Patch/spc work [WIP] #610
Patch/spc work [WIP] #610
Conversation
|
Which solution are you speccing out then (from the issue) ? |
| return true | ||
| } | ||
| func (self *ExpectedConsensus_I) GetBlockRewards(electionProof ElectionProof, workerAddr addr.Address) UVarint { | ||
| panic("") |
There was a problem hiding this comment.
cc @Kubuxu still working on it, but it'll go here
| - Cesium clocks | ||
| - Future work: | ||
| - VDF Clocks | ||
| {{< readfile file="clock_subsystem.id" code="true" lang="go" >}} |
There was a problem hiding this comment.
cc @ZenGround0 per your question last week. Please let me know what else you need here.
|
|
||
| func (self *Clock_I) CurrentEpoch() ChainEpoch { | ||
| return self.currentEpoch_ | ||
| } |
There was a problem hiding this comment.
-
This should not live here. the
Clockdoes not know the epoch, the Blockchain does, and that's related to finality in chainsync, bootstrap state and more.Clockhere should not have (nor report) the epoch -- defer to the blockchain. -
there was a previous idea of a
Round/EpochClockbut that was going to be a smalll abstraction on top of (having a pointer to) the blockchain system, and deferring to it for calculation (including failing to return because system is not in a state able to return an epoch). we ended up not need it so i didnt write it.
There was a problem hiding this comment.
Oh maybe you want to calculate what epoch it should be based on a prior epoch-to-time mapping? I think functions like this are appropriate for this package:
func EpochAfterTime(start block.ChainEpoch, t Time) block.ChainEpoch {
// returns start + EpochsInSeconds(t)
}
// genesis being hard coded
func EpochAfterGenesis() block.ChainEpoch {
// returns EpochAfterTime(genesis, Now() - timeOfGenesis)
}then caller can take responsibility of passing in the right start epoch, etc.
There was a problem hiding this comment.
yes exactly. In fact I was thinking there should be a way to register to NewRound() calls from the clock subsystem to trigger retries of leader election given we no longer have VDFs to do this. Just not sure how we've architected this type of thing elsewhere.
There was a problem hiding this comment.
epochDuration (or EpochsInSeconds) should be pulled from blockchain?
| func (self *Clock_I) ResetEpoch(genesisTime Time) struct{} { | ||
| panic("") | ||
| // self.currentEpoch = (self.UnixNano() - genesisTime) / epochDuration | ||
| } |
There was a problem hiding this comment.
Was thinking this could be useful when you are syncing with network again and want to remove skew
| @@ -20,11 +20,26 @@ SPC provides a power table abstraction which tracks miner power (i.e. miner stor | |||
|
|
|||
| An invariant of the storage power consensus subsystem is that all storage in the power table must be verified. That is, miners can only derive power from storage they have already proven to the network. | |||
|
|
|||
| In order to achieve this, Filecoin delays updating power for new sector commitments until the first valid PoSt in the next proving period corresponding to that sector. | |||
| In order to achieve this, Filecoin delays updating power for new sector commitments until the first valid PoSt in the next proving period corresponding to that sector. (TODO: potential delay this further in order to ensure that any power cut goes undetected at most as long as the shortest power delay on new sector commitments). | |||
There was a problem hiding this comment.
@ZX just want to make sure this is what you had understood before.
cc @nikkolasg
There was a problem hiding this comment.
If i understand correctly, that means a miner does a sealing, then has to submit a post after that (when he's elected of after the "period" or when he's "surprised").
If so:
We can do this, but I don't think it's useful to do so, since a sealing already contains a "post" somehow, so it's already sure the miner have spend that much amount of storage. The next post proves that the miner kept that storage for that duration. So after a sealing, the power is already there and proven. Not sure if it is needed to require this additional delay. In short, tt definitely doesn't hurt, but i'm not sure if this is needed.
There was a problem hiding this comment.
Only keeping storage for a duration should count for power, so has to be in arrears. This is also needed for symmetry with the possible lag in the network detecting that a sector has been dropped.
| @@ -0,0 +1,15 @@ | |||
| import filcrypto "github.com/filecoin-project/specs/algorithms/crypto" | |||
There was a problem hiding this comment.
see below @whyrusleeping @jbenet
I would argue we may want to disable the ability to have many workers per owner in v1.
We do need this abstraction if we want to enable key changes though (I can spec in forthcoming PR)
There was a problem hiding this comment.
I would argue we may want to disable the ability to have many workers per owner in v1.
yeah me too, I remember that the rationals were not clearly expressed last time we discussed this and were leaning towards being opinions rather than fact-based decisions
|
I know Election PoSt might have interfered with some bits here, but could we converge and land the rest of it soon? |
| The ECVRF algorithm (must yield a pseudorandom, deterministic output) from Goldberg et al. Section 5, with: | ||
| Sha256 for our hashing function | ||
| Secp256k1 for our curve | ||
| `ElectionProof * TotalPower < e * MinerPower * MaxValue` |
There was a problem hiding this comment.
this is going to change w/ the new election post. let's merge this as is and follow-up pr soon
| req = e * minerPower/totalPower | ||
| rewCount = ceil(req - draw) | ||
| reward = rewCount * targetRewardPerEpoch/e | ||
| ` |
There was a problem hiding this comment.
FYI -- I'm not reviewing this closely atm -- this -- i believe -- got reviewed by others already. I will give another pass in the future, but i don't have this paged in atm.
| (TODO: FIP of submitting commitments to block headers to prevent miners censoring slashers in order to gain rewards). | ||
|
|
||
| It is important to note that there exists a third type of consensus fault directly reported by the `CronActor` on `StorageDeal` failures via the `ReportUncommittedPowerFault` method: | ||
| - (3) `uncommitted power fault` which occurs when a miner fails to submit their `PostProof` and is thus participating in leader election with undue power (see {{<sref storage_faults>}}). | ||
| - (4) `uncommitted power fault` which occurs when a miner fails to submit their `PostProof` and is thus participating in leader election with undue power (see {{<sref storage_faults>}}). |
There was a problem hiding this comment.
- PoSt (and PoRep) should not be mentioned in EC. no storage specific stuff should be mentioned here (this is very close, it only appears a little). Doing so breaks through / spaghettifies abstractions, which is painful.
- Define the things EC needs from other modules (ie the power accounting, the power fault, etc.) and then satisfy them in another module that wires the two together (eg SPC). SPC should be the one mentioning PoSt, and how failure to submit post triggers the uncommitted power fault. etc.
There was a problem hiding this comment.
Fair enough. We just mentioned this storage fault as a "consensus fault" of sorts so for the sake of keeping things in the same place decided to include it here but will break out.
| @@ -1,92 +0,0 @@ | |||
| --- | |||
| title: PoSt Generator | |||
There was a problem hiding this comment.
- not sure it makes sense to remove this component. this is meant to be a clear explanation of how the
StorageProvingsubsystem creates posts, submits them etc. - The EC work should not talk about PoSt Submission. SPC can mention what's needed. We need a component (part of storage proving) that describes how (in detail) an implementation needs to produce a post.
- i would expect most of the Election-PoSt prose to land here
There was a problem hiding this comment.
Agreed, the large issue was mostly that this md was a full dup of the storage_mining/mining_cycle.md and content was better suited there. Will recreate a post_generator for the Election-PoSt
|
Thanks @sternhenri ! 👏 |
| @@ -20,11 +20,26 @@ SPC provides a power table abstraction which tracks miner power (i.e. miner stor | |||
|
|
|||
| An invariant of the storage power consensus subsystem is that all storage in the power table must be verified. That is, miners can only derive power from storage they have already proven to the network. | |||
|
|
|||
| In order to achieve this, Filecoin delays updating power for new sector commitments until the first valid PoSt in the next proving period corresponding to that sector. | |||
| In order to achieve this, Filecoin delays updating power for new sector commitments until the first valid PoSt in the next proving period corresponding to that sector. (TODO: potential delay this further in order to ensure that any power cut goes undetected at most as long as the shortest power delay on new sector commitments). | |||
There was a problem hiding this comment.
Only keeping storage for a duration should count for power, so has to be in arrears. This is also needed for symmetry with the possible lag in the network detecting that a sector has been dropped.
|
|
||
| Now, a set of messages is selected to put into the block. For each message, the miner subtracts `msg.GasPrice * msg.GasLimit` from the sender's account balance, returning a fatal processing error if the sender does not have enough funds (this message should not be included in the chain). | ||
|
|
||
| They then apply the messages state transition, and generate a receipt for it containing the total gas actually used by the execution, the executions exit code, and the return value (see [receipt](data-structures.md#message-receipt) for more details). Then, they refund the sender in the amount of `(msg.GasLimit - GasUsed) * msg.GasPrice`. In the event of a message processing error, the remaining gas is refunded to the user, and all other state changes are reverted. (Note: this is a divergence from the way things are done in Ethereum) | ||
| They then apply the messages state transition, and generate a receipt for it containing the total gas actually used by the execution, the executions exit code, and the return value . Then, they refund the sender in the amount of `(msg.GasLimit - GasUsed) * msg.GasPrice`. In the event of a message processing error, the remaining gas is refunded to the user, and all other state changes are reverted. (Note: this is a divergence from the way things are done in Ethereum) |
There was a problem hiding this comment.
The above paragraphs are a bit confused wrt the parent state calculation. The only time messages must be evaluated is when computing the parent state. The block reward must be paid for those parent blocks, not the block being proposed. Receipts are first generated when evaluating the parent state.
No evaluation is necessary for the messages being proposed in the new block (tho miners may speculatively do so to optimize what they include).
FYI @icorderi @acruikshank note the divergence from ethereum here. The spec is asking for exact Gas accounting in the case of failures.
There was a problem hiding this comment.
Yes. you are completely right. Sorry for the huge lag here, i take it you are updating but let me know if not and I will do so!
Also note that I took a stab at cleaning up what I clearly saw to be stale in this spec. You have a lot of latitude to drive here imho.
Continuing #602.
Requests for review:
@jbenet
clock_subsystem, in particular for triggering election retries, and rejecting blocks coming in after epoch cutoffblock producerseems to be pretty stale. Could you take a look?key_storefirst draft@ZenGround0
@Kubuxu
@whyrusleeping
@ZX