Add VoteRegressionChecker

foriequal0 · foriequal0 · commit 7d6cb206ceec · 2019-09-26T19:33:48.000+09:00
diff --git a/core/src/consensus/tendermint/mod.rs b/core/src/consensus/tendermint/mod.rs
@@ -22,6 +22,7 @@ mod network;
 mod params;
 pub mod types;
 pub mod vote_collector;
+mod vote_regression_checker;
 mod worker;
 
 use std::sync::atomic::AtomicBool;
diff --git a/core/src/consensus/tendermint/vote_regression_checker.rs b/core/src/consensus/tendermint/vote_regression_checker.rs
@@ -0,0 +1,189 @@
+use consensus::{Step, VoteOn};
+use std::cmp::Ordering;
+
+pub struct VoteRegressionChecker {
+    last_vote: Option<VoteOn>,
+}
+
+impl VoteRegressionChecker {
+    pub fn new() -> VoteRegressionChecker {
+        VoteRegressionChecker {
+            last_vote: None,
+        }
+    }
+
+    pub fn check(&mut self, vote_on: &VoteOn) -> bool {
+        assert!(match vote_on.step.step {
+            Step::Propose | Step::Prevote | Step::Precommit => true,
+            _ => false,
+        });
+
+        let monotonic = if let Some(last_vote) = &self.last_vote {
+            match last_vote.step.cmp(&vote_on.step) {
+                Ordering::Less => true,
+                Ordering::Greater => false,
+                Ordering::Equal => last_vote.block_hash == vote_on.block_hash,
+            }
+        } else {
+            true
+        };
+
+        if monotonic {
+            self.last_vote = Some(vote_on.clone());
+        }
+        monotonic
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use consensus::VoteStep;
+    use primitives::H256;
+
+    #[test]
+    fn test_initial_set() {
+        let mut checker = VoteRegressionChecker::new();
+
+        let random_step = VoteStep::new(100, 10, Step::Prevote);
+        let random_hash = Some(H256::random());
+        assert!(checker.check(&VoteOn {
+            step: random_step,
+            block_hash: random_hash
+        }))
+    }
+
+    #[test]
+    #[should_panic]
+    fn test_disallow_commit() {
+        let mut checker = VoteRegressionChecker::new();
+
+        let random_commit_step = VoteStep::new(100, 10, Step::Commit);
+        let random_hash = Some(H256::random());
+        assert!(checker.check(&VoteOn {
+            step: random_commit_step,
+            block_hash: random_hash
+        }))
+    }
+
+    #[test]
+    fn test_allow_height_increase() {
+        let mut checker = VoteRegressionChecker::new();
+
+        checker.check(&VoteOn {
+            step: VoteStep::new(100, 10, Step::Prevote),
+            block_hash: Some(H256::random()),
+        });
+
+        assert!(checker.check(&VoteOn {
+            step: VoteStep::new(101, 10, Step::Prevote),
+            block_hash: Some(H256::random())
+        }))
+    }
+
+    #[test]
+    fn test_disallow_height_decrease() {
+        let mut checker = VoteRegressionChecker::new();
+
+        checker.check(&VoteOn {
+            step: VoteStep::new(100, 10, Step::Prevote),
+            block_hash: Some(H256::random()),
+        });
+
+        assert!(!checker.check(&VoteOn {
+            step: VoteStep::new(99, 10, Step::Prevote),
+            block_hash: Some(H256::random())
+        }))
+    }
+
+    #[test]
+    fn test_allow_view_increase() {
+        let mut checker = VoteRegressionChecker::new();
+
+        checker.check(&VoteOn {
+            step: VoteStep::new(100, 10, Step::Prevote),
+            block_hash: Some(H256::random()),
+        });
+
+        assert!(checker.check(&VoteOn {
+            step: VoteStep::new(100, 11, Step::Prevote),
+            block_hash: Some(H256::random())
+        }))
+    }
+
+    #[test]
+    fn test_disallow_view_decrease() {
+        let mut checker = VoteRegressionChecker::new();
+
+        checker.check(&VoteOn {
+            step: VoteStep::new(100, 10, Step::Prevote),
+            block_hash: Some(H256::random()),
+        });
+
+        assert!(!checker.check(&VoteOn {
+            step: VoteStep::new(100, 9, Step::Prevote),
+            block_hash: Some(H256::random())
+        }))
+    }
+
+    #[test]
+    fn test_allow_step_increased() {
+        let mut checker = VoteRegressionChecker::new();
+
+        checker.check(&VoteOn {
+            step: VoteStep::new(100, 10, Step::Prevote),
+            block_hash: Some(H256::random()),
+        });
+
+        assert!(checker.check(&VoteOn {
+            step: VoteStep::new(100, 10, Step::Precommit),
+            block_hash: Some(H256::random())
+        }))
+    }
+
+    #[test]
+    fn test_disallow_step_decreased() {
+        let mut checker = VoteRegressionChecker::new();
+
+        checker.check(&VoteOn {
+            step: VoteStep::new(100, 10, Step::Prevote),
+            block_hash: Some(H256::random()),
+        });
+
+        assert!(!checker.check(&VoteOn {
+            step: VoteStep::new(100, 10, Step::Propose),
+            block_hash: Some(H256::random())
+        }))
+    }
+
+    #[test]
+    fn test_allow_same_hash() {
+        let mut checker = VoteRegressionChecker::new();
+
+        let block_hash = Some(H256::random());
+        checker.check(&VoteOn {
+            step: VoteStep::new(100, 10, Step::Prevote),
+            block_hash,
+        });
+
+        assert!(checker.check(&VoteOn {
+            step: VoteStep::new(100, 10, Step::Prevote),
+            block_hash,
+        }))
+    }
+
+    #[test]
+    fn test_disallow_hash_change() {
+        let mut checker = VoteRegressionChecker::new();
+
+        checker.check(&VoteOn {
+            step: VoteStep::new(100, 10, Step::Prevote),
+            block_hash: Some(H256::random()),
+        });
+
+        assert!(!checker.check(&VoteOn {
+            step: VoteStep::new(100, 10, Step::Prevote),
+            block_hash: Some(H256::random()),
+        }))
+    }
+}
diff --git a/core/src/consensus/tendermint/worker.rs b/core/src/consensus/tendermint/worker.rs
@@ -37,6 +37,7 @@ use super::params::TimeGapParams;
 use super::stake::CUSTOM_ACTION_HANDLER_ID;
 use super::types::{Height, Proposal, Step, TendermintSealView, TendermintState, TwoThirdsMajority, View};
 use super::vote_collector::{DoubleVote, VoteCollector};
+use super::vote_regression_checker::VoteRegressionChecker;
 use super::{
     BlockHash, ENGINE_TIMEOUT_BROADCAST_STEP_STATE, ENGINE_TIMEOUT_EMPTY_PROPOSAL, ENGINE_TIMEOUT_TOKEN_NONCE_BASE,
     SEAL_FIELDS,
@@ -93,6 +94,7 @@ struct Worker {
     extension: EventSender<network::Event>,
     time_gap_params: TimeGapParams,
     timeout_token_nonce: usize,
+    vote_regression_checker: VoteRegressionChecker,
 }
 
 pub enum Event {
@@ -196,6 +198,7 @@ impl Worker {
             votes_received_changed: false,
             time_gap_params,
             timeout_token_nonce: ENGINE_TIMEOUT_TOKEN_NONCE_BASE,
+            vote_regression_checker: VoteRegressionChecker::new(),
         }
     }
 
@@ -1087,12 +1090,12 @@ impl Worker {
         }
 
         let header = sealed_block.header();
-        let parent_hash = header.parent_hash();
 
         if let TendermintState::ProposeWaitBlockGeneration {
             parent_hash: expected_parent_hash,
         } = self.step
         {
+            let parent_hash = header.parent_hash();
             assert_eq!(
                 *parent_hash, expected_parent_hash,
                 "Generated hash({:?}) is different from expected({:?})",
@@ -1498,6 +1501,8 @@ impl Worker {
             step: VoteStep::new(self.height, self.view, self.step.to_step()),
             block_hash,
         };
+        assert!(self.vote_regression_checker.check(&on), "Vote should not regress");
+
         let signature = self.signer.sign(on.hash())?;
 
         let vote = ConsensusMessage {
@@ -1523,6 +1528,8 @@ impl Worker {
             step: VoteStep::new(self.height, self.view, Step::Propose),
             block_hash: Some(*header.parent_hash()),
         };
+        assert!(self.vote_regression_checker.check(&on), "Vote should not regress");
+
         let signature = self.signer.sign(on.hash())?;
 
         let vote = ConsensusMessage {
