only dial seeds if we have seedAddrs

Refs #2757

CHANGELOG.md

@@ -1,5 +1,148 @@
 # Changelog
 
+## v0.26.0
+
+*November 2, 2018*
+
+Special thanks to external contributors on this release:
+@bradyjoestar, @connorwstein, @goolAdapter, @HaoyangLiu,
+@james-ray, @overbool, @phymbert, @Slamper, @Uzair1995, @yutianwu.
+
+Special thanks to @Slamper for a series of bug reports in our [bug bounty
+program](https://hackerone.com/tendermint) which are fixed in this release.
+
+This release is primarily about adding Version fields to various data structures,
+optimizing consensus messages for signing and verification in
+restricted environments (like HSMs and the Ethereum Virtual Machine), and
+aligning the consensus code with the [specification](https://arxiv.org/abs/1807.04938).
+It also includes our first take at a generalized merkle proof system, and
+changes the length of hashes used for hashing data structures from 20 to 32
+bytes.
+
+See the [UPGRADING.md](UPGRADING.md#v0.26.0) for details on upgrading to the new
+version.
+
+Please note that we are still making breaking changes to the protocols.
+While the new Version fields should help us to keep the software backwards compatible
+even while upgrading the protocols, we cannot guarantee that new releases will
+be compatible with old chains just yet. We expect there will be another breaking
+release or two before the Cosmos Hub launch, but we will otherwise be paying
+increasing attention to backwards compatibility. Thanks for bearing with us!
+
+### BREAKING CHANGES:
+
+* CLI/RPC/Config
+  * [config] [\#2232](https://github.com/tendermint/tendermint/issues/2232) Timeouts are now strings like "3s" and "100ms", not ints
+  * [config] [\#2505](https://github.com/tendermint/tendermint/issues/2505) Remove Mempool.RecheckEmpty (it was effectively useless anyways)
+  * [config] [\#2490](https://github.com/tendermint/tendermint/issues/2490) `mempool.wal` is disabled by default
+  * [privval] [\#2459](https://github.com/tendermint/tendermint/issues/2459) Split `SocketPVMsg`s implementations into Request and Response, where the Response may contain a error message (returned by the remote signer)
+  * [state] [\#2644](https://github.com/tendermint/tendermint/issues/2644) Add Version field to State, breaking the format of State as
+    encoded on disk.
+  * [rpc] [\#2298](https://github.com/tendermint/tendermint/issues/2298) `/abci_query` takes `prove` argument instead of `trusted` and switches the default
+    behaviour to `prove=false`
+  * [rpc] [\#2654](https://github.com/tendermint/tendermint/issues/2654) Remove all `node_info.other.*_version` fields in `/status` and
+    `/net_info`
+  * [rpc] [\#2636](https://github.com/tendermint/tendermint/issues/2636) Remove
+    `_params` suffix from fields in `consensus_params`.
+
+* Apps
+  * [abci] [\#2298](https://github.com/tendermint/tendermint/issues/2298) ResponseQuery.Proof is now a structured merkle.Proof, not just
+    arbitrary bytes
+  * [abci] [\#2644](https://github.com/tendermint/tendermint/issues/2644) Add Version to Header and shift all fields by one
+  * [abci] [\#2662](https://github.com/tendermint/tendermint/issues/2662) Bump the field numbers for some `ResponseInfo` fields to make room for
+      `AppVersion`
+  * [abci] [\#2636](https://github.com/tendermint/tendermint/issues/2636) Updates to ConsensusParams
+    * Remove `Params` suffix from field names
+    * Add `Params` suffix to message types
+    * Add new field and type, `Validator ValidatorParams`, to control what types of validator keys are allowed.
+
+* Go API
+  * [config] [\#2232](https://github.com/tendermint/tendermint/issues/2232) Timeouts are time.Duration, not ints
+  * [crypto/merkle & lite] [\#2298](https://github.com/tendermint/tendermint/issues/2298) Various changes to accomodate General Merkle trees
+  * [crypto/merkle] [\#2595](https://github.com/tendermint/tendermint/issues/2595) Remove all Hasher objects in favor of byte slices
+  * [crypto/merkle] [\#2635](https://github.com/tendermint/tendermint/issues/2635) merkle.SimpleHashFromTwoHashes is no longer exported
+  * [node] [\#2479](https://github.com/tendermint/tendermint/issues/2479) Remove node.RunForever
+  * [rpc/client] [\#2298](https://github.com/tendermint/tendermint/issues/2298) `ABCIQueryOptions.Trusted` -> `ABCIQueryOptions.Prove`
+  * [types] [\#2298](https://github.com/tendermint/tendermint/issues/2298) Remove `Index` and `Total` fields from `TxProof`.
+  * [types] [\#2598](https://github.com/tendermint/tendermint/issues/2598)
+    `VoteTypeXxx` are now of type `SignedMsgType byte` and named `XxxType`, eg.
+    `PrevoteType`, `PrecommitType`.
+  * [types] [\#2636](https://github.com/tendermint/tendermint/issues/2636) Rename fields in ConsensusParams to remove `Params` suffixes
+  * [types] [\#2735](https://github.com/tendermint/tendermint/issues/2735) Simplify Proposal message to align with spec
+
+* Blockchain Protocol
+  * [crypto/tmhash] [\#2732](https://github.com/tendermint/tendermint/issues/2732) TMHASH is now full 32-byte SHA256
+    * All hashes in the block header and Merkle trees are now 32-bytes
+    * PubKey Addresses are still only 20-bytes
+  * [state] [\#2587](https://github.com/tendermint/tendermint/issues/2587) Require block.Time of the fist block to be genesis time
+  * [state] [\#2644](https://github.com/tendermint/tendermint/issues/2644) Require block.Version to match state.Version
+  * [types] Update SignBytes for `Vote`/`Proposal`/`Heartbeat`:
+    * [\#2459](https://github.com/tendermint/tendermint/issues/2459) Use amino encoding instead of JSON in `SignBytes`.
+    * [\#2598](https://github.com/tendermint/tendermint/issues/2598) Reorder fields and use fixed sized encoding.
+    * [\#2598](https://github.com/tendermint/tendermint/issues/2598) Change `Type` field from `string` to `byte` and use new
+      `SignedMsgType` to enumerate.
+  * [types] [\#2730](https://github.com/tendermint/tendermint/issues/2730) Use
+    same order for fields in `Vote` as in the SignBytes
+  * [types] [\#2732](https://github.com/tendermint/tendermint/issues/2732) Remove the address field from the validator hash
+  * [types] [\#2644](https://github.com/tendermint/tendermint/issues/2644) Add Version struct to Header
+  * [types] [\#2609](https://github.com/tendermint/tendermint/issues/2609) ConsensusParams.Hash() is the hash of the amino encoded
+    struct instead of the Merkle tree of the fields
+  * [types] [\#2670](https://github.com/tendermint/tendermint/issues/2670) Header.Hash() builds Merkle tree out of fields in the same
+    order they appear in the header, instead of sorting by field name
+  * [types] [\#2682](https://github.com/tendermint/tendermint/issues/2682) Use proto3 `varint` encoding for ints that are usually unsigned (instead of zigzag encoding).
+  * [types] [\#2636](https://github.com/tendermint/tendermint/issues/2636) Add Validator field to ConsensusParams
+      (Used to control which pubkey types validators can use, by abci type).
+
+* P2P Protocol
+  * [consensus] [\#2652](https://github.com/tendermint/tendermint/issues/2652)
+    Replace `CommitStepMessage` with `NewValidBlockMessage`
+  * [consensus] [\#2735](https://github.com/tendermint/tendermint/issues/2735) Simplify `Proposal` message to align with spec
+  * [consensus] [\#2730](https://github.com/tendermint/tendermint/issues/2730)
+    Add `Type` field to `Proposal` and use same order of fields as in the
+    SignBytes for both `Proposal` and `Vote`
+  * [p2p] [\#2654](https://github.com/tendermint/tendermint/issues/2654) Add `ProtocolVersion` struct with protocol versions to top of
+    DefaultNodeInfo and require `ProtocolVersion.Block` to match during peer handshake
+
+
+### FEATURES:
+- [abci] [\#2557](https://github.com/tendermint/tendermint/issues/2557) Add `Codespace` field to `Response{CheckTx, DeliverTx, Query}`
+- [abci] [\#2662](https://github.com/tendermint/tendermint/issues/2662) Add `BlockVersion` and `P2PVersion` to `RequestInfo`
+- [crypto/merkle] [\#2298](https://github.com/tendermint/tendermint/issues/2298) General Merkle Proof scheme for chaining various types of Merkle trees together
+
+### IMPROVEMENTS:
+- Additional Metrics
+    - [consensus] [\#2169](https://github.com/cosmos/cosmos-sdk/issues/2169)
+    - [p2p] [\#2169](https://github.com/cosmos/cosmos-sdk/issues/2169)
+- [config] [\#2232](https://github.com/tendermint/tendermint/issues/2232) Added ValidateBasic method, which performs basic checks
+- [crypto/ed25519] [\#2558](https://github.com/tendermint/tendermint/issues/2558) Switch to use latest `golang.org/x/crypto` through our fork at
+  github.com/tendermint/crypto
+- [libs/log] [\#2707](https://github.com/tendermint/tendermint/issues/2707) Add year to log format (@yutianwu)
+- [tools] [\#2238](https://github.com/tendermint/tendermint/issues/2238) Binary dependencies are now locked to a specific git commit
+
+### BUG FIXES:
+- [\#2711](https://github.com/tendermint/tendermint/issues/2711) Validate all incoming reactor messages. Fixes various bugs due to negative ints.
+- [autofile] [\#2428](https://github.com/tendermint/tendermint/issues/2428) Group.RotateFile need call Flush() before rename (@goolAdapter)
+- [common] [\#2533](https://github.com/tendermint/tendermint/issues/2533) Fixed a bug in the `BitArray.Or` method
+- [common] [\#2506](https://github.com/tendermint/tendermint/issues/2506) Fixed a bug in the `BitArray.Sub` method (@james-ray)
+- [common] [\#2534](https://github.com/tendermint/tendermint/issues/2534) Fix `BitArray.PickRandom` to choose uniformly from true bits
+- [consensus] [\#1690](https://github.com/tendermint/tendermint/issues/1690) Wait for
+  timeoutPrecommit before starting next round
+- [consensus] [\#1745](https://github.com/tendermint/tendermint/issues/1745) Wait for
+  Proposal or timeoutProposal before entering prevote
+- [consensus] [\#2642](https://github.com/tendermint/tendermint/issues/2642) Only propose ValidBlock, not LockedBlock
+- [consensus] [\#2642](https://github.com/tendermint/tendermint/issues/2642) Initialized ValidRound and LockedRound to -1
+- [consensus] [\#1637](https://github.com/tendermint/tendermint/issues/1637) Limit the amount of evidence that can be included in a
+  block
+- [consensus] [\#2652](https://github.com/tendermint/tendermint/issues/2652) Ensure valid block property with faulty proposer
+- [evidence] [\#2515](https://github.com/tendermint/tendermint/issues/2515) Fix db iter leak (@goolAdapter)
+- [libs/event] [\#2518](https://github.com/tendermint/tendermint/issues/2518) Fix event concurrency flaw (@goolAdapter)
+- [node] [\#2434](https://github.com/tendermint/tendermint/issues/2434) Make node respond to signal interrupts while sleeping for genesis time
+- [state] [\#2616](https://github.com/tendermint/tendermint/issues/2616) Pass nil to NewValidatorSet() when genesis file's Validators field is nil
+- [p2p] [\#2555](https://github.com/tendermint/tendermint/issues/2555) Fix p2p switch FlushThrottle value (@goolAdapter)
+- [p2p] [\#2668](https://github.com/tendermint/tendermint/issues/2668) Reconnect to originally dialed address (not self-reported
+  address) for persistent peers
+
+
 ## v0.25.0
 
 *September 22, 2018*

CHANGELOG_PENDING.md

@@ -1,69 +1,30 @@
 # Pending
 
-Special thanks to external contributors on this release:
-@goolAdapter, @bradyjoestar
+## v0.26.1
 
-BREAKING CHANGES:
+*TBA*
+
+Special thanks to external contributors on this release:
+
+Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
+
+### BREAKING CHANGES:
 
 * CLI/RPC/Config
-  * [config] \#2232 timeouts as time.Duration, not ints
-  * [config] \#2505 Remove Mempool.RecheckEmpty (it was effectively useless anyways)
-  * [config] `mempool.wal` is disabled by default
-  * [rpc] \#2298 `/abci_query` takes `prove` argument instead of `trusted` and switches the default
-    behaviour to `prove=false`
-  * [privval] \#2459 Split `SocketPVMsg`s implementations into Request and Response, where the Response may contain a error message (returned by the remote signer)
 
 * Apps
-  * [abci] \#2298 ResponseQuery.Proof is now a structured merkle.Proof, not just
-    arbitrary bytes
 
 * Go API
-  * [node] Remove node.RunForever
-  * [config] \#2232 timeouts as time.Duration, not ints
-  * [rpc/client] \#2298 `ABCIQueryOptions.Trusted` -> `ABCIQueryOptions.Prove`
-  * [types] \#2298 Remove `Index` and `Total` fields from `TxProof`.
-  * [crypto/merkle & lite] \#2298 Various changes to accomodate General Merkle trees
-  * [crypto/merkle] \#2595 Remove all Hasher objects in favor of byte slices
-  * [types] \#2598 `VoteTypeXxx` are now
 
 * Blockchain Protocol
-  * [types] Update SignBytes for `Vote`/`Proposal`/`Heartbeat`:
-    * \#2459 Use amino encoding instead of JSON in `SignBytes`.
-    * \#2598 Reorder fields and use fixed sized encoding.
-    * \#2598 Change `Type` field fromt `string` to `byte` and use new
-      `SignedMsgType` to enumerate.
-  * [types] \#2512 Remove the pubkey field from the validator hash
-  * [state] \#2587 Require block.Time of the fist block to be genesis time
 
 * P2P Protocol
 
-FEATURES:
-- [crypto/merkle] \#2298 General Merkle Proof scheme for chaining various types of Merkle trees together
-- [abci] \#2557 Add `Codespace` field to `Response{CheckTx, DeliverTx, Query}`
+### FEATURES:
 
-IMPROVEMENTS:
-- Additional Metrics
-    - [consensus] [\#2169](https://github.com/cosmos/cosmos-sdk/issues/2169)
-    - [p2p] [\#2169](https://github.com/cosmos/cosmos-sdk/issues/2169)
-- [config] \#2232 Added ValidateBasic method, which performs basic checks
-- [crypto/ed25519] \#2558 Switch to use latest `golang.org/x/crypto` through our fork at
-  github.com/tendermint/crypto
-- [tools] \#2238 Binary dependencies are now locked to a specific git commit
-- [crypto] \#2099 make crypto random use chacha, and have forward secrecy of generated randomness
+### IMPROVEMENTS:
 
-BUG FIXES:
-- [autofile] \#2428 Group.RotateFile need call Flush() before rename (@goolAdapter)
-- [node] \#2434 Make node respond to signal interrupts while sleeping for genesis time
-- [consensus] [\#1690](https://github.com/tendermint/tendermint/issues/1690) wait for
-timeoutPrecommit before starting next round
-- [consensus] [\#1745](https://github.com/tendermint/tendermint/issues/1745) wait for
-Proposal or timeoutProposal before entering prevote
-- [evidence] \#2515 fix db iter leak (@goolAdapter)
-- [common/bit_array] Fixed a bug in the `Or` function
-- [common/bit_array] Fixed a bug in the `Sub` function (@james-ray)
-- [common] \#2534 Make bit array's PickRandom choose uniformly from true bits
-- [consensus] \#1637 Limit the amount of evidence that can be included in a
-  block
-- [p2p] \#2555 fix p2p switch FlushThrottle value (@goolAdapter)
-- [libs/event] \#2518 fix event concurrency flaw (@goolAdapter)
-- [state] \#2616 Pass nil to NewValidatorSet() when genesis file's Validators field is nil
+### BUG FIXES:
+
+- [crypto/merkle] [\#2756](https://github.com/tendermint/tendermint/issues/2756) Fix crypto/merkle ProofOperators.Verify to check bounds on keypath parts.
+- [mempool] fix a bug where we create a WAL despite `wal_dir` being empty

Gopkg.lock

@@ -11,11 +11,11 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:2c00f064ba355903866cbfbf3f7f4c0fe64af6638cc7d1b8bdcf3181bc67f1d8"
+  digest = "1:c0decf632843204d2b8781de7b26e7038584e2dcccc7e2f401e88ae85b1df2b7"
   name = "github.com/btcsuite/btcd"
   packages = ["btcec"]
   pruneopts = "UT"
-  revision = "f5e261fc9ec3437697fb31d8b38453c293204b29"
+  revision = "67e573d211ace594f1366b4ce9d39726c4b19bd0"
 
 [[projects]]
   digest = "1:1d8e1cb71c33a9470bbbae09bfec09db43c6bf358dfcae13cd8807c4e2a9a2bf"
@@ -28,19 +28,12 @@
   revision = "d4cc87b860166d00d6b5b9e0d3b3d71d6088d4d4"
 
 [[projects]]
-  digest = "1:a2c1d0e43bd3baaa071d1b9ed72c27d78169b2b269f71c105ac4ba34b1be4a39"
+  digest = "1:ffe9824d294da03b391f44e1ae8281281b4afc1bdaa9588c9097785e3af10cec"
   name = "github.com/davecgh/go-spew"
   packages = ["spew"]
   pruneopts = "UT"
-  revision = "346938d642f2ec3594ed81d874461961cd0faa76"
-  version = "v1.1.0"
-
-[[projects]]
-  digest = "1:c7644c73a3d23741fdba8a99b1464e021a224b7e205be497271a8003a15ca41b"
-  name = "github.com/ebuchman/fail-test"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "95f809107225be108efcf10a3509e4ea6ceef3c4"
+  revision = "8991bc29aa16c548c550c7ff78260e27b9ab7c73"
+  version = "v1.1.1"
 
 [[projects]]
   digest = "1:544229a3ca0fb2dd5ebc2896d3d2ff7ce096d9751635301e44e37e761349ee70"
@@ -83,12 +76,12 @@
   version = "v0.3.0"
 
 [[projects]]
-  digest = "1:c4a2528ccbcabf90f9f3c464a5fc9e302d592861bbfd0b7135a7de8a943d0406"
+  digest = "1:586ea76dbd0374d6fb649a91d70d652b7fe0ccffb8910a77468e7702e7901f3d"
   name = "github.com/go-stack/stack"
   packages = ["."]
   pruneopts = "UT"
-  revision = "259ab82a6cad3992b4e21ff5cac294ccb06474bc"
-  version = "v1.7.0"
+  revision = "2fee6af1a9795aafbe0253a0cfbdf668e1fb8a9a"
+  version = "v1.8.0"
 
 [[projects]]
   digest = "1:35621fe20f140f05a0c4ef662c26c0ab4ee50bca78aa30fe87d33120bd28165e"
@@ -136,8 +129,7 @@
   version = "v1.2.0"
 
 [[projects]]
-  branch = "master"
-  digest = "1:12247a2e99a060cc692f6680e5272c8adf0b8f572e6bce0d7095e624c958a240"
+  digest = "1:ea40c24cdbacd054a6ae9de03e62c5f252479b96c716375aace5c120d68647c8"
   name = "github.com/hashicorp/hcl"
   packages = [
     ".",
@@ -151,7 +143,8 @@
     "json/token",
   ]
   pruneopts = "UT"
-  revision = "ef8a98b0bbce4a65b5aa4c368430a80ddc533168"
+  revision = "8cb6e5b959231cc1119e43259c4a608f9c51a241"
+  version = "v1.0.0"
 
 [[projects]]
   digest = "1:870d441fe217b8e689d7949fef6e43efbc787e50f200cb1e70dbca9204a1d6be"
@@ -193,12 +186,12 @@
   version = "v1.0.1"
 
 [[projects]]
-  branch = "master"
-  digest = "1:5ab79470a1d0fb19b041a624415612f8236b3c06070161a910562f2b2d064355"
+  digest = "1:53bc4cd4914cd7cd52139990d5170d6dc99067ae31c56530621b18b35fc30318"
   name = "github.com/mitchellh/mapstructure"
   packages = ["."]
   pruneopts = "UT"
-  revision = "f15292f7a699fcc1a38a80977f80a046874ba8ac"
+  revision = "3536a929edddb9a5b34bd6861dc4a9647cb459fe"
+  version = "v1.1.2"
 
 [[projects]]
   digest = "1:95741de3af260a92cc5c7f3f3061e85273f5a81b5db20d4bd68da74bd521675e"
@@ -244,7 +237,7 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:63b68062b8968092eb86bedc4e68894bd096ea6b24920faca8b9dcf451f54bb5"
+  digest = "1:db712fde5d12d6cdbdf14b777f0c230f4ff5ab0be8e35b239fc319953ed577a4"
   name = "github.com/prometheus/common"
   packages = [
     "expfmt",
@@ -252,11 +245,11 @@
     "model",
   ]
   pruneopts = "UT"
-  revision = "c7de2306084e37d54b8be01f3541a8464345e9a5"
+  revision = "7e9e6cabbd393fc208072eedef99188d0ce788b6"
 
 [[projects]]
   branch = "master"
-  digest = "1:8c49953a1414305f2ff5465147ee576dd705487c35b15918fcd4efdc0cb7a290"
+  digest = "1:ef74914912f99c79434d9c09658274678bc85080ebe3ab32bec3940ebce5e1fc"
   name = "github.com/prometheus/procfs"
   packages = [
     ".",
@@ -265,7 +258,7 @@
     "xfs",
   ]
   pruneopts = "UT"
-  revision = "05ee40e3a273f7245e8777337fc7b46e533a9a92"
+  revision = "185b4288413d2a0dd0806f78c90dde719829e5ae"
 
 [[projects]]
   digest = "1:c4556a44e350b50a490544d9b06e9fba9c286c21d6c0e47f54f3a9214597298c"
@@ -275,23 +268,23 @@
   revision = "e2704e165165ec55d062f5919b4b29494e9fa790"
 
 [[projects]]
-  digest = "1:bd1ae00087d17c5a748660b8e89e1043e1e5479d0fea743352cda2f8dd8c4f84"
+  digest = "1:6a4a11ba764a56d2758899ec6f3848d24698d48442ebce85ee7a3f63284526cd"
   name = "github.com/spf13/afero"
   packages = [
     ".",
     "mem",
   ]
   pruneopts = "UT"
-  revision = "787d034dfe70e44075ccc060d346146ef53270ad"
-  version = "v1.1.1"
+  revision = "d40851caa0d747393da1ffb28f7f9d8b4eeffebd"
+  version = "v1.1.2"
 
 [[projects]]
-  digest = "1:516e71bed754268937f57d4ecb190e01958452336fa73dbac880894164e91c1f"
+  digest = "1:08d65904057412fc0270fc4812a1c90c594186819243160dc779a402d4b6d0bc"
   name = "github.com/spf13/cast"
   packages = ["."]
   pruneopts = "UT"
-  revision = "8965335b8c7107321228e3e3702cab9832751bac"
-  version = "v1.2.0"
+  revision = "8c9545af88b134710ab1cd196795e7f2388358d7"
+  version = "v1.3.0"
 
 [[projects]]
   digest = "1:7ffc0983035bc7e297da3688d9fe19d60a420e9c38bef23f845c53788ed6a05e"
@@ -302,20 +295,20 @@
   version = "v0.0.1"
 
 [[projects]]
-  branch = "master"
-  digest = "1:080e5f630945ad754f4b920e60b4d3095ba0237ebf88dc462eb28002932e3805"
+  digest = "1:68ea4e23713989dc20b1bded5d9da2c5f9be14ff9885beef481848edd18c26cb"
   name = "github.com/spf13/jwalterweatherman"
   packages = ["."]
   pruneopts = "UT"
-  revision = "7c0cea34c8ece3fbeb2b27ab9b59511d360fb394"
+  revision = "4a4406e478ca629068e7768fc33f3f044173c0a6"
+  version = "v1.0.0"
 
 [[projects]]
-  digest = "1:9424f440bba8f7508b69414634aef3b2b3a877e522d8a4624692412805407bb7"
+  digest = "1:c1b1102241e7f645bc8e0c22ae352e8f0dc6484b6cb4d132fa9f24174e0119e2"
   name = "github.com/spf13/pflag"
   packages = ["."]
   pruneopts = "UT"
-  revision = "583c0c0531f06d5278b7d917446061adc344b5cd"
-  version = "v1.0.1"
+  revision = "298182f68c66c05229eb03ac171abe6e309ee79a"
+  version = "v1.0.3"
 
 [[projects]]
   digest = "1:f8e1a678a2571e265f4bf91a3e5e32aa6b1474a55cb0ea849750cc177b664d96"
@@ -338,7 +331,7 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:b3cfb8d82b1601a846417c3f31c03a7961862cb2c98dcf0959c473843e6d9a2b"
+  digest = "1:59483b8e8183f10ab21a85ba1f4cbb4a2335d48891801f79ed7b9499f44d383c"
   name = "github.com/syndtr/goleveldb"
   packages = [
     "leveldb",
@@ -355,7 +348,7 @@
     "leveldb/util",
   ]
   pruneopts = "UT"
-  revision = "c4c61651e9e37fa117f53c5a906d3b63090d8445"
+  revision = "6b91fda63f2e36186f1c9d0e48578defb69c5d43"
 
 [[projects]]
   digest = "1:605b6546f3f43745695298ec2d342d3e952b6d91cdf9f349bea9315f677d759f"
@@ -365,12 +358,12 @@
   revision = "e5840949ff4fff0c56f9b6a541e22b63581ea9df"
 
 [[projects]]
-  digest = "1:e0a2a4be1e20c305badc2b0a7a9ab7fef6da500763bec23ab81df3b5f9eec9ee"
+  digest = "1:10b3a599325740c84a7c81f3f3cb2e1fdb70b3ea01b7fa28495567a2519df431"
   name = "github.com/tendermint/go-amino"
   packages = ["."]
   pruneopts = "UT"
-  revision = "a8328986c1608950fa5d3d1c0472cccc4f8fc02c"
-  version = "v0.12.0-rc0"
+  revision = "6dcc6ddc143e116455c94b25c1004c99e0d0ca12"
+  version = "v0.14.0"
 
 [[projects]]
   digest = "1:72b71e3a29775e5752ed7a8012052a3dee165e27ec18cedddae5288058f09acf"
@@ -415,14 +408,14 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:bb0fe59917bdd5b89f49b9a8b26e5f465e325d9223b3a8e32254314bdf51e0f1"
+  digest = "1:6f86e2f2e2217cd4d74dec6786163cf80e4d2b99adb341ecc60a45113b844dca"
   name = "golang.org/x/sys"
   packages = [
     "cpu",
     "unix",
   ]
   pruneopts = "UT"
-  revision = "3dc4335d56c789b04b0ba99b7a37249d9b614314"
+  revision = "7e31e0c00fa05cb5fbf4347b585621d6709e19a4"
 
 [[projects]]
   digest = "1:a2ab62866c75542dd18d2b069fec854577a20211d7c0ea6ae746072a1dccdd18"
@@ -449,11 +442,11 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:077c1c599507b3b3e9156d17d36e1e61928ee9b53a5b420f10f28ebd4a0b275c"
+  digest = "1:56b0bca90b7e5d1facf5fbdacba23e4e0ce069d25381b8e2f70ef1e7ebfb9c1a"
   name = "google.golang.org/genproto"
   packages = ["googleapis/rpc/status"]
   pruneopts = "UT"
-  revision = "daca94659cb50e9f37c1b834680f2e46358f10b0"
+  revision = "b69ba1387ce2108ac9bc8e8e5e5a46e7d5c72313"
 
 [[projects]]
   digest = "1:2dab32a43451e320e49608ff4542fdfc653c95dcc35d0065ec9c6c3dd540ed74"
@@ -503,7 +496,6 @@
   input-imports = [
     "github.com/btcsuite/btcutil/base58",
     "github.com/btcsuite/btcutil/bech32",
-    "github.com/ebuchman/fail-test",
     "github.com/fortytw2/leaktest",
     "github.com/go-kit/kit/log",
     "github.com/go-kit/kit/log/level",

Gopkg.toml

@@ -58,7 +58,7 @@
 
 [[constraint]]
   name = "github.com/tendermint/go-amino"
-  version = "v0.12.0-rc0"
+  version = "v0.14.0"
 
 [[constraint]]
   name = "google.golang.org/grpc"
@@ -81,10 +81,6 @@
   name = "github.com/jmhodges/levigo"
   revision = "c42d9e0ca023e2198120196f842701bb4c55d7b9"
 
-[[constraint]]
-  name = "github.com/ebuchman/fail-test"
-  revision = "95f809107225be108efcf10a3509e4ea6ceef3c4"
-
 # last revision used by go-crypto
 [[constraint]]
   name = "github.com/btcsuite/btcutil"

Makefile

@@ -36,7 +36,7 @@ install:
 ########################################
 ### Protobuf
 
-protoc_all: protoc_libs protoc_merkle protoc_abci protoc_grpc
+protoc_all: protoc_libs protoc_merkle protoc_abci protoc_grpc protoc_proto3types
 
 %.pb.go: %.proto
 	## If you get the following error,
@@ -52,6 +52,8 @@ protoc_all: protoc_libs protoc_merkle protoc_abci protoc_grpc
 # see protobuf section above
 protoc_abci: abci/types/types.pb.go
 
+protoc_proto3types: types/proto3/block.pb.go
+
 build_abci:
 	@go build -i ./abci/cmd/...
 

README.md

@@ -36,7 +36,7 @@ We are also still making breaking changes to the protocol and the APIs.
 Thus, we tag the releases as *alpha software*.
 
 In any case, if you intend to run Tendermint in production,
-please [contact us](https://riot.im/app/#/room/#tendermint:matrix.org) :)
+please [contact us](mailto:partners@tendermint.com) and [join the chat](https://riot.im/app/#/room/#tendermint:matrix.org).
 
 ## Security
 

UPGRADING.md

@@ -3,6 +3,86 @@
 This guide provides steps to be followed when you upgrade your applications to
 a newer version of Tendermint Core.
 
+## v0.26.0
+
+New 0.26.0 release contains a lot of changes to core data types and protocols. It is not
+compatible to the old versions and there is no straight forward way to update
+old data to be compatible with the new version.
+
+To reset the state do:
+
+```
+$ tendermint unsafe_reset_all
+```
+
+Here we summarize some other notable changes to be mindful of.
+
+### Config Changes
+
+All timeouts must be changed from integers to strings with their duration, for
+instance `flush_throttle_timeout = 100` would be changed to
+`flush_throttle_timeout = "100ms"` and `timeout_propose = 3000` would be changed
+to `timeout_propose = "3s"`.
+
+### RPC Changes
+
+The default behaviour of `/abci_query` has been changed to not return a proof,
+and the name of the parameter that controls this has been changed from `trusted`
+to `prove`. To get proofs with your queries, ensure you set `prove=true`.
+
+Various version fields like `amino_version`, `p2p_version`, `consensus_version`,
+and `rpc_version` have been removed from the `node_info.other` and are
+consolidated under the tendermint semantic version (ie. `node_info.version`) and
+the new `block` and `p2p` protocol versions under `node_info.protocol_version`.
+
+### ABCI Changes
+
+Field numbers were bumped in the `Header` and `ResponseInfo` messages to make
+room for new `version` fields. It should be straight forward to recompile the
+protobuf file for these changes.
+
+#### Proofs
+
+The `ResponseQuery.Proof` field is now structured as a `[]ProofOp` to support
+generalized Merkle tree constructions where the leaves of one Merkle tree are
+the root of another. If you don't need this functionality, and you used to
+return `<proof bytes>` here, you should instead return a single `ProofOp` with
+just the `Data` field set:
+
+```
+[]ProofOp{
+    ProofOp{
+        Data: <proof bytes>,
+    }
+}
+```
+
+For more information, see:
+
+- [ADR-026](https://github.com/tendermint/tendermint/blob/30519e8361c19f4bf320ef4d26288ebc621ad725/docs/architecture/adr-026-general-merkle-proof.md)
+- [Relevant ABCI
+  documentation](https://github.com/tendermint/tendermint/blob/30519e8361c19f4bf320ef4d26288ebc621ad725/docs/spec/abci/apps.md#query-proofs)
+- [Description of
+  keys](https://github.com/tendermint/tendermint/blob/30519e8361c19f4bf320ef4d26288ebc621ad725/crypto/merkle/proof_key_path.go#L14)
+
+### Go API Changes
+
+#### crypto.merkle
+
+The `merkle.Hasher` interface was removed. Functions which used to take `Hasher`
+now simply take `[]byte`. This means that any objects being Merklized should be
+serialized before they are passed in.
+
+#### node
+
+The `node.RunForever` function was removed. Signal handling and running forever
+should instead be explicitly configured by the caller. See how we do it
+[here](https://github.com/tendermint/tendermint/blob/30519e8361c19f4bf320ef4d26288ebc621ad725/cmd/tendermint/commands/run_node.go#L60).
+
+### Other
+
+All hashes, except for public key addresses, are now 32-bytes.
+
 ## v0.25.0
 
 This release has minimal impact.

abci/example/kvstore/kvstore.go

@@ -10,11 +10,14 @@ import (
 	"github.com/tendermint/tendermint/abci/types"
 	cmn "github.com/tendermint/tendermint/libs/common"
 	dbm "github.com/tendermint/tendermint/libs/db"
+	"github.com/tendermint/tendermint/version"
 )
 
 var (
 	stateKey        = []byte("stateKey")
 	kvPairPrefixKey = []byte("kvPairKey:")
+
+	ProtocolVersion version.Protocol = 0x1
 )
 
 type State struct {
@@ -65,7 +68,11 @@ func NewKVStoreApplication() *KVStoreApplication {
 }
 
 func (app *KVStoreApplication) Info(req types.RequestInfo) (resInfo types.ResponseInfo) {
-	return types.ResponseInfo{Data: fmt.Sprintf("{\"size\":%v}", app.state.Size)}
+	return types.ResponseInfo{
+		Data:       fmt.Sprintf("{\"size\":%v}", app.state.Size),
+		Version:    version.ABCIVersion,
+		AppVersion: ProtocolVersion.Uint64(),
+	}
 }
 
 // tx is either "key=value" or just arbitrary bytes

abci/types/types.proto

@@ -49,6 +49,8 @@ message RequestFlush {
 
 message RequestInfo {
   string version = 1;
+  uint64 block_version = 2;
+  uint64 p2p_version = 3;
 }
 
 // nondeterministic
@@ -72,7 +74,6 @@ message RequestQuery {
   bool prove = 4;
 }
 
-// NOTE: validators here have empty pubkeys.
 message RequestBeginBlock {
   bytes hash = 1;
   Header header = 2 [(gogoproto.nullable)=false];
@@ -129,9 +130,12 @@ message ResponseFlush {
 
 message ResponseInfo {
   string data = 1;
+
   string version = 2;
-  int64 last_block_height = 3;
-  bytes last_block_app_hash = 4;
+  uint64 app_version = 3;
+
+  int64 last_block_height = 4;
+  bytes last_block_app_hash = 5;
 }
 
 // nondeterministic
@@ -203,12 +207,13 @@ message ResponseCommit {
 // ConsensusParams contains all consensus-relevant parameters
 // that can be adjusted by the abci app
 message ConsensusParams {
-  BlockSize block_size = 1;
-  EvidenceParams evidence_params = 2;
+  BlockSizeParams block_size = 1;
+  EvidenceParams evidence = 2;
+  ValidatorParams validator = 3;
 }
 
 // BlockSize contains limits on the block size.
-message BlockSize {
+message BlockSizeParams {
   // Note: must be greater than 0
   int64 max_bytes = 1;
   // Note: must be greater or equal to -1
@@ -221,6 +226,11 @@ message EvidenceParams {
   int64 max_age = 1;
 }
 
+// ValidatorParams contains limits on validators.
+message ValidatorParams {
+  repeated string pub_key_types = 1;
+}
+
 message LastCommitInfo {
   int32 round = 1;
   repeated VoteInfo votes = 2 [(gogoproto.nullable)=false];
@@ -231,31 +241,38 @@ message LastCommitInfo {
 
 message Header {
   // basic block info
-  string chain_id = 1 [(gogoproto.customname)="ChainID"];
-  int64 height = 2;
-  google.protobuf.Timestamp time = 3 [(gogoproto.nullable)=false, (gogoproto.stdtime)=true];
-  int64 num_txs = 4;
-  int64 total_txs = 5;
+  Version version = 1 [(gogoproto.nullable)=false];
+  string chain_id = 2 [(gogoproto.customname)="ChainID"];
+  int64 height = 3;
+  google.protobuf.Timestamp time = 4 [(gogoproto.nullable)=false, (gogoproto.stdtime)=true];
+  int64 num_txs = 5;
+  int64 total_txs = 6;
 
   // prev block info
-  BlockID last_block_id = 6 [(gogoproto.nullable)=false];
+  BlockID last_block_id = 7 [(gogoproto.nullable)=false];
 
   // hashes of block data
-  bytes last_commit_hash = 7; // commit from validators from the last block
-  bytes data_hash = 8;        // transactions
+  bytes last_commit_hash = 8; // commit from validators from the last block
+  bytes data_hash = 9;        // transactions
 
   // hashes from the app output from the prev block
-  bytes validators_hash = 9;   // validators for the current block
-  bytes next_validators_hash = 10;   // validators for the next block
-  bytes consensus_hash = 11;   // consensus params for current block
-  bytes app_hash = 12;         // state after txs from the previous block
-  bytes last_results_hash = 13;// root hash of all results from the txs from the previous block
+  bytes validators_hash = 10;   // validators for the current block
+  bytes next_validators_hash = 11;   // validators for the next block
+  bytes consensus_hash = 12;   // consensus params for current block
+  bytes app_hash = 13;         // state after txs from the previous block
+  bytes last_results_hash = 14;// root hash of all results from the txs from the previous block
 
   // consensus info
-  bytes evidence_hash = 14;    // evidence included in the block
-  bytes proposer_address = 15; // original proposer of the block
+  bytes evidence_hash = 15;    // evidence included in the block
+  bytes proposer_address = 16; // original proposer of the block
 }
 
+message Version {
+  uint64 Block = 1;
+  uint64 App = 2;
+}
+
+
 message BlockID {
   bytes hash = 1;
   PartSetHeader parts_header = 2 [(gogoproto.nullable)=false];

abci/types/typespb_test.go

@@ -1479,15 +1479,15 @@ func TestConsensusParamsMarshalTo(t *testing.T) {
 	}
 }
 
-func TestBlockSizeProto(t *testing.T) {
+func TestBlockSizeParamsProto(t *testing.T) {
 	seed := time.Now().UnixNano()
 	popr := math_rand.New(math_rand.NewSource(seed))
-	p := NewPopulatedBlockSize(popr, false)
+	p := NewPopulatedBlockSizeParams(popr, false)
 	dAtA, err := github_com_gogo_protobuf_proto.Marshal(p)
 	if err != nil {
 		t.Fatalf("seed = %d, err = %v", seed, err)
 	}
-	msg := &BlockSize{}
+	msg := &BlockSizeParams{}
 	if err := github_com_gogo_protobuf_proto.Unmarshal(dAtA, msg); err != nil {
 		t.Fatalf("seed = %d, err = %v", seed, err)
 	}
@@ -1510,10 +1510,10 @@ func TestBlockSizeProto(t *testing.T) {
 	}
 }
 
-func TestBlockSizeMarshalTo(t *testing.T) {
+func TestBlockSizeParamsMarshalTo(t *testing.T) {
 	seed := time.Now().UnixNano()
 	popr := math_rand.New(math_rand.NewSource(seed))
-	p := NewPopulatedBlockSize(popr, false)
+	p := NewPopulatedBlockSizeParams(popr, false)
 	size := p.Size()
 	dAtA := make([]byte, size)
 	for i := range dAtA {
@@ -1523,7 +1523,7 @@ func TestBlockSizeMarshalTo(t *testing.T) {
 	if err != nil {
 		t.Fatalf("seed = %d, err = %v", seed, err)
 	}
-	msg := &BlockSize{}
+	msg := &BlockSizeParams{}
 	if err := github_com_gogo_protobuf_proto.Unmarshal(dAtA, msg); err != nil {
 		t.Fatalf("seed = %d, err = %v", seed, err)
 	}
@@ -1591,6 +1591,62 @@ func TestEvidenceParamsMarshalTo(t *testing.T) {
 	}
 }
 
+func TestValidatorParamsProto(t *testing.T) {
+	seed := time.Now().UnixNano()
+	popr := math_rand.New(math_rand.NewSource(seed))
+	p := NewPopulatedValidatorParams(popr, false)
+	dAtA, err := github_com_gogo_protobuf_proto.Marshal(p)
+	if err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	msg := &ValidatorParams{}
+	if err := github_com_gogo_protobuf_proto.Unmarshal(dAtA, msg); err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	littlefuzz := make([]byte, len(dAtA))
+	copy(littlefuzz, dAtA)
+	for i := range dAtA {
+		dAtA[i] = byte(popr.Intn(256))
+	}
+	if !p.Equal(msg) {
+		t.Fatalf("seed = %d, %#v !Proto %#v", seed, msg, p)
+	}
+	if len(littlefuzz) > 0 {
+		fuzzamount := 100
+		for i := 0; i < fuzzamount; i++ {
+			littlefuzz[popr.Intn(len(littlefuzz))] = byte(popr.Intn(256))
+			littlefuzz = append(littlefuzz, byte(popr.Intn(256)))
+		}
+		// shouldn't panic
+		_ = github_com_gogo_protobuf_proto.Unmarshal(littlefuzz, msg)
+	}
+}
+
+func TestValidatorParamsMarshalTo(t *testing.T) {
+	seed := time.Now().UnixNano()
+	popr := math_rand.New(math_rand.NewSource(seed))
+	p := NewPopulatedValidatorParams(popr, false)
+	size := p.Size()
+	dAtA := make([]byte, size)
+	for i := range dAtA {
+		dAtA[i] = byte(popr.Intn(256))
+	}
+	_, err := p.MarshalTo(dAtA)
+	if err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	msg := &ValidatorParams{}
+	if err := github_com_gogo_protobuf_proto.Unmarshal(dAtA, msg); err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	for i := range dAtA {
+		dAtA[i] = byte(popr.Intn(256))
+	}
+	if !p.Equal(msg) {
+		t.Fatalf("seed = %d, %#v !Proto %#v", seed, msg, p)
+	}
+}
+
 func TestLastCommitInfoProto(t *testing.T) {
 	seed := time.Now().UnixNano()
 	popr := math_rand.New(math_rand.NewSource(seed))
@@ -1703,6 +1759,62 @@ func TestHeaderMarshalTo(t *testing.T) {
 	}
 }
 
+func TestVersionProto(t *testing.T) {
+	seed := time.Now().UnixNano()
+	popr := math_rand.New(math_rand.NewSource(seed))
+	p := NewPopulatedVersion(popr, false)
+	dAtA, err := github_com_gogo_protobuf_proto.Marshal(p)
+	if err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	msg := &Version{}
+	if err := github_com_gogo_protobuf_proto.Unmarshal(dAtA, msg); err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	littlefuzz := make([]byte, len(dAtA))
+	copy(littlefuzz, dAtA)
+	for i := range dAtA {
+		dAtA[i] = byte(popr.Intn(256))
+	}
+	if !p.Equal(msg) {
+		t.Fatalf("seed = %d, %#v !Proto %#v", seed, msg, p)
+	}
+	if len(littlefuzz) > 0 {
+		fuzzamount := 100
+		for i := 0; i < fuzzamount; i++ {
+			littlefuzz[popr.Intn(len(littlefuzz))] = byte(popr.Intn(256))
+			littlefuzz = append(littlefuzz, byte(popr.Intn(256)))
+		}
+		// shouldn't panic
+		_ = github_com_gogo_protobuf_proto.Unmarshal(littlefuzz, msg)
+	}
+}
+
+func TestVersionMarshalTo(t *testing.T) {
+	seed := time.Now().UnixNano()
+	popr := math_rand.New(math_rand.NewSource(seed))
+	p := NewPopulatedVersion(popr, false)
+	size := p.Size()
+	dAtA := make([]byte, size)
+	for i := range dAtA {
+		dAtA[i] = byte(popr.Intn(256))
+	}
+	_, err := p.MarshalTo(dAtA)
+	if err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	msg := &Version{}
+	if err := github_com_gogo_protobuf_proto.Unmarshal(dAtA, msg); err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	for i := range dAtA {
+		dAtA[i] = byte(popr.Intn(256))
+	}
+	if !p.Equal(msg) {
+		t.Fatalf("seed = %d, %#v !Proto %#v", seed, msg, p)
+	}
+}
+
 func TestBlockIDProto(t *testing.T) {
 	seed := time.Now().UnixNano()
 	popr := math_rand.New(math_rand.NewSource(seed))
@@ -2563,16 +2675,16 @@ func TestConsensusParamsJSON(t *testing.T) {
 		t.Fatalf("seed = %d, %#v !Json Equal %#v", seed, msg, p)
 	}
 }
-func TestBlockSizeJSON(t *testing.T) {
+func TestBlockSizeParamsJSON(t *testing.T) {
 	seed := time.Now().UnixNano()
 	popr := math_rand.New(math_rand.NewSource(seed))
-	p := NewPopulatedBlockSize(popr, true)
+	p := NewPopulatedBlockSizeParams(popr, true)
 	marshaler := github_com_gogo_protobuf_jsonpb.Marshaler{}
 	jsondata, err := marshaler.MarshalToString(p)
 	if err != nil {
 		t.Fatalf("seed = %d, err = %v", seed, err)
 	}
-	msg := &BlockSize{}
+	msg := &BlockSizeParams{}
 	err = github_com_gogo_protobuf_jsonpb.UnmarshalString(jsondata, msg)
 	if err != nil {
 		t.Fatalf("seed = %d, err = %v", seed, err)
@@ -2599,6 +2711,24 @@ func TestEvidenceParamsJSON(t *testing.T) {
 		t.Fatalf("seed = %d, %#v !Json Equal %#v", seed, msg, p)
 	}
 }
+func TestValidatorParamsJSON(t *testing.T) {
+	seed := time.Now().UnixNano()
+	popr := math_rand.New(math_rand.NewSource(seed))
+	p := NewPopulatedValidatorParams(popr, true)
+	marshaler := github_com_gogo_protobuf_jsonpb.Marshaler{}
+	jsondata, err := marshaler.MarshalToString(p)
+	if err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	msg := &ValidatorParams{}
+	err = github_com_gogo_protobuf_jsonpb.UnmarshalString(jsondata, msg)
+	if err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	if !p.Equal(msg) {
+		t.Fatalf("seed = %d, %#v !Json Equal %#v", seed, msg, p)
+	}
+}
 func TestLastCommitInfoJSON(t *testing.T) {
 	seed := time.Now().UnixNano()
 	popr := math_rand.New(math_rand.NewSource(seed))
@@ -2635,6 +2765,24 @@ func TestHeaderJSON(t *testing.T) {
 		t.Fatalf("seed = %d, %#v !Json Equal %#v", seed, msg, p)
 	}
 }
+func TestVersionJSON(t *testing.T) {
+	seed := time.Now().UnixNano()
+	popr := math_rand.New(math_rand.NewSource(seed))
+	p := NewPopulatedVersion(popr, true)
+	marshaler := github_com_gogo_protobuf_jsonpb.Marshaler{}
+	jsondata, err := marshaler.MarshalToString(p)
+	if err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	msg := &Version{}
+	err = github_com_gogo_protobuf_jsonpb.UnmarshalString(jsondata, msg)
+	if err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	if !p.Equal(msg) {
+		t.Fatalf("seed = %d, %#v !Json Equal %#v", seed, msg, p)
+	}
+}
 func TestBlockIDJSON(t *testing.T) {
 	seed := time.Now().UnixNano()
 	popr := math_rand.New(math_rand.NewSource(seed))
@@ -3489,12 +3637,12 @@ func TestConsensusParamsProtoCompactText(t *testing.T) {
 	}
 }
 
-func TestBlockSizeProtoText(t *testing.T) {
+func TestBlockSizeParamsProtoText(t *testing.T) {
 	seed := time.Now().UnixNano()
 	popr := math_rand.New(math_rand.NewSource(seed))
-	p := NewPopulatedBlockSize(popr, true)
+	p := NewPopulatedBlockSizeParams(popr, true)
 	dAtA := github_com_gogo_protobuf_proto.MarshalTextString(p)
-	msg := &BlockSize{}
+	msg := &BlockSizeParams{}
 	if err := github_com_gogo_protobuf_proto.UnmarshalText(dAtA, msg); err != nil {
 		t.Fatalf("seed = %d, err = %v", seed, err)
 	}
@@ -3503,12 +3651,12 @@ func TestBlockSizeProtoText(t *testing.T) {
 	}
 }
 
-func TestBlockSizeProtoCompactText(t *testing.T) {
+func TestBlockSizeParamsProtoCompactText(t *testing.T) {
 	seed := time.Now().UnixNano()
 	popr := math_rand.New(math_rand.NewSource(seed))
-	p := NewPopulatedBlockSize(popr, true)
+	p := NewPopulatedBlockSizeParams(popr, true)
 	dAtA := github_com_gogo_protobuf_proto.CompactTextString(p)
-	msg := &BlockSize{}
+	msg := &BlockSizeParams{}
 	if err := github_com_gogo_protobuf_proto.UnmarshalText(dAtA, msg); err != nil {
 		t.Fatalf("seed = %d, err = %v", seed, err)
 	}
@@ -3545,6 +3693,34 @@ func TestEvidenceParamsProtoCompactText(t *testing.T) {
 	}
 }
 
+func TestValidatorParamsProtoText(t *testing.T) {
+	seed := time.Now().UnixNano()
+	popr := math_rand.New(math_rand.NewSource(seed))
+	p := NewPopulatedValidatorParams(popr, true)
+	dAtA := github_com_gogo_protobuf_proto.MarshalTextString(p)
+	msg := &ValidatorParams{}
+	if err := github_com_gogo_protobuf_proto.UnmarshalText(dAtA, msg); err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	if !p.Equal(msg) {
+		t.Fatalf("seed = %d, %#v !Proto %#v", seed, msg, p)
+	}
+}
+
+func TestValidatorParamsProtoCompactText(t *testing.T) {
+	seed := time.Now().UnixNano()
+	popr := math_rand.New(math_rand.NewSource(seed))
+	p := NewPopulatedValidatorParams(popr, true)
+	dAtA := github_com_gogo_protobuf_proto.CompactTextString(p)
+	msg := &ValidatorParams{}
+	if err := github_com_gogo_protobuf_proto.UnmarshalText(dAtA, msg); err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	if !p.Equal(msg) {
+		t.Fatalf("seed = %d, %#v !Proto %#v", seed, msg, p)
+	}
+}
+
 func TestLastCommitInfoProtoText(t *testing.T) {
 	seed := time.Now().UnixNano()
 	popr := math_rand.New(math_rand.NewSource(seed))
@@ -3601,6 +3777,34 @@ func TestHeaderProtoCompactText(t *testing.T) {
 	}
 }
 
+func TestVersionProtoText(t *testing.T) {
+	seed := time.Now().UnixNano()
+	popr := math_rand.New(math_rand.NewSource(seed))
+	p := NewPopulatedVersion(popr, true)
+	dAtA := github_com_gogo_protobuf_proto.MarshalTextString(p)
+	msg := &Version{}
+	if err := github_com_gogo_protobuf_proto.UnmarshalText(dAtA, msg); err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	if !p.Equal(msg) {
+		t.Fatalf("seed = %d, %#v !Proto %#v", seed, msg, p)
+	}
+}
+
+func TestVersionProtoCompactText(t *testing.T) {
+	seed := time.Now().UnixNano()
+	popr := math_rand.New(math_rand.NewSource(seed))
+	p := NewPopulatedVersion(popr, true)
+	dAtA := github_com_gogo_protobuf_proto.CompactTextString(p)
+	msg := &Version{}
+	if err := github_com_gogo_protobuf_proto.UnmarshalText(dAtA, msg); err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	if !p.Equal(msg) {
+		t.Fatalf("seed = %d, %#v !Proto %#v", seed, msg, p)
+	}
+}
+
 func TestBlockIDProtoText(t *testing.T) {
 	seed := time.Now().UnixNano()
 	popr := math_rand.New(math_rand.NewSource(seed))
@@ -4369,10 +4573,10 @@ func TestConsensusParamsSize(t *testing.T) {
 	}
 }
 
-func TestBlockSizeSize(t *testing.T) {
+func TestBlockSizeParamsSize(t *testing.T) {
 	seed := time.Now().UnixNano()
 	popr := math_rand.New(math_rand.NewSource(seed))
-	p := NewPopulatedBlockSize(popr, true)
+	p := NewPopulatedBlockSizeParams(popr, true)
 	size2 := github_com_gogo_protobuf_proto.Size(p)
 	dAtA, err := github_com_gogo_protobuf_proto.Marshal(p)
 	if err != nil {
@@ -4413,6 +4617,28 @@ func TestEvidenceParamsSize(t *testing.T) {
 	}
 }
 
+func TestValidatorParamsSize(t *testing.T) {
+	seed := time.Now().UnixNano()
+	popr := math_rand.New(math_rand.NewSource(seed))
+	p := NewPopulatedValidatorParams(popr, true)
+	size2 := github_com_gogo_protobuf_proto.Size(p)
+	dAtA, err := github_com_gogo_protobuf_proto.Marshal(p)
+	if err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	size := p.Size()
+	if len(dAtA) != size {
+		t.Errorf("seed = %d, size %v != marshalled size %v", seed, size, len(dAtA))
+	}
+	if size2 != size {
+		t.Errorf("seed = %d, size %v != before marshal proto.Size %v", seed, size, size2)
+	}
+	size3 := github_com_gogo_protobuf_proto.Size(p)
+	if size3 != size {
+		t.Errorf("seed = %d, size %v != after marshal proto.Size %v", seed, size, size3)
+	}
+}
+
 func TestLastCommitInfoSize(t *testing.T) {
 	seed := time.Now().UnixNano()
 	popr := math_rand.New(math_rand.NewSource(seed))
@@ -4457,6 +4683,28 @@ func TestHeaderSize(t *testing.T) {
 	}
 }
 
+func TestVersionSize(t *testing.T) {
+	seed := time.Now().UnixNano()
+	popr := math_rand.New(math_rand.NewSource(seed))
+	p := NewPopulatedVersion(popr, true)
+	size2 := github_com_gogo_protobuf_proto.Size(p)
+	dAtA, err := github_com_gogo_protobuf_proto.Marshal(p)
+	if err != nil {
+		t.Fatalf("seed = %d, err = %v", seed, err)
+	}
+	size := p.Size()
+	if len(dAtA) != size {
+		t.Errorf("seed = %d, size %v != marshalled size %v", seed, size, len(dAtA))
+	}
+	if size2 != size {
+		t.Errorf("seed = %d, size %v != before marshal proto.Size %v", seed, size, size2)
+	}
+	size3 := github_com_gogo_protobuf_proto.Size(p)
+	if size3 != size {
+		t.Errorf("seed = %d, size %v != after marshal proto.Size %v", seed, size, size3)
+	}
+}
+
 func TestBlockIDSize(t *testing.T) {
 	seed := time.Now().UnixNano()
 	popr := math_rand.New(math_rand.NewSource(seed))

benchmarks/codec_test.go

@@ -14,14 +14,15 @@ import (
 
 func testNodeInfo(id p2p.ID) p2p.DefaultNodeInfo {
 	return p2p.DefaultNodeInfo{
-		ID_:        id,
-		Moniker:    "SOMENAME",
-		Network:    "SOMENAME",
-		ListenAddr: "SOMEADDR",
-		Version:    "SOMEVER",
+		ProtocolVersion: p2p.ProtocolVersion{1, 2, 3},
+		ID_:             id,
+		Moniker:         "SOMENAME",
+		Network:         "SOMENAME",
+		ListenAddr:      "SOMEADDR",
+		Version:         "SOMEVER",
 		Other: p2p.DefaultNodeInfoOther{
-			AminoVersion: "SOMESTRING",
-			P2PVersion:   "OTHERSTRING",
+			TxIndex:    "on",
+			RPCAddress: "0.0.0.0:26657",
 		},
 	}
 }

blockchain/reactor.go

@@ -1,6 +1,7 @@
 package blockchain
 
 import (
+	"errors"
 	"fmt"
 	"reflect"
 	"time"
@@ -180,6 +181,12 @@ func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte)
 		return
 	}
 
+	if err = msg.ValidateBasic(); err != nil {
+		bcR.Logger.Error("Peer sent us invalid msg", "peer", src, "msg", msg, "err", err)
+		bcR.Switch.StopPeerForError(src, err)
+		return
+	}
+
 	bcR.Logger.Debug("Receive", "src", src, "chID", chID, "msg", msg)
 
 	switch msg := msg.(type) {
@@ -188,7 +195,6 @@ func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte)
 			// Unfortunately not queued since the queue is full.
 		}
 	case *bcBlockResponseMessage:
-		// Got a block.
 		bcR.pool.AddBlock(src.ID(), msg.Block, len(msgBytes))
 	case *bcStatusRequestMessage:
 		// Send peer our state.
@@ -352,7 +358,9 @@ func (bcR *BlockchainReactor) BroadcastStatusRequest() error {
 // Messages
 
 // BlockchainMessage is a generic message for this reactor.
-type BlockchainMessage interface{}
+type BlockchainMessage interface {
+	ValidateBasic() error
+}
 
 func RegisterBlockchainMessages(cdc *amino.Codec) {
 	cdc.RegisterInterface((*BlockchainMessage)(nil), nil)
@@ -377,6 +385,14 @@ type bcBlockRequestMessage struct {
 	Height int64
 }
 
+// ValidateBasic performs basic validation.
+func (m *bcBlockRequestMessage) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("Negative Height")
+	}
+	return nil
+}
+
 func (m *bcBlockRequestMessage) String() string {
 	return fmt.Sprintf("[bcBlockRequestMessage %v]", m.Height)
 }
@@ -385,6 +401,14 @@ type bcNoBlockResponseMessage struct {
 	Height int64
 }
 
+// ValidateBasic performs basic validation.
+func (m *bcNoBlockResponseMessage) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("Negative Height")
+	}
+	return nil
+}
+
 func (brm *bcNoBlockResponseMessage) String() string {
 	return fmt.Sprintf("[bcNoBlockResponseMessage %d]", brm.Height)
 }
@@ -395,6 +419,15 @@ type bcBlockResponseMessage struct {
 	Block *types.Block
 }
 
+// ValidateBasic performs basic validation.
+func (m *bcBlockResponseMessage) ValidateBasic() error {
+	if err := m.Block.ValidateBasic(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (m *bcBlockResponseMessage) String() string {
 	return fmt.Sprintf("[bcBlockResponseMessage %v]", m.Block.Height)
 }
@@ -405,6 +438,14 @@ type bcStatusRequestMessage struct {
 	Height int64
 }
 
+// ValidateBasic performs basic validation.
+func (m *bcStatusRequestMessage) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("Negative Height")
+	}
+	return nil
+}
+
 func (m *bcStatusRequestMessage) String() string {
 	return fmt.Sprintf("[bcStatusRequestMessage %v]", m.Height)
 }
@@ -415,6 +456,14 @@ type bcStatusResponseMessage struct {
 	Height int64
 }
 
+// ValidateBasic performs basic validation.
+func (m *bcStatusResponseMessage) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("Negative Height")
+	}
+	return nil
+}
+
 func (m *bcStatusResponseMessage) String() string {
 	return fmt.Sprintf("[bcStatusResponseMessage %v]", m.Height)
 }

blockchain/reactor_test.go

@@ -206,3 +206,4 @@ func (tp *bcrTestPeer) IsPersistent() bool                   { return true }
 func (tp *bcrTestPeer) Get(s string) interface{}             { return s }
 func (tp *bcrTestPeer) Set(string, interface{})              {}
 func (tp *bcrTestPeer) RemoteIP() net.IP                     { return []byte{127, 0, 0, 1} }
+func (tp *bcrTestPeer) OriginalAddr() *p2p.NetAddress        { return nil }

blockchain/store.go

@@ -63,7 +63,7 @@ func (bs *BlockStore) LoadBlock(height int64) *types.Block {
 		part := bs.LoadBlockPart(height, i)
 		buf = append(buf, part.Bytes...)
 	}
-	err := cdc.UnmarshalBinary(buf, block)
+	err := cdc.UnmarshalBinaryLengthPrefixed(buf, block)
 	if err != nil {
 		// NOTE: The existence of meta should imply the existence of the
 		// block. So, make sure meta is only saved after blocks are saved.

config/config.go

@@ -497,6 +497,11 @@ func (cfg *MempoolConfig) WalDir() string {
 	return rootify(cfg.WalPath, cfg.RootDir)
 }
 
+// WalEnabled returns true if the WAL is enabled.
+func (cfg *MempoolConfig) WalEnabled() bool {
+	return cfg.WalPath != ""
+}
+
 // ValidateBasic performs basic validation (checking param bounds, etc.) and
 // returns an error if any check fails.
 func (cfg *MempoolConfig) ValidateBasic() error {

config/toml.go

@@ -342,7 +342,7 @@ func ResetTestRoot(testName string) *Config {
 }
 
 var testGenesis = `{
-  "genesis_time": "2017-10-10T08:20:13.695936996Z",
+  "genesis_time": "2018-10-10T08:20:13.695936996Z",
   "chain_id": "tendermint_test",
   "validators": [
     {

consensus/byzantine_test.go

@@ -179,16 +179,16 @@ func byzantineDecideProposalFunc(t *testing.T, height int64, round int, cs *Cons
 
 	// Create a new proposal block from state/txs from the mempool.
 	block1, blockParts1 := cs.createProposalBlock()
-	polRound, polBlockID := cs.Votes.POLInfo()
-	proposal1 := types.NewProposal(height, round, blockParts1.Header(), polRound, polBlockID)
+	polRound, propBlockID := cs.ValidRound, types.BlockID{block1.Hash(), blockParts1.Header()}
+	proposal1 := types.NewProposal(height, round, polRound, propBlockID)
 	if err := cs.privValidator.SignProposal(cs.state.ChainID, proposal1); err != nil {
 		t.Error(err)
 	}
 
 	// Create a new proposal block from state/txs from the mempool.
 	block2, blockParts2 := cs.createProposalBlock()
-	polRound, polBlockID = cs.Votes.POLInfo()
-	proposal2 := types.NewProposal(height, round, blockParts2.Header(), polRound, polBlockID)
+	polRound, propBlockID = cs.ValidRound, types.BlockID{block2.Hash(), blockParts2.Header()}
+	proposal2 := types.NewProposal(height, round, polRound, propBlockID)
 	if err := cs.privValidator.SignProposal(cs.state.ChainID, proposal2); err != nil {
 		t.Error(err)
 	}
@@ -263,7 +263,7 @@ func (br *ByzantineReactor) AddPeer(peer p2p.Peer) {
 	// Send our state to peer.
 	// If we're fast_syncing, broadcast a RoundStepMessage later upon SwitchToConsensus().
 	if !br.reactor.fastSync {
-		br.reactor.sendNewRoundStepMessages(peer)
+		br.reactor.sendNewRoundStepMessage(peer)
 	}
 }
 func (br *ByzantineReactor) RemovePeer(peer p2p.Peer, reason interface{}) {

consensus/common_test.go

@@ -130,8 +130,8 @@ func decideProposal(cs1 *ConsensusState, vs *validatorStub, height int64, round
 	}
 
 	// Make proposal
-	polRound, polBlockID := cs1.Votes.POLInfo()
-	proposal = types.NewProposal(height, round, blockParts.Header(), polRound, polBlockID)
+	polRound, propBlockID := cs1.ValidRound, types.BlockID{block.Hash(), blockParts.Header()}
+	proposal = types.NewProposal(height, round, polRound, propBlockID)
 	if err := vs.SignProposal(cs1.state.ChainID, proposal); err != nil {
 		panic(err)
 	}
@@ -420,6 +420,11 @@ func ensureNewProposal(proposalCh <-chan interface{}, height int64, round int) {
 		"Timeout expired while waiting for NewProposal event")
 }
 
+func ensureNewValidBlock(validBlockCh <-chan interface{}, height int64, round int) {
+	ensureNewEvent(validBlockCh, height, round, ensureTimeout,
+		"Timeout expired while waiting for NewValidBlock event")
+}
+
 func ensureNewBlock(blockCh <-chan interface{}, height int64) {
 	select {
 	case <-time.After(ensureTimeout):
@@ -487,6 +492,14 @@ func ensureVote(voteCh <-chan interface{}, height int64, round int,
 	}
 }
 
+func ensurePrecommit(voteCh <-chan interface{}, height int64, round int) {
+	ensureVote(voteCh, height, round, types.PrecommitType)
+}
+
+func ensurePrevote(voteCh <-chan interface{}, height int64, round int) {
+	ensureVote(voteCh, height, round, types.PrevoteType)
+}
+
 func ensureNewEventOnChannel(ch <-chan interface{}) {
 	select {
 	case <-time.After(ensureTimeout):
@@ -602,8 +615,6 @@ func randGenesisDoc(numValidators int, randPower bool, minPower int64) (*types.G
 func randGenesisState(numValidators int, randPower bool, minPower int64) (sm.State, []types.PrivValidator) {
 	genDoc, privValidators := randGenesisDoc(numValidators, randPower, minPower)
 	s0, _ := sm.MakeGenesisState(genDoc)
-	db := dbm.NewMemDB() // remove this ?
-	sm.SaveState(db, s0)
 	return s0, privValidators
 }
 

consensus/mempool_test.go

@@ -10,7 +10,6 @@ import (
 
 	"github.com/tendermint/tendermint/abci/example/code"
 	abci "github.com/tendermint/tendermint/abci/types"
-
 	"github.com/tendermint/tendermint/types"
 )
 

consensus/reactor.go

@@ -8,8 +8,7 @@ import (
 
 	"github.com/pkg/errors"
 
-	"github.com/tendermint/go-amino"
-
+	amino "github.com/tendermint/go-amino"
 	cstypes "github.com/tendermint/tendermint/consensus/types"
 	cmn "github.com/tendermint/tendermint/libs/common"
 	tmevents "github.com/tendermint/tendermint/libs/events"
@@ -174,7 +173,7 @@ func (conR *ConsensusReactor) AddPeer(peer p2p.Peer) {
 	// Send our state to peer.
 	// If we're fast_syncing, broadcast a RoundStepMessage later upon SwitchToConsensus().
 	if !conR.FastSync() {
-		conR.sendNewRoundStepMessages(peer)
+		conR.sendNewRoundStepMessage(peer)
 	}
 }
 
@@ -205,6 +204,13 @@ func (conR *ConsensusReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte)
 		conR.Switch.StopPeerForError(src, err)
 		return
 	}
+
+	if err = msg.ValidateBasic(); err != nil {
+		conR.Logger.Error("Peer sent us invalid msg", "peer", src, "msg", msg, "err", err)
+		conR.Switch.StopPeerForError(src, err)
+		return
+	}
+
 	conR.Logger.Debug("Receive", "src", src, "chId", chID, "msg", msg)
 
 	// Get peer states
@@ -215,8 +221,8 @@ func (conR *ConsensusReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte)
 		switch msg := msg.(type) {
 		case *NewRoundStepMessage:
 			ps.ApplyNewRoundStepMessage(msg)
-		case *CommitStepMessage:
-			ps.ApplyCommitStepMessage(msg)
+		case *NewValidBlockMessage:
+			ps.ApplyNewValidBlockMessage(msg)
 		case *HasVoteMessage:
 			ps.ApplyHasVoteMessage(msg)
 		case *VoteSetMaj23Message:
@@ -242,8 +248,7 @@ func (conR *ConsensusReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte)
 			case types.PrecommitType:
 				ourVotes = votes.Precommits(msg.Round).BitArrayByBlockID(msg.BlockID)
 			default:
-				conR.Logger.Error("Bad VoteSetBitsMessage field Type")
-				return
+				panic("Bad VoteSetBitsMessage field Type. Forgot to add a check in ValidateBasic?")
 			}
 			src.TrySend(VoteSetBitsChannel, cdc.MustMarshalBinaryBare(&VoteSetBitsMessage{
 				Height:  msg.Height,
@@ -322,8 +327,7 @@ func (conR *ConsensusReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte)
 				case types.PrecommitType:
 					ourVotes = votes.Precommits(msg.Round).BitArrayByBlockID(msg.BlockID)
 				default:
-					conR.Logger.Error("Bad VoteSetBitsMessage field Type")
-					return
+					panic("Bad VoteSetBitsMessage field Type. Forgot to add a check in ValidateBasic?")
 				}
 				ps.ApplyVoteSetBitsMessage(msg, ourVotes)
 			} else {
@@ -365,7 +369,12 @@ func (conR *ConsensusReactor) subscribeToBroadcastEvents() {
 	const subscriber = "consensus-reactor"
 	conR.conS.evsw.AddListenerForEvent(subscriber, types.EventNewRoundStep,
 		func(data tmevents.EventData) {
-			conR.broadcastNewRoundStepMessages(data.(*cstypes.RoundState))
+			conR.broadcastNewRoundStepMessage(data.(*cstypes.RoundState))
+		})
+
+	conR.conS.evsw.AddListenerForEvent(subscriber, types.EventValidBlock,
+		func(data tmevents.EventData) {
+			conR.broadcastNewValidBlockMessage(data.(*cstypes.RoundState))
 		})
 
 	conR.conS.evsw.AddListenerForEvent(subscriber, types.EventVote,
@@ -391,14 +400,20 @@ func (conR *ConsensusReactor) broadcastProposalHeartbeatMessage(hb *types.Heartb
 	conR.Switch.Broadcast(StateChannel, cdc.MustMarshalBinaryBare(msg))
 }
 
-func (conR *ConsensusReactor) broadcastNewRoundStepMessages(rs *cstypes.RoundState) {
-	nrsMsg, csMsg := makeRoundStepMessages(rs)
-	if nrsMsg != nil {
-		conR.Switch.Broadcast(StateChannel, cdc.MustMarshalBinaryBare(nrsMsg))
-	}
-	if csMsg != nil {
-		conR.Switch.Broadcast(StateChannel, cdc.MustMarshalBinaryBare(csMsg))
+func (conR *ConsensusReactor) broadcastNewRoundStepMessage(rs *cstypes.RoundState) {
+	nrsMsg := makeRoundStepMessage(rs)
+	conR.Switch.Broadcast(StateChannel, cdc.MustMarshalBinaryBare(nrsMsg))
+}
+
+func (conR *ConsensusReactor) broadcastNewValidBlockMessage(rs *cstypes.RoundState) {
+	csMsg := &NewValidBlockMessage{
+		Height:           rs.Height,
+		Round:            rs.Round,
+		BlockPartsHeader: rs.ProposalBlockParts.Header(),
+		BlockParts:       rs.ProposalBlockParts.BitArray(),
+		IsCommit:         rs.Step == cstypes.RoundStepCommit,
 	}
+	conR.Switch.Broadcast(StateChannel, cdc.MustMarshalBinaryBare(csMsg))
 }
 
 // Broadcasts HasVoteMessage to peers that care.
@@ -427,7 +442,7 @@ func (conR *ConsensusReactor) broadcastHasVoteMessage(vote *types.Vote) {
 	*/
 }
 
-func makeRoundStepMessages(rs *cstypes.RoundState) (nrsMsg *NewRoundStepMessage, csMsg *CommitStepMessage) {
+func makeRoundStepMessage(rs *cstypes.RoundState) (nrsMsg *NewRoundStepMessage) {
 	nrsMsg = &NewRoundStepMessage{
 		Height: rs.Height,
 		Round:  rs.Round,
@@ -435,25 +450,13 @@ func makeRoundStepMessages(rs *cstypes.RoundState) (nrsMsg *NewRoundStepMessage,
 		SecondsSinceStartTime: int(time.Since(rs.StartTime).Seconds()),
 		LastCommitRound:       rs.LastCommit.Round(),
 	}
-	if rs.Step == cstypes.RoundStepCommit {
-		csMsg = &CommitStepMessage{
-			Height:           rs.Height,
-			BlockPartsHeader: rs.ProposalBlockParts.Header(),
-			BlockParts:       rs.ProposalBlockParts.BitArray(),
-		}
-	}
 	return
 }
 
-func (conR *ConsensusReactor) sendNewRoundStepMessages(peer p2p.Peer) {
+func (conR *ConsensusReactor) sendNewRoundStepMessage(peer p2p.Peer) {
 	rs := conR.conS.GetRoundState()
-	nrsMsg, csMsg := makeRoundStepMessages(rs)
-	if nrsMsg != nil {
-		peer.Send(StateChannel, cdc.MustMarshalBinaryBare(nrsMsg))
-	}
-	if csMsg != nil {
-		peer.Send(StateChannel, cdc.MustMarshalBinaryBare(csMsg))
-	}
+	nrsMsg := makeRoundStepMessage(rs)
+	peer.Send(StateChannel, cdc.MustMarshalBinaryBare(nrsMsg))
 }
 
 func (conR *ConsensusReactor) gossipDataRoutine(peer p2p.Peer, ps *PeerState) {
@@ -524,6 +527,7 @@ OUTER_LOOP:
 				msg := &ProposalMessage{Proposal: rs.Proposal}
 				logger.Debug("Sending proposal", "height", prs.Height, "round", prs.Round)
 				if peer.Send(DataChannel, cdc.MustMarshalBinaryBare(msg)) {
+					// NOTE[ZM]: A peer might have received different proposal msg so this Proposal msg will be rejected!
 					ps.SetHasProposal(rs.Proposal)
 				}
 			}
@@ -964,13 +968,20 @@ func (ps *PeerState) SetHasProposal(proposal *types.Proposal) {
 	if ps.PRS.Height != proposal.Height || ps.PRS.Round != proposal.Round {
 		return
 	}
+
 	if ps.PRS.Proposal {
 		return
 	}
 
 	ps.PRS.Proposal = true
-	ps.PRS.ProposalBlockPartsHeader = proposal.BlockPartsHeader
-	ps.PRS.ProposalBlockParts = cmn.NewBitArray(proposal.BlockPartsHeader.Total)
+
+	// ps.PRS.ProposalBlockParts is set due to NewValidBlockMessage
+	if ps.PRS.ProposalBlockParts != nil {
+		return
+	}
+
+	ps.PRS.ProposalBlockPartsHeader = proposal.BlockID.PartsHeader
+	ps.PRS.ProposalBlockParts = cmn.NewBitArray(proposal.BlockID.PartsHeader.Total)
 	ps.PRS.ProposalPOLRound = proposal.POLRound
 	ps.PRS.ProposalPOL = nil // Nil until ProposalPOLMessage received.
 }
@@ -1211,7 +1222,6 @@ func (ps *PeerState) ApplyNewRoundStepMessage(msg *NewRoundStepMessage) {
 	// Just remember these values.
 	psHeight := ps.PRS.Height
 	psRound := ps.PRS.Round
-	//psStep := ps.PRS.Step
 	psCatchupCommitRound := ps.PRS.CatchupCommitRound
 	psCatchupCommit := ps.PRS.CatchupCommit
 
@@ -1252,8 +1262,8 @@ func (ps *PeerState) ApplyNewRoundStepMessage(msg *NewRoundStepMessage) {
 	}
 }
 
-// ApplyCommitStepMessage updates the peer state for the new commit.
-func (ps *PeerState) ApplyCommitStepMessage(msg *CommitStepMessage) {
+// ApplyNewValidBlockMessage updates the peer state for the new valid block.
+func (ps *PeerState) ApplyNewValidBlockMessage(msg *NewValidBlockMessage) {
 	ps.mtx.Lock()
 	defer ps.mtx.Unlock()
 
@@ -1261,6 +1271,10 @@ func (ps *PeerState) ApplyCommitStepMessage(msg *CommitStepMessage) {
 		return
 	}
 
+	if ps.PRS.Round != msg.Round && !msg.IsCommit {
+		return
+	}
+
 	ps.PRS.ProposalBlockPartsHeader = msg.BlockPartsHeader
 	ps.PRS.ProposalBlockParts = msg.BlockParts
 }
@@ -1339,12 +1353,14 @@ func (ps *PeerState) StringIndented(indent string) string {
 // Messages
 
 // ConsensusMessage is a message that can be sent and received on the ConsensusReactor
-type ConsensusMessage interface{}
+type ConsensusMessage interface {
+	ValidateBasic() error
+}
 
 func RegisterConsensusMessages(cdc *amino.Codec) {
 	cdc.RegisterInterface((*ConsensusMessage)(nil), nil)
 	cdc.RegisterConcrete(&NewRoundStepMessage{}, "tendermint/NewRoundStepMessage", nil)
-	cdc.RegisterConcrete(&CommitStepMessage{}, "tendermint/CommitStep", nil)
+	cdc.RegisterConcrete(&NewValidBlockMessage{}, "tendermint/NewValidBlockMessage", nil)
 	cdc.RegisterConcrete(&ProposalMessage{}, "tendermint/Proposal", nil)
 	cdc.RegisterConcrete(&ProposalPOLMessage{}, "tendermint/ProposalPOL", nil)
 	cdc.RegisterConcrete(&BlockPartMessage{}, "tendermint/BlockPart", nil)
@@ -1375,6 +1391,27 @@ type NewRoundStepMessage struct {
 	LastCommitRound       int
 }
 
+// ValidateBasic performs basic validation.
+func (m *NewRoundStepMessage) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("Negative Height")
+	}
+	if m.Round < 0 {
+		return errors.New("Negative Round")
+	}
+	if !m.Step.IsValid() {
+		return errors.New("Invalid Step")
+	}
+
+	// NOTE: SecondsSinceStartTime may be negative
+
+	if (m.Height == 1 && m.LastCommitRound != -1) ||
+		(m.Height > 1 && m.LastCommitRound < -1) { // TODO: #2737 LastCommitRound should always be >= 0 for heights > 1
+		return errors.New("Invalid LastCommitRound (for 1st block: -1, for others: >= 0)")
+	}
+	return nil
+}
+
 // String returns a string representation.
 func (m *NewRoundStepMessage) String() string {
 	return fmt.Sprintf("[NewRoundStep H:%v R:%v S:%v LCR:%v]",
@@ -1383,16 +1420,40 @@ func (m *NewRoundStepMessage) String() string {
 
 //-------------------------------------
 
-// CommitStepMessage is sent when a block is committed.
-type CommitStepMessage struct {
+// NewValidBlockMessage is sent when a validator observes a valid block B in some round r,
+//i.e., there is a Proposal for block B and 2/3+ prevotes for the block B in the round r.
+// In case the block is also committed, then IsCommit flag is set to true.
+type NewValidBlockMessage struct {
 	Height           int64
+	Round            int
 	BlockPartsHeader types.PartSetHeader
 	BlockParts       *cmn.BitArray
+	IsCommit         bool
+}
+
+// ValidateBasic performs basic validation.
+func (m *NewValidBlockMessage) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("Negative Height")
+	}
+	if m.Round < 0 {
+		return errors.New("Negative Round")
+	}
+	if err := m.BlockPartsHeader.ValidateBasic(); err != nil {
+		return fmt.Errorf("Wrong BlockPartsHeader: %v", err)
+	}
+	if m.BlockParts.Size() != m.BlockPartsHeader.Total {
+		return fmt.Errorf("BlockParts bit array size %d not equal to BlockPartsHeader.Total %d",
+			m.BlockParts.Size(),
+			m.BlockPartsHeader.Total)
+	}
+	return nil
 }
 
 // String returns a string representation.
-func (m *CommitStepMessage) String() string {
-	return fmt.Sprintf("[CommitStep H:%v BP:%v BA:%v]", m.Height, m.BlockPartsHeader, m.BlockParts)
+func (m *NewValidBlockMessage) String() string {
+	return fmt.Sprintf("[ValidBlockMessage H:%v R:%v BP:%v BA:%v IsCommit:%v]",
+		m.Height, m.Round, m.BlockPartsHeader, m.BlockParts, m.IsCommit)
 }
 
 //-------------------------------------
@@ -1402,6 +1463,11 @@ type ProposalMessage struct {
 	Proposal *types.Proposal
 }
 
+// ValidateBasic performs basic validation.
+func (m *ProposalMessage) ValidateBasic() error {
+	return m.Proposal.ValidateBasic()
+}
+
 // String returns a string representation.
 func (m *ProposalMessage) String() string {
 	return fmt.Sprintf("[Proposal %v]", m.Proposal)
@@ -1416,6 +1482,20 @@ type ProposalPOLMessage struct {
 	ProposalPOL      *cmn.BitArray
 }
 
+// ValidateBasic performs basic validation.
+func (m *ProposalPOLMessage) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("Negative Height")
+	}
+	if m.ProposalPOLRound < 0 {
+		return errors.New("Negative ProposalPOLRound")
+	}
+	if m.ProposalPOL.Size() == 0 {
+		return errors.New("Empty ProposalPOL bit array")
+	}
+	return nil
+}
+
 // String returns a string representation.
 func (m *ProposalPOLMessage) String() string {
 	return fmt.Sprintf("[ProposalPOL H:%v POLR:%v POL:%v]", m.Height, m.ProposalPOLRound, m.ProposalPOL)
@@ -1430,6 +1510,20 @@ type BlockPartMessage struct {
 	Part   *types.Part
 }
 
+// ValidateBasic performs basic validation.
+func (m *BlockPartMessage) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("Negative Height")
+	}
+	if m.Round < 0 {
+		return errors.New("Negative Round")
+	}
+	if err := m.Part.ValidateBasic(); err != nil {
+		return fmt.Errorf("Wrong Part: %v", err)
+	}
+	return nil
+}
+
 // String returns a string representation.
 func (m *BlockPartMessage) String() string {
 	return fmt.Sprintf("[BlockPart H:%v R:%v P:%v]", m.Height, m.Round, m.Part)
@@ -1442,6 +1536,11 @@ type VoteMessage struct {
 	Vote *types.Vote
 }
 
+// ValidateBasic performs basic validation.
+func (m *VoteMessage) ValidateBasic() error {
+	return m.Vote.ValidateBasic()
+}
+
 // String returns a string representation.
 func (m *VoteMessage) String() string {
 	return fmt.Sprintf("[Vote %v]", m.Vote)
@@ -1457,6 +1556,23 @@ type HasVoteMessage struct {
 	Index  int
 }
 
+// ValidateBasic performs basic validation.
+func (m *HasVoteMessage) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("Negative Height")
+	}
+	if m.Round < 0 {
+		return errors.New("Negative Round")
+	}
+	if !types.IsVoteTypeValid(m.Type) {
+		return errors.New("Invalid Type")
+	}
+	if m.Index < 0 {
+		return errors.New("Negative Index")
+	}
+	return nil
+}
+
 // String returns a string representation.
 func (m *HasVoteMessage) String() string {
 	return fmt.Sprintf("[HasVote VI:%v V:{%v/%02d/%v}]", m.Index, m.Height, m.Round, m.Type)
@@ -1472,6 +1588,23 @@ type VoteSetMaj23Message struct {
 	BlockID types.BlockID
 }
 
+// ValidateBasic performs basic validation.
+func (m *VoteSetMaj23Message) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("Negative Height")
+	}
+	if m.Round < 0 {
+		return errors.New("Negative Round")
+	}
+	if !types.IsVoteTypeValid(m.Type) {
+		return errors.New("Invalid Type")
+	}
+	if err := m.BlockID.ValidateBasic(); err != nil {
+		return fmt.Errorf("Wrong BlockID: %v", err)
+	}
+	return nil
+}
+
 // String returns a string representation.
 func (m *VoteSetMaj23Message) String() string {
 	return fmt.Sprintf("[VSM23 %v/%02d/%v %v]", m.Height, m.Round, m.Type, m.BlockID)
@@ -1488,6 +1621,24 @@ type VoteSetBitsMessage struct {
 	Votes   *cmn.BitArray
 }
 
+// ValidateBasic performs basic validation.
+func (m *VoteSetBitsMessage) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("Negative Height")
+	}
+	if m.Round < 0 {
+		return errors.New("Negative Round")
+	}
+	if !types.IsVoteTypeValid(m.Type) {
+		return errors.New("Invalid Type")
+	}
+	if err := m.BlockID.ValidateBasic(); err != nil {
+		return fmt.Errorf("Wrong BlockID: %v", err)
+	}
+	// NOTE: Votes.Size() can be zero if the node does not have any
+	return nil
+}
+
 // String returns a string representation.
 func (m *VoteSetBitsMessage) String() string {
 	return fmt.Sprintf("[VSB %v/%02d/%v %v %v]", m.Height, m.Round, m.Type, m.BlockID, m.Votes)
@@ -1500,6 +1651,11 @@ type ProposalHeartbeatMessage struct {
 	Heartbeat *types.Heartbeat
 }
 
+// ValidateBasic performs basic validation.
+func (m *ProposalHeartbeatMessage) ValidateBasic() error {
+	return m.Heartbeat.ValidateBasic()
+}
+
 // String returns a string representation.
 func (m *ProposalHeartbeatMessage) String() string {
 	return fmt.Sprintf("[HEARTBEAT %v]", m.Heartbeat)

consensus/replay.go

@@ -11,6 +11,7 @@ import (
 	"time"
 
 	abci "github.com/tendermint/tendermint/abci/types"
+	"github.com/tendermint/tendermint/version"
 	//auto "github.com/tendermint/tendermint/libs/autofile"
 	cmn "github.com/tendermint/tendermint/libs/common"
 	dbm "github.com/tendermint/tendermint/libs/db"
@@ -19,7 +20,6 @@ import (
 	"github.com/tendermint/tendermint/proxy"
 	sm "github.com/tendermint/tendermint/state"
 	"github.com/tendermint/tendermint/types"
-	"github.com/tendermint/tendermint/version"
 )
 
 var crc32c = crc32.MakeTable(crc32.Castagnoli)
@@ -73,7 +73,7 @@ func (cs *ConsensusState) readReplayMessage(msg *TimedWALMessage, newStepCh chan
 		case *ProposalMessage:
 			p := msg.Proposal
 			cs.Logger.Info("Replay: Proposal", "height", p.Height, "round", p.Round, "header",
-				p.BlockPartsHeader, "pol", p.POLRound, "peer", peerID)
+				p.BlockID.PartsHeader, "pol", p.POLRound, "peer", peerID)
 		case *BlockPartMessage:
 			cs.Logger.Info("Replay: BlockPart", "height", msg.Height, "round", msg.Round, "peer", peerID)
 		case *VoteMessage:
@@ -227,7 +227,7 @@ func (h *Handshaker) NBlocks() int {
 func (h *Handshaker) Handshake(proxyApp proxy.AppConns) error {
 
 	// Handshake is done via ABCI Info on the query conn.
-	res, err := proxyApp.Query().InfoSync(abci.RequestInfo{Version: version.Version})
+	res, err := proxyApp.Query().InfoSync(proxy.RequestInfo)
 	if err != nil {
 		return fmt.Errorf("Error calling Info: %v", err)
 	}
@@ -238,9 +238,15 @@ func (h *Handshaker) Handshake(proxyApp proxy.AppConns) error {
 	}
 	appHash := res.LastBlockAppHash
 
-	h.logger.Info("ABCI Handshake", "appHeight", blockHeight, "appHash", fmt.Sprintf("%X", appHash))
+	h.logger.Info("ABCI Handshake App Info",
+		"height", blockHeight,
+		"hash", fmt.Sprintf("%X", appHash),
+		"software-version", res.Version,
+		"protocol-version", res.AppVersion,
+	)
 
-	// TODO: check app version.
+	// Set AppVersion on the state.
+	h.initialState.Version.Consensus.App = version.Protocol(res.AppVersion)
 
 	// Replay blocks up to the latest in the blockstore.
 	_, err = h.ReplayBlocks(h.initialState, appHash, blockHeight, proxyApp)
@@ -258,8 +264,12 @@ func (h *Handshaker) Handshake(proxyApp proxy.AppConns) error {
 
 // Replay all blocks since appBlockHeight and ensure the result matches the current state.
 // Returns the final AppHash or an error.
-func (h *Handshaker) ReplayBlocks(state sm.State, appHash []byte, appBlockHeight int64, proxyApp proxy.AppConns) ([]byte, error) {
-
+func (h *Handshaker) ReplayBlocks(
+	state sm.State,
+	appHash []byte,
+	appBlockHeight int64,
+	proxyApp proxy.AppConns,
+) ([]byte, error) {
 	storeBlockHeight := h.store.Height()
 	stateBlockHeight := state.LastBlockHeight
 	h.logger.Info("ABCI Replay Blocks", "appHeight", appBlockHeight, "storeHeight", storeBlockHeight, "stateHeight", stateBlockHeight)

consensus/replay_test.go

@@ -20,6 +20,7 @@ import (
 	crypto "github.com/tendermint/tendermint/crypto"
 	auto "github.com/tendermint/tendermint/libs/autofile"
 	dbm "github.com/tendermint/tendermint/libs/db"
+	"github.com/tendermint/tendermint/version"
 
 	cfg "github.com/tendermint/tendermint/config"
 	"github.com/tendermint/tendermint/libs/log"
@@ -337,7 +338,7 @@ func testHandshakeReplay(t *testing.T, nBlocks int, mode uint) {
 		t.Fatalf(err.Error())
 	}
 
-	stateDB, state, store := stateAndStore(config, privVal.GetPubKey())
+	stateDB, state, store := stateAndStore(config, privVal.GetPubKey(), kvstore.ProtocolVersion)
 	store.chain = chain
 	store.commits = commits
 
@@ -352,7 +353,7 @@ func testHandshakeReplay(t *testing.T, nBlocks int, mode uint) {
 		// run nBlocks against a new client to build up the app state.
 		// use a throwaway tendermint state
 		proxyApp := proxy.NewAppConns(clientCreator2)
-		stateDB, state, _ := stateAndStore(config, privVal.GetPubKey())
+		stateDB, state, _ := stateAndStore(config, privVal.GetPubKey(), kvstore.ProtocolVersion)
 		buildAppStateFromChain(proxyApp, stateDB, state, chain, nBlocks, mode)
 	}
 
@@ -442,7 +443,7 @@ func buildAppStateFromChain(proxyApp proxy.AppConns, stateDB dbm.DB,
 func buildTMStateFromChain(config *cfg.Config, stateDB dbm.DB, state sm.State, chain []*types.Block, mode uint) sm.State {
 	// run the whole chain against this client to build up the tendermint state
 	clientCreator := proxy.NewLocalClientCreator(kvstore.NewPersistentKVStoreApplication(path.Join(config.DBDir(), "1")))
-	proxyApp := proxy.NewAppConns(clientCreator) // sm.NewHandshaker(config, state, store, ReplayLastBlock))
+	proxyApp := proxy.NewAppConns(clientCreator)
 	if err := proxyApp.Start(); err != nil {
 		panic(err)
 	}
@@ -519,7 +520,7 @@ func makeBlockchainFromWAL(wal WAL) ([]*types.Block, []*types.Commit, error) {
 			// if its not the first one, we have a full block
 			if thisBlockParts != nil {
 				var block = new(types.Block)
-				_, err = cdc.UnmarshalBinaryReader(thisBlockParts.GetReader(), block, 0)
+				_, err = cdc.UnmarshalBinaryLengthPrefixedReader(thisBlockParts.GetReader(), block, 0)
 				if err != nil {
 					panic(err)
 				}
@@ -552,7 +553,7 @@ func makeBlockchainFromWAL(wal WAL) ([]*types.Block, []*types.Commit, error) {
 	}
 	// grab the last block too
 	var block = new(types.Block)
-	_, err = cdc.UnmarshalBinaryReader(thisBlockParts.GetReader(), block, 0)
+	_, err = cdc.UnmarshalBinaryLengthPrefixedReader(thisBlockParts.GetReader(), block, 0)
 	if err != nil {
 		panic(err)
 	}
@@ -574,7 +575,7 @@ func readPieceFromWAL(msg *TimedWALMessage) interface{} {
 	case msgInfo:
 		switch msg := m.Msg.(type) {
 		case *ProposalMessage:
-			return &msg.Proposal.BlockPartsHeader
+			return &msg.Proposal.BlockID.PartsHeader
 		case *BlockPartMessage:
 			return msg.Part
 		case *VoteMessage:
@@ -588,9 +589,10 @@ func readPieceFromWAL(msg *TimedWALMessage) interface{} {
 }
 
 // fresh state and mock store
-func stateAndStore(config *cfg.Config, pubKey crypto.PubKey) (dbm.DB, sm.State, *mockBlockStore) {
+func stateAndStore(config *cfg.Config, pubKey crypto.PubKey, appVersion version.Protocol) (dbm.DB, sm.State, *mockBlockStore) {
 	stateDB := dbm.NewMemDB()
 	state, _ := sm.MakeGenesisStateFromFile(config.GenesisFile())
+	state.Version.Consensus.App = appVersion
 	store := NewMockBlockStore(config, state.ConsensusParams)
 	return stateDB, state, store
 }
@@ -639,7 +641,7 @@ func TestInitChainUpdateValidators(t *testing.T) {
 
 	config := ResetConfig("proxy_test_")
 	privVal := privval.LoadFilePV(config.PrivValidatorFile())
-	stateDB, state, store := stateAndStore(config, privVal.GetPubKey())
+	stateDB, state, store := stateAndStore(config, privVal.GetPubKey(), 0x0)
 
 	oldValAddr := state.Validators.Validators[0].Address
 

consensus/state.go

@@ -9,8 +9,8 @@ import (
 	"sync"
 	"time"
 
-	fail "github.com/ebuchman/fail-test"
 	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/tendermint/tendermint/libs/fail"
 	"github.com/tendermint/tendermint/libs/log"
 	tmtime "github.com/tendermint/tendermint/types/time"
 
@@ -532,10 +532,10 @@ func (cs *ConsensusState) updateToState(state sm.State) {
 	cs.Proposal = nil
 	cs.ProposalBlock = nil
 	cs.ProposalBlockParts = nil
-	cs.LockedRound = 0
+	cs.LockedRound = -1
 	cs.LockedBlock = nil
 	cs.LockedBlockParts = nil
-	cs.ValidRound = 0
+	cs.ValidRound = -1
 	cs.ValidBlock = nil
 	cs.ValidBlockParts = nil
 	cs.Votes = cstypes.NewHeightVoteSet(state.ChainID, height, validators)
@@ -889,10 +889,7 @@ func (cs *ConsensusState) defaultDecideProposal(height int64, round int) {
 	var blockParts *types.PartSet
 
 	// Decide on block
-	if cs.LockedBlock != nil {
-		// If we're locked onto a block, just choose that.
-		block, blockParts = cs.LockedBlock, cs.LockedBlockParts
-	} else if cs.ValidBlock != nil {
+	if cs.ValidBlock != nil {
 		// If there is valid block, choose that.
 		block, blockParts = cs.ValidBlock, cs.ValidBlockParts
 	} else {
@@ -904,15 +901,9 @@ func (cs *ConsensusState) defaultDecideProposal(height int64, round int) {
 	}
 
 	// Make proposal
-	polRound, polBlockID := cs.Votes.POLInfo()
-	proposal := types.NewProposal(height, round, blockParts.Header(), polRound, polBlockID)
+	propBlockId := types.BlockID{block.Hash(), blockParts.Header()}
+	proposal := types.NewProposal(height, round, cs.ValidRound, propBlockId)
 	if err := cs.privValidator.SignProposal(cs.state.ChainID, proposal); err == nil {
-		// Set fields
-		/*  fields set by setProposal and addBlockPart
-		cs.Proposal = proposal
-		cs.ProposalBlock = block
-		cs.ProposalBlockParts = blockParts
-		*/
 
 		// send proposal and block parts on internal msg queue
 		cs.sendInternalMessage(msgInfo{&ProposalMessage{proposal}, ""})
@@ -983,7 +974,6 @@ func (cs *ConsensusState) createProposalBlock() (block *types.Block, blockParts
 
 // Enter: `timeoutPropose` after entering Propose.
 // Enter: proposal block and POL is ready.
-// Enter: any +2/3 prevotes for future round.
 // Prevote for LockedBlock if we're locked, or ProposalBlock if valid.
 // Otherwise vote nil.
 func (cs *ConsensusState) enterPrevote(height int64, round int) {
@@ -998,14 +988,6 @@ func (cs *ConsensusState) enterPrevote(height int64, round int) {
 		cs.newStep()
 	}()
 
-	// fire event for how we got here
-	if cs.isProposalComplete() {
-		cs.eventBus.PublishEventCompleteProposal(cs.RoundStateEvent())
-	} else {
-		// we received +2/3 prevotes for a future round
-		// TODO: catchup event?
-	}
-
 	cs.Logger.Info(fmt.Sprintf("enterPrevote(%v/%v). Current: %v/%v/%v", height, round, cs.Height, cs.Round, cs.Step))
 
 	// Sign and broadcast vote as necessary
@@ -1072,8 +1054,8 @@ func (cs *ConsensusState) enterPrevoteWait(height int64, round int) {
 }
 
 // Enter: `timeoutPrevote` after any +2/3 prevotes.
+// Enter: `timeoutPrecommit` after any +2/3 precommits.
 // Enter: +2/3 precomits for block or nil.
-// Enter: any +2/3 precommits for next round.
 // Lock & precommit the ProposalBlock if we have enough prevotes for it (a POL in this round)
 // else, unlock an existing lock and precommit nil if +2/3 of prevotes were nil,
 // else, precommit nil otherwise.
@@ -1122,7 +1104,7 @@ func (cs *ConsensusState) enterPrecommit(height int64, round int) {
 			logger.Info("enterPrecommit: +2/3 prevoted for nil.")
 		} else {
 			logger.Info("enterPrecommit: +2/3 prevoted for nil. Unlocking")
-			cs.LockedRound = 0
+			cs.LockedRound = -1
 			cs.LockedBlock = nil
 			cs.LockedBlockParts = nil
 			cs.eventBus.PublishEventUnlock(cs.RoundStateEvent())
@@ -1161,7 +1143,7 @@ func (cs *ConsensusState) enterPrecommit(height int64, round int) {
 	// Fetch that block, unlock, and precommit nil.
 	// The +2/3 prevotes for this round is the POL for our unlock.
 	// TODO: In the future save the POL prevotes for justification.
-	cs.LockedRound = 0
+	cs.LockedRound = -1
 	cs.LockedBlock = nil
 	cs.LockedBlockParts = nil
 	if !cs.ProposalBlockParts.HasHeader(blockID.PartsHeader) {
@@ -1244,6 +1226,8 @@ func (cs *ConsensusState) enterCommit(height int64, commitRound int) {
 			// Set up ProposalBlockParts and keep waiting.
 			cs.ProposalBlock = nil
 			cs.ProposalBlockParts = types.NewPartSetFromHeader(blockID.PartsHeader)
+			cs.eventBus.PublishEventValidBlock(cs.RoundStateEvent())
+			cs.evsw.FireEvent(types.EventValidBlock, &cs.RoundState)
 		} else {
 			// We just need to keep waiting.
 		}
@@ -1424,14 +1408,9 @@ func (cs *ConsensusState) defaultSetProposal(proposal *types.Proposal) error {
 		return nil
 	}
 
-	// We don't care about the proposal if we're already in cstypes.RoundStepCommit.
-	if cstypes.RoundStepCommit <= cs.Step {
-		return nil
-	}
-
-	// Verify POLRound, which must be -1 or between 0 and proposal.Round exclusive.
-	if proposal.POLRound != -1 &&
-		(proposal.POLRound < 0 || proposal.Round <= proposal.POLRound) {
+  // Verify POLRound, which must be -1 or in range [0, proposal.Round).
+	if proposal.POLRound < -1 ||
+		(proposal.POLRound >= 0 && proposal.POLRound >= proposal.Round) {
 		return ErrInvalidProposalPOLRound
 	}
 
@@ -1441,7 +1420,12 @@ func (cs *ConsensusState) defaultSetProposal(proposal *types.Proposal) error {
 	}
 
 	cs.Proposal = proposal
-	cs.ProposalBlockParts = types.NewPartSetFromHeader(proposal.BlockPartsHeader)
+	// We don't update cs.ProposalBlockParts if it is already set.
+	// This happens if we're already in cstypes.RoundStepCommit or if there is a valid block in the current round.
+	// TODO: We can check if Proposal is for a different block as this is a sign of misbehavior!
+	if cs.ProposalBlockParts == nil {
+		cs.ProposalBlockParts = types.NewPartSetFromHeader(proposal.BlockID.PartsHeader)
+	}
 	cs.Logger.Info("Received proposal", "proposal", proposal)
 	return nil
 }
@@ -1472,7 +1456,7 @@ func (cs *ConsensusState) addProposalBlockPart(msg *BlockPartMessage, peerID p2p
 	}
 	if added && cs.ProposalBlockParts.IsComplete() {
 		// Added and completed!
-		_, err = cdc.UnmarshalBinaryReader(
+		_, err = cdc.UnmarshalBinaryLengthPrefixedReader(
 			cs.ProposalBlockParts.GetReader(),
 			&cs.ProposalBlock,
 			int64(cs.state.ConsensusParams.BlockSize.MaxBytes),
@@ -1482,6 +1466,7 @@ func (cs *ConsensusState) addProposalBlockPart(msg *BlockPartMessage, peerID p2p
 		}
 		// NOTE: it's possible to receive complete proposal blocks for future rounds without having the proposal
 		cs.Logger.Info("Received complete proposal block", "height", cs.ProposalBlock.Height, "hash", cs.ProposalBlock.Hash())
+		cs.eventBus.PublishEventCompleteProposal(cs.RoundStateEvent())
 
 		// Update Valid* if we can.
 		prevotes := cs.Votes.Prevotes(cs.Round)
@@ -1612,7 +1597,7 @@ func (cs *ConsensusState) addVote(vote *types.Vote, peerID p2p.ID) (added bool,
 				!cs.LockedBlock.HashesTo(blockID.Hash) {
 
 				cs.Logger.Info("Unlocking because of POL.", "lockedRound", cs.LockedRound, "POLRound", vote.Round)
-				cs.LockedRound = 0
+				cs.LockedRound = -1
 				cs.LockedBlock = nil
 				cs.LockedBlockParts = nil
 				cs.eventBus.PublishEventUnlock(cs.RoundStateEvent())
@@ -1620,16 +1605,26 @@ func (cs *ConsensusState) addVote(vote *types.Vote, peerID p2p.ID) (added bool,
 
 			// Update Valid* if we can.
 			// NOTE: our proposal block may be nil or not what received a polka..
-			// TODO: we may want to still update the ValidBlock and obtain it via gossipping
-			if len(blockID.Hash) != 0 &&
-				(cs.ValidRound < vote.Round) &&
-				(vote.Round <= cs.Round) &&
-				cs.ProposalBlock.HashesTo(blockID.Hash) {
+			if len(blockID.Hash) != 0 && (cs.ValidRound < vote.Round) && (vote.Round == cs.Round) {
 
-				cs.Logger.Info("Updating ValidBlock because of POL.", "validRound", cs.ValidRound, "POLRound", vote.Round)
-				cs.ValidRound = vote.Round
-				cs.ValidBlock = cs.ProposalBlock
-				cs.ValidBlockParts = cs.ProposalBlockParts
+				if cs.ProposalBlock.HashesTo(blockID.Hash) {
+					cs.Logger.Info(
+						"Updating ValidBlock because of POL.", "validRound", cs.ValidRound, "POLRound", vote.Round)
+					cs.ValidRound = vote.Round
+					cs.ValidBlock = cs.ProposalBlock
+					cs.ValidBlockParts = cs.ProposalBlockParts
+				} else {
+					cs.Logger.Info(
+						"Valid block we don't know about. Set ProposalBlock=nil",
+						"proposal", cs.ProposalBlock.Hash(), "blockId", blockID.Hash)
+					// We're getting the wrong block.
+					cs.ProposalBlock = nil
+				}
+				if !cs.ProposalBlockParts.HasHeader(blockID.PartsHeader) {
+					cs.ProposalBlockParts = types.NewPartSetFromHeader(blockID.PartsHeader)
+				}
+				cs.evsw.FireEvent(types.EventValidBlock, &cs.RoundState)
+				cs.eventBus.PublishEventValidBlock(cs.RoundStateEvent())
 			}
 		}
 
@@ -1638,7 +1633,8 @@ func (cs *ConsensusState) addVote(vote *types.Vote, peerID p2p.ID) (added bool,
 			// Round-skip if there is any 2/3+ of votes ahead of us
 			cs.enterNewRound(height, vote.Round)
 		} else if cs.Round == vote.Round && cstypes.RoundStepPrevote <= cs.Step { // current round
-			if prevotes.HasTwoThirdsMajority() {
+			blockID, ok := prevotes.TwoThirdsMajority()
+			if ok && (cs.isProposalComplete() || len(blockID.Hash) == 0) {
 				cs.enterPrecommit(height, vote.Round)
 			} else if prevotes.HasTwoThirdsAny() {
 				cs.enterPrevoteWait(height, vote.Round)

consensus/state_test.go

@@ -197,7 +197,9 @@ func TestStateBadProposal(t *testing.T) {
 	stateHash[0] = byte((stateHash[0] + 1) % 255)
 	propBlock.AppHash = stateHash
 	propBlockParts := propBlock.MakePartSet(partSize)
-	proposal := types.NewProposal(vs2.Height, round, propBlockParts.Header(), -1, types.BlockID{})
+	proposal := types.NewProposal(
+		vs2.Height, round, -1,
+		types.BlockID{propBlock.Hash(), propBlockParts.Header()})
 	if err := vs2.SignProposal(config.ChainID(), proposal); err != nil {
 		t.Fatal("failed to sign bad proposal", err)
 	}
@@ -214,16 +216,16 @@ func TestStateBadProposal(t *testing.T) {
 	ensureNewProposal(proposalCh, height, round)
 
 	// wait for prevote
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 	validatePrevote(t, cs1, round, vss[0], nil)
 
 	// add bad prevote from vs2 and wait for it
 	signAddVotes(cs1, types.PrevoteType, propBlock.Hash(), propBlock.MakePartSet(partSize).Header(), vs2)
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 
 	// wait for precommit
-	ensureVote(voteCh, height, round, types.PrecommitType)
-	validatePrecommit(t, cs1, round, 0, vss[0], nil, nil)
+	ensurePrecommit(voteCh, height, round)
+	validatePrecommit(t, cs1, round, -1, vss[0], nil, nil)
 	signAddVotes(cs1, types.PrecommitType, propBlock.Hash(), propBlock.MakePartSet(partSize).Header(), vs2)
 }
 
@@ -255,10 +257,10 @@ func TestStateFullRound1(t *testing.T) {
 	ensureNewProposal(propCh, height, round)
 	propBlockHash := cs.GetRoundState().ProposalBlock.Hash()
 
-	ensureVote(voteCh, height, round, types.PrevoteType) // wait for prevote
+	ensurePrevote(voteCh, height, round) // wait for prevote
 	validatePrevote(t, cs, round, vss[0], propBlockHash)
 
-	ensureVote(voteCh, height, round, types.PrecommitType) // wait for precommit
+	ensurePrecommit(voteCh, height, round) // wait for precommit
 
 	// we're going to roll right into new height
 	ensureNewRound(newRoundCh, height+1, 0)
@@ -276,11 +278,11 @@ func TestStateFullRoundNil(t *testing.T) {
 	cs.enterPrevote(height, round)
 	cs.startRoutines(4)
 
-	ensureVote(voteCh, height, round, types.PrevoteType)   // prevote
-	ensureVote(voteCh, height, round, types.PrecommitType) // precommit
+	ensurePrevote(voteCh, height, round)   // prevote
+	ensurePrecommit(voteCh, height, round) // precommit
 
 	// should prevote and precommit nil
-	validatePrevoteAndPrecommit(t, cs, round, 0, vss[0], nil, nil)
+	validatePrevoteAndPrecommit(t, cs, round, -1, vss[0], nil, nil)
 }
 
 // run through propose, prevote, precommit commit with two validators
@@ -296,7 +298,7 @@ func TestStateFullRound2(t *testing.T) {
 	// start round and wait for propose and prevote
 	startTestRound(cs1, height, round)
 
-	ensureVote(voteCh, height, round, types.PrevoteType) // prevote
+	ensurePrevote(voteCh, height, round) // prevote
 
 	// we should be stuck in limbo waiting for more prevotes
 	rs := cs1.GetRoundState()
@@ -304,9 +306,9 @@ func TestStateFullRound2(t *testing.T) {
 
 	// prevote arrives from vs2:
 	signAddVotes(cs1, types.PrevoteType, propBlockHash, propPartsHeader, vs2)
-	ensureVote(voteCh, height, round, types.PrevoteType) // prevote
+	ensurePrevote(voteCh, height, round) // prevote
 
-	ensureVote(voteCh, height, round, types.PrecommitType) //precommit
+	ensurePrecommit(voteCh, height, round) //precommit
 	// the proposed block should now be locked and our precommit added
 	validatePrecommit(t, cs1, 0, 0, vss[0], propBlockHash, propBlockHash)
 
@@ -314,7 +316,7 @@ func TestStateFullRound2(t *testing.T) {
 
 	// precommit arrives from vs2:
 	signAddVotes(cs1, types.PrecommitType, propBlockHash, propPartsHeader, vs2)
-	ensureVote(voteCh, height, round, types.PrecommitType)
+	ensurePrecommit(voteCh, height, round)
 
 	// wait to finish commit, propose in next height
 	ensureNewBlock(newBlockCh, height)
@@ -353,14 +355,14 @@ func TestStateLockNoPOL(t *testing.T) {
 	theBlockHash := roundState.ProposalBlock.Hash()
 	thePartSetHeader := roundState.ProposalBlockParts.Header()
 
-	ensureVote(voteCh, height, round, types.PrevoteType) // prevote
+	ensurePrevote(voteCh, height, round) // prevote
 
 	// we should now be stuck in limbo forever, waiting for more prevotes
 	// prevote arrives from vs2:
 	signAddVotes(cs1, types.PrevoteType, theBlockHash, thePartSetHeader, vs2)
-	ensureVote(voteCh, height, round, types.PrevoteType) // prevote
+	ensurePrevote(voteCh, height, round) // prevote
 
-	ensureVote(voteCh, height, round, types.PrecommitType) // precommit
+	ensurePrecommit(voteCh, height, round) // precommit
 	// the proposed block should now be locked and our precommit added
 	validatePrecommit(t, cs1, round, round, vss[0], theBlockHash, theBlockHash)
 
@@ -370,7 +372,7 @@ func TestStateLockNoPOL(t *testing.T) {
 	copy(hash, theBlockHash)
 	hash[0] = byte((hash[0] + 1) % 255)
 	signAddVotes(cs1, types.PrecommitType, hash, thePartSetHeader, vs2)
-	ensureVote(voteCh, height, round, types.PrecommitType) // precommit
+	ensurePrecommit(voteCh, height, round) // precommit
 
 	// (note we're entering precommit for a second time this round)
 	// but with invalid args. then we enterPrecommitWait, and the timeout to new round
@@ -397,26 +399,26 @@ func TestStateLockNoPOL(t *testing.T) {
 	}
 
 	// wait to finish prevote
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 	// we should have prevoted our locked block
 	validatePrevote(t, cs1, round, vss[0], rs.LockedBlock.Hash())
 
 	// add a conflicting prevote from the other validator
 	signAddVotes(cs1, types.PrevoteType, hash, rs.LockedBlock.MakePartSet(partSize).Header(), vs2)
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 
 	// now we're going to enter prevote again, but with invalid args
 	// and then prevote wait, which should timeout. then wait for precommit
 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.TimeoutPrevote.Nanoseconds())
 
-	ensureVote(voteCh, height, round, types.PrecommitType) // precommit
+	ensurePrecommit(voteCh, height, round) // precommit
 	// the proposed block should still be locked and our precommit added
 	// we should precommit nil and be locked on the proposal
 	validatePrecommit(t, cs1, round, 0, vss[0], nil, theBlockHash)
 
 	// add conflicting precommit from vs2
 	signAddVotes(cs1, types.PrecommitType, hash, rs.LockedBlock.MakePartSet(partSize).Header(), vs2)
-	ensureVote(voteCh, height, round, types.PrecommitType)
+	ensurePrecommit(voteCh, height, round)
 
 	// (note we're entering precommit for a second time this round, but with invalid args
 	// then we enterPrecommitWait and timeout into NewRound
@@ -439,19 +441,19 @@ func TestStateLockNoPOL(t *testing.T) {
 		panic(fmt.Sprintf("Expected proposal block to be locked block. Got %v, Expected %v", rs.ProposalBlock, rs.LockedBlock))
 	}
 
-	ensureVote(voteCh, height, round, types.PrevoteType) // prevote
+	ensurePrevote(voteCh, height, round) // prevote
 	validatePrevote(t, cs1, round, vss[0], rs.LockedBlock.Hash())
 
 	signAddVotes(cs1, types.PrevoteType, hash, rs.ProposalBlock.MakePartSet(partSize).Header(), vs2)
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 
 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.TimeoutPrevote.Nanoseconds())
-	ensureVote(voteCh, height, round, types.PrecommitType) // precommit
+	ensurePrecommit(voteCh, height, round) // precommit
 
 	validatePrecommit(t, cs1, round, 0, vss[0], nil, theBlockHash) // precommit nil but be locked on proposal
 
 	signAddVotes(cs1, types.PrecommitType, hash, rs.ProposalBlock.MakePartSet(partSize).Header(), vs2) // NOTE: conflicting precommits at same height
-	ensureVote(voteCh, height, round, types.PrecommitType)
+	ensurePrecommit(voteCh, height, round)
 
 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.TimeoutPrecommit.Nanoseconds())
 
@@ -478,20 +480,20 @@ func TestStateLockNoPOL(t *testing.T) {
 	}
 
 	ensureNewProposal(proposalCh, height, round)
-	ensureVote(voteCh, height, round, types.PrevoteType) // prevote
+	ensurePrevote(voteCh, height, round) // prevote
 	// prevote for locked block (not proposal)
 	validatePrevote(t, cs1, 3, vss[0], cs1.LockedBlock.Hash())
 
 	// prevote for proposed block
 	signAddVotes(cs1, types.PrevoteType, propBlock.Hash(), propBlock.MakePartSet(partSize).Header(), vs2)
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 
 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.TimeoutPrevote.Nanoseconds())
-	ensureVote(voteCh, height, round, types.PrecommitType)
+	ensurePrecommit(voteCh, height, round)
 	validatePrecommit(t, cs1, round, 0, vss[0], nil, theBlockHash) // precommit nil but locked on proposal
 
 	signAddVotes(cs1, types.PrecommitType, propBlock.Hash(), propBlock.MakePartSet(partSize).Header(), vs2) // NOTE: conflicting precommits at same height
-	ensureVote(voteCh, height, round, types.PrecommitType)
+	ensurePrecommit(voteCh, height, round)
 }
 
 // 4 vals, one precommits, other 3 polka at next round, so we unlock and precomit the polka
@@ -525,11 +527,11 @@ func TestStateLockPOLRelock(t *testing.T) {
 	theBlockHash := rs.ProposalBlock.Hash()
 	theBlockParts := rs.ProposalBlockParts.Header()
 
-	ensureVote(voteCh, height, round, types.PrevoteType) // prevote
+	ensurePrevote(voteCh, height, round) // prevote
 
 	signAddVotes(cs1, types.PrevoteType, theBlockHash, theBlockParts, vs2, vs3, vs4)
 
-	ensureVote(voteCh, height, round, types.PrecommitType) // our precommit
+	ensurePrecommit(voteCh, height, round) // our precommit
 	// the proposed block should now be locked and our precommit added
 	validatePrecommit(t, cs1, round, round, vss[0], theBlockHash, theBlockHash)
 
@@ -567,13 +569,13 @@ func TestStateLockPOLRelock(t *testing.T) {
 	ensureNewProposal(proposalCh, height, round)
 
 	// go to prevote, prevote for locked block (not proposal), move on
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 	validatePrevote(t, cs1, round, vss[0], theBlockHash)
 
 	// now lets add prevotes from everyone else for the new block
 	signAddVotes(cs1, types.PrevoteType, propBlockHash, propBlockParts.Header(), vs2, vs3, vs4)
 
-	ensureVote(voteCh, height, round, types.PrecommitType)
+	ensurePrecommit(voteCh, height, round)
 	// we should have unlocked and locked on the new block
 	validatePrecommit(t, cs1, round, round, vss[0], propBlockHash, propBlockHash)
 
@@ -614,12 +616,12 @@ func TestStateLockPOLUnlock(t *testing.T) {
 	theBlockHash := rs.ProposalBlock.Hash()
 	theBlockParts := rs.ProposalBlockParts.Header()
 
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 	validatePrevote(t, cs1, round, vss[0], theBlockHash)
 
 	signAddVotes(cs1, types.PrevoteType, theBlockHash, theBlockParts, vs2, vs3, vs4)
 
-	ensureVote(voteCh, height, round, types.PrecommitType)
+	ensurePrecommit(voteCh, height, round)
 	// the proposed block should now be locked and our precommit added
 	validatePrecommit(t, cs1, round, round, vss[0], theBlockHash, theBlockHash)
 
@@ -656,18 +658,18 @@ func TestStateLockPOLUnlock(t *testing.T) {
 	ensureNewProposal(proposalCh, height, round)
 
 	// go to prevote, prevote for locked block (not proposal)
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 	validatePrevote(t, cs1, round, vss[0], lockedBlockHash)
 	// now lets add prevotes from everyone else for nil (a polka!)
 	signAddVotes(cs1, types.PrevoteType, nil, types.PartSetHeader{}, vs2, vs3, vs4)
 
 	// the polka makes us unlock and precommit nil
 	ensureNewUnlock(unlockCh, height, round)
-	ensureVote(voteCh, height, round, types.PrecommitType)
+	ensurePrecommit(voteCh, height, round)
 
 	// we should have unlocked and committed nil
-	// NOTE: since we don't relock on nil, the lock round is 0
-	validatePrecommit(t, cs1, round, 0, vss[0], nil, nil)
+	// NOTE: since we don't relock on nil, the lock round is -1
+	validatePrecommit(t, cs1, round, -1, vss[0], nil, nil)
 
 	signAddVotes(cs1, types.PrecommitType, nil, types.PartSetHeader{}, vs2, vs3)
 	ensureNewRound(newRoundCh, height, round+1)
@@ -698,7 +700,7 @@ func TestStateLockPOLSafety1(t *testing.T) {
 	rs := cs1.GetRoundState()
 	propBlock := rs.ProposalBlock
 
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 	validatePrevote(t, cs1, round, vss[0], propBlock.Hash())
 
 	// the others sign a polka but we don't see it
@@ -710,7 +712,7 @@ func TestStateLockPOLSafety1(t *testing.T) {
 	signAddVotes(cs1, types.PrecommitType, nil, types.PartSetHeader{}, vs2, vs3, vs4)
 
 	// cs1 precommit nil
-	ensureVote(voteCh, height, round, types.PrecommitType)
+	ensurePrecommit(voteCh, height, round)
 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.TimeoutPrecommit.Nanoseconds())
 
 	t.Log("### ONTO ROUND 1")
@@ -743,13 +745,13 @@ func TestStateLockPOLSafety1(t *testing.T) {
 	t.Logf("new prop hash %v", fmt.Sprintf("%X", propBlockHash))
 
 	// go to prevote, prevote for proposal block
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 	validatePrevote(t, cs1, round, vss[0], propBlockHash)
 
 	// now we see the others prevote for it, so we should lock on it
 	signAddVotes(cs1, types.PrevoteType, propBlockHash, propBlockParts.Header(), vs2, vs3, vs4)
 
-	ensureVote(voteCh, height, round, types.PrecommitType)
+	ensurePrecommit(voteCh, height, round)
 	// we should have precommitted
 	validatePrecommit(t, cs1, round, round, vss[0], propBlockHash, propBlockHash)
 
@@ -771,7 +773,7 @@ func TestStateLockPOLSafety1(t *testing.T) {
 	ensureNewTimeout(timeoutProposeCh, height, round, cs1.config.TimeoutPropose.Nanoseconds())
 
 	// finish prevote
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 	// we should prevote what we're locked on
 	validatePrevote(t, cs1, round, vss[0], propBlockHash)
 
@@ -811,6 +813,7 @@ func TestStateLockPOLSafety2(t *testing.T) {
 	_, propBlock0 := decideProposal(cs1, vss[0], height, round)
 	propBlockHash0 := propBlock0.Hash()
 	propBlockParts0 := propBlock0.MakePartSet(partSize)
+	propBlockID0 := types.BlockID{propBlockHash0, propBlockParts0.Header()}
 
 	// the others sign a polka but we don't see it
 	prevotes := signVotes(types.PrevoteType, propBlockHash0, propBlockParts0.Header(), vs2, vs3, vs4)
@@ -819,7 +822,6 @@ func TestStateLockPOLSafety2(t *testing.T) {
 	prop1, propBlock1 := decideProposal(cs1, vs2, vs2.Height, vs2.Round+1)
 	propBlockHash1 := propBlock1.Hash()
 	propBlockParts1 := propBlock1.MakePartSet(partSize)
-	propBlockID1 := types.BlockID{propBlockHash1, propBlockParts1.Header()}
 
 	incrementRound(vs2, vs3, vs4)
 
@@ -834,12 +836,12 @@ func TestStateLockPOLSafety2(t *testing.T) {
 	}
 	ensureNewProposal(proposalCh, height, round)
 
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 	validatePrevote(t, cs1, round, vss[0], propBlockHash1)
 
 	signAddVotes(cs1, types.PrevoteType, propBlockHash1, propBlockParts1.Header(), vs2, vs3, vs4)
 
-	ensureVote(voteCh, height, round, types.PrecommitType)
+	ensurePrecommit(voteCh, height, round)
 	// the proposed block should now be locked and our precommit added
 	validatePrecommit(t, cs1, round, round, vss[0], propBlockHash1, propBlockHash1)
 
@@ -854,7 +856,7 @@ func TestStateLockPOLSafety2(t *testing.T) {
 
 	round = round + 1 // moving to the next round
 	// in round 2 we see the polkad block from round 0
-	newProp := types.NewProposal(height, round, propBlockParts0.Header(), 0, propBlockID1)
+	newProp := types.NewProposal(height, round, 0, propBlockID0)
 	if err := vs3.SignProposal(config.ChainID(), newProp); err != nil {
 		t.Fatal(err)
 	}
@@ -873,11 +875,212 @@ func TestStateLockPOLSafety2(t *testing.T) {
 	ensureNewProposal(proposalCh, height, round)
 
 	ensureNoNewUnlock(unlockCh)
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 	validatePrevote(t, cs1, round, vss[0], propBlockHash1)
 
 }
 
+// 4 vals.
+// polka P0 at R0 for B0. We lock B0 on P0 at R0. P0 unlocks value at R1.
+
+// What we want:
+// P0 proposes B0 at R3.
+func TestProposeValidBlock(t *testing.T) {
+	cs1, vss := randConsensusState(4)
+	vs2, vs3, vs4 := vss[1], vss[2], vss[3]
+	height, round := cs1.Height, cs1.Round
+
+	partSize := types.BlockPartSizeBytes
+
+	proposalCh := subscribe(cs1.eventBus, types.EventQueryCompleteProposal)
+	timeoutWaitCh := subscribe(cs1.eventBus, types.EventQueryTimeoutWait)
+	timeoutProposeCh := subscribe(cs1.eventBus, types.EventQueryTimeoutPropose)
+	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
+	unlockCh := subscribe(cs1.eventBus, types.EventQueryUnlock)
+	voteCh := subscribeToVoter(cs1, cs1.privValidator.GetAddress())
+
+	// start round and wait for propose and prevote
+	startTestRound(cs1, cs1.Height, round)
+	ensureNewRound(newRoundCh, height, round)
+
+	ensureNewProposal(proposalCh, height, round)
+	rs := cs1.GetRoundState()
+	propBlock := rs.ProposalBlock
+	propBlockHash := propBlock.Hash()
+
+	ensurePrevote(voteCh, height, round)
+	validatePrevote(t, cs1, round, vss[0], propBlockHash)
+
+	// the others sign a polka
+	signAddVotes(cs1, types.PrevoteType, propBlockHash, propBlock.MakePartSet(partSize).Header(), vs2, vs3, vs4)
+
+	ensurePrecommit(voteCh, height, round)
+	// we should have precommitted
+	validatePrecommit(t, cs1, round, round, vss[0], propBlockHash, propBlockHash)
+
+	signAddVotes(cs1, types.PrecommitType, nil, types.PartSetHeader{}, vs2, vs3, vs4)
+
+	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.TimeoutPrecommit.Nanoseconds())
+
+	incrementRound(vs2, vs3, vs4)
+	round = round + 1 // moving to the next round
+
+	ensureNewRound(newRoundCh, height, round)
+
+	t.Log("### ONTO ROUND 2")
+
+	// timeout of propose
+	ensureNewTimeout(timeoutProposeCh, height, round, cs1.config.TimeoutPropose.Nanoseconds())
+
+	ensurePrevote(voteCh, height, round)
+	validatePrevote(t, cs1, round, vss[0], propBlockHash)
+
+	signAddVotes(cs1, types.PrevoteType, nil, types.PartSetHeader{}, vs2, vs3, vs4)
+
+	ensureNewUnlock(unlockCh, height, round)
+
+	ensurePrecommit(voteCh, height, round)
+	// we should have precommitted
+	validatePrecommit(t, cs1, round, -1, vss[0], nil, nil)
+
+	incrementRound(vs2, vs3, vs4)
+	incrementRound(vs2, vs3, vs4)
+
+	signAddVotes(cs1, types.PrecommitType, nil, types.PartSetHeader{}, vs2, vs3, vs4)
+
+	round = round + 2 // moving to the next round
+
+	ensureNewRound(newRoundCh, height, round)
+	t.Log("### ONTO ROUND 3")
+
+	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.TimeoutPrecommit.Nanoseconds())
+
+	round = round + 1 // moving to the next round
+
+	ensureNewRound(newRoundCh, height, round)
+
+	t.Log("### ONTO ROUND 4")
+
+	ensureNewProposal(proposalCh, height, round)
+
+	rs = cs1.GetRoundState()
+	assert.True(t, bytes.Equal(rs.ProposalBlock.Hash(), propBlockHash))
+	assert.True(t, bytes.Equal(rs.ProposalBlock.Hash(), rs.ValidBlock.Hash()))
+	assert.True(t, rs.Proposal.POLRound == rs.ValidRound)
+	assert.True(t, bytes.Equal(rs.Proposal.BlockID.Hash, rs.ValidBlock.Hash()))
+}
+
+// What we want:
+// P0 miss to lock B but set valid block to B after receiving delayed prevote.
+func TestSetValidBlockOnDelayedPrevote(t *testing.T) {
+	cs1, vss := randConsensusState(4)
+	vs2, vs3, vs4 := vss[1], vss[2], vss[3]
+	height, round := cs1.Height, cs1.Round
+
+	partSize := types.BlockPartSizeBytes
+
+	proposalCh := subscribe(cs1.eventBus, types.EventQueryCompleteProposal)
+	timeoutWaitCh := subscribe(cs1.eventBus, types.EventQueryTimeoutWait)
+	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
+	validBlockCh := subscribe(cs1.eventBus, types.EventQueryValidBlock)
+	voteCh := subscribeToVoter(cs1, cs1.privValidator.GetAddress())
+
+	// start round and wait for propose and prevote
+	startTestRound(cs1, cs1.Height, round)
+	ensureNewRound(newRoundCh, height, round)
+
+	ensureNewProposal(proposalCh, height, round)
+	rs := cs1.GetRoundState()
+	propBlock := rs.ProposalBlock
+	propBlockHash := propBlock.Hash()
+	propBlockParts := propBlock.MakePartSet(partSize)
+
+	ensurePrevote(voteCh, height, round)
+	validatePrevote(t, cs1, round, vss[0], propBlockHash)
+
+	// vs2 send prevote for propBlock
+	signAddVotes(cs1, types.PrevoteType, propBlockHash, propBlockParts.Header(), vs2)
+
+	// vs3 send prevote nil
+	signAddVotes(cs1, types.PrevoteType, nil, types.PartSetHeader{}, vs3)
+
+	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.TimeoutPrevote.Nanoseconds())
+
+	ensurePrecommit(voteCh, height, round)
+	// we should have precommitted
+	validatePrecommit(t, cs1, round, -1, vss[0], nil, nil)
+
+	rs = cs1.GetRoundState()
+
+	assert.True(t, rs.ValidBlock == nil)
+	assert.True(t, rs.ValidBlockParts == nil)
+	assert.True(t, rs.ValidRound == -1)
+
+	// vs2 send (delayed) prevote for propBlock
+	signAddVotes(cs1, types.PrevoteType, propBlockHash, propBlockParts.Header(), vs4)
+
+	ensureNewValidBlock(validBlockCh, height, round)
+
+	rs = cs1.GetRoundState()
+
+	assert.True(t, bytes.Equal(rs.ValidBlock.Hash(), propBlockHash))
+	assert.True(t, rs.ValidBlockParts.Header().Equals(propBlockParts.Header()))
+	assert.True(t, rs.ValidRound == round)
+}
+
+// What we want:
+// P0 miss to lock B as Proposal Block is missing, but set valid block to B after
+// receiving delayed Block Proposal.
+func TestSetValidBlockOnDelayedProposal(t *testing.T) {
+	cs1, vss := randConsensusState(4)
+	vs2, vs3, vs4 := vss[1], vss[2], vss[3]
+	height, round := cs1.Height, cs1.Round
+
+	partSize := types.BlockPartSizeBytes
+
+	timeoutWaitCh := subscribe(cs1.eventBus, types.EventQueryTimeoutWait)
+	timeoutProposeCh := subscribe(cs1.eventBus, types.EventQueryTimeoutPropose)
+	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
+	validBlockCh := subscribe(cs1.eventBus, types.EventQueryValidBlock)
+	voteCh := subscribeToVoter(cs1, cs1.privValidator.GetAddress())
+	proposalCh := subscribe(cs1.eventBus, types.EventQueryCompleteProposal)
+
+	round = round + 1 // move to round in which P0 is not proposer
+	incrementRound(vs2, vs3, vs4)
+
+	startTestRound(cs1, cs1.Height, round)
+	ensureNewRound(newRoundCh, height, round)
+
+	ensureNewTimeout(timeoutProposeCh, height, round, cs1.config.TimeoutPropose.Nanoseconds())
+
+	ensurePrevote(voteCh, height, round)
+	validatePrevote(t, cs1, round, vss[0], nil)
+
+	prop, propBlock := decideProposal(cs1, vs2, vs2.Height, vs2.Round+1)
+	propBlockHash := propBlock.Hash()
+	propBlockParts := propBlock.MakePartSet(partSize)
+
+	// vs2, vs3 and vs4 send prevote for propBlock
+	signAddVotes(cs1, types.PrevoteType, propBlockHash, propBlockParts.Header(), vs2, vs3, vs4)
+	ensureNewValidBlock(validBlockCh, height, round)
+
+	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.TimeoutPrevote.Nanoseconds())
+
+	ensurePrecommit(voteCh, height, round)
+	validatePrecommit(t, cs1, round, -1, vss[0], nil, nil)
+
+	if err := cs1.SetProposalAndBlock(prop, propBlock, propBlockParts, "some peer"); err != nil {
+		t.Fatal(err)
+	}
+
+	ensureNewProposal(proposalCh, height, round)
+	rs := cs1.GetRoundState()
+
+	assert.True(t, bytes.Equal(rs.ValidBlock.Hash(), propBlockHash))
+	assert.True(t, rs.ValidBlockParts.Header().Equals(propBlockParts.Header()))
+	assert.True(t, rs.ValidRound == round)
+}
+
 // 4 vals, 3 Nil Precommits at P0
 // What we want:
 // P0 waits for timeoutPrecommit before starting next round
@@ -915,7 +1118,7 @@ func TestWaitingTimeoutProposeOnNewRound(t *testing.T) {
 	startTestRound(cs1, height, round)
 	ensureNewRound(newRoundCh, height, round)
 
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 
 	incrementRound(vss[1:]...)
 	signAddVotes(cs1, types.PrevoteType, nil, types.PartSetHeader{}, vs2, vs3, vs4)
@@ -928,7 +1131,7 @@ func TestWaitingTimeoutProposeOnNewRound(t *testing.T) {
 
 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.TimeoutPropose.Nanoseconds())
 
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 	validatePrevote(t, cs1, round, vss[0], nil)
 }
 
@@ -948,7 +1151,7 @@ func TestRoundSkipOnNilPolkaFromHigherRound(t *testing.T) {
 	startTestRound(cs1, height, round)
 	ensureNewRound(newRoundCh, height, round)
 
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 
 	incrementRound(vss[1:]...)
 	signAddVotes(cs1, types.PrecommitType, nil, types.PartSetHeader{}, vs2, vs3, vs4)
@@ -956,8 +1159,8 @@ func TestRoundSkipOnNilPolkaFromHigherRound(t *testing.T) {
 	round = round + 1 // moving to the next round
 	ensureNewRound(newRoundCh, height, round)
 
-	ensureVote(voteCh, height, round, types.PrecommitType)
-	validatePrecommit(t, cs1, round, 0, vss[0], nil, nil)
+	ensurePrecommit(voteCh, height, round)
+	validatePrecommit(t, cs1, round, -1, vss[0], nil, nil)
 
 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.TimeoutPrecommit.Nanoseconds())
 
@@ -986,10 +1189,84 @@ func TestWaitTimeoutProposeOnNilPolkaForTheCurrentRound(t *testing.T) {
 
 	ensureNewTimeout(timeoutProposeCh, height, round, cs1.config.TimeoutPropose.Nanoseconds())
 
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 	validatePrevote(t, cs1, round, vss[0], nil)
 }
 
+// What we want:
+// P0 emit NewValidBlock event upon receiving 2/3+ Precommit for B but hasn't received block B yet
+func TestEmitNewValidBlockEventOnCommitWithoutBlock(t *testing.T) {
+	cs1, vss := randConsensusState(4)
+	vs2, vs3, vs4 := vss[1], vss[2], vss[3]
+	height, round := cs1.Height, 1
+
+	incrementRound(vs2, vs3, vs4)
+
+	partSize := types.BlockPartSizeBytes
+
+	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
+	validBlockCh := subscribe(cs1.eventBus, types.EventQueryValidBlock)
+
+	_, propBlock := decideProposal(cs1, vs2, vs2.Height, vs2.Round)
+	propBlockHash := propBlock.Hash()
+	propBlockParts := propBlock.MakePartSet(partSize)
+
+	// start round in which PO is not proposer
+	startTestRound(cs1, height, round)
+	ensureNewRound(newRoundCh, height, round)
+
+	// vs2, vs3 and vs4 send precommit for propBlock
+	signAddVotes(cs1, types.PrecommitType, propBlockHash, propBlockParts.Header(), vs2, vs3, vs4)
+	ensureNewValidBlock(validBlockCh, height, round)
+
+	rs := cs1.GetRoundState()
+	assert.True(t, rs.Step == cstypes.RoundStepCommit)
+	assert.True(t, rs.ProposalBlock == nil)
+	assert.True(t, rs.ProposalBlockParts.Header().Equals(propBlockParts.Header()))
+
+}
+
+// What we want:
+// P0 receives 2/3+ Precommit for B for round 0, while being in round 1. It emits NewValidBlock event.
+// After receiving block, it executes block and moves to the next height.
+func TestCommitFromPreviousRound(t *testing.T) {
+	cs1, vss := randConsensusState(4)
+	vs2, vs3, vs4 := vss[1], vss[2], vss[3]
+	height, round := cs1.Height, 1
+
+	partSize := types.BlockPartSizeBytes
+
+	newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound)
+	validBlockCh := subscribe(cs1.eventBus, types.EventQueryValidBlock)
+	proposalCh := subscribe(cs1.eventBus, types.EventQueryCompleteProposal)
+
+	prop, propBlock := decideProposal(cs1, vs2, vs2.Height, vs2.Round)
+	propBlockHash := propBlock.Hash()
+	propBlockParts := propBlock.MakePartSet(partSize)
+
+	// start round in which PO is not proposer
+	startTestRound(cs1, height, round)
+	ensureNewRound(newRoundCh, height, round)
+
+	// vs2, vs3 and vs4 send precommit for propBlock for the previous round
+	signAddVotes(cs1, types.PrecommitType, propBlockHash, propBlockParts.Header(), vs2, vs3, vs4)
+
+	ensureNewValidBlock(validBlockCh, height, round)
+
+	rs := cs1.GetRoundState()
+	assert.True(t, rs.Step == cstypes.RoundStepCommit)
+	assert.True(t, rs.CommitRound == vs2.Round)
+	assert.True(t, rs.ProposalBlock == nil)
+	assert.True(t, rs.ProposalBlockParts.Header().Equals(propBlockParts.Header()))
+
+	if err := cs1.SetProposalAndBlock(prop, propBlock, propBlockParts, "some peer"); err != nil {
+		t.Fatal(err)
+	}
+
+	ensureNewProposal(proposalCh, height, round)
+	ensureNewRound(newRoundCh, height+1, 0)
+}
+
 //------------------------------------------------------------------------------------------
 // SlashingSuite
 // TODO: Slashing
@@ -1096,11 +1373,11 @@ func TestStateHalt1(t *testing.T) {
 	propBlock := rs.ProposalBlock
 	propBlockParts := propBlock.MakePartSet(partSize)
 
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 
 	signAddVotes(cs1, types.PrevoteType, propBlock.Hash(), propBlockParts.Header(), vs2, vs3, vs4)
 
-	ensureVote(voteCh, height, round, types.PrecommitType)
+	ensurePrecommit(voteCh, height, round)
 	// the proposed block should now be locked and our precommit added
 	validatePrecommit(t, cs1, round, round, vss[0], propBlock.Hash(), propBlock.Hash())
 
@@ -1127,7 +1404,7 @@ func TestStateHalt1(t *testing.T) {
 	*/
 
 	// go to prevote, prevote for locked block
-	ensureVote(voteCh, height, round, types.PrevoteType)
+	ensurePrevote(voteCh, height, round)
 	validatePrevote(t, cs1, round, vss[0], rs.LockedBlock.Hash())
 
 	// now we receive the precommit from the previous round

consensus/types/round_state.go

@@ -26,8 +26,15 @@ const (
 	RoundStepPrecommitWait = RoundStepType(0x07) // Did receive any +2/3 precommits, start timeout
 	RoundStepCommit        = RoundStepType(0x08) // Entered commit state machine
 	// NOTE: RoundStepNewHeight acts as RoundStepCommitWait.
+
+	// NOTE: Update IsValid method if you change this!
 )
 
+// IsValid returns true if the step is valid, false if unknown/undefined.
+func (rs RoundStepType) IsValid() bool {
+	return uint8(rs) >= 0x01 && uint8(rs) <= 0x08
+}
+
 // String returns a string
 func (rs RoundStepType) String() string {
 	switch rs {

consensus/types/round_state_test.go

@@ -63,11 +63,8 @@ func BenchmarkRoundStateDeepCopy(b *testing.B) {
 	// Random Proposal
 	proposal := &types.Proposal{
 		Timestamp: tmtime.Now(),
-		BlockPartsHeader: types.PartSetHeader{
-			Hash: cmn.RandBytes(20),
-		},
-		POLBlockID: blockID,
-		Signature:  sig,
+		BlockID:   blockID,
+		Signature: sig,
 	}
 	// Random HeightVoteSet
 	// TODO: hvs :=

consensus/version.go

@@ -1,11 +0,0 @@
-package consensus
-
-import "fmt"
-
-// kind of arbitrary
-var Spec = "1"     // async
-var Major = "0"    //
-var Minor = "2"    // replay refactor
-var Revision = "2" // validation -> commit
-
-var Version = fmt.Sprintf("v%s/%s.%s.%s", Spec, Major, Minor, Revision)

consensus/wal_generator.go

@@ -38,7 +38,8 @@ func WALGenerateNBlocks(wr io.Writer, numBlocks int) (err error) {
 
 	/////////////////////////////////////////////////////////////////////////////
 	// COPY PASTE FROM node.go WITH A FEW MODIFICATIONS
-	// NOTE: we can't import node package because of circular dependency
+	// NOTE: we can't import node package because of circular dependency.
+	// NOTE: we don't do handshake so need to set state.Version.Consensus.App directly.
 	privValidatorFile := config.PrivValidatorFile()
 	privValidator := privval.LoadOrGenFilePV(privValidatorFile)
 	genDoc, err := types.GenesisDocFromFile(config.GenesisFile())
@@ -51,6 +52,7 @@ func WALGenerateNBlocks(wr io.Writer, numBlocks int) (err error) {
 	if err != nil {
 		return errors.Wrap(err, "failed to make genesis state")
 	}
+	state.Version.Consensus.App = kvstore.ProtocolVersion
 	blockStore := bc.NewBlockStore(blockStoreDB)
 	proxyApp := proxy.NewAppConns(proxy.NewLocalClientCreator(app))
 	proxyApp.SetLogger(logger.With("module", "proxy"))

crypto/crypto.go

@@ -1,21 +1,24 @@
 package crypto
 
 import (
+	"github.com/tendermint/tendermint/crypto/tmhash"
 	cmn "github.com/tendermint/tendermint/libs/common"
 )
 
-type PrivKey interface {
-	Bytes() []byte
-	Sign(msg []byte) ([]byte, error)
-	PubKey() PubKey
-	Equals(PrivKey) bool
-}
+const (
+	// AddressSize is the size of a pubkey address.
+	AddressSize = tmhash.TruncatedSize
+)
 
 // An address is a []byte, but hex-encoded even in JSON.
 // []byte leaves us the option to change the address length.
 // Use an alias so Unmarshal methods (with ptr receivers) are available too.
 type Address = cmn.HexBytes
 
+func AddressHash(bz []byte) Address {
+	return Address(tmhash.SumTruncated(bz))
+}
+
 type PubKey interface {
 	Address() Address
 	Bytes() []byte
@@ -23,6 +26,13 @@ type PubKey interface {
 	Equals(PubKey) bool
 }
 
+type PrivKey interface {
+	Bytes() []byte
+	Sign(msg []byte) ([]byte, error)
+	PubKey() PubKey
+	Equals(PrivKey) bool
+}
+
 type Symmetric interface {
 	Keygen() []byte
 	Encrypt(plaintext []byte, secret []byte) (ciphertext []byte)

crypto/ed25519/ed25519.go

@@ -136,7 +136,7 @@ type PubKeyEd25519 [PubKeyEd25519Size]byte
 
 // Address is the SHA256-20 of the raw pubkey bytes.
 func (pubKey PubKeyEd25519) Address() crypto.Address {
-	return crypto.Address(tmhash.Sum(pubKey[:]))
+	return crypto.Address(tmhash.SumTruncated(pubKey[:]))
 }
 
 // Bytes marshals the PubKey using amino encoding.

crypto/merkle/proof.go

@@ -43,10 +43,14 @@ func (poz ProofOperators) Verify(root []byte, keypath string, args [][]byte) (er
 	for i, op := range poz {
 		key := op.GetKey()
 		if len(key) != 0 {
-			if !bytes.Equal(keys[0], key) {
-				return cmn.NewError("Key mismatch on operation #%d: expected %+v but %+v", i, []byte(keys[0]), []byte(key))
+			if len(keys) == 0 {
+				return cmn.NewError("Key path has insufficient # of parts: expected no more keys but got %+v", string(key))
 			}
-			keys = keys[1:]
+			lastKey := keys[len(keys)-1]
+			if !bytes.Equal(lastKey, key) {
+				return cmn.NewError("Key mismatch on operation #%d: expected %+v but got %+v", i, string(lastKey), string(key))
+			}
+			keys = keys[:len(keys)-1]
 		}
 		args, err = op.Run(args)
 		if err != nil {
@@ -54,7 +58,7 @@ func (poz ProofOperators) Verify(root []byte, keypath string, args [][]byte) (er
 		}
 	}
 	if !bytes.Equal(root, args[0]) {
-		return cmn.NewError("Calculated root hash is invalid: expected %+v but %+v", root, args[0])
+		return cmn.NewError("Calculated root hash is invalid: expected %+v but got %+v", root, args[0])
 	}
 	if len(keys) != 0 {
 		return cmn.NewError("Keypath not consumed all")

crypto/merkle/proof_simple_value.go

@@ -42,7 +42,7 @@ func SimpleValueOpDecoder(pop ProofOp) (ProofOperator, error) {
 		return nil, cmn.NewError("unexpected ProofOp.Type; got %v, want %v", pop.Type, ProofOpSimpleValue)
 	}
 	var op SimpleValueOp // a bit strange as we'll discard this, but it works.
-	err := cdc.UnmarshalBinary(pop.Data, &op)
+	err := cdc.UnmarshalBinaryLengthPrefixed(pop.Data, &op)
 	if err != nil {
 		return nil, cmn.ErrorWrap(err, "decoding ProofOp.Data into SimpleValueOp")
 	}
@@ -50,7 +50,7 @@ func SimpleValueOpDecoder(pop ProofOp) (ProofOperator, error) {
 }
 
 func (op SimpleValueOp) ProofOp() ProofOp {
-	bz := cdc.MustMarshalBinary(op)
+	bz := cdc.MustMarshalBinaryLengthPrefixed(op)
 	return ProofOp{
 		Type: ProofOpSimpleValue,
 		Key:  op.key,

crypto/merkle/proof_test.go

@@ -0,0 +1,140 @@
+package merkle
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/tendermint/go-amino"
+	cmn "github.com/tendermint/tendermint/libs/common"
+)
+
+const ProofOpDomino = "test:domino"
+
+// Expects given input, produces given output.
+// Like the game dominos.
+type DominoOp struct {
+	key    string // unexported, may be empty
+	Input  string
+	Output string
+}
+
+func NewDominoOp(key, input, output string) DominoOp {
+	return DominoOp{
+		key:    key,
+		Input:  input,
+		Output: output,
+	}
+}
+
+func DominoOpDecoder(pop ProofOp) (ProofOperator, error) {
+	if pop.Type != ProofOpDomino {
+		panic("unexpected proof op type")
+	}
+	var op DominoOp // a bit strange as we'll discard this, but it works.
+	err := amino.UnmarshalBinaryLengthPrefixed(pop.Data, &op)
+	if err != nil {
+		return nil, cmn.ErrorWrap(err, "decoding ProofOp.Data into SimpleValueOp")
+	}
+	return NewDominoOp(string(pop.Key), op.Input, op.Output), nil
+}
+
+func (dop DominoOp) ProofOp() ProofOp {
+	bz := amino.MustMarshalBinaryLengthPrefixed(dop)
+	return ProofOp{
+		Type: ProofOpDomino,
+		Key:  []byte(dop.key),
+		Data: bz,
+	}
+}
+
+func (dop DominoOp) Run(input [][]byte) (output [][]byte, err error) {
+	if len(input) != 1 {
+		return nil, cmn.NewError("Expected input of length 1")
+	}
+	if string(input[0]) != dop.Input {
+		return nil, cmn.NewError("Expected input %v, got %v",
+			dop.Input, string(input[0]))
+	}
+	return [][]byte{[]byte(dop.Output)}, nil
+}
+
+func (dop DominoOp) GetKey() []byte {
+	return []byte(dop.key)
+}
+
+//----------------------------------------
+
+func TestProofOperators(t *testing.T) {
+	var err error
+
+	// ProofRuntime setup
+	// TODO test this somehow.
+	// prt := NewProofRuntime()
+	// prt.RegisterOpDecoder(ProofOpDomino, DominoOpDecoder)
+
+	// ProofOperators setup
+	op1 := NewDominoOp("KEY1", "INPUT1", "INPUT2")
+	op2 := NewDominoOp("KEY2", "INPUT2", "INPUT3")
+	op3 := NewDominoOp("", "INPUT3", "INPUT4")
+	op4 := NewDominoOp("KEY4", "INPUT4", "OUTPUT4")
+
+	// Good
+	popz := ProofOperators([]ProofOperator{op1, op2, op3, op4})
+	err = popz.Verify(bz("OUTPUT4"), "/KEY4/KEY2/KEY1", [][]byte{bz("INPUT1")})
+	assert.Nil(t, err)
+	err = popz.VerifyValue(bz("OUTPUT4"), "/KEY4/KEY2/KEY1", bz("INPUT1"))
+	assert.Nil(t, err)
+
+	// BAD INPUT
+	err = popz.Verify(bz("OUTPUT4"), "/KEY4/KEY2/KEY1", [][]byte{bz("INPUT1_WRONG")})
+	assert.NotNil(t, err)
+	err = popz.VerifyValue(bz("OUTPUT4"), "/KEY4/KEY2/KEY1", bz("INPUT1_WRONG"))
+	assert.NotNil(t, err)
+
+	// BAD KEY 1
+	err = popz.Verify(bz("OUTPUT4"), "/KEY3/KEY2/KEY1", [][]byte{bz("INPUT1")})
+	assert.NotNil(t, err)
+
+	// BAD KEY 2
+	err = popz.Verify(bz("OUTPUT4"), "KEY4/KEY2/KEY1", [][]byte{bz("INPUT1")})
+	assert.NotNil(t, err)
+
+	// BAD KEY 3
+	err = popz.Verify(bz("OUTPUT4"), "/KEY4/KEY2/KEY1/", [][]byte{bz("INPUT1")})
+	assert.NotNil(t, err)
+
+	// BAD KEY 4
+	err = popz.Verify(bz("OUTPUT4"), "//KEY4/KEY2/KEY1", [][]byte{bz("INPUT1")})
+	assert.NotNil(t, err)
+
+	// BAD KEY 5
+	err = popz.Verify(bz("OUTPUT4"), "/KEY2/KEY1", [][]byte{bz("INPUT1")})
+	assert.NotNil(t, err)
+
+	// BAD OUTPUT 1
+	err = popz.Verify(bz("OUTPUT4_WRONG"), "/KEY4/KEY2/KEY1", [][]byte{bz("INPUT1")})
+	assert.NotNil(t, err)
+
+	// BAD OUTPUT 2
+	err = popz.Verify(bz(""), "/KEY4/KEY2/KEY1", [][]byte{bz("INPUT1")})
+	assert.NotNil(t, err)
+
+	// BAD POPZ 1
+	popz = []ProofOperator{op1, op2, op4}
+	err = popz.Verify(bz("OUTPUT4"), "/KEY4/KEY2/KEY1", [][]byte{bz("INPUT1")})
+	assert.NotNil(t, err)
+
+	// BAD POPZ 2
+	popz = []ProofOperator{op4, op3, op2, op1}
+	err = popz.Verify(bz("OUTPUT4"), "/KEY4/KEY2/KEY1", [][]byte{bz("INPUT1")})
+	assert.NotNil(t, err)
+
+	// BAD POPZ 3
+	popz = []ProofOperator{}
+	err = popz.Verify(bz("OUTPUT4"), "/KEY4/KEY2/KEY1", [][]byte{bz("INPUT1")})
+	assert.NotNil(t, err)
+}
+
+func bz(s string) []byte {
+	return []byte(s)
+}

crypto/merkle/simple_map_test.go

@@ -13,14 +13,14 @@ func TestSimpleMap(t *testing.T) {
 		values []string // each string gets converted to []byte in test
 		want   string
 	}{
-		{[]string{"key1"}, []string{"value1"}, "fa9bc106ffd932d919bee935ceb6cf2b3dd72d8f"},
-		{[]string{"key1"}, []string{"value2"}, "e00e7dcfe54e9fafef5111e813a587f01ba9c3e8"},
+		{[]string{"key1"}, []string{"value1"}, "321d150de16dceb51c72981b432b115045383259b1a550adf8dc80f927508967"},
+		{[]string{"key1"}, []string{"value2"}, "2a9e4baf321eac99f6eecc3406603c14bc5e85bb7b80483cbfc75b3382d24a2f"},
 		// swap order with 2 keys
-		{[]string{"key1", "key2"}, []string{"value1", "value2"}, "eff12d1c703a1022ab509287c0f196130123d786"},
-		{[]string{"key2", "key1"}, []string{"value2", "value1"}, "eff12d1c703a1022ab509287c0f196130123d786"},
+		{[]string{"key1", "key2"}, []string{"value1", "value2"}, "c4d8913ab543ba26aa970646d4c99a150fd641298e3367cf68ca45fb45a49881"},
+		{[]string{"key2", "key1"}, []string{"value2", "value1"}, "c4d8913ab543ba26aa970646d4c99a150fd641298e3367cf68ca45fb45a49881"},
 		// swap order with 3 keys
-		{[]string{"key1", "key2", "key3"}, []string{"value1", "value2", "value3"}, "b2c62a277c08dbd2ad73ca53cd1d6bfdf5830d26"},
-		{[]string{"key1", "key3", "key2"}, []string{"value1", "value3", "value2"}, "b2c62a277c08dbd2ad73ca53cd1d6bfdf5830d26"},
+		{[]string{"key1", "key2", "key3"}, []string{"value1", "value2", "value3"}, "b23cef00eda5af4548a213a43793f2752d8d9013b3f2b64bc0523a4791196268"},
+		{[]string{"key1", "key3", "key2"}, []string{"value1", "value3", "value2"}, "b23cef00eda5af4548a213a43793f2752d8d9013b3f2b64bc0523a4791196268"},
 	}
 	for i, tc := range tests {
 		db := newSimpleMap()

crypto/merkle/simple_proof.go

@@ -134,13 +134,13 @@ func computeHashFromAunts(index int, total int, leafHash []byte, innerHashes [][
 			if leftHash == nil {
 				return nil
 			}
-			return SimpleHashFromTwoHashes(leftHash, innerHashes[len(innerHashes)-1])
+			return simpleHashFromTwoHashes(leftHash, innerHashes[len(innerHashes)-1])
 		}
 		rightHash := computeHashFromAunts(index-numLeft, total-numLeft, leafHash, innerHashes[:len(innerHashes)-1])
 		if rightHash == nil {
 			return nil
 		}
-		return SimpleHashFromTwoHashes(innerHashes[len(innerHashes)-1], rightHash)
+		return simpleHashFromTwoHashes(innerHashes[len(innerHashes)-1], rightHash)
 	}
 }
 
@@ -187,7 +187,7 @@ func trailsFromByteSlices(items [][]byte) (trails []*SimpleProofNode, root *Simp
 	default:
 		lefts, leftRoot := trailsFromByteSlices(items[:(len(items)+1)/2])
 		rights, rightRoot := trailsFromByteSlices(items[(len(items)+1)/2:])
-		rootHash := SimpleHashFromTwoHashes(leftRoot.Hash, rightRoot.Hash)
+		rootHash := simpleHashFromTwoHashes(leftRoot.Hash, rightRoot.Hash)
 		root := &SimpleProofNode{rootHash, nil, nil, nil}
 		leftRoot.Parent = root
 		leftRoot.Right = rightRoot

crypto/merkle/simple_tree.go

@@ -4,8 +4,8 @@ import (
 	"github.com/tendermint/tendermint/crypto/tmhash"
 )
 
-// SimpleHashFromTwoHashes is the basic operation of the Merkle tree: Hash(left | right).
-func SimpleHashFromTwoHashes(left, right []byte) []byte {
+// simpleHashFromTwoHashes is the basic operation of the Merkle tree: Hash(left | right).
+func simpleHashFromTwoHashes(left, right []byte) []byte {
 	var hasher = tmhash.New()
 	err := encodeByteSlice(hasher, left)
 	if err != nil {
@@ -29,7 +29,7 @@ func SimpleHashFromByteSlices(items [][]byte) []byte {
 	default:
 		left := SimpleHashFromByteSlices(items[:(len(items)+1)/2])
 		right := SimpleHashFromByteSlices(items[(len(items)+1)/2:])
-		return SimpleHashFromTwoHashes(left, right)
+		return simpleHashFromTwoHashes(left, right)
 	}
 }
 

crypto/random.go

@@ -9,10 +9,11 @@ import (
 	"sync"
 
 	"golang.org/x/crypto/chacha20poly1305"
-
-	. "github.com/tendermint/tendermint/libs/common"
 )
 
+// NOTE: This is ignored for now until we have time
+// to properly review the MixEntropy function - https://github.com/tendermint/tendermint/issues/2099.
+//
 // The randomness here is derived from xoring a chacha20 keystream with
 // output from crypto/rand's OS Entropy Reader. (Due to fears of the OS'
 // entropy being backdoored)
@@ -23,9 +24,13 @@ var gRandInfo *randInfo
 
 func init() {
 	gRandInfo = &randInfo{}
-	gRandInfo.MixEntropy(randBytes(32)) // Init
+
+	// TODO: uncomment after reviewing MixEntropy -
+	// https://github.com/tendermint/tendermint/issues/2099
+	// gRandInfo.MixEntropy(randBytes(32)) // Init
 }
 
+// WARNING: This function needs review - https://github.com/tendermint/tendermint/issues/2099.
 // Mix additional bytes of randomness, e.g. from hardware, user-input, etc.
 // It is OK to call it multiple times.  It does not diminish security.
 func MixEntropy(seedBytes []byte) {
@@ -37,20 +42,28 @@ func randBytes(numBytes int) []byte {
 	b := make([]byte, numBytes)
 	_, err := crand.Read(b)
 	if err != nil {
-		PanicCrisis(err)
+		panic(err)
 	}
 	return b
 }
 
+// This only uses the OS's randomness
+func CRandBytes(numBytes int) []byte {
+	return randBytes(numBytes)
+}
+
+/* TODO: uncomment after reviewing MixEntropy - https://github.com/tendermint/tendermint/issues/2099
 // This uses the OS and the Seed(s).
 func CRandBytes(numBytes int) []byte {
-	b := make([]byte, numBytes)
-	_, err := gRandInfo.Read(b)
-	if err != nil {
-		PanicCrisis(err)
-	}
-	return b
+	return randBytes(numBytes)
+		b := make([]byte, numBytes)
+		_, err := gRandInfo.Read(b)
+		if err != nil {
+			panic(err)
+		}
+		return b
 }
+*/
 
 // CRandHex returns a hex encoded string that's floor(numDigits/2) * 2 long.
 //
@@ -60,10 +73,17 @@ func CRandHex(numDigits int) string {
 	return hex.EncodeToString(CRandBytes(numDigits / 2))
 }
 
+// Returns a crand.Reader.
+func CReader() io.Reader {
+	return crand.Reader
+}
+
+/* TODO: uncomment after reviewing MixEntropy - https://github.com/tendermint/tendermint/issues/2099
 // Returns a crand.Reader mixed with user-supplied entropy
 func CReader() io.Reader {
 	return gRandInfo
 }
+*/
 
 //--------------------------------------------------------------------------------
 
@@ -75,7 +95,7 @@ type randInfo struct {
 }
 
 // You can call this as many times as you'd like.
-// XXX TODO review
+// XXX/TODO: review - https://github.com/tendermint/tendermint/issues/2099
 func (ri *randInfo) MixEntropy(seedBytes []byte) {
 	ri.mtx.Lock()
 	defer ri.mtx.Unlock()

crypto/tmhash/hash.go

@@ -6,10 +6,27 @@ import (
 )
 
 const (
-	Size      = 20
+	Size      = sha256.Size
 	BlockSize = sha256.BlockSize
 )
 
+// New returns a new hash.Hash.
+func New() hash.Hash {
+	return sha256.New()
+}
+
+// Sum returns the SHA256 of the bz.
+func Sum(bz []byte) []byte {
+	h := sha256.Sum256(bz)
+	return h[:]
+}
+
+//-------------------------------------------------------------
+
+const (
+	TruncatedSize = 20
+)
+
 type sha256trunc struct {
 	sha256 hash.Hash
 }
@@ -19,7 +36,7 @@ func (h sha256trunc) Write(p []byte) (n int, err error) {
 }
 func (h sha256trunc) Sum(b []byte) []byte {
 	shasum := h.sha256.Sum(b)
-	return shasum[:Size]
+	return shasum[:TruncatedSize]
 }
 
 func (h sha256trunc) Reset() {
@@ -27,22 +44,22 @@ func (h sha256trunc) Reset() {
 }
 
 func (h sha256trunc) Size() int {
-	return Size
+	return TruncatedSize
 }
 
 func (h sha256trunc) BlockSize() int {
 	return h.sha256.BlockSize()
 }
 
-// New returns a new hash.Hash.
-func New() hash.Hash {
+// NewTruncated returns a new hash.Hash.
+func NewTruncated() hash.Hash {
 	return sha256trunc{
 		sha256: sha256.New(),
 	}
 }
 
-// Sum returns the first 20 bytes of SHA256 of the bz.
-func Sum(bz []byte) []byte {
+// SumTruncated returns the first 20 bytes of SHA256 of the bz.
+func SumTruncated(bz []byte) []byte {
 	hash := sha256.Sum256(bz)
-	return hash[:Size]
+	return hash[:TruncatedSize]
 }

crypto/tmhash/hash_test.go

@@ -14,10 +14,29 @@ func TestHash(t *testing.T) {
 	hasher.Write(testVector)
 	bz := hasher.Sum(nil)
 
+	bz2 := tmhash.Sum(testVector)
+
 	hasher = sha256.New()
 	hasher.Write(testVector)
-	bz2 := hasher.Sum(nil)
-	bz2 = bz2[:20]
+	bz3 := hasher.Sum(nil)
 
 	assert.Equal(t, bz, bz2)
+	assert.Equal(t, bz, bz3)
+}
+
+func TestHashTruncated(t *testing.T) {
+	testVector := []byte("abc")
+	hasher := tmhash.NewTruncated()
+	hasher.Write(testVector)
+	bz := hasher.Sum(nil)
+
+	bz2 := tmhash.SumTruncated(testVector)
+
+	hasher = sha256.New()
+	hasher.Write(testVector)
+	bz3 := hasher.Sum(nil)
+	bz3 = bz3[:tmhash.TruncatedSize]
+
+	assert.Equal(t, bz, bz2)
+	assert.Equal(t, bz, bz3)
 }

docs/.vuepress/config.js

@@ -1,6 +1,7 @@
 module.exports = {
-  title: "Tendermint Core",
-  description: "Documentation for Tendermint Core",
+  title: "Tendermint Documentation",
+  description: "Documentation for Tendermint Core.",
+  ga: "UA-51029217-1",
   dest: "./dist/docs",
   base: "/docs/",
   markdown: {

docs/app-dev/ecosystem.json

@@ -163,6 +163,12 @@
       "language": "Python",
       "author": "Dave Bryson"
     },
+    {
+      "name": "tm-abci",
+      "url": "https://github.com/SoftblocksCo/tm-abci",
+      "language": "Python",
+      "author": "Softblocks"
+    },
     {
       "name": "Spearmint",
       "url": "https://github.com/dennismckinnon/spearmint",

docs/architecture/adr-001-logging.md

@@ -52,13 +52,13 @@ On top of this interface, we will need to implement a stdout logger, which will
 Many people say that they like the current output, so let's stick with it.
 
 ```
-NOTE[04-25|14:45:08] ABCI Replay Blocks                       module=consensus appHeight=0 storeHeight=0 stateHeight=0
+NOTE[2017-04-25|14:45:08] ABCI Replay Blocks                       module=consensus appHeight=0 storeHeight=0 stateHeight=0
 ```
 
 Couple of minor changes:
 
 ```
-I[04-25|14:45:08.322] ABCI Replay Blocks            module=consensus appHeight=0 storeHeight=0 stateHeight=0
+I[2017-04-25|14:45:08.322] ABCI Replay Blocks            module=consensus appHeight=0 storeHeight=0 stateHeight=0
 ```
 
 Notice the level is encoded using only one char plus milliseconds.
@@ -155,14 +155,14 @@ Important keyvals should go first. Example:
 
 ```
 correct
-I[04-25|14:45:08.322] ABCI Replay Blocks                       module=consensus instance=1 appHeight=0 storeHeight=0 stateHeight=0
+I[2017-04-25|14:45:08.322] ABCI Replay Blocks                       module=consensus instance=1 appHeight=0 storeHeight=0 stateHeight=0
 ```
 
 not
 
 ```
 wrong
-I[04-25|14:45:08.322] ABCI Replay Blocks                       module=consensus appHeight=0 storeHeight=0 stateHeight=0 instance=1
+I[2017-04-25|14:45:08.322] ABCI Replay Blocks                       module=consensus appHeight=0 storeHeight=0 stateHeight=0 instance=1
 ```
 
 for that in most cases you'll need to add `instance` field to a logger upon creating, not when u log a particular message:

docs/architecture/adr-016-protocol-versions.md

@@ -96,7 +96,7 @@ Each component of the software is independently versioned in a modular way and i
 
 ## Proposal
 
-Each of BlockVersion, AppVersion, P2PVersion, is a monotonically increasing int64.
+Each of BlockVersion, AppVersion, P2PVersion, is a monotonically increasing uint64.
 
 To use these versions, we need to update the block Header, the p2p NodeInfo, and the ABCI.
 
@@ -106,8 +106,8 @@ Block Header should include a `Version` struct as its first field like:
 
 ```
 type Version struct {
-    Block int64
-    App int64
+    Block uint64
+    App uint64
 }
 ```
 
@@ -130,9 +130,9 @@ NodeInfo should include a Version struct as its first field like:
 
 ```
 type Version struct {
-    P2P int64
-    Block int64
-    App int64
+    P2P uint64
+    Block uint64
+    App uint64
 
     Other []string
 }
@@ -168,9 +168,9 @@ RequestInfo should add support for protocol versions like:
 
 ```
 message RequestInfo {
-  string software_version
-  int64 block_version
-  int64 p2p_version
+  string version
+  uint64 block_version
+  uint64 p2p_version
 }
 ```
 
@@ -180,39 +180,46 @@ Similarly, ResponseInfo should return the versions:
 message ResponseInfo {
   string data
 
-  string software_version
-  int64 app_version
+  string version
+  uint64 app_version
 
   int64 last_block_height
   bytes last_block_app_hash
 }
 ```
 
+The existing `version` fields should be called `software_version` but we leave
+them for now to reduce the number of breaking changes.
+
 #### EndBlock
 
 Updating the version could be done either with new fields or by using the
 existing `tags`. Since we're trying to communicate information that will be
 included in Tendermint block Headers, it should be native to the ABCI, and not
-something embedded through some scheme in the tags.
+something embedded through some scheme in the tags. Thus, version updates should
+be communicated through EndBlock.
 
-ResponseEndBlock will include a new field `version_updates`:
+EndBlock already contains `ConsensusParams`. We can add version information to
+the ConsensusParams as well:
 
 ```
-message ResponseEndBlock {
-  repeated Validator validator_updates
-  ConsensusParams consensus_param_updates
-  repeated common.KVPair tags
+message ConsensusParams {
 
-  VersionUpdate version_update
+  BlockSize block_size
+  EvidenceParams evidence_params
+  VersionParams version
 }
 
-message VersionUpdate {
-    int64 app_version
+message VersionParams {
+    uint64 block_version
+    uint64 app_version
 }
 ```
 
-Tendermint will use the information in VersionUpdate for the next block it
-proposes.
+For now, the `block_version` will be ignored, as we do not allow block version
+to be updated live. If the `app_version` is set, it signals that the app's
+protocol version has changed, and the new `app_version` will be included in the
+`Block.Header.Version.App` for the next block.
 
 ### BlockVersion
 

docs/architecture/adr-033-pubsub.md

@@ -0,0 +1,122 @@
+# ADR 033: pubsub 2.0
+
+Author: Anton Kaliaev (@melekes)
+
+## Changelog
+
+02-10-2018: Initial draft
+
+## Context
+
+Since the initial version of the pubsub, there's been a number of issues
+raised: #951, #1879, #1880. Some of them are high-level issues questioning the
+core design choices made. Others are minor and mostly about the interface of
+`Subscribe()` / `Publish()` functions.
+
+### Sync vs Async
+
+Now, when publishing a message to subscribers, we can do it in a goroutine:
+
+_using channels for data transmission_
+```go
+for each subscriber {
+    out := subscriber.outc
+    go func() {
+        out <- msg
+    }
+}
+```
+
+_by invoking callback functions_
+```go
+for each subscriber {
+    go subscriber.callbackFn()
+}
+```
+
+This gives us greater performance and allows us to avoid "slow client problem"
+(when other subscribers have to wait for a slow subscriber). A pool of
+goroutines can be used to avoid uncontrolled memory growth.
+
+In certain cases, this is what you want. But in our case, because we need
+strict ordering of events (if event A was published before B, the guaranteed
+delivery order will be A -> B), we can't use goroutines.
+
+There is also a question whenever we should have a non-blocking send:
+
+```go
+for each subscriber {
+    out := subscriber.outc
+    select {
+        case out <- msg:
+        default:
+            log("subscriber %v buffer is full, skipping...")
+    }
+}
+```
+
+This fixes the "slow client problem", but there is no way for a slow client to
+know if it had missed a message. On the other hand, if we're going to stick
+with blocking send, **devs must always ensure subscriber's handling code does not
+block**. As you can see, there is an implicit choice between ordering guarantees
+and using goroutines.
+
+The interim option is to run goroutines pool for a single message, wait for all
+goroutines to finish. This will solve "slow client problem", but we'd still
+have to wait `max(goroutine_X_time)` before we can publish the next message.
+My opinion: not worth doing.
+
+### Channels vs Callbacks
+
+Yet another question is whether we should use channels for message transmission or
+call subscriber-defined callback functions. Callback functions give subscribers
+more flexibility - you can use mutexes in there, channels, spawn goroutines,
+anything you really want. But they also carry local scope, which can result in
+memory leaks and/or memory usage increase.
+
+Go channels are de-facto standard for carrying data between goroutines.
+
+**Question: Is it worth switching to callback functions?**
+
+### Why `Subscribe()` accepts an `out` channel?
+
+Because in our tests, we create buffered channels (cap: 1). Alternatively, we
+can make capacity an argument.
+
+## Decision
+
+Change Subscribe() function to return out channel:
+
+```go
+// outCap can be used to set capacity of out channel (unbuffered by default).
+Subscribe(ctx context.Context, clientID string, query Query, outCap... int) (out <-chan interface{}, err error) {
+```
+
+It's more idiomatic since we're closing it during Unsubscribe/UnsubscribeAll calls.
+
+Also, we should make tags available to subscribers:
+
+```go
+type MsgAndTags struct {
+    Msg interface{}
+    Tags TagMap
+}
+
+// outCap can be used to set capacity of out channel (unbuffered by default).
+Subscribe(ctx context.Context, clientID string, query Query, outCap... int) (out <-chan MsgAndTags, err error) {
+```
+
+## Status
+
+In review
+
+## Consequences
+
+### Positive
+
+- more idiomatic interface
+- subscribers know what tags msg was published with
+
+### Negative
+
+### Neutral

docs/architecture/adr-template.md

@@ -1,5 +1,9 @@
 # ADR 000: Template for an ADR
 
+Author:
+
+## Changelog
+
 ## Context
 
 ## Decision

docs/spec/abci/abci.md

@@ -134,10 +134,13 @@ Commit are included in the header of the next block.
 ### Info
 
 - **Request**:
-  - `Version (string)`: The Tendermint version
+  - `Version (string)`: The Tendermint software semantic version
+  - `BlockVersion (uint64)`: The Tendermint Block Protocol version
+  - `P2PVersion (uint64)`: The Tendermint P2P Protocol version
 - **Response**:
   - `Data (string)`: Some arbitrary information
-  - `Version (Version)`: Version information
+  - `Version (string)`: The application software semantic version
+  - `AppVersion (uint64)`: The application protocol version
   - `LastBlockHeight (int64)`: Latest block for which the app has
     called Commit
   - `LastBlockAppHash ([]byte)`: Latest result of Commit
@@ -145,6 +148,7 @@ Commit are included in the header of the next block.
   - Return information about the application state.
   - Used to sync Tendermint with the application during a handshake
     that happens on startup.
+  - The returned `AppVersion` will be included in the Header of every block.
   - Tendermint expects `LastBlockAppHash` and `LastBlockHeight` to
     be updated during `Commit`, ensuring that `Commit` is never
     called twice for the same block height.
@@ -338,6 +342,7 @@ Commit are included in the header of the next block.
 ### Header
 
 - **Fields**:
+  - `Version (Version)`: Version of the blockchain and the application
   - `ChainID (string)`: ID of the blockchain
   - `Height (int64)`: Height of the block in the chain
   - `Time (google.protobuf.Timestamp)`: Time of the block. It is the proposer's
@@ -363,6 +368,15 @@ Commit are included in the header of the next block.
   - Provides the proposer of the current block, for use in proposer-based
     reward mechanisms.
 
+### Version
+
+- **Fields**:
+  - `Block (uint64)`: Protocol version of the blockchain data structures.
+  - `App (uint64)`: Protocol version of the application.
+- **Usage**:
+  - Block version should be static in the life of a blockchain.
+  - App version may be updated over time by the application.
+
 ### Validator
 
 - **Fields**:
@@ -427,11 +441,12 @@ Commit are included in the header of the next block.
 ###  ConsensusParams
 
 - **Fields**:
-  - `BlockSize (BlockSize)`: Parameters limiting the size of a block.
-  - `EvidenceParams (EvidenceParams)`: Parameters limiting the validity of
+  - `BlockSize (BlockSizeParams)`: Parameters limiting the size of a block.
+  - `Evidence (EvidenceParams)`: Parameters limiting the validity of
     evidence of byzantine behaviour.
+  - `Validator (ValidatorParams)`: Parameters limitng the types of pubkeys validators can use.
 
-### BlockSize
+### BlockSizeParams
 
 - **Fields**:
   - `MaxBytes (int64)`: Max size of a block, in bytes.
@@ -449,6 +464,12 @@ Commit are included in the header of the next block.
           similar mechanism for handling Nothing-At-Stake attacks.
         - NOTE: this should change to time (instead of blocks)!
 
+### ValidatorParams
+
+- **Fields**:
+  - `PubKeyTypes ([]string)`: List of accepted pubkey types. Uses same
+    naming as `PubKey.Type`.
+
 ### Proof
 
 - **Fields**:

docs/spec/blockchain/blockchain.md

@@ -8,6 +8,7 @@ The Tendermint blockchains consists of a short list of basic data types:
 
 - `Block`
 - `Header`
+- `Version`
 - `BlockID`
 - `Time`
 - `Data` (for transactions)
@@ -38,6 +39,7 @@ the data in the current block, the previous block, and the results returned by t
 ```go
 type Header struct {
 	// basic block info
+	Version  Version
 	ChainID  string
 	Height   int64
 	Time     Time
@@ -65,6 +67,19 @@ type Header struct {
 
 Further details on each of these fields is described below.
 
+## Version
+
+The `Version` contains the protocol version for the blockchain and the
+application as two `uint64` values:
+
+```go
+type Version struct {
+    Block   uint64
+    App     uint64
+}
+```
+
+
 ## BlockID
 
 The `BlockID` contains two distinct Merkle roots of the block.
@@ -131,14 +146,14 @@ The vote includes information about the validator signing it.
 
 ```go
 type Vote struct {
-    ValidatorAddress    []byte
-    ValidatorIndex      int
-    Height              int64
-    Round               int
-    Timestamp           Time
-    Type                int8
-    BlockID             BlockID
-    Signature           []byte
+	Type             SignedMsgType  // byte
+	Height           int64
+	Round            int
+	Timestamp        time.Time
+	BlockID          BlockID
+	ValidatorAddress Address
+	ValidatorIndex   int
+	Signature        []byte
 }
 ```
 
@@ -200,6 +215,15 @@ See [here](https://github.com/tendermint/tendermint/blob/master/docs/spec/blockc
 
 A Header is valid if its corresponding fields are valid.
 
+### Version
+
+```
+block.Version.Block == state.Version.Block
+block.Version.App == state.Version.App
+```
+
+The block version must match the state version.
+
 ### ChainID
 
 ```
@@ -320,10 +344,10 @@ next validator sets Merkle root.
 ### ConsensusParamsHash
 
 ```go
-block.ConsensusParamsHash == SimpleMerkleRoot(state.ConsensusParams)
+block.ConsensusParamsHash == TMHASH(amino(state.ConsensusParams))
 ```
 
-Simple Merkle root of the consensus parameters.
+Hash of the amino-encoded consensus parameters.
 
 ### AppHash
 

docs/spec/blockchain/encoding.md

@@ -176,13 +176,12 @@ greater, for example:
 h0  h1          h3  h4             h0  h1  h2  h3  h4  h5
 ```
 
-Tendermint always uses the `TMHASH` hash function, which is the first 20-bytes
-of the SHA256:
+Tendermint always uses the `TMHASH` hash function, which is equivalent to
+SHA256:
 
 ```
 func TMHASH(bz []byte) []byte {
-    shasum := SHA256(bz)
-    return shasum[:20]
+    return SHA256(bz)
 }
 ```
 
@@ -216,7 +215,7 @@ prefix) before being concatenated together and hashed.
 
 Note: we will abuse notion and invoke `SimpleMerkleRoot` with arguments of type `struct` or type `[]struct`.
 For `struct` arguments, we compute a `[][]byte` containing the hash of each
-field in the struct sorted by the hash of the field name.
+field in the struct, in the same order the fields appear in the struct.
 For `[]struct` arguments, we compute a `[][]byte` by hashing the individual `struct` elements.
 
 ### Simple Merkle Proof
@@ -301,16 +300,15 @@ Where the `"value"` is the base64 encoding of the raw pubkey bytes, and the
 Signed messages (eg. votes, proposals) in the consensus are encoded using Amino.
 
 When signing, the elements of a message are re-ordered so the fixed-length fields
-are first, making it easy to quickly check the version, height, round, and type.
+are first, making it easy to quickly check the type, height, and round.
 The `ChainID` is also appended to the end.
 We call this encoding the SignBytes. For instance, SignBytes for a vote is the Amino encoding of the following struct:
 
 ```go
 type CanonicalVote struct {
-	Version   uint64           `binary:"fixed64"`
+	Type      byte
 	Height    int64            `binary:"fixed64"`
 	Round     int64            `binary:"fixed64"`
-	VoteType  byte
 	Timestamp time.Time
 	BlockID   CanonicalBlockID
 	ChainID   string

docs/spec/blockchain/state.md

@@ -15,6 +15,7 @@ validation.
 
 ```go
 type State struct {
+    Version     Version
     LastResults []Result
     AppHash []byte
 
@@ -55,8 +56,8 @@ type Validator struct {
 }
 ```
 
-When hashing the Validator struct, the pubkey is not hashed,
-because the address is already the hash of the pubkey.
+When hashing the Validator struct, the address is not included,
+because it is redundant with the pubkey.
 
 The `state.Validators`, `state.LastValidators`, and `state.NextValidators`, must always by sorted by validator address,
 so that there is a canonical order for computing the SimpleMerkleRoot.

docs/spec/p2p/peer.md

@@ -75,22 +75,25 @@ The Tendermint Version Handshake allows the peers to exchange their NodeInfo:
 
 ```golang
 type NodeInfo struct {
+  Version    p2p.Version
   ID         p2p.ID
   ListenAddr string
 
   Network    string
-  Version    string
+  SoftwareVersion    string
   Channels   []int8
 
   Moniker    string
   Other      NodeInfoOther
 }
 
+type Version struct {
+	P2P uint64
+	Block uint64
+	App uint64
+}
+
 type NodeInfoOther struct {
-	AminoVersion     string
-	P2PVersion       string
-	ConsensusVersion string
-	RPCVersion       string
 	TxIndex          string
 	RPCAddress       string
 }
@@ -99,8 +102,7 @@ type NodeInfoOther struct {
 The connection is disconnected if:
 
 - `peer.NodeInfo.ID` is not equal `peerConn.ID`
-- `peer.NodeInfo.Version` is not formatted as `X.X.X` where X are integers known as Major, Minor, and Revision
-- `peer.NodeInfo.Version` Major is not the same as ours
+- `peer.NodeInfo.Version.Block` does not match ours
 - `peer.NodeInfo.Network` is not the same as ours
 - `peer.Channels` does not intersect with our known Channels.
 - `peer.NodeInfo.ListenAddr` is malformed or is a DNS host that cannot be

docs/spec/reactors/consensus/consensus-reactor.md

@@ -129,13 +129,16 @@ handleMessage(msg):
         Reset prs.CatchupCommitRound and prs.CatchupCommit
 ```
 
-### CommitStepMessage handler
+### NewValidBlockMessage handler
 
 ```
 handleMessage(msg):
-    if prs.Height == msg.Height then
-        prs.ProposalBlockPartsHeader = msg.BlockPartsHeader
-        prs.ProposalBlockParts = msg.BlockParts
+    if prs.Height != msg.Height then return
+    
+    if prs.Round != msg.Round && !msg.IsCommit then return
+    
+    prs.ProposalBlockPartsHeader = msg.BlockPartsHeader
+    prs.ProposalBlockParts = msg.BlockParts
 ```
 
 ### HasVoteMessage handler
@@ -161,8 +164,8 @@ handleMessage(msg):
 handleMessage(msg):
     if prs.Height != msg.Height || prs.Round != msg.Round || prs.Proposal then return
     prs.Proposal = true
-    prs.ProposalBlockPartsHeader = msg.BlockPartsHeader
-    prs.ProposalBlockParts = empty set
+    if prs.ProposalBlockParts == empty set then // otherwise it is set in NewValidBlockMessage handler
+      prs.ProposalBlockPartsHeader = msg.BlockPartsHeader
     prs.ProposalPOLRound = msg.POLRound
     prs.ProposalPOL = nil
     Send msg through internal peerMsgQueue to ConsensusState service

docs/spec/reactors/consensus/consensus.md

@@ -26,7 +26,7 @@ only to a subset of processes called peers. By the gossiping protocol, a validat
 all needed information (`ProposalMessage`, `VoteMessage` and `BlockPartMessage`) so they can
 reach agreement on some block, and also obtain the content of the chosen block (block parts). As
 part of the gossiping protocol, processes also send auxiliary messages that inform peers about the
-executed steps of the core consensus algorithm (`NewRoundStepMessage` and `CommitStepMessage`), and
+executed steps of the core consensus algorithm (`NewRoundStepMessage` and `NewValidBlockMessage`), and
 also messages that inform peers what votes the process has seen (`HasVoteMessage`,
 `VoteSetMaj23Message` and `VoteSetBitsMessage`). These messages are then used in the gossiping
 protocol to determine what messages a process should send to its peers.
@@ -47,25 +47,21 @@ type ProposalMessage struct {
 ### Proposal
 
 Proposal contains height and round for which this proposal is made, BlockID as a unique identifier
-of proposed block, timestamp, and two fields (POLRound and POLBlockID) that are needed for
-termination of the consensus. The message is signed by the validator private key.
+of proposed block, timestamp, and POLRound (a so-called Proof-of-Lock (POL) round) that is needed for
+termination of the consensus. If POLRound >= 0, then BlockID corresponds to the block that 
+is locked in POLRound. The message is signed by the validator private key.
 
 ```go
 type Proposal struct {
     Height           int64
     Round            int
-    Timestamp        Time
-    BlockID          BlockID
     POLRound         int
-    POLBlockID       BlockID
+    BlockID          BlockID
+    Timestamp        Time
     Signature        Signature
 }
 ```
 
-NOTE: In the current version of the Tendermint, the consensus value in proposal is represented with
-PartSetHeader, and with BlockID in vote message. It should be aligned as suggested in this spec as
-BlockID contains PartSetHeader.
-
 ## VoteMessage
 
 VoteMessage is sent to vote for some block (or to inform others that a process does not vote in the
@@ -136,23 +132,26 @@ type NewRoundStepMessage struct {
 }
 ```
 
-## CommitStepMessage
+## NewValidBlockMessage
 
-CommitStepMessage is sent when an agreement on some block is reached. It contains height for which
-agreement is reached, block parts header that describes the decided block and is used to obtain all
+NewValidBlockMessage is sent when a validator observes a valid block B in some round r, 
+i.e., there is a Proposal for block B and 2/3+ prevotes for the block B in the round r.
+It contains height and round in which valid block is observed, block parts header that describes 
+the valid block and is used to obtain all
 block parts, and a bit array of the block parts a process currently has, so its peers can know what
 parts it is missing so they can send them.
+In case the block is also committed, then IsCommit flag is set to true.
 
 ```go
-type CommitStepMessage struct {
+type NewValidBlockMessage struct {
     Height           int64
-    BlockID          BlockID
+    Round            int    
+    BlockPartsHeader PartSetHeader
     BlockParts       BitArray
+    IsCommit         bool
 }
 ```
 
-TODO: We use BlockID instead of BlockPartsHeader (in current implementation) for symmetry.
-
 ## ProposalPOLMessage
 
 ProposalPOLMessage is sent when a previous block is re-proposed.

evidence/pool.go

@@ -127,7 +127,7 @@ func (evpool *EvidencePool) MarkEvidenceAsCommitted(height int64, evidence []typ
 	}
 
 	// remove committed evidence from the clist
-	maxAge := evpool.State().ConsensusParams.EvidenceParams.MaxAge
+	maxAge := evpool.State().ConsensusParams.Evidence.MaxAge
 	evpool.removeEvidence(height, maxAge, blockEvidenceMap)
 
 }

evidence/pool_test.go

@@ -38,7 +38,7 @@ func initializeValidatorState(valAddr []byte, height int64) dbm.DB {
 		NextValidators:              valSet.CopyIncrementAccum(1),
 		LastHeightValidatorsChanged: 1,
 		ConsensusParams: types.ConsensusParams{
-			EvidenceParams: types.EvidenceParams{
+			Evidence: types.EvidenceParams{
 				MaxAge: 1000000,
 			},
 		},

evidence/reactor.go

@@ -74,6 +74,13 @@ func (evR *EvidenceReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) {
 		evR.Switch.StopPeerForError(src, err)
 		return
 	}
+
+	if err = msg.ValidateBasic(); err != nil {
+		evR.Logger.Error("Peer sent us invalid msg", "peer", src, "msg", msg, "err", err)
+		evR.Switch.StopPeerForError(src, err)
+		return
+	}
+
 	evR.Logger.Debug("Receive", "src", src, "chId", chID, "msg", msg)
 
 	switch msg := msg.(type) {
@@ -164,7 +171,7 @@ func (evR EvidenceReactor) checkSendEvidenceMessage(peer p2p.Peer, ev types.Evid
 
 	// NOTE: We only send evidence to peers where
 	// peerHeight - maxAge < evidenceHeight < peerHeight
-	maxAge := evR.evpool.State().ConsensusParams.EvidenceParams.MaxAge
+	maxAge := evR.evpool.State().ConsensusParams.Evidence.MaxAge
 	peerHeight := peerState.GetHeight()
 	if peerHeight < evHeight {
 		// peer is behind. sleep while he catches up
@@ -191,7 +198,9 @@ type PeerState interface {
 // Messages
 
 // EvidenceMessage is a message sent or received by the EvidenceReactor.
-type EvidenceMessage interface{}
+type EvidenceMessage interface {
+	ValidateBasic() error
+}
 
 func RegisterEvidenceMessages(cdc *amino.Codec) {
 	cdc.RegisterInterface((*EvidenceMessage)(nil), nil)
@@ -209,11 +218,21 @@ func decodeMsg(bz []byte) (msg EvidenceMessage, err error) {
 
 //-------------------------------------
 
-// EvidenceMessage contains a list of evidence.
+// EvidenceListMessage contains a list of evidence.
 type EvidenceListMessage struct {
 	Evidence []types.Evidence
 }
 
+// ValidateBasic performs basic validation.
+func (m *EvidenceListMessage) ValidateBasic() error {
+	for i, ev := range m.Evidence {
+		if err := ev.ValidateBasic(); err != nil {
+			return fmt.Errorf("Invalid evidence (#%d): %v", i, err)
+		}
+	}
+	return nil
+}
+
 // String returns a string representation of the EvidenceListMessage.
 func (m *EvidenceListMessage) String() string {
 	return fmt.Sprintf("[EvidenceListMessage %v]", m.Evidence)

libs/common/errors.go

@@ -146,7 +146,7 @@ func (err *cmnError) Format(s fmt.State, verb rune) {
 			s.Write([]byte("--= /Error =--\n"))
 		} else {
 			// Write msg.
-			s.Write([]byte(fmt.Sprintf("Error{%v}", err.data))) // TODO tick-esc?
+			s.Write([]byte(fmt.Sprintf("%v", err.data)))
 		}
 	}
 }

libs/common/errors_test.go

@@ -24,7 +24,7 @@ func TestErrorPanic(t *testing.T) {
 	var err = capturePanic()
 
 	assert.Equal(t, pnk{"something"}, err.Data())
-	assert.Equal(t, "Error{{something}}", fmt.Sprintf("%v", err))
+	assert.Equal(t, "{something}", fmt.Sprintf("%v", err))
 	assert.Contains(t, fmt.Sprintf("%#v", err), "This is the message in ErrorWrap(r, message).")
 	assert.Contains(t, fmt.Sprintf("%#v", err), "Stack Trace:\n    0")
 }
@@ -34,7 +34,7 @@ func TestErrorWrapSomething(t *testing.T) {
 	var err = ErrorWrap("something", "formatter%v%v", 0, 1)
 
 	assert.Equal(t, "something", err.Data())
-	assert.Equal(t, "Error{something}", fmt.Sprintf("%v", err))
+	assert.Equal(t, "something", fmt.Sprintf("%v", err))
 	assert.Regexp(t, `formatter01\n`, fmt.Sprintf("%#v", err))
 	assert.Contains(t, fmt.Sprintf("%#v", err), "Stack Trace:\n    0")
 }
@@ -46,7 +46,7 @@ func TestErrorWrapNothing(t *testing.T) {
 	assert.Equal(t,
 		FmtError{"formatter%v%v", []interface{}{0, 1}},
 		err.Data())
-	assert.Equal(t, "Error{formatter01}", fmt.Sprintf("%v", err))
+	assert.Equal(t, "formatter01", fmt.Sprintf("%v", err))
 	assert.Contains(t, fmt.Sprintf("%#v", err), `Data: common.FmtError{format:"formatter%v%v", args:[]interface {}{0, 1}}`)
 	assert.Contains(t, fmt.Sprintf("%#v", err), "Stack Trace:\n    0")
 }
@@ -58,7 +58,7 @@ func TestErrorNewError(t *testing.T) {
 	assert.Equal(t,
 		FmtError{"formatter%v%v", []interface{}{0, 1}},
 		err.Data())
-	assert.Equal(t, "Error{formatter01}", fmt.Sprintf("%v", err))
+	assert.Equal(t, "formatter01", fmt.Sprintf("%v", err))
 	assert.Contains(t, fmt.Sprintf("%#v", err), `Data: common.FmtError{format:"formatter%v%v", args:[]interface {}{0, 1}}`)
 	assert.NotContains(t, fmt.Sprintf("%#v", err), "Stack Trace")
 }
@@ -70,7 +70,7 @@ func TestErrorNewErrorWithStacktrace(t *testing.T) {
 	assert.Equal(t,
 		FmtError{"formatter%v%v", []interface{}{0, 1}},
 		err.Data())
-	assert.Equal(t, "Error{formatter01}", fmt.Sprintf("%v", err))
+	assert.Equal(t, "formatter01", fmt.Sprintf("%v", err))
 	assert.Contains(t, fmt.Sprintf("%#v", err), `Data: common.FmtError{format:"formatter%v%v", args:[]interface {}{0, 1}}`)
 	assert.Contains(t, fmt.Sprintf("%#v", err), "Stack Trace:\n    0")
 }
@@ -85,7 +85,7 @@ func TestErrorNewErrorWithTrace(t *testing.T) {
 	assert.Equal(t,
 		FmtError{"formatter%v%v", []interface{}{0, 1}},
 		err.Data())
-	assert.Equal(t, "Error{formatter01}", fmt.Sprintf("%v", err))
+	assert.Equal(t, "formatter01", fmt.Sprintf("%v", err))
 	assert.Contains(t, fmt.Sprintf("%#v", err), `Data: common.FmtError{format:"formatter%v%v", args:[]interface {}{0, 1}}`)
 	dump := fmt.Sprintf("%#v", err)
 	assert.NotContains(t, dump, "Stack Trace")

libs/fail/fail.go

@@ -0,0 +1,78 @@
+package fail
+
+import (
+	"fmt"
+	"math/rand"
+	"os"
+	"strconv"
+)
+
+var callIndexToFail int
+
+func init() {
+	callIndexToFailS := os.Getenv("FAIL_TEST_INDEX")
+
+	if callIndexToFailS == "" {
+		callIndexToFail = -1
+	} else {
+		var err error
+		callIndexToFail, err = strconv.Atoi(callIndexToFailS)
+		if err != nil {
+			callIndexToFail = -1
+		}
+	}
+}
+
+// Fail when FAIL_TEST_INDEX == callIndex
+var (
+	callIndex int //indexes Fail calls
+
+	callRandIndex       int  // indexes a run of FailRand calls
+	callRandIndexToFail = -1 // the callRandIndex to fail on in FailRand
+)
+
+func Fail() {
+	if callIndexToFail < 0 {
+		return
+	}
+
+	if callIndex == callIndexToFail {
+		Exit()
+	}
+
+	callIndex += 1
+}
+
+// FailRand should be called n successive times.
+// It will fail on a random one of those calls
+// n must be greater than 0
+func FailRand(n int) {
+	if callIndexToFail < 0 {
+		return
+	}
+
+	if callRandIndexToFail < 0 {
+		// first call in the loop, pick a random index to fail at
+		callRandIndexToFail = rand.Intn(n)
+		callRandIndex = 0
+	}
+
+	if callIndex == callIndexToFail {
+		if callRandIndex == callRandIndexToFail {
+			Exit()
+		}
+	}
+
+	callRandIndex += 1
+
+	if callRandIndex == n {
+		callIndex += 1
+	}
+}
+
+func Exit() {
+	fmt.Printf("*** fail-test %d ***\n", callIndex)
+	proc, _ := os.FindProcess(os.Getpid())
+	proc.Signal(os.Interrupt)
+	//	panic(fmt.Sprintf("*** fail-test %d ***", callIndex))
+}

libs/log/tmfmt_logger.go

@@ -84,13 +84,13 @@ func (l tmfmtLogger) Log(keyvals ...interface{}) error {
 	// Form a custom Tendermint line
 	//
 	// Example:
-	//     D[05-02|11:06:44.322] Stopping AddrBook (ignoring: already stopped)
+	//     D[2016-05-02|11:06:44.322]   Stopping AddrBook (ignoring: already stopped)
 	//
 	// Description:
 	//     D										- first character of the level, uppercase (ASCII only)
-	//     [05-02|11:06:44.322] - our time format (see https://golang.org/src/time/format.go)
+	//     [2016-05-02|11:06:44.322]    - our time format (see https://golang.org/src/time/format.go)
 	//     Stopping ...					- message
-	enc.buf.WriteString(fmt.Sprintf("%c[%s] %-44s ", lvl[0]-32, time.Now().Format("01-02|15:04:05.000"), msg))
+	enc.buf.WriteString(fmt.Sprintf("%c[%s] %-44s ", lvl[0]-32, time.Now().Format("2016-01-02|15:04:05.000"), msg))
 
 	if module != unknown {
 		enc.buf.WriteString("module=" + module + " ")

libs/pubsub/pubsub.go

@@ -9,6 +9,39 @@
 // When some message is published, we match it with all queries. If there is a
 // match, this message will be pushed to all clients, subscribed to that query.
 // See query subpackage for our implementation.
+//
+// Due to the blocking send implementation, a single subscriber can freeze an
+// entire server by not reading messages before it unsubscribes. To avoid such
+// scenario, subscribers must either:
+//
+// a) make sure they continue to read from the out channel until
+// Unsubscribe(All) is called
+//
+//     s.Subscribe(ctx, sub, qry, out)
+//     go func() {
+//         for msg := range out {
+//             // handle msg
+//             // will exit automatically when out is closed by Unsubscribe(All)
+//         }
+//     }()
+//     s.UnsubscribeAll(ctx, sub)
+//
+// b) drain the out channel before calling Unsubscribe(All)
+//
+//     s.Subscribe(ctx, sub, qry, out)
+//     defer func() {
+//         for range out {
+//             // drain out to make sure we don't block
+//         }
+//         s.UnsubscribeAll(ctx, sub)
+//     }()
+//     for msg := range out {
+//         // handle msg
+//         if err != nil {
+//            return err
+//         }
+//     }
+//
 package pubsub
 
 import (

lite/dbprovider.go

@@ -56,7 +56,7 @@ func (dbp *DBProvider) SaveFullCommit(fc FullCommit) error {
 	// We might be overwriting what we already have, but
 	// it makes the logic easier for now.
 	vsKey := validatorSetKey(fc.ChainID(), fc.Height())
-	vsBz, err := dbp.cdc.MarshalBinary(fc.Validators)
+	vsBz, err := dbp.cdc.MarshalBinaryLengthPrefixed(fc.Validators)
 	if err != nil {
 		return err
 	}
@@ -64,7 +64,7 @@ func (dbp *DBProvider) SaveFullCommit(fc FullCommit) error {
 
 	// Save the fc.NextValidators.
 	nvsKey := validatorSetKey(fc.ChainID(), fc.Height()+1)
-	nvsBz, err := dbp.cdc.MarshalBinary(fc.NextValidators)
+	nvsBz, err := dbp.cdc.MarshalBinaryLengthPrefixed(fc.NextValidators)
 	if err != nil {
 		return err
 	}
@@ -72,7 +72,7 @@ func (dbp *DBProvider) SaveFullCommit(fc FullCommit) error {
 
 	// Save the fc.SignedHeader
 	shKey := signedHeaderKey(fc.ChainID(), fc.Height())
-	shBz, err := dbp.cdc.MarshalBinary(fc.SignedHeader)
+	shBz, err := dbp.cdc.MarshalBinaryLengthPrefixed(fc.SignedHeader)
 	if err != nil {
 		return err
 	}
@@ -121,7 +121,7 @@ func (dbp *DBProvider) LatestFullCommit(chainID string, minHeight, maxHeight int
 			// Found the latest full commit signed header.
 			shBz := itr.Value()
 			sh := types.SignedHeader{}
-			err := dbp.cdc.UnmarshalBinary(shBz, &sh)
+			err := dbp.cdc.UnmarshalBinaryLengthPrefixed(shBz, &sh)
 			if err != nil {
 				return FullCommit{}, err
 			} else {
@@ -150,7 +150,7 @@ func (dbp *DBProvider) getValidatorSet(chainID string, height int64) (valset *ty
 		err = lerr.ErrUnknownValidators(chainID, height)
 		return
 	}
-	err = dbp.cdc.UnmarshalBinary(vsBz, &valset)
+	err = dbp.cdc.UnmarshalBinaryLengthPrefixed(vsBz, &valset)
 	if err != nil {
 		return
 	}

mempool/mempool.go

@@ -25,12 +25,12 @@ import (
 // PreCheckFunc is an optional filter executed before CheckTx and rejects
 // transaction if false is returned. An example would be to ensure that a
 // transaction doesn't exceeded the block size.
-type PreCheckFunc func(types.Tx) bool
+type PreCheckFunc func(types.Tx) error
 
 // PostCheckFunc is an optional filter executed after CheckTx and rejects
 // transaction if false is returned. An example would be to ensure a
 // transaction doesn't require more gas than available for the block.
-type PostCheckFunc func(types.Tx, *abci.ResponseCheckTx) bool
+type PostCheckFunc func(types.Tx, *abci.ResponseCheckTx) error
 
 /*
 
@@ -68,24 +68,48 @@ var (
 	ErrMempoolIsFull = errors.New("Mempool is full")
 )
 
+// ErrPreCheck is returned when tx is too big
+type ErrPreCheck struct {
+	Reason error
+}
+
+func (e ErrPreCheck) Error() string {
+	return e.Reason.Error()
+}
+
+// IsPreCheckError returns true if err is due to pre check failure.
+func IsPreCheckError(err error) bool {
+	_, ok := err.(ErrPreCheck)
+	return ok
+}
+
 // PreCheckAminoMaxBytes checks that the size of the transaction plus the amino
 // overhead is smaller or equal to the expected maxBytes.
 func PreCheckAminoMaxBytes(maxBytes int64) PreCheckFunc {
-	return func(tx types.Tx) bool {
+	return func(tx types.Tx) error {
 		// We have to account for the amino overhead in the tx size as well
 		aminoOverhead := amino.UvarintSize(uint64(len(tx)))
-		return int64(len(tx)+aminoOverhead) <= maxBytes
+		txSize := int64(len(tx) + aminoOverhead)
+		if txSize > maxBytes {
+			return fmt.Errorf("Tx size (including amino overhead) is too big: %d, max: %d",
+				txSize, maxBytes)
+		}
+		return nil
 	}
 }
 
 // PostCheckMaxGas checks that the wanted gas is smaller or equal to the passed
-// maxGas. Returns true if maxGas is -1.
+// maxGas. Returns nil if maxGas is -1.
 func PostCheckMaxGas(maxGas int64) PostCheckFunc {
-	return func(tx types.Tx, res *abci.ResponseCheckTx) bool {
+	return func(tx types.Tx, res *abci.ResponseCheckTx) error {
 		if maxGas == -1 {
-			return true
+			return nil
 		}
-		return res.GasWanted <= maxGas
+		if res.GasWanted > maxGas {
+			return fmt.Errorf("gas wanted %d is greater than max gas %d",
+				res.GasWanted, maxGas)
+		}
+		return nil
 	}
 }
 
@@ -189,39 +213,33 @@ func WithMetrics(metrics *Metrics) MempoolOption {
 	return func(mem *Mempool) { mem.metrics = metrics }
 }
 
+// InitWAL creates a directory for the WAL file and opens a file itself.
+//
+// *panics* if can't create directory or open file.
+// *not thread safe*
+func (mem *Mempool) InitWAL() {
+	walDir := mem.config.WalDir()
+	err := cmn.EnsureDir(walDir, 0700)
+	if err != nil {
+		panic(errors.Wrap(err, "Error ensuring Mempool WAL dir"))
+	}
+	af, err := auto.OpenAutoFile(walDir + "/wal")
+	if err != nil {
+		panic(errors.Wrap(err, "Error opening Mempool WAL file"))
+	}
+	mem.wal = af
+}
+
 // CloseWAL closes and discards the underlying WAL file.
 // Any further writes will not be relayed to disk.
-func (mem *Mempool) CloseWAL() bool {
-	if mem == nil {
-		return false
-	}
-
+func (mem *Mempool) CloseWAL() {
 	mem.proxyMtx.Lock()
 	defer mem.proxyMtx.Unlock()
 
-	if mem.wal == nil {
-		return false
-	}
-	if err := mem.wal.Close(); err != nil && mem.logger != nil {
-		mem.logger.Error("Mempool.CloseWAL", "err", err)
+	if err := mem.wal.Close(); err != nil {
+		mem.logger.Error("Error closing WAL", "err", err)
 	}
 	mem.wal = nil
-	return true
-}
-
-func (mem *Mempool) InitWAL() {
-	walDir := mem.config.WalDir()
-	if walDir != "" {
-		err := cmn.EnsureDir(walDir, 0700)
-		if err != nil {
-			cmn.PanicSanity(errors.Wrap(err, "Error ensuring Mempool wal dir"))
-		}
-		af, err := auto.OpenAutoFile(walDir + "/wal")
-		if err != nil {
-			cmn.PanicSanity(errors.Wrap(err, "Error opening Mempool wal file"))
-		}
-		mem.wal = af
-	}
 }
 
 // Lock locks the mempool. The consensus must be able to hold lock to safely update.
@@ -285,8 +303,10 @@ func (mem *Mempool) CheckTx(tx types.Tx, cb func(*abci.Response)) (err error) {
 		return ErrMempoolIsFull
 	}
 
-	if mem.preCheck != nil && !mem.preCheck(tx) {
-		return
+	if mem.preCheck != nil {
+		if err := mem.preCheck(tx); err != nil {
+			return ErrPreCheck{err}
+		}
 	}
 
 	// CACHE
@@ -346,7 +366,13 @@ func (mem *Mempool) resCbNormal(req *abci.Request, res *abci.Response) {
 				tx:        tx,
 			}
 			mem.txs.PushBack(memTx)
-			mem.logger.Info("Added good transaction", "tx", TxID(tx), "res", r, "total", mem.Size())
+			mem.logger.Info("Added good transaction",
+				"tx", TxID(tx),
+				"res", r,
+				"height", memTx.height,
+				"total", mem.Size(),
+				"counter", memTx.counter,
+			)
 			mem.metrics.TxSizeBytes.Observe(float64(len(tx)))
 			mem.notifyTxsAvailable()
 		} else {
@@ -566,7 +592,13 @@ func (mem *Mempool) recheckTxs(goodTxs []types.Tx) {
 }
 
 func (mem *Mempool) isPostCheckPass(tx types.Tx, r *abci.ResponseCheckTx) bool {
-	return mem.postCheck == nil || mem.postCheck(tx, r)
+	if mem.postCheck == nil {
+		return true
+	}
+	if err := mem.postCheck(tx, r); err != nil {
+		return false
+	}
+	return true
 }
 
 //--------------------------------------------------------------------------------

mempool/mempool_test.go

@@ -14,7 +14,6 @@ import (
 	"github.com/stretchr/testify/assert"
 
 	"github.com/stretchr/testify/require"
-	amino "github.com/tendermint/go-amino"
 	"github.com/tendermint/tendermint/abci/example/counter"
 	"github.com/tendermint/tendermint/abci/example/kvstore"
 	abci "github.com/tendermint/tendermint/abci/types"
@@ -66,7 +65,10 @@ func checkTxs(t *testing.T, mempool *Mempool, count int) types.Txs {
 			t.Error(err)
 		}
 		if err := mempool.CheckTx(txBytes, nil); err != nil {
-			t.Fatalf("Error after CheckTx: %v", err)
+			if IsPreCheckError(err) {
+				continue
+			}
+			t.Fatalf("CheckTx failed: %v while checking #%d tx", err, i)
 		}
 	}
 	return txs
@@ -126,47 +128,29 @@ func TestMempoolFilters(t *testing.T) {
 	mempool := newMempoolWithApp(cc)
 	emptyTxArr := []types.Tx{[]byte{}}
 
-	nopPreFilter := func(tx types.Tx) bool { return true }
-	nopPostFilter := func(tx types.Tx, res *abci.ResponseCheckTx) bool { return true }
-
-	// This is the same filter we expect to be used within node/node.go and state/execution.go
-	nBytePreFilter := func(n int) func(tx types.Tx) bool {
-		return func(tx types.Tx) bool {
-			// We have to account for the amino overhead in the tx size as well
-			aminoOverhead := amino.UvarintSize(uint64(len(tx)))
-			return (len(tx) + aminoOverhead) <= n
-		}
-	}
-
-	nGasPostFilter := func(n int64) func(tx types.Tx, res *abci.ResponseCheckTx) bool {
-		return func(tx types.Tx, res *abci.ResponseCheckTx) bool {
-			if n == -1 {
-				return true
-			}
-			return res.GasWanted <= n
-		}
-	}
+	nopPreFilter := func(tx types.Tx) error { return nil }
+	nopPostFilter := func(tx types.Tx, res *abci.ResponseCheckTx) error { return nil }
 
 	// each table driven test creates numTxsToCreate txs with checkTx, and at the end clears all remaining txs.
 	// each tx has 20 bytes + amino overhead = 21 bytes, 1 gas
 	tests := []struct {
 		numTxsToCreate int
-		preFilter      func(tx types.Tx) bool
-		postFilter     func(tx types.Tx, res *abci.ResponseCheckTx) bool
+		preFilter      PreCheckFunc
+		postFilter     PostCheckFunc
 		expectedNumTxs int
 	}{
 		{10, nopPreFilter, nopPostFilter, 10},
-		{10, nBytePreFilter(10), nopPostFilter, 0},
-		{10, nBytePreFilter(20), nopPostFilter, 0},
-		{10, nBytePreFilter(21), nopPostFilter, 10},
-		{10, nopPreFilter, nGasPostFilter(-1), 10},
-		{10, nopPreFilter, nGasPostFilter(0), 0},
-		{10, nopPreFilter, nGasPostFilter(1), 10},
-		{10, nopPreFilter, nGasPostFilter(3000), 10},
-		{10, nBytePreFilter(10), nGasPostFilter(20), 0},
-		{10, nBytePreFilter(30), nGasPostFilter(20), 10},
-		{10, nBytePreFilter(21), nGasPostFilter(1), 10},
-		{10, nBytePreFilter(21), nGasPostFilter(0), 0},
+		{10, PreCheckAminoMaxBytes(10), nopPostFilter, 0},
+		{10, PreCheckAminoMaxBytes(20), nopPostFilter, 0},
+		{10, PreCheckAminoMaxBytes(21), nopPostFilter, 10},
+		{10, nopPreFilter, PostCheckMaxGas(-1), 10},
+		{10, nopPreFilter, PostCheckMaxGas(0), 0},
+		{10, nopPreFilter, PostCheckMaxGas(1), 10},
+		{10, nopPreFilter, PostCheckMaxGas(3000), 10},
+		{10, PreCheckAminoMaxBytes(10), PostCheckMaxGas(20), 0},
+		{10, PreCheckAminoMaxBytes(30), PostCheckMaxGas(20), 10},
+		{10, PreCheckAminoMaxBytes(21), PostCheckMaxGas(1), 10},
+		{10, PreCheckAminoMaxBytes(21), PostCheckMaxGas(0), 0},
 	}
 	for tcIndex, tt := range tests {
 		mempool.Update(1, emptyTxArr, tt.preFilter, tt.postFilter)
@@ -385,15 +369,12 @@ func TestMempoolCloseWAL(t *testing.T) {
 
 	// 7. Invoke CloseWAL() and ensure it discards the
 	// WAL thus any other write won't go through.
-	require.True(t, mempool.CloseWAL(), "CloseWAL should CloseWAL")
+	mempool.CloseWAL()
 	mempool.CheckTx(types.Tx([]byte("bar")), nil)
 	sum2 := checksumFile(walFilepath, t)
 	require.Equal(t, sum1, sum2, "expected no change to the WAL after invoking CloseWAL() since it was discarded")
 
-	// 8. Second CloseWAL should do nothing
-	require.False(t, mempool.CloseWAL(), "CloseWAL should CloseWAL")
-
-	// 9. Sanity check to ensure that the WAL file still exists
+	// 8. Sanity check to ensure that the WAL file still exists
 	m3, err := filepath.Glob(filepath.Join(rootDir, "*"))
 	require.Nil(t, err, "successful globbing expected")
 	require.Equal(t, 1, len(m3), "expecting the wal match in")

node/node.go

@@ -13,8 +13,8 @@ import (
 
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
-	"github.com/tendermint/go-amino"
 
+	amino "github.com/tendermint/go-amino"
 	abci "github.com/tendermint/tendermint/abci/types"
 	bc "github.com/tendermint/tendermint/blockchain"
 	cfg "github.com/tendermint/tendermint/config"
@@ -32,7 +32,6 @@ import (
 	rpccore "github.com/tendermint/tendermint/rpc/core"
 	ctypes "github.com/tendermint/tendermint/rpc/core/types"
 	grpccore "github.com/tendermint/tendermint/rpc/grpc"
-	"github.com/tendermint/tendermint/rpc/lib"
 	"github.com/tendermint/tendermint/rpc/lib/server"
 	sm "github.com/tendermint/tendermint/state"
 	"github.com/tendermint/tendermint/state/txindex"
@@ -196,8 +195,8 @@ func NewNode(config *cfg.Config,
 		return nil, fmt.Errorf("Error starting proxy app connections: %v", err)
 	}
 
-	// Create the handshaker, which calls RequestInfo and replays any blocks
-	// as necessary to sync tendermint with the app.
+	// Create the handshaker, which calls RequestInfo, sets the AppVersion on the state,
+	// and replays any blocks as necessary to sync tendermint with the app.
 	consensusLogger := logger.With("module", "consensus")
 	handshaker := cs.NewHandshaker(stateDB, state, blockStore, genDoc)
 	handshaker.SetLogger(consensusLogger)
@@ -205,9 +204,21 @@ func NewNode(config *cfg.Config,
 		return nil, fmt.Errorf("Error during handshake: %v", err)
 	}
 
-	// reload the state (it may have been updated by the handshake)
+	// Reload the state. It will have the Version.Consensus.App set by the
+	// Handshake, and may have other modifications as well (ie. depending on
+	// what happened during block replay).
 	state = sm.LoadState(stateDB)
 
+	// Ensure the state's block version matches that of the software.
+	if state.Version.Consensus.Block != version.BlockProtocol {
+		return nil, fmt.Errorf(
+			"Block version of the software does not match that of the state.\n"+
+				"Got version.BlockProtocol=%v, state.Version.Consensus.Block=%v",
+			version.BlockProtocol,
+			state.Version.Consensus.Block,
+		)
+	}
+
 	// If an address is provided, listen on the socket for a
 	// connection from an external signing process.
 	if config.PrivValidatorListenAddr != "" {
@@ -215,7 +226,7 @@ func NewNode(config *cfg.Config,
 			// TODO: persist this key so external signer
 			// can actually authenticate us
 			privKey = ed25519.GenPrivKey()
-			pvsc    = privval.NewSocketPV(
+			pvsc    = privval.NewTCPVal(
 				logger.With("module", "privval"),
 				config.PrivValidatorListenAddr,
 				privKey,
@@ -268,7 +279,9 @@ func NewNode(config *cfg.Config,
 	)
 	mempoolLogger := logger.With("module", "mempool")
 	mempool.SetLogger(mempoolLogger)
-	mempool.InitWAL() // no need to have the mempool wal during tests
+	if config.Mempool.WalEnabled() {
+		mempool.InitWAL() // no need to have the mempool wal during tests
+	}
 	mempoolReactor := mempl.NewMempoolReactor(config.Mempool, mempool)
 	mempoolReactor.SetLogger(mempoolLogger)
 
@@ -351,7 +364,17 @@ func NewNode(config *cfg.Config,
 
 	var (
 		p2pLogger = logger.With("module", "p2p")
-		nodeInfo  = makeNodeInfo(config, nodeKey.ID(), txIndexer, genDoc.ChainID)
+		nodeInfo  = makeNodeInfo(
+			config,
+			nodeKey.ID(),
+			txIndexer,
+			genDoc.ChainID,
+			p2p.NewProtocolVersion(
+				version.P2PProtocol, // global
+				state.Version.Consensus.Block,
+				state.Version.Consensus.App,
+			),
+		)
 	)
 
 	// Setup Transport.
@@ -565,6 +588,11 @@ func (n *Node) OnStop() {
 	// TODO: gracefully disconnect from peers.
 	n.sw.Stop()
 
+	// stop mempool WAL
+	if n.config.Mempool.WalEnabled() {
+		n.mempoolReactor.Mempool.CloseWAL()
+	}
+
 	if err := n.transport.Close(); err != nil {
 		n.Logger.Error("Error closing transport", "err", err)
 	}
@@ -579,7 +607,7 @@ func (n *Node) OnStop() {
 		}
 	}
 
-	if pvsc, ok := n.privValidator.(*privval.SocketPV); ok {
+	if pvsc, ok := n.privValidator.(*privval.TCPVal); ok {
 		if err := pvsc.Stop(); err != nil {
 			n.Logger.Error("Error stopping priv validator socket client", "err", err)
 		}
@@ -756,15 +784,17 @@ func makeNodeInfo(
 	nodeID p2p.ID,
 	txIndexer txindex.TxIndexer,
 	chainID string,
+	protocolVersion p2p.ProtocolVersion,
 ) p2p.NodeInfo {
 	txIndexerStatus := "on"
 	if _, ok := txIndexer.(*null.TxIndex); ok {
 		txIndexerStatus = "off"
 	}
 	nodeInfo := p2p.DefaultNodeInfo{
-		ID_:     nodeID,
-		Network: chainID,
-		Version: version.Version,
+		ProtocolVersion: protocolVersion,
+		ID_:             nodeID,
+		Network:         chainID,
+		Version:         version.TMCoreSemVer,
 		Channels: []byte{
 			bc.BlockchainChannel,
 			cs.StateChannel, cs.DataChannel, cs.VoteChannel, cs.VoteSetBitsChannel,
@@ -773,12 +803,8 @@ func makeNodeInfo(
 		},
 		Moniker: config.Moniker,
 		Other: p2p.DefaultNodeInfoOther{
-			AminoVersion:     amino.Version,
-			P2PVersion:       p2p.Version,
-			ConsensusVersion: cs.Version,
-			RPCVersion:       fmt.Sprintf("%v/%v", rpc.Version, rpccore.Version),
-			TxIndex:          txIndexerStatus,
-			RPCAddress:       config.RPC.ListenAddress,
+			TxIndex:    txIndexerStatus,
+			RPCAddress: config.RPC.ListenAddress,
 		},
 	}
 

node/node_test.go

@@ -10,7 +10,11 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
+	"github.com/tendermint/tendermint/abci/example/kvstore"
 	"github.com/tendermint/tendermint/libs/log"
+	"github.com/tendermint/tendermint/p2p"
+	sm "github.com/tendermint/tendermint/state"
+	"github.com/tendermint/tendermint/version"
 
 	cfg "github.com/tendermint/tendermint/config"
 	"github.com/tendermint/tendermint/types"
@@ -91,3 +95,21 @@ func TestNodeDelayedStop(t *testing.T) {
 	startTime := tmtime.Now()
 	assert.Equal(t, true, startTime.After(n.GenesisDoc().GenesisTime))
 }
+
+func TestNodeSetAppVersion(t *testing.T) {
+	config := cfg.ResetTestRoot("node_app_version_test")
+
+	// create & start node
+	n, err := DefaultNewNode(config, log.TestingLogger())
+	assert.NoError(t, err, "expected no err on DefaultNewNode")
+
+	// default config uses the kvstore app
+	var appVersion version.Protocol = kvstore.ProtocolVersion
+
+	// check version is set in state
+	state := sm.LoadState(n.stateDB)
+	assert.Equal(t, state.Version.Consensus.App, appVersion)
+
+	// check version is set in node info
+	assert.Equal(t, n.nodeInfo.(p2p.DefaultNodeInfo).ProtocolVersion.App, appVersion)
+}

p2p/conn/connection.go

@@ -337,7 +337,7 @@ FOR_LOOP:
 			}
 		case <-c.pingTimer.Chan():
 			c.Logger.Debug("Send Ping")
-			_n, err = cdc.MarshalBinaryWriter(c.bufConnWriter, PacketPing{})
+			_n, err = cdc.MarshalBinaryLengthPrefixedWriter(c.bufConnWriter, PacketPing{})
 			if err != nil {
 				break SELECTION
 			}
@@ -359,7 +359,7 @@ FOR_LOOP:
 			}
 		case <-c.pong:
 			c.Logger.Debug("Send Pong")
-			_n, err = cdc.MarshalBinaryWriter(c.bufConnWriter, PacketPong{})
+			_n, err = cdc.MarshalBinaryLengthPrefixedWriter(c.bufConnWriter, PacketPong{})
 			if err != nil {
 				break SELECTION
 			}
@@ -477,7 +477,7 @@ FOR_LOOP:
 		var packet Packet
 		var _n int64
 		var err error
-		_n, err = cdc.UnmarshalBinaryReader(c.bufConnReader, &packet, int64(c._maxPacketMsgSize))
+		_n, err = cdc.UnmarshalBinaryLengthPrefixedReader(c.bufConnReader, &packet, int64(c._maxPacketMsgSize))
 		c.recvMonitor.Update(int(_n))
 		if err != nil {
 			if c.IsRunning() {
@@ -553,7 +553,7 @@ func (c *MConnection) stopPongTimer() {
 // maxPacketMsgSize returns a maximum size of PacketMsg, including the overhead
 // of amino encoding.
 func (c *MConnection) maxPacketMsgSize() int {
-	return len(cdc.MustMarshalBinary(PacketMsg{
+	return len(cdc.MustMarshalBinaryLengthPrefixed(PacketMsg{
 		ChannelID: 0x01,
 		EOF:       1,
 		Bytes:     make([]byte, c.config.MaxPacketMsgPayloadSize),
@@ -723,7 +723,7 @@ func (ch *Channel) nextPacketMsg() PacketMsg {
 // Not goroutine-safe
 func (ch *Channel) writePacketMsgTo(w io.Writer) (n int64, err error) {
 	var packet = ch.nextPacketMsg()
-	n, err = cdc.MarshalBinaryWriter(w, packet)
+	n, err = cdc.MarshalBinaryLengthPrefixedWriter(w, packet)
 	atomic.AddInt64(&ch.recentlySent, n)
 	return
 }

p2p/conn/connection_test.go

@@ -140,7 +140,7 @@ func TestMConnectionPongTimeoutResultsInError(t *testing.T) {
 	go func() {
 		// read ping
 		var pkt PacketPing
-		_, err = cdc.UnmarshalBinaryReader(server, &pkt, maxPingPongPacketSize)
+		_, err = cdc.UnmarshalBinaryLengthPrefixedReader(server, &pkt, maxPingPongPacketSize)
 		assert.Nil(t, err)
 		serverGotPing <- struct{}{}
 	}()
@@ -176,22 +176,22 @@ func TestMConnectionMultiplePongsInTheBeginning(t *testing.T) {
 	defer mconn.Stop()
 
 	// sending 3 pongs in a row (abuse)
-	_, err = server.Write(cdc.MustMarshalBinary(PacketPong{}))
+	_, err = server.Write(cdc.MustMarshalBinaryLengthPrefixed(PacketPong{}))
 	require.Nil(t, err)
-	_, err = server.Write(cdc.MustMarshalBinary(PacketPong{}))
+	_, err = server.Write(cdc.MustMarshalBinaryLengthPrefixed(PacketPong{}))
 	require.Nil(t, err)
-	_, err = server.Write(cdc.MustMarshalBinary(PacketPong{}))
+	_, err = server.Write(cdc.MustMarshalBinaryLengthPrefixed(PacketPong{}))
 	require.Nil(t, err)
 
 	serverGotPing := make(chan struct{})
 	go func() {
 		// read ping (one byte)
 		var packet, err = Packet(nil), error(nil)
-		_, err = cdc.UnmarshalBinaryReader(server, &packet, maxPingPongPacketSize)
+		_, err = cdc.UnmarshalBinaryLengthPrefixedReader(server, &packet, maxPingPongPacketSize)
 		require.Nil(t, err)
 		serverGotPing <- struct{}{}
 		// respond with pong
-		_, err = server.Write(cdc.MustMarshalBinary(PacketPong{}))
+		_, err = server.Write(cdc.MustMarshalBinaryLengthPrefixed(PacketPong{}))
 		require.Nil(t, err)
 	}()
 	<-serverGotPing
@@ -227,18 +227,18 @@ func TestMConnectionMultiplePings(t *testing.T) {
 
 	// sending 3 pings in a row (abuse)
 	// see https://github.com/tendermint/tendermint/issues/1190
-	_, err = server.Write(cdc.MustMarshalBinary(PacketPing{}))
+	_, err = server.Write(cdc.MustMarshalBinaryLengthPrefixed(PacketPing{}))
 	require.Nil(t, err)
 	var pkt PacketPong
-	_, err = cdc.UnmarshalBinaryReader(server, &pkt, maxPingPongPacketSize)
+	_, err = cdc.UnmarshalBinaryLengthPrefixedReader(server, &pkt, maxPingPongPacketSize)
 	require.Nil(t, err)
-	_, err = server.Write(cdc.MustMarshalBinary(PacketPing{}))
+	_, err = server.Write(cdc.MustMarshalBinaryLengthPrefixed(PacketPing{}))
 	require.Nil(t, err)
-	_, err = cdc.UnmarshalBinaryReader(server, &pkt, maxPingPongPacketSize)
+	_, err = cdc.UnmarshalBinaryLengthPrefixedReader(server, &pkt, maxPingPongPacketSize)
 	require.Nil(t, err)
-	_, err = server.Write(cdc.MustMarshalBinary(PacketPing{}))
+	_, err = server.Write(cdc.MustMarshalBinaryLengthPrefixed(PacketPing{}))
 	require.Nil(t, err)
-	_, err = cdc.UnmarshalBinaryReader(server, &pkt, maxPingPongPacketSize)
+	_, err = cdc.UnmarshalBinaryLengthPrefixedReader(server, &pkt, maxPingPongPacketSize)
 	require.Nil(t, err)
 
 	assert.True(t, mconn.IsRunning())
@@ -270,20 +270,20 @@ func TestMConnectionPingPongs(t *testing.T) {
 	go func() {
 		// read ping
 		var pkt PacketPing
-		_, err = cdc.UnmarshalBinaryReader(server, &pkt, maxPingPongPacketSize)
+		_, err = cdc.UnmarshalBinaryLengthPrefixedReader(server, &pkt, maxPingPongPacketSize)
 		require.Nil(t, err)
 		serverGotPing <- struct{}{}
 		// respond with pong
-		_, err = server.Write(cdc.MustMarshalBinary(PacketPong{}))
+		_, err = server.Write(cdc.MustMarshalBinaryLengthPrefixed(PacketPong{}))
 		require.Nil(t, err)
 
 		time.Sleep(mconn.config.PingInterval)
 
 		// read ping
-		_, err = cdc.UnmarshalBinaryReader(server, &pkt, maxPingPongPacketSize)
+		_, err = cdc.UnmarshalBinaryLengthPrefixedReader(server, &pkt, maxPingPongPacketSize)
 		require.Nil(t, err)
 		// respond with pong
-		_, err = server.Write(cdc.MustMarshalBinary(PacketPong{}))
+		_, err = server.Write(cdc.MustMarshalBinaryLengthPrefixed(PacketPong{}))
 		require.Nil(t, err)
 	}()
 	<-serverGotPing
@@ -380,7 +380,7 @@ func TestMConnectionReadErrorBadEncoding(t *testing.T) {
 	client := mconnClient.conn
 
 	// send badly encoded msgPacket
-	bz := cdc.MustMarshalBinary(PacketMsg{})
+	bz := cdc.MustMarshalBinaryLengthPrefixed(PacketMsg{})
 	bz[4] += 0x01 // Invalid prefix bytes.
 
 	// Write it.
@@ -428,7 +428,7 @@ func TestMConnectionReadErrorLongMessage(t *testing.T) {
 		EOF:       1,
 		Bytes:     make([]byte, mconnClient.config.MaxPacketMsgPayloadSize),
 	}
-	_, err = cdc.MarshalBinaryWriter(buf, packet)
+	_, err = cdc.MarshalBinaryLengthPrefixedWriter(buf, packet)
 	assert.Nil(t, err)
 	_, err = client.Write(buf.Bytes())
 	assert.Nil(t, err)
@@ -441,7 +441,7 @@ func TestMConnectionReadErrorLongMessage(t *testing.T) {
 		EOF:       1,
 		Bytes:     make([]byte, mconnClient.config.MaxPacketMsgPayloadSize+100),
 	}
-	_, err = cdc.MarshalBinaryWriter(buf, packet)
+	_, err = cdc.MarshalBinaryLengthPrefixedWriter(buf, packet)
 	assert.Nil(t, err)
 	_, err = client.Write(buf.Bytes())
 	assert.NotNil(t, err)

p2p/conn/secret_connection.go

@@ -211,7 +211,7 @@ func shareEphPubKey(conn io.ReadWriteCloser, locEphPub *[32]byte) (remEphPub *[3
 	// Send our pubkey and receive theirs in tandem.
 	var trs, _ = cmn.Parallel(
 		func(_ int) (val interface{}, err error, abort bool) {
-			var _, err1 = cdc.MarshalBinaryWriter(conn, locEphPub)
+			var _, err1 = cdc.MarshalBinaryLengthPrefixedWriter(conn, locEphPub)
 			if err1 != nil {
 				return nil, err1, true // abort
 			}
@@ -219,7 +219,7 @@ func shareEphPubKey(conn io.ReadWriteCloser, locEphPub *[32]byte) (remEphPub *[3
 		},
 		func(_ int) (val interface{}, err error, abort bool) {
 			var _remEphPub [32]byte
-			var _, err2 = cdc.UnmarshalBinaryReader(conn, &_remEphPub, 1024*1024) // TODO
+			var _, err2 = cdc.UnmarshalBinaryLengthPrefixedReader(conn, &_remEphPub, 1024*1024) // TODO
 			if err2 != nil {
 				return nil, err2, true // abort
 			}
@@ -305,7 +305,7 @@ func shareAuthSignature(sc *SecretConnection, pubKey crypto.PubKey, signature []
 	// Send our info and receive theirs in tandem.
 	var trs, _ = cmn.Parallel(
 		func(_ int) (val interface{}, err error, abort bool) {
-			var _, err1 = cdc.MarshalBinaryWriter(sc, authSigMessage{pubKey, signature})
+			var _, err1 = cdc.MarshalBinaryLengthPrefixedWriter(sc, authSigMessage{pubKey, signature})
 			if err1 != nil {
 				return nil, err1, true // abort
 			}
@@ -313,7 +313,7 @@ func shareAuthSignature(sc *SecretConnection, pubKey crypto.PubKey, signature []
 		},
 		func(_ int) (val interface{}, err error, abort bool) {
 			var _recvMsg authSigMessage
-			var _, err2 = cdc.UnmarshalBinaryReader(sc, &_recvMsg, 1024*1024) // TODO
+			var _, err2 = cdc.UnmarshalBinaryLengthPrefixedReader(sc, &_recvMsg, 1024*1024) // TODO
 			if err2 != nil {
 				return nil, err2, true // abort
 			}

p2p/dummy/peer.go

@@ -78,3 +78,8 @@ func (p *peer) Get(key string) interface{} {
 	}
 	return nil
 }
+
+// OriginalAddr always returns nil.
+func (p *peer) OriginalAddr() *p2p.NetAddress {
+	return nil
+}

p2p/key.go

@@ -8,7 +8,6 @@ import (
 
 	crypto "github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/ed25519"
-	"github.com/tendermint/tendermint/crypto/tmhash"
 	cmn "github.com/tendermint/tendermint/libs/common"
 )
 
@@ -17,7 +16,7 @@ type ID string
 
 // IDByteLength is the length of a crypto.Address. Currently only 20.
 // TODO: support other length addresses ?
-const IDByteLength = tmhash.Size
+const IDByteLength = crypto.AddressSize
 
 //------------------------------------------------------------------------------
 // Persistent peer ID

p2p/metrics.go

@@ -62,7 +62,7 @@ func PrometheusMetrics(namespace string) *Metrics {
 // NopMetrics returns no-op Metrics.
 func NopMetrics() *Metrics {
 	return &Metrics{
-		Peers: discard.NewGauge(),
+		Peers:                 discard.NewGauge(),
 		PeerReceiveBytesTotal: discard.NewCounter(),
 		PeerSendBytesTotal:    discard.NewCounter(),
 		PeerPendingSendBytes:  discard.NewGauge(),

p2p/node_info.go

@@ -3,9 +3,9 @@ package p2p
 import (
 	"fmt"
 	"reflect"
-	"strings"
 
 	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/tendermint/tendermint/version"
 )
 
 const (
@@ -18,8 +18,10 @@ func MaxNodeInfoSize() int {
 	return maxNodeInfoSize
 }
 
+//-------------------------------------------------------------
+
 // NodeInfo exposes basic info of a node
-// and determines if we're compatible
+// and determines if we're compatible.
 type NodeInfo interface {
 	nodeInfoAddress
 	nodeInfoTransport
@@ -31,16 +33,49 @@ type nodeInfoAddress interface {
 	NetAddress() *NetAddress
 }
 
-// nodeInfoTransport is validates a nodeInfo and checks
+// nodeInfoTransport validates a nodeInfo and checks
 // our compatibility with it. It's for use in the handshake.
 type nodeInfoTransport interface {
 	ValidateBasic() error
 	CompatibleWith(other NodeInfo) error
 }
 
+//-------------------------------------------------------------
+
+// ProtocolVersion contains the protocol versions for the software.
+type ProtocolVersion struct {
+	P2P   version.Protocol `json:"p2p"`
+	Block version.Protocol `json:"block"`
+	App   version.Protocol `json:"app"`
+}
+
+// defaultProtocolVersion populates the Block and P2P versions using
+// the global values, but not the App.
+var defaultProtocolVersion = NewProtocolVersion(
+	version.P2PProtocol,
+	version.BlockProtocol,
+	0,
+)
+
+// NewProtocolVersion returns a fully populated ProtocolVersion.
+func NewProtocolVersion(p2p, block, app version.Protocol) ProtocolVersion {
+	return ProtocolVersion{
+		P2P:   p2p,
+		Block: block,
+		App:   app,
+	}
+}
+
+//-------------------------------------------------------------
+
+// Assert DefaultNodeInfo satisfies NodeInfo
+var _ NodeInfo = DefaultNodeInfo{}
+
 // DefaultNodeInfo is the basic node information exchanged
 // between two peers during the Tendermint P2P handshake.
 type DefaultNodeInfo struct {
+	ProtocolVersion ProtocolVersion `json:"protocol_version"`
+
 	// Authenticate
 	// TODO: replace with NetAddress
 	ID_        ID     `json:"id"`          // authenticated identifier
@@ -59,12 +94,8 @@ type DefaultNodeInfo struct {
 
 // DefaultNodeInfoOther is the misc. applcation specific data
 type DefaultNodeInfoOther struct {
-	AminoVersion     string `json:"amino_version"`
-	P2PVersion       string `json:"p2p_version"`
-	ConsensusVersion string `json:"consensus_version"`
-	RPCVersion       string `json:"rpc_version"`
-	TxIndex          string `json:"tx_index"`
-	RPCAddress       string `json:"rpc_address"`
+	TxIndex    string `json:"tx_index"`
+	RPCAddress string `json:"rpc_address"`
 }
 
 // ID returns the node's peer ID.
@@ -86,35 +117,28 @@ func (info DefaultNodeInfo) ID() ID {
 // url-encoding), and we just need to be careful with how we handle that in our
 // clients. (e.g. off by default).
 func (info DefaultNodeInfo) ValidateBasic() error {
+
+	// ID is already validated.
+
+	// Validate ListenAddr.
+	_, err := NewNetAddressString(IDAddressString(info.ID(), info.ListenAddr))
+	if err != nil {
+		return err
+	}
+
+	// Network is validated in CompatibleWith.
+
+	// Validate Version
+	if len(info.Version) > 0 &&
+		(!cmn.IsASCIIText(info.Version) || cmn.ASCIITrim(info.Version) == "") {
+
+		return fmt.Errorf("info.Version must be valid ASCII text without tabs, but got %v", info.Version)
+	}
+
+	// Validate Channels - ensure max and check for duplicates.
 	if len(info.Channels) > maxNumChannels {
 		return fmt.Errorf("info.Channels is too long (%v). Max is %v", len(info.Channels), maxNumChannels)
 	}
-
-	// Sanitize ASCII text fields.
-	if !cmn.IsASCIIText(info.Moniker) || cmn.ASCIITrim(info.Moniker) == "" {
-		return fmt.Errorf("info.Moniker must be valid non-empty ASCII text without tabs, but got %v", info.Moniker)
-	}
-
-	// Sanitize versions
-	// XXX: Should we be more strict about version and address formats?
-	other := info.Other
-	versions := []string{
-		other.AminoVersion,
-		other.P2PVersion,
-		other.ConsensusVersion,
-		other.RPCVersion}
-	for i, v := range versions {
-		if cmn.ASCIITrim(v) != "" && !cmn.IsASCIIText(v) {
-			return fmt.Errorf("info.Other[%d]=%v must be valid non-empty ASCII text without tabs", i, v)
-		}
-	}
-	if cmn.ASCIITrim(other.TxIndex) != "" && (other.TxIndex != "on" && other.TxIndex != "off") {
-		return fmt.Errorf("info.Other.TxIndex should be either 'on' or 'off', got '%v'", other.TxIndex)
-	}
-	if cmn.ASCIITrim(other.RPCAddress) != "" && !cmn.IsASCIIText(other.RPCAddress) {
-		return fmt.Errorf("info.Other.RPCAddress=%v must be valid non-empty ASCII text without tabs", other.RPCAddress)
-	}
-
 	channels := make(map[byte]struct{})
 	for _, ch := range info.Channels {
 		_, ok := channels[ch]
@@ -124,13 +148,30 @@ func (info DefaultNodeInfo) ValidateBasic() error {
 		channels[ch] = struct{}{}
 	}
 
-	// ensure ListenAddr is good
-	_, err := NewNetAddressString(IDAddressString(info.ID(), info.ListenAddr))
-	return err
+	// Validate Moniker.
+	if !cmn.IsASCIIText(info.Moniker) || cmn.ASCIITrim(info.Moniker) == "" {
+		return fmt.Errorf("info.Moniker must be valid non-empty ASCII text without tabs, but got %v", info.Moniker)
+	}
+
+	// Validate Other.
+	other := info.Other
+	txIndex := other.TxIndex
+	switch txIndex {
+	case "", "on", "off":
+	default:
+		return fmt.Errorf("info.Other.TxIndex should be either 'on', 'off', or empty string, got '%v'", txIndex)
+	}
+	// XXX: Should we be more strict about address formats?
+	rpcAddr := other.RPCAddress
+	if len(rpcAddr) > 0 && (!cmn.IsASCIIText(rpcAddr) || cmn.ASCIITrim(rpcAddr) == "") {
+		return fmt.Errorf("info.Other.RPCAddress=%v must be valid ASCII text without tabs", rpcAddr)
+	}
+
+	return nil
 }
 
 // CompatibleWith checks if two DefaultNodeInfo are compatible with eachother.
-// CONTRACT: two nodes are compatible if the major version matches and network match
+// CONTRACT: two nodes are compatible if the Block version and network match
 // and they have at least one channel in common.
 func (info DefaultNodeInfo) CompatibleWith(other_ NodeInfo) error {
 	other, ok := other_.(DefaultNodeInfo)
@@ -138,22 +179,9 @@ func (info DefaultNodeInfo) CompatibleWith(other_ NodeInfo) error {
 		return fmt.Errorf("wrong NodeInfo type. Expected DefaultNodeInfo, got %v", reflect.TypeOf(other_))
 	}
 
-	iMajor, _, _, iErr := splitVersion(info.Version)
-	oMajor, _, _, oErr := splitVersion(other.Version)
-
-	// if our own version number is not formatted right, we messed up
-	if iErr != nil {
-		return iErr
-	}
-
-	// version number must be formatted correctly ("x.x.x")
-	if oErr != nil {
-		return oErr
-	}
-
-	// major version must match
-	if iMajor != oMajor {
-		return fmt.Errorf("Peer is on a different major version. Got %v, expected %v", oMajor, iMajor)
+	if info.ProtocolVersion.Block != other.ProtocolVersion.Block {
+		return fmt.Errorf("Peer is on a different Block version. Got %v, expected %v",
+			other.ProtocolVersion.Block, info.ProtocolVersion.Block)
 	}
 
 	// nodes must be on the same network
@@ -201,11 +229,3 @@ func (info DefaultNodeInfo) NetAddress() *NetAddress {
 	}
 	return netAddr
 }
-
-func splitVersion(version string) (string, string, string, error) {
-	spl := strings.Split(version, ".")
-	if len(spl) != 3 {
-		return "", "", "", fmt.Errorf("Invalid version format %v", version)
-	}
-	return spl[0], spl[1], spl[2], nil
-}

p2p/node_info_test.go

@@ -0,0 +1,123 @@
+package p2p
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/tendermint/tendermint/crypto/ed25519"
+)
+
+func TestNodeInfoValidate(t *testing.T) {
+
+	// empty fails
+	ni := DefaultNodeInfo{}
+	assert.Error(t, ni.ValidateBasic())
+
+	channels := make([]byte, maxNumChannels)
+	for i := 0; i < maxNumChannels; i++ {
+		channels[i] = byte(i)
+	}
+	dupChannels := make([]byte, 5)
+	copy(dupChannels[:], channels[:5])
+	dupChannels = append(dupChannels, testCh)
+
+	nonAscii := "¢§µ"
+	emptyTab := fmt.Sprintf("\t")
+	emptySpace := fmt.Sprintf("  ")
+
+	testCases := []struct {
+		testName         string
+		malleateNodeInfo func(*DefaultNodeInfo)
+		expectErr        bool
+	}{
+		{"Too Many Channels", func(ni *DefaultNodeInfo) { ni.Channels = append(channels, byte(maxNumChannels)) }, true},
+		{"Duplicate Channel", func(ni *DefaultNodeInfo) { ni.Channels = dupChannels }, true},
+		{"Good Channels", func(ni *DefaultNodeInfo) { ni.Channels = ni.Channels[:5] }, false},
+
+		{"Invalid NetAddress", func(ni *DefaultNodeInfo) { ni.ListenAddr = "not-an-address" }, true},
+		{"Good NetAddress", func(ni *DefaultNodeInfo) { ni.ListenAddr = "0.0.0.0:26656" }, false},
+
+		{"Non-ASCII Version", func(ni *DefaultNodeInfo) { ni.Version = nonAscii }, true},
+		{"Empty tab Version", func(ni *DefaultNodeInfo) { ni.Version = emptyTab }, true},
+		{"Empty space Version", func(ni *DefaultNodeInfo) { ni.Version = emptySpace }, true},
+		{"Empty Version", func(ni *DefaultNodeInfo) { ni.Version = "" }, false},
+
+		{"Non-ASCII Moniker", func(ni *DefaultNodeInfo) { ni.Moniker = nonAscii }, true},
+		{"Empty tab Moniker", func(ni *DefaultNodeInfo) { ni.Moniker = emptyTab }, true},
+		{"Empty space Moniker", func(ni *DefaultNodeInfo) { ni.Moniker = emptySpace }, true},
+		{"Empty Moniker", func(ni *DefaultNodeInfo) { ni.Moniker = "" }, true},
+		{"Good Moniker", func(ni *DefaultNodeInfo) { ni.Moniker = "hey its me" }, false},
+
+		{"Non-ASCII TxIndex", func(ni *DefaultNodeInfo) { ni.Other.TxIndex = nonAscii }, true},
+		{"Empty tab TxIndex", func(ni *DefaultNodeInfo) { ni.Other.TxIndex = emptyTab }, true},
+		{"Empty space TxIndex", func(ni *DefaultNodeInfo) { ni.Other.TxIndex = emptySpace }, true},
+		{"Empty TxIndex", func(ni *DefaultNodeInfo) { ni.Other.TxIndex = "" }, false},
+		{"Off TxIndex", func(ni *DefaultNodeInfo) { ni.Other.TxIndex = "off" }, false},
+
+		{"Non-ASCII RPCAddress", func(ni *DefaultNodeInfo) { ni.Other.RPCAddress = nonAscii }, true},
+		{"Empty tab RPCAddress", func(ni *DefaultNodeInfo) { ni.Other.RPCAddress = emptyTab }, true},
+		{"Empty space RPCAddress", func(ni *DefaultNodeInfo) { ni.Other.RPCAddress = emptySpace }, true},
+		{"Empty RPCAddress", func(ni *DefaultNodeInfo) { ni.Other.RPCAddress = "" }, false},
+		{"Good RPCAddress", func(ni *DefaultNodeInfo) { ni.Other.RPCAddress = "0.0.0.0:26657" }, false},
+	}
+
+	nodeKey := NodeKey{PrivKey: ed25519.GenPrivKey()}
+	name := "testing"
+
+	// test case passes
+	ni = testNodeInfo(nodeKey.ID(), name).(DefaultNodeInfo)
+	ni.Channels = channels
+	assert.NoError(t, ni.ValidateBasic())
+
+	for _, tc := range testCases {
+		ni := testNodeInfo(nodeKey.ID(), name).(DefaultNodeInfo)
+		ni.Channels = channels
+		tc.malleateNodeInfo(&ni)
+		err := ni.ValidateBasic()
+		if tc.expectErr {
+			assert.Error(t, err, tc.testName)
+		} else {
+			assert.NoError(t, err, tc.testName)
+		}
+	}
+
+}
+
+func TestNodeInfoCompatible(t *testing.T) {
+
+	nodeKey1 := NodeKey{PrivKey: ed25519.GenPrivKey()}
+	nodeKey2 := NodeKey{PrivKey: ed25519.GenPrivKey()}
+	name := "testing"
+
+	var newTestChannel byte = 0x2
+
+	// test NodeInfo is compatible
+	ni1 := testNodeInfo(nodeKey1.ID(), name).(DefaultNodeInfo)
+	ni2 := testNodeInfo(nodeKey2.ID(), name).(DefaultNodeInfo)
+	assert.NoError(t, ni1.CompatibleWith(ni2))
+
+	// add another channel; still compatible
+	ni2.Channels = []byte{newTestChannel, testCh}
+	assert.NoError(t, ni1.CompatibleWith(ni2))
+
+	// wrong NodeInfo type is not compatible
+	_, netAddr := CreateRoutableAddr()
+	ni3 := mockNodeInfo{netAddr}
+	assert.Error(t, ni1.CompatibleWith(ni3))
+
+	testCases := []struct {
+		testName         string
+		malleateNodeInfo func(*DefaultNodeInfo)
+	}{
+		{"Wrong block version", func(ni *DefaultNodeInfo) { ni.ProtocolVersion.Block += 1 }},
+		{"Wrong network", func(ni *DefaultNodeInfo) { ni.Network += "-wrong" }},
+		{"No common channels", func(ni *DefaultNodeInfo) { ni.Channels = []byte{newTestChannel} }},
+	}
+
+	for _, tc := range testCases {
+		ni := testNodeInfo(nodeKey2.ID(), name).(DefaultNodeInfo)
+		tc.malleateNodeInfo(&ni)
+		assert.Error(t, ni1.CompatibleWith(ni))
+	}
+}

p2p/peer.go

@@ -26,6 +26,7 @@ type Peer interface {
 
 	NodeInfo() NodeInfo // peer's info
 	Status() tmconn.ConnectionStatus
+	OriginalAddr() *NetAddress
 
 	Send(byte, []byte) bool
 	TrySend(byte, []byte) bool
@@ -43,10 +44,28 @@ type peerConn struct {
 	config     *config.P2PConfig
 	conn       net.Conn // source connection
 
+	originalAddr *NetAddress // nil for inbound connections
+
 	// cached RemoteIP()
 	ip net.IP
 }
 
+func newPeerConn(
+	outbound, persistent bool,
+	config *config.P2PConfig,
+	conn net.Conn,
+	originalAddr *NetAddress,
+) peerConn {
+
+	return peerConn{
+		outbound:     outbound,
+		persistent:   persistent,
+		config:       config,
+		conn:         conn,
+		originalAddr: originalAddr,
+	}
+}
+
 // ID only exists for SecretConnection.
 // NOTE: Will panic if conn is not *SecretConnection.
 func (pc peerConn) ID() ID {
@@ -195,6 +214,15 @@ func (p *peer) NodeInfo() NodeInfo {
 	return p.nodeInfo
 }
 
+// OriginalAddr returns the original address, which was used to connect with
+// the peer. Returns nil for inbound peers.
+func (p *peer) OriginalAddr() *NetAddress {
+	if p.peerConn.outbound {
+		return p.peerConn.originalAddr
+	}
+	return nil
+}
+
 // Status returns the peer's ConnectionStatus.
 func (p *peer) Status() tmconn.ConnectionStatus {
 	return p.mconn.Status()

p2p/peer_set_test.go

@@ -28,6 +28,7 @@ func (mp *mockPeer) IsPersistent() bool                      { return true }
 func (mp *mockPeer) Get(s string) interface{}                { return s }
 func (mp *mockPeer) Set(string, interface{})                 {}
 func (mp *mockPeer) RemoteIP() net.IP                        { return mp.ip }
+func (mp *mockPeer) OriginalAddr() *NetAddress               { return nil }
 
 // Returns a mock peer
 func newMockPeer(ip net.IP) *mockPeer {

p2p/peer_test.go

@@ -114,7 +114,7 @@ func testOutboundPeerConn(
 		return peerConn{}, cmn.ErrorWrap(err, "Error creating peer")
 	}
 
-	pc, err := testPeerConn(conn, config, true, persistent, ourNodePrivKey)
+	pc, err := testPeerConn(conn, config, true, persistent, ourNodePrivKey, addr)
 	if err != nil {
 		if cerr := conn.Close(); cerr != nil {
 			return peerConn{}, cmn.ErrorWrap(err, cerr.Error())
@@ -207,11 +207,12 @@ func (rp *remotePeer) accept(l net.Listener) {
 
 func (rp *remotePeer) nodeInfo(l net.Listener) NodeInfo {
 	return DefaultNodeInfo{
-		ID_:        rp.Addr().ID,
-		Moniker:    "remote_peer",
-		Network:    "testing",
-		Version:    "123.123.123",
-		ListenAddr: l.Addr().String(),
-		Channels:   rp.channels,
+		ProtocolVersion: defaultProtocolVersion,
+		ID_:             rp.Addr().ID,
+		ListenAddr:      l.Addr().String(),
+		Network:         "testing",
+		Version:         "1.2.3-rc0-deadbeef",
+		Channels:        rp.channels,
+		Moniker:         "remote_peer",
 	}
 }

p2p/pex/addrbook.go

@@ -648,6 +648,10 @@ func (a *addrBook) addAddress(addr, src *p2p.NetAddress) error {
 		return ErrAddrBookNonRoutable{addr}
 	}
 
+	if !addr.Valid() {
+		return ErrAddrBookInvalidAddr{addr}
+	}
+
 	// TODO: we should track ourAddrs by ID and by IP:PORT and refuse both.
 	if _, ok := a.ourAddrs[addr.String()]; ok {
 		return ErrAddrBookSelf{addr}

p2p/pex/errors.go

@@ -46,3 +46,11 @@ type ErrAddrBookNilAddr struct {
 func (err ErrAddrBookNilAddr) Error() string {
 	return fmt.Sprintf("Cannot add a nil address. Got (addr, src) = (%v, %v)", err.Addr, err.Src)
 }
+
+type ErrAddrBookInvalidAddr struct {
+	Addr *p2p.NetAddress
+}
+
+func (err ErrAddrBookInvalidAddr) Error() string {
+	return fmt.Sprintf("Cannot add invalid address %v", err.Addr)
+}

p2p/pex/pex_reactor.go

@@ -288,21 +288,37 @@ func (r *PEXReactor) RequestAddrs(p Peer) {
 func (r *PEXReactor) ReceiveAddrs(addrs []*p2p.NetAddress, src Peer) error {
 	id := string(src.ID())
 	if !r.requestsSent.Has(id) {
-		return cmn.NewError("Received unsolicited pexAddrsMessage")
+		return errors.New("Unsolicited pexAddrsMessage")
 	}
 	r.requestsSent.Delete(id)
 
 	srcAddr := src.NodeInfo().NetAddress()
 	for _, netAddr := range addrs {
-		// NOTE: GetSelection methods should never return nil addrs
+		// Validate netAddr. Disconnect from a peer if it sends us invalid data.
 		if netAddr == nil {
-			return cmn.NewError("received nil addr")
+			return errors.New("nil address in pexAddrsMessage")
+		}
+		// TODO: extract validating logic from NewNetAddressStringWithOptionalID
+		// and put it in netAddr#Valid (#2722)
+		na, err := p2p.NewNetAddressString(netAddr.String())
+		if err != nil {
+			return fmt.Errorf("%s address in pexAddrsMessage is invalid: %v",
+				netAddr.String(),
+				err,
+			)
 		}
 
-		err := r.book.AddAddress(netAddr, srcAddr)
-		r.logErrAddrBook(err)
+		// NOTE: we check netAddr validity and routability in book#AddAddress.
+		err = r.book.AddAddress(na, srcAddr)
+		if err != nil {
+			r.logErrAddrBook(err)
+			// XXX: should we be strict about incoming data and disconnect from a
+			// peer here too?
+			continue
+		}
 
-		// If this address came from a seed node, try to connect to it without waiting.
+		// If this address came from a seed node, try to connect to it without
+		// waiting.
 		for _, seedAddr := range r.seedAddrs {
 			if seedAddr.Equals(srcAddr) {
 				r.ensurePeers()
@@ -420,8 +436,13 @@ func (r *PEXReactor) ensurePeers() {
 
 	// If we are not connected to nor dialing anybody, fallback to dialing a seed.
 	if out+in+dial+len(toDial) == 0 {
-		r.Logger.Info("No addresses to dial nor connected peers. Falling back to seeds")
-		r.dialSeeds()
+		r.Logger.Info("No addresses to dial nor connected peers")
+		if len(r.seedAddrs) > 0 {
+			r.Logger.Info("Falling back to seeds")
+			r.dialSeeds()
+		} else {
+			r.Logger.Info("No seeds")
+		}
 	}
 }
 
@@ -511,7 +532,6 @@ func (r *PEXReactor) dialSeeds() {
 		}
 		r.Switch.Logger.Error("Error dialing seed", "err", err, "seed", seedAddr)
 	}
-	r.Switch.Logger.Error("Couldn't connect to any seeds")
 }
 
 // AttemptsToDial returns the number of attempts to dial specific address. It

p2p/pex/pex_reactor_test.go

@@ -402,6 +402,7 @@ func (mockPeer) Send(byte, []byte) bool        { return false }
 func (mockPeer) TrySend(byte, []byte) bool     { return false }
 func (mockPeer) Set(string, interface{})       {}
 func (mockPeer) Get(string) interface{}        { return nil }
+func (mockPeer) OriginalAddr() *p2p.NetAddress { return nil }
 
 func assertPeersWithTimeout(
 	t *testing.T,

p2p/switch.go

@@ -280,9 +280,12 @@ func (sw *Switch) StopPeerForError(peer Peer, reason interface{}) {
 	sw.stopAndRemovePeer(peer, reason)
 
 	if peer.IsPersistent() {
-		// TODO: use the original address dialed, not the self reported one
-		// See #2618.
-		addr := peer.NodeInfo().NetAddress()
+		addr := peer.OriginalAddr()
+		if addr == nil {
+			// FIXME: persistent peers can't be inbound right now.
+			// self-reported address for inbound persistent peers
+			addr = peer.NodeInfo().NetAddress()
+		}
 		go sw.reconnectToPeer(addr)
 	}
 }

p2p/test_util.go

@@ -206,7 +206,7 @@ func testInboundPeerConn(
 	config *config.P2PConfig,
 	ourNodePrivKey crypto.PrivKey,
 ) (peerConn, error) {
-	return testPeerConn(conn, config, false, false, ourNodePrivKey)
+	return testPeerConn(conn, config, false, false, ourNodePrivKey, nil)
 }
 
 func testPeerConn(
@@ -214,6 +214,7 @@ func testPeerConn(
 	cfg *config.P2PConfig,
 	outbound, persistent bool,
 	ourNodePrivKey crypto.PrivKey,
+	originalAddr *NetAddress,
 ) (pc peerConn, err error) {
 	conn := rawConn
 
@@ -231,10 +232,11 @@ func testPeerConn(
 
 	// Only the information we already have
 	return peerConn{
-		config:     cfg,
-		outbound:   outbound,
-		persistent: persistent,
-		conn:       conn,
+		config:       cfg,
+		outbound:     outbound,
+		persistent:   persistent,
+		conn:         conn,
+		originalAddr: originalAddr,
 	}, nil
 }
 
@@ -247,11 +249,16 @@ func testNodeInfo(id ID, name string) NodeInfo {
 
 func testNodeInfoWithNetwork(id ID, name, network string) NodeInfo {
 	return DefaultNodeInfo{
-		ID_:        id,
-		ListenAddr: fmt.Sprintf("127.0.0.1:%d", cmn.RandIntn(64512)+1023),
-		Moniker:    name,
-		Network:    network,
-		Version:    "123.123.123",
-		Channels:   []byte{testCh},
+		ProtocolVersion: defaultProtocolVersion,
+		ID_:             id,
+		ListenAddr:      fmt.Sprintf("127.0.0.1:%d", cmn.RandIntn(64512)+1023),
+		Network:         network,
+		Version:         "1.2.3-rc0-deadbeef",
+		Channels:        []byte{testCh},
+		Moniker:         name,
+		Other: DefaultNodeInfoOther{
+			TxIndex:    "on",
+			RPCAddress: fmt.Sprintf("127.0.0.1:%d", cmn.RandIntn(64512)+1023),
+		},
 	}
 }

p2p/transport.go

@@ -171,7 +171,7 @@ func (mt *MultiplexTransport) Accept(cfg peerConfig) (Peer, error) {
 
 		cfg.outbound = false
 
-		return mt.wrapPeer(a.conn, a.nodeInfo, cfg), nil
+		return mt.wrapPeer(a.conn, a.nodeInfo, cfg, nil), nil
 	case <-mt.closec:
 		return nil, &ErrTransportClosed{}
 	}
@@ -199,7 +199,7 @@ func (mt *MultiplexTransport) Dial(
 
 	cfg.outbound = true
 
-	p := mt.wrapPeer(secretConn, nodeInfo, cfg)
+	p := mt.wrapPeer(secretConn, nodeInfo, cfg, &addr)
 
 	return p, nil
 }
@@ -399,14 +399,19 @@ func (mt *MultiplexTransport) wrapPeer(
 	c net.Conn,
 	ni NodeInfo,
 	cfg peerConfig,
+	dialedAddr *NetAddress,
 ) Peer {
+
+	peerConn := newPeerConn(
+		cfg.outbound,
+		cfg.persistent,
+		&mt.p2pConfig,
+		c,
+		dialedAddr,
+	)
+
 	p := newPeer(
-		peerConn{
-			conn:       c,
-			config:     &mt.p2pConfig,
-			outbound:   cfg.outbound,
-			persistent: cfg.persistent,
-		},
+		peerConn,
 		mt.mConfig,
 		ni,
 		cfg.reactorsByCh,
@@ -441,11 +446,11 @@ func handshake(
 	)
 
 	go func(errc chan<- error, c net.Conn) {
-		_, err := cdc.MarshalBinaryWriter(c, ourNodeInfo)
+		_, err := cdc.MarshalBinaryLengthPrefixedWriter(c, ourNodeInfo)
 		errc <- err
 	}(errc, c)
 	go func(errc chan<- error, c net.Conn) {
-		_, err := cdc.UnmarshalBinaryReader(
+		_, err := cdc.UnmarshalBinaryLengthPrefixedReader(
 			c,
 			&peerNodeInfo,
 			int64(MaxNodeInfoSize()),

p2p/transport_test.go

@@ -516,7 +516,7 @@ func TestTransportHandshake(t *testing.T) {
 		}
 
 		go func(c net.Conn) {
-			_, err := cdc.MarshalBinaryWriter(c, peerNodeInfo.(DefaultNodeInfo))
+			_, err := cdc.MarshalBinaryLengthPrefixedWriter(c, peerNodeInfo.(DefaultNodeInfo))
 			if err != nil {
 				t.Error(err)
 			}
@@ -524,7 +524,7 @@ func TestTransportHandshake(t *testing.T) {
 		go func(c net.Conn) {
 			var ni DefaultNodeInfo
 
-			_, err := cdc.UnmarshalBinaryReader(
+			_, err := cdc.UnmarshalBinaryLengthPrefixedReader(
 				c,
 				&ni,
 				int64(MaxNodeInfoSize()),

p2p/version.go

@@ -1,3 +0,0 @@
-package p2p
-
-const Version = "0.5.0"

privval/ipc.go

@@ -0,0 +1,120 @@
+package privval
+
+import (
+	"net"
+	"time"
+
+	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/tendermint/tendermint/libs/log"
+	"github.com/tendermint/tendermint/types"
+)
+
+// IPCValOption sets an optional parameter on the SocketPV.
+type IPCValOption func(*IPCVal)
+
+// IPCValConnTimeout sets the read and write timeout for connections
+// from external signing processes.
+func IPCValConnTimeout(timeout time.Duration) IPCValOption {
+	return func(sc *IPCVal) { sc.connTimeout = timeout }
+}
+
+// IPCValHeartbeat sets the period on which to check the liveness of the
+// connected Signer connections.
+func IPCValHeartbeat(period time.Duration) IPCValOption {
+	return func(sc *IPCVal) { sc.connHeartbeat = period }
+}
+
+// IPCVal implements PrivValidator, it uses a unix socket to request signatures
+// from an external process.
+type IPCVal struct {
+	cmn.BaseService
+	*RemoteSignerClient
+
+	addr string
+
+	connTimeout   time.Duration
+	connHeartbeat time.Duration
+
+	conn       net.Conn
+	cancelPing chan struct{}
+	pingTicker *time.Ticker
+}
+
+// Check that IPCVal implements PrivValidator.
+var _ types.PrivValidator = (*IPCVal)(nil)
+
+// NewIPCVal returns an instance of IPCVal.
+func NewIPCVal(
+	logger log.Logger,
+	socketAddr string,
+) *IPCVal {
+	sc := &IPCVal{
+		addr:          socketAddr,
+		connTimeout:   connTimeout,
+		connHeartbeat: connHeartbeat,
+	}
+
+	sc.BaseService = *cmn.NewBaseService(logger, "IPCVal", sc)
+
+	return sc
+}
+
+// OnStart implements cmn.Service.
+func (sc *IPCVal) OnStart() error {
+	err := sc.connect()
+	if err != nil {
+		sc.Logger.Error("OnStart", "err", err)
+		return err
+	}
+
+	sc.RemoteSignerClient = NewRemoteSignerClient(sc.conn)
+
+	// Start a routine to keep the connection alive
+	sc.cancelPing = make(chan struct{}, 1)
+	sc.pingTicker = time.NewTicker(sc.connHeartbeat)
+	go func() {
+		for {
+			select {
+			case <-sc.pingTicker.C:
+				err := sc.Ping()
+				if err != nil {
+					sc.Logger.Error("Ping", "err", err)
+				}
+			case <-sc.cancelPing:
+				sc.pingTicker.Stop()
+				return
+			}
+		}
+	}()
+
+	return nil
+}
+
+// OnStop implements cmn.Service.
+func (sc *IPCVal) OnStop() {
+	if sc.cancelPing != nil {
+		close(sc.cancelPing)
+	}
+
+	if sc.conn != nil {
+		if err := sc.conn.Close(); err != nil {
+			sc.Logger.Error("OnStop", "err", err)
+		}
+	}
+}
+
+func (sc *IPCVal) connect() error {
+	la, err := net.ResolveUnixAddr("unix", sc.addr)
+	if err != nil {
+		return err
+	}
+
+	conn, err := net.DialUnix("unix", nil, la)
+	if err != nil {
+		return err
+	}
+
+	sc.conn = newTimeoutConn(conn, sc.connTimeout)
+
+	return nil
+}

privval/ipc_server.go

@@ -0,0 +1,131 @@
+package privval
+
+import (
+	"io"
+	"net"
+	"time"
+
+	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/tendermint/tendermint/libs/log"
+	"github.com/tendermint/tendermint/types"
+)
+
+// IPCRemoteSignerOption sets an optional parameter on the IPCRemoteSigner.
+type IPCRemoteSignerOption func(*IPCRemoteSigner)
+
+// IPCRemoteSignerConnDeadline sets the read and write deadline for connections
+// from external signing processes.
+func IPCRemoteSignerConnDeadline(deadline time.Duration) IPCRemoteSignerOption {
+	return func(ss *IPCRemoteSigner) { ss.connDeadline = deadline }
+}
+
+// IPCRemoteSignerConnRetries sets the amount of attempted retries to connect.
+func IPCRemoteSignerConnRetries(retries int) IPCRemoteSignerOption {
+	return func(ss *IPCRemoteSigner) { ss.connRetries = retries }
+}
+
+// IPCRemoteSigner is a RPC implementation of PrivValidator that listens on a unix socket.
+type IPCRemoteSigner struct {
+	cmn.BaseService
+
+	addr         string
+	chainID      string
+	connDeadline time.Duration
+	connRetries  int
+	privVal      types.PrivValidator
+
+	listener *net.UnixListener
+}
+
+// NewIPCRemoteSigner returns an instance of IPCRemoteSigner.
+func NewIPCRemoteSigner(
+	logger log.Logger,
+	chainID, socketAddr string,
+	privVal types.PrivValidator,
+) *IPCRemoteSigner {
+	rs := &IPCRemoteSigner{
+		addr:         socketAddr,
+		chainID:      chainID,
+		connDeadline: time.Second * defaultConnDeadlineSeconds,
+		connRetries:  defaultDialRetries,
+		privVal:      privVal,
+	}
+
+	rs.BaseService = *cmn.NewBaseService(logger, "IPCRemoteSigner", rs)
+
+	return rs
+}
+
+// OnStart implements cmn.Service.
+func (rs *IPCRemoteSigner) OnStart() error {
+	err := rs.listen()
+	if err != nil {
+		err = cmn.ErrorWrap(err, "listen")
+		rs.Logger.Error("OnStart", "err", err)
+		return err
+	}
+
+	go func() {
+		for {
+			conn, err := rs.listener.AcceptUnix()
+			if err != nil {
+				return
+			}
+			go rs.handleConnection(conn)
+		}
+	}()
+
+	return nil
+}
+
+// OnStop implements cmn.Service.
+func (rs *IPCRemoteSigner) OnStop() {
+	if rs.listener != nil {
+		if err := rs.listener.Close(); err != nil {
+			rs.Logger.Error("OnStop", "err", cmn.ErrorWrap(err, "closing listener failed"))
+		}
+	}
+}
+
+func (rs *IPCRemoteSigner) listen() error {
+	la, err := net.ResolveUnixAddr("unix", rs.addr)
+	if err != nil {
+		return err
+	}
+
+	rs.listener, err = net.ListenUnix("unix", la)
+
+	return err
+}
+
+func (rs *IPCRemoteSigner) handleConnection(conn net.Conn) {
+	for {
+		if !rs.IsRunning() {
+			return // Ignore error from listener closing.
+		}
+
+		// Reset the connection deadline
+		conn.SetDeadline(time.Now().Add(rs.connDeadline))
+
+		req, err := readMsg(conn)
+		if err != nil {
+			if err != io.EOF {
+				rs.Logger.Error("handleConnection", "err", err)
+			}
+			return
+		}
+
+		res, err := handleRequest(req, rs.chainID, rs.privVal)
+
+		if err != nil {
+			// only log the error; we'll reply with an error in res
+			rs.Logger.Error("handleConnection", "err", err)
+		}
+
+		err = writeMsg(conn, res)
+		if err != nil {
+			rs.Logger.Error("handleConnection", "err", err)
+			return
+		}
+	}
+}

privval/ipc_test.go

@@ -0,0 +1,147 @@
+package privval
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/tendermint/tendermint/libs/log"
+	"github.com/tendermint/tendermint/types"
+)
+
+func TestIPCPVVote(t *testing.T) {
+	var (
+		chainID = cmn.RandStr(12)
+		sc, rs  = testSetupIPCSocketPair(t, chainID, types.NewMockPV())
+
+		ts    = time.Now()
+		vType = types.PrecommitType
+		want  = &types.Vote{Timestamp: ts, Type: vType}
+		have  = &types.Vote{Timestamp: ts, Type: vType}
+	)
+	defer sc.Stop()
+	defer rs.Stop()
+
+	require.NoError(t, rs.privVal.SignVote(chainID, want))
+	require.NoError(t, sc.SignVote(chainID, have))
+	assert.Equal(t, want.Signature, have.Signature)
+}
+
+func TestIPCPVVoteResetDeadline(t *testing.T) {
+	var (
+		chainID = cmn.RandStr(12)
+		sc, rs  = testSetupIPCSocketPair(t, chainID, types.NewMockPV())
+
+		ts    = time.Now()
+		vType = types.PrecommitType
+		want  = &types.Vote{Timestamp: ts, Type: vType}
+		have  = &types.Vote{Timestamp: ts, Type: vType}
+	)
+	defer sc.Stop()
+	defer rs.Stop()
+
+	time.Sleep(3 * time.Millisecond)
+
+	require.NoError(t, rs.privVal.SignVote(chainID, want))
+	require.NoError(t, sc.SignVote(chainID, have))
+	assert.Equal(t, want.Signature, have.Signature)
+
+	// This would exceed the deadline if it was not extended by the previous message
+	time.Sleep(3 * time.Millisecond)
+
+	require.NoError(t, rs.privVal.SignVote(chainID, want))
+	require.NoError(t, sc.SignVote(chainID, have))
+	assert.Equal(t, want.Signature, have.Signature)
+}
+
+func TestIPCPVVoteKeepalive(t *testing.T) {
+	var (
+		chainID = cmn.RandStr(12)
+		sc, rs  = testSetupIPCSocketPair(t, chainID, types.NewMockPV())
+
+		ts    = time.Now()
+		vType = types.PrecommitType
+		want  = &types.Vote{Timestamp: ts, Type: vType}
+		have  = &types.Vote{Timestamp: ts, Type: vType}
+	)
+	defer sc.Stop()
+	defer rs.Stop()
+
+	time.Sleep(10 * time.Millisecond)
+
+	require.NoError(t, rs.privVal.SignVote(chainID, want))
+	require.NoError(t, sc.SignVote(chainID, have))
+	assert.Equal(t, want.Signature, have.Signature)
+}
+
+func testSetupIPCSocketPair(
+	t *testing.T,
+	chainID string,
+	privValidator types.PrivValidator,
+) (*IPCVal, *IPCRemoteSigner) {
+	addr, err := testUnixAddr()
+	require.NoError(t, err)
+
+	var (
+		logger  = log.TestingLogger()
+		privVal = privValidator
+		readyc  = make(chan struct{})
+		rs      = NewIPCRemoteSigner(
+			logger,
+			chainID,
+			addr,
+			privVal,
+		)
+		sc = NewIPCVal(
+			logger,
+			addr,
+		)
+	)
+
+	IPCValConnTimeout(5 * time.Millisecond)(sc)
+	IPCValHeartbeat(time.Millisecond)(sc)
+
+	IPCRemoteSignerConnDeadline(time.Millisecond * 5)(rs)
+
+	testStartIPCRemoteSigner(t, readyc, rs)
+
+	<-readyc
+
+	require.NoError(t, sc.Start())
+	assert.True(t, sc.IsRunning())
+
+	return sc, rs
+}
+
+func testStartIPCRemoteSigner(t *testing.T, readyc chan struct{}, rs *IPCRemoteSigner) {
+	go func(rs *IPCRemoteSigner) {
+		require.NoError(t, rs.Start())
+		assert.True(t, rs.IsRunning())
+
+		readyc <- struct{}{}
+	}(rs)
+}
+
+func testUnixAddr() (string, error) {
+	f, err := ioutil.TempFile("/tmp", "nettest")
+	if err != nil {
+		return "", err
+	}
+
+	addr := f.Name()
+	err = f.Close()
+	if err != nil {
+		return "", err
+	}
+	err = os.Remove(addr)
+	if err != nil {
+		return "", err
+	}
+
+	return addr, nil
+}

privval/priv_validator.go

@@ -314,10 +314,10 @@ func (pv *FilePV) String() string {
 // returns true if the only difference in the votes is their timestamp.
 func checkVotesOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) (time.Time, bool) {
 	var lastVote, newVote types.CanonicalVote
-	if err := cdc.UnmarshalBinary(lastSignBytes, &lastVote); err != nil {
+	if err := cdc.UnmarshalBinaryLengthPrefixed(lastSignBytes, &lastVote); err != nil {
 		panic(fmt.Sprintf("LastSignBytes cannot be unmarshalled into vote: %v", err))
 	}
-	if err := cdc.UnmarshalBinary(newSignBytes, &newVote); err != nil {
+	if err := cdc.UnmarshalBinaryLengthPrefixed(newSignBytes, &newVote); err != nil {
 		panic(fmt.Sprintf("signBytes cannot be unmarshalled into vote: %v", err))
 	}
 
@@ -337,10 +337,10 @@ func checkVotesOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) (time.T
 // returns true if the only difference in the proposals is their timestamp
 func checkProposalsOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) (time.Time, bool) {
 	var lastProposal, newProposal types.CanonicalProposal
-	if err := cdc.UnmarshalBinary(lastSignBytes, &lastProposal); err != nil {
+	if err := cdc.UnmarshalBinaryLengthPrefixed(lastSignBytes, &lastProposal); err != nil {
 		panic(fmt.Sprintf("LastSignBytes cannot be unmarshalled into proposal: %v", err))
 	}
-	if err := cdc.UnmarshalBinary(newSignBytes, &newProposal); err != nil {
+	if err := cdc.UnmarshalBinaryLengthPrefixed(newSignBytes, &newProposal); err != nil {
 		panic(fmt.Sprintf("signBytes cannot be unmarshalled into proposal: %v", err))
 	}
 
@@ -349,8 +349,8 @@ func checkProposalsOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) (ti
 	now := tmtime.Now()
 	lastProposal.Timestamp = now
 	newProposal.Timestamp = now
-	lastProposalBytes, _ := cdc.MarshalBinary(lastProposal)
-	newProposalBytes, _ := cdc.MarshalBinary(newProposal)
+	lastProposalBytes, _ := cdc.MarshalBinaryLengthPrefixed(lastProposal)
+	newProposalBytes, _ := cdc.MarshalBinaryLengthPrefixed(newProposal)
 
 	return lastTime, bytes.Equal(newProposalBytes, lastProposalBytes)
 }

privval/priv_validator_test.go

@@ -140,8 +140,8 @@ func TestSignProposal(t *testing.T) {
 	require.Nil(t, err)
 	privVal := GenFilePV(tempFile.Name())
 
-	block1 := types.PartSetHeader{5, []byte{1, 2, 3}}
-	block2 := types.PartSetHeader{10, []byte{3, 2, 1}}
+	block1 := types.BlockID{[]byte{1, 2, 3}, types.PartSetHeader{5, []byte{1, 2, 3}}}
+	block2 := types.BlockID{[]byte{3, 2, 1}, types.PartSetHeader{10, []byte{3, 2, 1}}}
 	height, round := int64(10), 1
 
 	// sign a proposal for first time
@@ -179,7 +179,7 @@ func TestDifferByTimestamp(t *testing.T) {
 	require.Nil(t, err)
 	privVal := GenFilePV(tempFile.Name())
 
-	block1 := types.PartSetHeader{5, []byte{1, 2, 3}}
+	block1 := types.BlockID{[]byte{1, 2, 3}, types.PartSetHeader{5, []byte{1, 2, 3}}}
 	height, round := int64(10), 1
 	chainID := "mychainid"
 
@@ -241,11 +241,11 @@ func newVote(addr types.Address, idx int, height int64, round int, typ byte, blo
 	}
 }
 
-func newProposal(height int64, round int, partsHeader types.PartSetHeader) *types.Proposal {
+func newProposal(height int64, round int, blockID types.BlockID) *types.Proposal {
 	return &types.Proposal{
-		Height:           height,
-		Round:            round,
-		BlockPartsHeader: partsHeader,
-		Timestamp:        tmtime.Now(),
+		Height:    height,
+		Round:     round,
+		BlockID:   blockID,
+		Timestamp: tmtime.Now(),
 	}
 }

privval/remote_signer.go

@@ -0,0 +1,303 @@
+package privval
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"sync"
+
+	"github.com/tendermint/go-amino"
+	"github.com/tendermint/tendermint/crypto"
+	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/tendermint/tendermint/types"
+)
+
+// RemoteSignerClient implements PrivValidator, it uses a socket to request signatures
+// from an external process.
+type RemoteSignerClient struct {
+	conn net.Conn
+	lock sync.Mutex
+}
+
+// Check that RemoteSignerClient implements PrivValidator.
+var _ types.PrivValidator = (*RemoteSignerClient)(nil)
+
+// NewRemoteSignerClient returns an instance of RemoteSignerClient.
+func NewRemoteSignerClient(
+	conn net.Conn,
+) *RemoteSignerClient {
+	sc := &RemoteSignerClient{
+		conn: conn,
+	}
+	return sc
+}
+
+// GetAddress implements PrivValidator.
+func (sc *RemoteSignerClient) GetAddress() types.Address {
+	pubKey, err := sc.getPubKey()
+	if err != nil {
+		panic(err)
+	}
+
+	return pubKey.Address()
+}
+
+// GetPubKey implements PrivValidator.
+func (sc *RemoteSignerClient) GetPubKey() crypto.PubKey {
+	pubKey, err := sc.getPubKey()
+	if err != nil {
+		panic(err)
+	}
+
+	return pubKey
+}
+
+func (sc *RemoteSignerClient) getPubKey() (crypto.PubKey, error) {
+	sc.lock.Lock()
+	defer sc.lock.Unlock()
+
+	err := writeMsg(sc.conn, &PubKeyMsg{})
+	if err != nil {
+		return nil, err
+	}
+
+	res, err := readMsg(sc.conn)
+	if err != nil {
+		return nil, err
+	}
+
+	return res.(*PubKeyMsg).PubKey, nil
+}
+
+// SignVote implements PrivValidator.
+func (sc *RemoteSignerClient) SignVote(chainID string, vote *types.Vote) error {
+	sc.lock.Lock()
+	defer sc.lock.Unlock()
+
+	err := writeMsg(sc.conn, &SignVoteRequest{Vote: vote})
+	if err != nil {
+		return err
+	}
+
+	res, err := readMsg(sc.conn)
+	if err != nil {
+		return err
+	}
+
+	resp, ok := res.(*SignedVoteResponse)
+	if !ok {
+		return ErrUnexpectedResponse
+	}
+	if resp.Error != nil {
+		return resp.Error
+	}
+	*vote = *resp.Vote
+
+	return nil
+}
+
+// SignProposal implements PrivValidator.
+func (sc *RemoteSignerClient) SignProposal(
+	chainID string,
+	proposal *types.Proposal,
+) error {
+	sc.lock.Lock()
+	defer sc.lock.Unlock()
+
+	err := writeMsg(sc.conn, &SignProposalRequest{Proposal: proposal})
+	if err != nil {
+		return err
+	}
+
+	res, err := readMsg(sc.conn)
+	if err != nil {
+		return err
+	}
+	resp, ok := res.(*SignedProposalResponse)
+	if !ok {
+		return ErrUnexpectedResponse
+	}
+	if resp.Error != nil {
+		return resp.Error
+	}
+	*proposal = *resp.Proposal
+
+	return nil
+}
+
+// SignHeartbeat implements PrivValidator.
+func (sc *RemoteSignerClient) SignHeartbeat(
+	chainID string,
+	heartbeat *types.Heartbeat,
+) error {
+	sc.lock.Lock()
+	defer sc.lock.Unlock()
+
+	err := writeMsg(sc.conn, &SignHeartbeatRequest{Heartbeat: heartbeat})
+	if err != nil {
+		return err
+	}
+
+	res, err := readMsg(sc.conn)
+	if err != nil {
+		return err
+	}
+	resp, ok := res.(*SignedHeartbeatResponse)
+	if !ok {
+		return ErrUnexpectedResponse
+	}
+	if resp.Error != nil {
+		return resp.Error
+	}
+	*heartbeat = *resp.Heartbeat
+
+	return nil
+}
+
+// Ping is used to check connection health.
+func (sc *RemoteSignerClient) Ping() error {
+	sc.lock.Lock()
+	defer sc.lock.Unlock()
+
+	err := writeMsg(sc.conn, &PingRequest{})
+	if err != nil {
+		return err
+	}
+
+	res, err := readMsg(sc.conn)
+	if err != nil {
+		return err
+	}
+	_, ok := res.(*PingResponse)
+	if !ok {
+		return ErrUnexpectedResponse
+	}
+
+	return nil
+}
+
+// RemoteSignerMsg is sent between RemoteSigner and the RemoteSigner client.
+type RemoteSignerMsg interface{}
+
+func RegisterRemoteSignerMsg(cdc *amino.Codec) {
+	cdc.RegisterInterface((*RemoteSignerMsg)(nil), nil)
+	cdc.RegisterConcrete(&PubKeyMsg{}, "tendermint/remotesigner/PubKeyMsg", nil)
+	cdc.RegisterConcrete(&SignVoteRequest{}, "tendermint/remotesigner/SignVoteRequest", nil)
+	cdc.RegisterConcrete(&SignedVoteResponse{}, "tendermint/remotesigner/SignedVoteResponse", nil)
+	cdc.RegisterConcrete(&SignProposalRequest{}, "tendermint/remotesigner/SignProposalRequest", nil)
+	cdc.RegisterConcrete(&SignedProposalResponse{}, "tendermint/remotesigner/SignedProposalResponse", nil)
+	cdc.RegisterConcrete(&SignHeartbeatRequest{}, "tendermint/remotesigner/SignHeartbeatRequest", nil)
+	cdc.RegisterConcrete(&SignedHeartbeatResponse{}, "tendermint/remotesigner/SignedHeartbeatResponse", nil)
+	cdc.RegisterConcrete(&PingRequest{}, "tendermint/remotesigner/PingRequest", nil)
+	cdc.RegisterConcrete(&PingResponse{}, "tendermint/remotesigner/PingResponse", nil)
+}
+
+// PubKeyMsg is a PrivValidatorSocket message containing the public key.
+type PubKeyMsg struct {
+	PubKey crypto.PubKey
+}
+
+// SignVoteRequest is a PrivValidatorSocket message containing a vote.
+type SignVoteRequest struct {
+	Vote *types.Vote
+}
+
+// SignedVoteResponse is a PrivValidatorSocket message containing a signed vote along with a potenial error message.
+type SignedVoteResponse struct {
+	Vote  *types.Vote
+	Error *RemoteSignerError
+}
+
+// SignProposalRequest is a PrivValidatorSocket message containing a Proposal.
+type SignProposalRequest struct {
+	Proposal *types.Proposal
+}
+
+type SignedProposalResponse struct {
+	Proposal *types.Proposal
+	Error    *RemoteSignerError
+}
+
+// SignHeartbeatRequest is a PrivValidatorSocket message containing a Heartbeat.
+type SignHeartbeatRequest struct {
+	Heartbeat *types.Heartbeat
+}
+
+type SignedHeartbeatResponse struct {
+	Heartbeat *types.Heartbeat
+	Error     *RemoteSignerError
+}
+
+// PingRequest is a PrivValidatorSocket message to keep the connection alive.
+type PingRequest struct {
+}
+
+type PingResponse struct {
+}
+
+// RemoteSignerError allows (remote) validators to include meaningful error descriptions in their reply.
+type RemoteSignerError struct {
+	// TODO(ismail): create an enum of known errors
+	Code        int
+	Description string
+}
+
+func (e *RemoteSignerError) Error() string {
+	return fmt.Sprintf("RemoteSigner returned error #%d: %s", e.Code, e.Description)
+}
+
+func readMsg(r io.Reader) (msg RemoteSignerMsg, err error) {
+	const maxRemoteSignerMsgSize = 1024 * 10
+	_, err = cdc.UnmarshalBinaryLengthPrefixedReader(r, &msg, maxRemoteSignerMsgSize)
+	if _, ok := err.(timeoutError); ok {
+		err = cmn.ErrorWrap(ErrConnTimeout, err.Error())
+	}
+	return
+}
+
+func writeMsg(w io.Writer, msg interface{}) (err error) {
+	_, err = cdc.MarshalBinaryLengthPrefixedWriter(w, msg)
+	if _, ok := err.(timeoutError); ok {
+		err = cmn.ErrorWrap(ErrConnTimeout, err.Error())
+	}
+	return
+}
+
+func handleRequest(req RemoteSignerMsg, chainID string, privVal types.PrivValidator) (RemoteSignerMsg, error) {
+	var res RemoteSignerMsg
+	var err error
+
+	switch r := req.(type) {
+	case *PubKeyMsg:
+		var p crypto.PubKey
+		p = privVal.GetPubKey()
+		res = &PubKeyMsg{p}
+	case *SignVoteRequest:
+		err = privVal.SignVote(chainID, r.Vote)
+		if err != nil {
+			res = &SignedVoteResponse{nil, &RemoteSignerError{0, err.Error()}}
+		} else {
+			res = &SignedVoteResponse{r.Vote, nil}
+		}
+	case *SignProposalRequest:
+		err = privVal.SignProposal(chainID, r.Proposal)
+		if err != nil {
+			res = &SignedProposalResponse{nil, &RemoteSignerError{0, err.Error()}}
+		} else {
+			res = &SignedProposalResponse{r.Proposal, nil}
+		}
+	case *SignHeartbeatRequest:
+		err = privVal.SignHeartbeat(chainID, r.Heartbeat)
+		if err != nil {
+			res = &SignedHeartbeatResponse{nil, &RemoteSignerError{0, err.Error()}}
+		} else {
+			res = &SignedHeartbeatResponse{r.Heartbeat, nil}
+		}
+	case *PingRequest:
+		res = &PingResponse{}
+	default:
+		err = fmt.Errorf("unknown msg: %v", r)
+	}
+
+	return res, err
+}

privval/socket.go

@@ -1,605 +0,0 @@
-package privval
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"net"
-	"time"
-
-	"github.com/tendermint/go-amino"
-
-	"github.com/tendermint/tendermint/crypto"
-	"github.com/tendermint/tendermint/crypto/ed25519"
-	cmn "github.com/tendermint/tendermint/libs/common"
-	"github.com/tendermint/tendermint/libs/log"
-	p2pconn "github.com/tendermint/tendermint/p2p/conn"
-	"github.com/tendermint/tendermint/types"
-)
-
-const (
-	defaultAcceptDeadlineSeconds = 30 // tendermint waits this long for remote val to connect
-	defaultConnDeadlineSeconds   = 3  // must be set before each read
-	defaultConnHeartBeatSeconds  = 30 // tcp keep-alive period
-	defaultConnWaitSeconds       = 60 // XXX: is this redundant with the accept deadline?
-	defaultDialRetries           = 10 // try to connect to tendermint this many times
-)
-
-// Socket errors.
-var (
-	ErrDialRetryMax       = errors.New("dialed maximum retries")
-	ErrConnWaitTimeout    = errors.New("waited for remote signer for too long")
-	ErrConnTimeout        = errors.New("remote signer timed out")
-	ErrUnexpectedResponse = errors.New("received unexpected response")
-)
-
-// SocketPVOption sets an optional parameter on the SocketPV.
-type SocketPVOption func(*SocketPV)
-
-// SocketPVAcceptDeadline sets the deadline for the SocketPV listener.
-// A zero time value disables the deadline.
-func SocketPVAcceptDeadline(deadline time.Duration) SocketPVOption {
-	return func(sc *SocketPV) { sc.acceptDeadline = deadline }
-}
-
-// SocketPVConnDeadline sets the read and write deadline for connections
-// from external signing processes.
-func SocketPVConnDeadline(deadline time.Duration) SocketPVOption {
-	return func(sc *SocketPV) { sc.connDeadline = deadline }
-}
-
-// SocketPVHeartbeat sets the period on which to check the liveness of the
-// connected Signer connections.
-func SocketPVHeartbeat(period time.Duration) SocketPVOption {
-	return func(sc *SocketPV) { sc.connHeartbeat = period }
-}
-
-// SocketPVConnWait sets the timeout duration before connection of external
-// signing processes are considered to be unsuccessful.
-func SocketPVConnWait(timeout time.Duration) SocketPVOption {
-	return func(sc *SocketPV) { sc.connWaitTimeout = timeout }
-}
-
-// SocketPV implements PrivValidator, it uses a socket to request signatures
-// from an external process.
-type SocketPV struct {
-	cmn.BaseService
-
-	addr            string
-	acceptDeadline  time.Duration
-	connDeadline    time.Duration
-	connHeartbeat   time.Duration
-	connWaitTimeout time.Duration
-	privKey         ed25519.PrivKeyEd25519
-
-	conn     net.Conn
-	listener net.Listener
-}
-
-// Check that SocketPV implements PrivValidator.
-var _ types.PrivValidator = (*SocketPV)(nil)
-
-// NewSocketPV returns an instance of SocketPV.
-func NewSocketPV(
-	logger log.Logger,
-	socketAddr string,
-	privKey ed25519.PrivKeyEd25519,
-) *SocketPV {
-	sc := &SocketPV{
-		addr:            socketAddr,
-		acceptDeadline:  time.Second * defaultAcceptDeadlineSeconds,
-		connDeadline:    time.Second * defaultConnDeadlineSeconds,
-		connHeartbeat:   time.Second * defaultConnHeartBeatSeconds,
-		connWaitTimeout: time.Second * defaultConnWaitSeconds,
-		privKey:         privKey,
-	}
-
-	sc.BaseService = *cmn.NewBaseService(logger, "SocketPV", sc)
-
-	return sc
-}
-
-// GetAddress implements PrivValidator.
-func (sc *SocketPV) GetAddress() types.Address {
-	addr, err := sc.getAddress()
-	if err != nil {
-		panic(err)
-	}
-
-	return addr
-}
-
-// Address is an alias for PubKey().Address().
-func (sc *SocketPV) getAddress() (cmn.HexBytes, error) {
-	p, err := sc.getPubKey()
-	if err != nil {
-		return nil, err
-	}
-
-	return p.Address(), nil
-}
-
-// GetPubKey implements PrivValidator.
-func (sc *SocketPV) GetPubKey() crypto.PubKey {
-	pubKey, err := sc.getPubKey()
-	if err != nil {
-		panic(err)
-	}
-
-	return pubKey
-}
-
-func (sc *SocketPV) getPubKey() (crypto.PubKey, error) {
-	err := writeMsg(sc.conn, &PubKeyMsg{})
-	if err != nil {
-		return nil, err
-	}
-
-	res, err := readMsg(sc.conn)
-	if err != nil {
-		return nil, err
-	}
-
-	return res.(*PubKeyMsg).PubKey, nil
-}
-
-// SignVote implements PrivValidator.
-func (sc *SocketPV) SignVote(chainID string, vote *types.Vote) error {
-	err := writeMsg(sc.conn, &SignVoteRequest{Vote: vote})
-	if err != nil {
-		return err
-	}
-
-	res, err := readMsg(sc.conn)
-	if err != nil {
-		return err
-	}
-
-	resp, ok := res.(*SignedVoteResponse)
-	if !ok {
-		return ErrUnexpectedResponse
-	}
-	if resp.Error != nil {
-		return fmt.Errorf("remote error occurred: code: %v, description: %s",
-			resp.Error.Code,
-			resp.Error.Description)
-	}
-	*vote = *resp.Vote
-
-	return nil
-}
-
-// SignProposal implements PrivValidator.
-func (sc *SocketPV) SignProposal(
-	chainID string,
-	proposal *types.Proposal,
-) error {
-	err := writeMsg(sc.conn, &SignProposalRequest{Proposal: proposal})
-	if err != nil {
-		return err
-	}
-
-	res, err := readMsg(sc.conn)
-	if err != nil {
-		return err
-	}
-	resp, ok := res.(*SignedProposalResponse)
-	if !ok {
-		return ErrUnexpectedResponse
-	}
-	if resp.Error != nil {
-		return fmt.Errorf("remote error occurred: code: %v, description: %s",
-			resp.Error.Code,
-			resp.Error.Description)
-	}
-	*proposal = *resp.Proposal
-
-	return nil
-}
-
-// SignHeartbeat implements PrivValidator.
-func (sc *SocketPV) SignHeartbeat(
-	chainID string,
-	heartbeat *types.Heartbeat,
-) error {
-	err := writeMsg(sc.conn, &SignHeartbeatRequest{Heartbeat: heartbeat})
-	if err != nil {
-		return err
-	}
-
-	res, err := readMsg(sc.conn)
-	if err != nil {
-		return err
-	}
-	resp, ok := res.(*SignedHeartbeatResponse)
-	if !ok {
-		return ErrUnexpectedResponse
-	}
-	if resp.Error != nil {
-		return fmt.Errorf("remote error occurred: code: %v, description: %s",
-			resp.Error.Code,
-			resp.Error.Description)
-	}
-	*heartbeat = *resp.Heartbeat
-
-	return nil
-}
-
-// OnStart implements cmn.Service.
-func (sc *SocketPV) OnStart() error {
-	if err := sc.listen(); err != nil {
-		err = cmn.ErrorWrap(err, "failed to listen")
-		sc.Logger.Error(
-			"OnStart",
-			"err", err,
-		)
-		return err
-	}
-
-	conn, err := sc.waitConnection()
-	if err != nil {
-		err = cmn.ErrorWrap(err, "failed to accept connection")
-		sc.Logger.Error(
-			"OnStart",
-			"err", err,
-		)
-
-		return err
-	}
-
-	sc.conn = conn
-
-	return nil
-}
-
-// OnStop implements cmn.Service.
-func (sc *SocketPV) OnStop() {
-	if sc.conn != nil {
-		if err := sc.conn.Close(); err != nil {
-			err = cmn.ErrorWrap(err, "failed to close connection")
-			sc.Logger.Error(
-				"OnStop",
-				"err", err,
-			)
-		}
-	}
-
-	if sc.listener != nil {
-		if err := sc.listener.Close(); err != nil {
-			err = cmn.ErrorWrap(err, "failed to close listener")
-			sc.Logger.Error(
-				"OnStop",
-				"err", err,
-			)
-		}
-	}
-}
-
-func (sc *SocketPV) acceptConnection() (net.Conn, error) {
-	conn, err := sc.listener.Accept()
-	if err != nil {
-		if !sc.IsRunning() {
-			return nil, nil // Ignore error from listener closing.
-		}
-		return nil, err
-
-	}
-
-	conn, err = p2pconn.MakeSecretConnection(conn, sc.privKey)
-	if err != nil {
-		return nil, err
-	}
-
-	return conn, nil
-}
-
-func (sc *SocketPV) listen() error {
-	ln, err := net.Listen(cmn.ProtocolAndAddress(sc.addr))
-	if err != nil {
-		return err
-	}
-
-	sc.listener = newTCPTimeoutListener(
-		ln,
-		sc.acceptDeadline,
-		sc.connDeadline,
-		sc.connHeartbeat,
-	)
-
-	return nil
-}
-
-// waitConnection uses the configured wait timeout to error if no external
-// process connects in the time period.
-func (sc *SocketPV) waitConnection() (net.Conn, error) {
-	var (
-		connc = make(chan net.Conn, 1)
-		errc  = make(chan error, 1)
-	)
-
-	go func(connc chan<- net.Conn, errc chan<- error) {
-		conn, err := sc.acceptConnection()
-		if err != nil {
-			errc <- err
-			return
-		}
-
-		connc <- conn
-	}(connc, errc)
-
-	select {
-	case conn := <-connc:
-		return conn, nil
-	case err := <-errc:
-		if _, ok := err.(timeoutError); ok {
-			return nil, cmn.ErrorWrap(ErrConnWaitTimeout, err.Error())
-		}
-		return nil, err
-	case <-time.After(sc.connWaitTimeout):
-		return nil, ErrConnWaitTimeout
-	}
-}
-
-//---------------------------------------------------------
-
-// RemoteSignerOption sets an optional parameter on the RemoteSigner.
-type RemoteSignerOption func(*RemoteSigner)
-
-// RemoteSignerConnDeadline sets the read and write deadline for connections
-// from external signing processes.
-func RemoteSignerConnDeadline(deadline time.Duration) RemoteSignerOption {
-	return func(ss *RemoteSigner) { ss.connDeadline = deadline }
-}
-
-// RemoteSignerConnRetries sets the amount of attempted retries to connect.
-func RemoteSignerConnRetries(retries int) RemoteSignerOption {
-	return func(ss *RemoteSigner) { ss.connRetries = retries }
-}
-
-// RemoteSigner implements PrivValidator by dialing to a socket.
-type RemoteSigner struct {
-	cmn.BaseService
-
-	addr         string
-	chainID      string
-	connDeadline time.Duration
-	connRetries  int
-	privKey      ed25519.PrivKeyEd25519
-	privVal      types.PrivValidator
-
-	conn net.Conn
-}
-
-// NewRemoteSigner returns an instance of RemoteSigner.
-func NewRemoteSigner(
-	logger log.Logger,
-	chainID, socketAddr string,
-	privVal types.PrivValidator,
-	privKey ed25519.PrivKeyEd25519,
-) *RemoteSigner {
-	rs := &RemoteSigner{
-		addr:         socketAddr,
-		chainID:      chainID,
-		connDeadline: time.Second * defaultConnDeadlineSeconds,
-		connRetries:  defaultDialRetries,
-		privKey:      privKey,
-		privVal:      privVal,
-	}
-
-	rs.BaseService = *cmn.NewBaseService(logger, "RemoteSigner", rs)
-
-	return rs
-}
-
-// OnStart implements cmn.Service.
-func (rs *RemoteSigner) OnStart() error {
-	conn, err := rs.connect()
-	if err != nil {
-		err = cmn.ErrorWrap(err, "connect")
-		rs.Logger.Error("OnStart", "err", err)
-		return err
-	}
-
-	go rs.handleConnection(conn)
-
-	return nil
-}
-
-// OnStop implements cmn.Service.
-func (rs *RemoteSigner) OnStop() {
-	if rs.conn == nil {
-		return
-	}
-
-	if err := rs.conn.Close(); err != nil {
-		rs.Logger.Error("OnStop", "err", cmn.ErrorWrap(err, "closing listener failed"))
-	}
-}
-
-func (rs *RemoteSigner) connect() (net.Conn, error) {
-	for retries := rs.connRetries; retries > 0; retries-- {
-		// Don't sleep if it is the first retry.
-		if retries != rs.connRetries {
-			time.Sleep(rs.connDeadline)
-		}
-
-		conn, err := cmn.Connect(rs.addr)
-		if err != nil {
-			err = cmn.ErrorWrap(err, "connection failed")
-			rs.Logger.Error(
-				"connect",
-				"addr", rs.addr,
-				"err", err,
-			)
-
-			continue
-		}
-
-		if err := conn.SetDeadline(time.Now().Add(time.Second * defaultConnDeadlineSeconds)); err != nil {
-			err = cmn.ErrorWrap(err, "setting connection timeout failed")
-			rs.Logger.Error(
-				"connect",
-				"err", err,
-			)
-			continue
-		}
-
-		conn, err = p2pconn.MakeSecretConnection(conn, rs.privKey)
-		if err != nil {
-			err = cmn.ErrorWrap(err, "encrypting connection failed")
-			rs.Logger.Error(
-				"connect",
-				"err", err,
-			)
-
-			continue
-		}
-
-		return conn, nil
-	}
-
-	return nil, ErrDialRetryMax
-}
-
-func (rs *RemoteSigner) handleConnection(conn net.Conn) {
-	for {
-		if !rs.IsRunning() {
-			return // Ignore error from listener closing.
-		}
-
-		req, err := readMsg(conn)
-		if err != nil {
-			if err != io.EOF {
-				rs.Logger.Error("handleConnection", "err", err)
-			}
-			return
-		}
-
-		var res SocketPVMsg
-
-		switch r := req.(type) {
-		case *PubKeyMsg:
-			var p crypto.PubKey
-			p = rs.privVal.GetPubKey()
-			res = &PubKeyMsg{p}
-		case *SignVoteRequest:
-			err = rs.privVal.SignVote(rs.chainID, r.Vote)
-			if err != nil {
-				res = &SignedVoteResponse{nil, &RemoteSignerError{0, err.Error()}}
-			} else {
-				res = &SignedVoteResponse{r.Vote, nil}
-			}
-		case *SignProposalRequest:
-			err = rs.privVal.SignProposal(rs.chainID, r.Proposal)
-			if err != nil {
-				res = &SignedProposalResponse{nil, &RemoteSignerError{0, err.Error()}}
-			} else {
-				res = &SignedProposalResponse{r.Proposal, nil}
-			}
-		case *SignHeartbeatRequest:
-			err = rs.privVal.SignHeartbeat(rs.chainID, r.Heartbeat)
-			if err != nil {
-				res = &SignedHeartbeatResponse{nil, &RemoteSignerError{0, err.Error()}}
-			} else {
-				res = &SignedHeartbeatResponse{r.Heartbeat, nil}
-			}
-		default:
-			err = fmt.Errorf("unknown msg: %v", r)
-		}
-
-		if err != nil {
-			// only log the error; we'll reply with an error in res
-			rs.Logger.Error("handleConnection", "err", err)
-		}
-
-		err = writeMsg(conn, res)
-		if err != nil {
-			rs.Logger.Error("handleConnection", "err", err)
-			return
-		}
-	}
-}
-
-//---------------------------------------------------------
-
-// SocketPVMsg is sent between RemoteSigner and SocketPV.
-type SocketPVMsg interface{}
-
-func RegisterSocketPVMsg(cdc *amino.Codec) {
-	cdc.RegisterInterface((*SocketPVMsg)(nil), nil)
-	cdc.RegisterConcrete(&PubKeyMsg{}, "tendermint/socketpv/PubKeyMsg", nil)
-	cdc.RegisterConcrete(&SignVoteRequest{}, "tendermint/socketpv/SignVoteRequest", nil)
-	cdc.RegisterConcrete(&SignedVoteResponse{}, "tendermint/socketpv/SignedVoteResponse", nil)
-	cdc.RegisterConcrete(&SignProposalRequest{}, "tendermint/socketpv/SignProposalRequest", nil)
-	cdc.RegisterConcrete(&SignedProposalResponse{}, "tendermint/socketpv/SignedProposalResponse", nil)
-	cdc.RegisterConcrete(&SignHeartbeatRequest{}, "tendermint/socketpv/SignHeartbeatRequest", nil)
-	cdc.RegisterConcrete(&SignedHeartbeatResponse{}, "tendermint/socketpv/SignedHeartbeatResponse", nil)
-}
-
-// PubKeyMsg is a PrivValidatorSocket message containing the public key.
-type PubKeyMsg struct {
-	PubKey crypto.PubKey
-}
-
-// SignVoteRequest is a PrivValidatorSocket message containing a vote.
-type SignVoteRequest struct {
-	Vote *types.Vote
-}
-
-// SignedVoteResponse is a PrivValidatorSocket message containing a signed vote along with a potenial error message.
-type SignedVoteResponse struct {
-	Vote  *types.Vote
-	Error *RemoteSignerError
-}
-
-// SignProposalRequest is a PrivValidatorSocket message containing a Proposal.
-type SignProposalRequest struct {
-	Proposal *types.Proposal
-}
-
-type SignedProposalResponse struct {
-	Proposal *types.Proposal
-	Error    *RemoteSignerError
-}
-
-// SignHeartbeatRequest is a PrivValidatorSocket message containing a Heartbeat.
-type SignHeartbeatRequest struct {
-	Heartbeat *types.Heartbeat
-}
-
-type SignedHeartbeatResponse struct {
-	Heartbeat *types.Heartbeat
-	Error     *RemoteSignerError
-}
-
-// RemoteSignerError allows (remote) validators to include meaningful error descriptions in their reply.
-type RemoteSignerError struct {
-	// TODO(ismail): create an enum of known errors
-	Code        int
-	Description string
-}
-
-func readMsg(r io.Reader) (msg SocketPVMsg, err error) {
-	const maxSocketPVMsgSize = 1024 * 10
-
-	// set deadline before trying to read
-	conn := r.(net.Conn)
-	if err := conn.SetDeadline(time.Now().Add(time.Second * defaultConnDeadlineSeconds)); err != nil {
-		err = cmn.ErrorWrap(err, "setting connection timeout failed in readMsg")
-		return msg, err
-	}
-
-	_, err = cdc.UnmarshalBinaryReader(r, &msg, maxSocketPVMsgSize)
-	if _, ok := err.(timeoutError); ok {
-		err = cmn.ErrorWrap(ErrConnTimeout, err.Error())
-	}
-	return
-}
-
-func writeMsg(w io.Writer, msg interface{}) (err error) {
-	_, err = cdc.MarshalBinaryWriter(w, msg)
-	if _, ok := err.(timeoutError); ok {
-		err = cmn.ErrorWrap(ErrConnTimeout, err.Error())
-	}
-	return
-}

privval/tcp.go

@@ -0,0 +1,214 @@
+package privval
+
+import (
+	"errors"
+	"net"
+	"time"
+
+	"github.com/tendermint/tendermint/crypto/ed25519"
+	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/tendermint/tendermint/libs/log"
+	p2pconn "github.com/tendermint/tendermint/p2p/conn"
+	"github.com/tendermint/tendermint/types"
+)
+
+const (
+	defaultAcceptDeadlineSeconds = 3
+	defaultConnDeadlineSeconds   = 3
+	defaultConnHeartBeatSeconds  = 2
+	defaultDialRetries           = 10
+)
+
+// Socket errors.
+var (
+	ErrDialRetryMax       = errors.New("dialed maximum retries")
+	ErrConnTimeout        = errors.New("remote signer timed out")
+	ErrUnexpectedResponse = errors.New("received unexpected response")
+)
+
+var (
+	acceptDeadline = time.Second * defaultAcceptDeadlineSeconds
+	connTimeout    = time.Second * defaultConnDeadlineSeconds
+	connHeartbeat  = time.Second * defaultConnHeartBeatSeconds
+)
+
+// TCPValOption sets an optional parameter on the SocketPV.
+type TCPValOption func(*TCPVal)
+
+// TCPValAcceptDeadline sets the deadline for the TCPVal listener.
+// A zero time value disables the deadline.
+func TCPValAcceptDeadline(deadline time.Duration) TCPValOption {
+	return func(sc *TCPVal) { sc.acceptDeadline = deadline }
+}
+
+// TCPValConnTimeout sets the read and write timeout for connections
+// from external signing processes.
+func TCPValConnTimeout(timeout time.Duration) TCPValOption {
+	return func(sc *TCPVal) { sc.connTimeout = timeout }
+}
+
+// TCPValHeartbeat sets the period on which to check the liveness of the
+// connected Signer connections.
+func TCPValHeartbeat(period time.Duration) TCPValOption {
+	return func(sc *TCPVal) { sc.connHeartbeat = period }
+}
+
+// TCPVal implements PrivValidator, it uses a socket to request signatures
+// from an external process.
+type TCPVal struct {
+	cmn.BaseService
+	*RemoteSignerClient
+
+	addr           string
+	acceptDeadline time.Duration
+	connTimeout    time.Duration
+	connHeartbeat  time.Duration
+	privKey        ed25519.PrivKeyEd25519
+
+	conn       net.Conn
+	listener   net.Listener
+	cancelPing chan struct{}
+	pingTicker *time.Ticker
+}
+
+// Check that TCPVal implements PrivValidator.
+var _ types.PrivValidator = (*TCPVal)(nil)
+
+// NewTCPVal returns an instance of TCPVal.
+func NewTCPVal(
+	logger log.Logger,
+	socketAddr string,
+	privKey ed25519.PrivKeyEd25519,
+) *TCPVal {
+	sc := &TCPVal{
+		addr:           socketAddr,
+		acceptDeadline: acceptDeadline,
+		connTimeout:    connTimeout,
+		connHeartbeat:  connHeartbeat,
+		privKey:        privKey,
+	}
+
+	sc.BaseService = *cmn.NewBaseService(logger, "TCPVal", sc)
+
+	return sc
+}
+
+// OnStart implements cmn.Service.
+func (sc *TCPVal) OnStart() error {
+	if err := sc.listen(); err != nil {
+		sc.Logger.Error("OnStart", "err", err)
+		return err
+	}
+
+	conn, err := sc.waitConnection()
+	if err != nil {
+		sc.Logger.Error("OnStart", "err", err)
+		return err
+	}
+
+	sc.conn = conn
+
+	sc.RemoteSignerClient = NewRemoteSignerClient(sc.conn)
+
+	// Start a routine to keep the connection alive
+	sc.cancelPing = make(chan struct{}, 1)
+	sc.pingTicker = time.NewTicker(sc.connHeartbeat)
+	go func() {
+		for {
+			select {
+			case <-sc.pingTicker.C:
+				err := sc.Ping()
+				if err != nil {
+					sc.Logger.Error(
+						"Ping",
+						"err", err,
+					)
+				}
+			case <-sc.cancelPing:
+				sc.pingTicker.Stop()
+				return
+			}
+		}
+	}()
+
+	return nil
+}
+
+// OnStop implements cmn.Service.
+func (sc *TCPVal) OnStop() {
+	if sc.cancelPing != nil {
+		close(sc.cancelPing)
+	}
+
+	if sc.conn != nil {
+		if err := sc.conn.Close(); err != nil {
+			sc.Logger.Error("OnStop", "err", err)
+		}
+	}
+
+	if sc.listener != nil {
+		if err := sc.listener.Close(); err != nil {
+			sc.Logger.Error("OnStop", "err", err)
+		}
+	}
+}
+
+func (sc *TCPVal) acceptConnection() (net.Conn, error) {
+	conn, err := sc.listener.Accept()
+	if err != nil {
+		if !sc.IsRunning() {
+			return nil, nil // Ignore error from listener closing.
+		}
+		return nil, err
+
+	}
+
+	conn, err = p2pconn.MakeSecretConnection(conn, sc.privKey)
+	if err != nil {
+		return nil, err
+	}
+
+	return conn, nil
+}
+
+func (sc *TCPVal) listen() error {
+	ln, err := net.Listen(cmn.ProtocolAndAddress(sc.addr))
+	if err != nil {
+		return err
+	}
+
+	sc.listener = newTCPTimeoutListener(
+		ln,
+		sc.acceptDeadline,
+		sc.connTimeout,
+		sc.connHeartbeat,
+	)
+
+	return nil
+}
+
+// waitConnection uses the configured wait timeout to error if no external
+// process connects in the time period.
+func (sc *TCPVal) waitConnection() (net.Conn, error) {
+	var (
+		connc = make(chan net.Conn, 1)
+		errc  = make(chan error, 1)
+	)
+
+	go func(connc chan<- net.Conn, errc chan<- error) {
+		conn, err := sc.acceptConnection()
+		if err != nil {
+			errc <- err
+			return
+		}
+
+		connc <- conn
+	}(connc, errc)
+
+	select {
+	case conn := <-connc:
+		return conn, nil
+	case err := <-errc:
+		return nil, err
+	}
+}

privval/tcp_server.go

@@ -0,0 +1,160 @@
+package privval
+
+import (
+	"io"
+	"net"
+	"time"
+
+	"github.com/tendermint/tendermint/crypto/ed25519"
+	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/tendermint/tendermint/libs/log"
+	p2pconn "github.com/tendermint/tendermint/p2p/conn"
+	"github.com/tendermint/tendermint/types"
+)
+
+// RemoteSignerOption sets an optional parameter on the RemoteSigner.
+type RemoteSignerOption func(*RemoteSigner)
+
+// RemoteSignerConnDeadline sets the read and write deadline for connections
+// from external signing processes.
+func RemoteSignerConnDeadline(deadline time.Duration) RemoteSignerOption {
+	return func(ss *RemoteSigner) { ss.connDeadline = deadline }
+}
+
+// RemoteSignerConnRetries sets the amount of attempted retries to connect.
+func RemoteSignerConnRetries(retries int) RemoteSignerOption {
+	return func(ss *RemoteSigner) { ss.connRetries = retries }
+}
+
+// RemoteSigner implements PrivValidator by dialing to a socket.
+type RemoteSigner struct {
+	cmn.BaseService
+
+	addr         string
+	chainID      string
+	connDeadline time.Duration
+	connRetries  int
+	privKey      ed25519.PrivKeyEd25519
+	privVal      types.PrivValidator
+
+	conn net.Conn
+}
+
+// NewRemoteSigner returns an instance of RemoteSigner.
+func NewRemoteSigner(
+	logger log.Logger,
+	chainID, socketAddr string,
+	privVal types.PrivValidator,
+	privKey ed25519.PrivKeyEd25519,
+) *RemoteSigner {
+	rs := &RemoteSigner{
+		addr:         socketAddr,
+		chainID:      chainID,
+		connDeadline: time.Second * defaultConnDeadlineSeconds,
+		connRetries:  defaultDialRetries,
+		privKey:      privKey,
+		privVal:      privVal,
+	}
+
+	rs.BaseService = *cmn.NewBaseService(logger, "RemoteSigner", rs)
+
+	return rs
+}
+
+// OnStart implements cmn.Service.
+func (rs *RemoteSigner) OnStart() error {
+	conn, err := rs.connect()
+	if err != nil {
+		rs.Logger.Error("OnStart", "err", err)
+		return err
+	}
+
+	go rs.handleConnection(conn)
+
+	return nil
+}
+
+// OnStop implements cmn.Service.
+func (rs *RemoteSigner) OnStop() {
+	if rs.conn == nil {
+		return
+	}
+
+	if err := rs.conn.Close(); err != nil {
+		rs.Logger.Error("OnStop", "err", cmn.ErrorWrap(err, "closing listener failed"))
+	}
+}
+
+func (rs *RemoteSigner) connect() (net.Conn, error) {
+	for retries := rs.connRetries; retries > 0; retries-- {
+		// Don't sleep if it is the first retry.
+		if retries != rs.connRetries {
+			time.Sleep(rs.connDeadline)
+		}
+
+		conn, err := cmn.Connect(rs.addr)
+		if err != nil {
+			rs.Logger.Error(
+				"connect",
+				"addr", rs.addr,
+				"err", err,
+			)
+
+			continue
+		}
+
+		if err := conn.SetDeadline(time.Now().Add(connTimeout)); err != nil {
+			rs.Logger.Error(
+				"connect",
+				"err", err,
+			)
+			continue
+		}
+
+		conn, err = p2pconn.MakeSecretConnection(conn, rs.privKey)
+		if err != nil {
+			rs.Logger.Error(
+				"connect",
+				"err", err,
+			)
+
+			continue
+		}
+
+		return conn, nil
+	}
+
+	return nil, ErrDialRetryMax
+}
+
+func (rs *RemoteSigner) handleConnection(conn net.Conn) {
+	for {
+		if !rs.IsRunning() {
+			return // Ignore error from listener closing.
+		}
+
+		// Reset the connection deadline
+		conn.SetDeadline(time.Now().Add(rs.connDeadline))
+
+		req, err := readMsg(conn)
+		if err != nil {
+			if err != io.EOF {
+				rs.Logger.Error("handleConnection", "err", err)
+			}
+			return
+		}
+
+		res, err := handleRequest(req, rs.chainID, rs.privVal)
+
+		if err != nil {
+			// only log the error; we'll reply with an error in res
+			rs.Logger.Error("handleConnection", "err", err)
+		}
+
+		err = writeMsg(conn, res)
+		if err != nil {
+			rs.Logger.Error("handleConnection", "err", err)
+			return
+		}
+	}
+}

privval/tcp_socket.go

@@ -24,6 +24,13 @@ type tcpTimeoutListener struct {
 	period         time.Duration
 }
 
+// timeoutConn wraps a net.Conn to standardise protocol timeouts / deadline resets.
+type timeoutConn struct {
+	net.Conn
+
+	connDeadline time.Duration
+}
+
 // newTCPTimeoutListener returns an instance of tcpTimeoutListener.
 func newTCPTimeoutListener(
 	ln net.Listener,
@@ -38,6 +45,16 @@ func newTCPTimeoutListener(
 	}
 }
 
+// newTimeoutConn returns an instance of newTCPTimeoutConn.
+func newTimeoutConn(
+	conn net.Conn,
+	connDeadline time.Duration) *timeoutConn {
+	return &timeoutConn{
+		conn,
+		connDeadline,
+	}
+}
+
 // Accept implements net.Listener.
 func (ln tcpTimeoutListener) Accept() (net.Conn, error) {
 	err := ln.SetDeadline(time.Now().Add(ln.acceptDeadline))
@@ -50,17 +67,24 @@ func (ln tcpTimeoutListener) Accept() (net.Conn, error) {
 		return nil, err
 	}
 
-	if err := tc.SetDeadline(time.Now().Add(ln.connDeadline)); err != nil {
-		return nil, err
-	}
+	// Wrap the conn in our timeout wrapper
+	conn := newTimeoutConn(tc, ln.connDeadline)
 
-	if err := tc.SetKeepAlive(true); err != nil {
-		return nil, err
-	}
-
-	if err := tc.SetKeepAlivePeriod(ln.period); err != nil {
-		return nil, err
-	}
-
-	return tc, nil
+	return conn, nil
+}
+
+// Read implements net.Listener.
+func (c timeoutConn) Read(b []byte) (n int, err error) {
+	// Reset deadline
+	c.Conn.SetReadDeadline(time.Now().Add(c.connDeadline))
+
+	return c.Conn.Read(b)
+}
+
+// Write implements net.Listener.
+func (c timeoutConn) Write(b []byte) (n int, err error) {
+	// Reset deadline
+	c.Conn.SetWriteDeadline(time.Now().Add(c.connDeadline))
+
+	return c.Conn.Write(b)
 }

privval/tcp_socket_test.go

@@ -44,13 +44,14 @@ func TestTCPTimeoutListenerConnDeadline(t *testing.T) {
 
 		time.Sleep(2 * time.Millisecond)
 
-		_, err = c.Write([]byte("foo"))
+		msg := make([]byte, 200)
+		_, err = c.Read(msg)
 		opErr, ok := err.(*net.OpError)
 		if !ok {
 			t.Fatalf("have %v, want *net.OpError", err)
 		}
 
-		if have, want := opErr.Op, "write"; have != want {
+		if have, want := opErr.Op, "read"; have != want {
 			t.Errorf("have %v, want %v", have, want)
 		}
 	}(ln)

privval/tcp_test.go

@@ -27,8 +27,7 @@ func TestSocketPVAddress(t *testing.T) {
 
 	serverAddr := rs.privVal.GetAddress()
 
-	clientAddr, err := sc.getAddress()
-	require.NoError(t, err)
+	clientAddr := sc.GetAddress()
 
 	assert.Equal(t, serverAddr, clientAddr)
 
@@ -91,6 +90,53 @@ func TestSocketPVVote(t *testing.T) {
 	assert.Equal(t, want.Signature, have.Signature)
 }
 
+func TestSocketPVVoteResetDeadline(t *testing.T) {
+	var (
+		chainID = cmn.RandStr(12)
+		sc, rs  = testSetupSocketPair(t, chainID, types.NewMockPV())
+
+		ts    = time.Now()
+		vType = types.PrecommitType
+		want  = &types.Vote{Timestamp: ts, Type: vType}
+		have  = &types.Vote{Timestamp: ts, Type: vType}
+	)
+	defer sc.Stop()
+	defer rs.Stop()
+
+	time.Sleep(3 * time.Millisecond)
+
+	require.NoError(t, rs.privVal.SignVote(chainID, want))
+	require.NoError(t, sc.SignVote(chainID, have))
+	assert.Equal(t, want.Signature, have.Signature)
+
+	// This would exceed the deadline if it was not extended by the previous message
+	time.Sleep(3 * time.Millisecond)
+
+	require.NoError(t, rs.privVal.SignVote(chainID, want))
+	require.NoError(t, sc.SignVote(chainID, have))
+	assert.Equal(t, want.Signature, have.Signature)
+}
+
+func TestSocketPVVoteKeepalive(t *testing.T) {
+	var (
+		chainID = cmn.RandStr(12)
+		sc, rs  = testSetupSocketPair(t, chainID, types.NewMockPV())
+
+		ts    = time.Now()
+		vType = types.PrecommitType
+		want  = &types.Vote{Timestamp: ts, Type: vType}
+		have  = &types.Vote{Timestamp: ts, Type: vType}
+	)
+	defer sc.Stop()
+	defer rs.Stop()
+
+	time.Sleep(10 * time.Millisecond)
+
+	require.NoError(t, rs.privVal.SignVote(chainID, want))
+	require.NoError(t, sc.SignVote(chainID, have))
+	assert.Equal(t, want.Signature, have.Signature)
+}
+
 func TestSocketPVHeartbeat(t *testing.T) {
 	var (
 		chainID = cmn.RandStr(12)
@@ -107,36 +153,20 @@ func TestSocketPVHeartbeat(t *testing.T) {
 	assert.Equal(t, want.Signature, have.Signature)
 }
 
-func TestSocketPVAcceptDeadline(t *testing.T) {
-	var (
-		sc = NewSocketPV(
-			log.TestingLogger(),
-			"127.0.0.1:0",
-			ed25519.GenPrivKey(),
-		)
-	)
-	defer sc.Stop()
-
-	SocketPVAcceptDeadline(time.Millisecond)(sc)
-
-	assert.Equal(t, sc.Start().(cmn.Error).Data(), ErrConnWaitTimeout)
-}
-
 func TestSocketPVDeadline(t *testing.T) {
 	var (
 		addr    = testFreeAddr(t)
 		listenc = make(chan struct{})
-		sc      = NewSocketPV(
+		sc      = NewTCPVal(
 			log.TestingLogger(),
 			addr,
 			ed25519.GenPrivKey(),
 		)
 	)
 
-	SocketPVConnDeadline(100 * time.Millisecond)(sc)
-	SocketPVConnWait(500 * time.Millisecond)(sc)
+	TCPValConnTimeout(100 * time.Millisecond)(sc)
 
-	go func(sc *SocketPV) {
+	go func(sc *TCPVal) {
 		defer close(listenc)
 
 		require.NoError(t, sc.Start())
@@ -161,26 +191,10 @@ func TestSocketPVDeadline(t *testing.T) {
 
 	<-listenc
 
-	// Sleep to guarantee deadline has been hit.
-	time.Sleep(20 * time.Microsecond)
-
 	_, err := sc.getPubKey()
 	assert.Equal(t, err.(cmn.Error).Data(), ErrConnTimeout)
 }
 
-func TestSocketPVWait(t *testing.T) {
-	sc := NewSocketPV(
-		log.TestingLogger(),
-		"127.0.0.1:0",
-		ed25519.GenPrivKey(),
-	)
-	defer sc.Stop()
-
-	SocketPVConnWait(time.Millisecond)(sc)
-
-	assert.Equal(t, sc.Start().(cmn.Error).Data(), ErrConnWaitTimeout)
-}
-
 func TestRemoteSignerRetry(t *testing.T) {
 	var (
 		attemptc = make(chan int)
@@ -221,7 +235,7 @@ func TestRemoteSignerRetry(t *testing.T) {
 	RemoteSignerConnDeadline(time.Millisecond)(rs)
 	RemoteSignerConnRetries(retries)(rs)
 
-	assert.Equal(t, rs.Start().(cmn.Error).Data(), ErrDialRetryMax)
+	assert.Equal(t, rs.Start(), ErrDialRetryMax)
 
 	select {
 	case attempts := <-attemptc:
@@ -328,7 +342,7 @@ func TestErrUnexpectedResponse(t *testing.T) {
 			types.NewMockPV(),
 			ed25519.GenPrivKey(),
 		)
-		sc = NewSocketPV(
+		sc = NewTCPVal(
 			logger,
 			addr,
 			ed25519.GenPrivKey(),
@@ -383,7 +397,7 @@ func testSetupSocketPair(
 	t *testing.T,
 	chainID string,
 	privValidator types.PrivValidator,
-) (*SocketPV, *RemoteSigner) {
+) (*TCPVal, *RemoteSigner) {
 	var (
 		addr    = testFreeAddr(t)
 		logger  = log.TestingLogger()
@@ -396,18 +410,20 @@ func testSetupSocketPair(
 			privVal,
 			ed25519.GenPrivKey(),
 		)
-		sc = NewSocketPV(
+		sc = NewTCPVal(
 			logger,
 			addr,
 			ed25519.GenPrivKey(),
 		)
 	)
 
-	testStartSocketPV(t, readyc, sc)
-
-	RemoteSignerConnDeadline(time.Millisecond)(rs)
+	TCPValConnTimeout(5 * time.Millisecond)(sc)
+	TCPValHeartbeat(2 * time.Millisecond)(sc)
+	RemoteSignerConnDeadline(5 * time.Millisecond)(rs)
 	RemoteSignerConnRetries(1e6)(rs)
 
+	testStartSocketPV(t, readyc, sc)
+
 	require.NoError(t, rs.Start())
 	assert.True(t, rs.IsRunning())
 
@@ -416,7 +432,7 @@ func testSetupSocketPair(
 	return sc, rs
 }
 
-func testReadWriteResponse(t *testing.T, resp SocketPVMsg, rsConn net.Conn) {
+func testReadWriteResponse(t *testing.T, resp RemoteSignerMsg, rsConn net.Conn) {
 	_, err := readMsg(rsConn)
 	require.NoError(t, err)
 
@@ -424,8 +440,8 @@ func testReadWriteResponse(t *testing.T, resp SocketPVMsg, rsConn net.Conn) {
 	require.NoError(t, err)
 }
 
-func testStartSocketPV(t *testing.T, readyc chan struct{}, sc *SocketPV) {
-	go func(sc *SocketPV) {
+func testStartSocketPV(t *testing.T, readyc chan struct{}, sc *TCPVal) {
+	go func(sc *TCPVal) {
 		require.NoError(t, sc.Start())
 		assert.True(t, sc.IsRunning())
 

privval/wire.go

@@ -9,5 +9,5 @@ var cdc = amino.NewCodec()
 
 func init() {
 	cryptoAmino.RegisterAmino(cdc)
-	RegisterSocketPVMsg(cdc)
+	RegisterRemoteSignerMsg(cdc)
 }

proxy/app_conn_test.go

@@ -143,7 +143,7 @@ func TestInfo(t *testing.T) {
 	proxy := NewAppConnTest(cli)
 	t.Log("Connected")
 
-	resInfo, err := proxy.InfoSync(types.RequestInfo{Version: ""})
+	resInfo, err := proxy.InfoSync(RequestInfo)
 	if err != nil {
 		t.Errorf("Unexpected error: %v", err)
 	}