Replies: 2 comments 2 replies
-
It basically comes down to maintaining the following invariant: if a correct replica accepts a message then any other correct replica will accept the message. This invariant would greatly simplify the reasoning about correctness of the implementation, especially of such complicated parts as view change. In order to achieve this, replicas need to keep some context information for each peer replica. The context information should suffice for accurate detection of incorrect messages. In other words, correctness of every message received from a peer replica must be fully justified by the preceding messages received from that replica. I think that changes introduced in 845bc82 make it plausible to maintain this invariant since replicas now keep the following context for each peer replica:
|
Beta Was this translation helpful? Give feedback.
-
I prepared a draft of the changes related to certified message processing in #219. |
Beta Was this translation helpful? Give feedback.
-
Apparently, 845bc82 makes it possible to revert changes previously introduced in 9bd2a0f by requiring sequential UIs for replica commitments (i.e. Prepare/Commit messages) of the same view. Thus I consider some changes assuming that no correct replica can accept an incorrect message. This could simplify handling of ViewChange and NewView messages.
Beta Was this translation helpful? Give feedback.
All reactions