|
| 1 | +--- |
| 2 | +order: 6 |
| 3 | +title: ABCI++ extra |
| 4 | +--- |
| 5 | +# Introduction |
| 6 | + |
| 7 | +In the section [CometBFT's expected behaviour](./abci++_comet_expected_behavior.md#valid-method-call-sequences), |
| 8 | +we presented the most common behaviour, usually referred to as the good case. |
| 9 | +However, the grammar specified in the same section is more general and covers more scenarios |
| 10 | +that an Application designer needs to account for. |
| 11 | + |
| 12 | +In this section, we give more information about these possible scenarios. We focus on methods |
| 13 | +introduced by ABCI++: `PrepareProposal` and `ProcessProposal`. Specifically, we concentrate |
| 14 | +on the part of the grammar presented below. |
| 15 | + |
| 16 | +```abnf |
| 17 | +consensus-height = *consensus-round decide commit |
| 18 | +consensus-round = proposer / non-proposer |
| 19 | +
|
| 20 | +proposer = [prepare-proposal process-proposal] |
| 21 | +non-proposer = [process-proposal] |
| 22 | +``` |
| 23 | + |
| 24 | +We can see from the grammar that we can have several rounds before deciding a block. The reasons |
| 25 | +why one round may not be enough are: |
| 26 | +* network asynchrony, and |
| 27 | +* a Byzantine process being the proposer. |
| 28 | + |
| 29 | +If we assume that the consensus algorithm decides on block $X$ in round $r$, in the rounds |
| 30 | +$r' <= r$, CometBFT can exhibit any of the following behaviours: |
| 31 | + |
| 32 | +1. Call `PrepareProposal` and/or `ProcessProposal` for block $X$. |
| 33 | +1. Call `PrepareProposal` and/or `ProcessProposal` for block $Y \neq X$. |
| 34 | +1. Does not call `PrepareProposal` and/or `ProcessProposal`. |
| 35 | + |
| 36 | +In the rounds when it is the proposer, CometBFT's `PrepareProposal` call is always followed by the |
| 37 | +`ProcessProposal` call. The reason is that the process always delivers the proposal to itself, which |
| 38 | +triggers the `ProcessProposal` call. |
| 39 | + |
| 40 | +As the number of rounds the consensus algorithm needs to decide in a given run is a priori unknown, the |
| 41 | +application needs to account for any number of rounds, where each round can exhibit any of these three |
| 42 | +behaviours. Recall that the application is unaware of the internals of consensus and thus of the rounds. |
| 43 | + |
| 44 | +# Possible scenarios |
| 45 | +The unknown number of rounds we can have when following the consensus algorithm yields a vast number of |
| 46 | +scenarios we can expect. Listing them all is unfeasible. However, here we give several of them and draw the |
| 47 | +main conclusions. Specifically, we will show that before block $X$ is decided: |
| 48 | + |
| 49 | +1. On a correct node, `PrepareProposal` may be called multiple times and for different blocks ([**Scenario 1**](#scenario-1)). |
| 50 | +1. On a correct node, `ProcessProposal` may be called multiple times and for different blocks ([**Scenario 2**](#scenario-2)). |
| 51 | +1. On a correct node, `PrepareProposal` and `ProcessProposal` for block $X$ may not be called ([**Scenario 3**](#scenario-3)). |
| 52 | +1. On a correct node, `PrepareProposal` and `ProcessProposal` may not be called at all ([**Scenario 4**](#scenario-4)). |
| 53 | + |
| 54 | + |
| 55 | +## Basic information |
| 56 | + |
| 57 | +Each scenario is presented from the perspective of a process $p$. More precisely, we show what happens in |
| 58 | +each round's $step$ of the [Tendermint consensus algorithm](https://arxiv.org/pdf/1807.04938.pdf). While in |
| 59 | +practice the consensus algorithm works with respect to voting power of the validators, in this document |
| 60 | +we refer to number of processes (e.g., $n$, $f+1$, $2f+1$) for simplicity. The legend is below: |
| 61 | + |
| 62 | +### Round X: |
| 63 | + |
| 64 | +1. **Propose:** Describes what happens while $step_p = propose$. |
| 65 | +1. **Prevote:** Describes what happens while $step_p = prevote$. |
| 66 | +1. **Precommit:** Describes what happens while $step_p = precommit$. |
| 67 | + |
| 68 | +## Scenario 1 |
| 69 | + |
| 70 | +$p$ calls `ProcessProposal` many times with different values. |
| 71 | + |
| 72 | +### Round 0: |
| 73 | + |
| 74 | +1. **Propose:** The proposer of this round is a Byzantine process, and it chooses not to send the proposal |
| 75 | +message. Therefore, $p$'s $timeoutPropose$ expires, it sends $Prevote$ for $nil$, and it does not call |
| 76 | +`ProcessProposal`. All correct processes do the same. |
| 77 | +1. **Prevote:** $p$ eventually receives $2f+1$ $Prevote$ messages for $nil$ and starts $timeoutPrevote$. |
| 78 | +When $timeoutPrevote$ expires it sends $Precommit$ for $nil$. |
| 79 | +1. **Precommit:** $p$ eventually receives $2f+1$ $Precommit$ messages for $nil$ and starts $timeoutPrecommit$. |
| 80 | +When it expires, it moves to the next round. |
| 81 | + |
| 82 | +### Round 1: |
| 83 | + |
| 84 | +1. **Propose:** A correct process is the proposer in this round. Its $validValue$ is $nil$, and it is free |
| 85 | +to generate and propose a new block $Y$. Process $p$ receives this proposal in time, calls `ProcessProposal` |
| 86 | +for block $Y$, and broadcasts a $Prevote$ message for it. |
| 87 | +1. **Prevote:** Due to network asynchrony less than $2f+1$ processes send $Prevote$ for this block. |
| 88 | +Therefore, $p$ does not update $validValue$ in this round. |
| 89 | +1. **Precommit:** Since less than $2f+1$ processes send $Prevote$, no correct process will lock on this |
| 90 | +block and send $Precommit$ message. As a consequence, $p$ does not decide on $Y$. |
| 91 | + |
| 92 | +### Round 2: |
| 93 | + |
| 94 | +1. **Propose:** Same as in [**Round 1**](#round-1), just another correct process is the proposer, and it |
| 95 | +proposes another value $Z$. Process $p$ receives the proposal on time, calls `ProcessProposal` for new block |
| 96 | +$Z$, and broadcasts a $Prevote$ message for it. |
| 97 | +1. **Prevote:** Same as in [**Round 1**](#round-1). |
| 98 | +1. **Precommit:** Same as in [**Round 1**](#round-1). |
| 99 | + |
| 100 | + |
| 101 | +Rounds like these can continue until we have a round in which process $p$ updates its $validValue$ or until |
| 102 | +we reach round $r$ where process $p$ decides on a block. After that, it will not call `ProcessProposal` |
| 103 | +anymore for this height. |
| 104 | + |
| 105 | +## Scenario 2 |
| 106 | + |
| 107 | +$p$ calls `PrepareProposal` many times with different values. |
| 108 | + |
| 109 | +### Round 0: |
| 110 | + |
| 111 | +1. **Propose:** Process $p$ is the proposer in this round. Its $validValue$ is $nil$, and it is free to |
| 112 | +generate and propose new block $Y$. Before proposing, it calls `PrepareProposal` for $Y$. After that, it |
| 113 | +broadcasts the proposal, delivers it to itself, calls `ProcessProposal` and broadcasts $Prevote$ for it. |
| 114 | +1. **Prevote:** Due to network asynchrony less than $2f+1$ processes receive the proposal on time and send |
| 115 | +$Prevote$ for it. Therefore, $p$ does not update $validValue$ in this round. |
| 116 | +1. **Precommit:** Since less than $2f+1$ processes send $Prevote$, no correct process will lock on this |
| 117 | +block and send non-$nil$ $Precommit$ message. As a consequence, $p$ does not decide on $Y$. |
| 118 | + |
| 119 | +After this round, we can have multiple rounds like those in [Scenario 1](#scenario-1). The important thing |
| 120 | +is that process $p$ should not update its $validValue$. Consequently, when process $p$ reaches the round |
| 121 | +when it is again the proposer, it will ask the mempool for the new block again, and the mempool may return a |
| 122 | +different block $Z$, and we can have the same round as [Round 0](#round-0-1) just for a different block. As |
| 123 | +a result, process $p$ calls `PrepareProposal` again but for a different value. When it reaches round $r$ |
| 124 | +some process will propose block $X$ and if $p$ receives $2f+1$ $Precommit$ messages, it will decide on this |
| 125 | +value. |
| 126 | + |
| 127 | + |
| 128 | +## Scenario 3 |
| 129 | + |
| 130 | +$p$ calls `PrepareProposal` and `ProcessProposal` for many values, but decides on a value for which it did |
| 131 | +not call `PrepareProposal` or `ProcessProposal`. |
| 132 | + |
| 133 | +In this scenario, in all rounds before $r$ we can have any round presented in [Scenario 1](#scenario-1) or |
| 134 | +[Scenario 2](#scenario-2). What is important is that: |
| 135 | +- no proposer proposed block $X$ or if it did, process $p$, due to asynchrony, did not receive it in time, |
| 136 | +so it did not call `ProcessProposal`, and |
| 137 | + |
| 138 | +- if $p$ was the proposer it proposed some other value $\neq X$. |
| 139 | + |
| 140 | +### Round $r$: |
| 141 | + |
| 142 | +1. **Propose:** A correct process is the proposer in this round, and it proposes block $X$. |
| 143 | +Due to asynchrony, the proposal message arrives to process $p$ after its $timeoutPropose$ |
| 144 | +expires and it sends $Prevote$ for $nil$. Consequently, process $p$ does not call |
| 145 | +`ProcessProposal` for block $X$. However, the same proposal arrives at other processes |
| 146 | +before their $timeoutPropose$ expires, and they send $Prevote$ for this proposal. |
| 147 | +1. **Prevote:** Process $p$ receives $2f+1$ $Prevote$ messages for proposal $X$, updates correspondingly its |
| 148 | +$validValue$ and $lockedValue$ and sends $Precommit$ message. All correct processes do the same. |
| 149 | +1. **Precommit:** Finally, process $p$ receives $2f+1$ $Precommit$ messages, and decides on block $X$. |
| 150 | + |
| 151 | + |
| 152 | + |
| 153 | +## Scenario 4 |
| 154 | + |
| 155 | +[Scenario 3](#scenario-3) can be translated into a scenario where $p$ does not call `PrepareProposal` and |
| 156 | +`ProcessProposal` at all. For this, it is necessary that process $p$ is not the proposer in any of the |
| 157 | +rounds $0 <= r' <= r$ and that due to network asynchrony or Byzantine proposer, it does not receive the |
| 158 | +proposal before $timeoutPropose$ expires. As a result, it will enter round $r$ without calling |
| 159 | +`PrepareProposal` and `ProcessProposal` before it, and as shown in Round $r$ of [Scenario 3](#scenario-3) it |
| 160 | +will decide in this round. Again without calling any of these two calls. |
| 161 | + |
0 commit comments