Always record storage when stateless validation is enabled

[jancionear]

For stateless validation we need to record all trie reads performed when applying a chunk in order to prepare a PartialState that will be included in ChunkStateWitness

Initially it was only necessary to record trie reads when producing a chunk. Validators could read all the values from the provided PartialState without recording anything.

A recent change (#10703) introduced a soft limit on the size of PartialState. When applying a chunk we watch how much state was recorded, and once the amount of state exceeds the soft limit we stop applying the receipts in this chunk.
This needs to be done on both the chunk producer and chunk validator - if the chunk validator doesn't record reads and enforce the limit, it will produce a different result of chunk application, which would lead to validation failure.

This means that state should be recorded in all cases when a statelessly validated chunk is applied. Let's remove the configuration option that controls whether trie reads should be recorded (record_storage) and just record the reads on every chunk application (when statelessnet_protocol feature is enabled).

Refs: zulip conversation

[Longarithm]

This is (going) to change the protocol, right? Then it needs to be gated by ProtocolFeature / protocol version, so we could smoothly roll it out to statelessnet and mainnet.

[jancionear]

This is (going) to change the protocol, right? Then it needs to be gated by ProtocolFeature / protocol version, so we could smoothly roll it out to statelessnet and mainnet.

I'd say that it's a fix for the protocol version introduced by #10703.
Adding the soft limit caused a protocol change, I'm just fixing the validators to also take this limit into account when applying chunks.

[codecov]

Codecov Report

Attention: Patch coverage is 90.90909% with 6 lines in your changes are missing coverage. Please review.

Project coverage is 71.63%. Comparing base (92e5938) to head (6c5dfac).

Files	Patch %	Lines
chain/chain/src/chain.rs	77.77%	0 Missing and 4 partials ⚠️
chain/chain/src/chain_update.rs	90.47%	0 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #10859      +/-   ##
==========================================
+ Coverage   71.61%   71.63%   +0.01%     
==========================================
  Files         758      758              
  Lines      151765   151789      +24     
  Branches   151765   151789      +24     
==========================================
+ Hits       108692   108730      +38     
+ Misses      38537    38518      -19     
- Partials     4536     4541       +5     

Flag	Coverage Δ
backward-compatibility	0.24% <0.00%> (-0.01%)	⬇️
db-migration	0.24% <0.00%> (-0.01%)	⬇️
genesis-check	1.42% <0.00%> (-0.01%)	⬇️
integration-tests	37.39% <75.75%> (-0.01%)	⬇️
linux	70.09% <54.54%> (-0.15%)	⬇️
linux-nightly	71.12% <75.75%> (+0.02%)	⬆️
macos	54.53% <54.54%> (-0.18%)	⬇️
pytests	1.65% <0.00%> (-0.01%)	⬇️
sanity-checks	1.44% <0.00%> (-0.01%)	⬇️
unittests	67.28% <90.90%> (+0.01%)	⬆️
upgradability	0.29% <0.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[walnut-the-cat]

Does this mean that this test won't kick in before hitting testnet (with stable build)? isn't it too late?

[jancionear]

This means that the test will only execute in builds where the default protocol version has stateless validation enabled.
In practice this means that the test will be enabled for builds with --features statelessnet_protocol and --features nightly. Both of those options are present in the CI, so the test will be run on every change, and it will be enabled on statelessnet builds.

Tbh I don't know what "stable" in checked_feature is supposed to mean, the macro just checks the protocol version:

#[macro_export]
macro_rules! checked_feature {
    ("stable", $feature:ident, $current_protocol_version:expr) => {{
        $crate::version::ProtocolFeature::$feature.protocol_version() <= $current_protocol_version
    }};

The code is here if anyone wants to take a look:

nearcore/core/primitives-core/src/version.rs

Lines 224 to 256 in f2e87c0

	pub const PROTOCOL_VERSION: ProtocolVersion = if cfg!(feature = "statelessnet_protocol") {
	// Current StatelessNet protocol version.
	83
	} else if cfg!(feature = "nightly_protocol") {
	// On nightly, pick big enough version to support all features.
	140
	} else {
	// Enable all stable features.
	STABLE_PROTOCOL_VERSION
	};
	/// Both, outgoing and incoming tcp connections to peers, will be rejected if `peer's`
	/// protocol version is lower than this.
	pub const PEER_MIN_ALLOWED_PROTOCOL_VERSION: ProtocolVersion = STABLE_PROTOCOL_VERSION - 2;
	#[macro_export]
	macro_rules! checked_feature {
	("stable", $feature:ident, $current_protocol_version:expr) => {{
	$crate::version::ProtocolFeature::$feature.protocol_version() <= $current_protocol_version
	}};
	($feature_name:tt, $feature:ident, $current_protocol_version:expr) => {{
	#[cfg(feature = $feature_name)]
	let is_feature_enabled = $crate::version::ProtocolFeature::$feature.protocol_version()
	<= $current_protocol_version;
	#[cfg(not(feature = $feature_name))]
	let is_feature_enabled = {
	// Workaround unused variable warning
	let _ = $current_protocol_version;
	false
	};
	is_feature_enabled
	}};

[jancionear]

We already have this kind of check in many other tests that don't work without stateless validation, e.g:

nearcore/integration-tests/src/tests/client/features/stateless_validation.rs

Line 33 in f2e87c0

if !checked_feature!("stable", StatelessValidationV0, PROTOCOL_VERSION) {

[shreyan-gupta]

Looks good! Could @Longarithm confirm whether it's fine to delete the should_produce_state_witness_for_this_or_next_epoch function? In the future, with single shard tracking, we shouldn't even require the condition self.epoch_manager.is_chunk_producer_for_epoch(epoch_id, account_id)? || self.epoch_manager.is_chunk_producer_for_epoch(&next_epoch_id, account_id)??

[shreyan-gupta]

should_produce_state_witness_for_this_or_next_epoch is used in one other place in prepare_transactions. We should remove it from there as well and delete the function.

[Longarithm]

Good point, actually. We should still call should_produce_state_witness_for_this_or_next_epoch, but on the place where we save recorded storage to disk. The method still makes sense because this data is useless if node is not a chunk producer. For single shard tracking shard change still may happen.

[jancionear]

The recording should probably also be enabled with the shadow_chunk_validation feature.

[jancionear]

v2:

• Don't save the recorded state transition data to the database if we aren't a chunk producer for this or next epoch. Validators don't need to persist this data, we can save some disk space (refs Reducing hard drive validator footprint #10357).
• Also record state transition data when the shadow_chunk_validation feature is enabled. I hope this change won't break anything with shadow validation (cc @pugachAG)

[jancionear]

Merged master in hope that it fixes the cargo audit check.

[jancionear]

Merged master in hope that it fixes the cargo audit check.

Didn't help, opened #10876 about the problem.
It looks like the check is failing because the yaml-rust crate is unmaintained. I think we can safely ignore this warning. It's not a vulnerability, just an inactive maintainer.

[jancionear]

@Longarithm are you okay with this change?
It would be nice to get an approval because this change is needed for the next statelessnet release. And AFAIK Shreyan is OOO right now :c

[Longarithm]

Sorry for the delay. I think we need to make protocol version check more strict.

[Longarithm]

PROTOCOL_VERSION is not enough, we need a check with protocol version of next epoch here. If we stabilize this version and some validator picks it up before others, its performance will be worsened because they will have to read all the nodes unlike others. And if protocol version switch is delayed for some reason, validator may miss blocks/chunks because of that.
We need next epoch, not current epoch, because state transitions must be recorded 1 epoch before protocol upgrade. EpochManager has a method for that.

[jancionear]

Hmm I imagined that before switching to stateless validation we would enable this feature (or make it the default), and then all nodes would start recording the data needed for stateless validation. At some point the protocol version would change and the nodes would start using this recorded data, but it's okay to start recording much earlier, without stateless validation the data would just be discarded.
Basically we don't need to start recording at the exact moment when it's needed, we can do it as soon as the updated node starts.

Is it this that much of a performance hit? We have to do it on the epoch before switching to stateless validation, so it has to be performant enough for normal traffic. Anton's shadow_chunk_validation records data and it's able to keep up with the mainnet traffic.

[Longarithm]

Anton's shadow_chunk_validation records data and it's able to keep up with the mainnet traffic.

Oh, that's nice.
I also realised that memtrie should be enabled not later than stateless validation, which will give desired performance. Then looks good!

[Longarithm]

Same as below. If we want to be super precise, we can use current epoch protocol version, because that recorded storage is not saved anythere, it is used immediately on chunk production.

[Longarithm]

Can be computed here, because postprocess_block has me.

[jancionear]

That's true, but Chain also calls ChainUpdate::process_apply_chunk_result, which doesn't have a me argument. This means that should_produce_state_witness_for_this_or_next_epoch would have to be available from both Chain and ChainUpdate. I can't just do everything inside ChainUpdate.

I guess it would be possible to move should_produce_state_witness_for_this_or_next_epoch to EpochManager and use it from both Chain and ChainUpdate, but I'm not convinced if there's any real benefit gained in exchange for this additional work. At this point I'm tempted to just merge it and unblock the statelessnet release.

[Longarithm]

Uhh right. Okay, makes sense, feel free to merge