v5.20 Patches to Upgrade Oracle, and Writeset generators (#1155)

* bump version number

* changelog

* format tower backlog error msg in edge case

* Docs for rescue writesets

* refactor epoch boundary counter reset in writeset builder

* Upgrade oracle to have upgrade function to expire a vote

* add vote revocation to Oracle Upgrade

* fullnode subsidy aka Carpe towers get paid anyways during the recovery mode

* recovery writeset should trigger the epoch counters to reset

* set the oracle expiry window

* add upgrade proposal expiration to rescue

* bind to correct module in Oracle

* patch writeset

* add upgrade expiration cli command

* make files

* refactor oracle upgrade expire writeset

* add txs helper for voting

* revoke functional test, passing

* deprecate fullnode payment in recovery mode test

* revoking vote, should revoke delegates

* test for revoking delegated votes

* patch test

* recovery mode uses the initial validators throughought the period

* makefile set recovery epoch 295

* including misko9's validator yaml configs

* update StateSyncConfig parameters

config/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "diem-config"
-version = "5.1.3"
+version = "5.2.0"
 authors = ["Diem Association <[email protected]>"]
 description = "Diem diem-config"
 repository = "https://github.com/diem/diem"

config/management/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "diem-management"
-version = "5.1.3"
+version = "5.2.0"
 authors = ["Diem Association <[email protected]>"]
 description = "Diem Management is a tool used to manage the configuration of a Diem Node"
 repository = "https://github.com/diem/diem"

config/src/config/consensus_config.rs

@@ -34,7 +34,7 @@ impl Default for ConsensusConfig {
             max_pruned_blocks_in_mem: 100,
             mempool_txn_pull_timeout_ms: 1000,
             mempool_executed_txn_timeout_ms: 1000,
-            round_initial_timeout_ms: 1000,
+            round_initial_timeout_ms: 5000, //////// 0L ////////
             proposer_type: ConsensusProposerType::LeaderReputation(LeaderReputationConfig {
                 active_weights: 99,
                 inactive_weights: 1,

config/src/config/mempool_config.rs

@@ -43,11 +43,11 @@ impl Default for MempoolConfig {
             shared_mempool_tick_interval_ms: 5_000, //////// 0L //////// 
             shared_mempool_backoff_interval_ms: 3_000, //////// 0L ////////
             shared_mempool_batch_size: 100,
-            shared_mempool_ack_timeout_ms: 2_000,
-            shared_mempool_max_concurrent_inbound_syncs: 2,
+            shared_mempool_ack_timeout_ms: 20_000, ///////// 0L /////////
+            shared_mempool_max_concurrent_inbound_syncs: 10,  ///////// 0L /////////
             max_broadcasts_per_peer: 5, //////// 0L ////////
             mempool_snapshot_interval_secs: 180,
-            capacity: 1_000, ///////// 0L //////// Reduce size of mempool due to VDF cost.
+            capacity: 100, ///////// 0L //////// Reduce size of mempool due to VDF cost.
             capacity_per_user: 1, // no reason for a given user to be ablet to submit more than tree txs to mempool.
             default_failovers: 3,
             system_transaction_timeout_secs: 1000, //////// 0L //////// transacitons should timeout under this time

config/src/config/state_sync_config.rs

@@ -41,7 +41,7 @@ impl Default for StateSyncConfig {
             client_commit_timeout_ms: 5_000,
             long_poll_timeout_ms: 10_000,
             max_chunk_limit: 1_000,
-            max_timeout_ms: 120_000,
+            max_timeout_ms: 1_200_000,
             mempool_commit_timeout_ms: 5_000,
             multicast_timeout_ms: 30_000,
             sync_request_timeout_ms: 60_000, //////// 0L /////////

diem-node/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "diem-node"
-version = "5.1.3"
+version = "5.2.0"
 authors = ["Diem Association <[email protected]>"]
 description = "Diem node"
 repository = "https://github.com/diem/diem"

language/diem-framework/modules/0L/EpochBoundary.move

@@ -105,9 +105,9 @@ module EpochBoundary {
               let miner_subsidy = count * proof_price;
 
               // don't pay while we are in recovery mode, since that creates a frontrunning opportunity
-              if (!RecoveryMode::is_recovery()){ 
+              // if (!RecoveryMode::is_recovery()){ 
                 FullnodeSubsidy::distribute_fullnode_subsidy(vm, addr, miner_subsidy);
-              }
+              // }
 
             };
 

language/diem-framework/modules/0L/Oracle.move

@@ -28,6 +28,7 @@ address 0x1 {
       const DELEGATION_NOT_ENABLED: u64 = 150002;
       const VOTE_ALREADY_DELEGATED: u64 = 150003;
       const DELEGATION_NOT_PRESENT: u64 = 150004;
+      const DUPLICATE_VOTE: u64 = 150005;
 
       struct Oracles has key {
         upgrade: UpgradeOracle
@@ -178,7 +179,9 @@ address 0x1 {
         }; 
 
         // if the sender has voted, do nothing
-        if (Vector::contains<address>(&upgrade_oracle.validators_voted, &sender)) {return};
+        if (Vector::contains<address>(&upgrade_oracle.validators_voted, &sender)) {
+          assert(false, Errors::invalid_argument(DUPLICATE_VOTE));
+        };
 
         let vote_weight = get_weight(sender, VOTE_TYPE_UPGRADE);
 
@@ -198,6 +201,33 @@ address 0x1 {
         };
 
       }
+
+      public fun revoke_my_votes(sender: &signer) acquires Oracles, VoteDelegation {
+        let addr = Signer::address_of(sender);
+        revoke_vote(addr);
+
+        let del = borrow_global<VoteDelegation>(Signer::address_of(sender));
+        let l = Vector::length<address>(&del.delegates);
+        let i = 0;
+        while (i < l) {
+          let addr = *Vector::borrow<address>(&del.delegates, i);
+          revoke_vote(addr);
+          i = i + 1;
+        };
+
+      }
+
+      fun revoke_vote(addr: address) acquires Oracles{
+        let upgrade_oracle = &mut borrow_global_mut<Oracles>(CoreAddresses::DIEM_ROOT_ADDRESS()).upgrade;
+        let (is_found, idx) = Vector::index_of<address>(&upgrade_oracle.validators_voted, &addr);
+
+        if (is_found) {
+          Vector::remove(&mut upgrade_oracle.votes, idx);
+          Vector::remove(&mut upgrade_oracle.validators_voted, idx);
+          tally_upgrade(upgrade_oracle, VOTE_TYPE_UPGRADE);
+        };
+
+      }
 
       fun increment_vote_count(vote_counts: &mut vector<VoteCount>, data: vector<u8>, validator: address, vote_weight: u64) {
         let data_hash = Hash::sha2_256(copy data);
@@ -266,10 +296,20 @@ address 0x1 {
           total_weight: 0,
         };
       }
+
+      fun vm_expire_upgrade(vm: &signer) acquires Oracles {
+        assert(Signer::address_of(vm) == CoreAddresses::DIEM_ROOT_ADDRESS(), Errors::requires_role(150003));
+        let upgrade_oracle = &mut borrow_global_mut<Oracles>(CoreAddresses::DIEM_ROOT_ADDRESS()).upgrade;
+        let threshold = get_threshold(VOTE_TYPE_PROPORTIONAL_VOTING_POWER);
+
+        let result = check_consensus(&upgrade_oracle.vote_counts, threshold);
+        upgrade_oracle.consensus = result;
+        upgrade_oracle.vote_window = DiemBlock::get_current_block_height() - 1;
+      }
 
       // check to see if threshold is reached every time receiving a vote
       // TODO: Not sure we still want to do this every time as tallying is more costly when using node weight (as the threshold must be summed), fine for now. 
-      fun tally_upgrade (upgrade_oracle: &mut UpgradeOracle, type: u8) {
+      fun tally_upgrade(upgrade_oracle: &mut UpgradeOracle, type: u8) {
         let threshold = get_threshold(type);
         let result = check_consensus(&upgrade_oracle.vote_counts, threshold);
 

language/diem-framework/modules/0L/Upgrade.move

@@ -8,7 +8,6 @@ module Upgrade {
     use 0x1::Errors;
     use 0x1::Signer;
     use 0x1::Vector;
-    // use 0x1::DiemTimestamp;
 
     /// Structs for UpgradePayload resource
     struct UpgradePayload has key {

language/diem-framework/modules/0L_transaction_scripts/ol_oracle.move

@@ -6,6 +6,10 @@ module OracleScripts {
         Oracle::handler(&sender, id, data);
     }
 
+    public(script) fun ol_revoke_vote(sender: signer) {
+        Oracle::revoke_my_votes(&sender);
+    }
+
     /// A validator (Alice) can delegate the authority for the operation of an upgrade to another validator (Bob). When Oracle delegation happens, effectively the consensus voting power of Alice, is added to Bob only for the effect of calculating the preference on electing a stdlib binary. Whatever binary Bob proposes, Alice will also propose without needing to be submitting transactions.
 
     public(script) fun ol_delegate_vote(sender: signer, dest: address) {

language/diem-framework/modules/doc/EpochBoundary.md

@@ -269,7 +269,7 @@
       // can't be more than index of accounts
       i &lt; <a href="../../../../../../move-stdlib/docs/Vector.md#0x1_Vector_length">Vector::length</a>(&top_accounts) &&
       // the new proposed set can only only expand by 15%
-      <a href="../../../../../../move-stdlib/docs/Vector.md#0x1_Vector_length">Vector::length</a>(&proposed_set) &lt; len_proven_nodes + max_unproven_nodes &&
+      <a href="../../../../../../move-stdlib/docs/Vector.md#0x1_Vector_length">Vector::length</a>(&proposed_set) &lt; (len_proven_nodes + max_unproven_nodes) &&
       // Validator set can only be <b>as</b> big <b>as</b> the maximum set size
       <a href="../../../../../../move-stdlib/docs/Vector.md#0x1_Vector_length">Vector::length</a>(&proposed_set) &lt; <a href="Globals.md#0x1_Globals_get_max_validators_per_set">Globals::get_max_validators_per_set</a>()
     ) {
@@ -305,7 +305,7 @@
 
     // <b>if</b> we are failing <b>to</b> qualify anyone. Pick top 1/2 of validator set by proposals. They are probably online.
 
-    <b>if</b> (<a href="../../../../../../move-stdlib/docs/Vector.md#0x1_Vector_length">Vector::length</a>&lt;address&gt;(&proposed_set) &lt;= 3) proposed_set = <a href="Stats.md#0x1_Stats_get_sorted_vals_by_props">Stats::get_sorted_vals_by_props</a>(vm, <a href="../../../../../../move-stdlib/docs/Vector.md#0x1_Vector_length">Vector::length</a>&lt;address&gt;(&proposed_set) / 2);
+    <b>if</b> (<a href="../../../../../../move-stdlib/docs/Vector.md#0x1_Vector_length">Vector::length</a>&lt;address&gt;(&proposed_set) &lt;= 3) proposed_set = <a href="Stats.md#0x1_Stats_get_sorted_vals_by_props">Stats::get_sorted_vals_by_props</a>(vm, <a href="../../../../../../move-stdlib/docs/Vector.md#0x1_Vector_length">Vector::length</a>&lt;address&gt;(&top_accounts) / 2);
 
 
     // If still failing...in extreme case <b>if</b> we cannot qualify anyone. Don't change the validator set.

language/diem-framework/modules/doc/Globals.md

@@ -24,6 +24,8 @@ This module provides global variables and constants that have no specific owner
 -  [Function `get_epoch_mining_thres_upper`](#0x1_Globals_get_epoch_mining_thres_upper)
 -  [Function `get_unlock`](#0x1_Globals_get_unlock)
 -  [Function `get_min_blocks_epoch`](#0x1_Globals_get_min_blocks_epoch)
+-  [Function `get_vouch_threshold`](#0x1_Globals_get_vouch_threshold)
+-  [Function `get_signing_threshold`](#0x1_Globals_get_signing_threshold)
 -  [Function `get_constants`](#0x1_Globals_get_constants)
 
 
@@ -113,6 +115,18 @@ epoch by a miner to remain compliant
 </dt>
 <dd>
 
+</dd>
+<dt>
+<code>vouch_threshold: u64</code>
+</dt>
+<dd>
+
+</dd>
+<dt>
+<code>signing_threshold_pct: u64</code>
+</dt>
+<dd>
+
 </dd>
 </dl>
 
@@ -381,6 +395,56 @@ Get the mining threshold
 
 
 
+</details>
+
+<a name="0x1_Globals_get_vouch_threshold"></a>
+
+## Function `get_vouch_threshold`
+
+Get the threshold for unrelated vouchers per validator
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="Globals.md#0x1_Globals_get_vouch_threshold">get_vouch_threshold</a>(): u64
+</code></pre>
+
+
+
+<details>
+<summary>Implementation</summary>
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="Globals.md#0x1_Globals_get_vouch_threshold">get_vouch_threshold</a>(): u64 {
+  <a href="Globals.md#0x1_Globals_get_constants">get_constants</a>().vouch_threshold
+}
+</code></pre>
+
+
+
+</details>
+
+<a name="0x1_Globals_get_signing_threshold"></a>
+
+## Function `get_signing_threshold`
+
+Get the threshold of number of signed blocks in an epoch per validator
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="Globals.md#0x1_Globals_get_signing_threshold">get_signing_threshold</a>(): u64
+</code></pre>
+
+
+
+<details>
+<summary>Implementation</summary>
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="Globals.md#0x1_Globals_get_signing_threshold">get_signing_threshold</a>(): u64 {
+  <a href="Globals.md#0x1_Globals_get_constants">get_constants</a>().signing_threshold_pct
+}
+</code></pre>
+
+
+
 </details>
 
 <a name="0x1_Globals_get_constants"></a>
@@ -414,6 +478,8 @@ Get the constants for the current network
       epoch_mining_thres_upper: 1000, // upper bound unlimited
       epoch_slow_wallet_unlock: 10,
       min_blocks_per_epoch: 0,
+      vouch_threshold: 0,
+      signing_threshold_pct: 3,
     }
   };
 
@@ -428,6 +494,8 @@ Get the constants for the current network
       epoch_mining_thres_upper: 72, // upper bound enforced at 20 mins per proof.
       epoch_slow_wallet_unlock: 10000000,
       min_blocks_per_epoch: 1000,
+      vouch_threshold: 0,
+      signing_threshold_pct: 3,
     }
   } <b>else</b> {
     <b>return</b> <a href="Globals.md#0x1_Globals_GlobalConstants">GlobalConstants</a> {
@@ -445,6 +513,8 @@ Get the constants for the current network
       epoch_mining_thres_upper: 72, // upper bound enforced at 20 mins per proof.
       epoch_slow_wallet_unlock: 1000 * <a href="Globals.md#0x1_Globals_COIN_SCALING_FACTOR">COIN_SCALING_FACTOR</a>, // approx 10 years for largest accounts in genesis.
       min_blocks_per_epoch: 10000,
+      vouch_threshold: 2, // Production is 2 vouchers per validator
+      signing_threshold_pct: 3,
     }
   }
 }