Separate recent hashed values cache into separate types

[deuszx]

Motivation

Part of the epic to remove CertificateValue and be able to statically determine a type of value the certificate is for.

Proposal

Replace ChainManager::pending with two separate fields - confirmed_vote and validated_vote. When one of the votes is inserted, the other is cleared so that only one of the fields is ever populated.

Test Plan

CI should catch any regressions.

Release Plan

• Nothing to do / These changes follow the usual release cycle.

Links

Closes #2897

• reviewer checklist

[deuszx]

I want to bring reviewers' attention to this - i checked but want to confirm

[afck]

Yes, these should only ever contain votes we signed with key_pair, and only if that's Some. (That invariant should, in fact, be guaranteed just by this module alone. Edit: It isn't, strictly speaking, since the fields are public.)

[deuszx]

Want to emphasize that we no longer insert a validated variant of the hashed value if the confirmed one is being inserted.

[afck]

(It was the other way round, I think?)
If I'm reading this correctly we are inserting the confirmed variant when we sign it; that should still take care of the most common case, so that most validators that receive a lite confirmed block certificate will already have its value in the cache.

[deuszx]

Yes yes, it was the other way around.

[deuszx]

Also this - it shouldn't happen that both confirmed_vote and validated_vote are both set to Some(_) at the same time.

[afck]

It looks like you made sure of that everywhere.

Alternatively, we could avoid explicitly setting them to None and always prefer the highest-round vote, with the confirmed one taking precedence.

[deuszx]

Tests were removed but there's an issue now to bring back similar functionality #2912

[afck]

Makes sense to me; most of these seem to be related to the "validated vs. confirmed" logic. (cc @jvff)

[afck]

No blockers from my side; but the TODO question needs to be removed from the code, of course.

[afck]

Suggested change

	/// Returns the `Certificate` with the specified value, if it matches.
	/// Returns the [`GenericCertificate`] with the specified value, if it matches.

[deuszx]

Done in Fix comments

[afck]

Yes, these should only ever contain votes we signed with key_pair, and only if that's Some. (That invariant should, in fact, be guaranteed just by this module alone. Edit: It isn't, strictly speaking, since the fields are public.)

[afck]

Why not?

[deuszx]

You mean why I removed the comment? probably by mistake.

[deuszx]

Done in 2cfad93

[afck]

Now I'm wondering if we're missing a check in this function that, regardless of locked block or votes, the certificate is from at least the current round.

I created #2914 for it.

[afck]

We could have a more direct constructor for that now.

[afck]

Here we could also start using the new type right away.

[afck]

(It was the other way round, I think?)
If I'm reading this correctly we are inserting the confirmed variant when we sign it; that should still take care of the most common case, so that most validators that receive a lite confirmed block certificate will already have its value in the cache.

[afck]

Makes sense to me; most of these seem to be related to the "validated vs. confirmed" logic. (cc @jvff)

[afck]

Here we should also be able to avoid the expect, using the appropriate constructor.

Even if inside that constructor we still expect for now (but I hope we can remove that entirely soon) it would at least clean up all the call sites.
(But maybe that's something for another PR. 🤷)

[deuszx]

Yes, let's leave it for a separate PR - I'm currently in the process of removing a lot of HashedCertificateValue usage and maybe it'll go away entirely soon.

[deuszx]

No blockers from my side; but the TODO question needs to be removed from the code, of course.

Done