The DAO soft-fork try was troublesome. Not solely did it prove that we underestimated the unintended effects on the consensus protocol (i.e. DoS vulnerability), however we additionally managed to introduce an information race into the rushed implementation that was a ticking time bomb. It was not supreme, and regardless that averted on the final occasion, the quick approaching hard-fork deadline seemed eerily bleak to say the least. We wanted a brand new technique…
The stepping stone in the direction of this was an concept borrowed from Google (courtesy of Nick Johnson): writing up an in depth postmortem of the occasion, aiming to evaluate the foundation causes of the problem, focusing solely on the technical elements and applicable measures to forestall recurrence.
Technical options scale and persist; blaming individuals doesn’t. ~ Nick
From the postmortem, one fascinating discovery from the angle of this weblog submit was made. The soft-fork code inside [go-ethereum](https://github.com/ethereum/go-ethereum) appeared stable from all views: a) it was completely lined by unit assessments with a 3:1 test-to-code ratio; b) it was completely reviewed by six basis builders; and c) it was even manually dwell examined on a personal community… But nonetheless, a deadly knowledge race remained, which might have probably prompted extreme community disruption.
It transpired that the flaw might solely ever happen in a community consisting of a number of nodes, a number of miners and a number of blocks being minted concurrently. Even when all of these eventualities held true, there was solely a slight probability for the bug to floor. Unit assessments can not catch it, code reviewers might or might not catch it, and handbook testing catching it might be unlikely. Our conclusion was that the event groups wanted extra instruments to carry out reproducible assessments that might cowl the intricate interaction of a number of nodes in a concurrent networked state of affairs. With out such a software, manually checking the assorted edge circumstances is unwieldy; and with out doing these checks repeatedly as a part of the event workflow, uncommon errors would turn into unimaginable to find in time.
And thus, hive was born…
What’s hive?
Ethereum grew massive to the purpose the place testing implementations grew to become an enormous burden. Unit assessments are positive for checking numerous implementation quirks, however validating {that a} consumer conforms to some baseline high quality, or validating that purchasers can play properly collectively in a multi consumer surroundings, is all however easy.
Hive is supposed to function an simply expandable take a look at harness the place anybody can add assessments (be these easy validations or community simulations) in any programming language that they’re comfy with, and hive ought to concurrently have the ability to run these assessments in opposition to all potential purchasers. As such, the harness is supposed to do black field testing the place no consumer particular inside particulars/state might be examined and/or inspected, reasonably emphasis could be placed on adherence to official specs or behaviors beneath totally different circumstances.
Most significantly, hive was designed from the bottom as much as run as a part of any purchasers’ CI workflow!
How does hive work?
Hive’s physique and soul is [docker](https://www.docker.com/). Each consumer implementation is a docker picture; each validation suite is a docker picture; and each community simulation is a docker picture. Hive itself is an all encompassing docker picture. It is a very highly effective abstraction…
Since Ethereum clients are docker photographs in hive, builders of the purchasers can assemble the very best surroundings for his or her purchasers to run in (dependency, tooling and configuration sensible). Hive will spin up as many situations as wanted, all of them operating in their very own Linux techniques.
Equally, as test suites validating Ethereum purchasers are docker photographs, the author of the assessments can use any programing surroundings he’s most conversant in. Hive will guarantee a consumer is operating when it begins the tester, which might then validate if the actual consumer conforms to some desired habits.
Lastly, network simulations are but once more outlined by docker photographs, however in comparison with easy assessments, simulators not solely execute code in opposition to a operating consumer, however can really begin and terminate purchasers at will. These purchasers run in the identical digital community and might freely (or as dictated by the simulator container) join to one another, forming an on-demand non-public Ethereum community.
How did hive assist the fork?
Hive is neither a alternative for unit testing nor for thorough reviewing. All present employed practices are important to get a clear implementation of any characteristic. Hive can present validation past what’s possible from a mean developer’s perspective: operating in depth assessments that may require complicated execution environments; and checking networking nook circumstances that may take hours to arrange.
Within the case of the DAO hard-fork, past all of the consensus and unit assessments, we would have liked to make sure most significantly that nodes partition cleanly into two subsets on the networking degree: one supporting and one opposing the fork. This was important because it’s unimaginable to foretell what opposed results operating two competing chains in a single community may need, particularly from the minority’s perspective.
As such we have applied three particular community simulations in hive:
-
The first to test that miners operating the total Ethash DAGs generate right block extra-data fields for each pro-forkers and no-forkers, even when making an attempt to naively spoof.
-
The second to confirm {that a} community consisting of combined pro-fork and no-fork nodes/miners appropriately splits into two when the fork block arrives, additionally sustaining the break up afterwards.
-
The third to test that given an already forked community, newly becoming a member of nodes can sync, quick sync and lightweight sync to the chain of their alternative.
The fascinating query although is: did hive really catch any errors, or did is simply act as an additional affirmation that the whole lot’s all proper? And the reply is, each. Hive caught three fork-unrelated bugs in Geth, however additionally closely aided Geth’s hard-fork improvement by repeatedly offering suggestions on how adjustments affected community habits.
There was some criticism of the go-ethereum staff for taking their time on the hard-fork implementation. Hopefully individuals will now see what we had been as much as, whereas concurrently implementing the fork itself. All in all, I consider hive turned out to play fairly an essential function within the cleanness of this transition.
What’s hive’s future?
The Ethereum GitHub group options [4 test tools already](https://github.com/ethereum?utf8=%E2percent9Cpercent93&question=take a look at), with at the very least one EVM benchmark software cooking in some exterior repository. They aren’t being utilised to their full extent. They’ve a ton of dependencies, generate a ton of junk and are very sophisticated to make use of.
With hive, we’re aiming to combination all the assorted scattered assessments beneath one common consumer validator that has minimal dependencies, might be prolonged by anybody, and might run as a part of the every day CI workflow of consumer builders.
We welcome anybody to make a contribution to the mission, be that including new purchasers to validate, validators to check with, or simulators to search out fascinating networking points. Within the meantime, we’ll attempt to additional polish hive itself, including help for operating benchmarks in addition to mixed-client simulations.
With a bit or work, possibly we’ll even have help for operating hive within the cloud, permitting it to run community simulations at a way more fascinating scale.
