Unverified Commit 395324a5 authored by Bernhard Schuster's avatar Bernhard Schuster Committed by GitHub
Browse files

malus - mockable overseer mvp (#3224)

parent 5161ae5b
Pipeline #142584 passed with stages
in 35 minutes and 14 seconds
......@@ -356,9 +356,9 @@ checksum = "e91831deabf0d6d7ec49552e489aed63b7456a7a3c46cff62adad428110b0af0"
[[package]]
name = "async-trait"
version = "0.1.48"
version = "0.1.50"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "36ea56748e10732c49404c153638a15ec3d6211ec5ff35d9bb20e13b93576adf"
checksum = "0b98e84bbb4cbcdd97da190ba0c58a1bb0de2c1fdf67d159e192ed766aeca722"
dependencies = [
"proc-macro2",
"quote",
......@@ -6819,6 +6819,21 @@ dependencies = [
"substrate-test-client",
]
[[package]]
name = "polkadot-test-malus"
version = "0.9.4"
dependencies = [
"assert_matches",
"async-trait",
"color-eyre",
"parity-util-mem",
"polkadot-cli",
"polkadot-node-core-candidate-validation",
"polkadot-node-subsystem",
"polkadot-node-subsystem-util",
"structopt",
]
[[package]]
name = "polkadot-test-runtime"
version = "0.9.5"
......
......@@ -64,6 +64,7 @@ members = [
"node/network/collator-protocol",
"node/network/gossip-support",
"node/overseer",
"node/malus",
"node/primitives",
"node/service",
"node/subsystem",
......
......@@ -67,3 +67,5 @@ try-runtime = [ "service/try-runtime" ]
kusama-native = [ "service/kusama-native" ]
westend-native = [ "service/westend-native" ]
rococo-native = [ "service/rococo-native" ]
malus = [ "full-node", "service/malus" ]
......@@ -181,53 +181,64 @@ fn ensure_dev(spec: &Box<dyn service::ChainSpec>) -> std::result::Result<(), Str
}
}
/// Parses polkadot specific CLI arguments and run the service.
pub fn run() -> Result<()> {
let cli = Cli::from_args();
/// Launch a node, accepting arguments just like a regular node,
/// accepts an alternative overseer generator, to adjust behavior
/// for integration tests as needed.
#[cfg(feature = "malus")]
pub fn run_node(cli: Cli, overseer_gen: impl service::OverseerGen) -> Result<()> {
run_node_inner(cli, overseer_gen)
}
match &cli.subcommand {
None => {
let runner = cli.create_runner(&cli.run.base)
.map_err(Error::from)?;
let chain_spec = &runner.config().chain_spec;
fn run_node_inner(cli: Cli, overseer_gen: impl service::OverseerGen) -> Result<()> {
let runner = cli.create_runner(&cli.run.base)
.map_err(Error::from)?;
let chain_spec = &runner.config().chain_spec;
set_default_ss58_version(chain_spec);
set_default_ss58_version(chain_spec);
let grandpa_pause = if cli.run.grandpa_pause.is_empty() {
None
} else {
Some((cli.run.grandpa_pause[0], cli.run.grandpa_pause[1]))
};
let grandpa_pause = if cli.run.grandpa_pause.is_empty() {
None
} else {
Some((cli.run.grandpa_pause[0], cli.run.grandpa_pause[1]))
};
if chain_spec.is_kusama() {
info!("----------------------------");
info!("This chain is not in any way");
info!(" endorsed by the ");
info!(" KUSAMA FOUNDATION ");
info!("----------------------------");
}
if chain_spec.is_kusama() {
info!("----------------------------");
info!("This chain is not in any way");
info!(" endorsed by the ");
info!(" KUSAMA FOUNDATION ");
info!("----------------------------");
}
let jaeger_agent = cli.run.jaeger_agent;
runner.run_node_until_exit(move |config| async move {
let role = config.role.clone();
match role {
#[cfg(feature = "browser")]
Role::Light => service::build_light(config).map(|(task_manager, _)| task_manager).map_err(Into::into),
#[cfg(not(feature = "browser"))]
Role::Light => Err(Error::Other("Light client not enabled".into())),
_ => service::build_full(
config,
service::IsCollator::No,
grandpa_pause,
cli.run.no_beefy,
jaeger_agent,
None,
).map(|full| full.task_manager).map_err(Into::into)
}
})
},
let jaeger_agent = cli.run.jaeger_agent;
runner.run_node_until_exit(move |config| async move {
let role = config.role.clone();
match role {
#[cfg(feature = "browser")]
Role::Light => service::build_light(config).map(|(task_manager, _)| task_manager).map_err(Into::into),
#[cfg(not(feature = "browser"))]
Role::Light => Err(Error::Other("Light client not enabled".into())),
_ => service::build_full(
config,
service::IsCollator::No,
grandpa_pause,
cli.run.no_beefy,
jaeger_agent,
None,
overseer_gen,
).map(|full| full.task_manager).map_err(Into::into)
}
})
}
/// Parses polkadot specific CLI arguments and run the service.
pub fn run() -> Result<()> {
let cli = Cli::from_args();
match &cli.subcommand {
None => run_node_inner(cli, service::RealOverseerGen),
Some(Subcommand::BuildSpec(cmd)) => {
let runner = cli.create_runner(cmd)?;
Ok(runner.sync_run(|config| {
......
......@@ -28,9 +28,12 @@ mod command;
pub use service::{
self,
ProvideRuntimeApi, CoreApi, IdentifyVariant,
Block, RuntimeApiCollection, TFullClient
Block, RuntimeApiCollection, TFullClient,
};
#[cfg(feature = "malus")]
pub use service::create_default_subsystems;
#[cfg(feature = "cli")]
pub use cli::*;
......
......@@ -56,6 +56,7 @@ use async_trait::async_trait;
const LOG_TARGET: &'static str = "parachain::candidate-validation";
/// Configuration for the candidate validation subsystem
#[derive(Clone)]
pub struct Config {
/// The path where candidate validation can store compiled artifacts for PVFs.
pub artifacts_cache_path: PathBuf,
......
[lib]
name = "malus"
path = "src/lib.rs"
[[bin]]
name = "malus-variant-a"
path = "src/variant-a.rs"
[package]
name = "polkadot-test-malus"
description = "Misbehaving nodes for local testnets, system and simnet tests."
license = "GPL-3.0-only"
version = "0.9.4"
authors = ["Parity Technologies <admin@parity.io>"]
edition = "2018"
readme = "README.md"
publish = false
[dependencies]
polkadot-cli = { path = "../../cli", default-features = false, features = [ "cli", "malus" ] }
polkadot-node-subsystem = { path = "../subsystem" }
polkadot-node-subsystem-util = { path = "../subsystem-util" }
polkadot-node-core-candidate-validation = { path = "../core/candidate-validation" }
parity-util-mem = { version = "*", default-features = false, features = ["jemalloc-global"] }
color-eyre = { version = "0.5.11", default-features = false }
assert_matches = "1.5"
structopt = "0.3.21"
async-trait = "0.1.50"
// Copyright 2017-2021 Parity Technologies (UK) Ltd.
// This file is part of Polkadot.
// Polkadot is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// Polkadot is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with Polkadot. If not, see <http://www.gnu.org/licenses/>.
//! A small set of wrapping types to cover most of our adversary test cases.
//!
//! This allows types with internal mutability to synchronize across
//! multiple subsystems and intercept or replace incoming and outgoing
//! messages on the overseer level.
use polkadot_node_subsystem::*;
pub use polkadot_node_subsystem::{messages::AllMessages, FromOverseer};
use std::future::Future;
use std::pin::Pin;
/// Filter incoming and outgoing messages.
pub trait MsgFilter: Send + Sync + Clone + 'static {
/// The message type the original subsystm handles incoming.
type Message: Send + 'static;
/// Filter messages that are to be received by
/// the subsystem.
fn filter_in(&self, msg: FromOverseer<Self::Message>) -> Option<FromOverseer<Self::Message>> {
Some(msg)
}
/// Modify outgoing messages.
fn filter_out(&self, msg: AllMessages) -> Option<AllMessages> {
Some(msg)
}
}
/// A sender with the outgoing messages filtered.
#[derive(Clone)]
pub struct FilteredSender<Sender, Fil> {
inner: Sender,
message_filter: Fil,
}
#[async_trait::async_trait]
impl<Sender, Fil> SubsystemSender for FilteredSender<Sender, Fil>
where
Sender: SubsystemSender,
Fil: MsgFilter,
{
async fn send_message(&mut self, msg: AllMessages) {
if let Some(msg) = self.message_filter.filter_out(msg) {
self.inner.send_message(msg).await;
}
}
async fn send_messages<T>(&mut self, msgs: T)
where
T: IntoIterator<Item = AllMessages> + Send,
T::IntoIter: Send,
{
for msg in msgs {
self.send_message(msg).await;
}
}
fn send_unbounded_message(&mut self, msg: AllMessages) {
if let Some(msg) = self.message_filter.filter_out(msg) {
self.inner.send_unbounded_message(msg);
}
}
}
/// A subsystem context, that filters the outgoing messages.
pub struct FilteredContext<Context: SubsystemContext, Fil: MsgFilter> {
inner: Context,
message_filter: Fil,
sender: FilteredSender<<Context as SubsystemContext>::Sender, Fil>,
}
impl<Context, Fil> FilteredContext<Context, Fil>
where
Context: SubsystemContext,
Fil: MsgFilter<Message = <Context as SubsystemContext>::Message>,
{
pub fn new(mut inner: Context, message_filter: Fil) -> Self {
let sender = FilteredSender::<<Context as SubsystemContext>::Sender, Fil> {
inner: inner.sender().clone(),
message_filter: message_filter.clone(),
};
Self {
inner,
message_filter,
sender,
}
}
}
#[async_trait::async_trait]
impl<Context, Fil> SubsystemContext for FilteredContext<Context, Fil>
where
Context: SubsystemContext,
Fil: MsgFilter<Message = <Context as SubsystemContext>::Message>,
{
type Message = <Context as SubsystemContext>::Message;
type Sender = FilteredSender<<Context as SubsystemContext>::Sender, Fil>;
async fn try_recv(&mut self) -> Result<Option<FromOverseer<Self::Message>>, ()> {
loop {
match self.inner.try_recv().await? {
None => return Ok(None),
Some(msg) => {
if let Some(msg) = self.message_filter.filter_in(msg) {
return Ok(Some(msg));
}
}
}
}
}
async fn recv(&mut self) -> SubsystemResult<FromOverseer<Self::Message>> {
loop {
let msg = self.inner.recv().await?;
if let Some(msg) = self.message_filter.filter_in(msg) {
return Ok(msg);
}
}
}
async fn spawn(
&mut self,
name: &'static str,
s: Pin<Box<dyn Future<Output = ()> + Send>>,
) -> SubsystemResult<()> {
self.inner.spawn(name, s).await
}
async fn spawn_blocking(
&mut self,
name: &'static str,
s: Pin<Box<dyn Future<Output = ()> + Send>>,
) -> SubsystemResult<()> {
self.inner.spawn_blocking(name, s).await
}
fn sender(&mut self) -> &mut Self::Sender {
&mut self.sender
}
}
/// A subsystem to which incoming and outgoing filters are applied.
pub struct FilteredSubsystem<Sub, Fil> {
subsystem: Sub,
message_filter: Fil,
}
impl<Sub, Fil> FilteredSubsystem<Sub, Fil> {
pub fn new(subsystem: Sub, message_filter: Fil) -> Self {
Self {
subsystem,
message_filter,
}
}
}
impl<Context, Sub, Fil> Subsystem<Context> for FilteredSubsystem<Sub, Fil>
where
Context: SubsystemContext + Sync + Send,
Sub: Subsystem<FilteredContext<Context, Fil>>,
FilteredContext<Context, Fil>: SubsystemContext,
Fil: MsgFilter<Message = <Context as SubsystemContext>::Message>,
{
fn start(self, ctx: Context) -> SpawnedSubsystem {
let ctx = FilteredContext::new(ctx, self.message_filter);
Subsystem::<FilteredContext<Context, Fil>>::start(self.subsystem, ctx)
}
}
// Copyright 2017-2020 Parity Technologies (UK) Ltd.
// This file is part of Polkadot.
// Polkadot is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// Polkadot is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with Polkadot. If not, see <http://www.gnu.org/licenses/>.
//! A malicious overseer.
//!
//! An example on how to use the `OverseerGen` pattern to
//! instantiate a modified subsystem implementation
//! for usage with simnet/gurke.
#![allow(missing_docs)]
use color_eyre::eyre;
use polkadot_cli::{
create_default_subsystems,
service::{
AuthorityDiscoveryApi, AuxStore, BabeApi, Block, Error, HeaderBackend, Overseer,
OverseerGen, OverseerGenArgs, OverseerHandler, ParachainHost, ProvideRuntimeApi,
SpawnNamed,
},
Cli,
};
// Import extra types relevant to the particular
// subsystem.
use polkadot_node_core_candidate_validation::{CandidateValidationSubsystem, Metrics};
use polkadot_node_subsystem::messages::CandidateValidationMessage;
use polkadot_node_subsystem_util::metrics::Metrics as _;
// Filter wrapping related types.
use malus::*;
use std::sync::atomic::{AtomicUsize, Ordering};
use std::sync::Arc;
use structopt::StructOpt;
/// Silly example, just drop every second outgoing message.
#[derive(Clone, Default, Debug)]
struct Skippy(Arc<AtomicUsize>);
impl MsgFilter for Skippy {
type Message = CandidateValidationMessage;
fn filter_in(&self, msg: FromOverseer<Self::Message>) -> Option<FromOverseer<Self::Message>> {
if self.0.fetch_add(1, Ordering::Relaxed) % 2 == 0 {
Some(msg)
} else {
None
}
}
fn filter_out(&self, msg: AllMessages) -> Option<AllMessages> {
Some(msg)
}
}
/// Generates an overseer that exposes bad behavior.
struct BehaveMaleficient;
impl OverseerGen for BehaveMaleficient {
fn generate<'a, Spawner, RuntimeClient>(
&self,
args: OverseerGenArgs<'a, Spawner, RuntimeClient>,
) -> Result<(Overseer<Spawner, Arc<RuntimeClient>>, OverseerHandler), Error>
where
RuntimeClient: 'static + ProvideRuntimeApi<Block> + HeaderBackend<Block> + AuxStore,
RuntimeClient::Api: ParachainHost<Block> + BabeApi<Block> + AuthorityDiscoveryApi<Block>,
Spawner: 'static + SpawnNamed + Clone + Unpin,
{
let spawner = args.spawner.clone();
let leaves = args.leaves.clone();
let runtime_client = args.runtime_client.clone();
let registry = args.registry.clone();
let candidate_validation_config = args.candidate_validation_config.clone();
// modify the subsystem(s) as needed:
let all_subsystems = create_default_subsystems(args)?.replace_candidate_validation(
// create the filtered subsystem
FilteredSubsystem::new(
CandidateValidationSubsystem::with_config(
candidate_validation_config,
Metrics::register(registry)?,
),
Skippy::default(),
),
);
Overseer::new(leaves, all_subsystems, registry, runtime_client, spawner)
.map_err(|e| e.into())
}
}
fn main() -> eyre::Result<()> {
color_eyre::install()?;
let cli = Cli::from_args();
assert_matches::assert_matches!(cli.subcommand, None);
polkadot_cli::run_node(cli, BehaveMaleficient)?;
Ok(())
}
......@@ -159,3 +159,4 @@ try-runtime = [
"westend-runtime/try-runtime",
"rococo-runtime/try-runtime",
]
malus = ["full-node"]
......@@ -18,15 +18,13 @@
use std::sync::Arc;
use polkadot_primitives::v1::{BlockNumber, Hash};
use sp_runtime::traits::{Block as BlockT, NumberFor};
use sp_runtime::generic::BlockId;
use sp_runtime::traits::Header as _;
#[cfg(feature = "full-node")]
use {
polkadot_primitives::v1::{Block as PolkadotBlock, Header as PolkadotHeader},
polkadot_primitives::v1::{Hash, Block as PolkadotBlock, Header as PolkadotHeader},
polkadot_subsystem::messages::ApprovalVotingMessage,
prometheus_endpoint::{self, Registry},
polkadot_overseer::OverseerHandler,
......@@ -71,9 +69,10 @@ impl ApprovalCheckingVotingRule {
}
}
#[cfg(feature = "full-node")]
#[derive(Debug, PartialEq)]
/// Vote explicitly on the given hash.
enum ParachainVotingRuleTarget<H, N> {
/// Vote explicitly on the given hash.
Explicit((H, N)),
/// Vote on the current target.
Current,
......@@ -81,6 +80,7 @@ enum ParachainVotingRuleTarget<H, N> {
Base,
}
#[cfg(feature = "full-node")]
fn approval_checking_vote_to_grandpa_vote<H, N: PartialOrd>(
approval_checking_vote: Option<(H, N)>,
current_number: N,
......@@ -99,7 +99,8 @@ fn approval_checking_vote_to_grandpa_vote<H, N: PartialOrd>(
/// The maximum amount of unfinalized blocks we are willing to allow due to approval checking lag.
/// This is a safety net that should be removed at some point in the future.
const MAX_APPROVAL_CHECKING_FINALITY_LAG: BlockNumber = 50;
#[cfg(feature = "full-node")]
const MAX_APPROVAL_CHECKING_FINALITY_LAG: polkadot_primitives::v1::BlockNumber = 50;
#[cfg(feature = "full-node")]
impl<B> grandpa::VotingRule<PolkadotBlock, B> for ApprovalCheckingVotingRule
......
......@@ -22,6 +22,17 @@ pub mod chain_spec;
mod grandpa_support;
mod parachains_db;
#[cfg(feature = "full-node")]
mod overseer;
#[cfg(feature = "full-node")]
pub use self::overseer::{
OverseerGen,
OverseerGenArgs,
RealOverseerGen,
create_default_subsystems,
};
#[cfg(feature = "full-node")]
use {
tracing::info,
......@@ -30,22 +41,26 @@ use {
polkadot_node_core_av_store::Error as AvailabilityError,
polkadot_node_core_approval_voting::Config as ApprovalVotingConfig,
polkadot_node_core_candidate_validation::Config as CandidateValidationConfig,
polkadot_overseer::{AllSubsystems, BlockInfo, Overseer, OverseerHandler},
polkadot_primitives::v1::ParachainHost,
sc_authority_discovery::Service as AuthorityDiscoveryService,
sp_authority_discovery::AuthorityDiscoveryApi,
sp_blockchain::HeaderBackend,
polkadot_overseer::BlockInfo,
sp_trie::PrefixedMemoryDB,
sc_client_api::{AuxStore, ExecutorProvider},
sc_keystore::LocalKeystore,
sp_consensus_babe::BabeApi,
sc_client_api::ExecutorProvider,
grandpa::{self, FinalityProofProvider as GrandpaFinalityProofProvider},
beefy_primitives::ecdsa::AuthoritySignature as BeefySignature,
sp_runtime::traits::Header as HeaderT,
};
use sp_core::traits::SpawnNamed;
#[cfg(feature = "full-node")]
pub use {
sp_blockchain::HeaderBackend,
sp_consensus_babe::BabeApi,
sp_authority_discovery::AuthorityDiscoveryApi,
sc_client_api::AuxStore,
polkadot_primitives::v1::ParachainHost,
polkadot_overseer::{Overseer, OverseerHandler},
};
pub use sp_core::traits::SpawnNamed;
#[cfg(feature = "full-node")]
use polkadot_subsystem::jaeger;
use std::sync::Arc;
......@@ -53,7 +68,9 @@ use std::time::Duration;
use prometheus_endpoint::Registry;
use service::RpcHandlers;