IntersectMBO
diff --git a/‎ouroboros-network-framework/src/Ouroboros/Network/Driver/Limits.hs
Lines changed: 194 additions & 1 deletion b/‎ouroboros-network-framework/src/Ouroboros/Network/Driver/Limits.hs
Lines changed: 194 additions & 1 deletion
diff --git a/‎ouroboros-network-protocols/ouroboros-network-protocols.cabal
Lines changed: 1 addition & 0 deletions b/‎ouroboros-network-protocols/ouroboros-network-protocols.cabal
Lines changed: 1 addition & 0 deletions
diff --git a/‎ouroboros-network-protocols/src/Ouroboros/Network/Protocol/ChainSync/Codec.hs
Lines changed: 39 additions & 31 deletions b/‎ouroboros-network-protocols/src/Ouroboros/Network/Protocol/ChainSync/Codec.hs
Lines changed: 39 additions & 31 deletions
@@ -22,14 +22,19 @@ module Ouroboros.Network.Driver.Limits
     -- * Normal peers
   , runPeerWithLimits
   , runPipelinedPeerWithLimits
+  , runPeerWithLimitsRnd
+  , runPipelinedPeerWithLimitsRnd
   , TraceSendRecv (..)
     -- * Driver utilities
   , driverWithLimits
   , runConnectedPeersWithLimits
   , runConnectedPipelinedPeersWithLimits
+  , runConnectedPeersWithLimitsRnd
+  , runConnectedPipelinedPeersWithLimitsRnd
   ) where
 
 import Data.Maybe (fromMaybe)
+import System.Random
 
 import Control.Monad.Class.MonadAsync
 import Control.Monad.Class.MonadFork
@@ -105,6 +110,65 @@ driverWithLimits tracer timeoutFn
         Nothing                    -> throwIO (ExceededTimeLimit tok)
 
 
+driverWithLimitsRnd :: forall ps (pr :: PeerRole) failure bytes m.
+                       ( MonadThrow m
+                       , ShowProxy ps
+                       , forall (st' :: ps) tok. tok ~ StateToken st' => Show tok
+                       , Show failure
+                       )
+                    => Tracer m (TraceSendRecv ps)
+                    -> TimeoutFn m
+                    -> StdGen
+                    -> Codec ps failure m bytes
+                    -> ProtocolSizeLimits ps bytes
+                    -> (StdGen -> ProtocolTimeLimits ps)
+                    -> Channel m bytes
+                    -> Driver ps pr (Maybe bytes, StdGen) m
+driverWithLimitsRnd tracer timeoutFn rnd0
+                    Codec{encode, decode}
+                    ProtocolSizeLimits{sizeLimitForState, dataSize}
+                    genProtocolTimeLimits
+                    channel@Channel{send} =
+    Driver { sendMessage, recvMessage, initialDState = (Nothing, rnd0) }
+  where
+    sendMessage :: forall (st :: ps) (st' :: ps).
+                   StateTokenI st
+                => ActiveState st
+                => WeHaveAgencyProof pr st
+                -> Message ps st st'
+                -> m ()
+    sendMessage !_ msg = do
+      send (encode msg)
+      traceWith tracer (TraceSendMsg (AnyMessage msg))
+
+
+    recvMessage :: forall (st :: ps).
+                   StateTokenI st
+                => ActiveState st
+                => TheyHaveAgencyProof pr st
+                -> (Maybe bytes, StdGen)
+                -> m (SomeMessage st, (Maybe bytes, StdGen))
+    recvMessage !_ (trailing, !rnd) = do
+      let tok = stateToken
+      decoder <- decode tok
+      let sizeLimit = sizeLimitForState @st stateToken
+
+      let (rnd', rnd'') = split rnd
+          ProtocolTimeLimits{timeLimitForState} = genProtocolTimeLimits rnd''
+          timeLimit = fromMaybe (-1) $ timeLimitForState @st stateToken
+      result  <- timeoutFn timeLimit $
+                   runDecoderWithLimit sizeLimit dataSize
+                                       channel trailing decoder
+
+      case result of
+        Just (Right (x@(SomeMessage msg), trailing')) -> do
+          traceWith tracer (TraceRecvMsg (AnyMessage msg))
+          return (x, (trailing', rnd'))
+        Just (Left (Just failure)) -> throwIO (DecoderFailure tok failure)
+        Just (Left Nothing)        -> throwIO (ExceededSizeLimit tok)
+        Nothing                    -> throwIO (ExceededTimeLimit tok)
+
+
 runDecoderWithLimit
     :: forall m bytes failure a. Monad m
     => Word
@@ -152,7 +216,8 @@ runDecoderWithLimit limit size Channel{recv} =
                        Just bs -> do let sz' = sz + size bs
                                      go sz' Nothing =<< k (Just bs)
 
-
+-- | Run a peer with limits.
+--
 runPeerWithLimits
   :: forall ps (st :: ps) pr failure bytes m a .
      ( MonadAsync m
@@ -175,6 +240,37 @@ runPeerWithLimits tracer codec slimits tlimits channel peer =
     withTimeoutSerial $ \timeoutFn ->
       let driver = driverWithLimits tracer timeoutFn codec slimits tlimits channel
       in runPeerWithDriver driver peer
+
+
+-- | Run a peer with limits.  'ProtocolTimeLimits' have access to
+-- a pseudorandom generator.
+--
+runPeerWithLimitsRnd
+  :: forall ps (st :: ps) pr failure bytes m a .
+     ( MonadAsync m
+     , MonadFork m
+     , MonadMask m
+     , MonadThrow (STM m)
+     , MonadTimer m
+     , ShowProxy ps
+     , forall (st' :: ps) stok. stok ~ StateToken st' => Show stok
+     , Show failure
+     )
+  => Tracer m (TraceSendRecv ps)
+  -> StdGen
+  -> Codec ps failure m bytes
+  -> ProtocolSizeLimits ps bytes
+  -> (StdGen -> ProtocolTimeLimits ps)
+  -> Channel m bytes
+  -> Peer ps pr NonPipelined st m a
+  -> m (a, Maybe bytes)
+runPeerWithLimitsRnd tracer rnd codec slimits tlimits channel peer =
+    withTimeoutSerial $ \timeoutFn ->
+      let driver = driverWithLimitsRnd tracer timeoutFn rnd codec slimits tlimits channel
+      in     (\(a, (trailing, _)) -> (a, trailing))
+         <$> runPeerWithDriver driver peer
+
+
 -- | Run a pipelined peer with the given channel via the given codec.
 --
 -- This runs the peer to completion (if the protocol allows for termination).
@@ -206,6 +302,35 @@ runPipelinedPeerWithLimits tracer codec slimits tlimits channel peer =
       in runPipelinedPeerWithDriver driver peer
 
 
+-- | Like 'runPipelinedPeerWithLimits' but time limits have access to
+-- a pseudorandom generator.
+--
+runPipelinedPeerWithLimitsRnd
+  :: forall ps (st :: ps) pr failure bytes m a.
+     ( MonadAsync m
+     , MonadFork m
+     , MonadMask m
+     , MonadTimer m
+     , MonadThrow (STM m)
+     , ShowProxy ps
+     , forall (st' :: ps) stok. stok ~ StateToken st' => Show stok
+     , Show failure
+     )
+  => Tracer m (TraceSendRecv ps)
+  -> StdGen
+  -> Codec ps failure m bytes
+  -> ProtocolSizeLimits ps bytes
+  -> (StdGen -> ProtocolTimeLimits ps)
+  -> Channel m bytes
+  -> PeerPipelined ps pr st m a
+  -> m (a, Maybe bytes)
+runPipelinedPeerWithLimitsRnd tracer rnd codec slimits tlimits channel peer =
+    withTimeoutSerial $ \timeoutFn ->
+      let driver = driverWithLimitsRnd tracer timeoutFn rnd codec slimits tlimits channel
+      in     (\(a, (trailing, _)) -> (a, trailing))
+         <$> runPipelinedPeerWithDriver driver peer
+
+
 -- | Run two 'Peer's via a pair of connected 'Channel's and a common 'Codec'.
 -- The client side is using 'driverWithLimits'.
 --
@@ -248,6 +373,41 @@ runConnectedPeersWithLimits createChannels tracer codec slimits tlimits client s
     tracerServer = contramap ((,) Server) tracer
 
 
+runConnectedPeersWithLimitsRnd
+  :: forall ps pr st failure bytes m a b.
+     ( MonadAsync       m
+     , MonadFork        m
+     , MonadMask        m
+     , MonadTimer       m
+     , MonadThrow  (STM m)
+     , Exception failure
+     , ShowProxy ps
+     , forall (st' :: ps) sing. sing ~ StateToken st' => Show sing
+     )
+  => m (Channel m bytes, Channel m bytes)
+  -> Tracer m (Role, TraceSendRecv ps)
+  -> StdGen
+  -> Codec ps failure m bytes
+  -> ProtocolSizeLimits ps bytes
+  -> (StdGen -> ProtocolTimeLimits ps)
+  -> Peer ps             pr  NonPipelined st m a
+  -> Peer ps (FlipAgency pr) NonPipelined st m b
+  -> m (a, b)
+runConnectedPeersWithLimitsRnd createChannels tracer rnd codec slimits tlimits client server =
+    createChannels >>= \(clientChannel, serverChannel) ->
+
+    (do labelThisThread "client"
+        fst <$> runPeerWithLimitsRnd
+                        tracerClient rnd codec slimits tlimits
+                                     clientChannel client)
+      `concurrently`
+    (do labelThisThread "server"
+        fst <$> runPeer tracerServer codec serverChannel server)
+  where
+    tracerClient = contramap ((,) Client) tracer
+    tracerServer = contramap ((,) Server) tracer
+
+
 -- | Run two 'Peer's via a pair of connected 'Channel's and a common 'Codec'.
 -- The client side is using 'driverWithLimits'.
 --
@@ -286,3 +446,36 @@ runConnectedPipelinedPeersWithLimits createChannels tracer codec slimits tlimits
   where
     tracerClient = contramap ((,) Client) tracer
     tracerServer = contramap ((,) Server) tracer
+
+
+runConnectedPipelinedPeersWithLimitsRnd
+  :: forall ps pr st failure bytes m a b.
+     ( MonadAsync      m
+     , MonadFork       m
+     , MonadMask       m
+     , MonadTimer      m
+     , MonadThrow (STM m)
+     , Exception failure
+     , ShowProxy ps
+     , forall (st' :: ps) sing. sing ~ StateToken st' => Show sing
+     )
+  => m (Channel m bytes, Channel m bytes)
+  -> Tracer m (Role, TraceSendRecv ps)
+  -> StdGen
+  -> Codec ps failure m bytes
+  -> ProtocolSizeLimits ps bytes
+  -> (StdGen -> ProtocolTimeLimits ps)
+  -> PeerPipelined ps    pr               st m a
+  -> Peer ps (FlipAgency pr) NonPipelined st m b
+  -> m (a, b)
+runConnectedPipelinedPeersWithLimitsRnd createChannels tracer rnd codec slimits tlimits client server =
+    createChannels >>= \(clientChannel, serverChannel) ->
+
+    (fst <$> runPipelinedPeerWithLimitsRnd
+                     tracerClient rnd codec slimits tlimits
+                                        clientChannel client)
+      `concurrently`
+    (fst <$> runPeer tracerServer codec serverChannel server)
+  where
+    tracerClient = contramap ((,) Client) tracer
+    tracerServer = contramap ((,) Server) tracer
@@ -105,6 +105,7 @@ library
     nothunks,
     ouroboros-network-api ^>=0.9.0,
     quiet,
+    random,
     serialise,
     si-timers,
     singletons,
 
@@ -1,7 +1,6 @@
 {-# LANGUAGE DataKinds           #-}
 {-# LANGUAGE FlexibleContexts    #-}
 {-# LANGUAGE GADTs               #-}
-{-# LANGUAGE NamedFieldPuns      #-}
 {-# LANGUAGE PolyKinds           #-}
 {-# LANGUAGE RankNTypes          #-}
 {-# LANGUAGE ScopedTypeVariables #-}
@@ -11,19 +10,21 @@ module Ouroboros.Network.Protocol.ChainSync.Codec
   , codecChainSyncId
   , byteLimitsChainSync
   , timeLimitsChainSync
-  , ChainSyncTimeout (..)
+  , maxChainSyncTimeout
+  , minChainSyncTimeout
   ) where
 
 import Control.Monad.Class.MonadST
 import Control.Monad.Class.MonadTime.SI
 
-import Network.TypedProtocol.Codec.CBOR
+import Network.TypedProtocol.Codec.CBOR hiding (encode, decode)
 
 import Ouroboros.Network.Protocol.ChainSync.Type
 import Ouroboros.Network.Protocol.Limits
 
 import Data.ByteString.Lazy qualified as LBS
 import Data.Singletons (withSingI)
+import System.Random (StdGen, randomR)
 
 import Codec.CBOR.Decoding (decodeListLen, decodeWord)
 import Codec.CBOR.Decoding qualified as CBOR
@@ -47,20 +48,18 @@ byteLimitsChainSync = ProtocolSizeLimits stateToLimit
     stateToLimit SingIntersect            = smallByteLimit
     stateToLimit a@SingDone               = notActiveState a
 
--- | Configurable timeouts
---
--- These are configurable for at least the following reasons.
+
+-- | Chain sync `mustReplayTimeout` lower bound.
 --
--- o So that deployment and testing can use different values.
+minChainSyncTimeout :: DiffTime
+minChainSyncTimeout = 135
+
+
+-- | Chain sync `mustReplayTimeout` upper bound.
 --
--- o So that a net running Praos can better cope with streaks of empty slots.
---   (See @intersectmbo/ouroboros-network#2245@.)
-data ChainSyncTimeout = ChainSyncTimeout
-  { canAwaitTimeout  :: Maybe DiffTime
-  , intersectTimeout :: Maybe DiffTime
-  , mustReplyTimeout :: Maybe DiffTime
-  , idleTimeout      :: Maybe DiffTime
-  }
+maxChainSyncTimeout :: DiffTime
+maxChainSyncTimeout = 269
+
 
 -- | Time Limits
 --
@@ -69,26 +68,35 @@ data ChainSyncTimeout = ChainSyncTimeout
 -- > 'TokNext TokMustReply'  the given 'mustReplyTimeout'
 -- > 'TokIntersect'          the given 'intersectTimeout'
 timeLimitsChainSync :: forall header point tip.
-                       ChainSyncTimeout
+                       StdGen
                     -> ProtocolTimeLimits (ChainSync header point tip)
-timeLimitsChainSync csTimeouts = ProtocolTimeLimits stateToLimit
+timeLimitsChainSync rnd = ProtocolTimeLimits stateToLimit
   where
-    ChainSyncTimeout
-      { canAwaitTimeout
-      , intersectTimeout
-      , mustReplyTimeout
-      , idleTimeout
-      } = csTimeouts
-
     stateToLimit :: forall (st :: ChainSync header point tip).
                     ActiveState st => StateToken st -> Maybe DiffTime
-    stateToLimit SingIdle                 = idleTimeout
-    stateToLimit (SingNext SingCanAwait)  = canAwaitTimeout
-    stateToLimit (SingNext SingMustReply) = mustReplyTimeout
-    stateToLimit SingIntersect            = intersectTimeout
-    stateToLimit a@SingDone               = notActiveState a
-
--- | Codec for chain sync that encodes/decodes headers
+    stateToLimit SingIdle                 = Just 3673
+    stateToLimit SingIntersect            = shortWait
+    stateToLimit (SingNext SingCanAwait)  = shortWait
+    stateToLimit (SingNext SingMustReply) =
+      -- We draw from a range for which streaks of empty slots ranges
+      -- from 0.0001% up to 1% probability.
+      -- t = T_s [log (1-Y) / log (1-f)]
+      -- Y = [0.99, 0.999...]
+      -- T_s = slot length of 1s.
+      -- f = 0.05
+      -- The timeout is randomly picked per state to avoid all peers go down at
+      -- the same time in case of a long streak of empty slots, and thus to
+      -- avoid global synchronisation.  The timeout is picked uniformly from
+      -- the interval 135 - 269, which corresponds to 99.9% to
+      -- 99.9999% thresholds.
+      let timeout :: DiffTime
+          timeout = realToFrac . fst
+                  . randomR ( realToFrac minChainSyncTimeout :: Double
+                            , realToFrac maxChainSyncTimeout :: Double
+                            )
+                  $ rnd
+      in Just timeout
+    stateToLimit a@SingDone = notActiveState a
 --
 -- NOTE: See 'wrapCBORinCBOR' and 'unwrapCBORinCBOR' if you want to use this
 -- with a header type that has annotations.