consensus: Wait timeout precommit before starting new round

[milosevic]

Pull in ensureVote test function from #2132

• Updated all relevant documentation in docs
• Updated all code comments where relevant
• Wrote tests
• Updated CHANGELOG_PENDING.md

Fix #1690.

[milosevic]

Note that there is an open PR (#2132) that mentions this issue, but it's actually more related to #1745. I have pulled in ensureVote test function from #2132 (sorry for squashing it, needed to fix some stuff after merged #2132 here). #1745 will be addressed in the follow up PR so we can probably close #2132 for those two new PRs.

[codecov-io]

Codecov Report

Merging #2493 into develop will increase coverage by 0.01%.
The diff coverage is 83.33%.

@@             Coverage Diff             @@
##           develop    #2493      +/-   ##
===========================================
+ Coverage    61.29%   61.31%   +0.01%     
===========================================
  Files          202      202              
  Lines        16720    16658      -62     
===========================================
- Hits         10249    10214      -35     
+ Misses        5602     5582      -20     
+ Partials       869      862       -7

Impacted Files	Coverage Δ
p2p/peer.go	62.73% <ø> (ø)	⬆️
p2p/test_util.go	60.15% <0%> (ø)	⬆️
p2p/conn/connection.go	79.71% <0%> (+0.28%)	⬆️
config/config.go	69.28% <100%> (ø)	⬆️
consensus/state.go	77.69% <100%> (+0.39%)	⬆️
consensus/reactor.go	73.9% <100%> (+0.77%)	⬆️
libs/log/tmfmt_logger.go	85.71% <0%> (-2.97%)	⬇️
blockchain/pool.go	65.73% <0%> (-0.7%)	⬇️
libs/db/fsdb.go	68.47% <0%> (+0.42%)	⬆️
... and 3 more

[xla]

👍 🍡

[xla]

It's probably a good idea to wrap these channel reads with timeouts to prevent the tests from hanging accidently and ease in debugging.

[milosevic]

Good point. I will use the same pattern as in ensureX methods to read from round and timeout channels.

[xla]

Do we need to keep this commented code line around?

[milosevic]

Probably not. @melekes @ebuchman?

[ebuchman]

Don't think so

[xla]

Insignificant newline.

[xla]

Instead of panics this function should return errors, which makes it easier to report back in the tests.

[melekes]

👏

[melekes]

Good job! Would be good to test the type (edv, ok := v.(types.EventDataUnlock)) in functions like ensureNewUnlock, .. etc The same thing we do in ensureVote

[melekes]

<-time.After(timeout)

[melekes]

<-time.After(ensureTimeout)

[melekes]

t.Errorf(...)

[ebuchman]

If len(blockID.Hash) == 0, don't we need to explicitly enterPrecommitWait?

[milosevic]

We should always enterPrecommitWait upon receiving 2f+1 any precommits. We don't need to treat 2f+1 Precommit nil as a special case. We do it here:

tendermint/consensus/state.go

Lines 1657 to 1660 in bb8411b

	} else if cs.Round <= vote.Round && precommits.HasTwoThirdsAny() {
	cs.enterNewRound(height, vote.Round)
	cs.enterPrecommit(height, vote.Round)
	cs.enterPrecommitWait(height, vote.Round)

. Only in case we have 2f+1 precommits for some block we go straight to commit and we don't need to trigger timeout.

[ebuchman]

Ok right, it's taken care of by the else if. The first condition is only for +2/3 majority for a block hash. If there's a +2/3 majority for nil, it will be treated by the second condition. Thanks.

[ebuchman]

We probably want these to be panics for now until we build something more intelligent, otherwise we won't know which line in the actual test function caused the failure.

[xla]

Or alternatively to the error check in the actual test and t.Fatalf there. I know some may be concerned about readability but it's a test after all and the execution should be clear.

[milosevic]

For now, I would also say to leave panic. Those tests are mostly covering critical algorithm scenarios so it is good if they are readable. Tests will probably become shorter after consensus state refactor and then we can do it properly.