Merge pull request #3326 from tendermint/release/v0.30.1

Release/v0.30.1
update changelog
2025-07-16 21:01:59 +00:00 · 2019-02-20 10:10:49 -05:00 · 2019-02-20 10:05:57 -05:00 · 2019-02-18 15:27:26 +04:00 · 2019-02-18 14:08:22 +04:00 · 2019-02-18 13:23:40 +04:00
196 changed files with 4862 additions and 1566 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -48,10 +48,10 @@ jobs:
          key: v3-pkg-cache
          paths:
            - /go/pkg
-      # - save_cache:
-      #     key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      #     paths:
-      #       - /go/src/github.com/tendermint/tendermint
+      - save_cache:
+          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
+          paths:
+            - /go/src/github.com/tendermint/tendermint

  build_slate:
    <<: *defaults
@@ -60,23 +60,8 @@ jobs:
          at: /tmp/workspace
      - restore_cache:
          key: v3-pkg-cache
-      # https://discuss.circleci.com/t/saving-cache-stopped-working-warning-skipping-this-step-disabled-in-configuration/24423/2
-      # - restore_cache:
-      #     key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      - checkout
-      - run:
-          name: tools
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_tools
-      - run:
-          name: dependencies
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_vendor_deps
-      - run: mkdir -p $GOPATH/src/github.com/tendermint
-      - run: ln -sf /home/circleci/project $GOPATH/src/github.com/tendermint/tendermint
-
+      - restore_cache:
+          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
      - run:
          name: slate docs
          command: |
@@ -91,29 +76,14 @@ jobs:
          at: /tmp/workspace
      - restore_cache:
          key: v3-pkg-cache
-      # - restore_cache:
-      #     key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      - checkout
-      - run:
-          name: tools
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_tools
-            make get_dev_tools
-      - run:
-          name: dependencies
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_vendor_deps
-      - run: mkdir -p $GOPATH/src/github.com/tendermint
-      - run: ln -sf /home/circleci/project $GOPATH/src/github.com/tendermint/tendermint
-
+      - restore_cache:
+          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
      - run:
          name: metalinter
          command: |
            set -ex
            export PATH="$GOBIN:$PATH"
-            make metalinter
+            make lint
      - run:
          name: check_dep
          command: |
@@ -128,22 +98,8 @@ jobs:
          at: /tmp/workspace
      - restore_cache:
          key: v3-pkg-cache
-      # - restore_cache:
-      #     key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      - checkout
-      - run:
-          name: tools
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_tools
-      - run:
-          name: dependencies
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_vendor_deps
-      - run: mkdir -p $GOPATH/src/github.com/tendermint
-      - run: ln -sf /home/circleci/project $GOPATH/src/github.com/tendermint/tendermint
-
+      - restore_cache:
+          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
      - run:
          name: Run abci apps tests
          command: |
@@ -159,22 +115,8 @@ jobs:
          at: /tmp/workspace
      - restore_cache:
          key: v3-pkg-cache
-      # - restore_cache:
-      #     key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      - checkout
-      - run:
-          name: tools
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_tools
-      - run:
-          name: dependencies
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_vendor_deps
-      - run: mkdir -p $GOPATH/src/github.com/tendermint
-      - run: ln -sf /home/circleci/project $GOPATH/src/github.com/tendermint/tendermint
-
+      - restore_cache:
+          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
      - run:
          name: Run abci-cli tests
          command: |
@@ -188,22 +130,8 @@ jobs:
          at: /tmp/workspace
      - restore_cache:
          key: v3-pkg-cache
-      # - restore_cache:
-      #     key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      - checkout
-      - run:
-          name: tools
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_tools
-      - run:
-          name: dependencies
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_vendor_deps
-      - run: mkdir -p $GOPATH/src/github.com/tendermint
-      - run: ln -sf /home/circleci/project $GOPATH/src/github.com/tendermint/tendermint
-
+      - restore_cache:
+          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
      - run: sudo apt-get update && sudo apt-get install -y --no-install-recommends bsdmainutils
      - run:
          name: Run tests
@@ -217,22 +145,8 @@ jobs:
          at: /tmp/workspace
      - restore_cache:
          key: v3-pkg-cache
-      # - restore_cache:
-      #     key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      - checkout
-      - run:
-          name: tools
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_tools
-      - run:
-          name: dependencies
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_vendor_deps
-      - run: mkdir -p $GOPATH/src/github.com/tendermint
-      - run: ln -sf /home/circleci/project $GOPATH/src/github.com/tendermint/tendermint
-
+      - restore_cache:
+          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
      - run: mkdir -p /tmp/logs
      - run:
          name: Run tests
@@ -240,7 +154,7 @@ jobs:
            for pkg in $(go list github.com/tendermint/tendermint/... | circleci tests split --split-by=timings); do
              id=$(basename "$pkg")

-              GOCACHE=off go test -timeout 5m -race -coverprofile=/tmp/workspace/profiles/$id.out -covermode=atomic "$pkg" | tee "/tmp/logs/$id-$RANDOM.log"
+              GOCACHE=off go test -v -timeout 5m -race -coverprofile=/tmp/workspace/profiles/$id.out -covermode=atomic "$pkg" | tee "/tmp/logs/$id-$RANDOM.log"
            done
      - persist_to_workspace:
          root: /tmp/workspace
@@ -256,22 +170,8 @@ jobs:
          at: /tmp/workspace
      - restore_cache:
          key: v3-pkg-cache
-      # - restore_cache:
-      #     key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      - checkout
-      - run:
-          name: tools
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_tools
-      - run:
-          name: dependencies
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_vendor_deps
-      - run: mkdir -p $GOPATH/src/github.com/tendermint
-      - run: ln -sf /home/circleci/project $GOPATH/src/github.com/tendermint/tendermint
-
+      - restore_cache:
+          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
      - run:
          name: Run tests
          command: bash test/persist/test_failure_indices.sh
@@ -292,9 +192,7 @@ jobs:
            name: run localnet and exit on failure
            command: |
              set -x
-              make get_tools
-              make get_vendor_deps
-              make build-linux
+              docker run --rm -v "$PWD":/go/src/github.com/tendermint/tendermint -w /go/src/github.com/tendermint/tendermint golang:1.11.4 make build-linux
              make localnet-start &
              ./scripts/localnet-blocks-test.sh 40 5 10 localhost

@@ -317,22 +215,10 @@ jobs:
    steps:
      - attach_workspace:
          at: /tmp/workspace
-      # - restore_cache:
-      #     key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
-      - checkout
-      - run:
-          name: tools
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_tools
-      - run:
-          name: dependencies
-          command: |
-            export PATH="$GOBIN:$PATH"
-            make get_vendor_deps
-      - run: mkdir -p $GOPATH/src/github.com/tendermint
-      - run: ln -sf /home/circleci/project $GOPATH/src/github.com/tendermint/tendermint
-
+      - restore_cache:
+          key: v3-pkg-cache
+      - restore_cache:
+          key: v3-tree-{{ .Environment.CIRCLE_SHA1 }}
      - run:
          name: gather
          command: |
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -4,4 +4,6 @@
 *       @ebuchman @melekes @xla

 # Precious documentation
-/docs/  @zramsay
+/docs/README.md  @zramsay
+/docs/DOCS_README.md  @zramsay
+/docs/.vuepress/  @zramsay
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -0,0 +1,59 @@
+run:
+  deadline: 1m
+
+linters:
+  enable-all: true
+  disable:
+    - gocyclo
+    - golint
+    - maligned
+    - errcheck
+    - staticcheck
+    - dupl
+    - ineffassign
+    - interfacer
+    - unconvert
+    - goconst
+    - unparam
+    - nakedret
+    - lll
+    - gochecknoglobals
+    - gocritic
+    - gochecknoinits
+    - scopelint
+    - stylecheck
+
+# linters-settings:
+#   govet:
+#     check-shadowing: true
+#   golint:
+#     min-confidence: 0
+#   gocyclo:
+#     min-complexity: 10
+#   maligned:
+#     suggest-new: true
+#   dupl:
+#     threshold: 100
+#   goconst:
+#     min-len: 2
+#     min-occurrences: 2
+#   depguard:
+#     list-type: blacklist
+#     packages:
+#       # logging is allowed only by logutils.Log, logrus
+#       # is allowed to use only in logutils package
+#       - github.com/sirupsen/logrus
+#   misspell:
+#     locale: US
+#   lll:
+#     line-length: 140
+#   goimports:
+#     local-prefixes: github.com/golangci/golangci-lint
+#   gocritic:
+#     enabled-tags:
+#       - performance
+#       - style
+#       - experimental
+#     disabled-checks:
+#       - wrapperFunc
+#       - commentFormatting # https://github.com/go-critic/go-critic/issues/755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,147 @@
 # Changelog

+## v0.30.1
+
+*February 20th, 2019*
+
+This release fixes a consensus halt and a DataCorruptionError after restart
+discovered in `game_of_stakes_6`. It also fixes a security issue in the p2p
+handshake by authenticating the NetAddress.ID of the peer we're dialing.
+
+### IMPROVEMENTS:
+
+* [config] [\#3291](https://github.com/tendermint/tendermint/issues/3291) Make
+  config.ResetTestRootWithChainID() create concurrency-safe test directories.
+
+### BUG FIXES:
+
+* [consensus] [\#3295](https://github.com/tendermint/tendermint/issues/3295)
+  Flush WAL on stop to prevent data corruption during graceful shutdown.
+* [consensus] [\#3302](https://github.com/tendermint/tendermint/issues/3302)
+  Fix possible halt by resetting TriggeredTimeoutPrecommit before starting next height.
+* [rpc] [\#3251](https://github.com/tendermint/tendermint/issues/3251) Fix
+  `/net_info#peers#remote_ip` format. New format spec:
+  * dotted decimal ("192.0.2.1"), if ip is an IPv4 or IP4-mapped IPv6 address
+  * IPv6 ("2001:db8::1"), if ip is a valid IPv6 address
+* [cmd] [\#3314](https://github.com/tendermint/tendermint/issues/3314) Return
+  an error on `show_validator` when the private validator file does not exist.
+* [p2p] [\#3010](https://github.com/tendermint/tendermint/issues/3010#issuecomment-464287627)
+  Authenticate a peer against its NetAddress.ID when dialing.
+
+## v0.30.0
+
+*February 8th, 2019*
+
+This release fixes yet another issue with the proposer selection algorithm.
+We hope it's the last one, but we won't be surprised if it's not.
+We plan to one day expose the selection algorithm more directly to
+the application ([\#3285](https://github.com/tendermint/tendermint/issues/3285)), and even to support randomness ([\#763](https://github.com/tendermint/tendermint/issues/763)).
+For more, see issues marked
+[proposer-selection](https://github.com/tendermint/tendermint/labels/proposer-selection).
+
+This release also includes a fix to prevent Tendermint from including the same
+piece of evidence in more than one block. This issue was reported by @chengwenxi in our
+[bug bounty program](https://hackerone.com/tendermint).
+
+### BREAKING CHANGES:
+
+* Apps
+  - [state] [\#3222](https://github.com/tendermint/tendermint/issues/3222)
+    Duplicate updates for the same validator are forbidden. Apps must ensure
+    that a given `ResponseEndBlock.ValidatorUpdates` contains only one entry per pubkey.
+
+* Go API
+  - [types] [\#3222](https://github.com/tendermint/tendermint/issues/3222)
+    Remove `Add` and `Update` methods from `ValidatorSet` in favor of new
+    `UpdateWithChangeSet`. This allows updates to be applied as a set, instead of
+    one at a time.
+
+* Block Protocol
+  - [state] [\#3286](https://github.com/tendermint/tendermint/issues/3286) Blocks that include already committed evidence are invalid.
+
+* P2P Protocol
+  - [consensus] [\#3222](https://github.com/tendermint/tendermint/issues/3222)
+    Validator updates are applied as a set, instead of one at a time, thus
+    impacting the proposer priority calculation. This ensures that the proposer
+    selection algorithm does not depend on the order of updates in
+    `ResponseEndBlock.ValidatorUpdates`.
+
+### IMPROVEMENTS:
+- [crypto] [\#3279](https://github.com/tendermint/tendermint/issues/3279) Use `btcec.S256().N` directly instead of hard coding a copy.
+
+### BUG FIXES:
+- [state] [\#3222](https://github.com/tendermint/tendermint/issues/3222) Fix validator set updates so they are applied as a set, rather
+  than one at a time. This makes the proposer selection algorithm independent of
+  the order of updates in `ResponseEndBlock.ValidatorUpdates`.
+- [evidence] [\#3286](https://github.com/tendermint/tendermint/issues/3286) Don't add committed evidence to evidence pool.
+
+## v0.29.2
+
+*February 7th, 2019*
+
+Special thanks to external contributors on this release:
+@ackratos, @rickyyangz
+
+**Note**: This release contains security sensitive patches in the `p2p` and
+`crypto` packages:
+- p2p:
+  - Partial fix for MITM attacks on the p2p connection. MITM conditions may
+    still exist. See [\#3010](https://github.com/tendermint/tendermint/issues/3010).
+- crypto:
+  - Eliminate our fork of `btcd` and use the `btcd/btcec` library directly for
+    native secp256k1 signing. Note we still modify the signature encoding to
+    prevent malleability.
+  - Support the libsecp256k1 library via CGo through the `go-ethereum/crypto/secp256k1` package.
+  - Eliminate MixEntropy functions
+
+### BREAKING CHANGES:
+
+* Go API
+  - [crypto] [\#3278](https://github.com/tendermint/tendermint/issues/3278) Remove
+    MixEntropy functions
+  - [types] [\#3245](https://github.com/tendermint/tendermint/issues/3245) Commit uses `type CommitSig Vote` instead of `Vote` directly.
+    In preparation for removing redundant fields from the commit [\#1648](https://github.com/tendermint/tendermint/issues/1648)
+
+### IMPROVEMENTS:
+- [consensus] [\#3246](https://github.com/tendermint/tendermint/issues/3246) Better logging and notes on recovery for corrupted WAL file
+- [crypto] [\#3163](https://github.com/tendermint/tendermint/issues/3163) Use ethereum's libsecp256k1 go-wrapper for signatures when cgo is available
+- [crypto] [\#3162](https://github.com/tendermint/tendermint/issues/3162) Wrap btcd instead of forking it to keep up with fixes (used if cgo is not available)
+- [makefile] [\#3233](https://github.com/tendermint/tendermint/issues/3233) Use golangci-lint instead of go-metalinter
+- [tools] [\#3218](https://github.com/tendermint/tendermint/issues/3218) Add go-deadlock tool to help detect deadlocks
+- [tools] [\#3106](https://github.com/tendermint/tendermint/issues/3106) Add tm-signer-harness test harness for remote signers
+- [tests] [\#3258](https://github.com/tendermint/tendermint/issues/3258) Fixed a bunch of non-deterministic test failures
+
+### BUG FIXES:
+- [node] [\#3186](https://github.com/tendermint/tendermint/issues/3186) EventBus and indexerService should be started before first block (for replay last block on handshake) execution (@ackratos)
+- [p2p] [\#3232](https://github.com/tendermint/tendermint/issues/3232) Fix infinite loop leading to addrbook deadlock for seed nodes
+- [p2p] [\#3247](https://github.com/tendermint/tendermint/issues/3247) Fix panic in SeedMode when calling FlushStop and OnStop
+  concurrently
+- [p2p] [\#3040](https://github.com/tendermint/tendermint/issues/3040) Fix MITM on secret connection by checking low-order points
+- [privval] [\#3258](https://github.com/tendermint/tendermint/issues/3258) Fix race between sign requests and ping requests in socket that was causing messages to be corrupted
+
+## v0.29.1
+
+*January 24, 2019*
+
+Special thanks to external contributors on this release:
+@infinytum, @gauthamzz
+
+This release contains two important fixes: one for p2p layer where we sometimes
+were not closing connections and one for consensus layer where consensus with
+no empty blocks (`create_empty_blocks = false`) could halt.
+
+Friendly reminder, we have a [bug bounty
+program](https://hackerone.com/tendermint).
+
+### IMPROVEMENTS:
+- [pex] [\#3037](https://github.com/tendermint/tendermint/issues/3037) Only log "Reached max attempts to dial" once
+- [rpc] [\#3159](https://github.com/tendermint/tendermint/issues/3159) Expose
+  `triggered_timeout_commit` in the `/dump_consensus_state`
+
+### BUG FIXES:
+- [consensus] [\#3199](https://github.com/tendermint/tendermint/issues/3199) Fix consensus halt with no empty blocks from not resetting triggeredTimeoutCommit
+- [p2p] [\#2967](https://github.com/tendermint/tendermint/issues/2967) Fix file descriptor leak
+
 ## v0.29.0

 *January 21, 2019*
--- a/CHANGELOG_PENDING.md
+++ b/CHANGELOG_PENDING.md
@@ -1,6 +1,6 @@
-## v0.30.0
+## v0.31.0

-*TBD*
+**

 Special thanks to external contributors on this release:

--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -10,12 +10,11 @@
  revision = "3a771d992973f24aa725d07868b467d1ddfceafb"

 [[projects]]
-  branch = "master"
-  digest = "1:c0decf632843204d2b8781de7b26e7038584e2dcccc7e2f401e88ae85b1df2b7"
+  digest = "1:093bf93a65962e8191e3e8cd8fc6c363f83d43caca9739c906531ba7210a9904"
  name = "github.com/btcsuite/btcd"
  packages = ["btcec"]
  pruneopts = "UT"
-  revision = "67e573d211ace594f1366b4ce9d39726c4b19bd0"
+  revision = "ed77733ec07dfc8a513741138419b8d9d3de9d2d"

 [[projects]]
  digest = "1:1d8e1cb71c33a9470bbbae09bfec09db43c6bf358dfcae13cd8807c4e2a9a2bf"
@@ -35,6 +34,14 @@
  revision = "8991bc29aa16c548c550c7ff78260e27b9ab7c73"
  version = "v1.1.1"

+[[projects]]
+  digest = "1:b42be5a3601f833e0b9f2d6625d887ec1309764bfcac3d518f3db425dcd4ec5c"
+  name = "github.com/ethereum/go-ethereum"
+  packages = ["crypto/secp256k1"]
+  pruneopts = "T"
+  revision = "9dc5d1a915ac0e0bd8429d6ac41df50eec91de5f"
+  version = "v1.8.21"
+
 [[projects]]
  digest = "1:544229a3ca0fb2dd5ebc2896d3d2ff7ce096d9751635301e44e37e761349ee70"
  name = "github.com/fortytw2/leaktest"
@@ -360,14 +367,6 @@
  pruneopts = "UT"
  revision = "6b91fda63f2e36186f1c9d0e48578defb69c5d43"

-[[projects]]
-  digest = "1:83f5e189eea2baad419a6a410984514266ff690075759c87e9ede596809bd0b8"
-  name = "github.com/tendermint/btcd"
-  packages = ["btcec"]
-  pruneopts = "UT"
-  revision = "80daadac05d1cd29571fccf27002d79667a88b58"
-  version = "v0.1.1"
-
 [[projects]]
  digest = "1:ad9c4c1a4e7875330b1f62906f2830f043a23edb5db997e3a5ac5d3e6eadf80a"
  name = "github.com/tendermint/go-amino"
@@ -504,8 +503,10 @@
  analyzer-name = "dep"
  analyzer-version = 1
  input-imports = [
+    "github.com/btcsuite/btcd/btcec",
    "github.com/btcsuite/btcutil/base58",
    "github.com/btcsuite/btcutil/bech32",
+    "github.com/ethereum/go-ethereum/crypto/secp256k1",
    "github.com/fortytw2/leaktest",
    "github.com/go-kit/kit/log",
    "github.com/go-kit/kit/log/level",
@@ -535,7 +536,6 @@
    "github.com/syndtr/goleveldb/leveldb/errors",
    "github.com/syndtr/goleveldb/leveldb/iterator",
    "github.com/syndtr/goleveldb/leveldb/opt",
-    "github.com/tendermint/btcd/btcec",
    "github.com/tendermint/go-amino",
    "golang.org/x/crypto/bcrypt",
    "golang.org/x/crypto/chacha20poly1305",
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -75,14 +75,26 @@
  name = "github.com/prometheus/client_golang"
  version = "^0.9.1"

+# we use the secp256k1 implementation:
 [[constraint]]
-  name = "github.com/tendermint/btcd"
-  version = "v0.1.1"
+  name = "github.com/ethereum/go-ethereum"
+  version = "^v1.8.21"
+
+   # Prevent dep from pruning build scripts and codegen templates
+   # note: this leaves the whole go-ethereum package in vendor
+   # can be removed when https://github.com/golang/dep/issues/1847 is resolved
+   [[prune.project]]
+     name = "github.com/ethereum/go-ethereum"
+     unused-packages = false

 ###################################
 ## Some repos dont have releases.
 ## Pin to revision

+[[constraint]]
+  name = "github.com/btcsuite/btcd"
+  revision = "ed77733ec07dfc8a513741138419b8d9d3de9d2d"
+
 [[constraint]]
  name = "golang.org/x/crypto"
  revision = "505ab145d0a99da450461ae2c1a9f6cd10d1f447"
--- a/61
+++ b/61
@@ -1,7 +1,7 @@
 GOTOOLS = \
 	github.com/mitchellh/gox \
 	github.com/golang/dep/cmd/dep \
-	github.com/alecthomas/gometalinter \
+	github.com/golangci/golangci-lint/cmd/golangci-lint \
 	github.com/gogo/protobuf/protoc-gen-gogo \
 	github.com/square/certstrap
 GOBIN?=${GOPATH}/bin
@@ -11,8 +11,6 @@ INCLUDE = -I=. -I=${GOPATH}/src -I=${GOPATH}/src/github.com/gogo/protobuf/protob
 BUILD_TAGS?='tendermint'
 BUILD_FLAGS = -ldflags "-X github.com/tendermint/tendermint/version.GitCommit=`git rev-parse --short=8 HEAD`"

-LINT_FLAGS = --exclude '.*\.pb\.go' --exclude 'vendor/*' --vendor --deadline=600s
-
 all: check build test install

 check: check_tools get_vendor_deps
@@ -82,10 +80,6 @@ get_tools:
 	@echo "--> Installing tools"
 	./scripts/get_tools.sh

-get_dev_tools:
-	@echo "--> Downloading linters (this may take awhile)"
-	$(GOPATH)/src/github.com/alecthomas/gometalinter/scripts/install.sh -b $(GOBIN)
-
 update_tools:
 	@echo "--> Updating tools"
 	./scripts/get_tools.sh
@@ -226,6 +220,22 @@ test_race:
 	@echo "--> Running go test --race"
 	@GOCACHE=off go test -p 1 -v -race $(PACKAGES)

+# uses https://github.com/sasha-s/go-deadlock/ to detect potential deadlocks
+test_with_deadlock:
+	make set_with_deadlock
+	make test
+	make cleanup_after_test_with_deadlock
+
+set_with_deadlock:
+	find . -name "*.go" | grep -v "vendor/" | xargs -n 1 sed -i.bak 's/sync.RWMutex/deadlock.RWMutex/'
+	find . -name "*.go" | grep -v "vendor/" | xargs -n 1 sed -i.bak 's/sync.Mutex/deadlock.Mutex/'
+	find . -name "*.go" | grep -v "vendor/" | xargs -n 1 goimports -w
+
+# cleanes up after you ran test_with_deadlock
+cleanup_after_test_with_deadlock:
+	find . -name "*.go" | grep -v "vendor/" | xargs -n 1 sed -i.bak 's/deadlock.RWMutex/sync.RWMutex/'
+	find . -name "*.go" | grep -v "vendor/" | xargs -n 1 sed -i.bak 's/deadlock.Mutex/sync.Mutex/'
+	find . -name "*.go" | grep -v "vendor/" | xargs -n 1 goimports -w

 ########################################
 ### Formatting, linting, and vetting
@@ -233,38 +243,9 @@ test_race:
 fmt:
 	@go fmt ./...

-metalinter:
+lint:
 	@echo "--> Running linter"
-	@gometalinter $(LINT_FLAGS) --disable-all  \
-		--enable=deadcode \
-		--enable=gosimple \
-	 	--enable=misspell \
-		--enable=safesql \
-		./...
-		#--enable=gas \
-		#--enable=maligned \
-		#--enable=dupl \
-		#--enable=errcheck \
-		#--enable=goconst \
-		#--enable=gocyclo \
-		#--enable=goimports \
-		#--enable=golint \ <== comments on anything exported
-		#--enable=gotype \
-	 	#--enable=ineffassign \
-	   	#--enable=interfacer \
-	   	#--enable=megacheck \
-	   	#--enable=staticcheck \
-	   	#--enable=structcheck \
-	   	#--enable=unconvert \
-	   	#--enable=unparam \
-		#--enable=unused \
-	   	#--enable=varcheck \
-		#--enable=vet \
-		#--enable=vetshadow \
-
-metalinter_all:
-	@echo "--> Running linter (all)"
-	gometalinter $(LINT_FLAGS) --enable-all --disable=lll ./...
+	@golangci-lint run

 DESTINATION = ./index.html.md

@@ -288,7 +269,7 @@ build-docker:
 ### Local testnet using docker

 # Build linux binary on other platforms
-build-linux:
+build-linux: get_tools get_vendor_deps
 	GOOS=linux GOARCH=amd64 $(MAKE) build

 build-docker-localnode:
@@ -330,4 +311,4 @@ build-slate:
 # To avoid unintended conflicts with file names, always add to .PHONY
 # unless there is a reason not to.
 # https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html
-.PHONY: check build build_race build_abci dist install install_abci check_dep check_tools get_tools get_dev_tools update_tools get_vendor_deps draw_deps get_protoc protoc_abci protoc_libs gen_certs clean_certs grpc_dbserver test_cover test_apps test_persistence test_p2p test test_race test_integrations test_release test100 vagrant_test fmt rpc-docs build-linux localnet-start localnet-stop build-docker build-docker-localnode sentry-start sentry-config sentry-stop build-slate protoc_grpc protoc_all build_c install_c
+.PHONY: check build build_race build_abci dist install install_abci check_dep check_tools get_tools update_tools get_vendor_deps draw_deps get_protoc protoc_abci protoc_libs gen_certs clean_certs grpc_dbserver test_cover test_apps test_persistence test_p2p test test_race test_integrations test_release test100 vagrant_test fmt rpc-docs build-linux localnet-start localnet-stop build-docker build-docker-localnode sentry-start sentry-config sentry-stop build-slate protoc_grpc protoc_all build_c install_c test_with_deadlock cleanup_after_test_with_deadlock lint
--- a/PHILOSOPHY.md
+++ b/PHILOSOPHY.md
@@ -0,0 +1,158 @@
+## Design goals
+
+The design goals for Tendermint (and the SDK and related libraries) are:
+
+ * Simplicity and Legibility
+ * Parallel performance, namely ability to utilize multicore architecture
+ * Ability to evolve the codebase bug-free
+ * Debuggability
+ * Complete correctness that considers all edge cases, esp in concurrency
+ * Future-proof modular architecture, message protocol, APIs, and encapsulation
+
+
+### Justification
+
+Legibility is key to maintaining bug-free software as it evolves toward more
+optimizations, more ease of debugging, and additional features.
+
+It is too easy to introduce bugs over time by replacing lines of code with
+those that may panic, which means ideally locks are unlocked by defer
+statements.
+
+For example,
+
+```go
+func (obj *MyObj) something() {
+	mtx.Lock()
+	obj.something = other
+	mtx.Unlock()
+}
+```
+
+It is too easy to refactor the codebase in the future to replace `other` with
+`other.String()` for example, and this may introduce a bug that causes a
+deadlock.  So as much as reasonably possible, we need to be using defer
+statements, even though it introduces additional overhead.
+
+If it is necessary to optimize the unlocking of mutex locks, the solution is
+more modularity via smaller functions, so that defer'd unlocks are scoped
+within a smaller function.
+
+Similarly, idiomatic for-loops should always be preferred over those that use
+custom counters, because it is too easy to evolve the body of a for-loop to
+become more complicated over time, and it becomes more and more difficult to
+assess the correctness of such a for-loop by visual inspection.
+
+
+### On performance
+
+It doesn't matter whether there are alternative implementations that are 2x or
+3x more performant, when the software doesn't work, deadlocks, or if bugs
+cannot be debugged.  By taking advantage of multicore concurrency, the
+Tendermint implementation will at least be an order of magnitude within the
+range of what is theoretically possible.  The design philosophy of Tendermint,
+and the choice of Go as implementation language, is designed to make Tendermint
+implementation the standard specification for concurrent BFT software.
+
+By focusing on the message protocols (e.g. ABCI, p2p messages), and
+encapsulation e.g. IAVL module, (relatively) independent reactors, we are both
+implementing a standard implementation to be used as the specification for
+future implementations in more optimizable languages like Rust, Java, and C++;
+as well as creating sufficiently performant software. Tendermint Core will
+never be as fast as future implementations of the Tendermint Spec, because Go
+isn't designed to be as fast as possible.  The advantage of using Go is that we
+can develop the whole stack of modular components **faster** than in other
+languages.
+
+Furthermore, the real bottleneck is in the application layer, and it isn't
+necessary to support more than a sufficiently decentralized set of validators
+(e.g. 100 ~ 300 validators is sufficient, with delegated bonded PoS).
+
+Instead of optimizing Tendermint performance down to the metal, lets focus on
+optimizing on other matters, namely ability to push feature complete software
+that works well enough, can be debugged and maintained, and can serve as a spec
+for future implementations.
+
+
+### On encapsulation
+
+In order to create maintainable, forward-optimizable software, it is critical
+to develop well-encapsulated objects that have well understood properties, and
+to re-use these easy-to-use-correctly components as building blocks for further
+encapsulated meta-objects.
+
+For example, mutexes are cheap enough for Tendermint's design goals when there
+isn't goroutine contention, so it is encouraged to create concurrency safe
+structures with struct-level mutexes.  If they are used in the context of
+non-concurrent logic, then the performance is good enough.  If they are used in
+the context of concurrent logic, then it will still perform correctly.
+
+Examples of this design principle can be seen in the types.ValidatorSet struct,
+and the cmn.Rand struct.  It's one single struct declaration that can be used
+in both concurrent and non-concurrent logic, and due to its well encapsulation,
+it's easy to get the usage of the mutex right.
+
+#### example: cmn.Rand:
+
+`The default Source is safe for concurrent use by multiple goroutines, but
+Sources created by NewSource are not`.  The reason why the default
+package-level source is safe for concurrent use is because it is protected (see
+`lockedSource` in https://golang.org/src/math/rand/rand.go).
+
+But we shouldn't rely on the global source, we should be creating our own
+Rand/Source instances and using them, especially for determinism in testing.
+So it is reasonable to have cmn.Rand be protected by a mutex.  Whether we want
+our own implementation of Rand is another question, but the answer there is
+also in the affirmative.  Sometimes you want to know where Rand is being used
+in your code, so it becomes a simple matter of dropping in a log statement to
+inject inspectability into Rand usage.  Also, it is nice to be able to extend
+the functionality of Rand with custom methods.  For these reasons, and for the
+reasons which is outlined in this design philosophy document, we should
+continue to use the cmn.Rand object, with mutex protection.
+
+Another key aspect of good encapsulation is the choice of exposed vs unexposed
+methods.  It should be clear to the reader of the code, which methods are
+intended to be used in what context, and what safe usage is.  Part of this is
+solved by hiding methods via unexported methods.  Another part of this is
+naming conventions on the methods (e.g. underscores) with good documentation,
+and code organization.  If there are too many exposed methods and it isn't
+clear what methods have what side effects, then there is something wrong about
+the design of abstractions that should be revisited.
+
+
+### On concurrency
+
+In order for Tendermint to remain relevant in the years to come, it is vital
+for Tendermint to take advantage of multicore architectures.  Due to the nature
+of the problem, namely consensus across a concurrent p2p gossip network, and to
+handle RPC requests for a large number of consuming subscribers, it is
+unavoidable for Tendermint development to require expertise in concurrency
+design, especially when it comes to the reactor design, and also for RPC
+request handling.
+
+
+## Guidelines
+
+Here are some guidelines for designing for (sufficient) performance and concurrency:
+
+ * Mutex locks are cheap enough when there isn't contention.
+ * Do not optimize code without analytical or observed proof that it is in a hot path.
+ * Don't over-use channels when mutex locks w/ encapsulation are sufficient.
+ * The need to drain channels are often a hint of unconsidered edge cases.
+ * The creation of O(N) one-off goroutines is generally technical debt that
+   needs to get addressed sooner than later.  Avoid creating too many
+goroutines as a patch around incomplete concurrency design, or at least be
+aware of the debt and do not invest in the debt.  On the other hand, Tendermint
+is designed to have a limited number of peers (e.g. 10 or 20), so the creation
+of O(C) goroutines per O(P) peers is still O(C\*P=constant).
+  * Use defer statements to unlock as much as possible.  If you want to unlock sooner,
+    try to create more modular functions that do make use of defer statements.
+
+## Matras
+
+* Premature optimization kills
+* Readability is paramount
+* Beautiful is better than fast.
+* In the face of ambiguity, refuse the temptation to guess.
+* In the face of bugs, refuse the temptation to cover the bug.
+* There should be one-- and preferably only one --obvious way to do it.
--- a/README.md
+++ b/README.md
@@ -96,6 +96,7 @@ include the in-process Go APIs.
 That said, breaking changes in the following packages will be documented in the
 CHANGELOG even if they don't lead to MINOR version bumps:

+- crypto
 - types
 - rpc/client
 - config
--- a/UPGRADING.md
+++ b/UPGRADING.md
@@ -3,6 +3,29 @@
 This guide provides steps to be followed when you upgrade your applications to
 a newer version of Tendermint Core.

+## v0.30.0
+
+This release contains a breaking change to both the block and p2p protocols,
+however it may be compatible with blockchains created with v0.29.0 depending on
+the chain history. If your blockchain has not included any pieces of evidence,
+or no piece of evidence has been included in more than one block,
+and if your application has never returned multiple updates
+for the same validator in a single block, then v0.30.0 will work fine with
+blockchains created with v0.29.0.
+
+The p2p protocol change is to fix the proposer selection algorithm again.
+Note that proposer selection is purely a p2p concern right
+now since the algorithm is only relevant during real time consensus.
+This change is thus compatible with v0.29.0, but
+all nodes must be upgraded to avoid disagreements on the proposer.
+
+### Applications
+
+Applications must ensure they do not return duplicates in
+`ResponseEndBlock.ValidatorUpdates`. A pubkey must only appear once per set of
+updates. Duplicates will cause irrecoverable failure. If you have a very good
+reason why we shouldn't do this, please open an issue.
+
 ## v0.29.0

 This release contains some breaking changes to the block and p2p protocols,
--- a/2
+++ b/2
@@ -53,6 +53,6 @@ Vagrant.configure("2") do |config|

    # get all deps and tools, ready to install/test
    su - vagrant  -c 'source /home/vagrant/.bash_profile'
-    su - vagrant -c 'cd /home/vagrant/go/src/github.com/tendermint/tendermint && make get_tools && make get_dev_tools && make get_vendor_deps'
+    su - vagrant -c 'cd /home/vagrant/go/src/github.com/tendermint/tendermint && make get_tools && make get_vendor_deps'
  SHELL
 end
--- a/abci/client/grpc_client.go
+++ b/abci/client/grpc_client.go
@@ -129,7 +129,7 @@ func (cli *grpcClient) EchoAsync(msg string) *ReqRes {
 	if err != nil {
 		cli.StopForError(err)
 	}
-	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_Echo{res}})
+	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_Echo{Echo: res}})
 }

 func (cli *grpcClient) FlushAsync() *ReqRes {
@@ -138,7 +138,7 @@ func (cli *grpcClient) FlushAsync() *ReqRes {
 	if err != nil {
 		cli.StopForError(err)
 	}
-	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_Flush{res}})
+	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_Flush{Flush: res}})
 }

 func (cli *grpcClient) InfoAsync(params types.RequestInfo) *ReqRes {
@@ -147,7 +147,7 @@ func (cli *grpcClient) InfoAsync(params types.RequestInfo) *ReqRes {
 	if err != nil {
 		cli.StopForError(err)
 	}
-	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_Info{res}})
+	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_Info{Info: res}})
 }

 func (cli *grpcClient) SetOptionAsync(params types.RequestSetOption) *ReqRes {
@@ -156,7 +156,7 @@ func (cli *grpcClient) SetOptionAsync(params types.RequestSetOption) *ReqRes {
 	if err != nil {
 		cli.StopForError(err)
 	}
-	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_SetOption{res}})
+	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_SetOption{SetOption: res}})
 }

 func (cli *grpcClient) DeliverTxAsync(tx []byte) *ReqRes {
@@ -165,7 +165,7 @@ func (cli *grpcClient) DeliverTxAsync(tx []byte) *ReqRes {
 	if err != nil {
 		cli.StopForError(err)
 	}
-	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_DeliverTx{res}})
+	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_DeliverTx{DeliverTx: res}})
 }

 func (cli *grpcClient) CheckTxAsync(tx []byte) *ReqRes {
@@ -174,7 +174,7 @@ func (cli *grpcClient) CheckTxAsync(tx []byte) *ReqRes {
 	if err != nil {
 		cli.StopForError(err)
 	}
-	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_CheckTx{res}})
+	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_CheckTx{CheckTx: res}})
 }

 func (cli *grpcClient) QueryAsync(params types.RequestQuery) *ReqRes {
@@ -183,7 +183,7 @@ func (cli *grpcClient) QueryAsync(params types.RequestQuery) *ReqRes {
 	if err != nil {
 		cli.StopForError(err)
 	}
-	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_Query{res}})
+	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_Query{Query: res}})
 }

 func (cli *grpcClient) CommitAsync() *ReqRes {
@@ -192,7 +192,7 @@ func (cli *grpcClient) CommitAsync() *ReqRes {
 	if err != nil {
 		cli.StopForError(err)
 	}
-	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_Commit{res}})
+	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_Commit{Commit: res}})
 }

 func (cli *grpcClient) InitChainAsync(params types.RequestInitChain) *ReqRes {
@@ -201,7 +201,7 @@ func (cli *grpcClient) InitChainAsync(params types.RequestInitChain) *ReqRes {
 	if err != nil {
 		cli.StopForError(err)
 	}
-	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_InitChain{res}})
+	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_InitChain{InitChain: res}})
 }

 func (cli *grpcClient) BeginBlockAsync(params types.RequestBeginBlock) *ReqRes {
@@ -210,7 +210,7 @@ func (cli *grpcClient) BeginBlockAsync(params types.RequestBeginBlock) *ReqRes {
 	if err != nil {
 		cli.StopForError(err)
 	}
-	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_BeginBlock{res}})
+	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_BeginBlock{BeginBlock: res}})
 }

 func (cli *grpcClient) EndBlockAsync(params types.RequestEndBlock) *ReqRes {
@@ -219,7 +219,7 @@ func (cli *grpcClient) EndBlockAsync(params types.RequestEndBlock) *ReqRes {
 	if err != nil {
 		cli.StopForError(err)
 	}
-	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_EndBlock{res}})
+	return cli.finishAsyncCall(req, &types.Response{Value: &types.Response_EndBlock{EndBlock: res}})
 }

 func (cli *grpcClient) finishAsyncCall(req *types.Request, res *types.Response) *ReqRes {
--- a/abci/cmd/abci-cli/abci-cli.go
+++ b/abci/cmd/abci-cli/abci-cli.go
@@ -394,7 +394,6 @@ func cmdConsole(cmd *cobra.Command, args []string) error {
 			return err
 		}
 	}
-	return nil
 }

 func muxOnCommands(cmd *cobra.Command, pArgs []string) error {
--- a/abci/types/messages_test.go
+++ b/abci/types/messages_test.go
@@ -83,7 +83,7 @@ func TestWriteReadMessage2(t *testing.T) {
 			Log:       phrase,
 			GasWanted: 10,
 			Tags: []cmn.KVPair{
-				cmn.KVPair{Key: []byte("abc"), Value: []byte("def")},
+				{Key: []byte("abc"), Value: []byte("def")},
 			},
 		},
 		// TODO: add the rest
--- a/benchmarks/codec_test.go
+++ b/benchmarks/codec_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 	"time"

-	"github.com/tendermint/go-amino"
+	amino "github.com/tendermint/go-amino"

 	proto "github.com/tendermint/tendermint/benchmarks/proto"
 	"github.com/tendermint/tendermint/crypto/ed25519"
--- a/blockchain/pool.go
+++ b/blockchain/pool.go
@@ -363,7 +363,8 @@ func (pool *BlockPool) sendError(err error, peerID p2p.ID) {
 	pool.errorsCh <- peerError{err, peerID}
 }

-// unused by tendermint; left for debugging purposes
+// for debugging purposes
+//nolint:unused
 func (pool *BlockPool) debug() string {
 	pool.mtx.Lock()
 	defer pool.mtx.Unlock()
--- a/blockchain/reactor.go
+++ b/blockchain/reactor.go
@@ -8,7 +8,6 @@ import (

 	amino "github.com/tendermint/go-amino"

-	cmn "github.com/tendermint/tendermint/libs/common"
 	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/p2p"
 	sm "github.com/tendermint/tendermint/state"
@@ -302,7 +301,7 @@ FOR_LOOP:

 			firstParts := first.MakePartSet(types.BlockPartSizeBytes)
 			firstPartsHeader := firstParts.Header()
-			firstID := types.BlockID{first.Hash(), firstPartsHeader}
+			firstID := types.BlockID{Hash: first.Hash(), PartsHeader: firstPartsHeader}
 			// Finally, verify the first block using the second's commit
 			// NOTE: we can probably make this more efficient, but note that calling
 			// first.Hash() doesn't verify the tx contents, so MakePartSet() is
@@ -338,8 +337,7 @@ FOR_LOOP:
 				state, err = bcR.blockExec.ApplyBlock(state, firstID, first)
 				if err != nil {
 					// TODO This is bad, are we zombie?
-					cmn.PanicQ(fmt.Sprintf("Failed to process committed block (%d:%X): %v",
-						first.Height, first.Hash(), err))
+					panic(fmt.Sprintf("Failed to process committed block (%d:%X): %v", first.Height, first.Hash(), err))
 				}
 				blocksSynced++

--- a/blockchain/reactor_test.go
+++ b/blockchain/reactor_test.go
@@ -1,6 +1,7 @@
 package blockchain

 import (
+	"os"
 	"sort"
 	"testing"
 	"time"
@@ -95,13 +96,13 @@ func newBlockchainReactor(logger log.Logger, genDoc *types.GenesisDoc, privVals

 	// let's add some blocks in
 	for blockHeight := int64(1); blockHeight <= maxBlockHeight; blockHeight++ {
-		lastCommit := &types.Commit{}
+		lastCommit := types.NewCommit(types.BlockID{}, nil)
 		if blockHeight > 1 {
 			lastBlockMeta := blockStore.LoadBlockMeta(blockHeight - 1)
 			lastBlock := blockStore.LoadBlock(blockHeight - 1)

-			vote := makeVote(&lastBlock.Header, lastBlockMeta.BlockID, state.Validators, privVals[0])
-			lastCommit = &types.Commit{Precommits: []*types.Vote{vote}, BlockID: lastBlockMeta.BlockID}
+			vote := makeVote(&lastBlock.Header, lastBlockMeta.BlockID, state.Validators, privVals[0]).CommitSig()
+			lastCommit = types.NewCommit(lastBlockMeta.BlockID, []*types.CommitSig{vote})
 		}

 		thisBlock := makeBlock(blockHeight, state, lastCommit)
@@ -125,6 +126,7 @@ func newBlockchainReactor(logger log.Logger, genDoc *types.GenesisDoc, privVals

 func TestNoBlockResponse(t *testing.T) {
 	config = cfg.ResetTestRoot("blockchain_reactor_test")
+	defer os.RemoveAll(config.RootDir)
 	genDoc, privVals := randGenesisDoc(1, false, 30)

 	maxBlockHeight := int64(65)
@@ -184,6 +186,7 @@ func TestNoBlockResponse(t *testing.T) {
 // that seems extreme.
 func TestBadBlockStopsPeer(t *testing.T) {
 	config = cfg.ResetTestRoot("blockchain_reactor_test")
+	defer os.RemoveAll(config.RootDir)
 	genDoc, privVals := randGenesisDoc(1, false, 30)

 	maxBlockHeight := int64(148)
--- a/blockchain/store_test.go
+++ b/blockchain/store_test.go
@@ -3,9 +3,11 @@ package blockchain
 import (
 	"bytes"
 	"fmt"
+	"os"
 	"runtime/debug"
 	"strings"
 	"testing"
+	"time"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -20,7 +22,17 @@ import (
 	tmtime "github.com/tendermint/tendermint/types/time"
 )

-func makeStateAndBlockStore(logger log.Logger) (sm.State, *BlockStore) {
+// A cleanupFunc cleans up any config / test files created for a particular
+// test.
+type cleanupFunc func()
+
+// make a Commit with a single vote containing just the height and a timestamp
+func makeTestCommit(height int64, timestamp time.Time) *types.Commit {
+	commitSigs := []*types.CommitSig{{Height: height, Timestamp: timestamp}}
+	return types.NewCommit(types.BlockID{}, commitSigs)
+}
+
+func makeStateAndBlockStore(logger log.Logger) (sm.State, *BlockStore, cleanupFunc) {
 	config := cfg.ResetTestRoot("blockchain_reactor_test")
 	// blockDB := dbm.NewDebugDB("blockDB", dbm.NewMemDB())
 	// stateDB := dbm.NewDebugDB("stateDB", dbm.NewMemDB())
@@ -30,7 +42,7 @@ func makeStateAndBlockStore(logger log.Logger) (sm.State, *BlockStore) {
 	if err != nil {
 		panic(cmn.ErrorWrap(err, "error constructing state from genesis file"))
 	}
-	return state, NewBlockStore(blockDB)
+	return state, NewBlockStore(blockDB), func() { os.RemoveAll(config.RootDir) }
 }

 func TestLoadBlockStoreStateJSON(t *testing.T) {
@@ -80,20 +92,32 @@ func freshBlockStore() (*BlockStore, db.DB) {
 }

 var (
-	state, _ = makeStateAndBlockStore(log.NewTMLogger(new(bytes.Buffer)))
-
-	block       = makeBlock(1, state, new(types.Commit))
-	partSet     = block.MakePartSet(2)
-	part1       = partSet.GetPart(0)
-	part2       = partSet.GetPart(1)
-	seenCommit1 = &types.Commit{Precommits: []*types.Vote{{Height: 10,
-		Timestamp: tmtime.Now()}}}
+	state       sm.State
+	block       *types.Block
+	partSet     *types.PartSet
+	part1       *types.Part
+	part2       *types.Part
+	seenCommit1 *types.Commit
 )

+func TestMain(m *testing.M) {
+	var cleanup cleanupFunc
+	state, _, cleanup = makeStateAndBlockStore(log.NewTMLogger(new(bytes.Buffer)))
+	block = makeBlock(1, state, new(types.Commit))
+	partSet = block.MakePartSet(2)
+	part1 = partSet.GetPart(0)
+	part2 = partSet.GetPart(1)
+	seenCommit1 = makeTestCommit(10, tmtime.Now())
+	code := m.Run()
+	cleanup()
+	os.Exit(code)
+}
+
 // TODO: This test should be simplified ...

 func TestBlockStoreSaveLoadBlock(t *testing.T) {
-	state, bs := makeStateAndBlockStore(log.NewTMLogger(new(bytes.Buffer)))
+	state, bs, cleanup := makeStateAndBlockStore(log.NewTMLogger(new(bytes.Buffer)))
+	defer cleanup()
 	require.Equal(t, bs.Height(), int64(0), "initially the height should be zero")

 	// check there are no blocks at various heights
@@ -107,8 +131,7 @@ func TestBlockStoreSaveLoadBlock(t *testing.T) {
 	// save a block
 	block := makeBlock(bs.Height()+1, state, new(types.Commit))
 	validPartSet := block.MakePartSet(2)
-	seenCommit := &types.Commit{Precommits: []*types.Vote{{Height: 10,
-		Timestamp: tmtime.Now()}}}
+	seenCommit := makeTestCommit(10, tmtime.Now())
 	bs.SaveBlock(block, partSet, seenCommit)
 	require.Equal(t, bs.Height(), block.Header.Height, "expecting the new height to be changed")

@@ -127,8 +150,7 @@ func TestBlockStoreSaveLoadBlock(t *testing.T) {

 	// End of setup, test data

-	commitAtH10 := &types.Commit{Precommits: []*types.Vote{{Height: 10,
-		Timestamp: tmtime.Now()}}}
+	commitAtH10 := makeTestCommit(10, tmtime.Now())
 	tuples := []struct {
 		block      *types.Block
 		parts      *types.PartSet
@@ -346,14 +368,13 @@ func TestLoadBlockMeta(t *testing.T) {
 }

 func TestBlockFetchAtHeight(t *testing.T) {
-	state, bs := makeStateAndBlockStore(log.NewTMLogger(new(bytes.Buffer)))
+	state, bs, cleanup := makeStateAndBlockStore(log.NewTMLogger(new(bytes.Buffer)))
+	defer cleanup()
 	require.Equal(t, bs.Height(), int64(0), "initially the height should be zero")
 	block := makeBlock(bs.Height()+1, state, new(types.Commit))

 	partSet := block.MakePartSet(2)
-	seenCommit := &types.Commit{Precommits: []*types.Vote{{Height: 10,
-		Timestamp: tmtime.Now()}}}
-
+	seenCommit := makeTestCommit(10, tmtime.Now())
 	bs.SaveBlock(block, partSet, seenCommit)
 	require.Equal(t, bs.Height(), block.Header.Height, "expecting the new height to be changed")

--- a/blockchain/wire.go
+++ b/blockchain/wire.go
@@ -1,7 +1,7 @@
 package blockchain

 import (
-	"github.com/tendermint/go-amino"
+	amino "github.com/tendermint/go-amino"
 	"github.com/tendermint/tendermint/types"
 )

--- a/cmd/tendermint/commands/reset_priv_validator.go
+++ b/cmd/tendermint/commands/reset_priv_validator.go
@@ -61,7 +61,7 @@ func resetFilePV(privValKeyFile, privValStateFile string, logger log.Logger) {
 	} else {
 		pv := privval.GenFilePV(privValKeyFile, privValStateFile)
 		pv.Save()
-		logger.Info("Generated private validator file", "file", "keyFile", privValKeyFile,
+		logger.Info("Generated private validator file", "keyFile", privValKeyFile,
 			"stateFile", privValStateFile)
 	}
 }
--- a/cmd/tendermint/commands/root_test.go
+++ b/cmd/tendermint/commands/root_test.go
@@ -22,10 +22,6 @@ var (
 	defaultRoot = os.ExpandEnv("$HOME/.some/test/dir")
 )

-const (
-	rootName = "root"
-)
-
 // clearConfig clears env vars, the given root dir, and resets viper.
 func clearConfig(dir string) {
 	if err := os.Unsetenv("TMHOME"); err != nil {
--- a/cmd/tendermint/commands/run_node.go
+++ b/cmd/tendermint/commands/run_node.go
@@ -77,8 +77,6 @@ func NewRunNodeCmd(nodeProvider nm.NodeProvider) *cobra.Command {

 			// Run forever
 			select {}
-
-			return nil
 		},
 	}

--- a/cmd/tendermint/commands/show_node_id.go
+++ b/cmd/tendermint/commands/show_node_id.go
@@ -16,12 +16,11 @@ var ShowNodeIDCmd = &cobra.Command{
 }

 func showNodeID(cmd *cobra.Command, args []string) error {
-
 	nodeKey, err := p2p.LoadNodeKey(config.NodeKeyFile())
 	if err != nil {
 		return err
 	}
-	fmt.Println(nodeKey.ID())

+	fmt.Println(nodeKey.ID())
 	return nil
 }
--- a/cmd/tendermint/commands/show_validator.go
+++ b/cmd/tendermint/commands/show_validator.go
@@ -3,8 +3,10 @@ package commands
 import (
 	"fmt"

+	"github.com/pkg/errors"
 	"github.com/spf13/cobra"

+	cmn "github.com/tendermint/tendermint/libs/common"
 	"github.com/tendermint/tendermint/privval"
 )

@@ -12,11 +14,21 @@ import (
 var ShowValidatorCmd = &cobra.Command{
 	Use:   "show_validator",
 	Short: "Show this node's validator info",
-	Run:   showValidator,
+	RunE:  showValidator,
 }

-func showValidator(cmd *cobra.Command, args []string) {
-	privValidator := privval.LoadOrGenFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile())
-	pubKeyJSONBytes, _ := cdc.MarshalJSON(privValidator.GetPubKey())
-	fmt.Println(string(pubKeyJSONBytes))
+func showValidator(cmd *cobra.Command, args []string) error {
+	keyFilePath := config.PrivValidatorKeyFile()
+	if !cmn.FileExists(keyFilePath) {
+		return fmt.Errorf("private validator file %s does not exist", keyFilePath)
+	}
+
+	pv := privval.LoadFilePV(keyFilePath, config.PrivValidatorStateFile())
+	bz, err := cdc.MarshalJSON(pv.GetPubKey())
+	if err != nil {
+		return errors.Wrap(err, "failed to marshal private validator pubkey")
+	}
+
+	fmt.Println(string(bz))
+	return nil
 }
--- a/cmd/tendermint/commands/wire.go
+++ b/cmd/tendermint/commands/wire.go
@@ -1,7 +1,7 @@
 package commands

 import (
-	"github.com/tendermint/go-amino"
+	amino "github.com/tendermint/go-amino"
 	cryptoAmino "github.com/tendermint/tendermint/crypto/encoding/amino"
 )

--- a/config/toml.go
+++ b/config/toml.go
@@ -2,13 +2,17 @@ package config

 import (
 	"bytes"
-	"os"
+	"fmt"
+	"io/ioutil"
 	"path/filepath"
 	"text/template"

 	cmn "github.com/tendermint/tendermint/libs/common"
 )

+// DefaultDirPerm is the default permissions used when creating directories.
+const DefaultDirPerm = 0700
+
 var configTemplate *template.Template

 func init() {
@@ -23,13 +27,13 @@ func init() {
 // EnsureRoot creates the root, config, and data directories if they don't exist,
 // and panics if it fails.
 func EnsureRoot(rootDir string) {
-	if err := cmn.EnsureDir(rootDir, 0700); err != nil {
+	if err := cmn.EnsureDir(rootDir, DefaultDirPerm); err != nil {
 		cmn.PanicSanity(err.Error())
 	}
-	if err := cmn.EnsureDir(filepath.Join(rootDir, defaultConfigDir), 0700); err != nil {
+	if err := cmn.EnsureDir(filepath.Join(rootDir, defaultConfigDir), DefaultDirPerm); err != nil {
 		cmn.PanicSanity(err.Error())
 	}
-	if err := cmn.EnsureDir(filepath.Join(rootDir, defaultDataDir), 0700); err != nil {
+	if err := cmn.EnsureDir(filepath.Join(rootDir, defaultDataDir), DefaultDirPerm); err != nil {
 		cmn.PanicSanity(err.Error())
 	}

@@ -317,29 +321,21 @@ namespace = "{{ .Instrumentation.Namespace }}"
 /****** these are for test settings ***********/

 func ResetTestRoot(testName string) *Config {
-	rootDir := os.ExpandEnv("$HOME/.tendermint_test")
-	rootDir = filepath.Join(rootDir, testName)
-	// Remove ~/.tendermint_test_bak
-	if cmn.FileExists(rootDir + "_bak") {
-		if err := os.RemoveAll(rootDir + "_bak"); err != nil {
-			cmn.PanicSanity(err.Error())
-		}
+	return ResetTestRootWithChainID(testName, "")
+}
+
+func ResetTestRootWithChainID(testName string, chainID string) *Config {
+	// create a unique, concurrency-safe test directory under os.TempDir()
+	rootDir, err := ioutil.TempDir("", fmt.Sprintf("%s-%s_", chainID, testName))
+	if err != nil {
+		panic(err)
 	}
-	// Move ~/.tendermint_test to ~/.tendermint_test_bak
-	if cmn.FileExists(rootDir) {
-		if err := os.Rename(rootDir, rootDir+"_bak"); err != nil {
-			cmn.PanicSanity(err.Error())
-		}
+	// ensure config and data subdirs are created
+	if err := cmn.EnsureDir(filepath.Join(rootDir, defaultConfigDir), DefaultDirPerm); err != nil {
+		panic(err)
 	}
-	// Create new dir
-	if err := cmn.EnsureDir(rootDir, 0700); err != nil {
-		cmn.PanicSanity(err.Error())
-	}
-	if err := cmn.EnsureDir(filepath.Join(rootDir, defaultConfigDir), 0700); err != nil {
-		cmn.PanicSanity(err.Error())
-	}
-	if err := cmn.EnsureDir(filepath.Join(rootDir, defaultDataDir), 0700); err != nil {
-		cmn.PanicSanity(err.Error())
+	if err := cmn.EnsureDir(filepath.Join(rootDir, defaultDataDir), DefaultDirPerm); err != nil {
+		panic(err)
 	}

 	baseConfig := DefaultBaseConfig()
@@ -353,6 +349,10 @@ func ResetTestRoot(testName string) *Config {
 		writeDefaultConfigFile(configFilePath)
 	}
 	if !cmn.FileExists(genesisFilePath) {
+		if chainID == "" {
+			chainID = "tendermint_test"
+		}
+		testGenesis := fmt.Sprintf(testGenesisFmt, chainID)
 		cmn.MustWriteFile(genesisFilePath, []byte(testGenesis), 0644)
 	}
 	// we always overwrite the priv val
@@ -363,9 +363,9 @@ func ResetTestRoot(testName string) *Config {
 	return config
 }

-var testGenesis = `{
+var testGenesisFmt = `{
  "genesis_time": "2018-10-10T08:20:13.695936996Z",
-  "chain_id": "tendermint_test",
+  "chain_id": "%s",
  "validators": [
    {
      "pub_key": {
--- a/config/toml_test.go
+++ b/config/toml_test.go
@@ -48,6 +48,7 @@ func TestEnsureTestRoot(t *testing.T) {

 	// create root dir
 	cfg := ResetTestRoot(testName)
+	defer os.RemoveAll(cfg.RootDir)
 	rootDir := cfg.RootDir

 	// make sure config is set properly
--- a/consensus/byzantine_test.go
+++ b/consensus/byzantine_test.go
@@ -13,10 +13,6 @@ import (
 	"github.com/tendermint/tendermint/types"
 )

-func init() {
-	config = ResetConfig("consensus_byzantine_test")
-}
-
 //----------------------------------------------
 // byzantine failures

@@ -29,7 +25,8 @@ func init() {
 func TestByzantine(t *testing.T) {
 	N := 4
 	logger := consensusLogger().With("test", "byzantine")
-	css := randConsensusNet(N, "consensus_byzantine_test", newMockTickerFunc(false), newCounter)
+	css, cleanup := randConsensusNet(N, "consensus_byzantine_test", newMockTickerFunc(false), newCounter)
+	defer cleanup()

 	// give the byzantine validator a normal ticker
 	ticker := NewTimeoutTicker()
@@ -76,8 +73,7 @@ func TestByzantine(t *testing.T) {
 		conR.SetLogger(logger.With("validator", i))
 		conR.SetEventBus(eventBus)

-		var conRI p2p.Reactor // nolint: gotype, gosimple
-		conRI = conR
+		var conRI p2p.Reactor = conR

 		// make first val byzantine
 		if i == 0 {
--- a/consensus/common_test.go
+++ b/consensus/common_test.go
@@ -37,8 +37,13 @@ const (
 	testSubscriber = "test-client"
 )

+// A cleanupFunc cleans up any config / test files created for a particular
+// test.
+type cleanupFunc func()
+
 // genesis, chain_id, priv_val
 var config *cfg.Config // NOTE: must be reset for each _test.go file
+var consensusReplayConfig *cfg.Config
 var ensureTimeout = time.Millisecond * 100

 func ensureDir(dir string, mode os.FileMode) {
@@ -124,15 +129,21 @@ func startTestRound(cs *ConsensusState, height int64, round int) {

 // Create proposal block from cs1 but sign it with vs
 func decideProposal(cs1 *ConsensusState, vs *validatorStub, height int64, round int) (proposal *types.Proposal, block *types.Block) {
+	cs1.mtx.Lock()
 	block, blockParts := cs1.createProposalBlock()
+	cs1.mtx.Unlock()
 	if block == nil { // on error
 		panic("error creating proposal block")
 	}

 	// Make proposal
-	polRound, propBlockID := cs1.ValidRound, types.BlockID{block.Hash(), blockParts.Header()}
+	cs1.mtx.RLock()
+	validRound := cs1.ValidRound
+	chainID := cs1.state.ChainID
+	cs1.mtx.RUnlock()
+	polRound, propBlockID := validRound, types.BlockID{block.Hash(), blockParts.Header()}
 	proposal = types.NewProposal(height, round, polRound, propBlockID)
-	if err := vs.SignProposal(cs1.state.ChainID, proposal); err != nil {
+	if err := vs.SignProposal(chainID, proposal); err != nil {
 		panic(err)
 	}
 	return
@@ -242,6 +253,7 @@ func subscribeToVoter(cs *ConsensusState, addr []byte) chan interface{} {
 // consensus states

 func newConsensusState(state sm.State, pv types.PrivValidator, app abci.Application) *ConsensusState {
+	config := cfg.ResetTestRoot("consensus_state_test")
 	return newConsensusStateWithConfig(config, state, pv, app)
 }

@@ -378,36 +390,6 @@ func ensureNewEvent(
 	}
 }

-func ensureNewRoundStep(stepCh <-chan interface{}, height int64, round int) {
-	ensureNewEvent(
-		stepCh,
-		height,
-		round,
-		ensureTimeout,
-		"Timeout expired while waiting for NewStep event")
-}
-
-func ensureNewVote(voteCh <-chan interface{}, height int64, round int) {
-	select {
-	case <-time.After(ensureTimeout):
-		break
-	case v := <-voteCh:
-		edv, ok := v.(types.EventDataVote)
-		if !ok {
-			panic(fmt.Sprintf("expected a *types.Vote, "+
-				"got %v. wrong subscription channel?",
-				reflect.TypeOf(v)))
-		}
-		vote := edv.Vote
-		if vote.Height != height {
-			panic(fmt.Sprintf("expected height %v, got %v", height, vote.Height))
-		}
-		if vote.Round != round {
-			panic(fmt.Sprintf("expected round %v, got %v", round, vote.Round))
-		}
-	}
-}
-
 func ensureNewRound(roundCh <-chan interface{}, height int64, round int) {
 	select {
 	case <-time.After(ensureTimeout):
@@ -430,7 +412,7 @@ func ensureNewRound(roundCh <-chan interface{}, height int64, round int) {
 }

 func ensureNewTimeout(timeoutCh <-chan interface{}, height int64, round int, timeout int64) {
-	timeoutDuration := time.Duration(timeout*3) * time.Nanosecond
+	timeoutDuration := time.Duration(timeout*5) * time.Nanosecond
 	ensureNewEvent(timeoutCh, height, round, timeoutDuration,
 		"Timeout expired while waiting for NewTimeout event")
 }
@@ -584,14 +566,17 @@ func consensusLogger() log.Logger {
 	}).With("module", "consensus")
 }

-func randConsensusNet(nValidators int, testName string, tickerFunc func() TimeoutTicker, appFunc func() abci.Application, configOpts ...func(*cfg.Config)) []*ConsensusState {
+func randConsensusNet(nValidators int, testName string, tickerFunc func() TimeoutTicker,
+	appFunc func() abci.Application, configOpts ...func(*cfg.Config)) ([]*ConsensusState, cleanupFunc) {
 	genDoc, privVals := randGenesisDoc(nValidators, false, 30)
 	css := make([]*ConsensusState, nValidators)
 	logger := consensusLogger()
+	configRootDirs := make([]string, 0, nValidators)
 	for i := 0; i < nValidators; i++ {
 		stateDB := dbm.NewMemDB() // each state needs its own db
 		state, _ := sm.LoadStateFromDBOrGenesisDoc(stateDB, genDoc)
 		thisConfig := ResetConfig(fmt.Sprintf("%s_%d", testName, i))
+		configRootDirs = append(configRootDirs, thisConfig.RootDir)
 		for _, opt := range configOpts {
 			opt(thisConfig)
 		}
@@ -604,18 +589,26 @@ func randConsensusNet(nValidators int, testName string, tickerFunc func() Timeou
 		css[i].SetTimeoutTicker(tickerFunc())
 		css[i].SetLogger(logger.With("validator", i, "module", "consensus"))
 	}
-	return css
+	return css, func() {
+		for _, dir := range configRootDirs {
+			os.RemoveAll(dir)
+		}
+	}
 }

 // nPeers = nValidators + nNotValidator
-func randConsensusNetWithPeers(nValidators, nPeers int, testName string, tickerFunc func() TimeoutTicker, appFunc func() abci.Application) []*ConsensusState {
+func randConsensusNetWithPeers(nValidators, nPeers int, testName string, tickerFunc func() TimeoutTicker,
+	appFunc func() abci.Application) ([]*ConsensusState, cleanupFunc) {
+
 	genDoc, privVals := randGenesisDoc(nValidators, false, testMinPower)
 	css := make([]*ConsensusState, nPeers)
 	logger := consensusLogger()
+	configRootDirs := make([]string, 0, nPeers)
 	for i := 0; i < nPeers; i++ {
 		stateDB := dbm.NewMemDB() // each state needs its own db
 		state, _ := sm.LoadStateFromDBOrGenesisDoc(stateDB, genDoc)
 		thisConfig := ResetConfig(fmt.Sprintf("%s_%d", testName, i))
+		configRootDirs = append(configRootDirs, thisConfig.RootDir)
 		ensureDir(filepath.Dir(thisConfig.Consensus.WalFile()), 0700) // dir for wal
 		var privVal types.PrivValidator
 		if i < nValidators {
@@ -641,7 +634,11 @@ func randConsensusNetWithPeers(nValidators, nPeers int, testName string, tickerF
 		css[i].SetTimeoutTicker(tickerFunc())
 		css[i].SetLogger(logger.With("validator", i, "module", "consensus"))
 	}
-	return css
+	return css, func() {
+		for _, dir := range configRootDirs {
+			os.RemoveAll(dir)
+		}
+	}
 }

 func getSwitchIndex(switches []*p2p.Switch, peer p2p.Peer) int {
@@ -651,7 +648,6 @@ func getSwitchIndex(switches []*p2p.Switch, peer p2p.Peer) int {
 		}
 	}
 	panic("didnt find peer in switches")
-	return -1
 }

 //-------------------------------------------------------------------------------
@@ -729,8 +725,7 @@ func (m *mockTicker) Chan() <-chan timeoutInfo {
 	return m.c
 }

-func (mockTicker) SetLogger(log.Logger) {
-}
+func (*mockTicker) SetLogger(log.Logger) {}

 //------------------------------------

@@ -739,6 +734,9 @@ func newCounter() abci.Application {
 }

 func newPersistentKVStore() abci.Application {
-	dir, _ := ioutil.TempDir("/tmp", "persistent-kvstore")
+	dir, err := ioutil.TempDir("", "persistent-kvstore")
+	if err != nil {
+		panic(err)
+	}
 	return kvstore.NewPersistentKVStoreApplication(dir)
 }
--- a/consensus/mempool_test.go
+++ b/consensus/mempool_test.go
@@ -3,6 +3,7 @@ package consensus
 import (
 	"encoding/binary"
 	"fmt"
+	"os"
 	"testing"
 	"time"

@@ -14,10 +15,6 @@ import (
 	"github.com/tendermint/tendermint/types"
 )

-func init() {
-	config = ResetConfig("consensus_mempool_test")
-}
-
 // for testing
 func assertMempool(txn txNotifier) sm.Mempool {
 	return txn.(sm.Mempool)
@@ -25,6 +22,7 @@ func assertMempool(txn txNotifier) sm.Mempool {

 func TestMempoolNoProgressUntilTxsAvailable(t *testing.T) {
 	config := ResetConfig("consensus_mempool_txs_available_test")
+	defer os.RemoveAll(config.RootDir)
 	config.Consensus.CreateEmptyBlocks = false
 	state, privVals := randGenesisState(1, false, 10)
 	cs := newConsensusStateWithConfig(config, state, privVals[0], NewCounterApplication())
@@ -43,6 +41,7 @@ func TestMempoolNoProgressUntilTxsAvailable(t *testing.T) {

 func TestMempoolProgressAfterCreateEmptyBlocksInterval(t *testing.T) {
 	config := ResetConfig("consensus_mempool_txs_available_test")
+	defer os.RemoveAll(config.RootDir)
 	config.Consensus.CreateEmptyBlocksInterval = ensureTimeout
 	state, privVals := randGenesisState(1, false, 10)
 	cs := newConsensusStateWithConfig(config, state, privVals[0], NewCounterApplication())
@@ -58,6 +57,7 @@ func TestMempoolProgressAfterCreateEmptyBlocksInterval(t *testing.T) {

 func TestMempoolProgressInHigherRound(t *testing.T) {
 	config := ResetConfig("consensus_mempool_txs_available_test")
+	defer os.RemoveAll(config.RootDir)
 	config.Consensus.CreateEmptyBlocks = false
 	state, privVals := randGenesisState(1, false, 10)
 	cs := newConsensusStateWithConfig(config, state, privVals[0], NewCounterApplication())
--- a/consensus/reactor.go
+++ b/consensus/reactor.go
@@ -8,7 +8,7 @@ import (

 	"github.com/pkg/errors"

-	"github.com/tendermint/go-amino"
+	amino "github.com/tendermint/go-amino"
 	cstypes "github.com/tendermint/tendermint/consensus/types"
 	cmn "github.com/tendermint/tendermint/libs/common"
 	tmevents "github.com/tendermint/tendermint/libs/events"
@@ -438,9 +438,9 @@ func (conR *ConsensusReactor) broadcastHasVoteMessage(vote *types.Vote) {

 func makeRoundStepMessage(rs *cstypes.RoundState) (nrsMsg *NewRoundStepMessage) {
 	nrsMsg = &NewRoundStepMessage{
-		Height: rs.Height,
-		Round:  rs.Round,
-		Step:   rs.Step,
+		Height:                rs.Height,
+		Round:                 rs.Round,
+		Step:                  rs.Step,
 		SecondsSinceStartTime: int(time.Since(rs.StartTime).Seconds()),
 		LastCommitRound:       rs.LastCommit.Round(),
 	}
@@ -896,7 +896,7 @@ type PeerState struct {
 	peer   p2p.Peer
 	logger log.Logger

-	mtx   sync.Mutex             `json:"-"`           // NOTE: Modify below using setters, never directly.
+	mtx   sync.Mutex             // NOTE: Modify below using setters, never directly.
 	PRS   cstypes.PeerRoundState `json:"round_state"` // Exposed.
 	Stats *peerStateStats        `json:"stats"`       // Exposed.
 }
--- a/consensus/reactor_test.go
+++ b/consensus/reactor_test.go
@@ -14,7 +14,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

-	"github.com/tendermint/tendermint/abci/client"
+	abcicli "github.com/tendermint/tendermint/abci/client"
 	"github.com/tendermint/tendermint/abci/example/kvstore"
 	abci "github.com/tendermint/tendermint/abci/types"
 	bc "github.com/tendermint/tendermint/blockchain"
@@ -27,10 +27,6 @@ import (
 	"github.com/tendermint/tendermint/types"
 )

-func init() {
-	config = ResetConfig("consensus_reactor_test")
-}
-
 //----------------------------------------------
 // in-process testnets

@@ -86,7 +82,8 @@ func stopConsensusNet(logger log.Logger, reactors []*ConsensusReactor, eventBuse
 // Ensure a testnet makes blocks
 func TestReactorBasic(t *testing.T) {
 	N := 4
-	css := randConsensusNet(N, "consensus_reactor_test", newMockTickerFunc(true), newCounter)
+	css, cleanup := randConsensusNet(N, "consensus_reactor_test", newMockTickerFunc(true), newCounter)
+	defer cleanup()
 	reactors, eventChans, eventBuses := startConsensusNet(t, css, N)
 	defer stopConsensusNet(log.TestingLogger(), reactors, eventBuses)
 	// wait till everyone makes the first new block
@@ -116,6 +113,7 @@ func TestReactorWithEvidence(t *testing.T) {
 		stateDB := dbm.NewMemDB() // each state needs its own db
 		state, _ := sm.LoadStateFromDBOrGenesisDoc(stateDB, genDoc)
 		thisConfig := ResetConfig(fmt.Sprintf("%s_%d", testName, i))
+		defer os.RemoveAll(thisConfig.RootDir)
 		ensureDir(path.Dir(thisConfig.Consensus.WalFile()), 0700) // dir for wal
 		app := appFunc()
 		vals := types.TM2PB.ValidatorUpdates(state.Validators)
@@ -211,16 +209,18 @@ func (m *mockEvidencePool) Update(block *types.Block, state sm.State) {
 	}
 	m.height++
 }
+func (m *mockEvidencePool) IsCommitted(types.Evidence) bool { return false }

 //------------------------------------

 // Ensure a testnet makes blocks when there are txs
 func TestReactorCreatesBlockWhenEmptyBlocksFalse(t *testing.T) {
 	N := 4
-	css := randConsensusNet(N, "consensus_reactor_test", newMockTickerFunc(true), newCounter,
+	css, cleanup := randConsensusNet(N, "consensus_reactor_test", newMockTickerFunc(true), newCounter,
 		func(c *cfg.Config) {
 			c.Consensus.CreateEmptyBlocks = false
 		})
+	defer cleanup()
 	reactors, eventChans, eventBuses := startConsensusNet(t, css, N)
 	defer stopConsensusNet(log.TestingLogger(), reactors, eventBuses)

@@ -238,7 +238,8 @@ func TestReactorCreatesBlockWhenEmptyBlocksFalse(t *testing.T) {
 // Test we record stats about votes and block parts from other peers.
 func TestReactorRecordsVotesAndBlockParts(t *testing.T) {
 	N := 4
-	css := randConsensusNet(N, "consensus_reactor_test", newMockTickerFunc(true), newCounter)
+	css, cleanup := randConsensusNet(N, "consensus_reactor_test", newMockTickerFunc(true), newCounter)
+	defer cleanup()
 	reactors, eventChans, eventBuses := startConsensusNet(t, css, N)
 	defer stopConsensusNet(log.TestingLogger(), reactors, eventBuses)

@@ -262,7 +263,8 @@ func TestReactorRecordsVotesAndBlockParts(t *testing.T) {
 func TestReactorVotingPowerChange(t *testing.T) {
 	nVals := 4
 	logger := log.TestingLogger()
-	css := randConsensusNet(nVals, "consensus_voting_power_changes_test", newMockTickerFunc(true), newPersistentKVStore)
+	css, cleanup := randConsensusNet(nVals, "consensus_voting_power_changes_test", newMockTickerFunc(true), newPersistentKVStore)
+	defer cleanup()
 	reactors, eventChans, eventBuses := startConsensusNet(t, css, nVals)
 	defer stopConsensusNet(logger, reactors, eventBuses)

@@ -323,8 +325,8 @@ func TestReactorVotingPowerChange(t *testing.T) {
 func TestReactorValidatorSetChanges(t *testing.T) {
 	nPeers := 7
 	nVals := 4
-	css := randConsensusNetWithPeers(nVals, nPeers, "consensus_val_set_changes_test", newMockTickerFunc(true), newPersistentKVStore)
-
+	css, cleanup := randConsensusNetWithPeers(nVals, nPeers, "consensus_val_set_changes_test", newMockTickerFunc(true), newPersistentKVStore)
+	defer cleanup()
 	logger := log.TestingLogger()

 	reactors, eventChans, eventBuses := startConsensusNet(t, css, nPeers)
@@ -421,7 +423,8 @@ func TestReactorValidatorSetChanges(t *testing.T) {
 // Check we can make blocks with skip_timeout_commit=false
 func TestReactorWithTimeoutCommit(t *testing.T) {
 	N := 4
-	css := randConsensusNet(N, "consensus_reactor_with_timeout_commit_test", newMockTickerFunc(false), newCounter)
+	css, cleanup := randConsensusNet(N, "consensus_reactor_with_timeout_commit_test", newMockTickerFunc(false), newCounter)
+	defer cleanup()
 	// override default SkipTimeoutCommit == true for tests
 	for i := 0; i < N; i++ {
 		css[i].config.SkipTimeoutCommit = false
--- a/consensus/replay.go
+++ b/consensus/replay.go
@@ -6,6 +6,7 @@ import (
 	"hash/crc32"
 	"io"
 	"reflect"
+
 	//"strconv"
 	//"strings"
 	"time"
@@ -143,8 +144,8 @@ func (cs *ConsensusState) catchupReplay(csHeight int64) error {
 		if err == io.EOF {
 			break
 		} else if IsDataCorruptionError(err) {
-			cs.Logger.Debug("data has been corrupted in last height of consensus WAL", "err", err, "height", csHeight)
-			panic(fmt.Sprintf("data has been corrupted (%v) in last height %d of consensus WAL", err, csHeight))
+			cs.Logger.Error("data has been corrupted in last height of consensus WAL", "err", err, "height", csHeight)
+			return err
 		} else if err != nil {
 			return err
 		}
@@ -196,6 +197,7 @@ type Handshaker struct {
 	stateDB      dbm.DB
 	initialState sm.State
 	store        sm.BlockStore
+	eventBus     types.BlockEventPublisher
 	genDoc       *types.GenesisDoc
 	logger       log.Logger

@@ -209,6 +211,7 @@ func NewHandshaker(stateDB dbm.DB, state sm.State,
 		stateDB:      stateDB,
 		initialState: state,
 		store:        store,
+		eventBus:     types.NopEventBus{},
 		genDoc:       genDoc,
 		logger:       log.NewNopLogger(),
 		nBlocks:      0,
@@ -219,6 +222,12 @@ func (h *Handshaker) SetLogger(l log.Logger) {
 	h.logger = l
 }

+// SetEventBus - sets the event bus for publishing block related events.
+// If not called, it defaults to types.NopEventBus.
+func (h *Handshaker) SetEventBus(eventBus types.BlockEventPublisher) {
+	h.eventBus = eventBus
+}
+
 func (h *Handshaker) NBlocks() int {
 	return h.nBlocks
 }
@@ -325,7 +334,7 @@ func (h *Handshaker) ReplayBlocks(

 	} else if storeBlockHeight < appBlockHeight {
 		// the app should never be ahead of the store (but this is under app's control)
-		return appHash, sm.ErrAppBlockHeightTooHigh{storeBlockHeight, appBlockHeight}
+		return appHash, sm.ErrAppBlockHeightTooHigh{CoreHeight: storeBlockHeight, AppHeight: appBlockHeight}

 	} else if storeBlockHeight < stateBlockHeight {
 		// the state should never be ahead of the store (this is under tendermint's control)
@@ -432,6 +441,7 @@ func (h *Handshaker) replayBlock(state sm.State, height int64, proxyApp proxy.Ap
 	meta := h.store.LoadBlockMeta(height)

 	blockExec := sm.NewBlockExecutor(h.stateDB, h.logger, proxyApp, sm.MockMempool{}, sm.MockEvidencePool{})
+	blockExec.SetEventBus(h.eventBus)

 	var err error
 	state, err = blockExec.ApplyBlock(state, meta.BlockID, block)
--- a/consensus/replay_file.go
+++ b/consensus/replay_file.go
@@ -103,7 +103,6 @@ func (cs *ConsensusState) ReplayFile(file string, console bool) error {
 		}
 		pb.count++
 	}
-	return nil
 }

 //------------------------------------------------
@@ -295,7 +294,6 @@ func (pb *playback) replayConsoleLoop() int {
 			fmt.Println(pb.count)
 		}
 	}
-	return 0
 }

 //--------------------------------------------------------------------------------
@@ -326,17 +324,18 @@ func newConsensusStateForReplay(config cfg.BaseConfig, csConfig *cfg.ConsensusCo
 		cmn.Exit(fmt.Sprintf("Error starting proxy app conns: %v", err))
 	}

-	handshaker := NewHandshaker(stateDB, state, blockStore, gdoc)
-	err = handshaker.Handshake(proxyApp)
-	if err != nil {
-		cmn.Exit(fmt.Sprintf("Error on handshake: %v", err))
-	}
-
 	eventBus := types.NewEventBus()
 	if err := eventBus.Start(); err != nil {
 		cmn.Exit(fmt.Sprintf("Failed to start event bus: %v", err))
 	}

+	handshaker := NewHandshaker(stateDB, state, blockStore, gdoc)
+	handshaker.SetEventBus(eventBus)
+	err = handshaker.Handshake(proxyApp)
+	if err != nil {
+		cmn.Exit(fmt.Sprintf("Error on handshake: %v", err))
+	}
+
 	mempool, evpool := sm.MockMempool{}, sm.MockEvidencePool{}
 	blockExec := sm.NewBlockExecutor(stateDB, log.TestingLogger(), proxyApp.Consensus(), mempool, evpool)

--- a/consensus/replay_test.go
+++ b/consensus/replay_test.go
@@ -17,23 +17,31 @@ import (

 	"github.com/tendermint/tendermint/abci/example/kvstore"
 	abci "github.com/tendermint/tendermint/abci/types"
+	cfg "github.com/tendermint/tendermint/config"
 	"github.com/tendermint/tendermint/crypto"
 	auto "github.com/tendermint/tendermint/libs/autofile"
 	dbm "github.com/tendermint/tendermint/libs/db"
-	"github.com/tendermint/tendermint/version"
-
-	cfg "github.com/tendermint/tendermint/config"
 	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/privval"
 	"github.com/tendermint/tendermint/proxy"
 	sm "github.com/tendermint/tendermint/state"
 	"github.com/tendermint/tendermint/types"
+	"github.com/tendermint/tendermint/version"
 )

-var consensusReplayConfig *cfg.Config
-
-func init() {
+func TestMain(m *testing.M) {
+	config = ResetConfig("consensus_reactor_test")
 	consensusReplayConfig = ResetConfig("consensus_replay_test")
+	configStateTest := ResetConfig("consensus_state_test")
+	configMempoolTest := ResetConfig("consensus_mempool_test")
+	configByzantineTest := ResetConfig("consensus_byzantine_test")
+	code := m.Run()
+	os.RemoveAll(config.RootDir)
+	os.RemoveAll(consensusReplayConfig.RootDir)
+	os.RemoveAll(configStateTest.RootDir)
+	os.RemoveAll(configMempoolTest.RootDir)
+	os.RemoveAll(configByzantineTest.RootDir)
+	os.Exit(code)
 }

 // These tests ensure we can always recover from failure at any part of the consensus process.
@@ -51,7 +59,8 @@ func init() {
 // and which ones we need the wal for - then we'd also be able to only flush the
 // wal writer when we need to, instead of with every message.

-func startNewConsensusStateAndWaitForBlock(t *testing.T, lastBlockHeight int64, blockDB dbm.DB, stateDB dbm.DB) {
+func startNewConsensusStateAndWaitForBlock(t *testing.T, consensusReplayConfig *cfg.Config,
+	lastBlockHeight int64, blockDB dbm.DB, stateDB dbm.DB) {
 	logger := log.TestingLogger()
 	state, _ := sm.LoadStateFromDBOrGenesisFile(stateDB, consensusReplayConfig.GenesisFile())
 	privValidator := loadPrivValidator(consensusReplayConfig)
@@ -59,7 +68,6 @@ func startNewConsensusStateAndWaitForBlock(t *testing.T, lastBlockHeight int64,
 	cs.SetLogger(logger)

 	bytes, _ := ioutil.ReadFile(cs.config.WalFile())
-	// fmt.Printf("====== WAL: \n\r%s\n", bytes)
 	t.Logf("====== WAL: \n\r%X\n", bytes)

 	err := cs.Start()
@@ -110,21 +118,22 @@ func TestWALCrash(t *testing.T) {
 			3},
 	}

-	for _, tc := range testCases {
+	for i, tc := range testCases {
+		consensusReplayConfig := ResetConfig(fmt.Sprintf("%s_%d", t.Name(), i))
 		t.Run(tc.name, func(t *testing.T) {
-			crashWALandCheckLiveness(t, tc.initFn, tc.heightToStop)
+			crashWALandCheckLiveness(t, consensusReplayConfig, tc.initFn, tc.heightToStop)
 		})
 	}
 }

-func crashWALandCheckLiveness(t *testing.T, initFn func(dbm.DB, *ConsensusState, context.Context), heightToStop int64) {
+func crashWALandCheckLiveness(t *testing.T, consensusReplayConfig *cfg.Config,
+	initFn func(dbm.DB, *ConsensusState, context.Context), heightToStop int64) {
 	walPaniced := make(chan error)
 	crashingWal := &crashingWAL{panicCh: walPaniced, heightToStop: heightToStop}

 	i := 1
 LOOP:
 	for {
-		// fmt.Printf("====== LOOP %d\n", i)
 		t.Logf("====== LOOP %d\n", i)

 		// create consensus state from a clean slate
@@ -163,7 +172,7 @@ LOOP:
 			t.Logf("WAL paniced: %v", err)

 			// make sure we can make blocks after a crash
-			startNewConsensusStateAndWaitForBlock(t, cs.Height, blockDB, stateDB)
+			startNewConsensusStateAndWaitForBlock(t, consensusReplayConfig, cs.Height, blockDB, stateDB)

 			// stop consensus state and transactions sender (initFn)
 			cs.Stop()
@@ -269,29 +278,37 @@ var modes = []uint{0, 1, 2}

 // Sync from scratch
 func TestHandshakeReplayAll(t *testing.T) {
-	for _, m := range modes {
-		testHandshakeReplay(t, 0, m)
+	for i, m := range modes {
+		config := ResetConfig(fmt.Sprintf("%s_%v", t.Name(), i))
+		defer os.RemoveAll(config.RootDir)
+		testHandshakeReplay(t, config, 0, m)
 	}
 }

 // Sync many, not from scratch
 func TestHandshakeReplaySome(t *testing.T) {
-	for _, m := range modes {
-		testHandshakeReplay(t, 1, m)
+	for i, m := range modes {
+		config := ResetConfig(fmt.Sprintf("%s_%v", t.Name(), i))
+		defer os.RemoveAll(config.RootDir)
+		testHandshakeReplay(t, config, 1, m)
 	}
 }

 // Sync from lagging by one
 func TestHandshakeReplayOne(t *testing.T) {
-	for _, m := range modes {
-		testHandshakeReplay(t, NUM_BLOCKS-1, m)
+	for i, m := range modes {
+		config := ResetConfig(fmt.Sprintf("%s_%v", t.Name(), i))
+		defer os.RemoveAll(config.RootDir)
+		testHandshakeReplay(t, config, NUM_BLOCKS-1, m)
 	}
 }

 // Sync from caught up
 func TestHandshakeReplayNone(t *testing.T) {
-	for _, m := range modes {
-		testHandshakeReplay(t, NUM_BLOCKS, m)
+	for i, m := range modes {
+		config := ResetConfig(fmt.Sprintf("%s_%v", t.Name(), i))
+		defer os.RemoveAll(config.RootDir)
+		testHandshakeReplay(t, config, NUM_BLOCKS, m)
 	}
 }

@@ -311,10 +328,8 @@ func tempWALWithData(data []byte) string {
 }

 // Make some blocks. Start a fresh app and apply nBlocks blocks. Then restart the app and sync it up with the remaining blocks
-func testHandshakeReplay(t *testing.T, nBlocks int, mode uint) {
-	config := ResetConfig("proxy_test_")
-
-	walBody, err := WALWithNBlocks(NUM_BLOCKS)
+func testHandshakeReplay(t *testing.T, config *cfg.Config, nBlocks int, mode uint) {
+	walBody, err := WALWithNBlocks(t, NUM_BLOCKS)
 	require.NoError(t, err)
 	walFile := tempWALWithData(walBody)
 	config.Consensus.SetWalFile(walFile)
@@ -537,10 +552,8 @@ func makeBlockchainFromWAL(wal WAL) ([]*types.Block, []*types.Commit, error) {
 			}
 		case *types.Vote:
 			if p.Type == types.PrecommitType {
-				thisBlockCommit = &types.Commit{
-					BlockID:    p.BlockID,
-					Precommits: []*types.Vote{p},
-				}
+				commitSigs := []*types.CommitSig{p.CommitSig()}
+				thisBlockCommit = types.NewCommit(p.BlockID, commitSigs)
 			}
 		}
 	}
@@ -633,6 +646,7 @@ func TestInitChainUpdateValidators(t *testing.T) {
 	clientCreator := proxy.NewLocalClientCreator(app)

 	config := ResetConfig("proxy_test_")
+	defer os.RemoveAll(config.RootDir)
 	privVal := privval.LoadFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile())
 	stateDB, state, store := stateAndStore(config, privVal.GetPubKey(), 0x0)

--- a/consensus/state.go
+++ b/consensus/state.go
@@ -94,8 +94,7 @@ type ConsensusState struct {
 	// internal state
 	mtx sync.RWMutex
 	cstypes.RoundState
-	triggeredTimeoutPrecommit bool
-	state                     sm.State // State until height-1.
+	state sm.State // State until height-1.

 	// state changes may be triggered by: msgs from peers,
 	// msgs from ourself, or by timeouts
@@ -308,6 +307,23 @@ func (cs *ConsensusState) OnStart() error {
 	// reload from consensus log to catchup
 	if cs.doWALCatchup {
 		if err := cs.catchupReplay(cs.Height); err != nil {
+			// don't try to recover from data corruption error
+			if IsDataCorruptionError(err) {
+				cs.Logger.Error("Encountered corrupt WAL file", "err", err.Error())
+				cs.Logger.Error("Please repair the WAL file before restarting")
+				fmt.Println(`You can attempt to repair the WAL as follows:
+
+----
+WALFILE=~/.tendermint/data/cs.wal/wal
+cp $WALFILE ${WALFILE}.bak # backup the file
+go run scripts/wal2json/main.go $WALFILE > wal.json # this will panic, but can be ignored
+rm $WALFILE # remove the corrupt file
+go run scripts/json2wal/main.go wal.json $WALFILE # rebuild the file without corruption
+----`)
+
+				return err
+			}
+
 			cs.Logger.Error("Error on catchup replay. Proceeding to start ConsensusState anyway", "err", err.Error())
 			// NOTE: if we ever do return an error here,
 			// make sure to stop the timeoutTicker
@@ -438,7 +454,7 @@ func (cs *ConsensusState) updateRoundStep(round int, step cstypes.RoundStepType)
 // enterNewRound(height, 0) at cs.StartTime.
 func (cs *ConsensusState) scheduleRound0(rs *cstypes.RoundState) {
 	//cs.Logger.Info("scheduleRound0", "now", tmtime.Now(), "startTime", cs.StartTime)
-	sleepDuration := rs.StartTime.Sub(tmtime.Now()) // nolint: gotype, gosimple
+	sleepDuration := rs.StartTime.Sub(tmtime.Now())
 	cs.scheduleTimeout(sleepDuration, rs.Height, 0, cstypes.RoundStepNewHeight)
 }

@@ -473,7 +489,7 @@ func (cs *ConsensusState) reconstructLastCommit(state sm.State) {
 		if precommit == nil {
 			continue
 		}
-		added, err := lastPrecommits.AddVote(precommit)
+		added, err := lastPrecommits.AddVote(seenCommit.ToVote(precommit))
 		if !added || err != nil {
 			cmn.PanicCrisis(fmt.Sprintf("Failed to reconstruct LastCommit: %v", err))
 		}
@@ -550,6 +566,7 @@ func (cs *ConsensusState) updateToState(state sm.State) {
 	cs.CommitRound = -1
 	cs.LastCommit = lastPrecommits
 	cs.LastValidators = state.LastValidators
+	cs.TriggeredTimeoutPrecommit = false

 	cs.state = state

@@ -625,6 +642,15 @@ func (cs *ConsensusState) receiveRoutine(maxSteps int) {
 			cs.handleMsg(mi)
 		case mi = <-cs.internalMsgQueue:
 			cs.wal.WriteSync(mi) // NOTE: fsync
+
+			if _, ok := mi.Msg.(*VoteMessage); ok {
+				// we actually want to simulate failing during
+				// the previous WriteSync, but this isn't easy to do.
+				// Equivalent would be to fail here and manually remove
+				// some bytes from the end of the wal.
+				fail.Fail() // XXX
+			}
+
 			// handles proposals, block parts, votes
 			cs.handleMsg(mi)
 		case ti := <-cs.timeoutTicker.Chan(): // tockChan:
@@ -732,6 +758,7 @@ func (cs *ConsensusState) handleTxsAvailable() {
 	cs.mtx.Lock()
 	defer cs.mtx.Unlock()
 	// we only need to do this for round 0
+	cs.enterNewRound(cs.Height, 0)
 	cs.enterPropose(cs.Height, 0)
 }

@@ -782,7 +809,7 @@ func (cs *ConsensusState) enterNewRound(height int64, round int) {
 		cs.ProposalBlockParts = nil
 	}
 	cs.Votes.SetRound(round + 1) // also track next round (round+1) to allow round-skipping
-	cs.triggeredTimeoutPrecommit = false
+	cs.TriggeredTimeoutPrecommit = false

 	cs.eventBus.PublishEventNewRound(cs.NewRoundEvent())
 	cs.metrics.Rounds.Set(float64(round))
@@ -883,7 +910,7 @@ func (cs *ConsensusState) defaultDecideProposal(height int64, round int) {
 	}

 	// Make proposal
-	propBlockId := types.BlockID{block.Hash(), blockParts.Header()}
+	propBlockId := types.BlockID{Hash: block.Hash(), PartsHeader: blockParts.Header()}
 	proposal := types.NewProposal(height, round, cs.ValidRound, propBlockId)
 	if err := cs.privValidator.SignProposal(cs.state.ChainID, proposal); err == nil {

@@ -928,7 +955,7 @@ func (cs *ConsensusState) createProposalBlock() (block *types.Block, blockParts
 	if cs.Height == 1 {
 		// We're creating a proposal for the first block.
 		// The commit is empty, but not nil.
-		commit = &types.Commit{}
+		commit = types.NewCommit(types.BlockID{}, nil)
 	} else if cs.LastCommit.HasTwoThirdsMajority() {
 		// Make the commit from LastCommit
 		commit = cs.LastCommit.MakeCommit()
@@ -1128,12 +1155,12 @@ func (cs *ConsensusState) enterPrecommit(height int64, round int) {
 func (cs *ConsensusState) enterPrecommitWait(height int64, round int) {
 	logger := cs.Logger.With("height", height, "round", round)

-	if cs.Height != height || round < cs.Round || (cs.Round == round && cs.triggeredTimeoutPrecommit) {
+	if cs.Height != height || round < cs.Round || (cs.Round == round && cs.TriggeredTimeoutPrecommit) {
 		logger.Debug(
 			fmt.Sprintf(
 				"enterPrecommitWait(%v/%v): Invalid args. "+
-					"Current state is Height/Round: %v/%v/, triggeredTimeoutPrecommit:%v",
-				height, round, cs.Height, cs.Round, cs.triggeredTimeoutPrecommit))
+					"Current state is Height/Round: %v/%v/, TriggeredTimeoutPrecommit:%v",
+				height, round, cs.Height, cs.Round, cs.TriggeredTimeoutPrecommit))
 		return
 	}
 	if !cs.Votes.Precommits(round).HasTwoThirdsAny() {
@@ -1143,7 +1170,7 @@ func (cs *ConsensusState) enterPrecommitWait(height int64, round int) {

 	defer func() {
 		// Done enterPrecommitWait:
-		cs.triggeredTimeoutPrecommit = true
+		cs.TriggeredTimeoutPrecommit = true
 		cs.newStep()
 	}()

@@ -1294,7 +1321,7 @@ func (cs *ConsensusState) finalizeCommit(height int64) {
 	// Execute and commit the block, update and save the state, and update the mempool.
 	// NOTE The block.AppHash wont reflect these txs until the next block.
 	var err error
-	stateCopy, err = cs.blockExec.ApplyBlock(stateCopy, types.BlockID{block.Hash(), blockParts.Header()}, block)
+	stateCopy, err = cs.blockExec.ApplyBlock(stateCopy, types.BlockID{Hash: block.Hash(), PartsHeader: blockParts.Header()}, block)
 	if err != nil {
 		cs.Logger.Error("Error on ApplyBlock. Did the application crash? Please restart tendermint", "err", err)
 		err := cmn.Kill()
@@ -1330,7 +1357,7 @@ func (cs *ConsensusState) recordMetrics(height int64, block *types.Block) {
 	missingValidators := 0
 	missingValidatorsPower := int64(0)
 	for i, val := range cs.Validators.Validators {
-		var vote *types.Vote
+		var vote *types.CommitSig
 		if i < len(block.LastCommit.Precommits) {
 			vote = block.LastCommit.Precommits[i]
 		}
@@ -1517,7 +1544,7 @@ func (cs *ConsensusState) addVote(vote *types.Vote, peerID p2p.ID) (added bool,
 		}

 		cs.Logger.Info(fmt.Sprintf("Added to lastPrecommits: %v", cs.LastCommit.StringShort()))
-		cs.eventBus.PublishEventVote(types.EventDataVote{vote})
+		cs.eventBus.PublishEventVote(types.EventDataVote{Vote: vote})
 		cs.evsw.FireEvent(types.EventVote, vote)

 		// if we can skip timeoutCommit and have all the votes now,
@@ -1545,7 +1572,7 @@ func (cs *ConsensusState) addVote(vote *types.Vote, peerID p2p.ID) (added bool,
 		return
 	}

-	cs.eventBus.PublishEventVote(types.EventDataVote{vote})
+	cs.eventBus.PublishEventVote(types.EventDataVote{Vote: vote})
 	cs.evsw.FireEvent(types.EventVote, vote)

 	switch vote.Type {
@@ -1657,7 +1684,7 @@ func (cs *ConsensusState) signVote(type_ types.SignedMsgType, hash []byte, heade
 		Round:            cs.Round,
 		Timestamp:        cs.voteTime(),
 		Type:             type_,
-		BlockID:          types.BlockID{hash, header},
+		BlockID:          types.BlockID{Hash: hash, PartsHeader: header},
 	}
 	err := cs.privValidator.SignVote(cs.state.ChainID, vote)
 	return vote, err
--- a/consensus/state_test.go
+++ b/consensus/state_test.go
@@ -18,14 +18,6 @@ import (
 	"github.com/tendermint/tendermint/types"
 )

-func init() {
-	config = ResetConfig("consensus_state_test")
-}
-
-func ensureProposeTimeout(timeoutPropose time.Duration) time.Duration {
-	return time.Duration(timeoutPropose.Nanoseconds()*2) * time.Nanosecond
-}
-
 /*

 ProposeSuite
@@ -1279,6 +1271,130 @@ func TestCommitFromPreviousRound(t *testing.T) {
 	ensureNewRound(newRoundCh, height+1, 0)
 }

+type fakeTxNotifier struct {
+	ch chan struct{}
+}
+
+func (n *fakeTxNotifier) TxsAvailable() <-chan struct{} {
+	return n.ch
+}
+
+func (n *fakeTxNotifier) Notify() {
+	n.ch <- struct{}{}
+}
+
+func TestStartNextHeightCorrectly(t *testing.T) {
+	config.Consensus.SkipTimeoutCommit = false
+	cs1, vss := randConsensusState(4)
+	cs1.txNotifier = &fakeTxNotifier{ch: make(chan struct{})}
+
+	vs2, vs3, vs4 := vss[1], vss[2], vss[3]
+	height, round := cs1.Height, cs1.Round
+
+	proposalCh := subscribe(cs1.eventBus, types.EventQueryCompleteProposal)
+	timeoutProposeCh := subscribe(cs1.eventBus, types.EventQueryTimeoutPropose)
+
+	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
+	newBlockHeader := subscribe(cs1.eventBus, types.EventQueryNewBlockHeader)
+	addr := cs1.privValidator.GetPubKey().Address()
+	voteCh := subscribeToVoter(cs1, addr)
+
+	// start round and wait for propose and prevote
+	startTestRound(cs1, height, round)
+	ensureNewRound(newRoundCh, height, round)
+
+	ensureNewProposal(proposalCh, height, round)
+	rs := cs1.GetRoundState()
+	theBlockHash := rs.ProposalBlock.Hash()
+	theBlockParts := rs.ProposalBlockParts.Header()
+
+	ensurePrevote(voteCh, height, round)
+	validatePrevote(t, cs1, round, vss[0], theBlockHash)
+
+	signAddVotes(cs1, types.PrevoteType, theBlockHash, theBlockParts, vs2, vs3, vs4)
+
+	ensurePrecommit(voteCh, height, round)
+	// the proposed block should now be locked and our precommit added
+	validatePrecommit(t, cs1, round, round, vss[0], theBlockHash, theBlockHash)
+
+	rs = cs1.GetRoundState()
+
+	// add precommits
+	signAddVotes(cs1, types.PrecommitType, nil, types.PartSetHeader{}, vs2)
+	signAddVotes(cs1, types.PrecommitType, theBlockHash, theBlockParts, vs3)
+	time.Sleep(5 * time.Millisecond)
+	signAddVotes(cs1, types.PrecommitType, theBlockHash, theBlockParts, vs4)
+
+	rs = cs1.GetRoundState()
+	assert.True(t, rs.TriggeredTimeoutPrecommit)
+
+	ensureNewBlockHeader(newBlockHeader, height, theBlockHash)
+
+	cs1.txNotifier.(*fakeTxNotifier).Notify()
+
+	ensureNewTimeout(timeoutProposeCh, height+1, round, cs1.config.TimeoutPropose.Nanoseconds())
+	rs = cs1.GetRoundState()
+	assert.False(t, rs.TriggeredTimeoutPrecommit, "triggeredTimeoutPrecommit should be false at the beginning of each round")
+}
+
+func TestResetTimeoutPrecommitUponNewHeight(t *testing.T) {
+	config.Consensus.SkipTimeoutCommit = false
+	cs1, vss := randConsensusState(4)
+
+	vs2, vs3, vs4 := vss[1], vss[2], vss[3]
+	height, round := cs1.Height, cs1.Round
+
+	partSize := types.BlockPartSizeBytes
+
+	proposalCh := subscribe(cs1.eventBus, types.EventQueryCompleteProposal)
+
+	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
+	newBlockHeader := subscribe(cs1.eventBus, types.EventQueryNewBlockHeader)
+	addr := cs1.privValidator.GetPubKey().Address()
+	voteCh := subscribeToVoter(cs1, addr)
+
+	// start round and wait for propose and prevote
+	startTestRound(cs1, height, round)
+	ensureNewRound(newRoundCh, height, round)
+
+	ensureNewProposal(proposalCh, height, round)
+	rs := cs1.GetRoundState()
+	theBlockHash := rs.ProposalBlock.Hash()
+	theBlockParts := rs.ProposalBlockParts.Header()
+
+	ensurePrevote(voteCh, height, round)
+	validatePrevote(t, cs1, round, vss[0], theBlockHash)
+
+	signAddVotes(cs1, types.PrevoteType, theBlockHash, theBlockParts, vs2, vs3, vs4)
+
+	ensurePrecommit(voteCh, height, round)
+	validatePrecommit(t, cs1, round, round, vss[0], theBlockHash, theBlockHash)
+
+	rs = cs1.GetRoundState()
+
+	// add precommits
+	signAddVotes(cs1, types.PrecommitType, nil, types.PartSetHeader{}, vs2)
+	signAddVotes(cs1, types.PrecommitType, theBlockHash, theBlockParts, vs3)
+	time.Sleep(5 * time.Millisecond)
+	signAddVotes(cs1, types.PrecommitType, theBlockHash, theBlockParts, vs4)
+
+	rs = cs1.GetRoundState()
+	assert.True(t, rs.TriggeredTimeoutPrecommit)
+
+	ensureNewBlockHeader(newBlockHeader, height, theBlockHash)
+
+	prop, propBlock := decideProposal(cs1, vs2, height+1, 0)
+	propBlockParts := propBlock.MakePartSet(partSize)
+
+	if err := cs1.SetProposalAndBlock(prop, propBlock, propBlockParts, "some peer"); err != nil {
+		t.Fatal(err)
+	}
+	ensureNewProposal(proposalCh, height+1, 0)
+
+	rs = cs1.GetRoundState()
+	assert.False(t, rs.TriggeredTimeoutPrecommit, "triggeredTimeoutPrecommit should be false at the beginning of each height")
+}
+
 //------------------------------------------------------------------------------------------
 // SlashingSuite
 // TODO: Slashing
--- a/consensus/types/height_vote_set_test.go
+++ b/consensus/types/height_vote_set_test.go
@@ -2,6 +2,7 @@ package types

 import (
 	"fmt"
+	"os"
 	"testing"

 	cfg "github.com/tendermint/tendermint/config"
@@ -11,8 +12,11 @@ import (

 var config *cfg.Config // NOTE: must be reset for each _test.go file

-func init() {
+func TestMain(m *testing.M) {
 	config = cfg.ResetTestRoot("consensus_height_vote_set_test")
+	code := m.Run()
+	os.RemoveAll(config.RootDir)
+	os.Exit(code)
 }

 func TestPeerCatchupRounds(t *testing.T) {
@@ -64,7 +68,6 @@ func makeVoteHR(t *testing.T, height int64, round int, privVals []types.PrivVali
 	err := privVal.SignVote(chainID, vote)
 	if err != nil {
 		panic(fmt.Sprintf("Error signing vote: %v", err))
-		return nil
 	}
 	return vote
 }
--- a/consensus/types/round_state.go
+++ b/consensus/types/round_state.go
@@ -65,25 +65,26 @@ func (rs RoundStepType) String() string {
 // NOTE: Not thread safe. Should only be manipulated by functions downstream
 // of the cs.receiveRoutine
 type RoundState struct {
-	Height             int64               `json:"height"` // Height we are working on
-	Round              int                 `json:"round"`
-	Step               RoundStepType       `json:"step"`
-	StartTime          time.Time           `json:"start_time"`
-	CommitTime         time.Time           `json:"commit_time"` // Subjective time when +2/3 precommits for Block at Round were found
-	Validators         *types.ValidatorSet `json:"validators"`
-	Proposal           *types.Proposal     `json:"proposal"`
-	ProposalBlock      *types.Block        `json:"proposal_block"`
-	ProposalBlockParts *types.PartSet      `json:"proposal_block_parts"`
-	LockedRound        int                 `json:"locked_round"`
-	LockedBlock        *types.Block        `json:"locked_block"`
-	LockedBlockParts   *types.PartSet      `json:"locked_block_parts"`
-	ValidRound         int                 `json:"valid_round"`       // Last known round with POL for non-nil valid block.
-	ValidBlock         *types.Block        `json:"valid_block"`       // Last known block of POL mentioned above.
-	ValidBlockParts    *types.PartSet      `json:"valid_block_parts"` // Last known block parts of POL metnioned above.
-	Votes              *HeightVoteSet      `json:"votes"`
-	CommitRound        int                 `json:"commit_round"` //
-	LastCommit         *types.VoteSet      `json:"last_commit"`  // Last precommits at Height-1
-	LastValidators     *types.ValidatorSet `json:"last_validators"`
+	Height                    int64               `json:"height"` // Height we are working on
+	Round                     int                 `json:"round"`
+	Step                      RoundStepType       `json:"step"`
+	StartTime                 time.Time           `json:"start_time"`
+	CommitTime                time.Time           `json:"commit_time"` // Subjective time when +2/3 precommits for Block at Round were found
+	Validators                *types.ValidatorSet `json:"validators"`
+	Proposal                  *types.Proposal     `json:"proposal"`
+	ProposalBlock             *types.Block        `json:"proposal_block"`
+	ProposalBlockParts        *types.PartSet      `json:"proposal_block_parts"`
+	LockedRound               int                 `json:"locked_round"`
+	LockedBlock               *types.Block        `json:"locked_block"`
+	LockedBlockParts          *types.PartSet      `json:"locked_block_parts"`
+	ValidRound                int                 `json:"valid_round"`       // Last known round with POL for non-nil valid block.
+	ValidBlock                *types.Block        `json:"valid_block"`       // Last known block of POL mentioned above.
+	ValidBlockParts           *types.PartSet      `json:"valid_block_parts"` // Last known block parts of POL metnioned above.
+	Votes                     *HeightVoteSet      `json:"votes"`
+	CommitRound               int                 `json:"commit_round"` //
+	LastCommit                *types.VoteSet      `json:"last_commit"`  // Last precommits at Height-1
+	LastValidators            *types.ValidatorSet `json:"last_validators"`
+	TriggeredTimeoutPrecommit bool                `json:"triggered_timeout_precommit"`
 }

 // Compressed version of the RoundState for use in RPC
--- a/consensus/types/round_state_test.go
+++ b/consensus/types/round_state_test.go
@@ -3,7 +3,7 @@ package types
 import (
 	"testing"

-	"github.com/tendermint/go-amino"
+	amino "github.com/tendermint/go-amino"
 	"github.com/tendermint/tendermint/crypto/ed25519"
 	cmn "github.com/tendermint/tendermint/libs/common"
 	"github.com/tendermint/tendermint/types"
@@ -16,7 +16,7 @@ func BenchmarkRoundStateDeepCopy(b *testing.B) {
 	// Random validators
 	nval, ntxs := 100, 100
 	vset, _ := types.RandValidatorSet(nval, 1)
-	precommits := make([]*types.Vote, nval)
+	precommits := make([]*types.CommitSig, nval)
 	blockID := types.BlockID{
 		Hash: cmn.RandBytes(20),
 		PartsHeader: types.PartSetHeader{
@@ -25,12 +25,12 @@ func BenchmarkRoundStateDeepCopy(b *testing.B) {
 	}
 	sig := make([]byte, ed25519.SignatureSize)
 	for i := 0; i < nval; i++ {
-		precommits[i] = &types.Vote{
+		precommits[i] = (&types.Vote{
 			ValidatorAddress: types.Address(cmn.RandBytes(20)),
 			Timestamp:        tmtime.Now(),
 			BlockID:          blockID,
 			Signature:        sig,
-		}
+		}).CommitSig()
 	}
 	txs := make([]types.Tx, ntxs)
 	for i := 0; i < ntxs; i++ {
@@ -53,11 +53,8 @@ func BenchmarkRoundStateDeepCopy(b *testing.B) {
 		Data: types.Data{
 			Txs: txs,
 		},
-		Evidence: types.EvidenceData{},
-		LastCommit: &types.Commit{
-			BlockID:    blockID,
-			Precommits: precommits,
-		},
+		Evidence:   types.EvidenceData{},
+		LastCommit: types.NewCommit(blockID, precommits),
 	}
 	parts := block.MakePartSet(4096)
 	// Random Proposal
--- a/consensus/wal.go
+++ b/consensus/wal.go
@@ -112,11 +112,21 @@ func (wal *baseWAL) OnStart() error {
 	return err
 }

+// Stop the underlying autofile group.
+// Use Wait() to ensure it's finished shutting down
+// before cleaning up files.
 func (wal *baseWAL) OnStop() {
+	wal.group.Flush()
 	wal.group.Stop()
 	wal.group.Close()
 }

+// Wait for the underlying autofile group to finish shutting down
+// so it's safe to cleanup files.
+func (wal *baseWAL) Wait() {
+	wal.group.Wait()
+}
+
 // Write is called in newStep and for each receive on the
 // peerMsgQueue and the timeoutTicker.
 // NOTE: does not call fsync()
@@ -163,7 +173,7 @@ func (wal *baseWAL) SearchForEndHeight(height int64, options *WALSearchOptions)
 	// NOTE: starting from the last file in the group because we're usually
 	// searching for the last height. See replay.go
 	min, max := wal.group.MinIndex(), wal.group.MaxIndex()
-	wal.Logger.Debug("Searching for height", "height", height, "min", min, "max", max)
+	wal.Logger.Info("Searching for height", "height", height, "min", min, "max", max)
 	for index := max; index >= min; index-- {
 		gr, err = wal.group.NewReader(index)
 		if err != nil {
@@ -183,7 +193,7 @@ func (wal *baseWAL) SearchForEndHeight(height int64, options *WALSearchOptions)
 				break
 			}
 			if options.IgnoreDataCorruptionErrors && IsDataCorruptionError(err) {
-				wal.Logger.Debug("Corrupted entry. Skipping...", "err", err)
+				wal.Logger.Error("Corrupted entry. Skipping...", "err", err)
 				// do nothing
 				continue
 			} else if err != nil {
@@ -194,7 +204,7 @@ func (wal *baseWAL) SearchForEndHeight(height int64, options *WALSearchOptions)
 			if m, ok := msg.Msg.(EndHeightMessage); ok {
 				lastHeightFound = m.Height
 				if m.Height == height { // found
-					wal.Logger.Debug("Found", "height", height, "index", index)
+					wal.Logger.Info("Found", "height", height, "index", index)
 					return gr, true, nil
 				}
 			}
@@ -219,12 +229,17 @@ func NewWALEncoder(wr io.Writer) *WALEncoder {
 	return &WALEncoder{wr}
 }

-// Encode writes the custom encoding of v to the stream.
+// Encode writes the custom encoding of v to the stream. It returns an error if
+// the amino-encoded size of v is greater than 1MB. Any error encountered
+// during the write is also returned.
 func (enc *WALEncoder) Encode(v *TimedWALMessage) error {
 	data := cdc.MustMarshalBinaryBare(v)

 	crc := crc32.Checksum(data, crc32c)
 	length := uint32(len(data))
+	if length > maxMsgSizeBytes {
+		return fmt.Errorf("Msg is too big: %d bytes, max: %d bytes", length, maxMsgSizeBytes)
+	}
 	totalLength := 8 + int(length)

 	msg := make([]byte, totalLength)
@@ -281,31 +296,31 @@ func (dec *WALDecoder) Decode() (*TimedWALMessage, error) {
 		return nil, err
 	}
 	if err != nil {
-		return nil, fmt.Errorf("failed to read checksum: %v", err)
+		return nil, DataCorruptionError{fmt.Errorf("failed to read checksum: %v", err)}
 	}
 	crc := binary.BigEndian.Uint32(b)

 	b = make([]byte, 4)
 	_, err = dec.rd.Read(b)
 	if err != nil {
-		return nil, fmt.Errorf("failed to read length: %v", err)
+		return nil, DataCorruptionError{fmt.Errorf("failed to read length: %v", err)}
 	}
 	length := binary.BigEndian.Uint32(b)

 	if length > maxMsgSizeBytes {
-		return nil, fmt.Errorf("length %d exceeded maximum possible value of %d bytes", length, maxMsgSizeBytes)
+		return nil, DataCorruptionError{fmt.Errorf("length %d exceeded maximum possible value of %d bytes", length, maxMsgSizeBytes)}
 	}

 	data := make([]byte, length)
-	_, err = dec.rd.Read(data)
+	n, err := dec.rd.Read(data)
 	if err != nil {
-		return nil, fmt.Errorf("failed to read data: %v", err)
+		return nil, DataCorruptionError{fmt.Errorf("failed to read data: %v (read: %d, wanted: %d)", err, n, length)}
 	}

 	// check checksum before decoding data
 	actualCRC := crc32.Checksum(data, crc32c)
 	if actualCRC != crc {
-		return nil, DataCorruptionError{fmt.Errorf("checksums do not match: (read: %v, actual: %v)", crc, actualCRC)}
+		return nil, DataCorruptionError{fmt.Errorf("checksums do not match: read: %v, actual: %v", crc, actualCRC)}
 	}

 	var res = new(TimedWALMessage) // nolint: gosimple
--- a/consensus/wal_generator.go
+++ b/consensus/wal_generator.go
@@ -7,7 +7,7 @@ import (
 	"io"
 	"os"
 	"path/filepath"
-	"strings"
+	"testing"
 	"time"

 	"github.com/pkg/errors"
@@ -28,8 +28,9 @@ import (
 // stripped down version of node (proxy app, event bus, consensus state) with a
 // persistent kvstore application and special consensus wal instance
 // (byteBufferWAL) and waits until numBlocks are created. If the node fails to produce given numBlocks, it returns an error.
-func WALGenerateNBlocks(wr io.Writer, numBlocks int) (err error) {
-	config := getConfig()
+func WALGenerateNBlocks(t *testing.T, wr io.Writer, numBlocks int) (err error) {
+	config := getConfig(t)
+	defer os.RemoveAll(config.RootDir)

 	app := kvstore.NewPersistentKVStoreApplication(filepath.Join(config.DBDir(), "wal_generator"))

@@ -102,11 +103,11 @@ func WALGenerateNBlocks(wr io.Writer, numBlocks int) (err error) {
 }

 //WALWithNBlocks returns a WAL content with numBlocks.
-func WALWithNBlocks(numBlocks int) (data []byte, err error) {
+func WALWithNBlocks(t *testing.T, numBlocks int) (data []byte, err error) {
 	var b bytes.Buffer
 	wr := bufio.NewWriter(&b)

-	if err := WALGenerateNBlocks(wr, numBlocks); err != nil {
+	if err := WALGenerateNBlocks(t, wr, numBlocks); err != nil {
 		return []byte{}, err
 	}

@@ -114,18 +115,6 @@ func WALWithNBlocks(numBlocks int) (data []byte, err error) {
 	return b.Bytes(), nil
 }

-// f**ing long, but unique for each test
-func makePathname() string {
-	// get path
-	p, err := os.Getwd()
-	if err != nil {
-		panic(err)
-	}
-	// fmt.Println(p)
-	sep := string(filepath.Separator)
-	return strings.Replace(p, sep, "_", -1)
-}
-
 func randPort() int {
 	// returns between base and base + spread
 	base, spread := 20000, 20000
@@ -140,9 +129,8 @@ func makeAddrs() (string, string, string) {
 }

 // getConfig returns a config for test cases
-func getConfig() *cfg.Config {
-	pathname := makePathname()
-	c := cfg.ResetTestRoot(fmt.Sprintf("%s_%d", pathname, cmn.RandInt()))
+func getConfig(t *testing.T) *cfg.Config {
+	c := cfg.ResetTestRoot(t.Name())

 	// and we use random ports to run in parallel
 	tm, rpc, grpc := makeAddrs()
--- a/consensus/wal_test.go
+++ b/consensus/wal_test.go
@@ -7,6 +7,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+
 	// "sync"
 	"testing"
 	"time"
@@ -38,11 +39,16 @@ func TestWALTruncate(t *testing.T) {
 	wal.SetLogger(log.TestingLogger())
 	err = wal.Start()
 	require.NoError(t, err)
-	defer wal.Stop()
+	defer func() {
+		wal.Stop()
+		// wait for the wal to finish shutting down so we
+		// can safely remove the directory
+		wal.Wait()
+	}()

 	//60 block's size nearly 70K, greater than group's headBuf size(4096 * 10), when headBuf is full, truncate content will Flush to the file.
 	//at this time, RotateFile is called, truncate content exist in each file.
-	err = WALGenerateNBlocks(wal.Group(), 60)
+	err = WALGenerateNBlocks(t, wal.Group(), 60)
 	require.NoError(t, err)

 	time.Sleep(1 * time.Millisecond) //wait groupCheckDuration, make sure RotateFile run
@@ -67,8 +73,8 @@ func TestWALTruncate(t *testing.T) {
 func TestWALEncoderDecoder(t *testing.T) {
 	now := tmtime.Now()
 	msgs := []TimedWALMessage{
-		TimedWALMessage{Time: now, Msg: EndHeightMessage{0}},
-		TimedWALMessage{Time: now, Msg: timeoutInfo{Duration: time.Second, Height: 1, Round: 1, Step: types.RoundStepPropose}},
+		{Time: now, Msg: EndHeightMessage{0}},
+		{Time: now, Msg: timeoutInfo{Duration: time.Second, Height: 1, Round: 1, Step: types.RoundStepPropose}},
 	}

 	b := new(bytes.Buffer)
@@ -89,8 +95,28 @@ func TestWALEncoderDecoder(t *testing.T) {
 	}
 }

+func TestWALWritePanicsIfMsgIsTooBig(t *testing.T) {
+	walDir, err := ioutil.TempDir("", "wal")
+	require.NoError(t, err)
+	defer os.RemoveAll(walDir)
+	walFile := filepath.Join(walDir, "wal")
+
+	wal, err := NewWAL(walFile)
+	require.NoError(t, err)
+	err = wal.Start()
+	require.NoError(t, err)
+	defer func() {
+		wal.Stop()
+		// wait for the wal to finish shutting down so we
+		// can safely remove the directory
+		wal.Wait()
+	}()
+
+	assert.Panics(t, func() { wal.Write(make([]byte, maxMsgSizeBytes+1)) })
+}
+
 func TestWALSearchForEndHeight(t *testing.T) {
-	walBody, err := WALWithNBlocks(6)
+	walBody, err := WALWithNBlocks(t, 6)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/consensus/wire.go
+++ b/consensus/wire.go
@@ -1,7 +1,7 @@
 package consensus

 import (
-	"github.com/tendermint/go-amino"
+	amino "github.com/tendermint/go-amino"
 	"github.com/tendermint/tendermint/types"
 )

--- a/crypto/encoding/amino/encode_test.go
+++ b/crypto/encoding/amino/encode_test.go
@@ -25,9 +25,8 @@ func checkAminoBinary(t *testing.T, src, dst interface{}, size int) {
 		assert.Equal(t, byterSrc.Bytes(), bz, "Amino binary vs Bytes() mismatch")
 	}
 	// Make sure we have the expected length.
-	if size != -1 {
-		assert.Equal(t, size, len(bz), "Amino binary size mismatch")
-	}
+	assert.Equal(t, size, len(bz), "Amino binary size mismatch")
+
 	// Unmarshal.
 	err = cdc.UnmarshalBinaryBare(bz, dst)
 	require.Nil(t, err, "%+v", err)
@@ -48,6 +47,8 @@ func checkAminoJSON(t *testing.T, src interface{}, dst interface{}, isNil bool)
 	require.Nil(t, err, "%+v", err)
 }

+// ExamplePrintRegisteredTypes refers to unknown identifier: PrintRegisteredTypes
+//nolint:govet
 func ExamplePrintRegisteredTypes() {
 	cdc.PrintTypes(os.Stdout)
 	// Output: | Type | Name | Prefix | Length | Notes |
--- a/crypto/merkle/proof.go
+++ b/crypto/merkle/proof.go
@@ -98,7 +98,7 @@ func (prt *ProofRuntime) Decode(pop ProofOp) (ProofOperator, error) {
 }

 func (prt *ProofRuntime) DecodeProof(proof *Proof) (ProofOperators, error) {
-	var poz ProofOperators
+	poz := make(ProofOperators, 0, len(proof.Ops))
 	for _, pop := range proof.Ops {
 		operator, err := prt.Decode(pop)
 		if err != nil {
--- a/crypto/merkle/proof_key_path_test.go
+++ b/crypto/merkle/proof_key_path_test.go
@@ -1,6 +1,8 @@
 package merkle

 import (
+	// it is ok to use math/rand here: we do not need a cryptographically secure random
+	// number generator here and we can run the tests a bit faster
 	"math/rand"
 	"testing"

@@ -24,7 +26,7 @@ func TestKeyPath(t *testing.T) {
 					keys[i][j] = alphanum[rand.Intn(len(alphanum))]
 				}
 			case KeyEncodingHex:
-				rand.Read(keys[i])
+				rand.Read(keys[i]) //nolint: gosec
 			default:
 				panic("Unexpected encoding")
 			}
--- a/crypto/merkle/proof_test.go
+++ b/crypto/merkle/proof_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"

 	"github.com/stretchr/testify/assert"
-	"github.com/tendermint/go-amino"
+	amino "github.com/tendermint/go-amino"
 	cmn "github.com/tendermint/tendermint/libs/common"
 )

@@ -26,6 +26,7 @@ func NewDominoOp(key, input, output string) DominoOp {
 	}
 }

+//nolint:unused
 func DominoOpDecoder(pop ProofOp) (ProofOperator, error) {
 	if pop.Type != ProofOpDomino {
 		panic("unexpected proof op type")
--- a/crypto/merkle/rfc6962_test.go
+++ b/crypto/merkle/rfc6962_test.go
@@ -26,7 +26,7 @@ import (
 func TestRFC6962Hasher(t *testing.T) {
 	_, leafHashTrail := trailsFromByteSlices([][]byte{[]byte("L123456")})
 	leafHash := leafHashTrail.Hash
-	_, leafHashTrail = trailsFromByteSlices([][]byte{[]byte{}})
+	_, leafHashTrail = trailsFromByteSlices([][]byte{{}})
 	emptyLeafHash := leafHashTrail.Hash
 	for _, tc := range []struct {
 		desc string
--- a/crypto/merkle/wire.go
+++ b/crypto/merkle/wire.go
@@ -1,7 +1,7 @@
 package merkle

 import (
-	"github.com/tendermint/go-amino"
+	amino "github.com/tendermint/go-amino"
 )

 var cdc *amino.Codec
--- a/crypto/random.go
+++ b/crypto/random.go
@@ -1,42 +1,11 @@
 package crypto

 import (
-	"crypto/cipher"
 	crand "crypto/rand"
-	"crypto/sha256"
 	"encoding/hex"
 	"io"
-	"sync"
-
-	"golang.org/x/crypto/chacha20poly1305"
 )

-// NOTE: This is ignored for now until we have time
-// to properly review the MixEntropy function - https://github.com/tendermint/tendermint/issues/2099.
-//
-// The randomness here is derived from xoring a chacha20 keystream with
-// output from crypto/rand's OS Entropy Reader. (Due to fears of the OS'
-// entropy being backdoored)
-//
-// For forward secrecy of produced randomness, the internal chacha key is hashed
-// and thereby rotated after each call.
-var gRandInfo *randInfo
-
-func init() {
-	gRandInfo = &randInfo{}
-
-	// TODO: uncomment after reviewing MixEntropy -
-	// https://github.com/tendermint/tendermint/issues/2099
-	// gRandInfo.MixEntropy(randBytes(32)) // Init
-}
-
-// WARNING: This function needs review - https://github.com/tendermint/tendermint/issues/2099.
-// Mix additional bytes of randomness, e.g. from hardware, user-input, etc.
-// It is OK to call it multiple times.  It does not diminish security.
-func MixEntropy(seedBytes []byte) {
-	gRandInfo.MixEntropy(seedBytes)
-}
-
 // This only uses the OS's randomness
 func randBytes(numBytes int) []byte {
 	b := make([]byte, numBytes)
@@ -52,19 +21,6 @@ func CRandBytes(numBytes int) []byte {
 	return randBytes(numBytes)
 }

-/* TODO: uncomment after reviewing MixEntropy - https://github.com/tendermint/tendermint/issues/2099
-// This uses the OS and the Seed(s).
-func CRandBytes(numBytes int) []byte {
-	return randBytes(numBytes)
-		b := make([]byte, numBytes)
-		_, err := gRandInfo.Read(b)
-		if err != nil {
-			panic(err)
-		}
-		return b
-}
-*/
-
 // CRandHex returns a hex encoded string that's floor(numDigits/2) * 2 long.
 //
 // Note: CRandHex(24) gives 96 bits of randomness that
@@ -77,63 +33,3 @@ func CRandHex(numDigits int) string {
 func CReader() io.Reader {
 	return crand.Reader
 }
-
-/* TODO: uncomment after reviewing MixEntropy - https://github.com/tendermint/tendermint/issues/2099
-// Returns a crand.Reader mixed with user-supplied entropy
-func CReader() io.Reader {
-	return gRandInfo
-}
-*/
-
-//--------------------------------------------------------------------------------
-
-type randInfo struct {
-	mtx       sync.Mutex
-	seedBytes [chacha20poly1305.KeySize]byte
-	chacha    cipher.AEAD
-	reader    io.Reader
-}
-
-// You can call this as many times as you'd like.
-// XXX/TODO: review - https://github.com/tendermint/tendermint/issues/2099
-func (ri *randInfo) MixEntropy(seedBytes []byte) {
-	ri.mtx.Lock()
-	defer ri.mtx.Unlock()
-	// Make new ri.seedBytes using passed seedBytes and current ri.seedBytes:
-	// ri.seedBytes = sha256( seedBytes || ri.seedBytes )
-	h := sha256.New()
-	h.Write(seedBytes)
-	h.Write(ri.seedBytes[:])
-	hashBytes := h.Sum(nil)
-	copy(ri.seedBytes[:], hashBytes)
-	chacha, err := chacha20poly1305.New(ri.seedBytes[:])
-	if err != nil {
-		panic("Initializing chacha20 failed")
-	}
-	ri.chacha = chacha
-	// Create new reader
-	ri.reader = &cipher.StreamReader{S: ri, R: crand.Reader}
-}
-
-func (ri *randInfo) XORKeyStream(dst, src []byte) {
-	// nonce being 0 is safe due to never re-using a key.
-	emptyNonce := make([]byte, 12)
-	tmpDst := ri.chacha.Seal([]byte{}, emptyNonce, src, []byte{0})
-	// this removes the poly1305 tag as well, since chacha is a stream cipher
-	// and we truncate at input length.
-	copy(dst, tmpDst[:len(src)])
-	// hash seedBytes for forward secrecy, and initialize new chacha instance
-	newSeed := sha256.Sum256(ri.seedBytes[:])
-	chacha, err := chacha20poly1305.New(newSeed[:])
-	if err != nil {
-		panic("Initializing chacha20 failed")
-	}
-	ri.chacha = chacha
-}
-
-func (ri *randInfo) Read(b []byte) (n int, err error) {
-	ri.mtx.Lock()
-	n, err = ri.reader.Read(b)
-	ri.mtx.Unlock()
-	return
-}
--- a/crypto/secp256k1/secp256k1.go
+++ b/crypto/secp256k1/secp256k1.go
@@ -7,10 +7,12 @@ import (
 	"fmt"
 	"io"

-	secp256k1 "github.com/tendermint/btcd/btcec"
-	amino "github.com/tendermint/go-amino"
 	"golang.org/x/crypto/ripemd160"

+	secp256k1 "github.com/btcsuite/btcd/btcec"
+
+	amino "github.com/tendermint/go-amino"
+
 	"github.com/tendermint/tendermint/crypto"
 )

@@ -44,16 +46,6 @@ func (privKey PrivKeySecp256k1) Bytes() []byte {
 	return cdc.MustMarshalBinaryBare(privKey)
 }

-// Sign creates an ECDSA signature on curve Secp256k1, using SHA256 on the msg.
-func (privKey PrivKeySecp256k1) Sign(msg []byte) ([]byte, error) {
-	priv, _ := secp256k1.PrivKeyFromBytes(secp256k1.S256(), privKey[:])
-	sig, err := priv.Sign(crypto.Sha256(msg))
-	if err != nil {
-		return nil, err
-	}
-	return sig.Serialize(), nil
-}
-
 // PubKey performs the point-scalar multiplication from the privKey on the
 // generator point to get the pubkey.
 func (privKey PrivKeySecp256k1) PubKey() crypto.PubKey {
@@ -137,20 +129,6 @@ func (pubKey PubKeySecp256k1) Bytes() []byte {
 	return bz
 }

-func (pubKey PubKeySecp256k1) VerifyBytes(msg []byte, sig []byte) bool {
-	pub, err := secp256k1.ParsePubKey(pubKey[:], secp256k1.S256())
-	if err != nil {
-		return false
-	}
-	parsedSig, err := secp256k1.ParseSignature(sig[:], secp256k1.S256())
-	if err != nil {
-		return false
-	}
-	// Underlying library ensures that this signature is in canonical form, to
-	// prevent Secp256k1 malleability from altering the sign of the s term.
-	return parsedSig.Verify(crypto.Sha256(msg), pub)
-}
-
 func (pubKey PubKeySecp256k1) String() string {
 	return fmt.Sprintf("PubKeySecp256k1{%X}", pubKey[:])
 }
--- a/crypto/secp256k1/secp256k1_cgo.go
+++ b/crypto/secp256k1/secp256k1_cgo.go
@@ -0,0 +1,24 @@
+// +build libsecp256k1
+
+package secp256k1
+
+import (
+	"github.com/ethereum/go-ethereum/crypto/secp256k1"
+
+	"github.com/tendermint/tendermint/crypto"
+)
+
+// Sign creates an ECDSA signature on curve Secp256k1, using SHA256 on the msg.
+func (privKey PrivKeySecp256k1) Sign(msg []byte) ([]byte, error) {
+	rsv, err := secp256k1.Sign(crypto.Sha256(msg), privKey[:])
+	if err != nil {
+		return nil, err
+	}
+	// we do not need v  in r||s||v:
+	rs := rsv[:len(rsv)-1]
+	return rs, nil
+}
+
+func (pubKey PubKeySecp256k1) VerifyBytes(msg []byte, sig []byte) bool {
+	return secp256k1.VerifySignature(pubKey[:], crypto.Sha256(msg), sig)
+}
--- a/crypto/secp256k1/secp256k1_nocgo.go
+++ b/crypto/secp256k1/secp256k1_nocgo.go
@@ -0,0 +1,70 @@
+// +build !libsecp256k1
+
+package secp256k1
+
+import (
+	"math/big"
+
+	secp256k1 "github.com/btcsuite/btcd/btcec"
+
+	"github.com/tendermint/tendermint/crypto"
+)
+
+// used to reject malleable signatures
+// see:
+//  - https://github.com/ethereum/go-ethereum/blob/f9401ae011ddf7f8d2d95020b7446c17f8d98dc1/crypto/signature_nocgo.go#L90-L93
+//  - https://github.com/ethereum/go-ethereum/blob/f9401ae011ddf7f8d2d95020b7446c17f8d98dc1/crypto/crypto.go#L39
+var secp256k1halfN = new(big.Int).Rsh(secp256k1.S256().N, 1)
+
+// Sign creates an ECDSA signature on curve Secp256k1, using SHA256 on the msg.
+// The returned signature will be of the form R || S (in lower-S form).
+func (privKey PrivKeySecp256k1) Sign(msg []byte) ([]byte, error) {
+	priv, _ := secp256k1.PrivKeyFromBytes(secp256k1.S256(), privKey[:])
+	sig, err := priv.Sign(crypto.Sha256(msg))
+	if err != nil {
+		return nil, err
+	}
+	sigBytes := serializeSig(sig)
+	return sigBytes, nil
+}
+
+// VerifyBytes verifies a signature of the form R || S.
+// It rejects signatures which are not in lower-S form.
+func (pubKey PubKeySecp256k1) VerifyBytes(msg []byte, sigStr []byte) bool {
+	if len(sigStr) != 64 {
+		return false
+	}
+	pub, err := secp256k1.ParsePubKey(pubKey[:], secp256k1.S256())
+	if err != nil {
+		return false
+	}
+	// parse the signature:
+	signature := signatureFromBytes(sigStr)
+	// Reject malleable signatures. libsecp256k1 does this check but btcec doesn't.
+	// see: https://github.com/ethereum/go-ethereum/blob/f9401ae011ddf7f8d2d95020b7446c17f8d98dc1/crypto/signature_nocgo.go#L90-L93
+	if signature.S.Cmp(secp256k1halfN) > 0 {
+		return false
+	}
+	return signature.Verify(crypto.Sha256(msg), pub)
+}
+
+// Read Signature struct from R || S. Caller needs to ensure
+// that len(sigStr) == 64.
+func signatureFromBytes(sigStr []byte) *secp256k1.Signature {
+	return &secp256k1.Signature{
+		R: new(big.Int).SetBytes(sigStr[:32]),
+		S: new(big.Int).SetBytes(sigStr[32:64]),
+	}
+}
+
+// Serialize signature to R || S.
+// R, S are padded to 32 bytes respectively.
+func serializeSig(sig *secp256k1.Signature) []byte {
+	rBytes := sig.R.Bytes()
+	sBytes := sig.S.Bytes()
+	sigBytes := make([]byte, 64)
+	// 0 pad the byte arrays from the left if they aren't big enough.
+	copy(sigBytes[32-len(rBytes):32], rBytes)
+	copy(sigBytes[64-len(sBytes):64], sBytes)
+	return sigBytes
+}
--- a/crypto/secp256k1/secp256k1_nocgo_test.go
+++ b/crypto/secp256k1/secp256k1_nocgo_test.go
@@ -0,0 +1,39 @@
+// +build !libsecp256k1
+
+package secp256k1
+
+import (
+	"testing"
+
+	secp256k1 "github.com/btcsuite/btcd/btcec"
+
+	"github.com/stretchr/testify/require"
+)
+
+// Ensure that signature verification works, and that
+// non-canonical signatures fail.
+// Note: run with CGO_ENABLED=0 or go test -tags !cgo.
+func TestSignatureVerificationAndRejectUpperS(t *testing.T) {
+	msg := []byte("We have lingered long enough on the shores of the cosmic ocean.")
+	for i := 0; i < 500; i++ {
+		priv := GenPrivKey()
+		sigStr, err := priv.Sign(msg)
+		require.NoError(t, err)
+		sig := signatureFromBytes(sigStr)
+		require.False(t, sig.S.Cmp(secp256k1halfN) > 0)
+
+		pub := priv.PubKey()
+		require.True(t, pub.VerifyBytes(msg, sigStr))
+
+		// malleate:
+		sig.S.Sub(secp256k1.S256().CurveParams.N, sig.S)
+		require.True(t, sig.S.Cmp(secp256k1halfN) > 0)
+		malSigStr := serializeSig(sig)
+
+		require.False(t, pub.VerifyBytes(msg, malSigStr),
+			"VerifyBytes incorrect with malleated & invalid S. sig=%v, key=%v",
+			sig,
+			priv,
+		)
+	}
+}
--- a/crypto/secp256k1/secpk256k1_test.go
+++ b/crypto/secp256k1/secpk256k1_test.go
@@ -11,7 +11,7 @@ import (
 	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/secp256k1"

-	underlyingSecp256k1 "github.com/tendermint/btcd/btcec"
+	underlyingSecp256k1 "github.com/btcsuite/btcd/btcec"
 )

 type keyData struct {
--- a/crypto/xsalsa20symmetric/symmetric.go
+++ b/crypto/xsalsa20symmetric/symmetric.go
@@ -17,7 +17,6 @@ const secretLen = 32

 // secret must be 32 bytes long. Use something like Sha256(Bcrypt(passphrase))
 // The ciphertext is (secretbox.Overhead + 24) bytes longer than the plaintext.
-// NOTE: call crypto.MixEntropy() first.
 func EncryptSymmetric(plaintext []byte, secret []byte) (ciphertext []byte) {
 	if len(secret) != secretLen {
 		cmn.PanicSanity(fmt.Sprintf("Secret must be 32 bytes long, got len %v", len(secret)))
--- a/crypto/xsalsa20symmetric/symmetric_test.go
+++ b/crypto/xsalsa20symmetric/symmetric_test.go
@@ -13,8 +13,6 @@ import (

 func TestSimple(t *testing.T) {

-	crypto.MixEntropy([]byte("someentropy"))
-
 	plaintext := []byte("sometext")
 	secret := []byte("somesecretoflengththirtytwo===32")
 	ciphertext := EncryptSymmetric(plaintext, secret)
@@ -26,8 +24,6 @@ func TestSimple(t *testing.T) {

 func TestSimpleWithKDF(t *testing.T) {

-	crypto.MixEntropy([]byte("someentropy"))
-
 	plaintext := []byte("sometext")
 	secretPass := []byte("somesecret")
 	secret, err := bcrypt.GenerateFromPassword(secretPass, 12)
--- a/docs/.vuepress/config.js
+++ b/docs/.vuepress/config.js
@@ -21,7 +21,7 @@ module.exports = {
    },
    nav: [
      { text: "Back to Tendermint", link: "https://tendermint.com" },
-      { text: "RPC", link: "../rpc/" }
+      { text: "RPC", link: "https://tendermint.com/rpc/" }
    ],
    sidebar: [
      {
@@ -79,10 +79,11 @@ module.exports = {
        title: "Tools",
        collapsable: false,
        children:  [
-	  "/tools/",
-	  "/tools/benchmarking",
-	  "/tools/monitoring"
-	]
+          "/tools/",
+          "/tools/benchmarking",
+          "/tools/monitoring",
+          "/tools/remote-signer-validation"
+        ]
      },
      {
        title: "Tendermint Spec",
--- a/docs/architecture/adr-033-pubsub.md
+++ b/docs/architecture/adr-033-pubsub.md
@@ -6,10 +6,16 @@ Author: Anton Kaliaev (@melekes)

 02-10-2018: Initial draft

+16-01-2019: Second version based on our conversation with Jae
+
+17-01-2019: Third version explaining how new design solves current issues
+
+25-01-2019: Fourth version to treat buffered and unbuffered channels differently
+
 ## Context

 Since the initial version of the pubsub, there's been a number of issues
-raised: #951, #1879, #1880. Some of them are high-level issues questioning the
+raised: [#951], [#1879], [#1880]. Some of them are high-level issues questioning the
 core design choices made. Others are minor and mostly about the interface of
 `Subscribe()` / `Publish()` functions.

@@ -40,9 +46,19 @@ goroutines can be used to avoid uncontrolled memory growth.

 In certain cases, this is what you want. But in our case, because we need
 strict ordering of events (if event A was published before B, the guaranteed
-delivery order will be A -> B), we can't use goroutines.
+delivery order will be A -> B), we can't publish msg in a new goroutine every time.

-There is also a question whenever we should have a non-blocking send:
+We can also have a goroutine per subscriber, although we'd need to be careful
+with the number of subscribers. It's more difficult to implement as well +
+unclear if we'll benefit from it (cause we'd be forced to create N additional
+channels to distribute msg to these goroutines).
+
+### Non-blocking send
+
+There is also a question whenever we should have a non-blocking send.
+Currently, sends are blocking, so publishing to one client can block on
+publishing to another. This means a slow or unresponsive client can halt the
+system. Instead, we can use a non-blocking send:

 ```go
 for each subscriber {
@@ -56,15 +72,14 @@ for each subscriber {
 ```

 This fixes the "slow client problem", but there is no way for a slow client to
-know if it had missed a message. On the other hand, if we're going to stick
-with blocking send, **devs must always ensure subscriber's handling code does not
-block**. As you can see, there is an implicit choice between ordering guarantees
-and using goroutines.
+know if it had missed a message. We could return a second channel and close it
+to indicate subscription termination. On the other hand, if we're going to
+stick with blocking send, **devs must always ensure subscriber's handling code
+does not block**, which is a hard task to put on their shoulders.

 The interim option is to run goroutines pool for a single message, wait for all
 goroutines to finish. This will solve "slow client problem", but we'd still
 have to wait `max(goroutine_X_time)` before we can publish the next message.
-My opinion: not worth doing.

 ### Channels vs Callbacks

@@ -76,36 +91,137 @@ memory leaks and/or memory usage increase.

 Go channels are de-facto standard for carrying data between goroutines.

-**Question: Is it worth switching to callback functions?**
-
 ### Why `Subscribe()` accepts an `out` channel?

 Because in our tests, we create buffered channels (cap: 1). Alternatively, we
-can make capacity an argument.
+can make capacity an argument and return a channel.

 ## Decision

-Change Subscribe() function to return out channel:
+### MsgAndTags

-```go
-// outCap can be used to set capacity of out channel (unbuffered by default).
-Subscribe(ctx context.Context, clientID string, query Query, outCap... int) (out <-chan interface{}, err error) {
-```
-
-It's more idiomatic since we're closing it during Unsubscribe/UnsubscribeAll calls.
-
-Also, we should make tags available to subscribers:
+Use a `MsgAndTags` struct on the subscription channel to indicate what tags the
+msg matched.

 ```go
 type MsgAndTags struct {
    Msg interface{}
    Tags TagMap
 }
-
-// outCap can be used to set capacity of out channel (unbuffered by default).
-Subscribe(ctx context.Context, clientID string, query Query, outCap... int) (out <-chan MsgAndTags, err error) {
 ```

+### Subscription Struct
+
+
+Change `Subscribe()` function to return a `Subscription` struct:
+
+```go
+type Subscription struct {
+  // private fields
+}
+
+func (s *Subscription) Out() <-chan MsgAndTags
+func (s *Subscription) Cancelled() <-chan struct{}
+func (s *Subscription) Err() error
+```
+
+`Out()` returns a channel onto which messages and tags are published.
+`Unsubscribe`/`UnsubscribeAll` does not close the channel to avoid clients from
+receiving a nil message.
+
+`Cancelled()` returns a channel that's closed when the subscription is terminated
+and supposed to be used in a select statement.
+
+If the channel returned by `Cancelled()` is not closed yet, `Err()` returns nil.
+If the channel is closed, `Err()` returns a non-nil error explaining why:
+`ErrUnsubscribed` if the subscriber choose to unsubscribe,
+`ErrOutOfCapacity` if the subscriber is not pulling messages fast enough and the channel returned by `Out()` became full.
+After `Err()` returns a non-nil error, successive calls to `Err() return the same error.
+
+```go
+subscription, err := pubsub.Subscribe(...)
+if err != nil {
+  // ...
+}
+for {
+select {
+  case msgAndTags <- subscription.Out():
+    // ...
+  case <-subscription.Cancelled():
+    return subscription.Err()
+}
+```
+
+### Capacity and Subscriptions
+
+Make the `Out()` channel buffered (with capacity 1) by default. In most cases, we want to
+terminate the slow subscriber. Only in rare cases, we want to block the pubsub
+(e.g. when debugging consensus). This should lower the chances of the pubsub
+being frozen.
+
+```go
+// outCap can be used to set capacity of Out channel
+// (1 by default, must be greater than 0).
+Subscribe(ctx context.Context, clientID string, query Query, outCap... int) (Subscription, error) {
+```
+
+Use a different function for an unbuffered channel:
+
+```go
+// Subscription uses an unbuffered channel. Publishing will block.
+SubscribeUnbuffered(ctx context.Context, clientID string, query Query) (Subscription, error) {
+```
+
+SubscribeUnbuffered should not be exposed to users.
+
+### Blocking/Nonblocking
+
+The publisher should treat these kinds of channels separately.
+It should block on unbuffered channels (for use with internal consensus events
+in the consensus tests) and not block on the buffered ones. If a client is too
+slow to keep up with it's messages, it's subscription is terminated:
+
+for each subscription {
+    out := subscription.outChan
+    if cap(out) == 0 {
+        // block on unbuffered channel
+        out <- msg
+    } else {
+        // don't block on buffered channels
+        select {
+            case out <- msg:
+            default:
+                // set the error, notify on the cancel chan
+                subscription.err = fmt.Errorf("client is too slow for msg)
+                close(subscription.cancelChan)
+
+                // ... unsubscribe and close out
+        }
+    }
+}
+
+### How this new design solves the current issues?
+
+[#951] ([#1880]):
+
+Because of non-blocking send, situation where we'll deadlock is not possible
+anymore. If the client stops reading messages, it will be removed.
+
+[#1879]:
+
+MsgAndTags is used now instead of a plain message.
+
+### Future problems and their possible solutions
+
+[#2826]
+
+One question I am still pondering about: how to prevent pubsub from slowing
+down consensus. We can increase the pubsub queue size (which is 0 now). Also,
+it's probably a good idea to limit the total number of subscribers.
+
+This can be made automatically. Say we set queue size to 1000 and, when it's >=
+80% full, refuse new subscriptions.
+
 ## Status

 In review
@@ -116,7 +232,16 @@ In review

 - more idiomatic interface
 - subscribers know what tags msg was published with
+- subscribers aware of the reason their subscription was cancelled

 ### Negative

+- (since v1) no concurrency when it comes to publishing messages
+
 ### Neutral
+
+
+[#951]: https://github.com/tendermint/tendermint/issues/951
+[#1879]: https://github.com/tendermint/tendermint/issues/1879
+[#1880]: https://github.com/tendermint/tendermint/issues/1880
+[#2826]: https://github.com/tendermint/tendermint/issues/2826
--- a/docs/networks/docker-compose.md
+++ b/docs/networks/docker-compose.md
@@ -78,6 +78,78 @@ cd $GOPATH/src/github.com/tendermint/tendermint
 rm -rf ./build/node*
 ```

+## Configuring abci containers 
+
+To use your own abci applications with 4-node setup edit the [docker-compose.yaml](https://github.com/tendermint/tendermint/blob/develop/docker-compose.yml) file and add image to your abci application.
+
+```
+ abci0:
+    container_name: abci0
+    image: "abci-image"
+    build:
+      context: .
+      dockerfile: abci.Dockerfile
+    command: <insert command to run your abci application>
+    networks:
+      localnet:
+        ipv4_address: 192.167.10.6
+
+  abci1:
+    container_name: abci1
+    image: "abci-image"
+    build:
+      context: .
+      dockerfile: abci.Dockerfile
+    command: <insert command to run your abci application>
+    networks:
+      localnet:
+        ipv4_address: 192.167.10.7
+
+  abci2:
+    container_name: abci2
+    image: "abci-image"
+    build:
+      context: .
+      dockerfile: abci.Dockerfile
+    command: <insert command to run your abci application>
+    networks:
+      localnet:
+        ipv4_address: 192.167.10.8
+
+  abci3:
+    container_name: abci3
+    image: "abci-image"
+    build:
+      context: .
+      dockerfile: abci.Dockerfile
+    command: <insert command to run your abci application>
+    networks:
+      localnet:
+        ipv4_address: 192.167.10.9
+
+```
+
+Override the [command](https://github.com/tendermint/tendermint/blob/master/networks/local/localnode/Dockerfile#L12) in each node to connect to it's abci. 
+
+```
+  node0:
+    container_name: node0
+    image: "tendermint/localnode"
+    ports:
+      - "26656-26657:26656-26657"
+    environment:
+      - ID=0
+      - LOG=$${LOG:-tendermint.log}
+    volumes:
+      - ./build:/tendermint:Z
+    command: node --proxy_app=tcp://abci0:26658
+    networks:
+      localnet:
+        ipv4_address: 192.167.10.2
+```
+
+Similarly do for node1, node2 and node3 then [run testnet](https://github.com/tendermint/tendermint/blob/master/docs/networks/docker-compose.md#run-a-testnet)
+
 ## Logging

 Log is saved under the attached volume, in the `tendermint.log` file. If the
--- a/docs/spec/abci/apps.md
+++ b/docs/spec/abci/apps.md
@@ -171,6 +171,10 @@ Note that the maximum total power of the validator set is bounded by
 they do not make changes to the validator set that cause it to exceed this
 limit.

+Additionally, applications must ensure that a single set of updates does not contain any duplicates -
+a given public key can only appear in an update once. If an update includes
+duplicates, the block execution will fail irrecoverably.
+
 ### InitChain

 ResponseInitChain can return a list of validators.
--- a/docs/tendermint-core/rpc.md
+++ b/docs/tendermint-core/rpc.md
@@ -2,6 +2,6 @@

 The RPC documentation is hosted here:

- https://tendermint.com/rpc/
+- [https://tendermint.com/rpc/](https://tendermint.com/rpc/)

 To update the documentation, edit the relevant `godoc` comments in the [rpc/core directory](https://github.com/tendermint/tendermint/tree/develop/rpc/core).
--- a/docs/tools/README.md
+++ b/docs/tools/README.md
@@ -1,4 +1,7 @@
 # Overview

-Tendermint comes with some tools for [benchmarking](./benchmarking.md)
-and [monitoring](./monitoring.md).
+Tendermint comes with some tools for:
+
+* [Benchmarking](./benchmarking.md)
+* [Monitoring](./monitoring.md)
+* [Validation of remote signers](./remote-signer-validation.md)
--- a/docs/tools/benchmarking.md
+++ b/docs/tools/benchmarking.md
@@ -2,7 +2,7 @@

 Tendermint blockchain benchmarking tool:

- https://github.com/tendermint/tools/tree/master/tm-bench
+- [https://github.com/tendermint/tendermint/tree/master/tools/tm-bench](https://github.com/tendermint/tendermint/tree/master/tools/tm-bench)

 For example, the following:

--- a/docs/tools/monitoring.md
+++ b/docs/tools/monitoring.md
@@ -3,7 +3,7 @@
 Tendermint blockchain monitoring tool; watches over one or more nodes,
 collecting and providing various statistics to the user:

- https://github.com/tendermint/tendermint/tree/master/tools/tm-monitor
+- [https://github.com/tendermint/tendermint/tree/master/tools/tm-monitor](https://github.com/tendermint/tendermint/tree/master/tools/tm-monitor)

 ## Quick Start

--- a/docs/tools/remote-signer-validation.md
+++ b/docs/tools/remote-signer-validation.md
@@ -0,0 +1,146 @@
+# tm-signer-harness
+
+Located under the `tools/tm-signer-harness` folder in the [Tendermint
+repository](https://github.com/tendermint/tendermint).
+
+The Tendermint remote signer test harness facilitates integration testing
+between Tendermint and remote signers such as
+[KMS](https://github.com/tendermint/kms). Such remote signers allow for signing
+of important Tendermint messages using
+[HSMs](https://en.wikipedia.org/wiki/Hardware_security_module), providing
+additional security.
+
+When executed, `tm-signer-harness`:
+
+1. Runs a listener (either TCP or Unix sockets).
+2. Waits for a connection from the remote signer.
+3. Upon connection from the remote signer, executes a number of automated tests
+   to ensure compatibility.
+4. Upon successful validation, the harness process exits with a 0 exit code.
+   Upon validation failure, it exits with a particular exit code related to the
+   error.
+
+## Prerequisites
+Requires the same prerequisites as for building
+[Tendermint](https://github.com/tendermint/tendermint).
+
+## Building
+From the `tools/tm-signer-harness` directory in your Tendermint source
+repository, simply run:
+
+```bash
+make
+
+# To have global access to this executable
+make install
+```
+
+## Docker Image
+To build a Docker image containing the `tm-signer-harness`, also from the
+`tools/tm-signer-harness` directory of your Tendermint source repo, simply run:
+
+```bash
+make docker-image
+```
+
+## Running against KMS
+As an example of how to use `tm-signer-harness`, the following instructions show
+you how to execute its tests against [KMS](https://github.com/tendermint/kms).
+For this example, we will make use of the **software signing module in KMS**, as
+the hardware signing module requires a physical
+[YubiHSM](https://www.yubico.com/products/yubihsm/) device.
+
+### Step 1: Install KMS on your local machine
+See the [KMS repo](https://github.com/tendermint/kms) for details on how to set
+KMS up on your local machine.
+
+If you have [Rust](https://www.rust-lang.org/) installed on your local machine,
+you can simply install KMS by:
+
+```bash
+cargo install tmkms
+```
+
+### Step 2: Make keys for KMS
+The KMS software signing module needs a key with which to sign messages. In our
+example, we will simply export a signing key from our local Tendermint instance.
+
+```bash
+# Will generate all necessary Tendermint configuration files, including:
+# - ~/.tendermint/config/priv_validator_key.json
+# - ~/.tendermint/data/priv_validator_state.json
+tendermint init
+
+# Extract the signing key from our local Tendermint instance
+tm-signer-harness extract_key \      # Use the "extract_key" command
+    -tmhome ~/.tendermint \          # Where to find the Tendermint home directory
+    -output ./signing.key            # Where to write the key
+```
+
+Also, because we want KMS to connect to `tm-signer-harness`, we will need to
+provide a secret connection key from KMS' side:
+
+```bash
+tmkms keygen secret_connection.key
+```
+
+### Step 3: Configure and run KMS
+KMS needs some configuration to tell it to use the softer signing module as well
+as the `signing.key` file we just generated. Save the following to a file called
+`tmkms.toml`:
+
+```toml
+[[validator]]
+addr = "tcp://127.0.0.1:61219"         # This is where we will find tm-signer-harness.
+chain_id = "test-chain-0XwP5E"         # The Tendermint chain ID for which KMS will be signing (found in ~/.tendermint/config/genesis.json).
+reconnect = true                       # true is the default
+secret_key = "./secret_connection.key" # Where to find our secret connection key.
+
+[[providers.softsign]]
+id = "test-chain-0XwP5E"               # The Tendermint chain ID for which KMS will be signing (same as validator.chain_id above).
+path = "./signing.key"                 # The signing key we extracted earlier.
+```
+
+Then run KMS with this configuration:
+
+```bash
+tmkms start -c tmkms.toml
+```
+
+This will start KMS, which will repeatedly try to connect to
+`tcp://127.0.0.1:61219` until it is successful.
+
+### Step 4: Run tm-signer-harness
+Now we get to run the signer test harness:
+
+```bash
+tm-signer-harness run \             # The "run" command executes the tests
+    -addr tcp://127.0.0.1:61219 \   # The address we promised KMS earlier
+    -tmhome ~/.tendermint           # Where to find our Tendermint configuration/data files.
+```
+
+If the current version of Tendermint and KMS are compatible, `tm-signer-harness`
+should now exit with a 0 exit code. If they are somehow not compatible, it
+should exit with a meaningful non-zero exit code (see the exit codes below).
+
+### Step 5: Shut down KMS
+Simply hit Ctrl+Break on your KMS instance (or use the `kill` command in Linux)
+to terminate it gracefully.
+
+## Exit Code Meanings
+The following list shows the various exit codes from `tm-signer-harness` and
+their meanings:
+
+| Exit Code | Description |
+| --- | --- |
+| 0 | Success! |
+| 1 | Invalid command line parameters supplied to `tm-signer-harness` |
+| 2 | Maximum number of accept retries reached (the `-accept-retries` parameter) |
+| 3 | Failed to load `${TMHOME}/config/genesis.json` |
+| 4 | Failed to create listener specified by `-addr` parameter |
+| 5 | Failed to start listener |
+| 6 | Interrupted by `SIGINT` (e.g. when hitting Ctrl+Break or Ctrl+C) |
+| 7 | Other unknown error |
+| 8 | Test 1 failed: public key mismatch |
+| 9 | Test 2 failed: signing of proposals failed |
+| 10 | Test 3 failed: signing of votes failed |
--- a/evidence/pool.go
+++ b/evidence/pool.go
@@ -28,7 +28,8 @@ type EvidencePool struct {
 	state sm.State
 }

-func NewEvidencePool(stateDB dbm.DB, evidenceStore *EvidenceStore) *EvidencePool {
+func NewEvidencePool(stateDB, evidenceDB dbm.DB) *EvidencePool {
+	evidenceStore := NewEvidenceStore(evidenceDB)
 	evpool := &EvidencePool{
 		stateDB:       stateDB,
 		state:         sm.LoadState(stateDB),
@@ -132,6 +133,12 @@ func (evpool *EvidencePool) MarkEvidenceAsCommitted(height int64, evidence []typ

 }

+// IsCommitted returns true if we have already seen this exact evidence and it is already marked as committed.
+func (evpool *EvidencePool) IsCommitted(evidence types.Evidence) bool {
+	ei := evpool.evidenceStore.getEvidenceInfo(evidence)
+	return ei.Evidence != nil && ei.Committed
+}
+
 func (evpool *EvidencePool) removeEvidence(height, maxAge int64, blockEvidenceMap map[string]struct{}) {
 	for e := evpool.evidenceList.Front(); e != nil; e = e.Next() {
 		ev := e.Value.(types.Evidence)
--- a/evidence/pool_test.go
+++ b/evidence/pool_test.go
@@ -13,8 +13,6 @@ import (
 	tmtime "github.com/tendermint/tendermint/types/time"
 )

-var mockState = sm.State{}
-
 func TestMain(m *testing.M) {
 	types.RegisterMockEvidences(cdc)

@@ -58,8 +56,8 @@ func TestEvidencePool(t *testing.T) {
 	valAddr := []byte("val1")
 	height := int64(5)
 	stateDB := initializeValidatorState(valAddr, height)
-	store := NewEvidenceStore(dbm.NewMemDB())
-	pool := NewEvidencePool(stateDB, store)
+	evidenceDB := dbm.NewMemDB()
+	pool := NewEvidencePool(stateDB, evidenceDB)

 	goodEvidence := types.NewMockGoodEvidence(height, 0, valAddr)
 	badEvidence := types.MockBadEvidence{goodEvidence}
@@ -86,3 +84,24 @@ func TestEvidencePool(t *testing.T) {
 	assert.Nil(t, err)
 	assert.Equal(t, 1, pool.evidenceList.Len())
 }
+
+func TestEvidencePoolIsCommitted(t *testing.T) {
+	// Initialization:
+	valAddr := []byte("validator_address")
+	height := int64(42)
+	stateDB := initializeValidatorState(valAddr, height)
+	evidenceDB := dbm.NewMemDB()
+	pool := NewEvidencePool(stateDB, evidenceDB)
+
+	// evidence not seen yet:
+	evidence := types.NewMockGoodEvidence(height, 0, valAddr)
+	assert.False(t, pool.IsCommitted(evidence))
+
+	// evidence seen but not yet committed:
+	assert.NoError(t, pool.AddEvidence(evidence))
+	assert.False(t, pool.IsCommitted(evidence))
+
+	// evidence seen and committed:
+	pool.MarkEvidenceAsCommitted(height, []types.Evidence{evidence})
+	assert.True(t, pool.IsCommitted(evidence))
+}
--- a/evidence/reactor.go
+++ b/evidence/reactor.go
@@ -48,7 +48,7 @@ func (evR *EvidenceReactor) SetLogger(l log.Logger) {
 // It returns the list of channels for this reactor.
 func (evR *EvidenceReactor) GetChannels() []*p2p.ChannelDescriptor {
 	return []*p2p.ChannelDescriptor{
-		&p2p.ChannelDescriptor{
+		{
 			ID:       EvidenceChannel,
 			Priority: 5,
 		},
--- a/evidence/reactor_test.go
+++ b/evidence/reactor_test.go
@@ -37,8 +37,8 @@ func makeAndConnectEvidenceReactors(config *cfg.Config, stateDBs []dbm.DB) []*Ev
 	logger := evidenceLogger()
 	for i := 0; i < N; i++ {

-		store := NewEvidenceStore(dbm.NewMemDB())
-		pool := NewEvidencePool(stateDBs[i], store)
+		evidenceDB := dbm.NewMemDB()
+		pool := NewEvidencePool(stateDBs[i], evidenceDB)
 		reactors[i] = NewEvidenceReactor(pool)
 		reactors[i].SetLogger(logger.With("validator", i))
 	}
--- a/evidence/store.go
+++ b/evidence/store.go
@@ -117,32 +117,33 @@ func (store *EvidenceStore) listEvidence(prefixKey string, maxNum int64) (eviden
 	return evidence
 }

-// GetEvidence fetches the evidence with the given height and hash.
-func (store *EvidenceStore) GetEvidence(height int64, hash []byte) *EvidenceInfo {
+// GetEvidenceInfo fetches the EvidenceInfo with the given height and hash.
+// If not found, ei.Evidence is nil.
+func (store *EvidenceStore) GetEvidenceInfo(height int64, hash []byte) EvidenceInfo {
 	key := keyLookupFromHeightAndHash(height, hash)
 	val := store.db.Get(key)

 	if len(val) == 0 {
-		return nil
+		return EvidenceInfo{}
 	}
 	var ei EvidenceInfo
 	err := cdc.UnmarshalBinaryBare(val, &ei)
 	if err != nil {
 		panic(err)
 	}
-	return &ei
+	return ei
 }

 // AddNewEvidence adds the given evidence to the database.
 // It returns false if the evidence is already stored.
 func (store *EvidenceStore) AddNewEvidence(evidence types.Evidence, priority int64) bool {
 	// check if we already have seen it
-	ei_ := store.GetEvidence(evidence.Height(), evidence.Hash())
-	if ei_ != nil && ei_.Evidence != nil {
+	ei := store.getEvidenceInfo(evidence)
+	if ei.Evidence != nil {
 		return false
 	}

-	ei := EvidenceInfo{
+	ei = EvidenceInfo{
 		Committed: false,
 		Priority:  priority,
 		Evidence:  evidence,
@@ -165,6 +166,11 @@ func (store *EvidenceStore) AddNewEvidence(evidence types.Evidence, priority int
 // MarkEvidenceAsBroadcasted removes evidence from Outqueue.
 func (store *EvidenceStore) MarkEvidenceAsBroadcasted(evidence types.Evidence) {
 	ei := store.getEvidenceInfo(evidence)
+	if ei.Evidence == nil {
+		// nothing to do; we did not store the evidence yet (AddNewEvidence):
+		return
+	}
+	// remove from the outqueue
 	key := keyOutqueue(evidence, ei.Priority)
 	store.db.Delete(key)
 }
@@ -177,8 +183,12 @@ func (store *EvidenceStore) MarkEvidenceAsCommitted(evidence types.Evidence) {
 	pendingKey := keyPending(evidence)
 	store.db.Delete(pendingKey)

-	ei := store.getEvidenceInfo(evidence)
-	ei.Committed = true
+	// committed EvidenceInfo doens't need priority
+	ei := EvidenceInfo{
+		Committed: true,
+		Evidence:  evidence,
+		Priority:  0,
+	}

 	lookupKey := keyLookup(evidence)
 	store.db.SetSync(lookupKey, cdc.MustMarshalBinaryBare(ei))
@@ -187,13 +197,7 @@ func (store *EvidenceStore) MarkEvidenceAsCommitted(evidence types.Evidence) {
 //---------------------------------------------------
 // utils

+// getEvidenceInfo is convenience for calling GetEvidenceInfo if we have the full evidence.
 func (store *EvidenceStore) getEvidenceInfo(evidence types.Evidence) EvidenceInfo {
-	key := keyLookup(evidence)
-	var ei EvidenceInfo
-	b := store.db.Get(key)
-	err := cdc.UnmarshalBinaryBare(b, &ei)
-	if err != nil {
-		panic(err)
-	}
-	return ei
+	return store.GetEvidenceInfo(evidence.Height(), evidence.Hash())
 }
--- a/evidence/store_test.go
+++ b/evidence/store_test.go
@@ -27,6 +27,21 @@ func TestStoreAddDuplicate(t *testing.T) {
 	assert.False(added)
 }

+func TestStoreCommitDuplicate(t *testing.T) {
+	assert := assert.New(t)
+
+	db := dbm.NewMemDB()
+	store := NewEvidenceStore(db)
+
+	priority := int64(10)
+	ev := types.NewMockGoodEvidence(2, 1, []byte("val1"))
+
+	store.MarkEvidenceAsCommitted(ev)
+
+	added := store.AddNewEvidence(ev, priority)
+	assert.False(added)
+}
+
 func TestStoreMark(t *testing.T) {
 	assert := assert.New(t)

@@ -46,7 +61,7 @@ func TestStoreMark(t *testing.T) {
 	assert.True(added)

 	// get the evidence. verify. should be uncommitted
-	ei := store.GetEvidence(ev.Height(), ev.Hash())
+	ei := store.GetEvidenceInfo(ev.Height(), ev.Hash())
 	assert.Equal(ev, ei.Evidence)
 	assert.Equal(priority, ei.Priority)
 	assert.False(ei.Committed)
@@ -72,9 +87,10 @@ func TestStoreMark(t *testing.T) {
 	assert.Equal(0, len(pendingEv))

 	// evidence should show committed
-	ei = store.GetEvidence(ev.Height(), ev.Hash())
+	newPriority := int64(0)
+	ei = store.GetEvidenceInfo(ev.Height(), ev.Hash())
 	assert.Equal(ev, ei.Evidence)
-	assert.Equal(priority, ei.Priority)
+	assert.Equal(newPriority, ei.Priority)
 	assert.True(ei.Committed)
 }

--- a/evidence/wire.go
+++ b/evidence/wire.go
@@ -1,7 +1,7 @@
 package evidence

 import (
-	"github.com/tendermint/go-amino"
+	amino "github.com/tendermint/go-amino"
 	cryptoAmino "github.com/tendermint/tendermint/crypto/encoding/amino"
 	"github.com/tendermint/tendermint/types"
 )
--- a/libs/autofile/group.go
+++ b/libs/autofile/group.go
@@ -67,6 +67,11 @@ type Group struct {
 	minIndex           int // Includes head
 	maxIndex           int // Includes head, where Head will move to

+	// close this when the processTicks routine is done.
+	// this ensures we can cleanup the dir after calling Stop
+	// and the routine won't be trying to access it anymore
+	doneProcessTicks chan struct{}
+
 	// TODO: When we start deleting files, we need to start tracking GroupReaders
 	// and their dependencies.
 }
@@ -90,6 +95,7 @@ func OpenGroup(headPath string, groupOptions ...func(*Group)) (g *Group, err err
 		groupCheckDuration: defaultGroupCheckDuration,
 		minIndex:           0,
 		maxIndex:           0,
+		doneProcessTicks:   make(chan struct{}),
 	}

 	for _, option := range groupOptions {
@@ -140,6 +146,11 @@ func (g *Group) OnStop() {
 	g.Flush() // flush any uncommitted data
 }

+func (g *Group) Wait() {
+	// wait for processTicks routine to finish
+	<-g.doneProcessTicks
+}
+
 // Close closes the head file. The group must be stopped by this moment.
 func (g *Group) Close() {
 	g.Flush() // flush any uncommitted data
@@ -211,6 +222,7 @@ func (g *Group) Flush() error {
 }

 func (g *Group) processTicks() {
+	defer close(g.doneProcessTicks)
 	for {
 		select {
 		case <-g.ticker.C:
--- a/libs/clist/clist_test.go
+++ b/libs/clist/clist_test.go
@@ -65,12 +65,13 @@ func TestSmall(t *testing.T) {

 }

-/*
-This test is quite hacky because it relies on SetFinalizer
-which isn't guaranteed to run at all.
-*/
-// nolint: megacheck
+// This test is quite hacky because it relies on SetFinalizer
+// which isn't guaranteed to run at all.
+//nolint:unused,deadcode
 func _TestGCFifo(t *testing.T) {
+	if runtime.GOARCH != "amd64" {
+		t.Skipf("Skipping on non-amd64 machine")
+	}

 	const numElements = 1000000
 	l := New()
@@ -113,12 +114,13 @@ func _TestGCFifo(t *testing.T) {
 	}
 }

-/*
-This test is quite hacky because it relies on SetFinalizer
-which isn't guaranteed to run at all.
-*/
-// nolint: megacheck
+// This test is quite hacky because it relies on SetFinalizer
+// which isn't guaranteed to run at all.
+//nolint:unused,deadcode
 func _TestGCRandom(t *testing.T) {
+	if runtime.GOARCH != "amd64" {
+		t.Skipf("Skipping on non-amd64 machine")
+	}

 	const numElements = 1000000
 	l := New()
--- a/libs/common/bit_array.go
+++ b/libs/common/bit_array.go
@@ -412,6 +412,6 @@ func (bA *BitArray) UnmarshalJSON(bz []byte) error {
 			bA2.SetIndex(i, true)
 		}
 	}
-	*bA = *bA2
+	*bA = *bA2 //nolint:govet
 	return nil
 }
--- a/libs/common/colors.go
+++ b/libs/common/colors.go
@@ -43,7 +43,7 @@ func treat(s string, color string) string {
 }

 func treatAll(color string, args ...interface{}) string {
-	var parts []string
+	parts := make([]string, 0, len(args))
 	for _, arg := range args {
 		parts = append(parts, treat(fmt.Sprintf("%v", arg), color))
 	}
--- a/libs/common/net.go
+++ b/libs/common/net.go
@@ -24,3 +24,20 @@ func ProtocolAndAddress(listenAddr string) (string, string) {
 	}
 	return protocol, address
 }
+
+// GetFreePort gets a free port from the operating system.
+// Ripped from https://github.com/phayes/freeport.
+// BSD-licensed.
+func GetFreePort() (int, error) {
+	addr, err := net.ResolveTCPAddr("tcp", "localhost:0")
+	if err != nil {
+		return 0, err
+	}
+
+	l, err := net.ListenTCP("tcp", addr)
+	if err != nil {
+		return 0, err
+	}
+	defer l.Close()
+	return l.Addr().(*net.TCPAddr).Port, nil
+}
--- a/libs/db/remotedb/doc.go
+++ b/libs/db/remotedb/doc.go
@@ -11,7 +11,7 @@ remotedb's RemoteDB implements db.DB so can be used normally
 like other databases. One just has to explicitly connect to the
 remote database with a client setup such as:

-	client, err := remotedb.NewInsecure(addr)
+	client, err := remotedb.NewRemoteDB(addr, cert)
 	// Make sure to invoke InitRemote!
 	if err := client.InitRemote(&remotedb.Init{Name: "test-remote-db", Type: "leveldb"}); err != nil {
 	    log.Fatalf("Failed to initialize the remote db")
--- a/libs/db/remotedb/grpcdb/client.go
+++ b/libs/db/remotedb/grpcdb/client.go
@@ -7,14 +7,6 @@ import (
 	protodb "github.com/tendermint/tendermint/libs/db/remotedb/proto"
 )

-// Security defines how the client will talk to the gRPC server.
-type Security uint
-
-const (
-	Insecure Security = iota
-	Secure
-)
-
 // NewClient creates a gRPC client connected to the bound gRPC server at serverAddr.
 // Use kind to set the level of security to either Secure or Insecure.
 func NewClient(serverAddr, serverCert string) (protodb.DBClient, error) {
--- a/libs/db/remotedb/remotedb_test.go
+++ b/libs/db/remotedb/remotedb_test.go
@@ -14,7 +14,7 @@ import (
 func TestRemoteDB(t *testing.T) {
 	cert := "test.crt"
 	key := "test.key"
-	ln, err := net.Listen("tcp", "0.0.0.0:0")
+	ln, err := net.Listen("tcp", "localhost:0")
 	require.Nil(t, err, "expecting a port to have been assigned on which we can listen")
 	srv, err := grpcdb.NewServer(cert, key)
 	require.Nil(t, err)
--- a/libs/db/remotedb/test.crt
+++ b/libs/db/remotedb/test.crt
@@ -1,25 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIEQTCCAimgAwIBAgIRANqF1HD19i/uvQ3n62TAKTwwDQYJKoZIhvcNAQELBQAw
-GTEXMBUGA1UEAxMOdGVuZGVybWludC5jb20wHhcNMTgwNzAyMDMwNzMyWhcNMjAw
-MTAyMDMwNzMwWjANMQswCQYDVQQDEwI6OjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAOuWUMCSzYJmvKU1vsouDTe7OxnPWO3oV0FjSH8vKYoi2zpZQX35
-dQDPtLDF2/v/ANZJ5pzMJR8yMMtEQ4tWxKuGzJw1ZgTgHtASPbj/M5fDnDO7Hqg4
-D09eLTkZAUfiBf6BzDyQIHn22CUexhaS70TbIT9AOAoOsGXMZz9d+iImKIm+gbzf
-pR52LNbBGesHWGjwIuGF4InstIMsKSwGv2DctzhWI+i/m5Goi3rd1V8z/lzUbsf1
-0uXqQcSfTyv3ee6YiCWj2W8vcdc5H+B6KzSlGjAR4sRcHTHOQJYO9BgA9evQ3qsJ
-Pp00iez13RdheJWPtbfUqQy4gdpu8HFeZx8CAwEAAaOBjzCBjDAOBgNVHQ8BAf8E
-BAMCA7gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRc
-XBo+bJILrLcJiGkTWeMPpXb1TDAfBgNVHSMEGDAWgBQqk1Xu65Ww7EBCROw4KLGw
-KuToaDAbBgNVHREEFDAShxAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3DQEBCwUA
-A4ICAQAbGsIMhL8clczNmhGl9xZhmyNz6FbLq6g163x9LTgfvwHPt+7urthtd++O
-uy4Ut8zFurh/yk7eooPlzf8jO7QUJBAFVy4vj8IcsvpWbFa7cuEOIulbjIzyAm/v
-lgy7vUQ6xrWn8x8O9K1ww9z7wugwCyl22BD0wSHZKclJz++AwpL6vUVOD76IIuJO
-+S6bE6z26/0ndpundh2AkA++2eIleD6ygnTeTl0PWu6aGoCggBmos50f8KgYHZF/
-OZVef203kDls9xCaOiMzaU91VsgLqq/gNcT+2cBd5r3IZTY3C8Rve6EEHS+/4zxf
-PKlmiLN7lU9GFZogKecYzY+zPT7OArY7OVFnGTo4qdhdmxnXzHsI+anMCjxLOgEJ
-381hyplQGPQOouEupCBxFcwa7oMYoGu20+1nLWYEqFcIXCeyH+s77MyteJSsseqL
-xivG5PT+jKJn9hrnFb39bBmht9Vsa+Th6vk953zi5wCSe1j2wXsxFaENDq6BQZOK
-f86Kp86M2elYnv3lJ3j2DE2ZTMpw+PA5ThYUnB+HVqYeeB2Y3ErRS8P1FOp1LBE8
-+eTz7yXQO5OM2wdYhNNL1zDri/41fHXi9b6337PZVqc39GM+N74x/O4Q7xEBiWgQ
-T0dT8SNwf55kv63MeZh63ImxFV0FNRkCteYLcJMle3ohIY4zyQ==
+MIIDAjCCAeqgAwIBAgIJAOGCVedOwRbOMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV
+BAYTAlVTMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMTkwMjExMTU0NjQ5WhcNMjAw
+MjExMTU0NjQ5WjAhMQswCQYDVQQGEwJVUzESMBAGA1UEAwwJbG9jYWxob3N0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA60S/fNUWoHm1PYI/yrlnZNtr
+dRqDORHe0hPwl/lttLz7+a7HzQZFnpiXnuxbDJtpIq/h1vhAl0sFy86Ip26LhbWc
+GjxJL24tVwiOwqYRzTPZ/rK3JYuNcIvcztXjMqdzPrHSZy5YZgrQB6yhTiqpBc4D
+h/XgWjEt4DhpHwf/zuIK9XkJw0IaTWjFmoyKRoWW3q4bHzoKNxS9bXP117Tz7tn0
+AdsQCjt1GKcIROkcOGUHqByINJ2XlBkb7SQPjQVBLDVJKdRDUt+yHkkdbn97UDhq
+HRTCt5UELWs/53Gj1ffNuhjECOVjG1HkZweLgZjJRQYe8X2OOLNOyfVY1KsDnQID
+AQABoz0wOzAMBgNVHRMEBTADAQH/MCsGA1UdEQQkMCKCCWxvY2FsaG9zdIIJbG9j
+YWxob3N0hwQAAAAAhwR/AAABMA0GCSqGSIb3DQEBBQUAA4IBAQCe2A5gDc3jiZwT
+a5TJrc2J2KouqxB/PCddw5VY8jPsZJfsr9gxHi+Xa5g8p3oqmEOIlqM5BVhrZRUG
+RWHDmL+bCsuzMoA/vGHtHmUIwLeZQLWgT3kv12Dc8M9flNNjmXWxdMR9lOMwcL83
+F0CdElxSmaEbNvCIJBDetJJ7vMCqS2lnTLWurbH4ZGeGwvjzNgpgGCKwbyK/gU+j
+UXiTQbVvPQ3WWACDnfH6rg0TpxU9jOBkd+4/9tUrBG7UclQBfGULk3sObLO9kx4N
+8RxJmtp8jljIXVPX3udExI05pz039pAgvaeZWtP17QSbYcKF1jFtKo6ckrv2GKXX
+M5OXGXdw
 -----END CERTIFICATE-----
--- a/libs/db/remotedb/test.key
+++ b/libs/db/remotedb/test.key
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpgIBAAKCAQEA65ZQwJLNgma8pTW+yi4NN7s7Gc9Y7ehXQWNIfy8piiLbOllB
-ffl1AM+0sMXb+/8A1knmnMwlHzIwy0RDi1bEq4bMnDVmBOAe0BI9uP8zl8OcM7se
-qDgPT14tORkBR+IF/oHMPJAgefbYJR7GFpLvRNshP0A4Cg6wZcxnP136IiYoib6B
-vN+lHnYs1sEZ6wdYaPAi4YXgiey0gywpLAa/YNy3OFYj6L+bkaiLet3VXzP+XNRu
-x/XS5epBxJ9PK/d57piIJaPZby9x1zkf4HorNKUaMBHixFwdMc5Alg70GAD169De
-qwk+nTSJ7PXdF2F4lY+1t9SpDLiB2m7wcV5nHwIDAQABAoIBAQCB2/ilPgaUE8d2
-ldqWHa5hgw4/2uCdO04ll/GVUczm/PG1BxAnvYL2MIfcTSRGkrjGZjP9SDZKLONi
-mD1XKDv+hK5yiKi0lUnGzddCC0JILKYEieeLOGOQD0yERblEA13kfW20EIomUJ+y
-TnVIajQD03pPIDoDqTco1fQvpMDFYw5Q//UhH7VBC261GO1akvhT2Gqdb4aKLaYQ
-iDW9IEButL5cRKIJuRxToB/JbmPVEF7xIZtm0sf9dtYVOlBQLeID0uHXgaci0enc
-de6GMajmj7NFqc36ypb+Ct18fqEwQBYD+TSQdKs7/lMsAXwRjd5HW4RbYiMZyYnf
-Dxgh7QVBAoGBAP9aLLIUcIG7+gk1x7xd+8wRhfo+dhsungeCluSigI9AsfDr6dpR
-G9/0lEJH56noZZKQueACTmj7shmRB40xFFLc8w0IDRZCnofsl+Z15k9K84uFPA3W
-hdZH9nMieU/mRKdcUYK7pHGqbicHTaJQ5ydZ+xb2E+zYQHOzYpQacHv/AoGBAOwv
-TjDZSiassnAPYmmfcHtkUF4gf7PTpiZfH0hXHGAb0mJX4cXAoktAeDeHSi2tz3LW
-dAc0ReP8Pdf3uSNv7wkJ1KpNRxAhU5bhnDFmjRc7gMZknVOU+az2M+4yGOn/SOiJ
-I6uMHgQDS/VsI+N583n6gbGxVHbQfr9TOc4bLpThAoGBAKin0JmWMnEdzRnEMbZS
-hPrWIB2Wn794XNws/qjoQ+1aF60+xGhz5etXyYy1nWd1nZDekkZIf62LgKiuR8ST
-xA6u7MGQrcQkID06oWGQQZvhr1ZZm76wEBnl0ftdq66AMpwvt46XjReeL78LbdVl
-hidRoSwbQDHQ61EADH4xsFXVAoGBAISXqhXSZsZ/fU1b1avmTod3MYcmR4r07vnr
-vOwnu05ZUCrVm3IhSvtkHhlOYl5yjVuy+UByICp1mWJ9N/qlBFTWqAVTjOmJTBwQ
-XFd/cwXv6cN3CLu7js+DCHRYu5PiNVQWaWgNKWynTSViqGM0O3PnJphTLU/mjMFs
-P69toyEBAoGBALh9YsqxHdYdS5WK9chzDfGlaTQ79jwN+gEzQuP1ooLF0JkMgh5W
-//2C6kCrgBsGTm1gfHAjEfC04ZDZLFbKLm56YVKUGL6JJNapm6e5kfiZGjbRKWAg
-ViCeRS2qQnVbH74GfHyimeTPDI9cJMiJfDDTPbfosqWSsPEcg2jfsySJ
+MIIEogIBAAKCAQEA60S/fNUWoHm1PYI/yrlnZNtrdRqDORHe0hPwl/lttLz7+a7H
+zQZFnpiXnuxbDJtpIq/h1vhAl0sFy86Ip26LhbWcGjxJL24tVwiOwqYRzTPZ/rK3
+JYuNcIvcztXjMqdzPrHSZy5YZgrQB6yhTiqpBc4Dh/XgWjEt4DhpHwf/zuIK9XkJ
+w0IaTWjFmoyKRoWW3q4bHzoKNxS9bXP117Tz7tn0AdsQCjt1GKcIROkcOGUHqByI
+NJ2XlBkb7SQPjQVBLDVJKdRDUt+yHkkdbn97UDhqHRTCt5UELWs/53Gj1ffNuhjE
+COVjG1HkZweLgZjJRQYe8X2OOLNOyfVY1KsDnQIDAQABAoIBAAb5n8+8pZIWaags
+L2X8PzN/Sd1L7u4HOJrz2mM3EuiT3ciWRPgwImpETeJ5UW27Qc+0dTahX5DcuYxE
+UErefSZ2ru0cMnNEifWVnF3q/IYf7mudss5bJ9NZYi+Dqdu7mTAXp4xFlHtaALbp
+iFK/8wjoBbTHNmKWKK0IHx27Z/sjK+7QnoKij+rRzvhmNyN2r3dT7EO4VePriesr
+zyVaGexNPFhtd1HLJLQ5GqRAidtLM4x1ubvp3NLTCvvoQKKYFOg7WqKycZ2VllOg
+ApcpZb/kB/sNTacLvum5HgMNWuWwgREISuQJR+esz/5WaSTQ04L2+vMVomGM18X+
+9n4KYwECgYEA/Usajzl3tWv1IIairSk9Md7Z2sbaPVBNKv4IDJy3mLwt+2VN2mqo
+fpeV5rBaFNWzJR0M0JwLbdlsvSfXgVFkUePg1UiJyFqOKmMO8Bd/nxV9NAewVg1D
+KXQLsfrojBfka7HtFmfk/GA2swEMCGzUcY23bwah1JUTLhvbl19GNMECgYEA7chW
+Ip/IvYBiaaD/qgklwJE8QoAVzi9zqlI1MOJJNf1r/BTeZ2R8oXlRk8PVxFglliuA
+vMgwCkfuqxA8irIdHReLzqcLddPtaHo6R8zKP2cpYBo61C3CPzEAucasaOXQFpjs
+DPnp4QFeboNPgiEGLVGHFvD5TwZpideBpWTwud0CgYEAy04MDGfJEQKNJ0VJr4mJ
+R80iubqgk1QwDFEILu9fYiWxFrbSTX0Mr0eGlzp3o39/okt17L9DYTGCWTVwgajN
+x/kLjsYBaaJdt+H4rHeABTWfYDLHs9pDTTOK65mELGZE/rg6n6BWqMelP/qYKO8J
+efeRA3mkTVg2o+zSTea4GEECgYEA3DB4EvgD2/fXKhl8puhxnTDgrHQPvS8T3NTj
+jLD/Oo/CP1zT1sqm3qCJelwOyBMYO0dtn2OBmQOjb6VJauYlL5tuS59EbYgigG0v
+Ku3pG21cUzH26CS3i+zEz0O6xCiL2WEitaF3gnTSDWRrbAVIww6MGiJru1IkyRBX
+beFbScECf1n00W9qrXnqsWefk73ucggfV0gQQmDnauMA9J7B96+MvGprE54Tx9vl
+SBodgvJsCod9Y9Q7QsMcXb4CuEgTgWKDBp5cA/KUOQmK5buOrysosLnnm12LaHiF
+O7IIh8Cmb9TbdldgW+8ndZ4EQ3lfIS0zN3/7rWD34bs19JDYkRY=
 -----END RSA PRIVATE KEY-----
--- a/libs/events/events.go
+++ b/libs/events/events.go
@@ -188,7 +188,7 @@ func (cell *eventCell) RemoveListener(listenerID string) int {

 func (cell *eventCell) FireEvent(data EventData) {
 	cell.mtx.RLock()
-	var eventCallbacks []EventCallback
+	eventCallbacks := make([]EventCallback, 0, len(cell.listeners))
 	for _, cb := range cell.listeners {
 		eventCallbacks = append(eventCallbacks, cb)
 	}
--- a/libs/fail/fail.go
+++ b/libs/fail/fail.go
@@ -72,7 +72,8 @@ func FailRand(n int) {

 func Exit() {
 	fmt.Printf("*** fail-test %d ***\n", callIndex)
-	proc, _ := os.FindProcess(os.Getpid())
-	proc.Signal(os.Interrupt)
+	os.Exit(1)
+	//	proc, _ := os.FindProcess(os.Getpid())
+	//	proc.Signal(os.Interrupt)
 	//	panic(fmt.Sprintf("*** fail-test %d ***", callIndex))
 }
--- a/libs/flowrate/io_test.go
+++ b/libs/flowrate/io_test.go
@@ -81,12 +81,12 @@ func TestReader(t *testing.T) {

 	// Active, Start, Duration, Idle, Bytes, Samples, InstRate, CurRate, AvgRate, PeakRate, BytesRem, TimeRem, Progress
 	want := []Status{
-		Status{true, start, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-		Status{true, start, _100ms, 0, 10, 1, 100, 100, 100, 100, 0, 0, 0},
-		Status{true, start, _200ms, _100ms, 20, 2, 100, 100, 100, 100, 0, 0, 0},
-		Status{true, start, _300ms, _200ms, 20, 3, 0, 90, 67, 100, 0, 0, 0},
-		Status{false, start, _300ms, 0, 20, 3, 0, 0, 67, 100, 0, 0, 0},
-		Status{false, start, _300ms, 0, 20, 3, 0, 0, 67, 100, 0, 0, 0},
+		{true, start, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
+		{true, start, _100ms, 0, 10, 1, 100, 100, 100, 100, 0, 0, 0},
+		{true, start, _200ms, _100ms, 20, 2, 100, 100, 100, 100, 0, 0, 0},
+		{true, start, _300ms, _200ms, 20, 3, 0, 90, 67, 100, 0, 0, 0},
+		{false, start, _300ms, 0, 20, 3, 0, 0, 67, 100, 0, 0, 0},
+		{false, start, _300ms, 0, 20, 3, 0, 0, 67, 100, 0, 0, 0},
 	}
 	for i, s := range status {
 		if !statusesAreEqual(&s, &want[i]) {
@@ -139,8 +139,8 @@ func TestWriter(t *testing.T) {

 	// Active, Start, Duration, Idle, Bytes, Samples, InstRate, CurRate, AvgRate, PeakRate, BytesRem, TimeRem, Progress
 	want := []Status{
-		Status{true, start, _400ms, 0, 80, 4, 200, 200, 200, 200, 20, _100ms, 80000},
-		Status{true, start, _500ms, _100ms, 100, 5, 200, 200, 200, 200, 0, 0, 100000},
+		{true, start, _400ms, 0, 80, 4, 200, 200, 200, 200, 20, _100ms, 80000},
+		{true, start, _500ms, _100ms, 100, 5, 200, 200, 200, 200, 0, 0, 100000},
 	}
 	for i, s := range status {
 		if !statusesAreEqual(&s, &want[i]) {
--- a/libs/pubsub/pubsub.go
+++ b/libs/pubsub/pubsub.go
@@ -101,7 +101,7 @@ type Server struct {
 	cmdsCap int

 	mtx           sync.RWMutex
-	subscriptions map[string]map[string]Query // subscriber -> query (string) -> Query
+	subscriptions map[string]map[string]struct{} // subscriber -> query (string) -> empty struct
 }

 // Option sets a parameter for the server.
@@ -143,7 +143,7 @@ func (ts tagMap) Len() int {
 // provided, the resulting server's queue is unbuffered.
 func NewServer(options ...Option) *Server {
 	s := &Server{
-		subscriptions: make(map[string]map[string]Query),
+		subscriptions: make(map[string]map[string]struct{}),
 	}
 	s.BaseService = *cmn.NewBaseService(nil, "PubSub", s)

@@ -193,11 +193,9 @@ func (s *Server) Subscribe(ctx context.Context, clientID string, query Query, ou
 	case s.cmds <- cmd{op: sub, clientID: clientID, query: query, ch: out}:
 		s.mtx.Lock()
 		if _, ok = s.subscriptions[clientID]; !ok {
-			s.subscriptions[clientID] = make(map[string]Query)
+			s.subscriptions[clientID] = make(map[string]struct{})
 		}
-		// preserve original query
-		// see Unsubscribe
-		s.subscriptions[clientID][query.String()] = query
+		s.subscriptions[clientID][query.String()] = struct{}{}
 		s.mtx.Unlock()
 		return nil
 	case <-ctx.Done():
@@ -211,22 +209,23 @@ func (s *Server) Subscribe(ctx context.Context, clientID string, query Query, ou
 // returned to the caller if the context is canceled or if subscription does
 // not exist.
 func (s *Server) Unsubscribe(ctx context.Context, clientID string, query Query) error {
-	var origQuery Query
 	s.mtx.RLock()
 	clientSubscriptions, ok := s.subscriptions[clientID]
 	if ok {
-		origQuery, ok = clientSubscriptions[query.String()]
+		_, ok = clientSubscriptions[query.String()]
 	}
 	s.mtx.RUnlock()
 	if !ok {
 		return ErrSubscriptionNotFound
 	}

-	// original query is used here because we're using pointers as map keys
 	select {
-	case s.cmds <- cmd{op: unsub, clientID: clientID, query: origQuery}:
+	case s.cmds <- cmd{op: unsub, clientID: clientID, query: query}:
 		s.mtx.Lock()
 		delete(clientSubscriptions, query.String())
+		if len(clientSubscriptions) == 0 {
+			delete(s.subscriptions, clientID)
+		}
 		s.mtx.Unlock()
 		return nil
 	case <-ctx.Done():
@@ -286,17 +285,27 @@ func (s *Server) OnStop() {

 // NOTE: not goroutine safe
 type state struct {
-	// query -> client -> ch
-	queries map[Query]map[string]chan<- interface{}
-	// client -> query -> struct{}
-	clients map[string]map[Query]struct{}
+	// query string -> client -> ch
+	queryToChanMap map[string]map[string]chan<- interface{}
+	// client -> query string -> struct{}
+	clientToQueryMap map[string]map[string]struct{}
+	// query string -> queryPlusRefCount
+	queries map[string]*queryPlusRefCount
+}
+
+// queryPlusRefCount holds a pointer to a query and reference counter. When
+// refCount is zero, query will be removed.
+type queryPlusRefCount struct {
+	q        Query
+	refCount int
 }

 // OnStart implements Service.OnStart by starting the server.
 func (s *Server) OnStart() error {
 	go s.loop(state{
-		queries: make(map[Query]map[string]chan<- interface{}),
-		clients: make(map[string]map[Query]struct{}),
+		queryToChanMap:   make(map[string]map[string]chan<- interface{}),
+		clientToQueryMap: make(map[string]map[string]struct{}),
+		queries:          make(map[string]*queryPlusRefCount),
 	})
 	return nil
 }
@@ -317,7 +326,7 @@ loop:
 				state.removeAll(cmd.clientID)
 			}
 		case shutdown:
-			for clientID := range state.clients {
+			for clientID := range state.clientToQueryMap {
 				state.removeAll(clientID)
 			}
 			break loop
@@ -330,66 +339,99 @@ loop:
 }

 func (state *state) add(clientID string, q Query, ch chan<- interface{}) {
+	qStr := q.String()

 	// initialize clientToChannelMap per query if needed
-	if _, ok := state.queries[q]; !ok {
-		state.queries[q] = make(map[string]chan<- interface{})
+	if _, ok := state.queryToChanMap[qStr]; !ok {
+		state.queryToChanMap[qStr] = make(map[string]chan<- interface{})
 	}

 	// create subscription
-	state.queries[q][clientID] = ch
+	state.queryToChanMap[qStr][clientID] = ch
+
+	// initialize queries if needed
+	if _, ok := state.queries[qStr]; !ok {
+		state.queries[qStr] = &queryPlusRefCount{q: q, refCount: 0}
+	}
+	// increment reference counter
+	state.queries[qStr].refCount++

 	// add client if needed
-	if _, ok := state.clients[clientID]; !ok {
-		state.clients[clientID] = make(map[Query]struct{})
+	if _, ok := state.clientToQueryMap[clientID]; !ok {
+		state.clientToQueryMap[clientID] = make(map[string]struct{})
 	}
-	state.clients[clientID][q] = struct{}{}
+	state.clientToQueryMap[clientID][qStr] = struct{}{}
 }

 func (state *state) remove(clientID string, q Query) {
-	clientToChannelMap, ok := state.queries[q]
+	qStr := q.String()
+
+	clientToChannelMap, ok := state.queryToChanMap[qStr]
 	if !ok {
 		return
 	}

 	ch, ok := clientToChannelMap[clientID]
-	if ok {
-		close(ch)
-
-		delete(state.clients[clientID], q)
-
-		// if it not subscribed to anything else, remove the client
-		if len(state.clients[clientID]) == 0 {
-			delete(state.clients, clientID)
-		}
-
-		delete(state.queries[q], clientID)
-		if len(state.queries[q]) == 0 {
-			delete(state.queries, q)
-		}
-	}
-}
-
-func (state *state) removeAll(clientID string) {
-	queryMap, ok := state.clients[clientID]
 	if !ok {
 		return
 	}

-	for q := range queryMap {
-		ch := state.queries[q][clientID]
+	close(ch)
+
+	// remove the query from client map.
+	// if client is not subscribed to anything else, remove it.
+	delete(state.clientToQueryMap[clientID], qStr)
+	if len(state.clientToQueryMap[clientID]) == 0 {
+		delete(state.clientToQueryMap, clientID)
+	}
+
+	// remove the client from query map.
+	// if query has no other clients subscribed, remove it.
+	delete(state.queryToChanMap[qStr], clientID)
+	if len(state.queryToChanMap[qStr]) == 0 {
+		delete(state.queryToChanMap, qStr)
+	}
+
+	// decrease ref counter in queries
+	state.queries[qStr].refCount--
+	// remove the query if nobody else is using it
+	if state.queries[qStr].refCount == 0 {
+		delete(state.queries, qStr)
+	}
+}
+
+func (state *state) removeAll(clientID string) {
+	queryMap, ok := state.clientToQueryMap[clientID]
+	if !ok {
+		return
+	}
+
+	for qStr := range queryMap {
+		ch := state.queryToChanMap[qStr][clientID]
 		close(ch)

-		delete(state.queries[q], clientID)
-		if len(state.queries[q]) == 0 {
-			delete(state.queries, q)
+		// remove the client from query map.
+		// if query has no other clients subscribed, remove it.
+		delete(state.queryToChanMap[qStr], clientID)
+		if len(state.queryToChanMap[qStr]) == 0 {
+			delete(state.queryToChanMap, qStr)
+		}
+
+		// decrease ref counter in queries
+		state.queries[qStr].refCount--
+		// remove the query if nobody else is using it
+		if state.queries[qStr].refCount == 0 {
+			delete(state.queries, qStr)
 		}
 	}
-	delete(state.clients, clientID)
+
+	// remove the client.
+	delete(state.clientToQueryMap, clientID)
 }

 func (state *state) send(msg interface{}, tags TagMap) {
-	for q, clientToChannelMap := range state.queries {
+	for qStr, clientToChannelMap := range state.queryToChanMap {
+		q := state.queries[qStr].q
 		if q.Matches(tags) {
 			for _, ch := range clientToChannelMap {
 				ch <- msg
--- a/libs/pubsub/pubsub_test.go
+++ b/libs/pubsub/pubsub_test.go
@@ -115,6 +115,25 @@ func TestUnsubscribe(t *testing.T) {
 	assert.False(t, ok)
 }

+func TestClientUnsubscribesTwice(t *testing.T) {
+	s := pubsub.NewServer()
+	s.SetLogger(log.TestingLogger())
+	s.Start()
+	defer s.Stop()
+
+	ctx := context.Background()
+	ch := make(chan interface{})
+	err := s.Subscribe(ctx, clientID, query.MustParse("tm.events.type='NewBlock'"), ch)
+	require.NoError(t, err)
+	err = s.Unsubscribe(ctx, clientID, query.MustParse("tm.events.type='NewBlock'"))
+	require.NoError(t, err)
+
+	err = s.Unsubscribe(ctx, clientID, query.MustParse("tm.events.type='NewBlock'"))
+	assert.Equal(t, pubsub.ErrSubscriptionNotFound, err)
+	err = s.UnsubscribeAll(ctx, clientID)
+	assert.Equal(t, pubsub.ErrSubscriptionNotFound, err)
+}
+
 func TestResubscribe(t *testing.T) {
 	s := pubsub.NewServer()
 	s.SetLogger(log.TestingLogger())
--- a/libs/pubsub/query/query_test.go
+++ b/libs/pubsub/query/query_test.go
@@ -73,9 +73,9 @@ func TestConditions(t *testing.T) {
 		s          string
 		conditions []query.Condition
 	}{
-		{s: "tm.events.type='NewBlock'", conditions: []query.Condition{query.Condition{Tag: "tm.events.type", Op: query.OpEqual, Operand: "NewBlock"}}},
-		{s: "tx.gas > 7 AND tx.gas < 9", conditions: []query.Condition{query.Condition{Tag: "tx.gas", Op: query.OpGreater, Operand: int64(7)}, query.Condition{Tag: "tx.gas", Op: query.OpLess, Operand: int64(9)}}},
-		{s: "tx.time >= TIME 2013-05-03T14:45:00Z", conditions: []query.Condition{query.Condition{Tag: "tx.time", Op: query.OpGreaterEqual, Operand: txTime}}},
+		{s: "tm.events.type='NewBlock'", conditions: []query.Condition{{Tag: "tm.events.type", Op: query.OpEqual, Operand: "NewBlock"}}},
+		{s: "tx.gas > 7 AND tx.gas < 9", conditions: []query.Condition{{Tag: "tx.gas", Op: query.OpGreater, Operand: int64(7)}, {Tag: "tx.gas", Op: query.OpLess, Operand: int64(9)}}},
+		{s: "tx.time >= TIME 2013-05-03T14:45:00Z", conditions: []query.Condition{{Tag: "tx.time", Op: query.OpGreaterEqual, Operand: txTime}}},
 	}

 	for _, tc := range testCases {
--- a/libs/test.sh
+++ b/libs/test.sh
@@ -2,7 +2,7 @@
 set -e

 # run the linter
-# make metalinter_test
+# make lint

 # setup certs
 make gen_certs
--- a/lite/client/provider_test.go
+++ b/lite/client/provider_test.go
@@ -19,8 +19,7 @@ func TestMain(m *testing.M) {

 	code := m.Run()

-	node.Stop()
-	node.Wait()
+	rpctest.StopTendermint(node)
 	os.Exit(code)
 }

@@ -28,6 +27,7 @@ func TestProvider(t *testing.T) {
 	assert, require := assert.New(t), require.New(t)

 	cfg := rpctest.GetConfig()
+	defer os.RemoveAll(cfg.RootDir)
 	rpcAddr := cfg.RPC.ListenAddress
 	genDoc, err := types.GenesisDocFromFile(cfg.GenesisFile())
 	if err != nil {
--- a/lite/doc.go
+++ b/lite/doc.go
@@ -15,9 +15,7 @@ for you, so you can just build nice applications.
 We design for clients who have no strong trust relationship with any Tendermint
 node, just the blockchain and validator set as a whole.

-# Data structures
-
-## SignedHeader
+SignedHeader

 SignedHeader is a block header along with a commit -- enough validator
 precommit-vote signatures to prove its validity (> 2/3 of the voting power)
@@ -42,7 +40,7 @@ The FullCommit is also declared in this package as a convenience structure,
 which includes the SignedHeader along with the full current and next
 ValidatorSets.

-## Verifier
+Verifier

 A Verifier validates a new SignedHeader given the currently known state. There
 are two different types of Verifiers provided.
@@ -56,35 +54,32 @@ greater).
 DynamicVerifier - this Verifier implements an auto-update and persistence
 strategy to verify any SignedHeader of the blockchain.

-## Provider and PersistentProvider
+Provider and PersistentProvider

 A Provider allows us to store and retrieve the FullCommits.

-```go
-type Provider interface {
-	// LatestFullCommit returns the latest commit with
-	// minHeight <= height <= maxHeight.
-	// If maxHeight is zero, returns the latest where
-	// minHeight <= height.
-	LatestFullCommit(chainID string, minHeight, maxHeight int64) (FullCommit, error)
-}
-```
+    type Provider interface {
+        // LatestFullCommit returns the latest commit with
+        // minHeight <= height <= maxHeight.
+        // If maxHeight is zero, returns the latest where
+        // minHeight <= height.
+        LatestFullCommit(chainID string, minHeight, maxHeight int64) (FullCommit, error)
+    }

 * client.NewHTTPProvider - query Tendermint rpc.

 A PersistentProvider is a Provider that also allows for saving state.  This is
 used by the DynamicVerifier for persistence.

-```go
-type PersistentProvider interface {
-	Provider
+    type PersistentProvider interface {
+        Provider

-	// SaveFullCommit saves a FullCommit (without verification).
-	SaveFullCommit(fc FullCommit) error
-}
-```
+        // SaveFullCommit saves a FullCommit (without verification).
+        SaveFullCommit(fc FullCommit) error
+    }

 * DBProvider - persistence provider for use with any libs/DB.
+
 * MultiProvider - combine multiple providers.

 The suggested use for local light clients is client.NewHTTPProvider(...) for
@@ -93,7 +88,7 @@ dbm.NewMemDB()), NewDBProvider("label", db.NewFileDB(...))) to store confirmed
 full commits (Trusted)


-# How We Track Validators
+How We Track Validators

 Unless you want to blindly trust the node you talk with, you need to trace
 every response back to a hash in a block header and validate the commit
--- a/lite/helpers.go
+++ b/lite/helpers.go
@@ -70,7 +70,7 @@ func (pkz privKeys) ToValidators(init, inc int64) *types.ValidatorSet {

 // signHeader properly signs the header with all keys from first to last exclusive.
 func (pkz privKeys) signHeader(header *types.Header, first, last int) *types.Commit {
-	votes := make([]*types.Vote, len(pkz))
+	commitSigs := make([]*types.CommitSig, len(pkz))

 	// We need this list to keep the ordering.
 	vset := pkz.ToValidators(1, 0)
@@ -78,14 +78,10 @@ func (pkz privKeys) signHeader(header *types.Header, first, last int) *types.Com
 	// Fill in the votes we want.
 	for i := first; i < last && i < len(pkz); i++ {
 		vote := makeVote(header, vset, pkz[i])
-		votes[vote.ValidatorIndex] = vote
+		commitSigs[vote.ValidatorIndex] = vote.CommitSig()
 	}
-
-	res := &types.Commit{
-		BlockID:    types.BlockID{Hash: header.Hash()},
-		Precommits: votes,
-	}
-	return res
+	blockID := types.BlockID{Hash: header.Hash()}
+	return types.NewCommit(blockID, commitSigs)
 }

 func makeVote(header *types.Header, valset *types.ValidatorSet, key crypto.PrivKey) *types.Vote {
--- a/lite/proxy/query_test.go
+++ b/lite/proxy/query_test.go
@@ -21,6 +21,7 @@ import (

 var node *nm.Node
 var chainID = "tendermint_test" // TODO use from config.
+//nolint:unused
 var waitForEventTimeout = 5 * time.Second

 // TODO fix tests!!
@@ -31,8 +32,7 @@ func TestMain(m *testing.M) {

 	code := m.Run()

-	node.Stop()
-	node.Wait()
+	rpctest.StopTendermint(node)
 	os.Exit(code)
 }

@@ -42,6 +42,7 @@ func kvstoreTx(k, v []byte) []byte {

 // TODO: enable it after general proof format has been adapted
 // in abci/examples/kvstore.go
+//nolint:unused,deadcode
 func _TestAppProofs(t *testing.T) {
 	assert, require := assert.New(t), require.New(t)

--- a/lite/proxy/validate_test.go
+++ b/lite/proxy/validate_test.go
@@ -70,7 +70,7 @@ func TestValidateBlock(t *testing.T) {
 			},
 			signedHeader: types.SignedHeader{
 				Header: &types.Header{Height: 11},
-				Commit: &types.Commit{BlockID: types.BlockID{Hash: []byte("0xDEADBEEF")}},
+				Commit: types.NewCommit(types.BlockID{Hash: []byte("0xDEADBEEF")}, nil),
 			},
 			wantErr: "Data hash doesn't match header",
 		},
@@ -81,7 +81,7 @@ func TestValidateBlock(t *testing.T) {
 			},
 			signedHeader: types.SignedHeader{
 				Header: &types.Header{Height: 11},
-				Commit: &types.Commit{BlockID: types.BlockID{Hash: []byte("DEADBEEF")}},
+				Commit: types.NewCommit(types.BlockID{Hash: []byte("DEADBEEF")}, nil),
 			},
 		},
 		// End Header.Data hash mismatch test
@@ -169,7 +169,7 @@ func TestValidateBlockMeta(t *testing.T) {
 					ValidatorsHash: []byte("Tendermint"),
 					Time:           testTime2,
 				},
-				Commit: &types.Commit{BlockID: types.BlockID{Hash: []byte("DEADBEEF")}},
+				Commit: types.NewCommit(types.BlockID{Hash: []byte("DEADBEEF")}, nil),
 			},
 			wantErr: "Headers don't match",
 		},
@@ -188,7 +188,7 @@ func TestValidateBlockMeta(t *testing.T) {
 					ValidatorsHash: []byte("Tendermint-x"),
 					Time:           testTime2,
 				},
-				Commit: &types.Commit{BlockID: types.BlockID{Hash: []byte("DEADBEEF")}},
+				Commit: types.NewCommit(types.BlockID{Hash: []byte("DEADBEEF")}, nil),
 			},
 			wantErr: "Headers don't match",
 		},
--- a/mempool/bench_test.go
+++ b/mempool/bench_test.go
@@ -11,7 +11,8 @@ import (
 func BenchmarkReap(b *testing.B) {
 	app := kvstore.NewKVStoreApplication()
 	cc := proxy.NewLocalClientCreator(app)
-	mempool := newMempoolWithApp(cc)
+	mempool, cleanup := newMempoolWithApp(cc)
+	defer cleanup()

 	size := 10000
 	for i := 0; i < size; i++ {
--- a/mempool/mempool.go
+++ b/mempool/mempool.go
@@ -408,14 +408,11 @@ func (mem *Mempool) resCbRecheck(req *abci.Request, res *abci.Response) {
 	case *abci.Response_CheckTx:
 		tx := req.GetCheckTx().Tx
 		memTx := mem.recheckCursor.Value.(*mempoolTx)
-		if !bytes.Equal(req.GetCheckTx().Tx, memTx.tx) {
-			cmn.PanicSanity(
-				fmt.Sprintf(
-					"Unexpected tx response from proxy during recheck\nExpected %X, got %X",
-					r.CheckTx.Data,
-					memTx.tx,
-				),
-			)
+		if !bytes.Equal(tx, memTx.tx) {
+			panic(fmt.Sprintf(
+				"Unexpected tx response from proxy during recheck\nExpected %X, got %X",
+				memTx.tx,
+				tx))
 		}
 		var postCheckErr error
 		if mem.postCheck != nil {
--- a/Show More
+++ b/Show More