Commits on Dec 19, 2017

1. Problem: AuRa's unsafeties around step duration …

   Firstly, `Step.duration_remaining` casts it to u32, unnecesarily
   limiting it to 2^32. While theoretically this is "good enough" (at 3
   seconds steps it provides room for a little over 400 years), it is
   still a lossy way to calculate the remaining time until the next step.
   
   Secondly, step duration might be zero, triggering division by zero
   in `Step.calibrate`
   
   Solution: rework the code around the fact that duration is
   typically in single digits and never grows, hence, it can be represented
   by a much narrower range (u16) and this highlights the fact that
   multiplying u64 by u16 will only result in an overflow in even further
   future, at which point we should panic informatively (if anybody's
   still around)
   
   Similarly, panic when it is detected that incrementing the step
   counter wrapped around on the overflow of usize.
   
   As for the division by zero, prevent it by making zero an invalid
   value for step duration. This will make AuRa log the constraint
   mismatch and panic (after all, what purpose would zero step duration
   serve? it makes no sense within the definition of the protocol,
   as finality can only be achieved as per the specification
   if messages are received within the step duration, which would violate
   the speed of light and other physical laws in this case).

   

   yrashk committed Dec 19, 2017
   Configuration menu

   • View commit details
   • Copy full SHA for 03493cc
   • Browse repository at this point

   Copy the full SHA

   03493cc View commit details

   Browse the repository at this point in the history