Add deprecate_deferred_transactions protocol feature

[johndebord]

1st Protocol Feature `stop_deferred_transactions`
=================================================

[X]  = completed
[XX] = double-checked
[?]  = seems to be covered if I've implemented the above spec correctly

[XX] `cancel_deferred`
[XX]   - shall continue working
[XX] `send_deferred`
[XX]   - If `replace_existing` == true in `send_deferred`; it shall be a noop
[XX] `canceldelay` native action shall not change
[XX] `schedule_deferred_transaction`
[XX]   - If there is no transaction to replace:
           fail
[XX]   - If there is a transaction to replace:
           continue to cancel the old one but do not schedule the new one

[XX] `delaysec` > 0 is not allowed
[XX]   - Contract-generated deferred shall not assert in native code (`send_deferred`)
[XX]   - User-generated deferred shall assert in native code (`controller.cpp:push_transaction` (not `schedule_transaciton`))
[?]    - As soon as the protocol feature is activated there shall be no more ways to
           insert deferred transactions into the generated transaction table(s)
[?]    - Only if a deferred transaction is expired can it be pushed (`controller.cpp:push_schedule_transaction`)

Testing:
[XX] The fixture is going to have to be changed (don't activate all protocol features right away)
[XX] A few tests test to see if the queue gets larger (New test shall be added to verify that it doesn't do anything)
[?]  Check that the transaction expires appropriately
[?]  Will have to have duplicate tests, testing the different combinations of turning on/off the protocol features relating to deferred transactions
[XX] 1) User-side
[XX]    - Check that a user-defined transaction cannot have a `delay_sec` greater than 0
[XX] 2) Contract-side
[XX]    - Make sure that the corresponding logic for deferred transactions works correctly

[swatanabe-b1]

Haven't reviewed the tests yet.

[swatanabe-b1]

This is not a no-op, which doesn't seem consistent with the fact that send_deferred skips schedule_deferred_transaction entirely. Actually, I don't understand the motivation for allowing replace_existing.

[johndebord]

My assumption, based off of the specification, is that there are two ways to enter deferred transaction logic:

1. Through transaction_api::send_deferred.
2. Through a user extending his/her code via a plugin and calling apply_context::schedule_deferred_transaction.

Therefore two individual (seemingly redundant) checks must be made. Am I wrong in this assumption?

[swatanabe-b1]

I don't think apply_context::schedule_deferred_transaction should ever be called outside of wasm. Also, the main point that I was trying to make was that the behavior is not the same in the two cases.

[johndebord]

I believe they now have the same behavior.

[swatanabe-b1]

The behavior is still different in the case of replace_existing = true. transaction_api::send_deferred short-circuits this case to a no-op, but apply_context::schedule_deferred_transaction handles it in a more complex way.

[johndebord]

Yes, that is what I was told to implement.

[XX] send_deferred
[XX] - If replace_existing == true in send_deferred; it shall be a noop

[XX] schedule_deferred_transaction
[XX] - If there is no transaction to replace: fail
[XX] - If there is a transaction to replace: continue to cancel the old one but do not schedule the new one

Hence, the assertion in apply_context::schedule_deferred_transaction.

[swatanabe-b1]

Can you explain the motivation for this difference?

[johndebord]

The motivation is unbeknownst to me. I just took it at face-value.

[swatanabe-b1]

I'm somewhat concerned that this may be a misunderstanding. The spec for schedule_deferred_transaction sounds to me like reasonable behavior for both of them. @arhag

[swatanabe-b1]

This doesn't seem to match the spec. "Only if a deferred transaction is expired can it be pushed" You're instead treating all transactions as if they were expired.

[johndebord]

The behavior now matches the spec; if the transaction has expired then the transaction shall expire. Then we check to see if builtin_protocol_feature_t::stop_deferred_transactions has been activated; if so, then the trace shall be returned, and no further operations are done on the transaction.

[swatanabe-b1]

Does producer_plugin know how to handle this outcome?

[swatanabe-b1]

The name will be confusing at the call site. If I see:

t.preactivate_builtin_protocol_features({wtmsig_block_signatures, replace_deferred});

I would assume that it meant the features to activate, not the features to exclude. I wouldn't even bother looking for the declaration because the meaning is "obvious."

[johndebord]

Renamed to preactivate_selected_protocol_features.

[swatanabe-b1]

I don't see how the new name expresses the meaning of the function better than the old name. I think part of the problem is that the function's behavior is odd, which makes it hard to come up with a good name.

[swatanabe-b1]

Doesn't this causes infinite recursion? *dependency_has_dependency should be equal to feature, right? I can't quite figure out what you're trying to do.

[johndebord]

Should now be checking protocol feature dependencies correctly.

[swatanabe-b1]

Only handles the simple case of A depends on B, ignore B. Does not handle the possibility of chaining ignores: A -> B -> C -> D, ignore D, which needs to cause all of A, B, C, and D to be ignored.

Also I'm on the fence about whether it's better to ignore additional features or whether it's better to issue an error. On the one hand, it's bad if adding a new protocol feature breaks existing tests. On the other hand, silently disabling more protocol features than were given may be surprising. What do you think?

[johndebord]

I definitely considered that case. But for the time being we only have the case of A depends on B.
Would it be best practice to account for future cases, such as chaining ignores? Or is the best practice only to account for what is currently in use?

And I definitely agree with you there on the last point. If it were up to me, I think tester is due for a re-write; to consider, from the ground up, an architecture where an arbitrary number of protocol features that may or may not depend on each other.

[swatanabe-b1]

Best practice is to handle the public API of protocol features. Since arbitrary protocol feature dependencies are allowed, you should support them. Tester should not need any specific knowledge of what protocol features are actually defined. The existing code in tester to determine the activation order of protocol features is designed to handle arbitrary dependencies correctly, so I think it's reasonable for you to do so as well.

Now, with all of that having been said, being fully general is not always worth the effort. If you do decide to take shortcuts, you should definitely call it out in a comment, to help anyone who adds a new protocol feature and gets confused by mysterious failures.

[swatanabe-b1]

The original code uses TESTER. Can you make tester define the same constructors as validating_tester?

[johndebord]

Made matching constructors for class tester.

[swatanabe-b1]

So this now allows deferred transactions to be replaced. I'm not so sure that that's a good idea, since it allows the expiration to be arbitrarily extended as long as someone keeps replacing it.