ADR-74: Migrate Timeout Parameters to Consensus Parameters

[williambanfield]

related to: #7274 and #7275

Still somewhat uncertain on two things that I'd appreciate more feedback on:

1. The optional temporary local overrides. Perhaps this is superfluous and we can simply make the transition without the override?
2. If this set of parameters seems to be large enough to allow application developers to create the chains they want but not so large as to be needlessly complex.

[cmwaters]

Excited for this to land!

I have a few comments which relate to my current understanding of these parameters

[cmwaters]

Is this true? I thought the timeout started the moment I prevoted instead of starting after receiving +2/3 prevotes. Same with TimeoutPrecommit. Receiving +2/3 is what moves us into the next step and makes us precommit

[williambanfield]

I found this to be a bit confusing as well, but this is the way this works. See the arxiv paper, line 34 and line 47. Loosely: it bounds how many steps apart any two validators may be during consensus.

[creachadair]

This seems good. My main open questions are around how we should handle rollout and migration.

[cmwaters]

Also don't forget that the size of a block and the number of validators could be vastly different

[cmwaters]

No decision is being made here?

[williambanfield]

was leaving til we seemed to have consensus.

[cmwaters]

Does this mean that we are allowing networks to ignore the consensus params if they want and still use every nodes local config parameters. Are we sure we want to do this?

[williambanfield]

Once the network sets a non-default values in the consensus parameters, we will use those. This just gives a release during which networks can make the upgrade.

I think that this is a good way for networks to gracefully upgrade with minimal disruption. The values in the config file are strictly fallbacks in case no values are set by the chain. It maintains a partial version of the already kind of bad thing for a release so that we can more seamlessly transition to better management of these params.

[cmwaters]

But more importantly, will these non-default values be used?

[williambanfield]

They will only be used if the chain does not set them as consensus parameters.

[cmwaters]

But what do you mean by not setting the consensus params. Aren't they set to some reasonable default upon initialization? How would they be unset?

[williambanfield]

So basically it would be as follows:
If the chain has not yet set them in EndBlock, use what is in config.toml.
Once the chain sets them in EndBlock, use those values and ignore config.toml.

[cmwaters]

Would this work with state syncing? Will we need an extra flag to tell us if it has been set or not? I think it would be better if we transition to using consensus params directly when the chain starts/restarts i.e. use the genesis values or the defaults in the case of new params in an upgraded chain (I know you've written an entire RFC on this so perhaps I should check there first)

[williambanfield]

Would this work with state syncing? Will we need an extra flag to tell us if it has been set or not?

We would not need this flag, no. We would just always treat 'value as absent' as 'value uses default'. This way historical blocks would always look to be using the defaults. Once the node that is syncing hits a height where the application changed the parameters via EndBlock it would then start to use the updated values. So far this is fine because all param changes we are proposing are timing related and validation of historical blocks does not consider timing at all.

(I'd def recommend the RFC since this is a bit of a fiddly detail and it's hopefully spelled out a little more clearly there).