Alignment on faults + arbitration

[sternhenri]

Per our conversation on the spec call, here's my understanding of how fault reporting works @dignifiedquire @whyrusleeping.

I understand this is not nec how they will work in the next spec PR. The goal here is to make sure I am not heading the wrong way for thinking about deal arbitration. Please let me know if there are any big issues here, otherwise I can move forward.

Simply put, there are three key events:

• ProvingPeriodEnd: by which the miner must submit their PoSt. If they do not, consensus power is immediately lost.
  • Recovery by submitting the appropriate PoSt before the next event.
• GracePeriod: part of the next ProvingPeriod, after which storage collateral will be slashed, and the client can call upon deal arbitration to recuperate some of it. After
  • Recovery by submitting the appropriate PoSt and putting up collateral again before the next event.
• SectorFailureTimeout: a few ProvingPeriods away, after which sectors must simply be re-sealed in order to mine (i.e. no possible recovery).
  • Recovery by putting up storage collateral and SEALing sectors (ie same as a new miner).

Put another way:

• Consensus power is lost immediately after a fault
• Storage collateral is lost after the GracePeriod
  • The client can run arbitration after then (TODO: exactly how)
• Data must be reSEALed after SectorFailureTimeout

Below a quick diagram to show this off, viewing the process from a miner's standpoint.

Key:

• gp = Grace Period
• c = challenge
• f = declared fault
• rf = recovered fault
• ad = arbitration deal
• ac = add collateral

            ┌──┐               ┌──┐               ┌──┐               ┌──┐               ┌──┐                ┌──┐     
            │c1│               │c2│               │c3│               │c4│               │c.│                │c9│     
            └──┘               └──┘               └──┘               └──┘               └──┘                └──┘     
              │    ┌────┐        │    ┌────┐        │    ┌────┐        │    ┌────┐        │    ┌────┐         │      
              │    │gp1 │        │    │gp2 │        │    │gp3 │        │    │gp4 │        │    │gp8 │         │      
┌─────────────▼────┼────┴────────▼────┼────┴────────▼────┼────┴────────▼────┼────┴────────▼────┼────┴─────────▼───┐  
│ Proving Period 1 │ Proving Period 2 │ Proving Period 3 │ Proving Period 4 │       ...        │ proving period 9 │  
└────────────▲─────┴───▲─────────▲────┴──────▲───▲───────┴────────────▲─────┴──────────────────┴──────────────────┘  
             │         │         │           │   │                    │                                              
             │         │         │           │   │                    │                                              
                     rf1,                      rf3,                                                                  
          f1, f2     rf2      f3, f4       da1 rf4,                  f5                                              
                                               ac1                                                                   
◀───────────▶◀────────▶ ◀──────▶  ◀────────▶ ◀──▶  ◀─────────────────▶ ◀─────────▶ ◀─────────▶  ◀────────────────────
     A           B         C         D          E           F               G           H                 I          

State of the network:

• A
  • Power = 1
  • Collateral = 1
  • Next Proof = PoSt
• B
  • Power = 0
  • Collateral = 1
  • Next proof = PoSt (to fix faults)
• C
  • Power = 1
  • Collateral = 1
  • Next proof = PoSt
• D
  • Power = 0
  • Collateral = 1
  • Next proof = PoSt (to fix faults)
• E
  • Power = 0
  • Collateral = 0
  • Next proof = PoSt (to fix faults)
  • Collateral to be added back
• F
  • Power = 1
  • Collateral = 0 | 1
  • Next proof = PoSt
• G
  • Power = 0
  • Collateral = 0 | 1
  • Next proof = PoSt (to fix faults)
• H
  • Power = 0
  • Collateral = 0 | 0
  • Next proof = PoSt (to fix faults)
  • Collateral to be added back
• I
  • Power = 0
  • Collateral = 0
  • Next proof = SEAL
  • Collateral to be added back

[anorth]

In at least one way, deal arbitration must be orthogonal to faults. A client must be able to claim storage collateral from a sector that a miner has declared "done" without faulting, probably at any time up until the deal end.

I have proposed a mechanism for this in #386.

IMO, faults and deal arbitration should be completely independent, and storage collateral be held and used only for payment to deal clients (never burned). I'm aware of words elsewhere (e.g. #426) that also burn storage collateral for faults, but not of the rationale for that. But even if we do go that way, it still needs to be held for clients when a miner does not honour a deal, which cannot be trivially detected on chain.

[sternhenri]

I understand your latter point Alex (though I'm not yet sure I agree). As to the former, I am not yet sure what "done" means, but I will say that this whole issue is very much me trying to align with sources of truth on research as I try to ramp up to helping spec deal arbitration (per @pooja's request). I am still very much in catch up mode, so please don't let me introduce any noise into where things are at "officially" rn. I am all noise, no signal for the next couple of weeks on this topic, so don't let me distract you :b

[sternhenri]

With that said, your feedback is well-taken and appreciated.

[pooja]

@sternhenri this description is extremely well written and super clear. I know you're still in synthesis mode but when you feel like you have the confirmation you need, would be awesome to have your description and diagrams for faults in the spec.

[anorth]

@sternhenri I really appreciate what you are doing and understand the WIP state. Please consider my comments as just additional into your synthesis.