Storage proof: change BlockDigest to DomainRuntimeUpgrades #3329
Conversation
teor2345
added
execution
teor2345
requested review from
NingLin-P,
vedhavyas and
nazar-pc
as code owners
teor2345
force-pushed
the
fraud-proof-data-digest
branch
from
f657e5c to
2f3a9b6
Compare
teor2345
changed the title
teor2345
force-pushed
the
fraud-proof-data-digest
branch
2 times, most recently
from
a0a7dd3 to
0c39996
Compare
crates/subspace-runtime/src/lib.rs
Outdated
| #[sp_version::runtime_version] | ||
| pub const VERSION: RuntimeVersion = RuntimeVersion { | ||
| spec_name: Cow::Borrowed("subspace"), | ||
| impl_name: Cow::Borrowed("subspace"), | ||
| authoring_version: 0, | ||
| spec_version: 1, |
There was a problem hiding this comment.
The consensus runtime version is already bumped in 4ba268a.
As a good practice, I think we should bump the runtime version when we are going to do runtime upgrade instead of when there are runtime code change to avoid bumping the version multiple times by accident.
There was a problem hiding this comment.
The consensus runtime version is already bumped in 4ba268a.
I deliberately put the same version bump commit in both PRs.
This PR was created before that PR merged, so we had to bump the runtime version in both. Otherwise, it would be possible to merge an incompatible runtime version change without bumping the version.
But it is exactly the same commit in both PRs. So when this PR is merged into main, there will be no change to the runtime version, because the commit was already merged in PR #3303.
As a good practice, I think we should bump the runtime version when we are going to do runtime upgrade instead of when there are runtime code change to avoid bumping the version multiple times by accident.
I'm not sure about this. I thought the team decided to bump the version in the history seeding removal PR, rather than waiting until we wanted to do a runtime upgrade:
#3303 (comment)
There's a few different ways we can do runtime version bumps:
- Bump the version in each PR that makes a breaking runtime change, or in the first PR that makes a breaking change
- we could accidentally bump multiple times, wasting a few version numbers
- Bump the version before each runtime upgrade
- we could accidentally forget, leading to a rejected upgrade
- if we decide not to upgrade, we could accidentally bump multiple times, wasting a few version numbers
- Bump the version after each runtime upgrade
- (I can't see anything that's likely to go wrong here, what do you think?)
If we had a checklist and followed it every time, it wouldn't matter which option we chose. But until we do that, it seems like option 3 (or option 1) is the least likely to cause significant issues.
Let's talk about it with the team, and come up with a consistent way of doing it?
There was a problem hiding this comment.
I thought the team decided to bump the version in the history seeding removal PR, rather than waiting until we wanted to do a runtime upgrade:
#3303 (comment)
Yeah, I saw that, this is just a thought that I think can make the runtime upgrade process better.
If we had a checklist and followed it every time, it wouldn't matter which option we chose. But until we do that, it seems like option 3 (or option 1) is the least likely to cause significant issues.
We should certainly have a checklist (including proper testing) for the runtime upgrade. Since the only onchain check for upgrade is the runtime version, we need to do more offchain checks to the runtime code, things that I'm most concerned about are not rejected upgrades due to runtime version (which only wastes some tx fee) but successful upgrades with incompatible runtime (e.g. with host function change or incompatible storage change) which can do much damage to the network and may even need a hard fork to fix. So I think our goal is not to make the upgrade to pass the runtime version check as easy and convenient as possible.
Let's talk about it with the team, and come up with a consistent way of doing it?
Yeah, we can discuss this on the next sync, definitely not a blocker for this PR.
There was a problem hiding this comment.
I dropped this commit when I was rebasing, because it is already in the main branch.
crates/subspace-runtime/src/lib.rs
Outdated
| #[sp_version::runtime_version] | ||
| pub const VERSION: RuntimeVersion = RuntimeVersion { | ||
| spec_name: Cow::Borrowed("subspace"), | ||
| impl_name: Cow::Borrowed("subspace"), | ||
| authoring_version: 0, | ||
| spec_version: 1, |
There was a problem hiding this comment.
The consensus runtime version is already bumped in 4ba268a.
I deliberately put the same version bump commit in both PRs.
This PR was created before that PR merged, so we had to bump the runtime version in both. Otherwise, it would be possible to merge an incompatible runtime version change without bumping the version.
But it is exactly the same commit in both PRs. So when this PR is merged into main, there will be no change to the runtime version, because the commit was already merged in PR #3303.
As a good practice, I think we should bump the runtime version when we are going to do runtime upgrade instead of when there are runtime code change to avoid bumping the version multiple times by accident.
I'm not sure about this. I thought the team decided to bump the version in the history seeding removal PR, rather than waiting until we wanted to do a runtime upgrade:
#3303 (comment)
There's a few different ways we can do runtime version bumps:
- Bump the version in each PR that makes a breaking runtime change, or in the first PR that makes a breaking change
- we could accidentally bump multiple times, wasting a few version numbers
- Bump the version before each runtime upgrade
- we could accidentally forget, leading to a rejected upgrade
- if we decide not to upgrade, we could accidentally bump multiple times, wasting a few version numbers
- Bump the version after each runtime upgrade
- (I can't see anything that's likely to go wrong here, what do you think?)
If we had a checklist and followed it every time, it wouldn't matter which option we chose. But until we do that, it seems like option 3 (or option 1) is the least likely to cause significant issues.
Let's talk about it with the team, and come up with a consistent way of doing it?
teor2345
force-pushed
the
fraud-proof-data-digest
branch
from
0c39996 to
96cc741
Compare
crates/subspace-runtime/src/lib.rs
Outdated
| #[sp_version::runtime_version] | ||
| pub const VERSION: RuntimeVersion = RuntimeVersion { | ||
| spec_name: Cow::Borrowed("subspace"), | ||
| impl_name: Cow::Borrowed("subspace"), | ||
| authoring_version: 0, | ||
| spec_version: 1, |
There was a problem hiding this comment.
I dropped this commit when I was rebasing, because it is already in the main branch.
teor2345
force-pushed
the
fraud-proof-data-digest
branch
from
96cc741 to
d712dec
Compare
teor2345
changed the title
| &self.storage_key_provider, | ||
| self.consensus_client.as_ref(), | ||
| domain_id, | ||
| consensus_block_hash, | ||
| maybe_runtime_id, |
There was a problem hiding this comment.
We can also replace BlockDigest with DomainRuntimeUpgrades to determine if runtime upgrades happen in is_domain_runtime_upgraded_at
There was a problem hiding this comment.
I don't know how to do this, sorry! For the next few months, can provide more details about how to do things in tickets and reviews?
You can see what I tried in commit 6077082 of https://github.com/autonomys/subspace/tree/fraud-proof-data-digest-upgraded-at-via-proof
I couldn't get the value of DomainRuntimeUpgrades in is_domain_runtime_upgraded_at(), because there is no runtime API for it. So I tried creating and verifying a storage proof to get that value, but I think that didn't work because the proof hadn't been submitted yet.
Do you want me to add a new runtime API?
There was a problem hiding this comment.
Do you want me to add a new runtime API?
Yeah, that is what I mean, sorry for not being clear, let's leave this to the next PR.
teor2345
force-pushed
the
fraud-proof-data-digest
branch
from
d712dec to
4c366f5
Compare
| &self.storage_key_provider, | ||
| self.consensus_client.as_ref(), | ||
| domain_id, | ||
| consensus_block_hash, | ||
| maybe_runtime_id, |
There was a problem hiding this comment.
I don't know how to do this, sorry! For the next few months, can provide more details about how to do things in tickets and reviews?
You can see what I tried in commit 6077082 of https://github.com/autonomys/subspace/tree/fraud-proof-data-digest-upgraded-at-via-proof
I couldn't get the value of DomainRuntimeUpgrades in is_domain_runtime_upgraded_at(), because there is no runtime API for it. So I tried creating and verifying a storage proof to get that value, but I think that didn't work because the proof hadn't been submitted yet.
Do you want me to add a new runtime API?
This PR replaces the block digest storage proof with the existing runtime upgrade records storage proof.
It also cleans up the fraud proof struct hierarchy, and fixes up some comments.
Breaking changes:
Part of ticket #3281.
Code contributor checklist: