package messagepool import ( "bytes" "context" "errors" "fmt" "math" stdbig "math/big" "sort" "sync" "time" "github.com/filecoin-project/go-state-types/abi" "github.com/filecoin-project/go-state-types/big" "github.com/filecoin-project/go-state-types/crypto" "github.com/hashicorp/go-multierror" lru "github.com/hashicorp/golang-lru" "github.com/ipfs/go-cid" "github.com/ipfs/go-datastore" "github.com/ipfs/go-datastore/namespace" "github.com/ipfs/go-datastore/query" logging "github.com/ipfs/go-log/v2" pubsub "github.com/libp2p/go-libp2p-pubsub" lps "github.com/whyrusleeping/pubsub" "golang.org/x/xerrors" "github.com/filecoin-project/go-address" "github.com/filecoin-project/lotus/api" "github.com/filecoin-project/lotus/build" "github.com/filecoin-project/lotus/chain/store" "github.com/filecoin-project/lotus/chain/types" "github.com/filecoin-project/lotus/chain/vm" "github.com/filecoin-project/lotus/journal" "github.com/filecoin-project/lotus/lib/sigs" "github.com/filecoin-project/lotus/node/modules/dtypes" "github.com/raulk/clock" ) var log = logging.Logger("messagepool") var futureDebug = false var rbfNumBig = types.NewInt(uint64((ReplaceByFeeRatioDefault - 1) * RbfDenom)) var rbfDenomBig = types.NewInt(RbfDenom) const RbfDenom = 256 var RepublishInterval = time.Duration(10*build.BlockDelaySecs+build.PropagationDelaySecs) * time.Second var minimumBaseFee = types.NewInt(uint64(build.MinimumBaseFee)) var baseFeeLowerBoundFactor = types.NewInt(10) var baseFeeLowerBoundFactorConservative = types.NewInt(100) var MaxActorPendingMessages = 1000 var MaxNonceGap = uint64(4) var ( ErrMessageTooBig = errors.New("message too big") ErrMessageValueTooHigh = errors.New("cannot send more filecoin than will ever exist") ErrNonceTooLow = errors.New("message nonce too low") ErrGasFeeCapTooLow = errors.New("gas fee cap too low") ErrNotEnoughFunds = errors.New("not enough funds to execute transaction") ErrInvalidToAddr = errors.New("message had invalid to address") ErrSoftValidationFailure = errors.New("validation failure") ErrRBFTooLowPremium = errors.New("replace by fee has too low GasPremium") ErrTooManyPendingMessages = errors.New("too many pending messages for actor") ErrNonceGap = errors.New("unfulfilled nonce gap") ) const ( localMsgsDs = "/mpool/local" localUpdates = "update" ) // Journal event types. const ( evtTypeMpoolAdd = iota evtTypeMpoolRemove evtTypeMpoolRepub ) // MessagePoolEvt is the journal entry for message pool events. type MessagePoolEvt struct { Action string Messages []MessagePoolEvtMessage Error error `json:",omitempty"` } type MessagePoolEvtMessage struct { types.Message CID cid.Cid } func init() { // if the republish interval is too short compared to the pubsub timecache, adjust it minInterval := pubsub.TimeCacheDuration + time.Duration(build.PropagationDelaySecs) if RepublishInterval < minInterval { RepublishInterval = minInterval } } type MessagePool struct { lk sync.Mutex ds dtypes.MetadataDS addSema chan struct{} closer chan struct{} repubTk *clock.Ticker repubTrigger chan struct{} republished map[cid.Cid]struct{} localAddrs map[address.Address]struct{} pending map[address.Address]*msgSet curTsLk sync.Mutex // DO NOT LOCK INSIDE lk curTs *types.TipSet cfgLk sync.Mutex cfg *types.MpoolConfig api Provider minGasPrice types.BigInt currentSize int // pruneTrigger is a channel used to trigger a mempool pruning pruneTrigger chan struct{} // pruneCooldown is a channel used to allow a cooldown time between prunes pruneCooldown chan struct{} blsSigCache *lru.TwoQueueCache changes *lps.PubSub localMsgs datastore.Datastore netName dtypes.NetworkName sigValCache *lru.TwoQueueCache evtTypes [3]journal.EventType } type msgSet struct { msgs map[uint64]*types.SignedMessage nextNonce uint64 requiredFunds *stdbig.Int } func newMsgSet(nonce uint64) *msgSet { return &msgSet{ msgs: make(map[uint64]*types.SignedMessage), nextNonce: nonce, requiredFunds: stdbig.NewInt(0), } } func ComputeMinRBF(curPrem abi.TokenAmount) abi.TokenAmount { minPrice := types.BigAdd(curPrem, types.BigDiv(types.BigMul(curPrem, rbfNumBig), rbfDenomBig)) return types.BigAdd(minPrice, types.NewInt(1)) } func CapGasFee(msg *types.Message, maxFee abi.TokenAmount) { if maxFee.Equals(big.Zero()) { maxFee = types.NewInt(build.FilecoinPrecision / 10) } gl := types.NewInt(uint64(msg.GasLimit)) totalFee := types.BigMul(msg.GasFeeCap, gl) if totalFee.LessThanEqual(maxFee) { return } msg.GasFeeCap = big.Div(maxFee, gl) msg.GasPremium = big.Min(msg.GasFeeCap, msg.GasPremium) // cap premium at FeeCap } func (ms *msgSet) add(m *types.SignedMessage, mp *MessagePool, strict bool) (bool, error) { nextNonce := ms.nextNonce nonceGap := false switch { case m.Message.Nonce == nextNonce: nextNonce++ // advance if we are filling a gap for _, fillGap := ms.msgs[nextNonce]; fillGap; _, fillGap = ms.msgs[nextNonce] { nextNonce++ } case strict && m.Message.Nonce > nextNonce+MaxNonceGap: return false, xerrors.Errorf("message nonce has too big a gap from expected nonce (Nonce: %d, nextNonce: %d): %w", m.Message.Nonce, nextNonce, ErrNonceGap) case m.Message.Nonce > nextNonce: nonceGap = true } exms, has := ms.msgs[m.Message.Nonce] if has { // refuse RBF if we have a gap if strict && nonceGap { return false, xerrors.Errorf("rejecting replace by fee because of nonce gap (Nonce: %d, nextNonce: %d): %w", m.Message.Nonce, nextNonce, ErrNonceGap) } if m.Cid() != exms.Cid() { // check if RBF passes minPrice := ComputeMinRBF(exms.Message.GasPremium) if types.BigCmp(m.Message.GasPremium, minPrice) >= 0 { log.Infow("add with RBF", "oldpremium", exms.Message.GasPremium, "newpremium", m.Message.GasPremium, "addr", m.Message.From, "nonce", m.Message.Nonce) } else { log.Info("add with duplicate nonce") return false, xerrors.Errorf("message from %s with nonce %d already in mpool,"+ " increase GasPremium to %s from %s to trigger replace by fee: %w", m.Message.From, m.Message.Nonce, minPrice, m.Message.GasPremium, ErrRBFTooLowPremium) } } else { return false, xerrors.Errorf("message from %s with nonce %d already in mpool: %w", m.Message.From, m.Message.Nonce, ErrSoftValidationFailure) } ms.requiredFunds.Sub(ms.requiredFunds, exms.Message.RequiredFunds().Int) //ms.requiredFunds.Sub(ms.requiredFunds, exms.Message.Value.Int) } if !has && strict && len(ms.msgs) > MaxActorPendingMessages { log.Errorf("too many pending messages from actor %s", m.Message.From) return false, ErrTooManyPendingMessages } if strict && nonceGap { log.Warnf("adding nonce-gapped message from %s (nonce: %d, nextNonce: %d)", m.Message.From, m.Message.Nonce, nextNonce) } ms.nextNonce = nextNonce ms.msgs[m.Message.Nonce] = m ms.requiredFunds.Add(ms.requiredFunds, m.Message.RequiredFunds().Int) //ms.requiredFunds.Add(ms.requiredFunds, m.Message.Value.Int) return !has, nil } func (ms *msgSet) rm(nonce uint64, applied bool) { m, has := ms.msgs[nonce] if !has { if applied && nonce >= ms.nextNonce { // we removed a message we did not know about because it was applied // we need to adjust the nonce and check if we filled a gap ms.nextNonce = nonce + 1 for _, fillGap := ms.msgs[ms.nextNonce]; fillGap; _, fillGap = ms.msgs[ms.nextNonce] { ms.nextNonce++ } } return } ms.requiredFunds.Sub(ms.requiredFunds, m.Message.RequiredFunds().Int) //ms.requiredFunds.Sub(ms.requiredFunds, m.Message.Value.Int) delete(ms.msgs, nonce) // adjust next nonce if applied { // we removed a (known) message because it was applied in a tipset // we can't possibly have filled a gap in this case if nonce >= ms.nextNonce { ms.nextNonce = nonce + 1 } return } // we removed a message because it was pruned // we have to adjust the nonce if it creates a gap or rewinds state if nonce < ms.nextNonce { ms.nextNonce = nonce } } func (ms *msgSet) getRequiredFunds(nonce uint64) types.BigInt { requiredFunds := new(stdbig.Int).Set(ms.requiredFunds) m, has := ms.msgs[nonce] if has { requiredFunds.Sub(requiredFunds, m.Message.RequiredFunds().Int) //requiredFunds.Sub(requiredFunds, m.Message.Value.Int) } return types.BigInt{Int: requiredFunds} } func New(api Provider, ds dtypes.MetadataDS, netName dtypes.NetworkName) (*MessagePool, error) { cache, _ := lru.New2Q(build.BlsSignatureCacheSize) verifcache, _ := lru.New2Q(build.VerifSigCacheSize) cfg, err := loadConfig(ds) if err != nil { return nil, xerrors.Errorf("error loading mpool config: %w", err) } mp := &MessagePool{ ds: ds, addSema: make(chan struct{}, 1), closer: make(chan struct{}), repubTk: build.Clock.Ticker(RepublishInterval), repubTrigger: make(chan struct{}, 1), localAddrs: make(map[address.Address]struct{}), pending: make(map[address.Address]*msgSet), minGasPrice: types.NewInt(0), pruneTrigger: make(chan struct{}, 1), pruneCooldown: make(chan struct{}, 1), blsSigCache: cache, sigValCache: verifcache, changes: lps.New(50), localMsgs: namespace.Wrap(ds, datastore.NewKey(localMsgsDs)), api: api, netName: netName, cfg: cfg, evtTypes: [...]journal.EventType{ evtTypeMpoolAdd: journal.J.RegisterEventType("mpool", "add"), evtTypeMpoolRemove: journal.J.RegisterEventType("mpool", "remove"), evtTypeMpoolRepub: journal.J.RegisterEventType("mpool", "repub"), }, } // enable initial prunes mp.pruneCooldown <- struct{}{} // load the current tipset and subscribe to head changes _before_ loading local messages mp.curTs = api.SubscribeHeadChanges(func(rev, app []*types.TipSet) error { err := mp.HeadChange(rev, app) if err != nil { log.Errorf("mpool head notif handler error: %+v", err) } return err }) if err := mp.loadLocal(); err != nil { log.Errorf("loading local messages: %+v", err) } go mp.runLoop() return mp, nil } func (mp *MessagePool) Close() error { close(mp.closer) return nil } func (mp *MessagePool) Prune() { // this magic incantation of triggering prune thrice is here to make the Prune method // synchronous: // so, its a single slot buffered channel. The first send fills the channel, // the second send goes through when the pruning starts, // and the third send goes through (and noops) after the pruning finishes // and goes through the loop again mp.pruneTrigger <- struct{}{} mp.pruneTrigger <- struct{}{} mp.pruneTrigger <- struct{}{} } func (mp *MessagePool) runLoop() { for { select { case <-mp.repubTk.C: if err := mp.republishPendingMessages(); err != nil { log.Errorf("error while republishing messages: %s", err) } case <-mp.repubTrigger: if err := mp.republishPendingMessages(); err != nil { log.Errorf("error while republishing messages: %s", err) } case <-mp.pruneTrigger: if err := mp.pruneExcessMessages(); err != nil { log.Errorf("failed to prune excess messages from mempool: %s", err) } case <-mp.closer: mp.repubTk.Stop() return } } } func (mp *MessagePool) addLocal(m *types.SignedMessage, msgb []byte) error { mp.localAddrs[m.Message.From] = struct{}{} if err := mp.localMsgs.Put(datastore.NewKey(string(m.Cid().Bytes())), msgb); err != nil { return xerrors.Errorf("persisting local message: %w", err) } return nil } // verifyMsgBeforeAdd verifies that the message meets the minimum criteria for block inclusio // and whether the message has enough funds to be included in the next 20 blocks. // If the message is not valid for block inclusion, it returns an error. // For local messages, if the message can be included in the next 20 blocks, it returns true to // signal that it should be immediately published. If the message cannot be included in the next 20 // blocks, it returns false so that the message doesn't immediately get published (and ignored by our // peers); instead it will be published through the republish loop, once the base fee has fallen // sufficiently. // For non local messages, if the message cannot be included in the next 20 blocks it returns // a (soft) validation error. func (mp *MessagePool) verifyMsgBeforeAdd(m *types.SignedMessage, curTs *types.TipSet, local bool) (bool, error) { epoch := curTs.Height() minGas := vm.PricelistByEpoch(epoch).OnChainMessage(m.ChainLength()) if err := m.VMMessage().ValidForBlockInclusion(minGas.Total()); err != nil { return false, xerrors.Errorf("message will not be included in a block: %w", err) } // this checks if the GasFeeCap is suffisciently high for inclusion in the next 20 blocks // if the GasFeeCap is too low, we soft reject the message (Ignore in pubsub) and rely // on republish to push it through later, if the baseFee has fallen. // this is a defensive check that stops minimum baseFee spam attacks from overloading validation // queues. // Note that for local messages, we always add them so that they can be accepted and republished // automatically. publish := local var baseFee big.Int if len(curTs.Blocks()) > 0 { baseFee = curTs.Blocks()[0].ParentBaseFee } else { var err error baseFee, err = mp.api.ChainComputeBaseFee(context.TODO(), curTs) if err != nil { return false, xerrors.Errorf("computing basefee: %w", err) } } baseFeeLowerBound := getBaseFeeLowerBound(baseFee, baseFeeLowerBoundFactorConservative) if m.Message.GasFeeCap.LessThan(baseFeeLowerBound) { if local { log.Warnf("local message will not be immediately published because GasFeeCap doesn't meet the lower bound for inclusion in the next 20 blocks (GasFeeCap: %s, baseFeeLowerBound: %s)", m.Message.GasFeeCap, baseFeeLowerBound) publish = false } else { return false, xerrors.Errorf("GasFeeCap doesn't meet base fee lower bound for inclusion in the next 20 blocks (GasFeeCap: %s, baseFeeLowerBound: %s): %w", m.Message.GasFeeCap, baseFeeLowerBound, ErrSoftValidationFailure) } } return publish, nil } func (mp *MessagePool) Push(m *types.SignedMessage) (cid.Cid, error) { err := mp.checkMessage(m) if err != nil { return cid.Undef, err } // serialize push access to reduce lock contention mp.addSema <- struct{}{} defer func() { <-mp.addSema }() msgb, err := m.Serialize() if err != nil { return cid.Undef, err } mp.curTsLk.Lock() publish, err := mp.addTs(m, mp.curTs, true) if err != nil { mp.curTsLk.Unlock() return cid.Undef, err } mp.curTsLk.Unlock() mp.lk.Lock() if err := mp.addLocal(m, msgb); err != nil { mp.lk.Unlock() return cid.Undef, err } mp.lk.Unlock() if publish { err = mp.api.PubSubPublish(build.MessagesTopic(mp.netName), msgb) } return m.Cid(), err } func (mp *MessagePool) checkMessage(m *types.SignedMessage) error { // big messages are bad, anti DOS if m.Size() > 32*1024 { return xerrors.Errorf("mpool message too large (%dB): %w", m.Size(), ErrMessageTooBig) } // Perform syntactic validation, minGas=0 as we check the actual mingas before we add it if err := m.Message.ValidForBlockInclusion(0); err != nil { return xerrors.Errorf("message not valid for block inclusion: %w", err) } if m.Message.To == address.Undef { return ErrInvalidToAddr } if !m.Message.Value.LessThan(types.TotalFilecoinInt) { return ErrMessageValueTooHigh } if m.Message.GasFeeCap.LessThan(minimumBaseFee) { return ErrGasFeeCapTooLow } if err := mp.VerifyMsgSig(m); err != nil { log.Warnf("signature verification failed: %s", err) return err } return nil } func (mp *MessagePool) Add(m *types.SignedMessage) error { err := mp.checkMessage(m) if err != nil { return err } // serialize push access to reduce lock contention mp.addSema <- struct{}{} defer func() { <-mp.addSema }() mp.curTsLk.Lock() defer mp.curTsLk.Unlock() _, err = mp.addTs(m, mp.curTs, false) return err } func sigCacheKey(m *types.SignedMessage) (string, error) { switch m.Signature.Type { case crypto.SigTypeBLS: if len(m.Signature.Data) < 90 { return "", fmt.Errorf("bls signature too short") } return string(m.Cid().Bytes()) + string(m.Signature.Data[64:]), nil case crypto.SigTypeSecp256k1: return string(m.Cid().Bytes()), nil default: return "", xerrors.Errorf("unrecognized signature type: %d", m.Signature.Type) } } func (mp *MessagePool) VerifyMsgSig(m *types.SignedMessage) error { sck, err := sigCacheKey(m) if err != nil { return err } _, ok := mp.sigValCache.Get(sck) if ok { // already validated, great return nil } if err := sigs.Verify(&m.Signature, m.Message.From, m.Message.Cid().Bytes()); err != nil { return err } mp.sigValCache.Add(sck, struct{}{}) return nil } func (mp *MessagePool) checkBalance(m *types.SignedMessage, curTs *types.TipSet) error { balance, err := mp.getStateBalance(m.Message.From, curTs) if err != nil { return xerrors.Errorf("failed to check sender balance: %s: %w", err, ErrSoftValidationFailure) } requiredFunds := m.Message.RequiredFunds() if balance.LessThan(requiredFunds) { return xerrors.Errorf("not enough funds (required: %s, balance: %s): %w", types.FIL(requiredFunds), types.FIL(balance), ErrNotEnoughFunds) } // add Value for soft failure check //requiredFunds = types.BigAdd(requiredFunds, m.Message.Value) mset, ok := mp.pending[m.Message.From] if ok { requiredFunds = types.BigAdd(requiredFunds, mset.getRequiredFunds(m.Message.Nonce)) } if balance.LessThan(requiredFunds) { // Note: we fail here for ErrSoftValidationFailure to signal a soft failure because we might // be out of sync. return xerrors.Errorf("not enough funds including pending messages (required: %s, balance: %s): %w", types.FIL(requiredFunds), types.FIL(balance), ErrSoftValidationFailure) } return nil } func (mp *MessagePool) addTs(m *types.SignedMessage, curTs *types.TipSet, local bool) (bool, error) { snonce, err := mp.getStateNonce(m.Message.From, curTs) if err != nil { return false, xerrors.Errorf("failed to look up actor state nonce: %s: %w", err, ErrSoftValidationFailure) } if snonce > m.Message.Nonce { return false, xerrors.Errorf("minimum expected nonce is %d: %w", snonce, ErrNonceTooLow) } mp.lk.Lock() defer mp.lk.Unlock() publish, err := mp.verifyMsgBeforeAdd(m, curTs, local) if err != nil { return false, err } if err := mp.checkBalance(m, curTs); err != nil { return false, err } return publish, mp.addLocked(m, !local) } func (mp *MessagePool) addLoaded(m *types.SignedMessage) error { err := mp.checkMessage(m) if err != nil { return err } mp.curTsLk.Lock() defer mp.curTsLk.Unlock() curTs := mp.curTs snonce, err := mp.getStateNonce(m.Message.From, curTs) if err != nil { return xerrors.Errorf("failed to look up actor state nonce: %s: %w", err, ErrSoftValidationFailure) } if snonce > m.Message.Nonce { return xerrors.Errorf("minimum expected nonce is %d: %w", snonce, ErrNonceTooLow) } mp.lk.Lock() defer mp.lk.Unlock() _, err = mp.verifyMsgBeforeAdd(m, curTs, true) if err != nil { return err } if err := mp.checkBalance(m, curTs); err != nil { return err } return mp.addLocked(m, false) } func (mp *MessagePool) addSkipChecks(m *types.SignedMessage) error { mp.lk.Lock() defer mp.lk.Unlock() return mp.addLocked(m, false) } func (mp *MessagePool) addLocked(m *types.SignedMessage, strict bool) error { log.Debugf("mpooladd: %s %d", m.Message.From, m.Message.Nonce) if m.Signature.Type == crypto.SigTypeBLS { mp.blsSigCache.Add(m.Cid(), m.Signature) } if _, err := mp.api.PutMessage(m); err != nil { log.Warnf("mpooladd cs.PutMessage failed: %s", err) return err } if _, err := mp.api.PutMessage(&m.Message); err != nil { log.Warnf("mpooladd cs.PutMessage failed: %s", err) return err } mset, ok := mp.pending[m.Message.From] if !ok { nonce, err := mp.getStateNonce(m.Message.From, mp.curTs) if err != nil { return xerrors.Errorf("failed to get initial actor nonce: %w", err) } mset = newMsgSet(nonce) mp.pending[m.Message.From] = mset } incr, err := mset.add(m, mp, strict) if err != nil { log.Debug(err) return err } if incr { mp.currentSize++ if mp.currentSize > mp.cfg.SizeLimitHigh { // send signal to prune messages if it hasnt already been sent select { case mp.pruneTrigger <- struct{}{}: default: } } } mp.changes.Pub(api.MpoolUpdate{ Type: api.MpoolAdd, Message: m, }, localUpdates) journal.J.RecordEvent(mp.evtTypes[evtTypeMpoolAdd], func() interface{} { return MessagePoolEvt{ Action: "add", Messages: []MessagePoolEvtMessage{{Message: m.Message, CID: m.Cid()}}, } }) return nil } func (mp *MessagePool) GetNonce(addr address.Address) (uint64, error) { mp.curTsLk.Lock() defer mp.curTsLk.Unlock() mp.lk.Lock() defer mp.lk.Unlock() return mp.getNonceLocked(addr, mp.curTs) } func (mp *MessagePool) getNonceLocked(addr address.Address, curTs *types.TipSet) (uint64, error) { stateNonce, err := mp.getStateNonce(addr, curTs) // sanity check if err != nil { return 0, err } mset, ok := mp.pending[addr] if ok { if stateNonce > mset.nextNonce { log.Errorf("state nonce was larger than mset.nextNonce (%d > %d)", stateNonce, mset.nextNonce) return stateNonce, nil } return mset.nextNonce, nil } return stateNonce, nil } func (mp *MessagePool) getStateNonce(addr address.Address, curTs *types.TipSet) (uint64, error) { act, err := mp.api.GetActorAfter(addr, curTs) if err != nil { return 0, err } return act.Nonce, nil } func (mp *MessagePool) getStateBalance(addr address.Address, ts *types.TipSet) (types.BigInt, error) { act, err := mp.api.GetActorAfter(addr, ts) if err != nil { return types.EmptyInt, err } return act.Balance, nil } func (mp *MessagePool) Remove(from address.Address, nonce uint64, applied bool) { mp.lk.Lock() defer mp.lk.Unlock() mp.remove(from, nonce, applied) } func (mp *MessagePool) remove(from address.Address, nonce uint64, applied bool) { mset, ok := mp.pending[from] if !ok { return } if m, ok := mset.msgs[nonce]; ok { mp.changes.Pub(api.MpoolUpdate{ Type: api.MpoolRemove, Message: m, }, localUpdates) journal.J.RecordEvent(mp.evtTypes[evtTypeMpoolRemove], func() interface{} { return MessagePoolEvt{ Action: "remove", Messages: []MessagePoolEvtMessage{{Message: m.Message, CID: m.Cid()}}} }) mp.currentSize-- } // NB: This deletes any message with the given nonce. This makes sense // as two messages with the same sender cannot have the same nonce mset.rm(nonce, applied) if len(mset.msgs) == 0 { delete(mp.pending, from) } } func (mp *MessagePool) Pending() ([]*types.SignedMessage, *types.TipSet) { mp.curTsLk.Lock() defer mp.curTsLk.Unlock() mp.lk.Lock() defer mp.lk.Unlock() return mp.allPending() } func (mp *MessagePool) allPending() ([]*types.SignedMessage, *types.TipSet) { out := make([]*types.SignedMessage, 0) for a := range mp.pending { out = append(out, mp.pendingFor(a)...) } return out, mp.curTs } func (mp *MessagePool) PendingFor(a address.Address) ([]*types.SignedMessage, *types.TipSet) { mp.curTsLk.Lock() defer mp.curTsLk.Unlock() mp.lk.Lock() defer mp.lk.Unlock() return mp.pendingFor(a), mp.curTs } func (mp *MessagePool) pendingFor(a address.Address) []*types.SignedMessage { mset := mp.pending[a] if mset == nil || len(mset.msgs) == 0 { return nil } set := make([]*types.SignedMessage, 0, len(mset.msgs)) for _, m := range mset.msgs { set = append(set, m) } sort.Slice(set, func(i, j int) bool { return set[i].Message.Nonce < set[j].Message.Nonce }) return set } func (mp *MessagePool) HeadChange(revert []*types.TipSet, apply []*types.TipSet) error { mp.curTsLk.Lock() defer mp.curTsLk.Unlock() repubTrigger := false rmsgs := make(map[address.Address]map[uint64]*types.SignedMessage) add := func(m *types.SignedMessage) { s, ok := rmsgs[m.Message.From] if !ok { s = make(map[uint64]*types.SignedMessage) rmsgs[m.Message.From] = s } s[m.Message.Nonce] = m } rm := func(from address.Address, nonce uint64) { s, ok := rmsgs[from] if !ok { mp.Remove(from, nonce, true) return } if _, ok := s[nonce]; ok { delete(s, nonce) return } mp.Remove(from, nonce, true) } maybeRepub := func(cid cid.Cid) { if !repubTrigger { mp.lk.Lock() _, republished := mp.republished[cid] mp.lk.Unlock() if republished { repubTrigger = true } } } var merr error for _, ts := range revert { pts, err := mp.api.LoadTipSet(ts.Parents()) if err != nil { log.Errorf("error loading reverted tipset parent: %s", err) merr = multierror.Append(merr, err) continue } mp.curTs = pts msgs, err := mp.MessagesForBlocks(ts.Blocks()) if err != nil { log.Errorf("error retrieving messages for reverted block: %s", err) merr = multierror.Append(merr, err) continue } for _, msg := range msgs { add(msg) } } for _, ts := range apply { mp.curTs = ts for _, b := range ts.Blocks() { bmsgs, smsgs, err := mp.api.MessagesForBlock(b) if err != nil { xerr := xerrors.Errorf("failed to get messages for apply block %s(height %d) (msgroot = %s): %w", b.Cid(), b.Height, b.Messages, err) log.Errorf("error retrieving messages for block: %s", xerr) merr = multierror.Append(merr, xerr) continue } for _, msg := range smsgs { rm(msg.Message.From, msg.Message.Nonce) maybeRepub(msg.Cid()) } for _, msg := range bmsgs { rm(msg.From, msg.Nonce) maybeRepub(msg.Cid()) } } } if repubTrigger { select { case mp.repubTrigger <- struct{}{}: default: } } for _, s := range rmsgs { for _, msg := range s { if err := mp.addSkipChecks(msg); err != nil { log.Errorf("Failed to readd message from reorg to mpool: %s", err) } } } if len(revert) > 0 && futureDebug { mp.lk.Lock() msgs, ts := mp.allPending() mp.lk.Unlock() buckets := map[address.Address]*statBucket{} for _, v := range msgs { bkt, ok := buckets[v.Message.From] if !ok { bkt = &statBucket{ msgs: map[uint64]*types.SignedMessage{}, } buckets[v.Message.From] = bkt } bkt.msgs[v.Message.Nonce] = v } for a, bkt := range buckets { // TODO that might not be correct with GatActorAfter but it is only debug code act, err := mp.api.GetActorAfter(a, ts) if err != nil { log.Debugf("%s, err: %s\n", a, err) continue } var cmsg *types.SignedMessage var ok bool cur := act.Nonce for { cmsg, ok = bkt.msgs[cur] if !ok { break } cur++ } ff := uint64(math.MaxUint64) for k := range bkt.msgs { if k > cur && k < ff { ff = k } } if ff != math.MaxUint64 { m := bkt.msgs[ff] // cmsg can be nil if no messages from the current nonce are in the mpool ccid := "nil" if cmsg != nil { ccid = cmsg.Cid().String() } log.Debugw("Nonce gap", "actor", a, "future_cid", m.Cid(), "future_nonce", ff, "current_cid", ccid, "current_nonce", cur, "revert_tipset", revert[0].Key(), "new_head", ts.Key(), ) } } } return merr } func (mp *MessagePool) runHeadChange(from *types.TipSet, to *types.TipSet, rmsgs map[address.Address]map[uint64]*types.SignedMessage) error { add := func(m *types.SignedMessage) { s, ok := rmsgs[m.Message.From] if !ok { s = make(map[uint64]*types.SignedMessage) rmsgs[m.Message.From] = s } s[m.Message.Nonce] = m } rm := func(from address.Address, nonce uint64) { s, ok := rmsgs[from] if !ok { return } if _, ok := s[nonce]; ok { delete(s, nonce) return } } revert, apply, err := store.ReorgOps(mp.api.LoadTipSet, from, to) if err != nil { return xerrors.Errorf("failed to compute reorg ops for mpool pending messages: %w", err) } var merr error for _, ts := range revert { msgs, err := mp.MessagesForBlocks(ts.Blocks()) if err != nil { log.Errorf("error retrieving messages for reverted block: %s", err) merr = multierror.Append(merr, err) continue } for _, msg := range msgs { add(msg) } } for _, ts := range apply { for _, b := range ts.Blocks() { bmsgs, smsgs, err := mp.api.MessagesForBlock(b) if err != nil { xerr := xerrors.Errorf("failed to get messages for apply block %s(height %d) (msgroot = %s): %w", b.Cid(), b.Height, b.Messages, err) log.Errorf("error retrieving messages for block: %s", xerr) merr = multierror.Append(merr, xerr) continue } for _, msg := range smsgs { rm(msg.Message.From, msg.Message.Nonce) } for _, msg := range bmsgs { rm(msg.From, msg.Nonce) } } } return merr } type statBucket struct { msgs map[uint64]*types.SignedMessage } func (mp *MessagePool) MessagesForBlocks(blks []*types.BlockHeader) ([]*types.SignedMessage, error) { out := make([]*types.SignedMessage, 0) for _, b := range blks { bmsgs, smsgs, err := mp.api.MessagesForBlock(b) if err != nil { return nil, xerrors.Errorf("failed to get messages for apply block %s(height %d) (msgroot = %s): %w", b.Cid(), b.Height, b.Messages, err) } out = append(out, smsgs...) for _, msg := range bmsgs { smsg := mp.RecoverSig(msg) if smsg != nil { out = append(out, smsg) } else { log.Warnf("could not recover signature for bls message %s", msg.Cid()) } } } return out, nil } func (mp *MessagePool) RecoverSig(msg *types.Message) *types.SignedMessage { val, ok := mp.blsSigCache.Get(msg.Cid()) if !ok { return nil } sig, ok := val.(crypto.Signature) if !ok { log.Errorf("value in signature cache was not a signature (got %T)", val) return nil } return &types.SignedMessage{ Message: *msg, Signature: sig, } } func (mp *MessagePool) Updates(ctx context.Context) (<-chan api.MpoolUpdate, error) { out := make(chan api.MpoolUpdate, 20) sub := mp.changes.Sub(localUpdates) go func() { defer mp.changes.Unsub(sub, localUpdates) defer close(out) for { select { case u := <-sub: select { case out <- u.(api.MpoolUpdate): case <-ctx.Done(): return case <-mp.closer: return } case <-ctx.Done(): return case <-mp.closer: return } } }() return out, nil } func (mp *MessagePool) loadLocal() error { res, err := mp.localMsgs.Query(query.Query{}) if err != nil { return xerrors.Errorf("query local messages: %w", err) } for r := range res.Next() { if r.Error != nil { return xerrors.Errorf("r.Error: %w", r.Error) } var sm types.SignedMessage if err := sm.UnmarshalCBOR(bytes.NewReader(r.Value)); err != nil { return xerrors.Errorf("unmarshaling local message: %w", err) } if err := mp.addLoaded(&sm); err != nil { if xerrors.Is(err, ErrNonceTooLow) { continue // todo: drop the message from local cache (if above certain confidence threshold) } log.Errorf("adding local message: %+v", err) } mp.localAddrs[sm.Message.From] = struct{}{} } return nil } func (mp *MessagePool) Clear(local bool) { mp.lk.Lock() defer mp.lk.Unlock() // remove everything if local is true, including removing local messages from // the datastore if local { for a := range mp.localAddrs { mset, ok := mp.pending[a] if !ok { continue } for _, m := range mset.msgs { err := mp.localMsgs.Delete(datastore.NewKey(string(m.Cid().Bytes()))) if err != nil { log.Warnf("error deleting local message: %s", err) } } } mp.pending = make(map[address.Address]*msgSet) mp.republished = nil return } // remove everything except the local messages for a := range mp.pending { _, isLocal := mp.localAddrs[a] if isLocal { continue } delete(mp.pending, a) } } func getBaseFeeLowerBound(baseFee, factor types.BigInt) types.BigInt { baseFeeLowerBound := types.BigDiv(baseFee, factor) if baseFeeLowerBound.LessThan(minimumBaseFee) { baseFeeLowerBound = minimumBaseFee } return baseFeeLowerBound }