Skip to content

Implement LLMQ based InstantSend #2735

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
codablock merged 33 commits into from
Mar 8, 2019
Merged

Implement LLMQ based InstantSend #2735

codablock merged 33 commits into from
Mar 8, 2019

Conversation

@codablock
Copy link

@codablock codablock commented Mar 1, 2019

This PR includes an initial implementation of LLMQ based InstantSend. It is meant to be present in parallel to the old InstantSend system.

Switching between the old and the new system happens via SPORK_2_INSTANTSEND_ENABLED, which became a new meaning. When set to 0 (as on testnet/mainet right now), it will use the old system. When set to 1, it will use the new system. When set to anything else, it's considered disabled. This is only meant to be temporary until the old system is removed, at which time we can revert back to the old meaning of spork 2.

The new system is very likely not going to be ready for v14, so we won't activate it. Reason is that more testing is required, especially in regard to performance and load.

The new system has a few differences to the old system:

  1. There is no explicit lock request required. All TXs are meant to be ixlocked, no matter how many inputs or how much funds they move. We might need to add limits to the amount of inputs, or add some kind of prioritization logic that prefers to sign small TXs first, so that DDoS is not that easily pulled off.
  2. The minimum number of confirmations required for TX inputs is lifted when the input is part of a ChainLocked chain (it's enough to have a CLSIG for the current tip). In case inputs were too young and there were no ChainLocks, the system will retry later when with confirmations or when a ChainLock comes in.
  3. The system will also lock TXs for which inputs are not confirmed on-chain, but only when the parent TXs are in the local mempool and also locked by InstantSend. This means that InstantSend can be chained now! In case the conditions are not met, the system will retry locking later when it determines that parents got locked.
  4. ixlocks do not timeout anymore. They are only removed from the system when TXs get confirmed through ChainLocked blocks. This gives some risk in regard to RAM filling up, but only when ChainLocks are disabled. I will also add (cached) persistence for ixlocks in a later PR, so that the risk of filled RAM is removed.

I did quite a bit of load testing on private devnets and also plan to make a public devnet in the next days so that people can play around. Results of the load testing so far:

  1. When there is no load on the network, ixlocks get created in 2-3 seconds, even with simulated network latency and low avg bandwidth
  2. When there is high load, for example 1000 TXs sent in a few seconds, it takes around 35 seconds to lock all TXs. When latency (e.g. 50ms) and low bandwidth (e.g. 2mbit) is simulated, it takes about 90 seconds for 1000 TXs to get IX confirmed. I'm not very happy with these numbers, and it looks like we'll need a rewrite of the signing session code (hint: UDP + direkt push instead of custom inv system). This is the main reason I believe that LLMQ based InstantSend might not be ready when v14 is deployed.
  3. Bandwidth usage is pretty high. I reduced it to the absolute minimum with the optimizations that got merged in the last days, but IMHO its still too high. Only solution I see right now is what I mentioned in 2. already (UDP).

As an alternative to the signing session code rewrite for UDP and targeting v15 (or whatever the next version would be), another option is to add another minimum TX fee for large TXs. This would allow to add LLMQ based InstantSend to v14 and then later optimize it so that all TXs can use it, independent from their size.

UdjinM6
UdjinM6 reviewed Mar 1, 2019
View reviewed changes
Copy link

@UdjinM6 UdjinM6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few quick comments

@codablock codablock force-pushed the pr_llmq_instantsend branch from b650a05 to 72d220c Compare March 1, 2019 15:12
@codablock codablock added this to the 14.0 milestone Mar 1, 2019
@codablock
Copy link
Author

codablock commented Mar 1, 2019
edited
Loading

Forgot to mention in the PR description that this PR also changes the behavior of ChainLocks when the new InstantSend system is activated. It will only try to ChainLock the tip when all included TXs were locked before or are old enough to be sure that there won't be conflicting InstantSend locks popping up.

This disincentives miners to include TXs that are not publicly known/propagated for now, as they risk creating a block that never gets ChainLocked. I'll later implement InstantSend locking of transactions that were published through mined blocks, which will then allow retroactive ChainLocking of the affected blocks.

UdjinM6
UdjinM6 reviewed Mar 1, 2019
View reviewed changes
Copy link

@UdjinM6 UdjinM6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a couple more

UdjinM6
UdjinM6 reviewed Mar 4, 2019
View reviewed changes
@codablock codablock force-pushed the pr_llmq_instantsend branch from c141700 to d185f90 Compare March 4, 2019 14:24
@codablock
Copy link
Author

codablock commented Mar 7, 2019

Rebased on develop and force-pushed

@codablock codablock force-pushed the pr_llmq_instantsend branch from 991c4e6 to 2da8d74 Compare March 7, 2019 05:42
codablock added 21 commits March 7, 2019 21:14
@codablock
Introduce NotifyChainLock signal and invoke it when CLSIGs get processed
2bbac8f
@codablock
Implement PushReconstructedRecoveredSig in CSigningManager
5bbc122 
We can reconstruct recovered sigs from other P2P messages to avoid
re-validation of those. We will do this later in InstantSend code.
@codablock
Implement CInstantSendManager and related P2P messages
83dbcc4
@codablock
Handle incoming TXs by calling CInstantXManager::ProcessTx
1959f3e 
This also includes handling of TXs that were previously orphanced
@codablock
Downgrade TXLOCKREQUEST to TX when new IX system is active
5ff4db0 
The new system does not require explicit lock requests, so we downgrade
TXLOCKREQUEST to TX and start propagating it instead of the original.
@codablock
Disable old IX code when the new system is active
34a8b29
@codablock
Show "verified via LLMQ based InstantSend" in GUI TX status
3a6cc2c
@codablock
Whenever we check for locked TXs, also check for the new system havin…
1d2d370 
…g a lock
@codablock
Also call ProcessTx from sendrawtransaction and RelayWalletTransaction
68cfdc9
@codablock
Disable explicit lock requests when the new IX system is active
dc97835
@codablock
Enforce IX locks from the new system
7945192
@codablock
Track txids of new blocks and first-seen time of TXs in CChainLocksHa…
bd7edc8 
…ndler
@codablock
Move ChainLock signing into TrySignChainTip and call it periodically
0a5e8eb 
Later commits will introduce checks for "safe TXs" which might abort the
signing on first try, but succeed a few seconds later, so we periodically
retry to sign the tip.
@codablock
Cheaper/Faster bailout from TrySignChainTip when already signed before
96291e7
@codablock
Only sign ChainLocks when all included TXs are "safe"
2a7a5c6 
Safe means that the TX is either ixlocked or known since at least 10
minutes.

Also change miner code to only include safe TXs in block templates.
@codablock
Fix no-wallet build
baf8b81
@codablock
Fix crash in BlockAssembler::addPackageTxs
f44f09c
@codablock
Use scheduleFromNow instead of schedule+boost::chrono
5b8344e
@codablock
Set llmqForInstantSend for mainnet and testnet
e2f99f4
@codablock
Add override keywork to CDSNotificationInterface::NotifyChainLock
9e90811
@codablock
Combine loops in CChainLocksHandler::NewPoWValidBlock
2806907
codablock and others added 12 commits March 7, 2019 21:15
@codablock
Introduce spork SPORK_20_INSTANTSEND_LLMQ_BASED to switch between new…
f5dcb00 
…/old system
@codablock
Rename IXLOCK to ISLOCK and InstantX to InstantSend
2299ee2
@UdjinM6 @codablock
Move IS block filtering into ConnectBlock
55152cb
@UdjinM6 @codablock
update p2p-instantsend.py to test both "old" and "new" InstantSend
a8da11a
@UdjinM6 @codablock
update p2p-autoinstantsend.py to test both "old" and "new" InstantSend
843b6d7
@UdjinM6 @codablock
update autoix-mempool.py to test both "old" and "new" InstantSend (an…
41a71fe 
…d fix CheckCanLock to respect mempool limits)
@codablock
Adjust LLMQ based InstantSend tests for new spork20
3e60d2d
@codablock
Sync blocks after generating in mine_quorum()
f8f867a
@codablock
Let ProcessPendingReconstructedRecoveredSigs return void instead of bool
fae33e0 
Return value is unused and the method actually never returned something.
@codablock
Completely disable InstantSend while filling mempool in autoix-mempoo…
4d3365d 
…l.py

Otherwise we overload Travis and tests start to randomly fail.
@codablock
Move safe TX checks into TestForBlock and TestPackageTransactions
041a1c2 
Otherwise we'll miss checks for ancestors.
@codablock
Actually remove from finalInstantSendLocks in CInstantSendManager::Re…
06fc655 
…moveFinalISLock
@codablock codablock force-pushed the pr_llmq_instantsend branch from 8d7bcc6 to 06fc655 Compare March 7, 2019 20:15
UdjinM6
UdjinM6 approved these changes Mar 7, 2019
View reviewed changes
Copy link

@UdjinM6 UdjinM6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

ACK

@codablock codablock merged commit 64ae912 into dashpay:develop Mar 8, 2019
@codablock codablock deleted the pr_llmq_instantsend branch March 8, 2019 10:32
@UdjinM6 UdjinM6 mentioned this pull request Mar 9, 2019
Merged
@codablock codablock mentioned this pull request Mar 12, 2019
Merged
@UdjinM6 UdjinM6 added the P2P Some notable changes on p2p level label Mar 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PastaPastaPasta PastaPastaPasta PastaPastaPasta left review comments

@UdjinM6 UdjinM6 UdjinM6 approved these changes

Assignees

No one assigned

Labels

P2P Some notable changes on p2p level

Projects

None yet

Milestone

14.0

Development

Successfully merging this pull request may close these issues.

3 participants

@codablock @UdjinM6 @PastaPastaPasta