-
Notifications
You must be signed in to change notification settings - Fork 102
Conversation
40e0feb
to
7062902
Compare
// TODO: award some small portion of slashed to caller as incentive | ||
|
||
// Restore verified dataset allowance for verified clients. | ||
for _, deal := range verifiedDeals { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we will need to put this logic in processDealInitTimedOut
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Less code and better code 💯. This approach looks great, but some details are not quite right yet.
Some other notes:
We ended up with the cron actor's fixed-at-construction table not in this repo, but I guess replicated in each impl. The default parameters to the cron constructor probably belong here somewhere (and the market actor needs to be added).
Would a bitfield be strictly more efficient for storing a list of deal IDs, like in this ops queue, even though they are not expected to be as contiguous as sectors IDs? Even with large gaps, I'd expect the deltas to be less than the magnitudes.
@@ -82,7 +81,6 @@ func (a Actor) WithdrawBalance(rt Runtime, params *WithdrawBalanceParams) *adt.E | |||
rt.State().Transaction(&st, func() interface{} { | |||
// Before any operations that check the balance tables for funds, execute all deferred | |||
// deal state updates. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Replace this comment with something like "The withdrawable amount might be slightly less than nominal depending on whether all relevant entries have been processed by cron".
@@ -195,7 +192,7 @@ func (a Actor) PublishStorageDeals(rt Runtime, params *PublishStorageDealsParams | |||
rt.Abortf(exitcode.ErrIllegalState, "failed to load proposals array: %s", err) | |||
} | |||
|
|||
dbp, err := AsSetMultimap(adt.AsStore(rt), st.DealIDsByParty) | |||
dbp, err := AsSetMultimap(adt.AsStore(rt), st.DealOpsByEpoch) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: rename dbp
to dealOps
or similar
builtin.RequireSuccess(rt, code, "failed to burn funds") | ||
return nil | ||
} | ||
for i := st.LastCron; i <= rt.CurrEpoch(); i++ { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using the first key from the dbe
AMT would avoid the need to store this, and be more robust in case there's an error somewhere and this gets out of sync, leaving trash in the AMT.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But its not an AMT, so thats really doable
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ack, ok.
Not necessarily in this PR, but I'm increasingly thinking we should use an AMT for things indexed by epoch, so that we can traverse in order. The same goes for the cron callback table in the power actor. I think there's decent scope for bugs leading to missed events and junk state left behind otherwise, especially given that cron doesn't necessarily execute on the epoch scheduled (due to null rounds).
In this case, with the values as integers, it could be an AMT of bitfields; the power actor needs to store more metadata tho.
Deals []abi.DealID // TODO: RLE | ||
} | ||
if nextEpoch != 0 { | ||
Assert(nextEpoch <= rt.CurrEpoch()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be nextEpoch > rt.CurrEpoch()
|
||
_, code := rt.Send(builtin.BurntFundsActorAddr, builtin.MethodSend, nil, slashedAmount) | ||
builtin.RequireSuccess(rt, code, "failed to burn funds") | ||
_, e := rt.Send(builtin.BurntFundsActorAddr, 0, nil, amountSlashed) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No reason I can see not to use builtin.MethodSend
for clarity here
@@ -511,7 +465,7 @@ func dealGetPaymentRemaining(deal *DealProposal, epoch abi.ChainEpoch) abi.Token | |||
} | |||
|
|||
func (st *State) MutateDealIDs(rt Runtime, f func(dbp *SetMultimap) error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You deleted the only caller of this from deleteDeals
, but we should be careful because that means obsolete deal ids can be left in the ops queue state here.
@@ -38,9 +37,9 @@ func (mm *SetMultimap) Root() (cid.Cid, error) { | |||
return mm.mp.Root() | |||
} | |||
|
|||
func (mm *SetMultimap) Put(key address.Address, v abi.DealID) error { | |||
func (mm *SetMultimap) Put(epoch abi.ChainEpoch, v abi.DealID) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aside: since this is now used for only one purpose, we could rename it to reflect that, as DealOpQueue or similar.
} | ||
return | ||
return amountSlashed, 0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I understand it, returning a zero epoch here means the deal will be forgotten about forever in terms of state updates. There's no longer a manual path by which a client or miner could trigger it. So returning zero should be the special, rare case though this method, only when a deal is deleted from state. All the other cases should return some future processing epoch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I actually think the case youre commenting on will never be hit, it would mean that we called this method for a deal that hasnt been proven, before its starting deadline. Nothing registers a callback for deals at that point, so we really shouldnt ever hit that. I could call abort here, but i'm not 100% sure
} | ||
|
||
if deal.StartEpoch > epoch { | ||
return | ||
return amountSlashed, 0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Like here, I think the deal should be next processed at the start epoch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, i'd say theres nothing to do even at the start epoch, we probably want to schedule this to run again 100 blocks after the start epoch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And I also think this case can never be hit, as we are explicitly scheduling the update to happen at StartEpoch, this shouldnt be able to happen.
See #326 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this. Just minor comments.
0d28bae
to
8abe31a
Compare
Thanks. While approved, I request you don't land this for a couple of days so as not to introduce any uncertainty of un-exercised code into our current interop efforts. We may still need to push through some quick fixes that we want to consume quickly and minimally. If you object to that, or if this lasts more than a few days, we can pick up the effort of maintaining a release branch for interop (which we will do later anyway). |
ccc878f
to
dc3d6cc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Last commit LGTM too
* improve deal accounting performance * rerun cborgen * clean up method tables * address review feedback * Correctly handle deal state not found * a bit more cleanup * properly process timed out verified deal reimbursements * reuse balance table instances * finish addressing feedback from @anorth * add to cron tick * fix handling of deal state initialization
This should accomplish the same thing, except now payments for storage deals only happen once every hundred blocks or so (not bucketed though, otherwise that would create hot spots)