Simplify and optimize quorum calculation; fix blob bug. #4978
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
afck
changed the title
bart-linera
approved these changes
Nov 19, 2025
linera-execution/src/system.rs
Outdated
| self.committees.set(committees); | ||
| let admin_id = self | ||
|
|
||
| let net_description = self |
Contributor
There was a problem hiding this comment.
I feel like it would still be a good idea to have this committee reading logic extracted into a function somewhere, so that we don't have to duplicate all this code wherever we need to read committees... But I guess it's good enough for now, with just two places where we do that.
Contributor
Author
There was a problem hiding this comment.
Good point, I'll give it a try and deduplicate them.
Contributor
Author
Contributor
There was a problem hiding this comment.
Nice, I like your approach!
bart-linera
approved these changes
Nov 19, 2025
afck
added a commit
to afck/linera-protocol
that referenced
this pull request
Nov 19, 2025
The current `Committee` implementation is a bit complicated, and sometimes sets the quorum threshold higher than necessary. The assumption is that $$N \geq 3 f + 1$$, where $$f$$ is the fault tolerance, i.e. the maximum total votes of the faulty validators. The _validity threshold_ is $$f + 1$$. Given $$N$$, the highest possible value for $$f$$ is therefore $$\lceil N / 3 \rceil - 1$$. The _quorum threshold_ $$q$$ is minimal such that any two quorum intersect in at least a validity threshold (i.e. have at least one honest validator in common), i.e. $$2 q - N \geq f + 1$$. Thus $$q = \lceil (N + f + 1) / 2 \rceil$$. In particular, if e.g. $$N = 3$$, then $$f = 0$$ and $$q = 2$$. This change revealed an issue with the certificate handling logic in the worker: `committees_for` returns `ViewErrors` instead of `BlobsNotFound`/`EventsNotFound`, so the client fails to send the validators the admin chain if needed. This was fixed; I also kept minor cleanups I made while debugging this. I got a few stack overflows, so I doubled the client's Tokio thread stack size. CI - The fixes (but maybe not the quorum change) should be backported to `testnet_conway` and released in a new SDK and validator hotfix. - [reviewer checklist](https://github.com/linera-io/linera-protocol/blob/main/CONTRIBUTING.md#reviewer-checklist)
afck
added a commit
to afck/linera-protocol
that referenced
this pull request
Nov 19, 2025
The current `Committee` implementation is a bit complicated, and sometimes sets the quorum threshold higher than necessary. The assumption is that $$N \geq 3 f + 1$$, where $$f$$ is the fault tolerance, i.e. the maximum total votes of the faulty validators. The _validity threshold_ is $$f + 1$$. Given $$N$$, the highest possible value for $$f$$ is therefore $$\lceil N / 3 \rceil - 1$$. The _quorum threshold_ $$q$$ is minimal such that any two quorum intersect in at least a validity threshold (i.e. have at least one honest validator in common), i.e. $$2 q - N \geq f + 1$$. Thus $$q = \lceil (N + f + 1) / 2 \rceil$$. In particular, if e.g. $$N = 3$$, then $$f = 0$$ and $$q = 2$$. This change revealed an issue with the certificate handling logic in the worker: `committees_for` returns `ViewErrors` instead of `BlobsNotFound`/`EventsNotFound`, so the client fails to send the validators the admin chain if needed. This was fixed; I also kept minor cleanups I made while debugging this. I got a few stack overflows, so I doubled the client's Tokio thread stack size. CI - The fixes (but maybe not the quorum change) should be backported to `testnet_conway` and released in a new SDK and validator hotfix. - [reviewer checklist](https://github.com/linera-io/linera-protocol/blob/main/CONTRIBUTING.md#reviewer-checklist)
afck
added a commit
that referenced
this pull request
Nov 19, 2025
Partial backport of #4978. ## Motivation The current `Committee` implementation is a bit complicated, and sometimes sets the quorum threshold higher than necessary. ## Proposal #4978 revealed an issue with the certificate handling logic in the worker: `committees_for` returns `ViewErrors` instead of `BlobsNotFound`/`EventsNotFound`, so the client fails to send the validators the admin chain if needed. This was fixed; I also kept minor cleanups I made while debugging this. I got a few stack overflows, so I doubled the client's Tokio thread stack size. ## Test Plan CI ## Release Plan - The fixes (but maybe not the quorum change) should be - released in a new SDK and - released in a validator hotfix. ## Links - PR to main: #4978 - [reviewer checklist](https://github.com/linera-io/linera-protocol/blob/main/CONTRIBUTING.md#reviewer-checklist)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
The current
Committeeimplementation is a bit complicated, and sometimes sets the quorum threshold higher than necessary.Proposal
The assumption is that$$N \geq 3 f + 1$$ , where $$f$$ is the fault tolerance, i.e. the maximum total votes of the faulty validators. The validity threshold is $$f + 1$$ . Given $$N$$ , the highest possible value for $$f$$ is therefore $$\lceil N / 3 \rceil - 1$$ .
The quorum threshold$$q$$ is minimal such that any two quorum intersect in at least a validity threshold (i.e. have at least one honest validator in common), i.e. $$2 q - N \geq f + 1$$ . Thus $$q = \lceil (N + f + 1) / 2 \rceil$$ .
In particular, if e.g.$$N = 3$$ , then $$f = 0$$ and $$q = 2$$ .
This change revealed an issue with the certificate handling logic in the worker:
committees_forreturnsViewErrorsinstead ofBlobsNotFound/EventsNotFound, so the client fails to send the validators the admin chain if needed.This was fixed; I also kept minor cleanups I made while debugging this. I got a few stack overflows, so I doubled the client's Tokio thread stack size.
Test Plan
CI
Release Plan
testnet_conwayand released in a new SDK and validator hotfix.Links