[Peras 9] Peras voting rules prep: parameters, arrival times, and CertDB updates #1784
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
agustinmista
force-pushed
the
peras/main-pr/new-defs-and-plumbing
branch
6 times, most recently
from
14229b9 to
85e4b39
Compare
tbagrel1
approved these changes
Dec 1, 2025
Contributor
tbagrel1
left a comment
tbagrel1
left a comment
There was a problem hiding this comment.
LGTM!
I think we may change the title of the PR though (and maybe part of its description) to better reflect that most changes are related to adding timestamps on certs and propagate the necessary stuff to make it work.
ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Peras/Params.hs
Outdated
Show resolved
Hide resolved
ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Peras/Params.hs
Outdated
Show resolved
Hide resolved
nbacquey
reviewed
Dec 1, 2025
Contributor
nbacquey
left a comment
nbacquey
left a comment
There was a problem hiding this comment.
Besides my comments, it seems ok to undraft
ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Peras/Params.hs
Show resolved
Hide resolved
ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Storage/PerasCertDB/API.hs
Outdated
Show resolved
Hide resolved
...consensus/test/consensus-test/Test/Consensus/MiniProtocol/ObjectDiffusion/PerasCert/Smoke.hs
Outdated
Show resolved
Hide resolved
ouroboros-consensus/test/storage-test/Test/Ouroboros/Storage/ChainDB/StateMachine.hs
Outdated
Show resolved
Hide resolved
ouroboros-consensus/test/storage-test/Test/Ouroboros/Storage/PerasCertDB/StateMachine.hs
Outdated
Show resolved
Hide resolved
agustinmista
force-pushed
the
peras/main-pr/new-defs-and-plumbing
branch
from
97685c7 to
64748d9
Compare
agustinmista
force-pushed
the
peras/main-pr/new-defs-and-plumbing
branch
2 times, most recently
from
013f36d to
590a1e6
Compare
agustinmista
changed the title
agustinmista
force-pushed
the
peras/main-pr/new-defs-and-plumbing
branch
from
590a1e6 to
95a3906
Compare
agustinmista
commented
Dec 3, 2025
Comment on lines
109
to
180
| let | ||
| runOutboundPeer outbound outboundChannel tracer = | ||
| runPeer | ||
| ((\x -> "Outbound (Client): " ++ show x) `contramap` tracer) | ||
| codecObjectDiffusionId | ||
| outboundChannel | ||
| (objectDiffusionOutboundPeer outbound) | ||
| >> pure () | ||
| runInboundPeer inbound inboundChannel tracer = | ||
| runPipelinedPeer | ||
| ((\x -> "Inbound (Server): " ++ show x) `contramap` tracer) | ||
| codecObjectDiffusionId | ||
| inboundChannel | ||
| (objectDiffusionInboundPeerPipelined inbound) | ||
| >> pure () | ||
| mkPoolInterfaces :: | ||
| forall m. | ||
| IOLike m => | ||
| m | ||
| ( ObjectPoolReader PerasRoundNo (PerasCert TestBlock) PerasCertTicketNo m | ||
| , ObjectPoolWriter PerasRoundNo (PerasCert TestBlock) m | ||
| , m [PerasCert TestBlock] | ||
| ) | ||
| mkPoolInterfaces = do | ||
| outboundPool <- newCertDB perasTestParams certs | ||
| inboundPool <- newCertDB perasTestParams [] | ||
| forAll arbitrary $ \systemTimeSeed -> | ||
| let | ||
| runOutboundPeer outbound outboundChannel tracer = | ||
| runPeer | ||
| ((\x -> "Outbound (Client): " ++ show x) `contramap` tracer) | ||
| codecObjectDiffusionId | ||
| outboundChannel | ||
| (objectDiffusionOutboundPeer outbound) | ||
| >> pure () | ||
| runInboundPeer inbound inboundChannel tracer = | ||
| runPipelinedPeer | ||
| ((\x -> "Inbound (Server): " ++ show x) `contramap` tracer) | ||
| codecObjectDiffusionId | ||
| inboundChannel | ||
| (objectDiffusionInboundPeerPipelined inbound) | ||
| >> pure () | ||
| mkPoolInterfaces :: | ||
| forall m. | ||
| IOLike m => | ||
| m | ||
| ( ObjectPoolReader PerasRoundNo (PerasCert TestBlock) PerasCertTicketNo m | ||
| , ObjectPoolWriter PerasRoundNo (PerasCert TestBlock) m | ||
| , m [PerasCert TestBlock] | ||
| ) | ||
| mkPoolInterfaces = do | ||
| systemTime <- mockSystemTime systemTimeSeed | ||
| outboundPool <- newCertDB perasTestParams systemTime certs | ||
| inboundPool <- newCertDB perasTestParams systemTime [] | ||
|
|
||
| let outboundPoolReader = makePerasCertPoolReaderFromCertDB outboundPool | ||
| inboundPoolWriter = makePerasCertPoolWriterFromCertDB inboundPool | ||
| getAllInboundPoolContent = atomically $ do | ||
| snap <- PerasCertDB.getCertSnapshot inboundPool | ||
| let rawContent = | ||
| Map.toAscList $ | ||
| PerasCertDB.getCertsAfter snap (PerasCertDB.zeroPerasCertTicketNo) | ||
| pure $ vpcCert . snd <$> rawContent | ||
| let outboundPoolReader = makePerasCertPoolReaderFromCertDB outboundPool | ||
| inboundPoolWriter = makePerasCertPoolWriterFromCertDB systemTime inboundPool | ||
| getAllInboundPoolContent = atomically $ do | ||
| snap <- PerasCertDB.getCertSnapshot inboundPool | ||
| let rawContent = | ||
| Map.toAscList $ | ||
| PerasCertDB.getCertsAfter snap (PerasCertDB.zeroPerasCertTicketNo) | ||
| pure $ vpcCert . forgetArrivalTime . snd <$> rawContent | ||
|
|
||
| return (outboundPoolReader, inboundPoolWriter, getAllInboundPoolContent) | ||
| in | ||
| prop_smoke_object_diffusion | ||
| protocolConstants | ||
| certs | ||
| runOutboundPeer | ||
| runInboundPeer | ||
| mkPoolInterfaces | ||
| return (outboundPoolReader, inboundPoolWriter, getAllInboundPoolContent) | ||
| in | ||
| prop_smoke_object_diffusion | ||
| protocolConstants | ||
| certs | ||
| runOutboundPeer | ||
| runInboundPeer | ||
| mkPoolInterfaces |
Contributor
Author
There was a problem hiding this comment.
FTR: actual changes here are minimal (masked by new indentation needed by forAll):
- Parameterize the property with the seed used to derive a mocked up
SystemTimeviaforAll, and - Instantiate a mocked up
SystemTimeand pass it around to the places needing it.
Contributor
There was a problem hiding this comment.
Enabling "Hide whitespace" in PR-review view config proves useful here.
agustinmista
force-pushed
the
peras/main-pr/new-defs-and-plumbing
branch
from
95a3906 to
c0e0683
Compare
agustinmista
requested review from
amesgen,
bladyjoker,
dnadales,
fraser-iohk,
geo2a,
jasagredo and
nfrisby
as code owners
agustinmista
force-pushed
the
peras/main-pr/new-defs-and-plumbing
branch
from
c0e0683 to
2957426
Compare
agustinmista
force-pushed
the
peras/main-pr/new-defs-and-plumbing
branch
from
2957426 to
d51b1a1
Compare
agustinmista
changed the base branch from
main
to
peras/main-pr/object-diffusion
dnadales
approved these changes
Dec 15, 2025
| -- The order of the first two operations (i.e., validation and timestamping) are | ||
| -- rather arbitrary, and the abstract Peras protocol just assumes it can happen | ||
| -- "within" a slot. | ||
| addPerasCerts :: |
Member
There was a problem hiding this comment.
How does the code that calls this function deal with a potential exception?
Contributor
Author
There was a problem hiding this comment.
My understanding is that certificate validation errors should be treated as fatal and trigger the disconnection from the peer.
@tbagrel1 @nbacquey do you know where such an exception could end up getting caught? I remember Alex mentioning that unhandled exceptions in a N2N app would eventually trigger a disconnection from the peer, but I would like my memory to be challenged 😅
Contributor
There was a problem hiding this comment.
In ObjectDiffusionV2 we have withInboundPipelinedPeer which is a bracket function to properly remove peer data from the global peer data map when an exception arise. But this is a slightly orthogonal concern, since the exception still bubbles up after.
I think that exception handling for the thread in charge of running the mini-protocol is defined higher-up in the call tree, probably even above ouroboros-network. From my understanding it's a per-peer disconnection handler, not a per-protocol one, so theoretically we should not have anything specific to do for the new Peras protocol.
Still, I'm on the hunt for the exact repo/location where this handling happens. I'll answer the thread again when I find it :)
Contributor
There was a problem hiding this comment.
Apparently:
- https://github.com/IntersectMBO/ouroboros-network/blob/main/network-mux/src/Network/Mux.hs#L453 catches an exception and rethrow it. This is supposed to ultimately shutdown the whole mux, as stated by this comment, but so far this is only a stated intention, as no disconnection has been done yet
- The exception is caught/handled here: https://github.com/IntersectMBO/ouroboros-network/blob/main/ouroboros-network/framework/lib/Ouroboros/Network/ConnectionHandler.hs#L282, and let
runRethrowPolicydecide of what to do (whichcmdto run). From https://github.com/IntersectMBO/ouroboros-network/blob/main/ouroboros-network/framework/lib/Ouroboros/Network/RethrowPolicy.hs#L119, we see that the command when we have anIOErroris toShutdownPeer, soclassifyExceptionsrethrows aExceptionInHandlerwrapping the underlying exception. The connection handlers with installedclassifyExceptionshandlers are returned as part ofmakeConnectionHandler - Connection handlers are used by
Ouroboros.Network.ConnectionManager.Core.with. InacquireOutboundConnectionImplfor example, when we don't already have a connection to the peer, we runforkConnectionHandlerin abracketOnErrorfunction responsible for closing the socket cleanly if an exception is raised.forkConnectionHandleralso has its owncleanupprocedure which might close the socket too but I don't know if this is this one or the one frombracketOnErrorabove that is triggered by a Miniprotocol exception. - At a higher level,
ConnectionManager.Core.withis used byOuroboros.Network.Diffusion.{run,runM,mkRemoteThread,mkLocalThread}
This should be taken with a pinch of salt; I may have missed an important handler. But in the end it seems that exceptions from mini-protocols just bubble-up until they reach the connection manager.
dnadales
reviewed
Dec 15, 2025
...boros-consensus-diffusion/changelog.d/20251201_130629_agustin.mista_new_defs_and_plumbing.md
Outdated
Show resolved
Hide resolved
agustinmista
force-pushed
the
peras/main-pr/new-defs-and-plumbing
branch
from
d51b1a1 to
c314f45
Compare
agustinmista
force-pushed
the
peras/main-pr/object-diffusion
branch
from
912bfdb to
2fd1498
Compare
agustinmista
force-pushed
the
peras/main-pr/new-defs-and-plumbing
branch
from
c314f45 to
bb97f3f
Compare
jasagredo
reviewed
Dec 16, 2025
| -- | ||
| -- These are documented in the section 2.1 of the Peras design report: | ||
| -- https://tweag.github.io/cardano-peras/peras-design.pdf#section.2.1 | ||
| data PerasParams = PerasParams |
Contributor
There was a problem hiding this comment.
Is this datatype expected to dissolve once we start the node? in the sense that its fields will be used in some computation and all will be evaluated?
Otherwise the fields should probably be strict.
Contributor
Author
There was a problem hiding this comment.
Actually, we can't have strict fields if we want to conserve the error for parameters with yet-to-be-defined default values. I made the ones with default values strict, and left the others lazy.
Contributor
There was a problem hiding this comment.
Then please add a TODO to be fixed eventually.
ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Storage/PerasCertDB/Impl.hs
Show resolved
Hide resolved
ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Block/SupportsPeras.hs
Show resolved
Hide resolved
...ouroboros-consensus/Ouroboros/Consensus/MiniProtocol/ObjectDiffusion/ObjectPool/PerasCert.hs
Outdated
Show resolved
Hide resolved
ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Peras/Params.hs
Show resolved
Hide resolved
| OpenDB :: Action Model () | ||
| CloseDB :: Action Model () | ||
| AddCert :: ValidatedPerasCert TestBlock -> Action Model AddPerasCertResult | ||
| AddCert :: WithArrivalTime (ValidatedPerasCert TestBlock) -> Action Model AddPerasCertResult |
Contributor
There was a problem hiding this comment.
Is the access to the PerasCertDB single threaded? If not, I think we should consider migrating to quickcheck-state-machine and defining some parallel properties to get confidence there cannot be a deadlock. That or using the new-ish support for parallel properties in quickcheck-dynamic but I don't know how polished is that.
Was there a particular reason to use quickcheck-dynamic from the start?
agustinmista
force-pushed
the
peras/main-pr/new-defs-and-plumbing
branch
from
bb97f3f to
43c1fdc
Compare
This commits introduces the module: Ouroboros.Consensus.Peras.Params To consolidate all the protocol parameters related to Peras in one place. Until we defined concrete BlockSupportsPeras for the different block types + HFC, all blocks satisfy: type PerasCfg blk = PerasParams Co-authored-by: Agustin Mista <[email protected]> Co-authored-by: Alexander Esgen <[email protected]> Co-authored-by: Georgy Lukyanov <[email protected]> Co-authored-by: Thomas BAGREL <[email protected]> Co-authored-by: Nicolas BACQUEY <[email protected]>
This commit adds a small helper to compute over Peras round numbers. Will be needed later on to implement the Peras voting rules. Co-authored-by: Agustin Mista <[email protected]> Co-authored-by: Alexander Esgen <[email protected]> Co-authored-by: Georgy Lukyanov <[email protected]> Co-authored-by: Thomas BAGREL <[email protected]> Co-authored-by: Nicolas BACQUEY <[email protected]>
This commit simplifies the interface of the HasPerasCertX typeclasses, removing the StandardHash superclass constraint, and splitting them into several smaller typeclasses. Co-authored-by: Agustin Mista <[email protected]> Co-authored-by: Alexander Esgen <[email protected]> Co-authored-by: Georgy Lukyanov <[email protected]> Co-authored-by: Thomas BAGREL <[email protected]> Co-authored-by: Nicolas BACQUEY <[email protected]>
This commit defines a generic WithArrivalTime combinator to wrap a value with its arrival time (as a Relative time). This is needed by Peras in several places, e.g., to evaluate the voting rules. Notably, we store a raw Relative time instead of a (arguably more apt) SlotNo or PerasRoundNo to defer as much as possible having to deal with the case where making this translation (timestamp -> slot/round) is not possible due to the HFC time translation horizon. Instead, the client will need to perform this translation in a context where such a failure cannot occur or can be more easily dealt with. Co-authored-by: Agustin Mista <[email protected]> Co-authored-by: Alexander Esgen <[email protected]> Co-authored-by: Georgy Lukyanov <[email protected]> Co-authored-by: Thomas BAGREL <[email protected]> Co-authored-by: Nicolas BACQUEY <[email protected]>
This commit wraps the existing ValidatedPerasCerts stored in the PerasCertDB with their corresponding arrival time. In addition, it adapts tests to use either a randomly generated arrival time, or (when appropriate) one generated by a monotonically increasing SystemTime. Co-authored-by: Agustin Mista <[email protected]> Co-authored-by: Alexander Esgen <[email protected]> Co-authored-by: Georgy Lukyanov <[email protected]> Co-authored-by: Thomas BAGREL <[email protected]> Co-authored-by: Nicolas BACQUEY <[email protected]>
This commit adds a method to the PerasCertDB API to retrieve the latest certificate seen. This is certificate needed to implement the Peras voting and must be kept around even after garbage collection. Because of this, we extend the internal state of the PerasCertDB to store this special certificate on the side, and (potentially) update it after new certificates are added to the database. Co-authored-by: Agustin Mista <[email protected]> Co-authored-by: Alexander Esgen <[email protected]> Co-authored-by: Georgy Lukyanov <[email protected]> Co-authored-by: Thomas BAGREL <[email protected]> Co-authored-by: Nicolas BACQUEY <[email protected]>
Co-authored-by: Agustin Mista <[email protected]> Co-authored-by: Alexander Esgen <[email protected]> Co-authored-by: Georgy Lukyanov <[email protected]> Co-authored-by: Thomas BAGREL <[email protected]> Co-authored-by: Nicolas BACQUEY <[email protected]>
agustinmista
force-pushed
the
peras/main-pr/new-defs-and-plumbing
branch
from
43c1fdc to
e7eadb3
Compare
fraser-iohk
approved these changes
Dec 17, 2025
Comment on lines
+50
to
+56
| -- | Minimum age in slots of a block before it can be voted for in order to get | ||
| -- a boost. | ||
| newtype PerasBlockMinSlots | ||
| = PerasBlockMinSlots {unPerasBlockMinSlots :: Word64} | ||
| deriving Show via Quiet PerasBlockMinSlots | ||
| deriving stock Generic | ||
| deriving newtype (Enum, Eq, Ord, NoThunks, Condense) |
Contributor
There was a problem hiding this comment.
could we call this PerasBlockMinimumSlotAge? do we need it to be shortened?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces some general changes and QoL improvements in anticipation to the introduction of the Peras voting rules. These are separated into hopefully digestible atomic commits:
Ouroboros.Consensus.Peras.Paramsmodule to keep track of Peras protocol parameters in a single place,onPerasRoundNo,HasPerasCertXfield projection typeclasses,WithArrivalTimecombinator to wrap values with aRelativeTime,getLatestCertSeenmethod to retrieve it.Please refer to the corresponding commit messages for more information.