Merge pull request #3019 from ProvableHQ/fix/restore-pending-blocks

[Feat] Restore PendingBlocks API

Author: vicsn

.circleci/semver-checks.sh

@@ -1,10 +1,13 @@
 #! /bin/bash
 
+set -x
+
+BASELINE_REV=acd55ad100550 # UPDATE ME ON NECESSARY BREAKING CHANGES
+
 # Ensure that the command is installed.
 cargo install [email protected] --locked
 
-BASELINE_REV=dec54170ce # UPDATE ME ON NECESSARY BREAKING CHANGES
+# Ensure we can find the baseline revision
+git fetch --unshallow || true
 
-# Exclude CLI as it has been removed
-cargo semver-checks --workspace --default-features \
-  --exclude=snarkvm-cli --baseline-rev $BASELINE_REV
+cargo semver-checks --workspace --default-features --baseline-rev $BASELINE_REV

ledger/src/check_next_block.rs

@@ -19,25 +19,112 @@ use crate::narwhal::BatchHeader;
 
 use anyhow::{Context, bail};
 
+/// Wrapper for a block that has a valid subDAG, but where the block header,
+/// solutions, and transmissions have not been verified yet.
+///
+/// This type is created by `Ledger::check_block_subdag` and consumed by `Ledger::check_block_content`.
+#[derive(Clone, PartialEq, Eq)]
+pub struct PendingBlock<N: Network>(Block<N>);
+
+impl<N: Network> Deref for PendingBlock<N> {
+    type Target = Block<N>;
+
+    fn deref(&self) -> &Block<N> {
+        &self.0
+    }
+}
+
 impl<N: Network, C: ConsensusStorage<N>> Ledger<N, C> {
-    /// Checks the given block is valid next block.
+    /// Checks that the subDAG in a given block is valid, but does not fully verify the block.
     ///
-    /// # Panics
-    /// This function panics if called from an async context.
-    pub fn check_next_block<R: CryptoRng + Rng>(&self, block: &Block<N>, rng: &mut R) -> Result<()> {
-        let height = block.height();
-        let latest_block = self.latest_block();
+    /// # Arguments
+    /// * `block` - The block to check.
+    /// * `pending_block` - A sequence of blocks between the block to check and the current height of the ledger.
+    ///
+    /// # Notes
+    /// * This does *not* check that the header of the block is correct or execute/verify any of the transmissions contained within it.
+    ///
+    /// * In most cases, you want to use [`Self::check_next_block`] instead to perform a full verification.
+    ///
+    /// * This will reject any blocks with a height <= the current height and any blocks with a height >= the current height + GC.
+    ///   For the former, a valid block already exists and,
+    ///   for the latter, the comittte is still unknown.
+    pub fn check_block_subdag(&self, block: Block<N>, pending_blocks: &[PendingBlock<N>]) -> Result<PendingBlock<N>> {
+        self.check_block_subdag_inner(&block, pending_blocks)?;
+        Ok(PendingBlock(block))
+    }
+
+    fn check_block_subdag_inner(&self, block: &Block<N>, pending_blocks: &[PendingBlock<N>]) -> Result<()> {
+        // First check that the heights and hashes of the pending block sequence and of the new block are correct.
+        // The hash checks should be redundant, but we perform them out of extra caution.
+        let mut expected_height = self.latest_height() + 1;
+        for pending in pending_blocks {
+            if pending.height() != expected_height {
+                bail!(
+                    "Pending block has invalid height. Expected {expected_height}, but got {actual}.",
+                    actual = pending.height()
+                );
+            }
 
-        // Check that this is actually the next block.
-        if height != latest_block.height() + 1 {
-            bail!("Block height is {height}, but expected {}", latest_block.height() + 1);
+            if self.contains_block_hash(&pending.hash())? {
+                bail!("Hash for pending block '{}' already exists in the ledger", block.hash())
+            }
+
+            expected_height += 1;
         }
 
-        // Ensure the block hash does not already exist.
         if self.contains_block_hash(&block.hash())? {
             bail!("Block hash '{}' already exists in the ledger", block.hash())
         }
 
+        if block.height() != expected_height {
+            bail!("Block has invalid height. Expected {expected_height}, but got {}.", block.height());
+        }
+
+        // Ensure the certificates in the block subdag have met quorum requirements.
+        self.check_block_subdag_quorum(block)?;
+
+        // Determine if the block subdag is correctly constructed and is not a combination of multiple subdags.
+        self.check_block_subdag_atomicity(block)?;
+
+        // Ensure that all leaves of the subdag point to valid batches in other subdags/blocks.
+        self.check_block_subdag_leaves(block, pending_blocks)?;
+
+        Ok(())
+    }
+
+    /// Checks the given block is a valid next block with regard to the current state/height of the Ledger.
+    ///
+    /// # Panics
+    /// This function panics if called from an async context.
+    pub fn check_next_block<R: CryptoRng + Rng>(&self, block: &Block<N>, rng: &mut R) -> Result<()> {
+        self.check_block_subdag_inner(block, &[])?;
+        self.check_block_content_inner(block, rng)?;
+
+        Ok(())
+    }
+
+    /// Takes a pending block and performs the remaining checks to full verify it.
+    ///
+    /// # Arguments
+    /// This takes a [`PendingBlock`] as input, which is the output of a successful call to [`Self::check_block_subdag`].
+    /// The latter already verified the block's DAG and certificate signatures.
+    ///
+    /// # Return Value
+    /// This returns a [`Block`] on success representing the fully verified block.
+    ///
+    /// # Panics
+    /// This function panics if called from an async context.
+    pub fn check_block_content<R: CryptoRng + Rng>(&self, block: PendingBlock<N>, rng: &mut R) -> Result<Block<N>> {
+        self.check_block_content_inner(&block.0, rng)?;
+        Ok(block.0)
+    }
+
+    /// # Panics
+    /// This function panics if called from an async context.
+    fn check_block_content_inner<R: CryptoRng + Rng>(&self, block: &Block<N>, rng: &mut R) -> Result<()> {
+        let latest_block = self.latest_block();
+
         // Ensure the solutions do not already exist.
         for solution_id in block.solutions().solution_ids() {
             if self.contains_solution_id(solution_id)? {
@@ -115,15 +202,6 @@ impl<N: Network, C: ConsensusStorage<N>> Ledger<N, C> {
             }
         }
 
-        // Ensure the certificates in the block subdag have met quorum requirements.
-        self.check_block_subdag_quorum(block)?;
-
-        // Determine if the block subdag is correctly constructed and is not a combination of multiple subdags.
-        self.check_block_subdag_atomicity(block)?;
-
-        // Ensure that all leaves of the subdag point to valid batches in other subdags/blocks.
-        self.check_block_subdag_leaves(block)?;
-
         // Ensure that each existing solution ID from the block exists in the ledger.
         for existing_solution_id in expected_existing_solution_ids {
             if !self.contains_solution_id(&existing_solution_id)? {
@@ -145,12 +223,21 @@ impl<N: Network, C: ConsensusStorage<N>> Ledger<N, C> {
     ///
     /// This does not verify that the batches are signed correctly or that the edges are valid
     /// (only point to the previous round), as those checks already happened when the node received the batch.
-    fn check_block_subdag_leaves(&self, block: &Block<N>) -> Result<()> {
+    fn check_block_subdag_leaves(&self, block: &Block<N>, previous_blocks: &[PendingBlock<N>]) -> Result<()> {
         // Check if the block has a subdag.
         let Authority::Quorum(subdag) = block.authority() else {
             return Ok(());
         };
 
+        let previous_certs: HashSet<_> = previous_blocks
+            .iter()
+            .filter_map(|block| match block.authority() {
+                Authority::Quorum(subdag) => Some(subdag.certificate_ids()),
+                Authority::Beacon(_) => None,
+            })
+            .flatten()
+            .collect();
+
         // Store the IDs of all certificates in this subDAG.
         // This allows determining which edges point to other subDAGs/blocks.
         let subdag_certs: HashSet<_> = subdag.certificate_ids().collect();
@@ -173,7 +260,7 @@ impl<N: Network, C: ConsensusStorage<N>> Ledger<N, C> {
             }
 
             // Ensure that the certificate is associated with a previous block.
-            if !self.vm.block_store().contains_block_for_certificate(prev_id)? {
+            if !previous_certs.contains(prev_id) && !self.vm.block_store().contains_block_for_certificate(prev_id)? {
                 bail!(
                     "Batch(es) in the block point(s) to a certificate {prev_id} in round {prev_round} that is not associated with a previous block"
                 )
@@ -184,6 +271,8 @@ impl<N: Network, C: ConsensusStorage<N>> Ledger<N, C> {
     }
 
     /// Check that the certificates in the block subdag have met quorum requirements.
+    ///
+    /// Called by [`Self::check_block_subdag`]
     fn check_block_subdag_quorum(&self, block: &Block<N>) -> Result<()> {
         // Check if the block has a subdag.
         let subdag = match block.authority() {
@@ -226,6 +315,8 @@ impl<N: Network, C: ConsensusStorage<N>> Ledger<N, C> {
     }
 
     /// Checks that the block subdag can not be split into multiple valid subdags.
+    ///
+    /// Called by [`Self::check_block_subdag`]
     fn check_block_subdag_atomicity(&self, block: &Block<N>) -> Result<()> {
         // Returns `true` if there is a path from the previous certificate to the current certificate.
         fn is_linked<N: Network>(

ledger/src/lib.rs

@@ -37,8 +37,10 @@ pub use helpers::*;
 
 pub use crate::block::*;
 
-mod advance;
 mod check_next_block;
+pub use check_next_block::PendingBlock;
+
+mod advance;
 mod check_transaction_basic;
 mod contains;
 mod find;