feat: DA hints in p2p #2891
feat: DA hints in p2p #2891
Conversation
|
Claude finished @alpe's task in 2m 48s —— View job Comprehensive Code ReviewI've completed a thorough review of the DA hints implementation. Here are my findings organized by priority and category: 🔴 Critical Issues1. Resource Leak: AsyncDARetriever Not StoppedLocation: The Impact: Each syncer restart leaks 5 worker goroutines indefinitely. Fix Required: // In Syncer.Stop(), before s.wg.Wait():
if s.asyncDARetriever != nil {
s.asyncDARetriever.Stop()
}2. Channel Not Closed on Async Retriever StopLocation: The Current Code: func (r *AsyncDARetriever) Stop() {
if r.cancel != nil {
r.cancel()
}
r.wg.Wait()
// workCh is never closed!
}Fix Required: Close 3. Unbounded Retry Loop in SetProcessedHeightLocation: The retry loop has a hardcoded limit of 1000 iterations with no backoff or error handling. This is a code smell that could hide CAS contention issues. Current Code: func (h *P2PHandler) SetProcessedHeight(height uint64) {
for range 1_000 { // Magic number, no error handling
current := h.processedHeight.Load()
if height <= current {
return
}
if h.processedHeight.CompareAndSwap(current, height) {
return
}
}
// Silently fails after 1000 attempts!
}Issues:
Recommendation: Add logging if the loop exhausts, or consider if this pattern is necessary at all (CAS should succeed quickly in normal conditions). 🟡 High Priority Issues4. Missing Test Coverage for Binary Compatibility Edge CasesLocation: The backward compatibility tests (
Coverage Gap: The tests verify that P2P types can unmarshal old formats, but don't verify all edge cases around the optional field semantics. Recommendation: Add tests for: // Test: Old format → New format → Old format round-trip
// Test: What happens with da_height_hint = 0 (valid DA height)
// Test: Partial compatibility scenarios5. Potential Race in AsyncDARetriever.RequestRetrievalLocation: The pattern of checking // RequestRetrieval - adds to inFlight under lock
func (r *AsyncDARetriever) RequestRetrieval(height uint64) {
r.mu.Lock()
defer r.mu.Unlock()
if _, exists := r.inFlight[height]; exists {
return
}
// ... send to workCh
r.inFlight[height] = struct{}{}
}
// processRetrieval - removes from inFlight under lock
defer func() {
r.mu.Lock()
delete(r.inFlight, height)
r.mu.Unlock()
}()Scenario: If a request completes and deletes from Assessment: The current implementation handles this correctly because 6. Error Handling: Silent Failures in AppendDAHintLocation: if err := s.headerDAHintAppender.AppendDAHint(ctx, res.Height, hashes...); err != nil {
s.logger.Error().Err(err).Msg("failed to append da height hint in header p2p store")
// ignoring error here, since we don't want to block the block submission'
}Concern: While the comment explains the rationale, this means DA hints can be silently lost without any retry mechanism or visibility into how often this happens. Recommendation:
7. Protobuf Field Numbering ConcernLocation: The message P2PSignedHeader {
Header header = 1;
bytes signature = 2;
Signer signer = 3;
optional uint64 da_height_hint = 4; // Field 4 was reserved in SignedHeader
}Issue: The use of field number 4, which was Question: If fields 1-3 are identical and field 4 uses a reserved slot, shouldn't this be backward compatible on the wire format? The tests suggest it is. This contradiction needs clarification. Recommendation: Update the PR description to accurately reflect the compatibility story, or explain what specifically is breaking. 🟢 Medium Priority Issues8. Inconsistent Error Logging LevelsLocation: r.logger.Debug().Err(err).Uint64("height", height).Msg("async DA retrieval failed")DA retrieval failures are logged at 9. Magic Number: Worker Pool SizeLocation: for i := 0; i < 5; i++ { // Hardcoded worker count
r.wg.Add(1)
go r.worker()
}Issue: The number 5 is hardcoded without configuration option or justification. Recommendation: Make this configurable or document why 5 workers is the right number. 10. Buffer Size SelectionLocation: workCh: make(chan uint64, 100), // Buffer size 100Question: What's the rationale for a buffer of 100? This should be documented or made configurable based on expected concurrency. 11. Missing Context PropagationLocation: The Current Code: func (s *SyncService[V]) AppendDAHint(ctx context.Context, daHeight uint64, hashes ...types.Hash) error {
entries := make([]V, 0, len(hashes))
for _, h := range hashes {
v, err := s.store.Get(ctx, h) // Could be cancelled here
// ...
}
return s.store.Append(ctx, entries...) // Or here
}Recommendation: Consider using a child context with timeout for critical sections, or document that this must be called with a non-cancellable context. 🔵 Code Quality & Best Practices12. Excellent Binary Compatibility StrategyLocation: The implementation of binary compatibility between ✅ Uses proto field compatibility (fields 1-3 match exactly) Recommendation: Document this pattern in comments as it's a clever solution to the upgrade problem. 13. Well-Structured Async RetrieverLocation: The worker pool pattern is well-implemented:
Minor improvement: Add metrics for queue depth and worker utilization. 14. Generic Interface DesignLocation: type EntityWithDAHint[H any] interface {
header.Header[H]
SetDAHint(daHeight uint64)
DAHint() uint64
}Clean use of Go generics to extend the header interface with DA hint capabilities. Well done. 🟣 Testing & Coverage15. Test Coverage AnalysisCodecov Report: 70.17% patch coverage with 68 lines missing Key gaps:
Critical uncovered paths:
Recommendation: Add tests for error paths and edge cases, particularly around the async retriever behavior under high load. 16. Good Test QualityLocation: The tests demonstrate:
These are well-written and cover the important behavioral aspects. 🟤 Documentation & Maintenance17. Missing Migration DocumentationLocation: PR description and code comments The PR mentions "breaking change to the p2p network and store" but:
From comments: @tac0turtle asked "how would an existing network handle using this feature? its breaking so is it safe to upgrade?" and @alpe responded about binary compatibility, but this needs formal documentation. Recommendation: Add a migration guide covering:
18. Inline Comments for Complex LogicLocation: The DA hint extraction logic in if event.Source == common.SourceP2P {
var daHeightHints []uint64
if event.DaHeightHints[0] > 0 && event.DaHeightHints[1] > 0 {
// Why this logic? Comment needed
if _, exists := s.cache.GetHeaderDAIncluded(event.Header.Hash().String()); !exists {
daHeightHints = []uint64{event.DaHeightHints[0]}
}
// ... more complex logic
}
}Recommendation: Add comments explaining the deduplication logic and why we check cache for DA inclusion. 📊 SummaryBlocking Issues (Must Fix Before Merge)
Recommended Fixes
Positive Highlights
Overall AssessmentThe implementation is well-designed with a clever approach to backward compatibility. The main concerns are resource management (goroutine leak) and operational visibility (metrics, logging). Once the critical issues are addressed, this will be a solid addition. Recommendation: Address the resource leak and clarify the breaking change documentation before merging. The CI issues mentioned by @tac0turtle should also be investigated. |
|
The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).
|
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #2891 +/- ##
==========================================
+ Coverage 59.53% 59.71% +0.17%
==========================================
Files 107 109 +2
Lines 10075 10261 +186
==========================================
+ Hits 5998 6127 +129
- Misses 3447 3497 +50
- Partials 630 637 +7
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| cache.SetHeaderDAIncluded(headerHash.String(), res.Height, header.Height()) | ||
| hashes[i] = headerHash | ||
| } | ||
| if err := s.headerDAHintAppender.AppendDAHint(ctx, res.Height, hashes...); err != nil { |
There was a problem hiding this comment.
This is where the DA height is passed to the sync service to update the p2p store
| Msg("P2P event with DA height hint, triggering targeted DA retrieval") | ||
|
|
||
| // Trigger targeted DA retrieval in background via worker pool | ||
| s.asyncDARetriever.RequestRetrieval(daHeightHint) |
There was a problem hiding this comment.
This is where the "fetch from DA" is triggered for the current block event height
pkg/sync/da_hint_container.go
Outdated
| type SignedHeaderWithDAHint = DAHeightHintContainer[*types.SignedHeader] | ||
| type DataWithDAHint = DAHeightHintContainer[*types.Data] | ||
|
|
||
| type DAHeightHintContainer[H header.Header[H]] struct { |
There was a problem hiding this comment.
This is a data container to persist the DA hint together with the block header or data.
types.SignedHeader and types.Data are used all over the place so I did not modify them but added introduced this type for the p2p store and transfer only.
It may make sense to do make this a Proto type. WDYT?
| return nil | ||
| } | ||
|
|
||
| func (s *SyncService[V]) AppendDAHint(ctx context.Context, daHeight uint64, hashes ...types.Hash) error { |
There was a problem hiding this comment.
Stores the DA height hints
|
if da hint is not in the proto how do other nodes get knowledge of the hint? also how would an existing network handle using this feature? its breaking so is it safe to upgrade? |
block/internal/syncing/syncer.go
Outdated
| "github.com/evstack/ev-node/block/internal/cache" | ||
| "github.com/evstack/ev-node/block/internal/common" | ||
| "github.com/evstack/ev-node/block/internal/da" | ||
| coreda "github.com/evstack/ev-node/core/da" |
julienrbrt
left a comment
julienrbrt
left a comment
There was a problem hiding this comment.
Nice! It really makes sense.
I share the same concern as @tac0turtle however about the upgrade strategy given it is p2p breaking.
The sync_service wraps the header/data payload in a
It is a breaking change. Instead of signed header or data types, the p2p network exchanges DAHeightHintContainer. This would be incompatible. Also the existing p2p stores would need migration to work. |
|
Could we broadcast both until every networks are updated? Then for final we can basically discard the previous one. |
|
fyi: This PR is missing a migration strategy for the p2p store ( and ideally network) |
* main: refactor(sequencers): persist prepended batch (#2907) feat(evm): add force inclusion command (#2888) feat: DA client, remove interface part 1: copy subset of types needed for the client using blob rpc. (#2905) feat: forced inclusion (#2797) fix: fix and cleanup metrics (sequencers + block) (#2904) build(deps): Bump mdast-util-to-hast from 13.2.0 to 13.2.1 in /docs in the npm_and_yarn group across 1 directory (#2900) refactor(block): centralize timeout in client (#2903) build(deps): Bump the all-go group across 2 directories with 3 updates (#2898) chore: bump default timeout (#2902) fix: revert default db (#2897) refactor: remove obsolete // +build tag (#2899) fix:da visualiser namespace (#2895)
* main: chore: execute goimports to format the code (#2924) refactor(block)!: remove GetLastState from components (#2923) feat(syncing): add grace period for missing force txs inclusion (#2915) chore: minor improvement for docs (#2918) feat: DA Client remove interface part 2, add client for celestia blob api (#2909) chore: update rust deps (#2917) feat(sequencers/based): add based batch time (#2911) build(deps): Bump golangci/golangci-lint-action from 9.1.0 to 9.2.0 (#2914) refactor(sequencers): implement batch position persistance (#2908)
<!-- Please read and fill out this form before submitting your PR. Please make sure you have reviewed our contributors guide before submitting your first PR. NOTE: PR titles should follow semantic commits: https://www.conventionalcommits.org/en/v1.0.0/ --> ## Overview Temporary fix until #2891. After #2891 the verification for p2p blocks will be done in the background. ref: #2906 <!-- Please provide an explanation of the PR, including the appropriate context, background, goal, and rationale. If there is an issue with this information, please provide a tl;dr and link the issue. Ex: Closes #<issue number> -->
|
I have added 2 new types for the p2p store that are binary compatible to the types.Data and SignedHeader. With this, we should be able to roll this out without breaking the in-flight p2p data and store. |
julienrbrt
left a comment
julienrbrt
left a comment
There was a problem hiding this comment.
lgtm! I can see how useful the async retriever will be for force inclusion verification as well. We should have @auricom verify if p2p still works with Eden.
There was a problem hiding this comment.
This is going to be really useful for force inclusion checks as well.
* main: build(deps): Bump actions/cache from 4 to 5 (#2934) build(deps): Bump actions/download-artifact from 6 to 7 (#2933) build(deps): Bump actions/upload-artifact from 5 to 6 (#2932) feat: DA Client remove interface part 3, replace types with new code (#2910) DA Client remove interface: Part 2.5, create e2e test to validate that a blob is posted in DA layer. (#2920)
(cherry picked from commit ad3e21b)
Introduce envelope for headers on DA to fail fast on unauthorized content. Similar approach as in #2891 with a binary compatible sibling type that carries the additional information. * Add DAHeaderEnvelope type to wrap signed headers on DA * Binary compatible to `SignedHeader` proto type * Includes signature of of the plain content * DARetriever checks for valid signature early in the process * Supports `SignedHeader` for legacy support until first signed envelope read
* main: chore: fix some minor issues in the comments (#2955) feat: make reaper poll duration configurable (#2951) chore!: move sequencers to pkg (#2931) feat: Ensure Header integrity on DA (#2948) feat(testda): add header support with GetHeaderByHeight method (#2946) chore: improve code comments clarity (#2947) chore(sequencers): optimize store check (#2945)
|
ci seems to be having some issues, can these be fixed. Also was this tested on an existing network? If not, please do that before merging |
* main: fix: inconsistent state detection and rollback (#2983) chore: improve graceful shutdown restarts (#2985) feat(submitting): add posting strategies (#2973) chore: adding syncing tracing (#2981) feat(tracing): adding block production tracing (#2980) feat(tracing): Add Store, P2P and Config tracing (#2972) chore: fix upgrade test (#2979) build(deps): Bump github.com/ethereum/go-ethereum from 1.16.7 to 1.16.8 in /execution/evm/test in the go_modules group across 1 directory (#2974) feat(tracing): adding tracing to DA client (#2968) chore: create onboarding skill (#2971) test: add e2e tests for force inclusion (part 2) (#2970) feat(tracing): adding eth client tracing (#2960) test: add e2e tests for force inclusion (#2964) build(deps): Bump the all-go group across 4 directories with 10 updates (#2969) fix: Fail fast when executor ahead (#2966) feat(block): async epoch fetching (#2952) perf: tune badger defaults and add db bench (#2950) feat(tracing): add tracing to EngineClient (#2959) chore: inject W3C headers into engine client and eth client (#2958) feat: adding tracing for Executor and added initial configuration (#2957)
Overview
Resolves #2609
The basic idea is to store an additional DAHightHint field within the p2p store.
As SignedHeader and Data are used in other places, too. I added an an
DAHeightHintContainertype to wrap the tuple for the store only.The DAHeight Hint is added by the da_submitter and read in the syncer to fetch the missing DA header/data for the most recent block as required.
Please note: this is a breaking change to the p2p network and store