-
Notifications
You must be signed in to change notification settings - Fork 248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Storage proof: change BlockDigest to DomainRuntimeUpgrades #3329
Conversation
f657e5c
to
2f3a9b6
Compare
a0a7dd3
to
0c39996
Compare
crates/subspace-runtime/src/lib.rs
Outdated
#[sp_version::runtime_version] | ||
pub const VERSION: RuntimeVersion = RuntimeVersion { | ||
spec_name: Cow::Borrowed("subspace"), | ||
impl_name: Cow::Borrowed("subspace"), | ||
authoring_version: 0, | ||
spec_version: 1, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The consensus runtime version is already bumped in 4ba268a.
As a good practice, I think we should bump the runtime version when we are going to do runtime upgrade instead of when there are runtime code change to avoid bumping the version multiple times by accident.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The consensus runtime version is already bumped in 4ba268a.
I deliberately put the same version bump commit in both PRs.
This PR was created before that PR merged, so we had to bump the runtime version in both. Otherwise, it would be possible to merge an incompatible runtime version change without bumping the version.
But it is exactly the same commit in both PRs. So when this PR is merged into main
, there will be no change to the runtime version, because the commit was already merged in PR #3303.
As a good practice, I think we should bump the runtime version when we are going to do runtime upgrade instead of when there are runtime code change to avoid bumping the version multiple times by accident.
I'm not sure about this. I thought the team decided to bump the version in the history seeding removal PR, rather than waiting until we wanted to do a runtime upgrade:
#3303 (comment)
There's a few different ways we can do runtime version bumps:
- Bump the version in each PR that makes a breaking runtime change, or in the first PR that makes a breaking change
- we could accidentally bump multiple times, wasting a few version numbers
- Bump the version before each runtime upgrade
- we could accidentally forget, leading to a rejected upgrade
- if we decide not to upgrade, we could accidentally bump multiple times, wasting a few version numbers
- Bump the version after each runtime upgrade
- (I can't see anything that's likely to go wrong here, what do you think?)
If we had a checklist and followed it every time, it wouldn't matter which option we chose. But until we do that, it seems like option 3 (or option 1) is the least likely to cause significant issues.
Let's talk about it with the team, and come up with a consistent way of doing it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought the team decided to bump the version in the history seeding removal PR, rather than waiting until we wanted to do a runtime upgrade:
#3303 (comment)
Yeah, I saw that, this is just a thought that I think can make the runtime upgrade process better.
If we had a checklist and followed it every time, it wouldn't matter which option we chose. But until we do that, it seems like option 3 (or option 1) is the least likely to cause significant issues.
We should certainly have a checklist (including proper testing) for the runtime upgrade. Since the only onchain check for upgrade is the runtime version, we need to do more offchain checks to the runtime code, things that I'm most concerned about are not rejected upgrades due to runtime version (which only wastes some tx fee) but successful upgrades with incompatible runtime (e.g. with host function change or incompatible storage change) which can do much damage to the network and may even need a hard fork to fix. So I think our goal is not to make the upgrade to pass the runtime version check as easy and convenient as possible.
Let's talk about it with the team, and come up with a consistent way of doing it?
Yeah, we can discuss this on the next sync, definitely not a blocker for this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dropped this commit when I was rebasing, because it is already in the main branch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm still working my way through these suggestions. But I'm wondering if it would be easier to just leave the allow lists the way they are.
crates/subspace-runtime/src/lib.rs
Outdated
#[sp_version::runtime_version] | ||
pub const VERSION: RuntimeVersion = RuntimeVersion { | ||
spec_name: Cow::Borrowed("subspace"), | ||
impl_name: Cow::Borrowed("subspace"), | ||
authoring_version: 0, | ||
spec_version: 1, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The consensus runtime version is already bumped in 4ba268a.
I deliberately put the same version bump commit in both PRs.
This PR was created before that PR merged, so we had to bump the runtime version in both. Otherwise, it would be possible to merge an incompatible runtime version change without bumping the version.
But it is exactly the same commit in both PRs. So when this PR is merged into main
, there will be no change to the runtime version, because the commit was already merged in PR #3303.
As a good practice, I think we should bump the runtime version when we are going to do runtime upgrade instead of when there are runtime code change to avoid bumping the version multiple times by accident.
I'm not sure about this. I thought the team decided to bump the version in the history seeding removal PR, rather than waiting until we wanted to do a runtime upgrade:
#3303 (comment)
There's a few different ways we can do runtime version bumps:
- Bump the version in each PR that makes a breaking runtime change, or in the first PR that makes a breaking change
- we could accidentally bump multiple times, wasting a few version numbers
- Bump the version before each runtime upgrade
- we could accidentally forget, leading to a rejected upgrade
- if we decide not to upgrade, we could accidentally bump multiple times, wasting a few version numbers
- Bump the version after each runtime upgrade
- (I can't see anything that's likely to go wrong here, what do you think?)
If we had a checklist and followed it every time, it wouldn't matter which option we chose. But until we do that, it seems like option 3 (or option 1) is the least likely to cause significant issues.
Let's talk about it with the team, and come up with a consistent way of doing it?
0c39996
to
96cc741
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alright, that should be everything.
I also added some timeouts to the tests, to make any errors easier to diagnose.
crates/subspace-runtime/src/lib.rs
Outdated
#[sp_version::runtime_version] | ||
pub const VERSION: RuntimeVersion = RuntimeVersion { | ||
spec_name: Cow::Borrowed("subspace"), | ||
impl_name: Cow::Borrowed("subspace"), | ||
authoring_version: 0, | ||
spec_version: 1, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dropped this commit when I was rebasing, because it is already in the main branch.
96cc741
to
d712dec
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make sense overall, just a few nits, thanks!
&self.storage_key_provider, | ||
self.consensus_client.as_ref(), | ||
domain_id, | ||
consensus_block_hash, | ||
maybe_runtime_id, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can also replace BlockDigest
with DomainRuntimeUpgrades
to determine if runtime upgrades happen in is_domain_runtime_upgraded_at
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know how to do this, sorry! For the next few months, can provide more details about how to do things in tickets and reviews?
You can see what I tried in commit 6077082 of https://github.com/autonomys/subspace/tree/fraud-proof-data-digest-upgraded-at-via-proof
I couldn't get the value of DomainRuntimeUpgrades
in is_domain_runtime_upgraded_at()
, because there is no runtime API for it. So I tried creating and verifying a storage proof to get that value, but I think that didn't work because the proof hadn't been submitted yet.
Do you want me to add a new runtime API?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you want me to add a new runtime API?
Yeah, that is what I mean, sorry for not being clear, let's leave this to the next PR.
d712dec
to
4c366f5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR has been open for a while, and it's getting pretty big.
If there aren't any blockers, can we merge it as it is, then do any further cleanups in a new PR?
&self.storage_key_provider, | ||
self.consensus_client.as_ref(), | ||
domain_id, | ||
consensus_block_hash, | ||
maybe_runtime_id, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know how to do this, sorry! For the next few months, can provide more details about how to do things in tickets and reviews?
You can see what I tried in commit 6077082 of https://github.com/autonomys/subspace/tree/fraud-proof-data-digest-upgraded-at-via-proof
I couldn't get the value of DomainRuntimeUpgrades
in is_domain_runtime_upgraded_at()
, because there is no runtime API for it. So I tried creating and verifying a storage proof to get that value, but I think that didn't work because the proof hadn't been submitted yet.
Do you want me to add a new runtime API?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
This PR replaces the block digest storage proof with the existing runtime upgrade records storage proof.
It also cleans up the fraud proof struct hierarchy, and fixes up some comments.
Breaking changes:
Part of ticket #3281.
Code contributor checklist: