feat: re-fork cometbft-bera onto the v0.39.x line#51
Draft
fridrik01 wants to merge 1 commit into
Draft
Conversation
c800213 to
518c996
Compare
Re-forks the berachain CometBFT customizations from the bera-v1.x line onto a fresh v0.39.x base (tag v0.39.3), establishing the bera-v0.39.x line. Brings over: - Proposer-Based Timestamps (PBTS) + removal of per-vote timestamps - BLS12-381 signature aggregation (aggregated commits + fast catch-up) - NextBlockDelay (ADR-115) and NextProposerAddress in ProcessProposal - validator pub-key wire format, Synchrony/Feature params, and supporting proto Forward-compatible: existing bera-v1.x networks can restart on this binary (on-disk state and consensus sign/wire bytes are byte-identical). Upstream cometbft#5860 is intentionally excluded (arrives via the v0.39.4 rebase).
518c996 to
ecb80ec
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Berachain's CometBFT fork (
bera-v1.x) is built on upstream's v1.x line, which has been wound down in favor of v0.39. Security fixes and improvements such as the new libp2p networking layer now land only on v0.39, while our v1.x base is effectively unmaintained and ours to secure alone. Migrating onto v0.39 puts us back on a maintained line, and keeping PBTS and BLS aggregation preserves the block format so the move can be a rolling binary upgrade rather than a coordinated halt-and-swap.This PR re-forks the berachain CometBFT customizations from the
bera-v1.xline (CometBFT v1.x) onto a freshv0.39.xbase, built on tagv0.39.3. That establishes the newbera-v0.39.xline.It is designed to be forward-compatible, so an existing
bera-v1.xnetwork can restart directly on this binary with no state migration. That works because the on-disk state and the consensus sign and wire bytes are kept byte-identical tobera-v1.x, which we verified against abera-v1.xbuild (see Testing).PBTS and BLS signature aggregation are always enabled on this fork.
What's in it
timeout_commitfrom config.ProcessProposalnow carries the address of the next block's proposer.One thing is deliberately left out. The
#5860blocksync fix (sender binding plus a signature-count cap) is excluded from this PR. It already lives on upstream cometbftv0.39.xand lands in this fork on thev0.39.4rebase, described in Base and upstream syncing below.How to review
Most of the diff is a faithful port of code that already runs in
bera-v1.xproduction, so the review effort is best spent on the parts that had to change specifically forv0.39.There is one caveat on method. Provenance cannot be shown with a mechanical diff, because the
bera-v1.xline moved its packages underinternal/andapi/and renamed the proto packages fromcometbft.*totendermint.*. A file-to-file diff therefore does not line up, and the split below is curated by hand.The following can be skimmed, since they are faithful ports and need little review:
crypto/bls12381, the aggregation primitives. The only change is a build-tag split and an alias relocation..pb.gofiles. Review the.protofiles and the wire facts instead of the generated Go.verifyAggregatedCommitandMakeBLSCommit(intypes/validation.goandtypes/vote_set.go),IsTimely(intypes/proposal.go), and the bulk of the function bodies inconsensus/state.go.The following deserve close review, since they exist only because of the back-port and are where bugs would hide:
LastCommitis now an interface (VoteSetReader) that holds either a*VoteSetor a whole aggregated*Commit. This required guarded type assertions at roughly six call sites, plus acmtjsonregistration so that the/dump_consensus_stateendpoint still works. Seeconsensus/state.go,consensus/types/round_state.go,types/block.go, andtypes/vote_set.go.v0.39must still compile withoutblst. Anaggregation_none.gostub and acanAggregateCommitsfallback gate the aggregated path. Seecrypto/bls12381/aggregation_none.goandconsensus/state.go.timeout_commit. The commit timeout is now derived fromstate.NextBlockDelay, with a fallback toconfig.TimeoutCommit. Seeconsensus/state.go,state/state.go, andstate/execution.go.gogofastercodegen, a mapping fromwrapperstogogo, moving theauthorityfield from 6 to 8, and a hand-writtenWrapandUnwrapfor the newCommitmessage. Seebuf.gen.yamlandproto/tendermint/consensus/message.go.ToProtoandFromProtonow writepub_key_bytesandpub_key_type, with a fallback to the legacypub_key. Seetypes/validator.goandcrypto/encoding/codec.go.v0.39call sites.NewProposalnow takes the block time, which is threaded through about twenty callers. In addition,privval/file.godrops the obsolete path that re-signed a vote when only its timestamp differed, and aProposalTimestampDifferencemetric was added. Seetypes/proposal.go,privval/file.go, andconsensus/metrics.go.The three features are coupled through the
VoteSetReaderchange, which is why they ship as a single PR rather than three.Wire and upgrade compatibility
bera-v1.x, so an existing network can restart on this binary.cometbft.*versustendermint.*) and cannot gossip consensus messages to each other.v0.39.3, owing to the new parameters and the removal of vote timestamps. That is the intended bera shape.Base and upstream syncing
The
bera-v0.39.xline is branched from a tagged upstream release, the CometBFTv0.39.3tag, which gives it a fixed and well-known starting point on the upstreamv0.39.xline. It was created with:Future upstream releases are adopted by rebasing onto the next release tag. For example, when upstream cuts
v0.39.4:git fetch upstream --tags git rebase v0.39.4 bera-v0.39.x # resolve any conflicts in favor of the bera customizations, then rebuild and test git push --force-with-lease origin bera-v0.39.xRebasing onto a tagged release keeps the base at a known and vetted upstream version. Urgent fixes that land upstream between releases, such as
#5860, are cherry-picked individually until the next tagged release includes them. Rebasing ontov0.39.4, which already contains#5860, is the hard gate before any production release.Testing
-tags bls12381.v0.39.3. The one remaining flake reproduces on the pristine tag as well, so it is not a regression.bera-v1.xwas verified out of tree. A one-time harness captured the exact bytes and hashes abera-v1.xbuild produces and confirmed this port produces identical output, covering the vote and proposal sign bytes, the aggregated-commit hash and its proto encoding, the block header hash, the consensus params hash, the persisted state proto, and a full real aggregated commit. That harness is not part of this PR, so a committed vectors test could be added later to make it reproducible in CI.New tests added by this PR:
TestAggregateAndVerifyaggregates BLS signatures and verifies the aggregate, including rejecting an invalid signature and a missing public key.TestReactorAggregatedCommitsruns a full all-BLS validator network and confirms the aggregated commits it produces verify against the validator set.TestAggregationPBTSRejectsUntimelyProposalconfirms that under PBTS a proposal whose timestamp is outside the timely window is prevoted nil.TestAggregationWALReplayRestartrestarts a node through WAL replay and confirms it recovers a height that was committed with an aggregated commit.TestAggregationCatchUpViaAddCommitdrives the catch-up path where a lagging node adopts an aggregated commit throughAddCommitand advances, and checks thatAddCommitrejects forged, wrong-block, and non-aggregated commits.TestPBTSProposerWaitTime,TestPBTSProposalIsTimely, andTestPBTSSynchronyParamsInRoundunit-test the proposer wait, the timeliness check, and the per-round synchrony scaling.