versionbits: add LAST_CHANCE state

ajtowns · ajtowns · commit f802805cae80 · 2021-03-28T14:14:34.000+10:00
Instead of transitioning directly to FAILED when timeout is reached,
transition to a final LAST_CHANCE signalling period instead (or,
if the state was STARTED and the threshold was reached, directly to
DELAYED/LOCKED_IN). This ensures that every defined deployment has at
least one signalling period, and that it is always clear whether the
current signalling period is the final signalling period or not.

This allows BIP-91/BIP-148-style mandatory signalling to be deployed in
a way that will ensure that a deployment activates (or the chain stops).

Note that this behaviour is not equivalent to BIP 9, as it extends the
signalling phase by one or two retarget periods -- the final STARTED
period can now still result in activation, as can signalling in the
following LAST_CHANCE period (which previously would have been FAILED),
and if signalling would have been skipped entirely, there is now one
LAST_CHANCE signalling period.
diff --git a/src/rpc/blockchain.cpp b/src/rpc/blockchain.cpp
@@ -1233,20 +1233,21 @@ static void BIP9SoftForkDescPushBack(UniValue& softforks, const std::string &nam
     switch (thresholdState) {
     case ThresholdState::DEFINED: bip9.pushKV("status", "defined"); break;
     case ThresholdState::STARTED: bip9.pushKV("status", "started"); break;
+    case ThresholdState::LAST_CHANCE: bip9.pushKV("status", "last_chance"); break;
     case ThresholdState::DELAYED: bip9.pushKV("status", "delayed"); break;
     case ThresholdState::LOCKED_IN: bip9.pushKV("status", "locked_in"); break;
     case ThresholdState::ACTIVE: bip9.pushKV("status", "active"); break;
     case ThresholdState::FAILED: bip9.pushKV("status", "failed"); break;
     }
-    if (ThresholdState::STARTED == thresholdState)
+    if (ThresholdState::STARTED == thresholdState || ThresholdState::LAST_CHANCE == thresholdState)
     {
         bip9.pushKV("bit", consensusParams.vDeployments[id].bit);
     }
     bip9.pushKV("start_time", consensusParams.vDeployments[id].nStartTime);
     bip9.pushKV("timeout", consensusParams.vDeployments[id].nTimeout);
     int64_t since_height = VersionBitsStateSinceHeight(::ChainActive().Tip(), consensusParams, id, versionbitscache);
     bip9.pushKV("since", since_height);
-    if (ThresholdState::STARTED == thresholdState)
+    if (ThresholdState::STARTED == thresholdState || ThresholdState::LAST_CHANCE == thresholdState)
     {
         UniValue statsUV(UniValue::VOBJ);
         BIP9Stats statsStruct = VersionBitsStatistics(::ChainActive().Tip(), consensusParams, id);
diff --git a/src/rpc/mining.cpp b/src/rpc/mining.cpp
@@ -840,6 +840,7 @@ static RPCHelpMan getblocktemplate()
                 // Ensure bit is set in block version
                 pblock->nVersion |= VersionBitsMask(consensusParams, pos);
                 // FALL THROUGH to get vbavailable set...
+            case ThresholdState::LAST_CHANCE:
             case ThresholdState::STARTED:
             {
                 const struct VBDeploymentInfo& vbinfo = VersionBitsDeploymentInfo[pos];
diff --git a/src/test/fuzz/versionbits.cpp b/src/test/fuzz/versionbits.cpp
@@ -244,8 +244,8 @@ FUZZ_TARGET_INIT(versionbits, initialize)
         assert(state == exp_state);
         assert(since == exp_since);
 
-        // GetStateStatistics may crash when state is not STARTED
-        if (state != ThresholdState::STARTED) continue;
+        // GetStateStatistics may crash early, so only use it when it's sensible
+        if (state != ThresholdState::STARTED && state != ThresholdState::LAST_CHANCE) continue;
 
         // check that after mining this block stats change as expected
         const BIP9Stats stats = checker.GetStateStatisticsFor(current_block);
@@ -257,7 +257,7 @@ FUZZ_TARGET_INIT(versionbits, initialize)
         last_stats = stats;
     }
 
-    if (exp_state == ThresholdState::STARTED) {
+    if (exp_state == ThresholdState::STARTED || exp_state == ThresholdState::LAST_CHANCE) {
         // double check that stats.possible is sane
         if (blocks_sig >= threshold - 1) assert(last_stats.possible);
     }
@@ -299,8 +299,13 @@ FUZZ_TARGET_INIT(versionbits, initialize)
         assert(current_block->GetMedianTimePast() < checker.m_end);
         break;
     case ThresholdState::STARTED:
+    case ThresholdState::LAST_CHANCE:
+        if (state == ThresholdState::STARTED) {
+            assert(current_block->GetMedianTimePast() < checker.m_end);
+        } else {
+            assert(checker.m_end <= current_block->GetMedianTimePast());
+        }
         assert(current_block->GetMedianTimePast() >= checker.m_begin);
-        assert(current_block->GetMedianTimePast() < checker.m_end);
         if (exp_state == ThresholdState::STARTED) {
             assert(blocks_sig < threshold);
         } else {
@@ -316,7 +321,8 @@ FUZZ_TARGET_INIT(versionbits, initialize)
         }
         if (exp_state == ThresholdState::STARTED) {
             assert(blocks_sig >= threshold);
-            assert(current_block->GetMedianTimePast() < checker.m_end);
+        } else if (exp_state == ThresholdState::LAST_CHANCE) {
+            assert(blocks_sig >= threshold);
         } else {
             assert(exp_state == ThresholdState::DELAYED);
         }
@@ -326,7 +332,11 @@ FUZZ_TARGET_INIT(versionbits, initialize)
         break;
     case ThresholdState::FAILED:
         assert(never_active_test || current_block->GetMedianTimePast() >= checker.m_end);
-        assert(exp_state != ThresholdState::LOCKED_IN && exp_state != ThresholdState::ACTIVE);
+        if (exp_state == ThresholdState::LAST_CHANCE) {
+            assert(blocks_sig < threshold);
+        } else {
+            assert(exp_state == ThresholdState::FAILED);
+        }
         break;
     default:
         assert(false);
diff --git a/src/test/versionbits_tests.cpp b/src/test/versionbits_tests.cpp
@@ -19,6 +19,7 @@ static const std::string StateName(ThresholdState state)
     switch (state) {
     case ThresholdState::DEFINED:   return "DEFINED";
     case ThresholdState::STARTED:   return "STARTED";
+    case ThresholdState::LAST_CHANCE: return "LAST_CHANCE";
     case ThresholdState::DELAYED:   return "DELAYED";
     case ThresholdState::LOCKED_IN: return "LOCKED_IN";
     case ThresholdState::ACTIVE:    return "ACTIVE";
@@ -183,6 +184,7 @@ class VersionBitsTester
 
     VersionBitsTester& TestDefined() { return TestState(ThresholdState::DEFINED); }
     VersionBitsTester& TestStarted() { return TestState(ThresholdState::STARTED); }
+    VersionBitsTester& TestLastChance() { return TestState(ThresholdState::LAST_CHANCE); }
     VersionBitsTester& TestLockedIn() { return TestState(ThresholdState::LOCKED_IN); }
     VersionBitsTester& TestActive() { return TestState(ThresholdState::ACTIVE); }
     VersionBitsTester& TestFailed() { return TestState(ThresholdState::FAILED); }
@@ -200,40 +202,32 @@ BOOST_FIXTURE_TEST_SUITE(versionbits_tests, TestingSetup)
 BOOST_AUTO_TEST_CASE(versionbits_test)
 {
     for (int i = 0; i < 64; i++) {
-        // DEFINED -> FAILED
+        // DEFINED -> LAST_CHANCE -> FAILED
         VersionBitsTester().TestDefined().TestStateSinceHeight(0)
                            .Mine(1, TestTime(1), 0x100).TestDefined().TestStateSinceHeight(0)
                            .Mine(11, TestTime(11), 0x100).TestDefined().TestStateSinceHeight(0)
                            .Mine(989, TestTime(989), 0x100).TestDefined().TestStateSinceHeight(0)
                            .Mine(999, TestTime(20000), 0x100).TestDefined().TestStateSinceHeight(0)
-                           .Mine(1000, TestTime(20000), 0x100).TestFailed().TestStateSinceHeight(1000)
-                           .Mine(1999, TestTime(30001), 0x100).TestFailed().TestStateSinceHeight(1000)
-                           .Mine(2000, TestTime(30002), 0x100).TestFailed().TestStateSinceHeight(1000)
-                           .Mine(2001, TestTime(30003), 0x100).TestFailed().TestStateSinceHeight(1000)
-                           .Mine(2999, TestTime(30004), 0x100).TestFailed().TestStateSinceHeight(1000)
-                           .Mine(3000, TestTime(30005), 0x100).TestFailed().TestStateSinceHeight(1000)
-
-        // DEFINED -> STARTED -> FAILED
+                           .Mine(1000, TestTime(20000), 0x100).TestLastChance().TestStateSinceHeight(1000)
+                           .Mine(1999, TestTime(30001), 0).TestLastChance().TestStateSinceHeight(1000)
+                           .Mine(2000, TestTime(30002), 0x100).TestFailed().TestStateSinceHeight(2000)
+                           .Mine(2001, TestTime(30003), 0x100).TestFailed().TestStateSinceHeight(2000)
+                           .Mine(2999, TestTime(30004), 0x100).TestFailed().TestStateSinceHeight(2000)
+                           .Mine(3000, TestTime(30005), 0x100).TestFailed().TestStateSinceHeight(2000)
+                           .Mine(4000, TestTime(30006), 0x100).TestFailed().TestStateSinceHeight(2000)
+
+        // DEFINED -> STARTED -> LAST_CHANCE -> FAILED
                            .Reset().TestDefined().TestStateSinceHeight(0)
                            .Mine(1, TestTime(1), 0).TestDefined().TestStateSinceHeight(0)
                            .Mine(1000, TestTime(10000) - 1, 0x100).TestDefined().TestStateSinceHeight(0) // One second more and it would be defined
                            .Mine(2000, TestTime(10000), 0x100).TestStarted().TestStateSinceHeight(2000) // So that's what happens the next period
                            .Mine(2051, TestTime(10010), 0).TestStarted().TestStateSinceHeight(2000) // 51 old blocks
                            .Mine(2950, TestTime(10020), 0x100).TestStarted().TestStateSinceHeight(2000) // 899 new blocks
-                           .Mine(3000, TestTime(20000), 0).TestFailed().TestStateSinceHeight(3000) // 50 old blocks (so 899 out of the past 1000)
-                           .Mine(4000, TestTime(20010), 0x100).TestFailed().TestStateSinceHeight(3000)
-
-        // DEFINED -> STARTED -> FAILED while threshold reached
-                           .Reset().TestDefined().TestStateSinceHeight(0)
-                           .Mine(1, TestTime(1), 0).TestDefined().TestStateSinceHeight(0)
-                           .Mine(1000, TestTime(10000) - 1, 0x101).TestDefined().TestStateSinceHeight(0) // One second more and it would be defined
-                           .Mine(2000, TestTime(10000), 0x101).TestStarted().TestStateSinceHeight(2000) // So that's what happens the next period
-                           .Mine(2999, TestTime(30000), 0x100).TestStarted().TestStateSinceHeight(2000) // 999 new blocks
-                           .Mine(3000, TestTime(30000), 0x100).TestFailed().TestStateSinceHeight(3000) // 1 new block (so 1000 out of the past 1000 are new)
-                           .Mine(3999, TestTime(30001), 0).TestFailed().TestStateSinceHeight(3000)
-                           .Mine(4000, TestTime(30002), 0).TestFailed().TestStateSinceHeight(3000)
-                           .Mine(14333, TestTime(30003), 0).TestFailed().TestStateSinceHeight(3000)
-                           .Mine(24000, TestTime(40000), 0).TestFailed().TestStateSinceHeight(3000)
+                           .Mine(3000, TestTime(20000), 0).TestLastChance().TestStateSinceHeight(3000) // 50 old blocks (so 899 out of the past 1000)
+                           .Mine(3051, TestTime(20010), 0).TestLastChance().TestStateSinceHeight(3000) // 51 old blocks
+                           .Mine(3950, TestTime(20030), 0x100).TestLastChance().TestStateSinceHeight(3000) // 899 new blocks
+                           .Mine(4000, TestTime(30000), 0).TestFailed().TestStateSinceHeight(4000) // 50 old blocks (so 899 out of the past 1000)
+                           .Mine(5000, TestTime(30010), 0x100).TestFailed().TestStateSinceHeight(4000)
 
         // DEFINED -> STARTED -> LOCKEDIN at the last minute -> ACTIVE
                            .Reset().TestDefined()
@@ -251,16 +245,26 @@ BOOST_AUTO_TEST_CASE(versionbits_test)
                            .Mine(6000, TestTime(40002), 0).TestActive().TestStateSinceHeight(4000, 6000)
                            .Mine(15000, TestTime(40000), 0).TestActive().TestStateSinceHeight(4000, 6000)
 
-        // DEFINED multiple periods -> STARTED multiple periods -> FAILED
+        // DEFINED -> LAST_CHANCE -> LOCKEDIN -> ACTIVE
+                           .Reset().TestDefined()
+                           .Mine(1, TestTime(1), 0).TestDefined().TestStateSinceHeight(0)
+                           .Mine(1000, TestTime(40000), 0).TestLastChance().TestStateSinceHeight(1000)
+                           .Mine(1999, TestTime(40010), 0x100).TestLastChance().TestStateSinceHeight(1000)
+                           .Mine(2000, TestTime(40020), 0).TestLockedIn().TestStateSinceHeight(2000)
+                           .Mine(3000, TestTime(40030), 0).TestActive().TestStateSinceHeight(3000)
+                           .Mine(5000, TestTime(40030), 0).TestActive().TestStateSinceHeight(3000)
+
+        // DEFINED multiple periods -> STARTED multiple periods -> LAST_CHANCE -> FAILED
                            .Reset().TestDefined().TestStateSinceHeight(0)
                            .Mine(999, TestTime(999), 0).TestDefined().TestStateSinceHeight(0)
                            .Mine(1000, TestTime(1000), 0).TestDefined().TestStateSinceHeight(0)
                            .Mine(2000, TestTime(2000), 0).TestDefined().TestStateSinceHeight(0)
                            .Mine(3000, TestTime(10000), 0).TestStarted().TestStateSinceHeight(3000)
                            .Mine(4000, TestTime(10000), 0).TestStarted().TestStateSinceHeight(3000)
                            .Mine(5000, TestTime(10000), 0).TestStarted().TestStateSinceHeight(3000)
-                           .Mine(6000, TestTime(20000), 0).TestFailed().TestStateSinceHeight(6000)
-                           .Mine(7000, TestTime(20000), 0x100).TestFailed().TestStateSinceHeight(6000)
+                           .Mine(6000, TestTime(20000), 0).TestLastChance().TestStateSinceHeight(6000)
+                           .Mine(7000, TestTime(30000), 0).TestFailed().TestStateSinceHeight(7000)
+                           .Mine(8000, TestTime(40000), 0x100).TestFailed().TestStateSinceHeight(7000)
         ;
     }
 }
@@ -282,18 +286,13 @@ BOOST_AUTO_TEST_CASE(versionbits_sanity)
             BOOST_CHECK_EQUAL(mainnetParams.vDeployments[i].min_lock_in_time, 0);
         }
 
-        // Verify that the deployment windows of different deployment using the
-        // same bit are disjoint.
-        // This test may need modification at such time as a new deployment
-        // is proposed that reuses the bit of an activated soft fork, before the
-        // end time of that soft fork.  (Alternatively, the end time of that
-        // activated soft fork could be later changed to be earlier to avoid
-        // overlap.)
+        // Verify that the different deployments do not use the same bit.
+        // Because of LAST_CHANCE signalling it is not possible to
+        // guarantee that future time frames are disjoint otherwise.
+        // Past deployments should be deleted (if FAILED) or buried
+        // (if ACTIVE) so that their bits may be reused.
         for (int j=i+1; j<(int) Consensus::MAX_VERSION_BITS_DEPLOYMENTS; j++) {
-            if (VersionBitsMask(mainnetParams, static_cast<Consensus::DeploymentPos>(j)) == bitmask) {
-                BOOST_CHECK(mainnetParams.vDeployments[j].nStartTime > mainnetParams.vDeployments[i].nTimeout ||
-                        mainnetParams.vDeployments[i].nStartTime > mainnetParams.vDeployments[j].nTimeout);
-            }
+            BOOST_CHECK(VersionBitsMask(mainnetParams, static_cast<Consensus::DeploymentPos>(j)) != bitmask);
         }
     }
 }
@@ -405,14 +404,14 @@ void check_computeblockversion(const Consensus::Params& params, Consensus::Deplo
             nHeight += 1;
         }
 
-        // FAILED is only triggered at the end of a period, so CBV should be setting
-        // the bit until the period transition.
-        for (uint32_t i = 0; i < params.nMinerConfirmationWindow - 1; i++) {
+        // we do two periods: the last STARTED period, where
+        // MTP hits nTimeout and the LAST_CHANCE period.
+        for (uint32_t i = 0; i < 2 * params.nMinerConfirmationWindow - 1; i++) {
             lastBlock = firstChain.Mine(nHeight+1, nTime, VERSIONBITS_LAST_OLD_BLOCK_VERSION).Tip();
             BOOST_CHECK((ComputeBlockVersion(lastBlock, params) & (1<<bit)) != 0);
             nHeight += 1;
         }
-        // The next block should trigger no longer setting the bit.
+        // The next block should hit FAILED and no longer trigger setting the bit.
         lastBlock = firstChain.Mine(nHeight+1, nTime, VERSIONBITS_LAST_OLD_BLOCK_VERSION).Tip();
         BOOST_CHECK_EQUAL(ComputeBlockVersion(lastBlock, params) & (1<<bit), 0);
     }
diff --git a/src/validation.cpp b/src/validation.cpp
@@ -1820,6 +1820,7 @@ int32_t ComputeBlockVersion(const CBlockIndex* pindexPrev, const Consensus::Para
         ThresholdState state = VersionBitsState(pindexPrev, params, static_cast<Consensus::DeploymentPos>(i), versionbitscache);
         switch (state) {
         case ThresholdState::STARTED:
+        case ThresholdState::LAST_CHANCE:
         case ThresholdState::DELAYED:
         case ThresholdState::LOCKED_IN:
             nVersion |= VersionBitsMask(params, static_cast<Consensus::DeploymentPos>(i));
diff --git a/src/versionbits.cpp b/src/versionbits.cpp
@@ -58,17 +58,14 @@ ThresholdState AbstractThresholdConditionChecker::GetStateFor(const CBlockIndex*
         switch (state) {
             case ThresholdState::DEFINED: {
                 if (pindexPrev->GetMedianTimePast() >= nTimeTimeout) {
-                    stateNext = ThresholdState::FAILED;
+                    stateNext = ThresholdState::LAST_CHANCE;
                 } else if (pindexPrev->GetMedianTimePast() >= nTimeStart) {
                     stateNext = ThresholdState::STARTED;
                 }
                 break;
             }
-            case ThresholdState::STARTED: {
-                if (pindexPrev->GetMedianTimePast() >= nTimeTimeout) {
-                    stateNext = ThresholdState::FAILED;
-                    break;
-                }
+            case ThresholdState::STARTED:
+            case ThresholdState::LAST_CHANCE: {
                 // We need to count
                 const CBlockIndex* pindexCount = pindexPrev;
                 int count = 0;
@@ -80,6 +77,10 @@ ThresholdState AbstractThresholdConditionChecker::GetStateFor(const CBlockIndex*
                 }
                 if (count >= nThreshold) {
                     stateNext = (pindexPrev->GetMedianTimePast() < min_lock_in_time ? ThresholdState::DELAYED : ThresholdState::LOCKED_IN);
+                } else if (state == ThresholdState::LAST_CHANCE) {
+                    stateNext = ThresholdState::FAILED;
+                } else if (pindexPrev->GetMedianTimePast() >= nTimeTimeout) {
+                    stateNext = ThresholdState::LAST_CHANCE;
                 }
                 break;
             }
diff --git a/src/versionbits.h b/src/versionbits.h
@@ -25,6 +25,7 @@ static const int32_t VERSIONBITS_NUM_BITS = 29;
 enum class ThresholdState {
     DEFINED,   // First state that each softfork starts out as. The genesis block is by definition in this state for each deployment.
     STARTED,   // For blocks past the starttime.
+    LAST_CHANCE,  // For first period past the timeout.
     DELAYED,   // Between the first STARTED period where threshold is reached, until min_lockin_time is reached
     LOCKED_IN, // For one retarget period after both the first STARTED period where threshold is reached and min_lockin_time is reached
     ACTIVE,    // For all blocks after the LOCKED_IN retarget period (final state)

Original file line number	Diff line number	Diff line change
`@@ -1233,20 +1233,21 @@ static void BIP9SoftForkDescPushBack(UniValue& softforks, const std::string &nam`
`1233`	`1233`	`switch (thresholdState) {`
`1234`	`1234`	`case ThresholdState::DEFINED: bip9.pushKV("status", "defined"); break;`
`1235`	`1235`	`case ThresholdState::STARTED: bip9.pushKV("status", "started"); break;`
	`1236`	`+ case ThresholdState::LAST_CHANCE: bip9.pushKV("status", "last_chance"); break;`
`1236`	`1237`	`case ThresholdState::DELAYED: bip9.pushKV("status", "delayed"); break;`
`1237`	`1238`	`case ThresholdState::LOCKED_IN: bip9.pushKV("status", "locked_in"); break;`
`1238`	`1239`	`case ThresholdState::ACTIVE: bip9.pushKV("status", "active"); break;`
`1239`	`1240`	`case ThresholdState::FAILED: bip9.pushKV("status", "failed"); break;`
`1240`	`1241`	`}`
`1241`		`- if (ThresholdState::STARTED == thresholdState)`
	`1242`	`+ if (ThresholdState::STARTED == thresholdState \|\| ThresholdState::LAST_CHANCE == thresholdState)`
`1242`	`1243`	`{`
`1243`	`1244`	`bip9.pushKV("bit", consensusParams.vDeployments[id].bit);`
`1244`	`1245`	`}`
`1245`	`1246`	`bip9.pushKV("start_time", consensusParams.vDeployments[id].nStartTime);`
`1246`	`1247`	`bip9.pushKV("timeout", consensusParams.vDeployments[id].nTimeout);`
`1247`	`1248`	`int64_t since_height = VersionBitsStateSinceHeight(::ChainActive().Tip(), consensusParams, id, versionbitscache);`
`1248`	`1249`	`bip9.pushKV("since", since_height);`
`1249`		`- if (ThresholdState::STARTED == thresholdState)`
	`1250`	`+ if (ThresholdState::STARTED == thresholdState \|\| ThresholdState::LAST_CHANCE == thresholdState)`
`1250`	`1251`	`{`
`1251`	`1252`	`UniValue statsUV(UniValue::VOBJ);`
`1252`	`1253`	`BIP9Stats statsStruct = VersionBitsStatistics(::ChainActive().Tip(), consensusParams, id);`
Original file line number	Diff line number	Diff line change
`@@ -840,6 +840,7 @@ static RPCHelpMan getblocktemplate()`
`840`	`840`	`// Ensure bit is set in block version`
`841`	`841`	`pblock->nVersion \|= VersionBitsMask(consensusParams, pos);`
`842`	`842`	`// FALL THROUGH to get vbavailable set...`
	`843`	`+ case ThresholdState::LAST_CHANCE:`
`843`	`844`	`case ThresholdState::STARTED:`
`844`	`845`	`{`
`845`	`846`	`const struct VBDeploymentInfo& vbinfo = VersionBitsDeploymentInfo[pos];`