Implement BIP 8 based Speedy Trial activation

[achow101]

Implements the block height (BIP 8) based Speedy Trial activation proposal that was discussed on the bitcoin-dev mailing list.

In order to do so, this PR first changes the versionbits (BIP 9) implementation to use heights rather than MTP. Then the minimum activation height parameter is introduced. This also adds the minimum activation height as a third parameter of -vbparams. Additionally, the threshold is made a parameter of each deployment so that it can be customized for each deployment. Lastly several unit and functional tests are added.

In order to make this easier to backport, the names of functions and classes are largely unchanged (except where necessary for the height based things). This means that some things are misnamed as they refer to BIP 9 even though this is really BIP 8.

This PR borrows 2 commits from #19573 to implement height based versionbits, one commit from #21377 for tests, and 1 commit formerly part of #21380 for the threshold parameterization.

[ajtowns]

Maybe consider rebasing on #21380 ; it adds fuzz testing and removes the need for the MinActivationHeight() virtual functions, and should make the "per-deployment-threshold" part a bit simpler.

[achow101]

Maybe consider rebasing on #21380 ; it adds fuzz testing and removes the need for the MinActivationHeight() virtual functions, and should make the "per-deployment-threshold" part a bit simpler.

Done. It did indeed make this simpler. The fuzzer also caught one minor issue.

[JeremyRubin]

generally looks ok to me couple minor comments; can do a more detailed review later

[JeremyRubin]

Should this be set to NEVER_ACTIVE?

[achow101]

The potential for uninitialized members here is concerning to me, so I am working on a followup to deal with those. That may be rolled into this PR.

[DrahtBot]

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• Refactor versionbits deployments to avoid potential uninitialized variables #21401 (Refactor versionbits deployments to avoid potential uninitialized variables by achow101)
• [Bundle 5/n] Prune g_chainman usage in RPC modules #21391 ([Bundle 5/n] Prune g_chainman usage in RPC modules by dongcarl)
• Convert taproot to flag day activation #21378 (Convert taproot to flag day activation by ajtowns)
• Speedy trial support for versionbits #21377 (Speedy trial support for versionbits by ajtowns)
• test: Add feature_taproot.py --previous_release #20354 (test: Add feature_taproot.py --previous_release by MarcoFalke)
• Introduce deploymentstatus #19438 (Introduce deploymentstatus by ajtowns)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

[Sjors]

Concept ACK. Did some light review of 9e50401.

Would love to see a functional test that shows the speedy trial in action, by looking at softforks in getblockchaininfo (I might write one myself)

[Sjors]

re-ACK 2e55bce

[michaelfolkson]

ACK 2e55bce

Ideally a choice on a Speedy Trial PR would have been made by now so I could focus review and testing on one PR and one approach. Spreading review over two competing PRs is doing none of us any favors. I would have liked to have spent more time testing this PR before ACKing it but I think the biggest danger at this point is spreading review too thinly across two PRs.

[JeremyRubin]

I think this variable name changed.

[achow101]

Will fix if I retouch.

[luke-jr]

Why? Just one period should be enough...

[achow101]

Enforces this sentence in BIP 8:

timeoutheight must be at least 4096 blocks (2 retarget intervals) after startheight.

[ajtowns]

That's needed for lot=true/MUST_SIGNAL to work consistently with lot=false. Could also be solved by adding a transition directly from DEFINED to MUST_SIGNAL (skipping STARTED) I think.

[luke-jr]

Nah, probably not worth changing. One period is probably crazy anyway. And if we ever do need it, we can add the extra logic for it at that time.

[luke-jr]

Probably should either hide this when 0, or use starttime+2*period

[achow101]

I think it's fine to always display.

[harding]

As of commit 2e55bce, lightly tested the likely outcomes of ST and confirmed that getblockchainfo returned the expected values whether activation was achieved or not, before and after the minimum_activation_period. I did not check close enough to detect off-by-one errors or other small details.

Tested creating a regtest chain with this branch and -vbparams=taproot:@144:@576:@1008, producing enough blocks to lockin and activate taproot, synced them to a taproot-oblivious 0.20.1 node, then upgraded that node to this branch with the same vbparams and confirmed that the upgraded node's getblockchaininfo results indicated it would be enforcing taproot.

I skimmed the code and didn't see any problems, but I don't feel confident enough in my reviewing abilities to say it definitely is fine.

[maflcko]

I looked at 2e55bce 🚴

Show signature and timestamp

Signature:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I looked at 2e55bcedb8d73e49620a5731196bf7e23bb53ccc 🚴
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEE+rVPoUahrI9sLGYTzit1aX5ppUgFAlwqrYAACgkQzit1aX5p
pUg82Av/XqMgcTbyFlMastLZ9AJdjHOHQjwpOkce6XC8ktfvqwbWpRioWiSHf0+C
7bN6kFEJMxXPUAOZ4DeHLoBrsCMqTwPJZ21nNV9p8ZhByBBp5KPEA2PJ3s/RwBCp
YeRpKlLj856117mUv/5oFnABj4xuUMmZ3OkwuvU3RN7TrfKBUkR8ZkmzoSaOkv7s
O/bnZC4qudRl/dGFoa+CouYMWpi49mT+kB59Rs8UZha86KH5Td2siTAbbJBiMAi5
8bFUwGSEsvxJGAr+52PHAcUUymGMZp29neY4Q5f7HIJ28uX5ged/EzSiFeeu4GZn
tH9B7mSqOvjnFIdOCvy8HYy8TzShKGvkiD4PcNvcVWfkQi2WbXtns1AjaZ5Tjeu9
ry2OHAzyWSvqbT1DIPD36VTb2c46u/vd9d05rkCjuccHcnXPkV49f68JblA2p9Fj
LUpoCswXIJPZtPxs2ZSwb0LxP54YW1RnguVOy6jg7PcMnecDeu/LFD4MsJtVJE9W
bqp2Q82X
=zjni
-----END PGP SIGNATURE-----

Timestamp of file with hash 9fd4467b454c576b05f9c797bd20cd8620ad58c2b63ca8dd4e36f27ec7059a14 -

[maflcko]

Any reason to use gArgs in the previous line, then m_node.args here? Might be better to just use a local symbol to avoid potentially polluting other tests

[achow101]

If I need to retouch

[maflcko]

Any reason to not enforce startheight >= nMinerConfirmationWindow? Otherwise it is possible to violate the "2 period rule" by setting @0:@288.

[achow101]

If I need to retouch

[maflcko]

Then it could be ignored for NEVER as well or what is the reason to treat ALWAYS different from NEVER?

[maflcko]

Any reason to not assert this transition can't happen?

[achow101]

I think that's being checked by the test cases.

[sipa]

The fuzz test has all transitions of the state machine implemented (in a "come from" form rather than a "go to" form). I don't think it's possible to make incorrect transitions that it won't detect.

[devrandom]

ACK 2e55bce

In addition to the testing in #21392 (comment) I also checked that the fuzzer detects various off-by-one errors I manually introduced into the implementation.

[luke-jr]

utACK 2e55bce

[benthecarman]

reACK 2e55bce

[sipa]

Code review ACK 2e55bce

[sipa]

@MarcoFalke I think that the rationale is that NO_TIMEOUT isn't a special value (unlike ALWAYS_ACTIVE and NEVER_ACTIVE), it's just a timestamp very far in the future.

[sipa]

@benthecarman To what?

[ajtowns]

I think I'm an approach NACK, or at least approach -1, on using heights for activation at this point: they're incompatible with activating on testnet due to hash rate inconsistency, and they're incompatible with activation on signet due to custom signets being able to have completely random heights, since anyone can start a new one at any time. They're not especially convenient for activating on mainnet either: we're choosing timeframes and then converting that to expected block heights, but that can have significant errors -- if we want to give people "3 months" to review an update before deploying it, and choose block heights to reflect that, we risk both increased hashpower reducing that time substantially, or reduced hashpower introducing unwanted delays.

The main arguments I've seen for the height based approach is to avoid the signalling phase being skipped entirely, and to prevent a mandatory signalling phase (UASF/bip148/bip91/etc) from being skipped entirely, even in the event of a substantial loss of hashrate. But those goals can be achieved with the MTP approach as well -- see the top commit on https://github.com/ajtowns/bitcoin/commits/202103-bip9-uasf .

There's the additional benefit that it's simpler to explain "signalling begins at height X and ends at height Y" than "signalling begins at the first retarget period after time X, and ends in the last retarget period before time Y", but that seems like a much lower priority than being able to test activations on testnet and signet prior to activation on mainnet...

[michaelfolkson]

For the sake of respecting other reviewers' time, Taproot is already active on the default Signet for testing and experimentation with Taproot transactions. Activating Taproot on testnet seems like a very low priority, certainly a lower priority than ensuring the optimal code is merged for mainnet activation.

If you want a summary of the arguments for a consistent use of block height versus using a mix of block height and MTP there is this SE question with two answers, one from harding and one from me summarizing the arguments expressed in the two Speedy Trial PRs.

This appears to be the major differentiator between the two PRs. If you would prefer a consistent use of block height I would recommend reviewing this PR. If you would prefer a mix of block height and MTP I would recommend reviewing AJ's alternative Speedy Trial PR.

As I've communicated on AJ's PR, spreading review over two competing PRs is doing none of us any favors at this point.

[michaelfolkson]

Also this shows preferences for a consistent use of block height.

I don't have a strong view but it appears that @achow101 in #21392 and just by reading the comments in this PR @luke-jr @benthecarman @JeremyRubin @Sjors @roconnor-blockstream @harding all have a preference for a fully height based approach over any use of MTP.

If that isn't the case please correct me. And if anyone else has a view on entirely block height versus some limited use of MTP can you post it on IRC (##taproot-activation)?

The fuzzing PR looks very cool. On that PR @MarcoFalke also expresses an expectation that activation will be based on block heights.

edit: Some additional comments from today's Core dev meeting

"it comes down to mtp vs block height" @achow101

"the main difference between these two PRs are using block height vs MTP " @amitiuttarwar

"with mtp, we run the risk of losing 2 signaling periods. with already few signaling periods, this has the possibility of failing to activate due to bad luck" @achow101

"the property that achow101's PR improves is a fixed (number) of signals" @JeremyRubin

In addition @JeremyRubin stated here "I have a preference for fully height based design, correct."

This is becoming a farce, pure and simple.

[benthecarman]

I think I'm an approach NACK, or at least approach -1, on using heights for activation at this point: they're incompatible with activating on testnet due to hash rate inconsistency, and they're incompatible with activation on signet due to custom signets being able to have completely random heights, since anyone can start a new one at any time

I don't think test networks should be relevant to mainnet's activation mechanisms / consensus rules

[jnewbery]

Why are you widening height from an int (32 bit) to a int64_t, and then comparing with ints below?

[achow101]

Will fix if I need to retouch.

[jnewbery]

Use docstrings for test description to separate from copyright notice

[achow101]

If I need to retouch

[jnewbery]

Separate std library imports from local imports

[achow101]

If I need to retouch

[jnewbery]

f-strings are generally preferred in new tests:

Suggested change

	['-vbparams=testdummy:@144:@{}'.format(144 * 3)], # Node 1 has regular activation window
	[f'-vbparams=testdummy:@144:@{144 * 3}'], # Node 1 has regular activation window

[achow101]

These use this format so that it is easier to backport. 0.21 is using a version python that doesn't support f-strings.

[jnewbery]

There's a lot of repetition here. You could factor this out into a function.

[achow101]

It's about as repetitive if this were a function IMO.

[jnewbery]

unused

[achow101]

If I need to retouch

[jnewbery]

unused

[achow101]

If I need to retouch

[jnewbery]

The warning message emitted when this threshold is reached is "Warning: unknown new rules activated", whereas now the threshold being reached really means "Warning: unknown new rules may be activated soon" (since 75% doesn't actually indicate that any vbits deployment will activate).

I think it might make sense to remove the m_vbits_min_threshold parameter from chain params and set the threshold to 75% of nMinerConfirmationWindow here.

[achow101]

Perhaps for a followup, or if I retouch.

[sipa]

I believe this is the intended state machine:

To generate:

$ dot -Tpng >states.png
digraph versionbits {
    defined [shape=box,label="DEFINED"];
    started [shape=box,label="STARTED"];
    failed [shape=box,label="FAILED"];
    locked [shape=box,label="LOCKED_IN"];
    active [shape=box,label="ACTIVE"];

    defined -> defined [label="height < begin"];
    defined -> started [label="height >= begin"];
    started -> started [label="sig < thresh\nheight < end"];
    started -> failed [label="sig < thresh\nheight >= end"];
    started -> locked [label="sig >= thresh\n"];
    locked -> locked [label="height < min_active"];
    locked -> active [label="height >= min_active"];
    active -> active [label="always"];
    failed -> failed [label="always"];
}

[Rspigler]

Should STARTED -> LOCKED_IN be defined as "sig >= thresh & height <= end" ?

[achow101]

Closing this for now as #21377 (with some changes) is agreeable to most people.