Dynamic assertions storage performance track (#3032)

tee-worker/app-libs/parentchain-interface/Cargo.toml

@@ -13,7 +13,9 @@ ita-sgx-runtime = { path = "../sgx-runtime", default-features = false }
 ita-stf = { path = "../stf", default-features = false }
 itc-parentchain-indirect-calls-executor = { path = "../../core/parentchain/indirect-calls-executor", default-features = false }
 itp-api-client-types = { path = "../../core-primitives/node-api/api-client-types", default-features = false }
+itp-enclave-metrics = { path = "../../core-primitives/enclave-metrics", default-features = false }
 itp-node-api = { path = "../../core-primitives/node-api", default-features = false }
+itp-ocall-api = { path = "../../core-primitives/ocall-api", default-features = false }
 itp-stf-primitives = { path = "../../core-primitives/stf-primitives", default-features = false }
 itp-types = { path = "../../core-primitives/types", default-features = false }
 

tee-worker/app-libs/parentchain-interface/src/integritee/event_handler.rs

@@ -20,6 +20,8 @@ pub use ita_sgx_runtime::{Balance, Index};
 use ita_stf::{Getter, TrustedCall, TrustedCallSigned};
 use itc_parentchain_indirect_calls_executor::error::Error;
 use itp_api_client_types::StaticEvent;
+use itp_enclave_metrics::EnclaveMetric;
+use itp_ocall_api::EnclaveMetricsOCallApi;
 use itp_stf_primitives::{traits::IndirectExecutor, types::TrustedOperation};
 use itp_types::{
 	parentchain::{
@@ -34,13 +36,20 @@ use litentry_primitives::{Assertion, Identity, ValidationData, Web3Network};
 use log::*;
 use sp_core::{blake2_256, H160};
 use sp_std::vec::Vec;
-use std::{format, string::String, sync::Arc};
+use std::{format, string::String, sync::Arc, time::Instant};
 
-pub struct ParentchainEventHandler {
+pub struct ParentchainEventHandler<MetricsApi>
+where
+	MetricsApi: EnclaveMetricsOCallApi,
+{
 	pub assertion_repository: Arc<EvmAssertionRepository>,
+	pub metrics_api: Arc<MetricsApi>,
 }
 
-impl ParentchainEventHandler {
+impl<MetricsApi> ParentchainEventHandler<MetricsApi>
+where
+	MetricsApi: EnclaveMetricsOCallApi,
+{
 	fn link_identity<Executor: IndirectExecutor<TrustedCallSigned, Error>>(
 		executor: &Executor,
 		account: &AccountId,
@@ -196,17 +205,27 @@ impl ParentchainEventHandler {
 			})?;
 			decrypted_secrets.push(secret);
 		}
+		let start_time = Instant::now();
 		self.assertion_repository
 			.save(id, (byte_code, decrypted_secrets))
 			.map_err(Error::AssertionCreatedHandling)?;
+		let duration = start_time.elapsed();
+		if let Err(e) = self
+			.metrics_api
+			.update_metric(EnclaveMetric::DynamicAssertionSaveTime(duration))
+		{
+			warn!("Failed to update DynamicAssertionSaveTime metric with error: {:?}", e);
+		}
+
 		Ok(())
 	}
 }
 
-impl<Executor> HandleParentchainEvents<Executor, TrustedCallSigned, Error>
-	for ParentchainEventHandler
+impl<Executor, MetricsApi> HandleParentchainEvents<Executor, TrustedCallSigned, Error>
+	for ParentchainEventHandler<MetricsApi>
 where
 	Executor: IndirectExecutor<TrustedCallSigned, Error>,
+	MetricsApi: EnclaveMetricsOCallApi,
 {
 	fn handle_events(
 		&self,

tee-worker/core-primitives/enclave-metrics/src/lib.rs

@@ -49,4 +49,6 @@ pub enum EnclaveMetric {
 	SuccessfullVCIssuance,
 	FailedVCIssuance,
 	ParentchainEventProcessed(String),
+	DynamicAssertionSaveTime(Duration),
+	DynamicAssertionGetTime(Duration),
 }

tee-worker/enclave-runtime/src/initialization/global_components.rs

@@ -177,7 +177,7 @@ pub type IntegriteeParentchainIndirectCallsExecutor = IndirectCallsExecutor<
 	EnclaveTopPoolAuthor,
 	EnclaveNodeMetadataRepository,
 	EventCreator<integritee::FilterableEvents>,
-	integritee::ParentchainEventHandler,
+	integritee::ParentchainEventHandler<EnclaveOCallApi>,
 	EnclaveTrustedCallSigned,
 	EnclaveGetter,
 >;

tee-worker/enclave-runtime/src/initialization/parentchain/common.rs

@@ -70,8 +70,10 @@ pub(crate) fn create_integritee_parentchain_block_importer(
 	let ocall_api = GLOBAL_OCALL_API_COMPONENT.get()?;
 	let repository = GLOBAL_ASSERTION_REPOSITORY.get()?;
 
-	let parentchain_event_handler =
-		LitentryParentchainEventHandler { assertion_repository: repository };
+	let parentchain_event_handler = LitentryParentchainEventHandler {
+		assertion_repository: repository,
+		metrics_api: ocall_api.clone(),
+	};
 
 	let stf_enclave_signer = Arc::new(EnclaveStfEnclaveSigner::new(
 		state_observer,

tee-worker/litentry/core/assertion-build/Cargo.toml

@@ -58,6 +58,7 @@ env_logger = "0.10.0"
 lc-mock-server = { path = "../mock-server" }
 litentry-hex-utils = { path = "../../../../primitives/hex" }
 ethabi = { version = "18.0.0", default-features = false }
+itp-test = { path = "../../../core-primitives/test", default-features = false }
 
 [features]
 default = ["std"]
@@ -97,4 +98,5 @@ std = [
     "lc-dynamic-assertion/std",
     "lc-evm-dynamic-assertions/std",
 ]
+test = ["itp-test/sgx"]
 development = []

tee-worker/litentry/core/assertion-build/src/dynamic/mod.rs

@@ -15,6 +15,7 @@
 // along with Litentry.  If not, see <https://www.gnu.org/licenses/>.
 
 use crate::{dynamic::repository::SmartContractByteCode, *};
+use itp_ocall_api::EnclaveMetricsOCallApi;
 use itp_types::Assertion;
 use lc_credentials::{assertion_logic::AssertionLogic, Credential, IssuerRuntimeVersion};
 use lc_dynamic_assertion::{AssertionExecutor, AssertionLogicRepository};
@@ -27,12 +28,14 @@ pub mod repository;
 
 pub fn build<
 	SC: AssertionLogicRepository<Id = H160, Item = (SmartContractByteCode, Vec<String>)>,
+	MetricsApi: EnclaveMetricsOCallApi,
 >(
 	req: &AssertionBuildRequest,
 	params: DynamicParams,
 	repository: Arc<SC>,
+	metrics_api: Arc<MetricsApi>,
 ) -> Result<(Credential, Vec<String>)> {
-	let executor = EvmAssertionExecutor { assertion_repository: repository };
+	let executor = EvmAssertionExecutor { assertion_repository: repository, metrics_api };
 	let execution_params = params.clone();
 	let result = executor
 		.execute(
@@ -85,6 +88,7 @@ pub fn build<
 #[cfg(test)]
 pub mod assertion_test {
 	use crate::dynamic::{build, repository::InMemorySmartContractRepo};
+	use itp_test::mock::metrics_ocall_mock::MetricsOCallMock;
 	use itp_types::Assertion;
 	use lc_mock_server::run;
 	use lc_stf_task_sender::AssertionBuildRequest;
@@ -93,6 +97,7 @@ pub mod assertion_test {
 		DynamicContractParams, DynamicParams, Identity, IdentityString, Web3Network,
 	};
 	use sp_core::{crypto::AccountId32, H160};
+	use std::sync::Arc;
 
 	#[test]
 	pub fn test_a20_true() {
@@ -131,9 +136,11 @@ pub mod assertion_test {
 		};
 
 		let repository = InMemorySmartContractRepo::new();
+		let metrics_api = Arc::new(MetricsOCallMock::default());
 
 		// when
-		let (credential, vc_logs) = build(&request, dynamic_params, repository.into()).unwrap();
+		let (credential, vc_logs) =
+			build(&request, dynamic_params, repository.into(), metrics_api).unwrap();
 
 		for log in &vc_logs {
 			println!("{}", log);
@@ -174,9 +181,11 @@ pub mod assertion_test {
 		};
 
 		let repository = InMemorySmartContractRepo::new();
+		let metrics_api = Arc::new(MetricsOCallMock::default());
 
 		// when
-		let (credential, _) = build(&request, dynamic_params, repository.into()).unwrap();
+		let (credential, _) =
+			build(&request, dynamic_params, repository.into(), metrics_api).unwrap();
 
 		println!("Credential is: {:?}", credential);
 
@@ -215,9 +224,11 @@ pub mod assertion_test {
 		};
 
 		let repository = InMemorySmartContractRepo::new();
+		let metrics_api = Arc::new(MetricsOCallMock::default());
 
 		// when
-		let (credential, _) = build(&request, dynamic_params, repository.into()).unwrap();
+		let (credential, _) =
+			build(&request, dynamic_params, repository.into(), metrics_api).unwrap();
 
 		println!("Credential is: {:?}", credential);
 
@@ -253,9 +264,11 @@ pub mod assertion_test {
 		};
 
 		let repository = InMemorySmartContractRepo::new();
+		let metrics_api = Arc::new(MetricsOCallMock::default());
 
 		// when
-		let (credential, _) = build(&request, dynamic_params, repository.into()).unwrap();
+		let (credential, _) =
+			build(&request, dynamic_params, repository.into(), metrics_api).unwrap();
 
 		// then
 		assert!(!credential.credential_subject.values[0]);
@@ -304,9 +317,11 @@ pub mod assertion_test {
 		};
 
 		let repository = InMemorySmartContractRepo::new();
+		let metrics_api = Arc::new(MetricsOCallMock::default());
 
 		// when
-		let (credential, _) = build(&request, dynamic_params, repository.into()).unwrap();
+		let (credential, _) =
+			build(&request, dynamic_params, repository.into(), metrics_api).unwrap();
 
 		println!("Credential is: {:?}", credential);
 

tee-worker/litentry/core/evm-dynamic-assertions/Cargo.toml

@@ -33,6 +33,8 @@ serde_json = { version = "1.0", default-features = false, features = ["alloc"] }
 
 # local
 itc-rest-client = { path = "../../../core/rest-client", default-features = false }
+itp-enclave-metrics = { path = "../../../core-primitives/enclave-metrics", default-features = false }
+itp-ocall-api = { path = "../../../core-primitives/ocall-api", default-features = false }
 itp-settings = { path = "../../../core-primitives/settings" }
 itp-sgx-io = { path = "../../../core-primitives/sgx/io", default-features = false }
 lc-dynamic-assertion = { path = "../dynamic-assertion", default-features = false }

tee-worker/litentry/core/evm-dynamic-assertions/src/lib.rs

@@ -44,6 +44,8 @@ use evm::{
 	executor::stack::{MemoryStackState, StackExecutor, StackSubstateMetadata},
 	Config, ExitReason,
 };
+use itp_enclave_metrics::EnclaveMetric;
+use itp_ocall_api::EnclaveMetricsOCallApi;
 use lc_dynamic_assertion::{
 	AssertionExecutor, AssertionLogicRepository, AssertionResult, Identity, IdentityNetworkTuple,
 	Web3Network,
@@ -52,6 +54,7 @@ use std::{
 	collections::BTreeMap,
 	string::{String, ToString},
 	sync::Arc,
+	time::Instant,
 	vec,
 	vec::Vec,
 };
@@ -70,8 +73,9 @@ pub type AssertionParams = Vec<u8>;
 pub type SmartContractByteCode = Vec<u8>;
 pub type AssertionRepositoryItem = (SmartContractByteCode, Vec<String>);
 
-pub struct EvmAssertionExecutor<A: AssertionLogicRepository> {
+pub struct EvmAssertionExecutor<A: AssertionLogicRepository, MetricsApi: EnclaveMetricsOCallApi> {
 	pub assertion_repository: Arc<A>,
+	pub metrics_api: Arc<MetricsApi>,
 }
 
 pub fn execute_smart_contract(
@@ -103,20 +107,31 @@ pub fn execute_smart_contract(
 	(reason, data, precompiles.contract_logs.take())
 }
 
-impl<A: AssertionLogicRepository<Id = H160, Item = AssertionRepositoryItem>>
-	AssertionExecutor<AssertionId, AssertionParams> for EvmAssertionExecutor<A>
+impl<A, MetricsApi> AssertionExecutor<AssertionId, AssertionParams>
+	for EvmAssertionExecutor<A, MetricsApi>
+where
+	A: AssertionLogicRepository<Id = H160, Item = AssertionRepositoryItem>,
+	MetricsApi: EnclaveMetricsOCallApi,
 {
 	fn execute(
 		&self,
 		assertion_id: A::Id,
 		assertion_params: AssertionParams,
 		identities: &[IdentityNetworkTuple],
 	) -> Result<AssertionResult, String> {
+		let start_time = Instant::now();
 		let (smart_contract_byte_code, secrets) = self
 			.assertion_repository
 			.get(&assertion_id)
 			.map_err(|_| "Could not access assertion repository")?
 			.ok_or("Assertion not found")?;
+		let duration = start_time.elapsed();
+		if let Err(e) =
+			self.metrics_api.update_metric(EnclaveMetric::DynamicAssertionGetTime(duration))
+		{
+			log::warn!("Failed to update DynamicAssertionGetTime metric with error: {:?}", e);
+		}
+
 		let input = prepare_execute_call_input(identities, secrets, assertion_params)
 			.map_err(|_| "Could not prepare evm execution input")?;
 

tee-worker/litentry/core/stf-task/receiver/src/handler/assertion.rs

@@ -16,7 +16,10 @@
 
 #![allow(clippy::result_large_err)]
 
-use crate::{handler::TaskHandler, EnclaveOnChainOCallApi, StfTaskContext, TrustedCall, H256};
+use crate::{
+	handler::TaskHandler, EnclaveMetricsOCallApi, EnclaveOnChainOCallApi, StfTaskContext,
+	TrustedCall, H256,
+};
 use ita_sgx_runtime::Hash;
 use ita_stf::{Getter, TrustedCallSigned};
 use itp_sgx_crypto::{key_repository::AccessKey, ShieldingCryptoEncrypt};
@@ -50,7 +53,7 @@ pub(crate) struct AssertionHandler<
 	A: AuthorApi<Hash, Hash, TrustedCallSigned, Getter>,
 	S: StfEnclaveSigning<TrustedCallSigned>,
 	H: HandleState,
-	O: EnclaveOnChainOCallApi,
+	O: EnclaveOnChainOCallApi + EnclaveMetricsOCallApi,
 	AR: AssertionLogicRepository<Id = H160, Item = AssertionRepositoryItem>,
 > where
 	ShieldingKeyRepository: AccessKey,
@@ -69,7 +72,7 @@ where
 	S: StfEnclaveSigning<TrustedCallSigned>,
 	H: HandleState,
 	H::StateT: SgxExternalitiesTrait,
-	O: EnclaveOnChainOCallApi,
+	O: EnclaveOnChainOCallApi + EnclaveMetricsOCallApi,
 	AR: AssertionLogicRepository<Id = H160, Item = AssertionRepositoryItem>,
 {
 	type Error = VCMPError;
@@ -144,7 +147,7 @@ pub fn create_credential_str<
 	A: AuthorApi<Hash, Hash, TrustedCallSigned, Getter>,
 	S: StfEnclaveSigning<TrustedCallSigned>,
 	H: HandleState,
-	O: EnclaveOnChainOCallApi,
+	O: EnclaveOnChainOCallApi + EnclaveMetricsOCallApi,
 	AR: AssertionLogicRepository<Id = H160, Item = AssertionRepositoryItem>,
 >(
 	req: &AssertionBuildRequest,
@@ -289,6 +292,7 @@ where
 				req,
 				params,
 				context.assertion_repository.clone(),
+				context.ocall_api.clone(),
 			)?;
 			vc_logs = Some(result.1);
 			Ok(result.0)