Engine API: extend semantics of executePayload and forkchoiceUpdated methods
#165
Conversation
src/engine/specification.md
Outdated
|
|
||
| 3. Client software **MUST** return `{status: SYNCING, latestValidHash: null}` if the sync process is already in progress or if requisite data for payload validation is missing. In the event that requisite data to validate the payload is missing (e.g. does not have payload identified by `parentHash`), the client software **SHOULD** initiate the sync process. | ||
| 1. Client software **SHOULD** validate the payload if requisite data for payload validation is locally available. The validation process is specified in the [Payload validation process](#payload-validation-process) section. Additionally: |
There was a problem hiding this comment.
From acd today: this should be made stricter, to not make it implementation-dependent so that clients all lazily choose not to validate any newPayloads at all
There was a problem hiding this comment.
Yeah, I think it's more like the following:
MUST validate the payload if extending the canonical head, and MAY validate if on a non-canonical branch
There was a problem hiding this comment.
Awesome! I have a few questions/clarifications in there. Let's get to those first.
Beyond that, I have some ideas about how to clean up or further modularize.
If any speak to you, please go ahead and do it.
If my suggestions aren't clear, I might take a stab at a cleanup PR after we address my core questions/clarifications about the core of the content
src/engine/specification.md
Outdated
|
|
||
| 3. Client software **MUST** return `{status: SYNCING, latestValidHash: null}` if the sync process is already in progress or if requisite data for payload validation is missing. In the event that requisite data to validate the payload is missing (e.g. does not have payload identified by `parentHash`), the client software **SHOULD** initiate the sync process. | ||
| 1. Client software **SHOULD** validate the payload if requisite data for payload validation is locally available. The validation process is specified in the [Payload validation process](#payload-validation-process) section. Additionally: |
There was a problem hiding this comment.
Yeah, I think it's more like the following:
MUST validate the payload if extending the canonical head, and MAY validate if on a non-canonical branch
src/engine/specification.md
Outdated
|
|
||
| 2. All updates to the forkchoice state resulting from this call **MUST** be made atomically. | ||
| 1. Client software **MAY** skip an update of the forkchoice state and **MAY NOT** begin a payload build process if the payload identified by `forkchoiceState.headBlockHash` hasn't been validated yet. Additionally: |
There was a problem hiding this comment.
If you follow the above suggestion to insert SYNCING logic into payloadValidation, then you need to update this statement to say:
if the payload identified by
forkchoiceState.headBlockHashknown but has not been validated yet
src/engine/specification.md
Outdated
|
|
||
| 1. Client software **MAY** skip an update of the forkchoice state and **MAY NOT** begin a payload build process if the payload identified by `forkchoiceState.headBlockHash` hasn't been validated yet. Additionally: | ||
| * Client software **MUST** return `{status: ACCEPTED, latestValidHash: null, validationError: null, payloadId: null}` in this case. | ||
| 1. Client software **MAY** skip an update of the forkchoice state and **MUST NOT** begin a payload build process if `forkchoiceState.headBlockHash` references an ancestor of the head of the canonical chain. |
There was a problem hiding this comment.
Should this be any non-leaf value? -- That is you MAY skip it if it isn't a leaf of the block tree
Otherwise you can abuse the rewind (turn this MAY into a MUST) by fcu to a non-canonical branch and then fcu to a non-leaf block in what was previously the canonical chain
src/engine/specification.md
Outdated
| * Client software **SHOULD** build the initial version of the payload which has an empty transaction set. | ||
| * Client software **SHOULD** start the process of updating the payload. The strategy of this process is implementation dependent. The default strategy is to keep the transaction set up-to-date with the state of local mempool. | ||
| * Client software **SHOULD** stop the updating process when either a call to `engine_getPayload` with the build process's `payloadId` is made or [`SECONDS_PER_SLOT`](https://github.com/ethereum/consensus-specs/blob/dev/specs/phase0/beacon-chain.md#time-parameters-1) (12s in the Mainnet configuration) have passed since the point in time identified by the `timestamp` parameter. | ||
| 1. If any of the above fails due to errors unrelated to the normal processing flow of the method, the client software **MUST** return an error. |
There was a problem hiding this comment.
So errors in the payload assembling process are returned as JSON_RPC errors directly?
There was a problem hiding this comment.
Not sure I understand your question correctly. But if an exception occurred during initiating a payload build process then the call of this method must be responded with error.
Generally, this point states that in the case when e.g. a payload is INVALID according to EE rules an INVALID status must be in the response, but if exception happened during the validation then the call must be responded with error, not an INVALID status.
There was a problem hiding this comment.
What should EL return if we receive the wrong timestamp in payload attributes? Because I think INVALID is connected to headBlockHash, not payload attributes. By the wrong timestamp, I mean headBlockHash.Timestamp >= payloadAttributes.Timestamp
There was a problem hiding this comment.
It would mean that CL is faulty, EL may respond with error in this case. There is -32602: Invalid params error that fits well into this case
The following changes to
executePayloadandforkchoiceUpdatedmethods are proposed:executePayload, and renames this method tonewPayloadto make the name soundforkchoiceUpdatedbefore updating the forkchoice stateforkchoiceUpdatedreferences a historical block from the canonical chain that has been validating a while ago, i.e. forkchoice state may never go backwards if an update to the same chain is requestedACCEPTEDstatus. It may be sent in the response in the following cases:forkchoiceUpdatedto make set the head to the payload that does exist and can be validated (parent block and state are available locally), but validation is not yet done and client software implementation doesn't induce validation process onforkchoiceUpdated. Probably, in this case it is better for EL client software to respond withIGNOREDto better reflect the semantics of this responseSYNCINGifnewPayloadsends a child of the head of the canonical chain when the software is catching up with the head of a side fork, it prevents node to turn optimistic (as per optimistic sync spec) for no reasonblockHashcheck as the first step ofnewPayloadprocessing flow; this validation must run disregarding the state of EL client, whether it's syncing or notAdditionally:
A separate
EXECUTING/VALIDATINGstatus has been previously considered to denote the state of EL client software in which it executes multiple blocks in a row in order to obtain the parent state to be able to validate a payload. But this operation has been kept underSYNCINGstatus with the reflection in the Sync process description. Distinguishing these two different states is not that useful from the CL client software perspective as both doesn't give an understanding of how much time the operation will take to inform the CL behaviour.