application to check it (validate the format, signatures, etc.).
+
+```java
+@Override
+public void checkTx(RequestCheckTx req, StreamObserver<ResponseCheckTx> responseObserver) {
+    var tx = req.getTx();
+    int code = validate(tx);
+    var resp = ResponseCheckTx.newBuilder()
+            .setCode(code)
+            .setGasWanted(1)
+            .build();
+    responseObserver.onNext(resp);
+    responseObserver.onCompleted();
+}
+
+private int validate(ByteString tx) {
+    List<byte[]> parts = split(tx, '=');
+    if (parts.size() != 2) {
+        return 1;
+    }
+    byte[] key = parts.get(0);
+    byte[] value = parts.get(1);
+
+    // check if the same key=value already exists
+    var stored = getPersistedValue(key);
+    if (stored != null && Arrays.equals(stored, value)) {
+        return 2;
+    }
+
+    return 0;
+}
+
+private List<byte[]> split(ByteString tx, char separator) {
+    var arr = tx.toByteArray();
+    int i;
+    for (i = 0; i < tx.size(); i++) {
+        if (arr[i] == (byte)separator) {
+            break;
+        }
+    }
+    if (i == tx.size()) {
+        return Collections.emptyList();
+    }
+    return List.of(
+            tx.substring(0, i).toByteArray(),
+            tx.substring(i + 1).toByteArray()
+    );
+}
+```
+
+Don't worry if this does not compile yet.
+
+If the transaction does not have a form of `{bytes}={bytes}`, we return `1`
+code. When the same key=value already exist (same key and value), we return `2`
+code. For others, we return a zero code indicating that they are valid.
+
+Note that anything with non-zero code will be considered invalid (`-1`, `100`,
+etc.) by Tendermint Core.
+
+Valid transactions will eventually be committed given they are not too big and
+have enough gas. To learn more about gas, check out ["the
+specification"](https://tendermint.com/docs/spec/abci/apps.html#gas).
+
+For the underlying key-value store we'll use
+[JetBrains Xodus](https://github.com/JetBrains/xodus), which is a transactional schema-less embedded high-performance database written in Java.
+
+`build.gradle`:
+```groovy
+dependencies {
+    implementation 'org.jetbrains.xodus:xodus-environment:1.3.91'
+}
+```
+
+```java
+...
+import jetbrains.exodus.ArrayByteIterable;
+import jetbrains.exodus.ByteIterable;
+import jetbrains.exodus.env.Environment;
+import jetbrains.exodus.env.Store;
+import jetbrains.exodus.env.StoreConfig;
+import jetbrains.exodus.env.Transaction;
+
+class KVStoreApp extends ABCIApplicationGrpc.ABCIApplicationImplBase {
+    private Environment env;
+    private Transaction txn = null;
+    private Store store = null;
+
+    KVStoreApp(Environment env) {
+        this.env = env;
+    }
+
+    ...
+
+    private byte[] getPersistedValue(byte[] k) {
+        return env.computeInReadonlyTransaction(txn -> {
+            var store = env.openStore("store", StoreConfig.WITHOUT_DUPLICATES, txn);
+            ByteIterable byteIterable = store.get(txn, new ArrayByteIterable(k));
+            if (byteIterable == null) {
+                return null;
+            }
+            return byteIterable.getBytesUnsafe();
+        });
+    }
+}
+```
+
+### 1.3.4 BeginBlock -> DeliverTx -> EndBlock -> Commit
+
+When Tendermint Core has decided on the block, it's transferred to the
+application in 3 parts: `BeginBlock`, one `DeliverTx` per transaction and
+`EndBlock` in the end. `DeliverTx` are being transferred  asynchronously, but the
+responses are expected to come in order.
+
+```java
+@Override
+public void beginBlock(RequestBeginBlock req, StreamObserver<ResponseBeginBlock> responseObserver) {
+    txn = env.beginTransaction();
+    store = env.openStore("store", StoreConfig.WITHOUT_DUPLICATES, txn);
+    var resp = ResponseBeginBlock.newBuilder().build();
+    responseObserver.onNext(resp);
+    responseObserver.onCompleted();
+}
+```
+Here we begin a new transaction, which will accumulate the block's transactions and open the corresponding store.
+
+```java
+@Override
+public void deliverTx(RequestDeliverTx req, StreamObserver<ResponseDeliverTx> responseObserver) {
+    var tx = req.getTx();
+    int code = validate(tx);
+    if (code == 0) {
+        List<byte[]> parts = split(tx, '=');
+        var key = new ArrayByteIterable(parts.get(0));
+        var value = new ArrayByteIterable(parts.get(1));
+        store.put(txn, key, value);
+    }
+    var resp = ResponseDeliverTx.newBuilder()
+            .setCode(code)
+            .build();
+    responseObserver.onNext(resp);
+    responseObserver.onCompleted();
+}
+```
+
+If the transaction is badly formatted or the same key=value already exist, we
+again return the non-zero code. Otherwise, we add it to the store.
+
+In the current design, a block can include incorrect transactions (those who
+passed `CheckTx`, but failed `DeliverTx` or transactions included by the proposer
+directly). This is done for performance reasons.
+
+Note we can't commit transactions inside the `DeliverTx` because in such case
+`Query`, which may be called in parallel, will return inconsistent data (i.e.
+it will report that some value already exist even when the actual block was not
+yet committed).
+
+`Commit` instructs the application to persist the new state.
+
+```java
+@Override
+public void commit(RequestCommit req, StreamObserver<ResponseCommit> responseObserver) {
+    txn.commit();
+    var resp = ResponseCommit.newBuilder()
+            .setData(ByteString.copyFrom(new byte[8]))
+            .build();
+    responseObserver.onNext(resp);
+    responseObserver.onCompleted();
+}
+```
+
+### 1.3.5 Query
+
+Now, when the client wants to know whenever a particular key/value exist, it
+will call Tendermint Core RPC `/abci_query` endpoint, which in turn will call
+the application's `Query` method.
+
+Applications are free to provide their own APIs. But by using Tendermint Core
+as a proxy, clients (including [light client
+package](https://godoc.org/github.com/tendermint/tendermint/lite)) can leverage
+the unified API across different applications. Plus they won't have to call the
+otherwise separate Tendermint Core API for additional proofs.
+
+Note we don't include a proof here.
+
+```java
+@Override
+public void query(RequestQuery req, StreamObserver<ResponseQuery> responseObserver) {
+    var k = req.getData().toByteArray();
+    var v = getPersistedValue(k);
+    var builder = ResponseQuery.newBuilder();
+    if (v == null) {
+        builder.setLog("does not exist");
+    } else {
+        builder.setLog("exists");
+        builder.setKey(ByteString.copyFrom(k));
+        builder.setValue(ByteString.copyFrom(v));
+    }
+    responseObserver.onNext(builder.build());
+    responseObserver.onCompleted();
+}
+```
+
+The complete specification can be found
+[here](https://tendermint.com/docs/spec/abci/).
+
+## 1.4 Starting an application and a Tendermint Core instances
+
+Put the following code into the `$KVSTORE_HOME/src/main/java/io/example/App.java` file:
+
+```java
+package io.example;
+
+import jetbrains.exodus.env.Environment;
+import jetbrains.exodus.env.Environments;
+
+import java.io.IOException;
+
+public class App {
+    public static void main(String[] args) throws IOException, InterruptedException {
+        try (Environment env = Environments.newInstance("tmp/storage")) {
+            var app = new KVStoreApp(env);
+            var server = new GrpcServer(app, 26658);
+            server.start();
+            server.blockUntilShutdown();
+        }
+    }
+}
+```
+
+It is the entry point of the application.
+Here we create a special object `Environment`, which knows where to store the application state.
+Then we create and start the gRPC server to handle Tendermint Core requests.
+
+Create the `$KVSTORE_HOME/src/main/java/io/example/GrpcServer.java` file with the following content:
+```java
+package io.example;
+
+import io.grpc.BindableService;
+import io.grpc.Server;
+import io.grpc.ServerBuilder;
+
+import java.io.IOException;
+
+class GrpcServer {
+    private Server server;
+
+    GrpcServer(BindableService service, int port) {
+        this.server = ServerBuilder.forPort(port)
+                .addService(service)
+                .build();
+    }
+
+    void start() throws IOException {
+        server.start();
+        System.out.println("gRPC server started, listening on $port");
+        Runtime.getRuntime().addShutdownHook(new Thread(() -> {
+            System.out.println("shutting down gRPC server since JVM is shutting down");
+            GrpcServer.this.stop();
+            System.out.println("server shut down");
+        }));
+    }
+
+    private void stop() {
+        server.shutdown();
+    }
+
+    /**
+     * Await termination on the main thread since the grpc library uses daemon threads.
+     */
+    void blockUntilShutdown() throws InterruptedException {
+        server.awaitTermination();
+    }
+}
+```
+
+## 1.5 Getting Up and Running
+
+To create a default configuration, nodeKey and private validator files, let's
+execute `tendermint init`. But before we do that, we will need to install
+Tendermint Core.
+
+```sh
+$ rm -rf /tmp/example
+$ cd $GOPATH/src/github.com/tendermint/tendermint
+$ make install
+$ TMHOME="/tmp/example" tendermint init
+
+I[2019-07-16|18:20:36.480] Generated private validator                  module=main keyFile=/tmp/example/config/priv_validator_key.json stateFile=/tmp/example2/data/priv_validator_state.json
+I[2019-07-16|18:20:36.481] Generated node key                           module=main path=/tmp/example/config/node_key.json
+I[2019-07-16|18:20:36.482] Generated genesis file                       module=main path=/tmp/example/config/genesis.json
+```
+
+Feel free to explore the generated files, which can be found at
+`/tmp/example/config` directory. Documentation on the config can be found
+[here](https://tendermint.com/docs/tendermint-core/configuration.html).
+
+We are ready to start our application:
+
+```sh
+./gradlew run
+
+gRPC server started, listening on 26658
+```
+
+Then we need to start Tendermint Core and point it to our application. Staying
+within the application directory execute:
+
+```sh
+$ TMHOME="/tmp/example" tendermint node --abci grpc --proxy_app tcp://127.0.0.1:26658
+
+I[2019-07-28|15:44:53.632] Version info                                 module=main software=0.32.1 block=10 p2p=7
+I[2019-07-28|15:44:53.677] Starting Node                                module=main impl=Node
+I[2019-07-28|15:44:53.681] Started node                                 module=main nodeInfo="{ProtocolVersion:{P2P:7 Block:10 App:0} ID_:7639e2841ccd47d5ae0f5aad3011b14049d3f452 ListenAddr:tcp://0.0.0.0:26656 Network:test-chain-Nhl3zk Version:0.32.1 Channels:4020212223303800 Moniker:Ivans-MacBook-Pro.local Other:{TxIndex:on RPCAddress:tcp://127.0.0.1:26657}}"
+I[2019-07-28|15:44:54.801] Executed block                               module=state height=8 validTxs=0 invalidTxs=0
+I[2019-07-28|15:44:54.814] Committed state                              module=state height=8 txs=0 appHash=0000000000000000
+```
+
+Now open another tab in your terminal and try sending a transaction:
+
+```sh
+$ curl -s 'localhost:26657/broadcast_tx_commit?tx="tendermint=rocks"'
+{
+  "jsonrpc": "2.0",
+  "id": "",
+  "result": {
+    "check_tx": {
+      "gasWanted": "1"
+    },
+    "deliver_tx": {},
+    "hash": "CDD3C6DFA0A08CAEDF546F9938A2EEC232209C24AA0E4201194E0AFB78A2C2BB",
+    "height": "33"
+}
+```
+
+Response should contain the height where this transaction was committed.
+
+Now let's check if the given key now exists and its value:
+
+```sh
+$ curl -s 'localhost:26657/abci_query?data="tendermint"'
+{
+  "jsonrpc": "2.0",
+  "id": "",
+  "result": {
+    "response": {
+      "log": "exists",
+      "key": "dGVuZGVybWludA==",
+      "value": "cm9ja3My"
+    }
+  }
+}
+```
+
+`dGVuZGVybWludA==` and `cm9ja3M=` are the base64-encoding of the ASCII of `tendermint` and `rocks` accordingly.
+
+## Outro
+
+I hope everything went smoothly and your first, but hopefully not the last,
+Tendermint Core application is up and running. If not, please [open an issue on
+Github](https://github.com/tendermint/tendermint/issues/new/choose). To dig
+deeper, read [the docs](https://tendermint.com/docs/).
+
+The full source code of this example project can be found [here](https://github.com/climber73/tendermint-abci-grpc-java).

docs/guides/kotlin.md

@@ -22,9 +22,9 @@ If you use Golang, you can run your app and Tendermint Core in the same process
 [Cosmos SDK](https://github.com/cosmos/cosmos-sdk) is written this way.
 Please refer to [Writing a built-in Tendermint Core application in Go](./go-built-in.md) guide for details.
 
-If you choose another language, like we did in this guide, you have to write a separate app using
-either plain socket or gRPC. This guide will show you how to build external applicationg
-using RPC server.
+If you choose another language, like we did in this guide, you have to write a separate app,
+which will communicate with Tendermint Core via a socket (UNIX or TCP) or gRPC.
+This guide will show you how to build external application using RPC server.
 
 Having a separate application might give you better security guarantees as two
 processes would be communicating via established binary protocol. Tendermint
@@ -34,7 +34,7 @@ Core will not have access to application's state.
 
 Please refer to [the Oracle's guide for installing JDK](https://www.oracle.com/technetwork/java/javase/downloads/index.html).
 
-Verify that you have installed Java successully:
+Verify that you have installed Java successfully:
 
 ```sh
 $ java -version
@@ -69,7 +69,7 @@ Inside the example directory run:
 ```sh
 gradle init --dsl groovy --package io.example --project-name example --type kotlin-application
 ```
-That Gradle command will create project structure for you:
+This will create a new project for you. The tree of files should look like:
 ```sh
 $ tree
 .
@@ -114,7 +114,7 @@ language.
 
 ### 1.3.1 Compile .proto files
 
-Add folowing to the top of `build.gradle`:
+Add the following piece to the top of the `build.gradle`:
 ```groovy
 buildscript {
     repositories {
@@ -126,14 +126,14 @@ buildscript {
 }
 ```
 
-Enable protobuf plugin in `plugins` section of `build.gradle`:
+Enable the protobuf plugin in the `plugins` section of the `build.gradle`:
 ```groovy
 plugins {
     id 'com.google.protobuf' version '0.8.8'
 }
 ```
 
-Add following to `build.gradle`:
+Add the following code to `build.gradle`:
 ```groovy
 protobuf {
     protoc {
@@ -152,10 +152,10 @@ protobuf {
 }
 ```
 
-Now your project is ready to compile `*.proto` files.
+Now we should be ready to compile the `*.proto` files.
 
 
-Copy necessary .proto files to your project:
+Copy the necessary `.proto` files to your project:
 ```sh
 mkdir -p \
   $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/abci/types \
@@ -173,7 +173,7 @@ cp $GOPATH/src/github.com/gogo/protobuf/gogoproto/gogo.proto \
    $KVSTORE_HOME/src/main/proto/github.com/gogo/protobuf/gogoproto/gogo.proto
 ```
 
-Add dependency to `build.gradle`:
+Add these dependencies to `build.gradle`:
 ```groovy
 dependencies {
     implementation 'io.grpc:grpc-protobuf:1.22.1'
@@ -186,7 +186,7 @@ To generate all protobuf-type classes run:
 ```sh
 ./gradlew generateProto
 ```
-It will produce java classes to `build/generated/`:
+To verify that everything went smoothly, you can inspect the `build/generated/` directory:
 ```sh
 $ tree build/generated/
 build/generated/
@@ -211,11 +211,10 @@ build/generated/
 
 ### 1.3.2 Implementing ABCI
 
-As you can see there is a generated file `$KVSTORE_HOME/build/generated/source/proto/main/grpc/types/ABCIApplicationGrpc.java`.
-which contains an abstract class `ABCIApplicationImplBase`. This class fully describes the ABCI interface.
-All you need is implement this interface.
+The resulting `$KVSTORE_HOME/build/generated/source/proto/main/grpc/types/ABCIApplicationGrpc.java` file
+contains the abstract class `ABCIApplicationImplBase`, which is an interface we'll need to implement.
 
-Create file `$KVSTORE_HOME/src/main/kotlin/io/example/KVStoreApp.kt` with following context:
+Create `$KVSTORE_HOME/src/main/kotlin/io/example/KVStoreApp.kt` file with the following content:
 ```kotlin
 package io.example
 
@@ -296,7 +295,7 @@ For the underlying key-value store we'll use
 `build.gradle`:
 ```groovy
 dependencies {
-    implementation "org.jetbrains.xodus:xodus-environment:1.3.91"
+    implementation 'org.jetbrains.xodus:xodus-environment:1.3.91'
 }
 ```
 
@@ -316,14 +315,21 @@ class KVStoreApp(
     private var store: Store? = null
 
     ...
+
+    private fun getPersistedValue(k: ByteArray): ByteArray? {
+        return env.computeInReadonlyTransaction { txn ->
+            val store = env.openStore("store", StoreConfig.WITHOUT_DUPLICATES, txn)
+            store.get(txn, ArrayByteIterable(k))?.bytesUnsafe
+        }
+    }
 }
 ```
 
 ### 1.3.4 BeginBlock -> DeliverTx -> EndBlock -> Commit
 
-When Tendermint Core has decided on the block, it's transfered to the
+When Tendermint Core has decided on the block, it's transferred to the
 application in 3 parts: `BeginBlock`, one `DeliverTx` per transaction and
-`EndBlock` in the end. DeliverTx are being transfered  asynchronously, but the
+`EndBlock` in the end. `DeliverTx` are being transferred  asynchronously, but the
 responses are expected to come in order.
 
 ```kotlin
@@ -335,7 +341,7 @@ override fun beginBlock(req: RequestBeginBlock, responseObserver: StreamObserver
     responseObserver.onCompleted()
 }
 ```
-Here we start new transaction, which will store block's transactions, and open corresponding store.
+Here we begin a new transaction, which will accumulate the block's transactions and open the corresponding store.
 
 ```kotlin
 override fun deliverTx(req: RequestDeliverTx, responseObserver: StreamObserver<ResponseDeliverTx>) {
@@ -355,10 +361,10 @@ override fun deliverTx(req: RequestDeliverTx, responseObserver: StreamObserver<R
 ```
 
 If the transaction is badly formatted or the same key=value already exist, we
-again return the non-zero code. Otherwise, we add it to the storage.
+again return the non-zero code. Otherwise, we add it to the store.
 
 In the current design, a block can include incorrect transactions (those who
-passed CheckTx, but failed DeliverTx or transactions included by the proposer
+passed `CheckTx`, but failed `DeliverTx` or transactions included by the proposer
 directly). This is done for performance reasons.
 
 Note we can't commit transactions inside the `DeliverTx` because in such case
@@ -408,13 +414,6 @@ override fun query(req: RequestQuery, responseObserver: StreamObserver<ResponseQ
     responseObserver.onNext(builder.build())
     responseObserver.onCompleted()
 }
-
-private fun getPersistedValue(k: ByteArray): ByteArray? {
-    return env.computeInReadonlyTransaction { txn ->
-        val store = env.openStore("store", StoreConfig.WITHOUT_DUPLICATES, txn)
-        store.get(txn, ArrayByteIterable(k))?.bytesUnsafe
-    }
-}
 ```
 
 The complete specification can be found
@@ -440,10 +439,10 @@ fun main() {
 ```
 
 It is the entry point of the application.
-Here we create special object `Environment` which knows where to store state of the application.
-Then we create and srart gRPC server to handle Tendermint's requests.
+Here we create a special object `Environment`, which knows where to store the application state.
+Then we create and start the gRPC server to handle Tendermint Core requests.
 
-Create file `$KVSTORE_HOME/src/main/kotlin/io/example/GrpcServer.kt`:
+Create `$KVSTORE_HOME/src/main/kotlin/io/example/GrpcServer.kt` file with the following content:
 ```kotlin
 package io.example
 

docs/introduction/install.md

@@ -28,7 +28,7 @@ cd tendermint
 ### Get Tools & Dependencies
 
 ```
-make get_tools
+make tools
 ```
 
 ### Compile

docs/spec/abci/apps.md

@@ -66,7 +66,7 @@ After `Commit`, CheckTx is run again on all transactions that remain in the
 node's local mempool after filtering those included in the block. To prevent the
 mempool from rechecking all transactions every time a block is committed, set
 the configuration option `mempool.recheck=false`. As of Tendermint v0.32.1,
-an additional `Type` parameter is made available to the CheckTx function that 
+an additional `Type` parameter is made available to the CheckTx function that
 indicates whether an incoming transaction is new (`CheckTxType_New`), or a
 recheck (`CheckTxType_Recheck`).
 
@@ -211,7 +211,7 @@ message PubKey {
 
 The `pub_key` currently supports only one type:
 
-- `type = "ed25519" and`data = <raw 32-byte public key>`
+- `type = "ed25519"` and `data = <raw 32-byte public key>`
 
 The `power` is the new voting power for the validator, with the
 following rules:

docs/spec/consensus/fork-accountability.md

@@ -0,0 +1,319 @@
+# Fork accountability -- Problem statement and attacks
+
+## Problem Statement
+
+Tendermint consensus guarantees the following specifications for all heights:
+* agreement -- no two correct full nodes decide differently.
+* validity -- the decided block satisfies the predefined predicate *valid()*.
+* termination -- all correct full nodes eventually decide,
+
+if the
+faulty validators have at most 1/3 of voting power in the current validator set. In the case where this assumption
+does not hold, each of the specification may be violated.
+
+The agreement property says that for a given height, any two correct validators that decide on a block for that height decide on the same block. That the block was indeed generated by the blockchain, can be verified starting from a trusted (genesis) block, and checking that all subsequent blocks are properly signed.
+
+
+However, faulty nodes may forge blocks and try to convince users (lite clients) that the blocks had been correctly generated. In addition, Tendermint agreement might be violated in the case where more than 1/3 of the voting power belongs to faulty validators: Two correct validators decide on different blocks. The latter case motivates the term "fork": as Tendermint consensus also agrees on the next validator set, correct validators may have decided on disjoint next validator sets, and the chain branches into two or more partitions (possibly having faulty validators in common) and each branch continues to generate blocks independently of the other.
+
+We say that a fork is a case in which there are two commits for different blocks at the same height of the blockchain. The proplem is to ensure that in those cases we are able to detect faulty validators (and not mistakenly accuse correct validators), and incentivize therefore validators to behave according to the protocol specification.
+
+**Conceptual Limit.** In order to prove misbehavior of a node, we have to show that the behavior deviates from correct behavior with respect to a given algorithm. Thus, an algorithm that detects misbehavior of nodes executing some algorithm *A* must be defined with respect to algorithm *A*. In our case, *A* is Tendermint consensus (+ other protocols in the infrastructure; e.g.,full nodes and the Lite Client). If the consensus algorithm is changed/updated/optimized in the future, we have to check whether changes to the accountability algorithm are also required. All the discussions in this document are thus inherently specific to Tendermint consensus and the Lite Client specification.
+
+**Q:** Should we distinguish agreement for validators and full nodes for agreement? The case where all correct validators agree on a block, but a correct full node decides on a different block seems to be slightly less severe that the case where two correct validators decide on different blocks. Still, if a contaminated full node becomes validator that may be problematic later on. Also it is not clear how gossiping is impaired if a contaminated full node is on a different branch.
+
+*Remark.* In the case more than 1/3 of the voting power belongs to faulty validators, also validity and termination can be broken. Termination can be broken if faulty processes just do not send the messages that are needed to make progress. Due to asynchrony, this is not punishable, because faulty validators can always claim they never received the messages that would have forced them to send messages.
+
+
+## The Misbehavior of Faulty Validators
+
+Forks are the result of faulty validators deviating from the protocol. In principle several such deviations can be detected without a fork actually occurring:
+
+1. double proposal: A faulty proposer proposes two different values (blocks) for the same height and the same round in Tendermint consensus.
+
+2. double signing: Tendermint consensus forces correct validators to prevote and precommit for at most one value per round. In case a faulty validator sends multiple prevote and/or precommit messages for different values for the same height/round, this is a misbehavior.
+
+3. lunatic validator: Tendermint consensus forces correct validators to prevote and precommit only for values *v* that satisfy *valid(v)*. If faulty validators prevote and precommit for *v* although *valid(v)=false* this is misbehavior.
+
+*Remark.* In isolation, Point 3 is an attack on validity (rather than agreement). However, the prevotes and precommits can then also be used to forge blocks.
+
+1. amnesia: Tendermint consensus has a locking mechanism. If a validator has some value v locked, then it can only prevote/precommit for v or nil. Sending prevote/precomit message for a different value v' (that is not nil) while holding lock on value v is misbehavior.   
+
+2. spurious messages: In Tendermint consensus most of the message send instructions are guarded by threshold guards, e.g., one needs to receive *2f + 1* prevote messages to send precommit. Faulty validators may send precommit without having received the prevote messages.
+
+
+Independently of a fork happening, punishing this behavior might be important to prevent forks altogether. This should keep attackers from misbehaving: if at most 1/3 of the voting power is faulty, this misbehavior is detectable but will not lead to a safety violation. Thus, unless they have more than 1/3 (or in some cases more than 2/3) of the voting power attackers have the incentive to not misbehave. If attackers control too much voting power, we have to deal with forks, as discussed in this document.   
+
+
+## Two types of forks
+
+* Fork-Full. Two correct validators decide on different blocks for the same height. Since also the next validator sets are decided upon, the correct validators may be partitioned to participate in two distinct branches of the forked chain.
+
+As in this case we have two different blocks (both having the same right/no right to exist), a central system invariant (one block per height decided by correct validators) is violated. As full nodes are contaminated in this case, the contamination can spread also to lite clients. However, even without breaking this system invariant, lite clients can be subject to a fork:
+
+* Fork-Lite. All correct validators decide on the same block for height *h*, but faulty processes (validators or not), forge a different block for that height, in order to fool users (who use the lite client).
+
+
+# Attack scenarios
+
+## On-chain attacks
+
+### Equivocation (one round)
+
+There are several scenarios in which forks might happen. The first is double signing within a round.
+
+* F1. Equivocation: faulty validators sign multiple vote messages (prevote and/or precommit) for different values *during the same round r* at a given height h.
+
+
+### Flip-flopping
+
+Tendermint consensus implements a locking mechanism: If a correct validator *p* receives proposal for value v and *2f + 1* prevotes for a value *id(v)* in round *r*, it locks *v* and remembers *r*. In this case, *p* also sends a precommit message for *id(v)*, which later may serve as proof that *p* locked *v*.
+In subsequent rounds, *p* only sends prevote messages for a value it had previously locked. However, it is possible to change the locked value if in a future round *r' > r*, if the process receives proposal and *2f + 1* prevotes for a different value *v'*. In this case, *p* could send a prevote/precommit for *id(v')*. This algorithmic feature can be exploited in two ways:
+
+
+
+* F2. Faulty Flip-flopping (Amnesia): faulty validators precommit some value *id(v)* in round *r* (value *v* is locked in round *r*) and then prevote for different value *id(v')* in higher round *r' > r* without previously correctly unlocking value *v*. In this case faulty processes "forget" that they have locked value *v* and prevote some other value in the following rounds.
+Some correct validators might have decided on *v* in *r*, and other correct validators decide on *v'* in *r'*. Here we can have branching on the main chain (Fork-Full).
+
+
+* F3. Correct Flip-flopping (Back to the past): There are some precommit messages signed by (correct) validators for value *id(v)* in  round *r*. Still, *v* is not decided upon, and all processes move on to the next round. Then correct validators (correctly) lock and decide a different value *v'* in some round *r' > r*. And the correct validators continue; there is no branching on the main chain.
+However, faulty validators may use the correct precommit messages from round *r* together with a posteriori generated faulty precommit messages for round *r* to forge a block for a value that was not decided on the main chain (Fork-Lite).
+
+
+
+
+
+## Off-chain attacks
+
+F1-F3 may contaminate the state of full nodes (and even validators). Contaminated (but otherwise correct) full nodes may thus communicate faulty blocks to lite clients.
+Similarly, without actually interfering with the main chain, we can have the following:
+
+* F4. Phantom validators: faulty validators vote (sign prevote and precommit messages) in heights in which they are not part of the validator sets (at the main chain).
+
+* F5. Lunatic validator: faulty validator that sign vote messages to support (arbitrary) application state that is different from the application state that resulted from valid state transitions.
+
+## Types of victims
+
+We consider three types of potential attack victims:
+
+
+- FN: full node
+- LCS: lite client with sequential header verification
+- LCB: lite client with bisection based header verification
+
+F1 and F2 can be used by faulty validators to actually create multiple branches on the blockchain. That means that correctly operating full nodes decide on different blocks for the same height. Until a fork is detected locally by a full node (by receiving evidence from others or by some other local check that fails), the full node can spread corrupted blocks to lite clients.
+
+*Remark.* If full nodes take a branch different from the one taken by the validators, it may be that the liveness of the gossip protocol may be affected. We should eventually look at this more closely. However, as it does not influence safety it is not a primary concern.
+
+F3 is similar to F1, except that no two correct validators decide on different blocks. It may still be the case that full nodes become affected.
+
+In addition, without creating a fork on the main chain, lite clients can be contaminated by more than a third of validators that are faulty and sign a forged header
+F4 cannot fool correct full nodes as they know the current validator set. Similarly, LCS know who the validators are. Hence, F4 is an attack against LCB that do not necessarily know the complete prefix of headers (Fork-Lite), as they trust a header that is signed by at least one correct validator (trusting period method).
+
+
+
+
+
+
+The following table gives an overview of how the different attacks may affect different nodes. F1-F3 are *on-chain* attacks so they can corrupt the state of full nodes. Then if a lite client (LCS or LCB) contacts a full node to obtain headers (or blocks), the corrupted state may propagate to the lite client.  
+
+F4 and F5 are *off-chain*, that is, these attacks cannot be used to corrupt the state of full nodes (which have sufficient knowledge on the state of the chain to not be fooled). 
+
+
+| Attack |  FN | LCS | LCB |
+|:------:|:------:|:------:|:------:|
+| F1 |  direct  | FN |     FN |
+| F2 |   direct | FN |     FN |
+| F3 |  direct  | FN |     FN |
+| F4 |          |    | direct |
+| F5 |          |    | direct |
+
+
+
+**Q:** Lite clients are more vulnerable than full nodes, because the former do only verify headers but do not execute transactions. What kind of certainty is gained by a full node that executes a transaction?
+
+As a full node verifies all transactions, it can only be
+contaminated by an attack if the blockchain itself violates its invariant (one block per height), that is, in case of a fork that leads to branching.
+
+
+
+
+## Detailed Attack Scenarios
+
+### Equivocation based attacks
+
+In case of equivocation based attacks, faulty validators sign multiple votes (prevote and/or precommit) in the same
+round of some height. This attack can be executed on both full nodes and lite clients. It requires more than 1/3 of voting power to be executed.
+
+#### Scenario 1: Equivocation on the main chain
+
+Validators:
+* CA - a set of correct validators with less than 1/3 of the voting power
+* CB - a set of correct validators with less than 1/3 of the voting power
+* CA and CB are disjoint
+* F - a set of faulty validators with more than 1/3 voting power
+
+Observe that this setting violates the Tendermint failure model.
+
+Execution:
+
+* A faulty proposer proposes block A to CA
+* A faulty proposer proposes block B to CB
+* Validators from the set CA and CB prevote for A and B, respectively.
+* Faulty validators from the set F prevote both for A and B.
+* The faulty prevote messages
+  - for A arrive at CA long before the B messages
+  - for B arrive at CB long before the A messages
+* Therefore correct validators from set CA and CB will observe
+more than 2/3 of prevotes for A and B and precommit for A and B, respectively.
+* Faulty validators from the set F precommit both values A and B.
+* Thus, we have more than 2/3 commits for both A and B.
+
+Consequences:
+* Creating evidence of misbehavior is simple in this case as we have multiple messages signed by the same faulty processes for different values in the same round.
+
+* We have to ensure that these different messages reach a correct process (full node, monitor?), which can submit evidence.
+
+* This is an attack on the full node level (Fork-Full).
+* It extends also to the lite clients,
+* For both we need a detection and recovery mechanism.
+
+#### Scenario 2: Equivocation to a lite client (LCS)
+
+
+Validators:
+* a set F of faulty validators with more than 2/3 of the voting power.
+
+Execution:
+* for the main chain F behaves nicely
+* F coordinates to sign a block B that is different from the one on the main chain.
+* the lite clients obtains B and trusts at as it is signed by more and 2/3 of the voting power.
+
+Consequences:
+
+Once equivocation is used to attack lite client it opens space
+for different kind of attacks as application state can be diverged in any direction. For example, it can modify validator set such that it contains only validators that do not have any stake bonded. Note that after a lite client is fooled by a fork, that means that an attacker can change application state and validator set arbitrarily.
+
+In order to detect such (equivocation-based attack), the lite client would need to cross check its state with some correct validator (or to obtain a hash of the state from the main chain using out of band channels).
+
+*Remark.* The lite client would be able to create evidence of misbehavior, but this would require to pull potentially a lot of data from correct full nodes. Maybe we need to figure out different architecture where a lite client that is attacked will push all its data for the current unbonding period to a correct node that will inspect this data and submit corresponding evidence. There are also architectures that assumes a special role (sometimes called fisherman) whose goal is to collect as much as possible useful data from the network, to do analysis and create evidence transactions. That functionality is outside the scope of this document.
+
+*Remark.* The difference between LCS and LCB might only be in the amount of voting power needed to convince lite client about arbitrary state. In case of LCB where security threshold is at minimum, an attacker can arbitrarily modify application state with  more than 1/3 of voting power, while in case of LCS it requires more than 2/3 of the voting power.
+
+### Flip-flopping: Amnesia based attacks
+
+
+
+In case of amnesia, faulty validators lock some value *v* in some round *r*, and then vote for different value *v'* in higher rounds without correctly unlocking value *v*. This attack can be used both on full nodes and lite clients.
+
+#### Scenario 3: At most 2/3 of faults
+
+Validators:
+
+* a set F of faulty validators with more than 1/3 but at most 2/3 of the voting power
+* a set C of correct validators
+
+Execution:
+
+* Faulty validators commit (without exposing it on the main chain) a block A in round *r* by collecting more than 2/3 of the 
+  voting power (containing correct and faulty validators).
+* All validators (correct and faulty) reach a round *r' > r*.
+* Some correct validators in C do not lock any value before round *r'*.
+* The faulty validators in F deviate from Tendermint consensus by ignoring that they locked A in *r*, and propose a different block B in *r'*.
+* As the validators in C that have not locked any value find B acceptable, they accept the proposal for B and commit a block B.
+
+*Remark.* In this case, the more than 1/3 of faulty validators do not need to commit an equivocation (F1) as they only vote once per round in the execution.
+
+Detecting faulty validators in the case of such an attack can be done by the fork accountability mechanism described in: https://docs.google.com/document/d/11ZhMsCj3y7zIZz4udO9l25xqb0kl7gmWqNpGVRzOeyY/edit?usp=sharing.
+
+If a lite client is attacked using this attack with more than 1/3 of voting power (and less than 2/3), the attacker cannot change the application state arbitrarily. Rather, the attacker is limited to a state a correct validator finds acceptable: In the execution above, correct validators still find the value acceptable, however, the block the lite client trusts deviates from the one on the main chain.
+
+#### Scenario 4: More than 2/3 of faults
+
+In case there is an attack with more than 2/3 of the voting power, an attacker can arbitrarily change application state.
+
+Validators:
+
+* a set F1 of faulty validators with more than 1/3 of the voting power
+* a set F2 of faulty validators with at most 1/3 of the voting power
+
+Execution
+
+* Similar to Scenario 3 (however, messages by correct validators are not needed)
+* The faulty validators in F1 lock value A in round *r*
+* They sign a different value in follow-up rounds
+* F2 does not lock A in round *r*
+
+Consequences:
+
+* The validators in F1 will be detectable by the the fork accountability mechanisms.
+* The validators in F2 cannot be detected using this mechanism.
+Only in case they signed something which conflicts with the application this can be used against them. Otherwise they do not do anything incorrect.
+* This case is not covered by the report https://docs.google.com/document/d/11ZhMsCj3y7zIZz4udO9l25xqb0kl7gmWqNpGVRzOeyY/edit?usp=sharing as it only assumes at most 2/3 of faulty validators.
+
+**Q:** do we need to define a special kind of attack for the case where a validator sign arbitrarily state? It seems that detecting such attack requires different mechanism that would require as an evidence a sequence of blocks that lead to that state. This might be very tricky to implement.
+
+### Back to the past
+
+In this kind of attacks faulty validators take advantage of the fact that they did not sign messages in some of the past rounds. Due to the asynchronous network in which Tendermint operates, we cannot easily differentiate between such an attack and delayed message. This kind of attack can be used at both full nodes and lite clients.
+
+#### Scenario 5:
+
+Validators:
+* C1 -  a set of correct validators with 1/3 of the voting power
+* C2 - a set of correct validators with 1/3 of the voting power
+* C1 and C2 are disjoint
+* F - a set of faulty validators with 1/3 voting power
+* one additional faulty process *q*
+* F and *q* violate the Tendermint failure model.
+
+
+Execution:
+
+* in a round *r* of height *h* we have C1 precommitting a value A,
+* C2  precommits nil,
+* F does not send any message
+* *q* precommits nil.
+* In some round *r' > r*, F and *q* and C2 commit some other value B different from A.
+* F and *fp* "go back to the past" and sign precommit message for value A in round *r*.
+* Together with precomit messages of C1 this is sufficient for a commit for value A.
+
+
+Consequences:
+
+* Only a single faulty validator that previously precommited nil did equivocation, while the other 1/3 of faulty validators actually executed an attack that has exactly the same sequence of messages as part of amnesia attack. Detecting this kind of attack boil down to mechanisms for equivocation and amnesia.
+
+**Q:** should we keep this as a separate kind of attack? It seems that equivocation, amnesia and phantom validators are the only kind of attack we need to support and this gives us security also in other cases. This would not be surprising as equivocation and amnesia are attacks that followed from the protocol and phantom attack is not really an attack to Tendermint but more to the Proof of stake module.
+
+### Phantom validators
+
+In case of phantom validators, processes that are not part of the current validator set but are still bonded (as attack happen during their unbonding period) can be part of the attack by signing vote messages. This attack can be executed against both full nodes and lite clients.
+
+#### Scenario 6:
+
+Validators:
+* F -- a set of faulty validators that are not part of the validator set on the main chain at height *h + k*
+
+Execution:
+
+* There is a fork, and there exists two different headers for height *h + k*, with different validator sets:
+  - VS2 on the main chain
+  - forged header VS2', signed by F (and others)
+
+* a lite client has a trust in a header for height *h* (and the corresponding validator set VS1).
+* As part of bisection header verification, it verifies header at height *h + k* with new validator set VS2'.
+
+Consequences:
+
+* To detect this, a node needs to see both, the forged header and the canonical header from the chain.
+* If this is the case, detecting these kind of attacks is easy as it just requires verifying if processes are signing messages in heights in which they are not part of the validator set.  
+
+**Remark.** We can have phantom-validator-based attacks as a follow up of equivocation or amnesia based attack where forked state contains validators that are not part of the validator set at the main chain. In this case, they keep signing messages contributed to a forked chain (the wrong branch) although they are not part of the validator set on the main chain. This attack can also be used to attack full node during a period of time he is eclipsed.
+
+### Lunatic validator
+
+Lunatic validator agrees to sign commit messages for arbitrary application state. It is used to attack lite clients.
+Note that detecting this behavior require application knowledge. Detecting this behavior can probably be done by
+referring to the block before the one in which height happen.  
+
+**Q:** can we say that in this case a validator ignore to check if proposed value is valid before voting for it?

docs/spec/consensus/light-client.md

@@ -1,113 +1,329 @@
-# Light Client
-
-A light client is a process that connects to the Tendermint Full Node(s) and then tries to verify the Merkle proofs
-about the blockchain application. In this document we describe mechanisms that ensures that the Tendermint light client
-has the same level of security as Full Node processes (without being itself a Full Node).
-
-To be able to validate a Merkle proof, a light client needs to validate the blockchain header that contains the root app hash.
-Validating a blockchain header in Tendermint consists in verifying that the header is committed (signed) by >2/3 of the
-voting power of the corresponding validator set. As the validator set is a dynamic set (it is changing), one of the
-core functionality of the light client is updating the current validator set, that is then used to verify the
-blockchain header, and further the corresponding Merkle proofs.
-
-For the purpose of this light client specification, we assume that the Tendermint Full Node exposes the following functions over
-Tendermint RPC:
-
-```golang
-Header(height int64) (SignedHeader, error) // returns signed header for the given height
-Validators(height int64) (ResultValidators, error) // returns validator set for the given height
-LastHeader(valSetNumber int64) (SignedHeader, error)   // returns last header signed by the validator set with the given validator set number
-
-type SignedHeader struct {
-    Header        Header
-    Commit        Commit
-    ValSetNumber  int64
-}
+# Lite client
 
-type ResultValidators struct {
-    BlockHeight   int64
-    Validators    []Validator
-    // time the current validator set is initialised, i.e, time of the last validator change before header BlockHeight
-    ValSetTime    int64
-}
+A lite client is a process that connects to Tendermint full nodes and then tries to verify application data using the Merkle proofs.
+
+## Context of this document
+
+In order to make sure that full nodes have the incentive to follow the protocol, we have to address the following three Issues
+
+1) The lite client needs a method to verify headers it obtains from full nodes according to trust assumptions -- this document.
+
+2) The lite client must be able to connect to one correct full node to detect and report on failures in the trust assumptions (i.e., conflicting headers) -- a future document.
+
+3) In the event the trust assumption fails (i.e., a lite client is fooled by a conflicting header), the Tendermint fork accountability protocol must account for the evidence -- see #3840
+
+## Problem statement
+
+
+We assume that the lite client knows a (base) header *inithead* it trusts (by social consensus or because the lite client has decided to trust the header before). The goal is to check whether another header *newhead* can be trusted based on the data in *inithead*.
+
+The correctness of the protocol is based on the assumption that *inithead* was generated by an instance of Tendermint consensus. The term "trusting" above indicates that the correctness on the protocol depends on this assumption. It is in the responsibility of the user that runs the lite client to make sure that the risk of trusting a corrupted/forged *inithead* is negligible.
+
+
+## Definitions
+
+### Data structures
+
+In the following, only the details of the data structures needed for this specification are given.
+
+  * header fields
+    - *height*
+    - *bfttime*: the chain time when the header (block) was generated
+    - *V*: validator set containing validators for this block.
+    - *NextV*: validator set for next block.
+    - *commit*: evidence that block with height *height* - 1 was committed by a set of validators (canonical commit). We will use ```signers(commit)``` to refer to the set of validators that committed the block.
+
+  * signed header fields: contains a header and a  *commit* for the current header; a "seen commit". In the Tendermint consensus the "canonical commit" is stored in header *height* + 1.
+
+  * For each header *h* it has locally stored, the lite client stores whether
+    it trusts *h*. We write *trust(h) = true*, if this is the case.
+
+  * Validator fields. We will write a validator as a tuple *(v,p)* such that
+    + *v* is the identifier (we assume identifiers are unique in each validator set)
+    + *p* is its voting power
+
+
+### Functions
+
+For the purpose of this lite client specification, we assume that the Tendermint Full Node exposes the following function over Tendermint RPC:
+```go
+    func Commit(height int64) (SignedHeader, error)
+      // returns signed header: header (with the fields from
+      // above) with Commit that include signatures of
+      // validators that signed the header
+
+
+    type SignedHeader struct {
+      Header        Header
+      Commit        Commit
+    }
 ```
 
-We assume that Tendermint keeps track of the validator set changes and that each time a validator set is changed it is
-being assigned the next sequence number. We can call this number the validator set sequence number. Tendermint also remembers
-the Time from the header when the next validator set is initialised (starts to be in power), and we refer to this time
-as validator set init time.
-Furthermore, we assume that each validator set change is signed (committed) by the current validator set. More precisely,
-given a block `H` that contains transactions that are modifying the current validator set, the Merkle root hash of the next
-validator set (modified based on transactions from block H) will be in block `H+1` (and signed by the current validator
-set), and then starting from the block `H+2`, it will be signed by the next validator set.
-
-Note that the real Tendermint RPC API is slightly different (for example, response messages contain more data and function
-names are slightly different); we shortened (and modified) it for the purpose of this document to make the spec more
-clear and simple. Furthermore, note that in case of the third function, the returned header has `ValSetNumber` equals to
-`valSetNumber+1`.
-
-Locally, light client manages the following state:
-
-```golang
-valSet        []Validator    // current validator set (last known and verified validator set)
-valSetNumber  int64          // sequence number of the current validator set
-valSetHash    []byte         // hash of the current validator set
-valSetTime    int64          // time when the current validator set is initialised
+### Definitions
+
+* *tp*: trusting period   
+* for realtime *t*, the predicate *correct(v,t)* is true if the validator *v*
+  follows the protocol until time *t* (we will see about recovery later).
+
+
+
+
+### Tendermint Failure Model
+
+If a block *h* is generated at time *bfttime* (and this time is stored in the block), then a set of validators that hold more than 2/3 of the voting power in h.Header.NextV is correct until time h.Header.bfttime + tp.
+
+Formally,
+\[
+\sum_{(v,p) \in h.Header.NextV \wedge correct(v,h.Header.bfttime + tp)} p >
+2/3 \sum_{(v,p) \in h.Header.NextV} p
+\]
+
+*Assumption*: "correct" is defined w.r.t. realtime (some Newtonian global notion of time, i.e., wall time), while *bfttime* corresponds to the reading of the local clock of a validator (how this time is computed may change when the Tendermint consensus is modified). In this note, we assume that all clocks are synchronized to realtime. We can make this more precise eventually (incorporating clock drift, accuracy, precision, etc.). Right now, we consider this assumption sufficient, as clock synchronization (under NTP) is in the order of milliseconds and *tp* is in the order of weeks.  
+
+*Remark*: This failure model might change to a hybrid version that takes heights into account in the future.
+
+The specification in this document considers an implementation of the lite client under this assumption. Issues like *counter-factual signing* and *fork accountability* and *evidence submission* are mechanisms that justify this assumption by incentivizing validators to follow the protocol.
+If they don't, and we have more that 1/3 faults, safety may be violated. Our approach then is to *detect* these cases (after the fact), and take suitable repair actions (automatic and social). This is discussed in an upcoming document on "Fork accountability". (These safety violations include the lite client wrongly trusting a header, a fork in the blockchain, etc.)
+
+
+## Lite Client Trusting Spec
+
+The lite client communicates with a full node and learns new headers. The goal is to locally decide whether to trust a header. Our implementation needs to ensure the following two properties:
+
+- Lite Client Completeness: If header *h* was correctly generated by an instance of Tendermint consensus (and its age is less than the trusting period), then the lite client should eventually set *trust(h)* to true.
+
+- Lite Client Accuracy:  If header *h* was *not generated* by an instance of Tendermint consensus, then the lite client should never set *trust(h)* to true.
+
+*Remark*: If in the course of the computation, the lite client obtains certainty that some headers were forged by adversaries (that is were not generated by an instance of Tendermint consensus), it may submit (a subset of) the headers it has seen as evidence of misbehavior.
+
+*Remark*: In Completeness we use "eventually", while in practice *trust(h)* should be set to true before *h.Header.bfttime + tp*. If not, the block cannot be trusted because it is too old.
+
+*Remark*: If a header *h* is marked with *trust(h)*, but it is too old (its bfttime is more than *tp* ago), then the lite client should set *trust(h)* to false again.
+
+*Assumption*: Initially, the lite client has a header *inithead* that it trusts correctly, that is, *inithead* was correctly generated by the Tendermint consensus.
+
+To reason about the correctness, we may prove the following invariant.
+
+*Verification Condition: Lite Client Invariant.*
+ For each lite client *l* and each header *h*:
+if *l* has set *trust(h) = true*,
+  then validators that are correct until time *h.Header.bfttime + tp* have more than two thirds of the voting power in *h.Header.NextV*.
+
+  Formally,
+  \[
+  \sum_{(v,p) \in h.Header.NextV \wedge correct(v,h.Header.bfttime + tp)} p >
+  2/3 \sum_{(v,p) \in h.Header.NextV} p
+  \]
+
+*Remark.* To prove the invariant, we will have to prove that the lite client only trusts headers that were correctly generated by Tendermint consensus, then the formula above follows from the Tendermint failure model.
+
+
+## High Level Solution
+
+Upon initialization, the lite client is given a header *inithead* it trusts (by
+social consensus). It is assumed that *inithead* satisfies the lite client invariant. (If *inithead* has been correctly generated by Tendermint consensus, the invariant follows from the Tendermint Failure Model.)
+
+When a lite clients sees a signed new header *snh*, it has to decide whether to trust the new
+header. Trust can be obtained by (possibly) the combination of three methods.
+
+1. **Uninterrupted sequence of proof.** If a block is appended to the chain, where the last block
+is trusted (and properly committed by the old validator set in the next block),
+and the new block contains a new validator set, the new block is trusted if the lite client knows all headers in the prefix.
+Intuitively, a trusted validator set is assumed to only chose a new validator set that will obey the Tendermint Failure Model.
+
+2. **Trusting period.** Based on a trusted block *h*, and the lite client
+invariant, which ensures the fault assumption during the trusting period, we can check whether at least one  validator, that has been continuously correct from *h.Header.bfttime* until now, has signed *snh*.
+If this is the case, similarly to above, the chosen validator set in *snh* does not violate the Tendermint Failure Model.
+
+3. **Bisection.** If a check according to the trusting period fails, the lite client can try to obtain a header *hp* whose height lies between *h* and *snh* in order to check whether *h* can be used to get trust for *hp*, and *hp* can be used to get trust for *snh*. If this is the case we can trust *snh*; if not, we may continue recursively.
+
+## How to use it
+
+We consider the following use case:
+ the lite client wants to verify a header for some given height *k*. Thus:
+  - it requests the signed header for height *k* from a full node
+  - it tries to verify this header with the methods described here.
+
+This can be used in several settings:
+  - someone tells the lite client that application data that is relevant for it can be read in the block of height *k*.
+  - the lite clients wants the latest state. It asks a full nude for the current height, and uses the response for *k*.
+
+
+## Details
+
+*Assumptions*
+
+1. *tp < unbonding period*.
+2. *snh.Header.bfttime < now*
+3. *snh.Header.bfttime < h.Header.bfttime+tp*
+4. *trust(h)=true*
+
+
+**Observation 1.** If *h.Header.bfttime + tp > now*, we trust the old
+validator set *h.Header.NextV*.
+
+When we say we trust *h.Header.NextV* we do *not* trust that each individual validator in *h.Header.NextV* is correct, but we only trust the fact that at most 1/3 of them are faulty (more precisely, the faulty ones have at most 1/3 of the total voting power).
+
+
+
+### Functions
+
+The function *Bisection* checks whether to trust header *h2* based on the trusted header *h1*. It does so by calling
+the function *CheckSupport* in the process of
+bisection/recursion. *CheckSupport* implements the trusted period method and, for two adjacent headers (in term of heights), it checks uninterrupted sequence of proof.
+
+*Assumption*: In the following, we assume that *h2.Header.height > h1.Header.height*. We will quickly discuss the other case in the next section.
+
+We consider the following set-up:
+- the lite client communicates with one full node
+- the lite client locally stores all the signed headers it obtained (trusted or not). In the pseudo code below we write *Store(header)* for this.
+- If *Bisection* returns *false*, then the lite client has seen a  forged header.
+  * However, it does not know which header(s) is/are the problematic one(s).
+  * In this case, the lite client can submit (some of) the headers it has seen as evidence. As the lite client communicates with one full node only when executing Bisection, there are two cases
+    - the full node is faulty
+    - the full node is correct and there was a fork in Tendermint consensus. Header *h1* is from a different branch than the one taken by the full node. This case is not focus of this document, but will be treated in the document on fork accountability.
+
+- the lite client must retry to retrieve correct headers from another full node
+  * it picks a new full node
+  * it restarts *Bisection*
+  * there might be optimizations; a lite client may not need to call *Commit(k)*, for a height *k* for which it already has a signed header it trusts.
+  * how to make sure that a lite client can communicate with a correct full node will be the focus of a separate document (recall Issue 3 from "Context of this document").
+
+**Auxiliary Functions.** We will use the  function ```votingpower_in(V1,V2)``` to compute the voting power the validators in set V1 have according to their voting power in set V2;
+we will write ```totalVotingPower(V)``` for ```votingpower_in(V,V)```, which returns the total voting power in V.
+We further use the function ```signers(Commit)``` that returns the set of validators that signed the Commit.
+
+**CheckSupport.** The following function checks whether we can trust the header h2 based on header h1 following the trusting period method.
+
+```go
+  func CheckSupport(h1,h2,trustlevel) bool {
+    if h1.Header.bfttime + tp < now { // Observation 1
+      return false // old header was once trusted but it is expired
+    }  
+    vp_all := totalVotingPower(h1.Header.NextV)
+      // total sum of voting power of validators in h2
+
+    if h2.Header.height == h1.Header.height + 1 {
+      // specific check for adjacent headers; everything must be
+      // properly signed.
+      // also check that h2.Header.V == h1.Header.NextV
+      // Plus the following check that 2/3 of the voting power
+      // in h1 signed h2
+      return (votingpower_in(signers(h2.Commit),h1.Header.NextV) >
+              2/3 * vp_all)
+        // signing validators are more than two third in h1.
+    }
+
+    return (votingpower_in(signers(h2.Commit),h1.Header.NextV) >
+            max(1/3,trustlevel) * vp_all)
+      // get validators in h1 that signed h2
+      // sum of voting powers in h1 of
+      // validators that signed h2
+      // is more than a third in h1
+  }
 ```
 
-The light client is initialised with the trusted validator set, for example based on the known validator set hash,
-validator set sequence number and the validator set init time.
-The core of the light client logic is captured by the VerifyAndUpdate function that is used to 1) verify if the given header is valid,
-and 2) update the validator set (when the given header is valid and it is more recent than the seen headers).
+  *Remark*: Basic header verification must be done for *h2*. Similar checks are done in:  
+  https://github.com/tendermint/tendermint/blob/master/types/validator_set.go#L591-L633
+
+  *Remark*: There are some sanity checks which are not in the code:
+  *h2.Header.height > h1.Header.height* and *h2.Header.bfttime > h1.Header.bfttime* and *h2.Header.bfttime < now*.
+
+  *Remark*: ```return (votingpower_in(signers(h2.Commit),h1.Header.NextV) > max(1/3,trustlevel) * vp_all)``` may return false even if *h2* was properly generated by Tendermint consensus in the case of big changes in the validator sets. However, the check ```return (votingpower_in(signers(h2.Commit),h1.Header.NextV) >
+          2/3 * vp_all)``` must return true if *h1* and *h2* were generated by Tendermint consensus.
+
+*Remark*: The 1/3 check differs from a previously proposed method that was based on intersecting validator sets and checking that the new validator set contains "enough" correct validators. We found that the old check is not suited for realistic changes in the validator sets. The new method is not only based on cardinalities, but also exploits that we can trust what is signed by a correct validator (i.e., signed by more than 1/3 of the voting power).
 
-```golang
-VerifyAndUpdate(signedHeader SignedHeader):
-  assertThat signedHeader.valSetNumber >= valSetNumber
-  if isValid(signedHeader) and signedHeader.Header.Time <= valSetTime + UNBONDING_PERIOD then
-    setValidatorSet(signedHeader)
+*Correctness arguments*
+
+Towards Lite Client Accuracy:
+- Assume by contradiction that *h2* was not generated correctly and the lite client sets trust to true because *CheckSupport* returns true.
+- h1 is trusted and sufficiently new
+- by Tendermint Fault Model, less than 1/3 of voting power held by faulty validators => at least one correct validator *v* has signed *h2*.
+- as *v* is correct up to now, it followed the Tendermint consensus protocol at least up to signing *h2* => *h2* was correctly generated, we arrive at the required contradiction.
+
+
+Towards Lite Client Completeness:
+- The check is successful if sufficiently many validators of *h1* are still validators in *h2* and signed *h2*.
+- If *h2.Header.height = h1.Header.height + 1*, and both headers were generated correctly, the test passes
+
+*Verification Condition:* We may need a Tendermint invariant stating that if *h2.Header.height = h1.Header.height + 1* then *signers(h2.Commit) \subseteq h1.Header.NextV*.
+
+*Remark*: The variable *trustlevel* can be used if the user believes that relying on one correct validator is not sufficient. However, in case of (frequent) changes in the validator set, the higher the *trustlevel* is chosen, the more unlikely it becomes that CheckSupport returns true for non-adjacent headers.
+
+**Bisection.** The following function uses CheckSupport in a recursion to find intermediate headers that allow to establish a sequence of trust.
+
+
+
+
+```go
+func Bisection(h1,h2,trustlevel) bool{
+  if CheckSupport(h1,h2,trustlevel) {
     return true
-  else
-    updateValidatorSet(signedHeader.ValSetNumber)
-    return VerifyAndUpdate(signedHeader)
-
-isValid(signedHeader SignedHeader):
-  valSetOfTheHeader = Validators(signedHeader.Header.Height)
-  assertThat Hash(valSetOfTheHeader) == signedHeader.Header.ValSetHash
-  assertThat signedHeader is passing basic validation
-  if votingPower(signedHeader.Commit) > 2/3 * votingPower(valSetOfTheHeader) then return true
-  else
+  }
+  if h2.Header.height == h1.Header.height + 1 {
+    // we have adjacent headers that are not matching (failed
+    // the CheckSupport)
+    // we could submit evidence here
     return false
+  }
+  pivot := (h1.Header.height + h2.Header.height) / 2
+  hp := Commit(pivot)
+    // ask a full node for header of height pivot
+  Store(hp)  
+    // store header hp locally
+  if Bisection(h1,hp,trustlevel) {
+    // only check right branch if hp is trusted
+    // (otherwise a lot of unnecessary computation may be done)
+    return Bisection(hp,h2,trustlevel)
+  }
+  else {
+    return false
+  }
+}
+```  
 
-setValidatorSet(signedHeader SignedHeader):
-  nextValSet = Validators(signedHeader.Header.Height)
-  assertThat Hash(nextValSet) == signedHeader.Header.ValidatorsHash
-  valSet = nextValSet.Validators
-  valSetHash = signedHeader.Header.ValidatorsHash
-  valSetNumber = signedHeader.ValSetNumber
-  valSetTime = nextValSet.ValSetTime
-
-votingPower(commit Commit):
-  votingPower = 0
-  for each precommit in commit.Precommits do:
-    if precommit.ValidatorAddress is in valSet and signature of the precommit verifies then
-      votingPower += valSet[precommit.ValidatorAddress].VotingPower
-  return votingPower
-
-votingPower(validatorSet []Validator):
-  for each validator in validatorSet do:
-    votingPower += validator.VotingPower
-  return votingPower
-
-updateValidatorSet(valSetNumberOfTheHeader):
-  while valSetNumber != valSetNumberOfTheHeader do
-    signedHeader = LastHeader(valSetNumber)
-    if isValid(signedHeader) then
-      setValidatorSet(signedHeader)
-    else return error
-  return
-```
 
-Note that in the logic above we assume that the light client will always go upward with respect to header verifications,
-i.e., that it will always be used to verify more recent headers. In case a light client needs to be used to verify older
-headers (go backward) the same mechanisms and similar logic can be used. In case a call to the FullNode or subsequent
-checks fail, a light client need to implement some recovery strategy, for example connecting to other FullNode.
+
+
+*Correctness arguments (sketch)*
+
+Lite Client Accuracy:
+- Assume by contradiction that *h2* was not generated correctly and the lite client sets trust to true because Bisection returns true.
+- Bisection returns true only if all calls to CheckSupport in the recursion return true.
+- Thus we have a sequence of headers that all satisfied the CheckSupport
+- again a contradiction
+
+Lite Client Completeness:
+
+This is only ensured if upon *Commit(pivot)* the lite client is always provided with a correctly generated header.
+
+*Stalling*
+
+With Bisection, a faulty full node could stall a lite client by creating a long sequence of headers that are queried one-by-one by the lite client and look OK, before the lite client eventually detects a problem. There are several ways to address this:
+* Each call to ```Commit``` could be issued to a different full node
+* Instead of querying header by header, the lite client tells a full node which header it trusts, and the height of the header it needs. The full node responds with the header along with a proof consisting of intermediate headers that the light client can use to verify. Roughly, Bisection would then be executed at the full node.
+* We may set a timeout how long bisection may take.
+
+
+### The case *h2.Header.height < h1.Header.height*
+
+In the use case where someone tells the lite client that application data that is relevant for it can be read in the block of height *k* and the lite client trusts a more recent header, we can use the hashes to verify headers "down the chain." That is, we iterate down the heights and check the hashes in each step.
+
+*Remark.* For the case were the lite client trusts two headers *i* and *j* with *i < k < j*, we should discuss/experiment whether the forward or the backward method is more effective.
+
+```go
+func Backwards(h1,h2) bool {
+  assert (h2.Header.height < h1.Header.height)
+  old := h1
+  for i := h1.Header.height - 1; i > h2.Header.height; i-- {
+    new := Commit(i)
+    Store(new)
+    if (hash(new) != old.Header.hash) {
+      return false
+    }
+    old := new
+  }
+  return (hash(h2) == old.Header.hash)
+ }
+```

docs/spec/p2p/connection.md

@@ -61,7 +61,7 @@ func (m MConnection) TrySend(chID byte, msg interface{}) bool {}
 
 `Send(chID, msg)` is a blocking call that waits until `msg` is successfully queued
 for the channel with the given id byte `chID`. The message `msg` is serialized
-using the `tendermint/wire` submodule's `WriteBinary()` reflection routine.
+using the `tendermint/go-amino` submodule's `WriteBinary()` reflection routine.
 
 `TrySend(chID, msg)` is a nonblocking call that queues the message msg in the channel
 with the given id byte chID if the queue is not full; otherwise it returns false immediately.

docs/spec/reactors/mempool/messages.md

@@ -13,13 +13,13 @@ type TxMessage struct {
 }
 ```
 
-TxMessage is go-wire encoded and prepended with `0x1` as a
-"type byte". This is followed by a go-wire encoded byte-slice.
+TxMessage is go-amino encoded and prepended with `0x1` as a
+"type byte". This is followed by a go-amino encoded byte-slice.
 Prefix of 40=0x28 byte tx is: `0x010128...` followed by
 the actual 40-byte tx. Prefix of 350=0x015e byte tx is:
 `0x0102015e...` followed by the actual 350 byte tx.
 
-(Please see the [go-wire repo](https://github.com/tendermint/go-wire#an-interface-example) for more information)
+(Please see the [go-amino repo](https://github.com/tendermint/go-amino#an-interface-example) for more information)
 
 ## RPC Messages
 

docs/spec/rpc/index.html

@@ -0,0 +1,25 @@
+<!-- HTML for static distribution bundle build -->
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+        <meta charset="UTF-8">
+        <title>Tendermint RPC</title>
+        <link rel="stylesheet" type="text/css" href="//unpkg.com/swagger-ui-dist@3/swagger-ui.css" >
+        <link rel="icon" type="image/png" href="//unpkg.com/swagger-ui-dist@3/favicon-16x16.png"/>
+        <script src="//unpkg.com/swagger-ui-dist@3/swagger-ui-bundle.js"></script>
+    </head>
+
+    <body>
+        <div id="swagger-ui"></div>
+        <script>
+            window.onload = function() {
+                window.ui = SwaggerUIBundle({
+                    url: "./swagger.yaml",
+                    dom_id: '#swagger-ui',
+                    deepLinking: true,
+                    layout: "BaseLayout"
+                });
+            }
+        </script>
+    </body>
+</html>

docs/tendermint-core/configuration.md

@@ -240,8 +240,9 @@ max_txs_bytes = 1073741824
 # Size of the cache (used to filter transactions we saw earlier) in transactions
 cache_size = 10000
 
-# Limit the size of TxMessage
-max_msg_bytes = 1048576
+# Maximum size of a single transaction.
+# NOTE: the max size of a tx transmitted over the network is {max_tx_bytes} + {amino overhead}.
+max_tx_bytes = 1048576
 
 ##### fast sync configuration options #####
 [fastsync]

docs/tools/monitoring.md

@@ -87,6 +87,6 @@ websocket.
 ## Development
 
 ```
-make get_tools
+make tools
 make test
 ```

dredd.yml

@@ -0,0 +1,33 @@
+color: true
+dry-run: null
+hookfiles: build/contract_tests
+language: go
+require: null
+server: make localnet-start
+server-wait: 30
+init: false
+custom: {}
+names: false
+only: []
+reporter: []
+output: []
+header: []
+sorted: false
+user: null
+inline-errors: false
+details: false
+method: [GET]
+loglevel: warning
+path: []
+hooks-worker-timeout: 5000
+hooks-worker-connect-timeout: 1500
+hooks-worker-connect-retry: 500
+hooks-worker-after-connect-wait: 100
+hooks-worker-term-timeout: 5000
+hooks-worker-term-retry: 500
+hooks-worker-handler-host: 127.0.0.1
+hooks-worker-handler-port: 61321
+config: ./dredd.yml
+# This path accepts no variables
+blueprint: ./docs/spec/rpc/swagger.yaml
+endpoint: 'http://127.0.0.1:26657/'

evidence/reactor_test.go

@@ -203,6 +203,7 @@ func TestEvidenceListMessageValidationBasic(t *testing.T) {
 		}, true},
 	}
 	for _, tc := range testCases {
+		tc := tc
 		t.Run(tc.testName, func(t *testing.T) {
 			evListMsg := &EvidenceListMessage{}
 			n := 3

go.mod

@@ -8,42 +8,27 @@ require (
 	github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 // indirect
 	github.com/btcsuite/btcd v0.0.0-20190115013929-ed77733ec07d
 	github.com/btcsuite/btcutil v0.0.0-20180706230648-ab6388e0c60a
-	github.com/fortytw2/leaktest v1.2.0
-	github.com/go-kit/kit v0.6.0
-	github.com/go-logfmt/logfmt v0.3.0
-	github.com/go-stack/stack v1.8.0 // indirect
-	github.com/gogo/protobuf v1.2.1
+	github.com/fortytw2/leaktest v1.3.0
+	github.com/go-kit/kit v0.9.0
+	github.com/go-logfmt/logfmt v0.4.0
+	github.com/gogo/protobuf v1.3.0
 	github.com/golang/protobuf v1.3.2
 	github.com/google/gofuzz v1.0.0 // indirect
-	github.com/google/pprof v0.0.0-20190723021845-34ac40c74b70 // indirect
-	github.com/gorilla/websocket v1.2.0
-	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6 // indirect
+	github.com/gorilla/websocket v1.4.1
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
-	github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 // indirect
-	github.com/libp2p/go-buffer-pool v0.0.1
-	github.com/magiconair/properties v1.8.0
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
-	github.com/mitchellh/mapstructure v1.1.2 // indirect
-	github.com/pelletier/go-toml v1.2.0 // indirect
+	github.com/libp2p/go-buffer-pool v0.0.2
+	github.com/magiconair/properties v1.8.1
 	github.com/pkg/errors v0.8.1
-	github.com/prometheus/client_golang v0.9.1
-	github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910 // indirect
-	github.com/prometheus/common v0.0.0-20181020173914-7e9e6cabbd39 // indirect
-	github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d // indirect
+	github.com/prometheus/client_golang v0.9.3
 	github.com/rcrowley/go-metrics v0.0.0-20180503174638-e2704e165165
-	github.com/rs/cors v1.6.0
-	github.com/spf13/afero v1.1.2 // indirect
-	github.com/spf13/cast v1.3.0 // indirect
+	github.com/rs/cors v1.7.0
+	github.com/snikch/goodman v0.0.0-20171125024755-10e37e294daa
 	github.com/spf13/cobra v0.0.1
-	github.com/spf13/jwalterweatherman v1.0.0 // indirect
-	github.com/spf13/pflag v1.0.3 // indirect
-	github.com/spf13/viper v1.0.0
-	github.com/stretchr/testify v1.3.0
+	github.com/spf13/viper v1.4.0
+	github.com/stretchr/testify v1.4.0
 	github.com/tendermint/go-amino v0.14.1
 	github.com/tendermint/tm-db v0.1.1
-	golang.org/x/arch v0.0.0-20190312162104-788fe5ffcd8c // indirect
 	golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2
 	golang.org/x/net v0.0.0-20190628185345-da137c7871d7
-	google.golang.org/grpc v1.22.0
+	google.golang.org/grpc v1.23.1
 )

go.sum

@@ -1,13 +1,19 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/VividCortex/gohistogram v1.0.0 h1:6+hBz+qvs0JOrrNhhmR7lFxo5sINxBCGXrdtl/UvroE=
 github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
 github.com/Workiva/go-datastructures v1.0.50 h1:slDmfW6KCHcC7U+LP3DDBbm4fqTwZGn1beOFPfGaLvo=
 github.com/Workiva/go-datastructures v1.0.50/go.mod h1:Z+F2Rca0qCsVYDS8z7bAGm8f3UkzuWYS/oBZz5a7VVA=
 github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0 h1:HWo1m869IqiPhD389kmkxeTalrjNbbJTC8LXupb+sl0=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/btcsuite/btcd v0.0.0-20190115013929-ed77733ec07d h1:xG8Pj6Y6J760xwETNmMzmlt38QSwz0BLp1cZ09g27uw=
 github.com/btcsuite/btcd v0.0.0-20190115013929-ed77733ec07d/go.mod h1:d3C0AkH6BRcvO8T0UEPu53cnw4IbV63x1bEjildYhO0=
 github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA=
@@ -18,65 +24,97 @@ github.com/btcsuite/goleveldb v0.0.0-20160330041536-7834afc9e8cd/go.mod h1:F+uVa
 github.com/btcsuite/snappy-go v0.0.0-20151229074030-0bdef8d06723/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg3lh6TiUghc=
 github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792/go.mod h1:ghJtEyQwv5/p4Mg4C0fgbePVuGr935/5ddU9Z3TmDRY=
 github.com/btcsuite/winsvc v1.0.0/go.mod h1:jsenWakMcC0zFBFurPLEAyrnc/teJEM1O46fmI40EZs=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
+github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/davecgh/go-spew v0.0.0-20171005155431-ecdeabc65495/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/etcd-io/bbolt v1.3.3 h1:gSJmxrs37LgTqR/oyJBWok6k6SvXEUerFTbltIhXkBM=
 github.com/etcd-io/bbolt v1.3.3/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw=
-github.com/fortytw2/leaktest v1.2.0 h1:cj6GCiwJDH7l3tMHLjZDo0QqPtrXJiWSI9JgpeQKw+Q=
-github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
+github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
+github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
 github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/go-kit/kit v0.6.0 h1:wTifptAGIyIuir4bRyN4h7+kAa2a4eepLYVmRe5qqQ8=
-github.com/go-kit/kit v0.6.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/go-kit/kit v0.8.0 h1:Wz+5lgoB0kkuqLEc6NVmwRknTKP6dTGbSqvhZtBI/j0=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/kit v0.9.0 h1:wDJmvq38kDhkVxi50ni9ykkdUr1PKgqKOoi01fa0Mdk=
+github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0 h1:8HUsc87TaSWLKwrnumgC8/YconD2fJQsRJAsWaPg2ic=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0 h1:MP4Eh7ZCb31lleYCFuwm0oe4/YGak+5l1vA2NOE80nA=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1 h1:/s5zKNz0uPFCZ5hddgPdo2TK2TVrUNMn0OOX8/aZMTE=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
+github.com/gogo/protobuf v1.3.0 h1:G8O7TerXerS4F6sx9OV7/nRfJdnXgHZu/S/7F2SN+UE=
+github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20190723021845-34ac40c74b70 h1:XTnP8fJpa4Kvpw2qARB4KS9izqxPS0Sd92cDlY3uk+w=
-github.com/google/pprof v0.0.0-20190723021845-34ac40c74b70/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/gorilla/websocket v1.2.0 h1:VJtLvh6VQym50czpZzx07z/kw9EgAxI3x1ZB8taTMQQ=
-github.com/gorilla/websocket v1.2.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/gorilla/websocket v1.4.1 h1:q7AeDBpnBk8AogcD4DSag/Ukw/KV+YhzLj2bP5HvKCM=
+github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6 h1:UDMh68UUwekSh5iP2OMhRRZJiiBccgV7axzUG8vi56c=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jmhodges/levigo v1.0.0 h1:q5EC36kV79HWeTBWsod3mG11EgStG3qArTKcvlksN1U=
 github.com/jmhodges/levigo v1.0.0/go.mod h1:Q6Qx+uH3RAqyK4rFQroq9RL7mdkABMcfhEI+nNuzMJQ=
+github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/jrick/logrotate v1.0.0/go.mod h1:LNinyqDIJnpAur+b8yyulnQw/wDuN1+BYKlTRt3OuAQ=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
+github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/kkdai/bstream v0.0.0-20161212061736-f391b8402d23/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 h1:T+h1c/A9Gawja4Y9mFVWj2vyii2bbUNDw3kt9VxK2EY=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/libp2p/go-buffer-pool v0.0.1 h1:9Rrn/H46cXjaA2HQ5Y8lyhOS1NhTkZ4yuEs2r3Eechg=
-github.com/libp2p/go-buffer-pool v0.0.1/go.mod h1:xtyIz9PMobb13WaxR6Zo1Pd1zXJKYg0a8KiIvDp3TzQ=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/libp2p/go-buffer-pool v0.0.2 h1:QNK2iAFa8gjAe1SPz6mHSMuCcjs+X1wlHzeOSqcmlfs=
+github.com/libp2p/go-buffer-pool v0.0.2/go.mod h1:MvaB6xw5vOrDl8rYZGLFdKAuk/hRoRZd1Vi32+RXyFM=
 github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4=
+github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -84,22 +122,37 @@ github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v0.9.1 h1:K47Rk0v/fkEfwfQet2KWhscE0cJzjgCCDBG2KHZoVno=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.3 h1:9iH4JKXLzFbOAdtqv/a+j8aewx2Y8lAjAydhbaScPF8=
+github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910 h1:idejC8f05m9MGOsuEi1ATq9shN03HrxNkD/luQvxCv8=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/common v0.0.0-20181020173914-7e9e6cabbd39 h1:Cto4X6SVMWRPBkJ/3YHn1iDGDGc/Z+sW+AEMKHMVvN4=
-github.com/prometheus/common v0.0.0-20181020173914-7e9e6cabbd39/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 h1:S/YWwWx/RA8rT8tKFRuGUZhuA90OyIBpPCXkcbwU8DE=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.4.0 h1:7etb9YClo3a6HjLzfl6rIQaU+FDfi0VSX39io3aQ+DM=
+github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d h1:GoAlyOgbOEIFdaDqxJVlbOQ1DtGmZWs/Qau0hIlk+WQ=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084 h1:sofwID9zm4tzrgykg80hfFph1mryUeLRsUfoocVVmRY=
+github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rcrowley/go-metrics v0.0.0-20180503174638-e2704e165165 h1:nkcn14uNmFEuGCb2mBZbBb24RdNRL08b/wb+xBOYpuk=
 github.com/rcrowley/go-metrics v0.0.0-20180503174638-e2704e165165/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/rs/cors v1.6.0 h1:G9tHG9lebljV9mfp9SNPDL36nCDxmo3zTlAf1YgvzmI=
-github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
+github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik=
+github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/snikch/goodman v0.0.0-20171125024755-10e37e294daa h1:YJfZp12Z3AFhSBeXOlv4BO55RMwPn2NoQeDsrdWnBtY=
+github.com/snikch/goodman v0.0.0-20171125024755-10e37e294daa/go.mod h1:oJyF+mSPHbB5mVY2iO9KV3pTt/QbIkGaO8gQ2WrDbP4=
+github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8=
@@ -110,59 +163,95 @@ github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/viper v1.0.0 h1:RUA/ghS2i64rlnn4ydTfblY8Og8QzcPtCcHvgMn+w/I=
-github.com/spf13/viper v1.0.0/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=
+github.com/spf13/viper v1.4.0 h1:yXHLWeravcrgGyFSyCgdYpXQ9dR9c/WED3pg1RhxqEU=
+github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/syndtr/goleveldb v1.0.1-0.20190318030020-c3a204f8e965 h1:1oFLiOyVl+W7bnBzGhf7BbIv9loSFQcieWWYIjLqcAw=
 github.com/syndtr/goleveldb v1.0.1-0.20190318030020-c3a204f8e965/go.mod h1:9OrXJhf154huy1nPWmuSrkgjPUtUNhA+Zmy+6AESzuA=
 github.com/tendermint/go-amino v0.14.1 h1:o2WudxNfdLNBwMyl2dqOJxiro5rfrEaU0Ugs6offJMk=
 github.com/tendermint/go-amino v0.14.1/go.mod h1:i/UKE5Uocn+argJJBb12qTZsCDBcAYMbR92AaJVmKso=
-github.com/tendermint/tm-db v0.0.0-20190731085305-94017c88bf1d h1:yCHL2COLGLNfb4sA9AlzIHpapb8UATvAQyJulS6Eg6Q=
-github.com/tendermint/tm-db v0.0.0-20190731085305-94017c88bf1d/go.mod h1:0cPKWu2Mou3IlxecH+MEUSYc1Ch537alLe6CpFrKzgw=
 github.com/tendermint/tm-db v0.1.1 h1:G3Xezy3sOk9+ekhjZ/kjArYIs1SmwV+1OUgNkj7RgV0=
 github.com/tendermint/tm-db v0.1.1/go.mod h1:0cPKWu2Mou3IlxecH+MEUSYc1Ch537alLe6CpFrKzgw=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
+github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
+github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3 h1:MUGmc65QhB3pIlaQ5bB4LwqSj6GIonVJXpZiaKNyaKk=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-golang.org/x/arch v0.0.0-20190312162104-788fe5ffcd8c h1:Rx/HTKi09myZ25t1SOlDHmHOy/mKxNAcu0hP1oPX9qM=
-golang.org/x/arch v0.0.0-20190312162104-788fe5ffcd8c/go.mod h1:flIaEI6LNU6xOCD5PaJvn9wGP0agmIOqjrtsKGRguv4=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd h1:nTDtHvHSdCn1m6ITfMRqtOd/9+7a3s8RBNOZ3eYZzJA=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7 h1:rTIdg5QFRR7XCaK4LCjBiPbx8j4DQRpdYMnGn/bJUEU=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2 h1:67iHsV9djwGdZpdZNbLuQj6FOzCaZe3w+vhLjn5AcFA=
 google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.22.0 h1:J0UbZOIrCAl+fpTOf8YLs4dJo8L/owV4LYVtAXQoPkw=
 google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.23.0 h1:AzbTB6ux+okLTzP8Ru1Xs41C303zdcfEht7MQnYJt5A=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.23.1 h1:q4XQuHFC6I28BKZpo6IYyb3mNO+l7lSOxRuYTCiDfXk=
+google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=

libs/common/bit_array_test.go

@@ -232,6 +232,7 @@ func TestJSONMarshalUnmarshal(t *testing.T) {
 	}
 
 	for _, tc := range testCases {
+		tc := tc
 		t.Run(tc.bA.String(), func(t *testing.T) {
 			bz, err := json.Marshal(tc.bA)
 			require.NoError(t, err)

libs/common/bytes_test.go

@@ -40,6 +40,7 @@ func TestJSONMarshal(t *testing.T) {
 	}
 
 	for i, tc := range cases {
+		tc := tc
 		t.Run(fmt.Sprintf("Case %d", i), func(t *testing.T) {
 			ts := TestStruct{B1: tc.input, B2: tc.input}
 

libs/flowrate/io_test.go

@@ -89,6 +89,7 @@ func TestReader(t *testing.T) {
 		{false, start, _300ms, 0, 20, 3, 0, 0, 67, 100, 0, 0, 0},
 	}
 	for i, s := range status {
+		s := s
 		if !statusesAreEqual(&s, &want[i]) {
 			t.Errorf("r.Status(%v)\nexpected: %v\ngot     : %v", i, want[i], s)
 		}
@@ -143,6 +144,7 @@ func TestWriter(t *testing.T) {
 		{true, start, _500ms, _100ms, 100, 5, 200, 200, 200, 200, 0, 0, 100000},
 	}
 	for i, s := range status {
+		s := s
 		if !statusesAreEqual(&s, &want[i]) {
 			t.Errorf("w.Status(%v)\nexpected: %v\ngot     : %v\n", i, want[i], s)
 		}

libs/log/filter_test.go

@@ -55,6 +55,7 @@ func TestVariousLevels(t *testing.T) {
 	}
 
 	for _, tc := range testCases {
+		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
 			var buf bytes.Buffer
 			logger := log.NewFilter(log.NewTMJSONLogger(&buf), tc.allowed)

libs/log/tm_logger_test.go

@@ -6,7 +6,6 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/go-logfmt/logfmt"
 	"github.com/tendermint/tendermint/libs/log"
 )
 
@@ -16,7 +15,7 @@ func TestLoggerLogsItsErrors(t *testing.T) {
 	logger := log.NewTMLogger(&buf)
 	logger.Info("foo", "baz baz", "bar")
 	msg := strings.TrimSpace(buf.String())
-	if !strings.Contains(msg, logfmt.ErrInvalidKey.Error()) {
+	if !strings.Contains(msg, "foo") {
 		t.Errorf("Expected logger msg to contain ErrInvalidKey, got %s", msg)
 	}
 }

lite/base_verifier.go

@@ -3,6 +3,8 @@ package lite
 import (
 	"bytes"
 
+	"github.com/pkg/errors"
+
 	cmn "github.com/tendermint/tendermint/libs/common"
 	lerr "github.com/tendermint/tendermint/lite/errors"
 	"github.com/tendermint/tendermint/types"
@@ -63,7 +65,7 @@ func (bv *BaseVerifier) Verify(signedHeader types.SignedHeader) error {
 	// Do basic sanity checks.
 	err := signedHeader.ValidateBasic(bv.chainID)
 	if err != nil {
-		return cmn.ErrorWrap(err, "in verify")
+		return errors.Wrap(err, "in verify")
 	}
 
 	// Check commit signatures.
@@ -71,7 +73,7 @@ func (bv *BaseVerifier) Verify(signedHeader types.SignedHeader) error {
 		bv.chainID, signedHeader.Commit.BlockID,
 		signedHeader.Height, signedHeader.Commit)
 	if err != nil {
-		return cmn.ErrorWrap(err, "in verify")
+		return errors.Wrap(err, "in verify")
 	}
 
 	return nil

lite/dynamic_verifier_test.go

@@ -13,6 +13,8 @@ import (
 	dbm "github.com/tendermint/tm-db"
 )
 
+const testChainID = "inquiry-test"
+
 func TestInquirerValidPath(t *testing.T) {
 	assert, require := assert.New(t), require.New(t)
 	trust := NewDBProvider("trust", dbm.NewMemDB())
@@ -24,7 +26,7 @@ func TestInquirerValidPath(t *testing.T) {
 	nkeys := keys.Extend(1)
 
 	// Construct a bunch of commits, each with one more height than the last.
-	chainID := "inquiry-test"
+	chainID := testChainID
 	consHash := []byte("params")
 	resHash := []byte("results")
 	count := 50
@@ -146,7 +148,7 @@ func TestInquirerVerifyHistorical(t *testing.T) {
 	nkeys := keys.Extend(1)
 
 	// Construct a bunch of commits, each with one more height than the last.
-	chainID := "inquiry-test"
+	chainID := testChainID
 	count := 10
 	consHash := []byte("special-params")
 	fcz := make([]FullCommit, count)
@@ -229,7 +231,7 @@ func TestConcurrencyInquirerVerify(t *testing.T) {
 	nkeys := keys.Extend(1)
 
 	// Construct a bunch of commits, each with one more height than the last.
-	chainID := "inquiry-test"
+	chainID := testChainID
 	count := 10
 	consHash := []byte("special-params")
 	fcz := make([]FullCommit, count)

lite/errors/errors.go

@@ -3,7 +3,7 @@ package errors
 import (
 	"fmt"
 
-	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/pkg/errors"
 )
 
 //----------------------------------------
@@ -49,15 +49,12 @@ func (e errEmptyTree) Error() string {
 
 // ErrCommitNotFound indicates that a the requested commit was not found.
 func ErrCommitNotFound() error {
-	return cmn.ErrorWrap(errCommitNotFound{}, "")
+	return errors.Wrap(errCommitNotFound{}, "")
 }
 
 func IsErrCommitNotFound(err error) bool {
-	if err_, ok := err.(cmn.Error); ok {
-		_, ok := err_.Data().(errCommitNotFound)
-		return ok
-	}
-	return false
+	_, ok := errors.Cause(err).(errCommitNotFound)
+	return ok
 }
 
 //-----------------
@@ -65,18 +62,15 @@ func IsErrCommitNotFound(err error) bool {
 
 // ErrUnexpectedValidators indicates a validator set mismatch.
 func ErrUnexpectedValidators(got, want []byte) error {
-	return cmn.ErrorWrap(errUnexpectedValidators{
+	return errors.Wrap(errUnexpectedValidators{
 		got:  got,
 		want: want,
 	}, "")
 }
 
 func IsErrUnexpectedValidators(err error) bool {
-	if err_, ok := err.(cmn.Error); ok {
-		_, ok := err_.Data().(errUnexpectedValidators)
-		return ok
-	}
-	return false
+	_, ok := errors.Cause(err).(errUnexpectedValidators)
+	return ok
 }
 
 //-----------------
@@ -84,28 +78,22 @@ func IsErrUnexpectedValidators(err error) bool {
 
 // ErrUnknownValidators indicates that some validator set was missing or unknown.
 func ErrUnknownValidators(chainID string, height int64) error {
-	return cmn.ErrorWrap(errUnknownValidators{chainID, height}, "")
+	return errors.Wrap(errUnknownValidators{chainID, height}, "")
 }
 
 func IsErrUnknownValidators(err error) bool {
-	if err_, ok := err.(cmn.Error); ok {
-		_, ok := err_.Data().(errUnknownValidators)
-		return ok
-	}
-	return false
+	_, ok := errors.Cause(err).(errUnknownValidators)
+	return ok
 }
 
 //-----------------
 // ErrEmptyTree
 
 func ErrEmptyTree() error {
-	return cmn.ErrorWrap(errEmptyTree{}, "")
+	return errors.Wrap(errEmptyTree{}, "")
 }
 
 func IsErrEmptyTree(err error) bool {
-	if err_, ok := err.(cmn.Error); ok {
-		_, ok := err_.Data().(errEmptyTree)
-		return ok
-	}
-	return false
+	_, ok := errors.Cause(err).(errEmptyTree)
+	return ok
 }

lite/proxy/errors.go

@@ -1,7 +1,7 @@
 package proxy
 
 import (
-	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/pkg/errors"
 )
 
 type errNoData struct{}
@@ -12,13 +12,10 @@ func (e errNoData) Error() string {
 
 // IsErrNoData checks whether an error is due to a query returning empty data
 func IsErrNoData(err error) bool {
-	if err_, ok := err.(cmn.Error); ok {
-		_, ok := err_.Data().(errNoData)
-		return ok
-	}
-	return false
+	_, ok := errors.Cause(err).(errNoData)
+	return ok
 }
 
 func ErrNoData() error {
-	return cmn.ErrorWrap(errNoData{}, "")
+	return errors.Wrap(errNoData{}, "")
 }

lite/proxy/query.go

@@ -4,9 +4,10 @@ import (
 	"fmt"
 	"strings"
 
-	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/pkg/errors"
 
 	"github.com/tendermint/tendermint/crypto/merkle"
+	cmn "github.com/tendermint/tendermint/libs/common"
 	"github.com/tendermint/tendermint/lite"
 	lerr "github.com/tendermint/tendermint/lite/errors"
 	rpcclient "github.com/tendermint/tendermint/rpc/client"
@@ -28,7 +29,7 @@ func GetWithProof(prt *merkle.ProofRuntime, key []byte, reqHeight int64, node rp
 	}
 
 	res, err := GetWithProofOptions(prt, "/key", key,
-		rpcclient.ABCIQueryOptions{Height: int64(reqHeight), Prove: true},
+		rpcclient.ABCIQueryOptions{Height: reqHeight, Prove: true},
 		node, cert)
 	if err != nil {
 		return
@@ -83,7 +84,7 @@ func GetWithProofOptions(prt *merkle.ProofRuntime, path string, key []byte, opts
 		kp = kp.AppendKey(resp.Key, merkle.KeyEncodingURL)
 		err = prt.VerifyValue(resp.Proof, signedHeader.AppHash, kp.String(), resp.Value)
 		if err != nil {
-			return nil, cmn.ErrorWrap(err, "Couldn't verify value proof")
+			return nil, errors.Wrap(err, "Couldn't verify value proof")
 		}
 		return &ctypes.ResultABCIQuery{Response: resp}, nil
 	} else {
@@ -92,7 +93,7 @@ func GetWithProofOptions(prt *merkle.ProofRuntime, path string, key []byte, opts
 		// XXX How do we encode the key into a string...
 		err = prt.VerifyAbsence(resp.Proof, signedHeader.AppHash, string(resp.Key))
 		if err != nil {
-			return nil, cmn.ErrorWrap(err, "Couldn't verify absence proof")
+			return nil, errors.Wrap(err, "Couldn't verify absence proof")
 		}
 		return &ctypes.ResultABCIQuery{Response: resp}, nil
 	}

lite/proxy/verifier.go

@@ -1,7 +1,8 @@
 package proxy
 
 import (
-	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/pkg/errors"
+
 	log "github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/lite"
 	lclient "github.com/tendermint/tendermint/lite/client"
@@ -29,11 +30,11 @@ func NewVerifier(chainID, rootDir string, client lclient.SignStatusClient, logge
 		logger.Info("lite/proxy/NewVerifier found no trusted full commit, initializing from source from height 1...")
 		fc, err := source.LatestFullCommit(chainID, 1, 1)
 		if err != nil {
-			return nil, cmn.ErrorWrap(err, "fetching source full commit @ height 1")
+			return nil, errors.Wrap(err, "fetching source full commit @ height 1")
 		}
 		err = trust.SaveFullCommit(fc)
 		if err != nil {
-			return nil, cmn.ErrorWrap(err, "saving full commit to trusted")
+			return nil, errors.Wrap(err, "saving full commit to trusted")
 		}
 	}
 

lite/proxy/wrapper.go

@@ -58,7 +58,7 @@ func (w Wrapper) Tx(hash []byte, prove bool) (*ctypes.ResultTx, error) {
 	if !prove || err != nil {
 		return res, err
 	}
-	h := int64(res.Height)
+	h := res.Height
 	sh, err := GetCertifiedCommit(h, w.Client, w.cert)
 	if err != nil {
 		return res, err

mempool/clist_mempool.go

@@ -53,8 +53,8 @@ type CListMempool struct {
 
 	// Atomic integers
 	height     int64 // the last block Update()'d to
-	rechecking int32 // for re-checking filtered txs on Update()
 	txsBytes   int64 // total size of mempool, in bytes
+	rechecking int32 // for re-checking filtered txs on Update()
 
 	// Keep a cache of already-seen txs.
 	// This reduces the pressure on the proxyApp.
@@ -232,8 +232,8 @@ func (mem *CListMempool) CheckTxWithInfo(tx types.Tx, cb func(*abci.Response), t
 	// The size of the corresponding amino-encoded TxMessage
 	// can't be larger than the maxMsgSize, otherwise we can't
 	// relay it to peers.
-	if max := calcMaxTxSize(mem.config.MaxMsgBytes); txSize > max {
-		return ErrTxTooLarge{max, txSize}
+	if txSize > mem.config.MaxTxBytes {
+		return ErrTxTooLarge{mem.config.MaxTxBytes, txSize}
 	}
 
 	if mem.preCheck != nil {

mempool/clist_mempool_test.go

@@ -426,8 +426,8 @@ func TestMempoolMaxMsgSize(t *testing.T) {
 	mempl, cleanup := newMempoolWithApp(cc)
 	defer cleanup()
 
-	maxMsgSize := mempl.config.MaxMsgBytes
-	maxTxSize := calcMaxTxSize(mempl.config.MaxMsgBytes)
+	maxTxSize := mempl.config.MaxTxBytes
+	maxMsgSize := calcMaxMsgSize(maxTxSize)
 
 	testCases := []struct {
 		len int
@@ -564,7 +564,7 @@ func TestMempoolRemoteAppConcurrency(t *testing.T) {
 	for i := 0; i < N; i++ {
 		peerID := mrand.Intn(maxPeers)
 		txNum := mrand.Intn(nTxs)
-		tx := txs[int(txNum)]
+		tx := txs[txNum]
 
 		// this will err with ErrTxInCache many times ...
 		mempool.CheckTxWithInfo(tx, nil, TxInfo{SenderID: uint16(peerID)})

mempool/reactor.go

@@ -263,8 +263,9 @@ func RegisterMempoolMessages(cdc *amino.Codec) {
 }
 
 func (memR *Reactor) decodeMsg(bz []byte) (msg MempoolMessage, err error) {
-	if l := len(bz); l > memR.config.MaxMsgBytes {
-		return msg, ErrTxTooLarge{memR.config.MaxMsgBytes, l}
+	maxMsgSize := calcMaxMsgSize(memR.config.MaxTxBytes)
+	if l := len(bz); l > maxMsgSize {
+		return msg, ErrTxTooLarge{maxMsgSize, l}
 	}
 	err = cdc.UnmarshalBinaryBare(bz, &msg)
 	return
@@ -282,8 +283,8 @@ func (m *TxMessage) String() string {
 	return fmt.Sprintf("[TxMessage %v]", m.Tx)
 }
 
-// calcMaxTxSize returns the max size of Tx
+// calcMaxMsgSize returns the max size of TxMessage
 // account for amino overhead of TxMessage
-func calcMaxTxSize(maxMsgSize int) int {
-	return maxMsgSize - aminoOverheadForTxMessage
+func calcMaxMsgSize(maxTxSize int) int {
+	return maxTxSize + aminoOverheadForTxMessage
 }

networks/remote/integration.sh

@@ -30,7 +30,7 @@ go get $REPO
 cd $GOPATH/src/$REPO
 
 ## build
-make get_tools
+make tools
 make build
 
 # generate an ssh key

node/node.go

@@ -23,7 +23,7 @@ import (
 	cfg "github.com/tendermint/tendermint/config"
 	"github.com/tendermint/tendermint/consensus"
 	cs "github.com/tendermint/tendermint/consensus"
-	"github.com/tendermint/tendermint/crypto/ed25519"
+	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/evidence"
 	cmn "github.com/tendermint/tendermint/libs/common"
 	"github.com/tendermint/tendermint/libs/log"
@@ -278,9 +278,7 @@ func doHandshake(stateDB dbm.DB, state sm.State, blockStore sm.BlockStore,
 	return nil
 }
 
-func logNodeStartupInfo(state sm.State, privValidator types.PrivValidator, logger,
-	consensusLogger log.Logger) {
-
+func logNodeStartupInfo(state sm.State, pubKey crypto.PubKey, logger, consensusLogger log.Logger) {
 	// Log the version info.
 	logger.Info("Version info",
 		"software", version.TMCoreSemVer,
@@ -296,7 +294,6 @@ func logNodeStartupInfo(state sm.State, privValidator types.PrivValidator, logge
 		)
 	}
 
-	pubKey := privValidator.GetPubKey()
 	addr := pubKey.Address()
 	// Log whether this node is a validator or an observer
 	if state.Validators.HasAddress(addr) {
@@ -601,7 +598,13 @@ func NewNode(config *cfg.Config,
 		}
 	}
 
-	logNodeStartupInfo(state, privValidator, logger, consensusLogger)
+	pubKey := privValidator.GetPubKey()
+	if pubKey == nil {
+		// TODO: GetPubKey should return errors - https://github.com/tendermint/tendermint/issues/3602
+		return nil, errors.New("could not retrieve public key from private validator")
+	}
+
+	logNodeStartupInfo(state, pubKey, logger, consensusLogger)
 
 	// Decide whether to fast-sync or not
 	// We don't fast-sync when the only validator is us.
@@ -1158,29 +1161,13 @@ func createAndStartPrivValidatorSocketClient(
 	listenAddr string,
 	logger log.Logger,
 ) (types.PrivValidator, error) {
-	var listener net.Listener
-
-	protocol, address := cmn.ProtocolAndAddress(listenAddr)
-	ln, err := net.Listen(protocol, address)
+	pve, err := privval.NewSignerListener(listenAddr, logger)
 	if err != nil {
-		return nil, err
-	}
-	switch protocol {
-	case "unix":
-		listener = privval.NewUnixListener(ln)
-	case "tcp":
-		// TODO: persist this key so external signer
-		// can actually authenticate us
-		listener = privval.NewTCPListener(ln, ed25519.GenPrivKey())
-	default:
-		return nil, fmt.Errorf(
-			"wrong listen address: expected either 'tcp' or 'unix' protocols, got %s",
-			protocol,
-		)
+		return nil, errors.Wrap(err, "failed to start private validator")
 	}
 
-	pvsc := privval.NewSignerValidatorEndpoint(logger.With("module", "privval"), listener)
-	if err := pvsc.Start(); err != nil {
+	pvsc, err := privval.NewSignerClient(pve)
+	if err != nil {
 		return nil, errors.Wrap(err, "failed to start private validator")
 	}
 

node/node_test.go

@@ -136,25 +136,29 @@ func TestNodeSetPrivValTCP(t *testing.T) {
 	config.BaseConfig.PrivValidatorListenAddr = addr
 
 	dialer := privval.DialTCPFn(addr, 100*time.Millisecond, ed25519.GenPrivKey())
-	pvsc := privval.NewSignerServiceEndpoint(
+	dialerEndpoint := privval.NewSignerDialerEndpoint(
 		log.TestingLogger(),
+		dialer,
+	)
+	privval.SignerDialerEndpointTimeoutReadWrite(100 * time.Millisecond)(dialerEndpoint)
+
+	signerServer := privval.NewSignerServer(
+		dialerEndpoint,
 		config.ChainID(),
 		types.NewMockPV(),
-		dialer,
 	)
-	privval.SignerServiceEndpointTimeoutReadWrite(100 * time.Millisecond)(pvsc)
 
 	go func() {
-		err := pvsc.Start()
+		err := signerServer.Start()
 		if err != nil {
 			panic(err)
 		}
 	}()
-	defer pvsc.Stop()
+	defer signerServer.Stop()
 
 	n, err := DefaultNewNode(config, log.TestingLogger())
 	require.NoError(t, err)
-	assert.IsType(t, &privval.SignerValidatorEndpoint{}, n.PrivValidator())
+	assert.IsType(t, &privval.SignerClient{}, n.PrivValidator())
 }
 
 // address without a protocol must result in error
@@ -178,13 +182,17 @@ func TestNodeSetPrivValIPC(t *testing.T) {
 	config.BaseConfig.PrivValidatorListenAddr = "unix://" + tmpfile
 
 	dialer := privval.DialUnixFn(tmpfile)
-	pvsc := privval.NewSignerServiceEndpoint(
+	dialerEndpoint := privval.NewSignerDialerEndpoint(
 		log.TestingLogger(),
+		dialer,
+	)
+	privval.SignerDialerEndpointTimeoutReadWrite(100 * time.Millisecond)(dialerEndpoint)
+
+	pvsc := privval.NewSignerServer(
+		dialerEndpoint,
 		config.ChainID(),
 		types.NewMockPV(),
-		dialer,
 	)
-	privval.SignerServiceEndpointTimeoutReadWrite(100 * time.Millisecond)(pvsc)
 
 	go func() {
 		err := pvsc.Start()
@@ -194,8 +202,7 @@ func TestNodeSetPrivValIPC(t *testing.T) {
 
 	n, err := DefaultNewNode(config, log.TestingLogger())
 	require.NoError(t, err)
-	assert.IsType(t, &privval.SignerValidatorEndpoint{}, n.PrivValidator())
-
+	assert.IsType(t, &privval.SignerClient{}, n.PrivValidator())
 }
 
 // testFreeAddr claims a free port so we don't block on listener being ready.

p2p/conn/connection.go

@@ -2,7 +2,8 @@ package conn
 
 import (
 	"bufio"
-	"errors"
+	"runtime/debug"
+
 	"fmt"
 	"io"
 	"math"
@@ -12,6 +13,8 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/pkg/errors"
+
 	amino "github.com/tendermint/go-amino"
 	cmn "github.com/tendermint/tendermint/libs/common"
 	flow "github.com/tendermint/tendermint/libs/flowrate"
@@ -313,8 +316,8 @@ func (c *MConnection) flush() {
 // Catch panics, usually caused by remote disconnects.
 func (c *MConnection) _recover() {
 	if r := recover(); r != nil {
-		err := cmn.ErrorWrap(r, "recovered panic in MConnection")
-		c.stopForError(err)
+		c.Logger.Error("MConnection panicked", "err", r, "stack", string(debug.Stack()))
+		c.stopForError(errors.Errorf("recovered from panic: %v", r))
 	}
 }
 
@@ -800,7 +803,7 @@ func (ch *Channel) isSendPending() bool {
 // Not goroutine-safe
 func (ch *Channel) nextPacketMsg() PacketMsg {
 	packet := PacketMsg{}
-	packet.ChannelID = byte(ch.desc.ID)
+	packet.ChannelID = ch.desc.ID
 	maxSize := ch.maxPacketMsgPayloadSize
 	packet.Bytes = ch.sending[:cmn.MinInt(maxSize, len(ch.sending))]
 	if len(ch.sending) <= maxSize {

p2p/conn/connection_test.go

@@ -133,7 +133,7 @@ func TestMConnectionReceive(t *testing.T) {
 
 	select {
 	case receivedBytes := <-receivedCh:
-		assert.Equal(t, []byte(msg), receivedBytes)
+		assert.Equal(t, msg, receivedBytes)
 	case err := <-errorsCh:
 		t.Fatalf("Expected %s, got %+v", msg, err)
 	case <-time.After(500 * time.Millisecond):

p2p/conn/secret_connection.go

@@ -188,7 +188,7 @@ func (sc *SecretConnection) Write(data []byte) (n int, err error) {
 			return n, err
 		}
 	}
-	return
+	return n, err
 }
 
 // CONTRACT: data smaller than dataMaxSize is read atomically.
@@ -234,7 +234,7 @@ func (sc *SecretConnection) Read(data []byte) (n int, err error) {
 		sc.recvBuffer = make([]byte, len(chunk)-n)
 		copy(sc.recvBuffer, chunk[n:])
 	}
-	return
+	return n, err
 }
 
 // Implements net.Conn

p2p/conn/secret_connection_test.go

@@ -87,7 +87,7 @@ func makeSecretConnPair(tb testing.TB) (fooSecConn, barSecConn *SecretConnection
 	require.Nil(tb, trs.FirstError())
 	require.True(tb, ok, "Unexpected task abortion")
 
-	return
+	return fooSecConn, barSecConn
 }
 
 func TestSecretConnectionHandshake(t *testing.T) {
@@ -110,6 +110,7 @@ func TestShareLowOrderPubkey(t *testing.T) {
 
 	// all blacklisted low order points:
 	for _, remLowOrderPubKey := range blacklist {
+		remLowOrderPubKey := remLowOrderPubKey
 		_, _ = cmn.Parallel(
 			func(_ int) (val interface{}, err error, abort bool) {
 				_, err = shareEphPubKey(fooConn, locEphPub)
@@ -135,6 +136,7 @@ func TestShareLowOrderPubkey(t *testing.T) {
 func TestComputeDHFailsOnLowOrder(t *testing.T) {
 	_, locPrivKey := genEphKeys()
 	for _, remLowOrderPubKey := range blacklist {
+		remLowOrderPubKey := remLowOrderPubKey
 		shared, err := computeDHSecret(&remLowOrderPubKey, locPrivKey)
 		assert.Error(t, err)
 

p2p/netaddress_test.go

@@ -67,6 +67,7 @@ func TestNewNetAddressString(t *testing.T) {
 	}
 
 	for _, tc := range testCases {
+		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
 			addr, err := NewNetAddressString(tc.addr)
 			if tc.correct {

p2p/peer_test.go

@@ -7,6 +7,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/pkg/errors"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
@@ -113,13 +114,13 @@ func testOutboundPeerConn(
 	var pc peerConn
 	conn, err := testDial(addr, config)
 	if err != nil {
-		return pc, cmn.ErrorWrap(err, "Error creating peer")
+		return pc, errors.Wrap(err, "Error creating peer")
 	}
 
 	pc, err = testPeerConn(conn, config, true, persistent, ourNodePrivKey, addr)
 	if err != nil {
 		if cerr := conn.Close(); cerr != nil {
-			return pc, cmn.ErrorWrap(err, cerr.Error())
+			return pc, errors.Wrap(err, cerr.Error())
 		}
 		return pc, err
 	}
@@ -127,7 +128,7 @@ func testOutboundPeerConn(
 	// ensure dialed ID matches connection ID
 	if addr.ID != pc.ID() {
 		if cerr := conn.Close(); cerr != nil {
-			return pc, cmn.ErrorWrap(err, cerr.Error())
+			return pc, errors.Wrap(err, cerr.Error())
 		}
 		return pc, ErrSwitchAuthenticationFailure{addr, pc.ID()}
 	}

p2p/pex/addrbook.go

@@ -784,12 +784,12 @@ func (a *addrBook) groupKey(na *p2p.NetAddress) string {
 	}
 	if na.RFC6145() || na.RFC6052() {
 		// last four bytes are the ip address
-		ip := net.IP(na.IP[12:16])
+		ip := na.IP[12:16]
 		return (&net.IPNet{IP: ip, Mask: net.CIDRMask(16, 32)}).String()
 	}
 
 	if na.RFC3964() {
-		ip := net.IP(na.IP[2:7])
+		ip := na.IP[2:7]
 		return (&net.IPNet{IP: ip, Mask: net.CIDRMask(16, 32)}).String()
 
 	}

p2p/switch.go

@@ -222,7 +222,7 @@ func (sw *Switch) OnStart() error {
 	for _, reactor := range sw.reactors {
 		err := reactor.Start()
 		if err != nil {
-			return cmn.ErrorWrap(err, "failed to start %v", reactor)
+			return errors.Wrapf(err, "failed to start %v", reactor)
 		}
 	}
 

p2p/test_util.go

@@ -5,6 +5,8 @@ import (
 	"net"
 	"time"
 
+	"github.com/pkg/errors"
+
 	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/ed25519"
 	cmn "github.com/tendermint/tendermint/libs/common"
@@ -233,7 +235,7 @@ func testPeerConn(
 	// Encrypt connection
 	conn, err = upgradeSecretConn(conn, cfg.HandshakeTimeout, ourNodePrivKey)
 	if err != nil {
-		return pc, cmn.ErrorWrap(err, "Error creating peer")
+		return pc, errors.Wrap(err, "Error creating peer")
 	}
 
 	// Only the information we already have

p2p/upnp/probe.go

@@ -78,7 +78,7 @@ func testHairpin(listener net.Listener, extAddr string, logger log.Logger) (supp
 
 	// Wait for data receipt
 	time.Sleep(1 * time.Second)
-	return
+	return supportsHairpin
 }
 
 func Probe(logger log.Logger) (caps UPNPCapabilities, err error) {