Resolve to ID addresses when handling message selection

This commit is contained in:
Aayush Rajasekaran 2021-05-06 23:51:42 -04:00
parent 0413022196
commit 8d991283f4
7 changed files with 220 additions and 26 deletions

View File

@ -126,8 +126,10 @@ type MessagePool struct {
republished map[cid.Cid]struct{}
// only pubkey addresses
localAddrs map[address.Address]struct{}
// only pubkey addresses
pending map[address.Address]*msgSet
curTsLk sync.Mutex // DO NOT LOCK INSIDE lk
@ -443,7 +445,14 @@ func (mp *MessagePool) runLoop() {
}
func (mp *MessagePool) addLocal(m *types.SignedMessage) error {
mp.localAddrs[m.Message.From] = struct{}{}
// TODO: Is context.TODO() safe here? Idk how Go works.
sk, err := mp.api.StateAccountKey(context.TODO(), m.Message.From, mp.curTs)
if err != nil {
log.Debugf("mpooladdlocal failed to resolve sender: %s", err)
return err
}
mp.localAddrs[sk] = struct{}{}
msgb, err := m.Serialize()
if err != nil {
@ -475,7 +484,7 @@ func (mp *MessagePool) verifyMsgBeforeAdd(m *types.SignedMessage, curTs *types.T
return false, xerrors.Errorf("message will not be included in a block: %w", err)
}
// this checks if the GasFeeCap is suffisciently high for inclusion in the next 20 blocks
// this checks if the GasFeeCap is sufficiently high for inclusion in the next 20 blocks
// if the GasFeeCap is too low, we soft reject the message (Ignore in pubsub) and rely
// on republish to push it through later, if the baseFee has fallen.
// this is a defensive check that stops minimum baseFee spam attacks from overloading validation
@ -645,7 +654,14 @@ func (mp *MessagePool) checkBalance(m *types.SignedMessage, curTs *types.TipSet)
// add Value for soft failure check
//requiredFunds = types.BigAdd(requiredFunds, m.Message.Value)
mset, ok := mp.pending[m.Message.From]
// TODO: Is context.TODO() safe here? Idk how Go works.
sk, err := mp.api.StateAccountKey(context.TODO(), m.Message.From, mp.curTs)
if err != nil {
log.Debugf("mpoolcheckbalance failed to resolve sender: %s", err)
return err
}
mset, ok := mp.pending[sk]
if ok {
requiredFunds = types.BigAdd(requiredFunds, mset.getRequiredFunds(m.Message.Nonce))
}
@ -752,15 +768,22 @@ func (mp *MessagePool) addLocked(m *types.SignedMessage, strict, untrusted bool)
return err
}
mset, ok := mp.pending[m.Message.From]
// TODO: Is context.TODO() safe here? Idk how Go works.
sk, err := mp.api.StateAccountKey(context.TODO(), m.Message.From, mp.curTs)
if err != nil {
log.Debugf("mpooladd failed to resolve sender: %s", err)
return err
}
mset, ok := mp.pending[sk]
if !ok {
nonce, err := mp.getStateNonce(m.Message.From, mp.curTs)
nonce, err := mp.getStateNonce(sk, mp.curTs)
if err != nil {
return xerrors.Errorf("failed to get initial actor nonce: %w", err)
}
mset = newMsgSet(nonce)
mp.pending[m.Message.From] = mset
mp.pending[sk] = mset
}
incr, err := mset.add(m, mp, strict, untrusted)
@ -811,7 +834,14 @@ func (mp *MessagePool) getNonceLocked(addr address.Address, curTs *types.TipSet)
return 0, err
}
mset, ok := mp.pending[addr]
// TODO: Is context.TODO() safe here? Idk how Go works.
sk, err := mp.api.StateAccountKey(context.TODO(), addr, mp.curTs)
if err != nil {
log.Debugf("mpoolgetnonce failed to resolve sender: %s", err)
return 0, err
}
mset, ok := mp.pending[sk]
if ok {
if stateNonce > mset.nextNonce {
log.Errorf("state nonce was larger than mset.nextNonce (%d > %d)", stateNonce, mset.nextNonce)
@ -891,7 +921,14 @@ func (mp *MessagePool) Remove(from address.Address, nonce uint64, applied bool)
}
func (mp *MessagePool) remove(from address.Address, nonce uint64, applied bool) {
mset, ok := mp.pending[from]
// TODO: Is context.TODO() safe here? Idk how Go works.
sk, err := mp.api.StateAccountKey(context.TODO(), from, mp.curTs)
if err != nil {
log.Debugf("mpoolremove failed to resolve sender: %s", err)
return
}
mset, ok := mp.pending[sk]
if !ok {
return
}
@ -949,7 +986,14 @@ func (mp *MessagePool) PendingFor(a address.Address) ([]*types.SignedMessage, *t
}
func (mp *MessagePool) pendingFor(a address.Address) []*types.SignedMessage {
mset := mp.pending[a]
// TODO: Is context.TODO() safe here? Idk how Go works.
sk, err := mp.api.StateAccountKey(context.TODO(), a, mp.curTs)
if err != nil {
log.Debugf("mpoolpendingfor failed to resolve sender: %s", err)
return nil
}
mset := mp.pending[sk]
if mset == nil || len(mset.msgs) == 0 {
return nil
}
@ -1303,7 +1347,14 @@ func (mp *MessagePool) loadLocal() error {
log.Errorf("adding local message: %+v", err)
}
mp.localAddrs[sm.Message.From] = struct{}{}
// TODO: Is context.TODO() safe here? Idk how Go works.
sk, err := mp.api.StateAccountKey(context.TODO(), sm.Message.From, mp.curTs)
if err != nil {
log.Debugf("mpoolloadLocal failed to resolve sender: %s", err)
return err
}
mp.localAddrs[sk] = struct{}{}
}
return nil

View File

@ -37,6 +37,8 @@ type mpoolProvider struct {
ps *pubsub.PubSub
}
var _ Provider = (*mpoolProvider)(nil)
func NewProvider(sm *stmgr.StateManager, ps *pubsub.PubSub) Provider {
return &mpoolProvider{sm: sm, ps: ps}
}

View File

@ -543,10 +543,16 @@ func (mp *MessagePool) selectPriorityMessages(pending map[address.Address]map[ui
var chains []*msgChain
priority := mpCfg.PriorityAddrs
for _, actor := range priority {
mset, ok := pending[actor]
pk, err := mp.api.StateAccountKey(context.TODO(), actor, mp.curTs)
if err != nil {
log.Debugf("mpooladdlocal failed to resolve sender: %s", err)
return nil, gasLimit
}
mset, ok := pending[pk]
if ok {
// remove actor from pending set as we are already processed these messages
delete(pending, actor)
delete(pending, pk)
// create chains for the priority actor
next := mp.createMessageChains(actor, mset, baseFee, ts)
chains = append(chains, next...)

View File

@ -12,6 +12,8 @@ import (
"strings"
"sync"
"github.com/filecoin-project/lotus/chain/state"
"golang.org/x/sync/errgroup"
"github.com/filecoin-project/go-state-types/crypto"
@ -1008,17 +1010,33 @@ type BlockMessages struct {
func (cs *ChainStore) BlockMsgsForTipset(ts *types.TipSet) ([]BlockMessages, error) {
applied := make(map[address.Address]uint64)
selectMsg := func(m *types.Message) (bool, error) {
// The first match for a sender is guaranteed to have correct nonce -- the block isn't valid otherwise
if _, ok := applied[m.From]; !ok {
applied[m.From] = m.Nonce
cst := cbor.NewCborStore(cs.stateBlockstore)
st, err := state.LoadStateTree(cst, ts.Blocks()[0].ParentStateRoot)
if err != nil {
return nil, xerrors.Errorf("failed to load state tree")
}
if applied[m.From] != m.Nonce {
selectMsg := func(m *types.Message) (bool, error) {
var sender address.Address
if ts.Height() >= build.UpgradeHyperdriveHeight {
sender, err = st.LookupID(m.From)
if err != nil {
return false, err
}
} else {
sender = m.From
}
// The first match for a sender is guaranteed to have correct nonce -- the block isn't valid otherwise
if _, ok := applied[sender]; !ok {
applied[sender] = m.Nonce
}
if applied[sender] != m.Nonce {
return false, nil
}
applied[m.From]++
applied[sender]++
return true, nil
}

View File

@ -1084,9 +1084,19 @@ func (syncer *Syncer) checkBlockMessages(ctx context.Context, b *types.FullBlock
// Phase 2: (Partial) semantic validation:
// the sender exists and is an account actor, and the nonces make sense
if _, ok := nonces[m.From]; !ok {
var sender address.Address
if syncer.sm.GetNtwkVersion(ctx, b.Header.Height) >= network.Version13 {
sender, err = st.LookupID(m.From)
if err != nil {
return err
}
} else {
sender = m.From
}
if _, ok := nonces[sender]; !ok {
// `GetActor` does not validate that this is an account actor.
act, err := st.GetActor(m.From)
act, err := st.GetActor(sender)
if err != nil {
return xerrors.Errorf("failed to get actor: %w", err)
}
@ -1094,13 +1104,13 @@ func (syncer *Syncer) checkBlockMessages(ctx context.Context, b *types.FullBlock
if !builtin.IsAccountActor(act.Code) {
return xerrors.New("Sender must be an account actor")
}
nonces[m.From] = act.Nonce
nonces[sender] = act.Nonce
}
if nonces[m.From] != m.Nonce {
return xerrors.Errorf("wrong nonce (exp: %d, got: %d)", nonces[m.From], m.Nonce)
if nonces[sender] != m.Nonce {
return xerrors.Errorf("wrong nonce (exp: %d, got: %d)", nonces[sender], m.Nonce)
}
nonces[m.From]++
nonces[sender]++
return nil
}

View File

@ -10,7 +10,6 @@ import (
"github.com/filecoin-project/go-state-types/crypto"
"github.com/filecoin-project/go-state-types/network"
"github.com/filecoin-project/lotus/chain/stmgr"
"github.com/ipfs/go-cid"
@ -108,6 +107,7 @@ func prepSyncTest(t testing.TB, h int) *syncTestUtil {
}
tu.addSourceNode(stmgr.DefaultUpgradeSchedule(), h)
//tu.checkHeight("source", source, h)
// separate logs
@ -730,7 +730,6 @@ func TestBadNonce(t *testing.T) {
// Produce a message from the banker with a bad nonce
makeBadMsg := func() *types.SignedMessage {
msg := types.Message{
To: tu.g.Banker(),
From: tu.g.Banker(),
@ -761,6 +760,114 @@ func TestBadNonce(t *testing.T) {
tu.mineOnBlock(base, 0, []int{0}, true, true, msgs, 0)
}
// This test introduces a block that has 2 messages, with the same sender, and same nonce.
// One of the messages uses the sender's robust address, the other uses the ID address.
// Such a block is invalid and should not sync.
func TestMismatchedNoncesRobustID(t *testing.T) {
v5h := abi.ChainEpoch(4)
tu := prepSyncTestWithV5Height(t, int(v5h+5), v5h)
base := tu.g.CurTipset
// Get the banker from computed tipset state, not the parent.
st, _, err := tu.g.StateManager().TipSetState(context.TODO(), base.TipSet())
require.NoError(t, err)
ba, err := tu.g.StateManager().LoadActorRaw(context.TODO(), tu.g.Banker(), st)
require.NoError(t, err)
// Produce a message from the banker
makeMsg := func(id bool) *types.SignedMessage {
sender := tu.g.Banker()
if id {
s, err := tu.nds[0].StateLookupID(context.TODO(), sender, base.TipSet().Key())
require.NoError(t, err)
sender = s
}
msg := types.Message{
To: tu.g.Banker(),
From: sender,
Nonce: ba.Nonce,
Value: types.NewInt(1),
Method: 0,
GasLimit: 100_000_000,
GasFeeCap: types.NewInt(0),
GasPremium: types.NewInt(0),
}
sig, err := tu.g.Wallet().WalletSign(context.TODO(), tu.g.Banker(), msg.Cid().Bytes(), api.MsgMeta{})
require.NoError(t, err)
return &types.SignedMessage{
Message: msg,
Signature: *sig,
}
}
msgs := make([][]*types.SignedMessage, 1)
msgs[0] = []*types.SignedMessage{makeMsg(false), makeMsg(true)}
tu.mineOnBlock(base, 0, []int{0}, true, true, msgs, 0)
}
// This test introduces a block that has 2 messages, with the same sender, and nonces N and N+1 (so both can be included in a block)
// One of the messages uses the sender's robust address, the other uses the ID address.
// Such a block is valid and should sync.
func TestMatchedNoncesRobustID(t *testing.T) {
v5h := abi.ChainEpoch(4)
tu := prepSyncTestWithV5Height(t, int(v5h+5), v5h)
base := tu.g.CurTipset
// Get the banker from computed tipset state, not the parent.
st, _, err := tu.g.StateManager().TipSetState(context.TODO(), base.TipSet())
require.NoError(t, err)
ba, err := tu.g.StateManager().LoadActorRaw(context.TODO(), tu.g.Banker(), st)
require.NoError(t, err)
// Produce a message from the banker with specified nonce
makeMsg := func(n uint64, id bool) *types.SignedMessage {
sender := tu.g.Banker()
if id {
s, err := tu.nds[0].StateLookupID(context.TODO(), sender, base.TipSet().Key())
require.NoError(t, err)
sender = s
}
msg := types.Message{
To: tu.g.Banker(),
From: sender,
Nonce: n,
Value: types.NewInt(1),
Method: 0,
GasLimit: 100_000_000,
GasFeeCap: types.NewInt(0),
GasPremium: types.NewInt(0),
}
sig, err := tu.g.Wallet().WalletSign(context.TODO(), tu.g.Banker(), msg.Cid().Bytes(), api.MsgMeta{})
require.NoError(t, err)
return &types.SignedMessage{
Message: msg,
Signature: *sig,
}
}
msgs := make([][]*types.SignedMessage, 1)
msgs[0] = []*types.SignedMessage{makeMsg(ba.Nonce, false), makeMsg(ba.Nonce+1, true)}
tu.mineOnBlock(base, 0, []int{0}, true, false, msgs, 0)
}
func BenchmarkSyncBasic(b *testing.B) {
for i := 0; i < b.N; i++ {
runSyncBenchLength(b, 100)

View File

@ -12,6 +12,6 @@
- [ ] Update `chain/stmgr/forks.go`
- [ ] Schedule
- [ ] Migration
- [ ] Update upgrade schedule in `api/test/test.go`
- [ ] Update upgrade schedule in `api/test/test.go` and `chain/sync_test.go`
- [ ] Update `NewestNetworkVersion` in `build/params_shared_vals.go`
- [ ] Register in init in `chain/stmgr/utils.go`