Non Interactive Proof of Replication #1537
Conversation
There was a problem hiding this comment.
This looks to be on the right track, though missing some considerations. I assume it's just WIP, but thought I'd take a look anyway.
- Validation of anything that would have been checked at PreCommit and is still relevant (e.g. sector number, expiration epoch, ...)
- Different path for aggregate vs batched proofs
- Fetch chain randomness according to the epoch specified for each sector
actors/miner/src/lib.rs
Outdated
| state.put_sectors(store, sectors_to_add).map_err(|e| { | ||
| e.downcast_default(ExitCode::USR_ILLEGAL_STATE, "failed to put new sectors") | ||
| })?; |
There was a problem hiding this comment.
Avoid map_err and downcast_default. Use with_context_code and similar instead for new code.
actors/miner/src/lib.rs
Outdated
| state | ||
| .add_initial_pledge(&total_pledge) | ||
| .map_err(|e| actor_error!(illegal_state, "failed to add initial pledge: {}", e))?; |
There was a problem hiding this comment.
Check for sufficient balance first!
| frc46_token = "9.0.0" | ||
| fvm_actor_utils = "10.0.0" | ||
| frc42_dispatch = "6.0.0" | ||
| frc46_token = "10.0.0" |
There was a problem hiding this comment.
Please make these and other dependency updates against main as a separate PR, that you can create and land now. Remove this noise from the semantic changes introduced in this PR.
actors/miner/src/lib.rs
Outdated
| miner: miner_id, | ||
| number: sector.sector_number, | ||
| }, | ||
| randomness: Randomness(Vec::new()), |
There was a problem hiding this comment.
This one needs to be initialised properly, though the interactive_randomness below doesn't.
There was a problem hiding this comment.
Actually, even interactive_randomness should be initialized to commr right? https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0090.md#specification
There was a problem hiding this comment.
I would have expected that to happen inside the proofs library. I think we need to ask someone else.
There was a problem hiding this comment.
It's internally ignored, so it can be the same as comm_r. I believe if you pass all zeroes, it should fail as that's marked as invalid.
actors/miner/src/lib.rs
Outdated
| randomness: Randomness(Vec::new()), | ||
| proof: proof.into(), | ||
| sealed_cid: sector.sealed_cid, | ||
| unsealed_cid: CompactCommD::empty().get_cid(params.seal_proof_type).unwrap(), |
There was a problem hiding this comment.
Calculate empty CommD just once outside the iteration
| expected_storage_pledge: storage_pledge.clone(), | ||
| power_base_epoch: activation_epoch, | ||
| replaced_day_reward: TokenAmount::zero(), | ||
| sector_key_cid: None, |
There was a problem hiding this comment.
@Kubuxu this is how current CC sectors are represented, just confirming we want to keep doing the same thing. Whether a sector can be updated is determined by [verified_]deal_weight == 0, and if so the sealed_cid is copied into this sector key cid upon the first update.
actors/miner/src/lib.rs
Outdated
|
|
||
| rt.transaction(|state: &mut State, rt| { | ||
| let current_balance = rt.current_balance(); | ||
| if current_balance < total_pledge { |
There was a problem hiding this comment.
You need to check the available balance. Use state.get_unlocked_balance(¤t_balance)
| .with_context_code(ExitCode::USR_ILLEGAL_STATE, || "failed to put new sectors")?; | ||
|
|
||
| state | ||
| .assign_sectors_to_deadlines( |
There was a problem hiding this comment.
I've proposed in Slack that we allow the caller to specify the deadline, which would be a change here.
actors/miner/src/policy.rs
Outdated
| @@ -158,6 +162,10 @@ pub fn qa_power_for_sector(size: SectorSize, sector: &SectorOnChainInfo) -> Stor | |||
| qa_power_for_weight(size, duration, §or.deal_weight, §or.verified_deal_weight) | |||
| } | |||
|
|
|||
| pub fn base_power_for_sector(size: SectorSize) -> StoragePower { | |||
| BigInt::from(size as u64) * &*QUALITY_BASE_MULTIPLIER | |||
There was a problem hiding this comment.
I don't think this multiplication is valid. My interpretation of QUALITY_BASE_MULTIPLIER is that it's supposed to be a denominator, when multiplying by either DEAL_WEIGHT_MULTIPLIER or VERIFIED_DEAL_WEIGHT_MULTIPLIER. In any case, multiplying size by 10 isn't what we want here.
Just do StoragePower::from(size) at the call sites.
There was a problem hiding this comment.
You are right. My math is invalid. I'd still like to keep the function base_power_for_sector so we have an clear way for getting CC sector power consistent with QA power function.
| @@ -135,6 +135,34 @@ pub struct ProveCommitSectorParams { | |||
| pub proof: RawBytes, | |||
| } | |||
|
|
|||
| // Note no UnsealedCID because it must be "zero" data. | |||
| #[derive(Clone, Debug, Eq, PartialEq, Serialize_tuple, Deserialize_tuple)] | |||
| pub struct SectorNIActivationInfo { | |||
There was a problem hiding this comment.
This has changed in the FIP since you wrote this. Add sealing_number separate from sector_number.
| @@ -2,7 +2,7 @@ use fil_actors_integration_tests::tests::prove_commit_sectors2_test; | |||
| use fil_actors_runtime::test_blockstores::MemoryBlockstore; | |||
| use test_vm::TestVM; | |||
|
|
|||
| #[test] | |||
| #[test_log::test] | |||
There was a problem hiding this comment.
I assume you will revert the test_log usage and dependencies when preparing for merge. If we want to use test_log, I think that's a separate consideration that we should execute in main ahead of this PR, and uniformly across all tests. Feel free to start an issue/discussion about doing that.
actors/miner/src/types.rs
Outdated
| pub sector_number: SectorNumber, | ||
| pub sealed_cid: Cid, // CommR |
There was a problem hiding this comment.
these two are out of order from the FIP; as it's tuple encoding, order matters
actors/miner/src/types.rs
Outdated
| // Note no UnsealedCID because it must be "zero" data. | ||
| #[derive(Clone, Debug, Eq, PartialEq, Serialize_tuple, Deserialize_tuple)] | ||
| pub struct SectorNIActivationInfo { | ||
| pub sealer_id: Option<ActorID>, |
There was a problem hiding this comment.
this is not nullable in the FIP, does this assume filecoin-project/FIPs#993 is accepted?
There was a problem hiding this comment.
In fact, this isn't even used in this PR; and I see no mention of SealerID / sealer_id in the text of https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0090.md other than in the description of this struct. The only thing it says about it is "Must be set to ID of receiving actor for now", so I guess it's a placeholder waiting for filecoin-project/FIPs#993? If so, I guess it needs to be checked against the receiving actor in prove_commit_sectors_ni.
There was a problem hiding this comment.
Yes it's a placeholder that must be checked. Shouldn't be optional.
There was a problem hiding this comment.
Should we fail a whole batch if sealer_id of some sector is different that receiving miner ID, or just filter them out?
There was a problem hiding this comment.
The question is relevant only when not using aggregate proof. I think having aggregate proof for sectors intended for different receiver doesn't make sense and should fail.
There was a problem hiding this comment.
Agree, just fail if sealer_id doesn't match receiver.
| #[cfg(feature = "fake-proofs")] | ||
| fn batch_verify_ni_seals(&self, batch: &[NISealVerifyInfo]) -> anyhow::Result<Vec<bool>> { | ||
| Ok(batch.iter().map(|_| true).collect()) | ||
| } | ||
|
|
There was a problem hiding this comment.
I think this can go, right? we're just using batch_verify_seals now with the NI proof types
| AggregateSealVerifyProofAndInfos, NISealVerifyInfo, RegisteredSealProof, ReplicaUpdateInfo, | ||
| SealVerifyInfo, WindowPoStVerifyInfo, |
There was a problem hiding this comment.
| AggregateSealVerifyProofAndInfos, NISealVerifyInfo, RegisteredSealProof, ReplicaUpdateInfo, | |
| SealVerifyInfo, WindowPoStVerifyInfo, | |
| AggregateSealVerifyProofAndInfos, RegisteredSealProof, ReplicaUpdateInfo, SealVerifyInfo, | |
| WindowPoStVerifyInfo, |
| pub prove_commit_ni_sector_batch_max_size: usize, | ||
| pub max_prove_commit_ni_randomness_lookback: ChainEpoch, | ||
| pub valid_prove_commit_ni_proof_type: ProofSet, | ||
|
|
There was a problem hiding this comment.
these need documenting and should be moved below pre_commit_challenge_delay so they are consistently placed with the policy_constants (and we can match their placement in go-state-types so it's easier to look them up)
| pub const PROVE_COMMIT_NI_SECTOR_BATCH_MAX_SIZE: usize = 256; | ||
| pub const MAX_PROVE_COMMIT_NI_LOOKBACK: ChainEpoch = 365 * EPOCHS_IN_DAY + CHAIN_FINALITY; |
There was a problem hiding this comment.
needs commenting, and I believe this should be 30 and not 365 as per FIP-0090
There was a problem hiding this comment.
as per shared doc, current proposal is to change FIP to 180 days
|
I had a go at documenting the constants in go-state-types here: filecoin-project/go-state-types#270 I'd appreciate feedback on them to make sure I'm understanding and describing them well. |
| .collect::<Vec<SectorOnChainInfo>>(); | ||
|
|
||
| let total_pledge = BigInt::from(sectors_to_add.len()) * initial_pledge; | ||
|
|
There was a problem hiding this comment.
| let mut needs_cron = false; |
| state | ||
| .check_balance_invariants(&rt.current_balance()) | ||
| .map_err(balance_invariants_broken)?; | ||
|
|
There was a problem hiding this comment.
| needs_cron = !state.deadline_cron_active; | |
| state.deadline_cron_active = true; | |
|
|
||
| Ok(()) | ||
| })?; | ||
|
|
There was a problem hiding this comment.
| if needs_cron { | |
| let new_dl_info = state.deadline_info(rt.policy(), curr_epoch); | |
| enroll_cron_event( | |
| rt, | |
| new_dl_info.last(), | |
| CronEventPayload { event_type: CRON_EVENT_PROVING_DEADLINE }, | |
| )?; | |
| } | |
See also filecoin-project/ref-fvm#1999