fix(spec/consensus): Small fixes to overview.md file. #873
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nenadmilosevic95
requested review from
cason and
josef-widder
as code owners
cason
requested changes
Feb 24, 2025
There was a problem hiding this comment.
Thank you very much for taking your time to review this.
I tried to fix some of the points you have raised and we need to further discuss others.
The point is that we can't commit your \NM{} comments to main, so either we keep it as a draft, or we work to rephrase some content in order to address the comments.
specs/consensus/overview.md
Outdated
| The algorithm presented in the [pseudo-code][pseudo-code] represent the | ||
| operation of an instance of consensus in a process `p`. | ||
| The algorithm presented in the [pseudo-code][pseudo-code] represents the | ||
| operation of an instance of consensus in a process `p`. NM{The pseudo-code from the paper is not one instance/height, it is multi instance? } |
There was a problem hiding this comment.
There is a confusion between instance of consensus and instance of the protocol, also known as a process.
Thank you for spotting that.
| @@ -39,7 +39,7 @@ A this point, the process increases `h_p` (line 52) and starts the next height | |||
| of consensus, in which the same algorithm is executed again. | |||
|
|
|||
| For the sake of the operation of the consensus algorithm, heights are | |||
| completely independent executions. | |||
| completely independent executions. NM{Not sure I fully understand what do we want to say here?} | |||
There was a problem hiding this comment.
Messages and events from a height H have no effect on the operation of any height H' != H.
There was a problem hiding this comment.
Suggested change
| completely independent executions. NM{Not sure I fully understand what do we want to say here?} | |
| communication-closed, that is, a message from some height `H` does not influence a process that is in height `H' != H`. |
| @@ -181,6 +181,7 @@ associated to a [round step](#round-steps): | |||
| The last field can be either the unique identifier `id(v)` of a proposed | |||
| value `v` for which the process has received `⟨PREVOTE, h, r, id(v)⟩` | |||
| messages from a super-majority of processes, or the special `nil` value otherwise. | |||
| NM{I am not sure we have defined super-majority anywhere?} | |||
There was a problem hiding this comment.
We can add a link to the #voting-power section, where we define it properly. Since we indeed did not define it yet.
| None of the locked values can be decided, for the lack of votes, but liveness | ||
| is under threat, as detailed in this [discussion][equivocation-discussion]. | ||
| is under threat, as detailed in this [discussion][equivocation-discussion]. \NM{Potentially they cannot be decided, so maybe we can rephrase a bit this sentence. } |
There was a problem hiding this comment.
This paragraph is describing a scenario, where we assume that this happens. So I am not sure if we need to fix the sentence.
cason
reviewed
Feb 24, 2025
| @@ -879,6 +883,8 @@ There are however some scenarios to consider: | |||
| 3. `step_p = precommit`: in this case, `p` only updates `validValue_p` to `v` | |||
| and `validRound_p` to `r`. | |||
|
|
|||
| \NM{I would maybe just talk about two scenarios here, when it locks and when it just updates valid values} | |||
There was a problem hiding this comment.
Yes, at the end there are two. For the first we say that either 2. or 3. apply (or maybe none of them).
| @@ -929,7 +940,8 @@ correct processes, and consider the [Locked Value](#locked-value) handling: | |||
| - every process `p` in `C` has set `lockedValue_p` to `v` and `lockedRound_p` | |||
| to `r` ; | |||
| - every process `p` in `C` will broadcast a `PREVOTE` for `nil` in rounds | |||
| `r' > r` where a value `v' != v` is proposed. | |||
| `r' > r` where a value `v' != v` is proposed. \NM{this might not be clear for all and this is | |||
| what we explain below, so maybe we can somehow rephrase" } | |||
There was a problem hiding this comment.
Where we describe there, I could not follow here. Maybe we can explain why they prevote nil, otherwise I don't know how to change the description.
| @@ -1019,6 +1031,10 @@ Notice, however, that from the [Gossip communication property](#network), `q` | |||
| should eventually receive the POL for `v` in round `vr`, since `p` is a correct | |||
| process. | |||
|
|
|||
| \NM{I think we should mention in the text here that we show the intution how condition 2 is achieved later, because | |||
There was a problem hiding this comment.
I agree. Added a sentence to the last paragraph, check if it works. :)
Co-authored-by: Daniel <daniel.cason@informal.systems> Signed-off-by: Josef Widder <44643235+josef-widder@users.noreply.github.com>
| @@ -39,7 +39,7 @@ A this point, the process increases `h_p` (line 52) and starts the next height | |||
| of consensus, in which the same algorithm is executed again. | |||
|
|
|||
| For the sake of the operation of the consensus algorithm, heights are | |||
| completely independent executions. | |||
| completely independent executions. NM{Not sure I fully understand what do we want to say here?} | |||
There was a problem hiding this comment.
Suggested change
| completely independent executions. NM{Not sure I fully understand what do we want to say here?} | |
| communication-closed, that is, a message from some height `H` does not influence a process that is in height `H' != H`. |
| @@ -180,7 +180,8 @@ associated to a [round step](#round-steps): | |||
| [`precommit`](#precommit) step of round `r` of height `h`. | |||
| The last field can be either the unique identifier `id(v)` of a proposed | |||
| value `v` for which the process has received `⟨PREVOTE, h, r, id(v)⟩` | |||
| messages from a super-majority of processes, or the special `nil` value otherwise. | |||
| messages from a [super-majority](#voting-power) of processes, or the special `nil` value otherwise. | |||
| NM{I am not sure we have defined super-majority anywhere?} | |||
There was a problem hiding this comment.
Suggested change
| NM{I am not sure we have defined super-majority anywhere?} |
I think @cason already addressed this
| `⟨PREVOTE, h, r, *⟩` or `⟨PRECOMMIT, h, r, *⟩` messages received from a process | ||
| in a round `r` of height `h`. | ||
| Different (equivocating) versions of the same message from the same sender | ||
| should, from a defensive point of view, be disregarded and dropped by the | ||
| consensus logic as they were duplicated messages. | ||
| consensus logic as they were duplicated messages. NM{Ok I guess this is the change you want to implement or have alrady implemented, that is different from the paper?} |
There was a problem hiding this comment.
Suggested change
| consensus logic as they were duplicated messages. NM{Ok I guess this is the change you want to implement or have alrady implemented, that is different from the paper?} | |
| consensus logic as they were duplicated messages (note that doing this maintains safety, but leads to violations of the gossip property from the [Tendermint paper](https://arxiv.org/abs/1807.04938), and thus introduces liveness issues; see below). |
| @@ -744,7 +748,7 @@ But `∆` is not always observed by the system, which may operate asynchronously | |||
| for an arbitrary amount of time. | |||
| There is, however, a (possibly unknown) Global Stabilization Time (`GST`), a | |||
| time from which the system becomes synchronous and `∆` is observed for all | |||
| messages sent by correct processes. | |||
| messages sent by correct processes. \NM{Ok this "possibly unknown" in both sentences is confusing me? Did you try to somehow capture both versions of partially synchronous system models? } | |||
There was a problem hiding this comment.
I think it is fine, I would just keep it. Even if both are unknown, the algorithm should work, no? That would be the model in the Chandra/Toueg paper on failure detectors.
Comment on lines
+916
to
+919
| \NM{The explanations here are fine for me, but I am not good to review this as I know in detail how this mechanism | ||
| works. I think we should ask someone who does not understand how valid value and locked value correlate and see | ||
| if he/she got it from this. I think this explanation introduces the difference but do not explain the mechanism. | ||
| Update: I saw that latter you do explain, so I am happy with the explanations. } |
There was a problem hiding this comment.
Suggested change
| \NM{The explanations here are fine for me, but I am not good to review this as I know in detail how this mechanism | |
| works. I think we should ask someone who does not understand how valid value and locked value correlate and see | |
| if he/she got it from this. I think this explanation introduces the difference but do not explain the mechanism. | |
| Update: I saw that latter you do explain, so I am happy with the explanations. } |
I guess the update says that it is fine as is.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I made a pass on overview.md file.
IMHO this is a very nice explanation of Tendermint. Great job @cason and @josef-widder and who else contributed !!!
I made some minor fixes, and made some comments. I am available if you want to discuss anything, and feel free to ignore the things you think are not relevant!
PR author checklist
For all contributors
For external contributors