Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

updating verify proof range to handle empty proof keys #1901

Merged
merged 32 commits into from
Jun 28, 2024

Conversation

rianhughes
Copy link
Contributor

@rianhughes rianhughes commented Jun 7, 2024

This PR implements VerifyRangeProof.

It builds on an old PR (1873) which didn't handle empty proof keys, hence the name of this PR.

closes #1895
replaces / closes: #1873

Copy link

codecov bot commented Jun 7, 2024

Codecov Report

Attention: Patch coverage is 71.50538% with 106 lines in your changes missing coverage. Please review.

Project coverage is 75.51%. Comparing base (ad21b2e) to head (f3b20cd).

Files Patch % Lines
core/trie/proof.go 67.35% 31 Missing and 32 partials ⚠️
core/trie/trie.go 77.85% 16 Missing and 15 partials ⚠️
core/trie/node.go 69.23% 7 Missing and 5 partials ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #1901      +/-   ##
==========================================
- Coverage   75.72%   75.51%   -0.21%     
==========================================
  Files          97       97              
  Lines        8337     8651     +314     
==========================================
+ Hits         6313     6533     +220     
- Misses       1487     1534      +47     
- Partials      537      584      +47     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@rianhughes rianhughes changed the base branch from main to rianhughes/proof-range June 7, 2024 17:04
@rianhughes rianhughes changed the base branch from rianhughes/proof-range to main June 7, 2024 17:05
@rianhughes rianhughes marked this pull request as ready for review June 12, 2024 07:57
@rianhughes rianhughes mentioned this pull request Jun 12, 2024
@rianhughes rianhughes force-pushed the rianhughes/proof-range-test branch 2 times, most recently from db9bf2c to 66e7d38 Compare June 12, 2024 08:25
@rianhughes rianhughes force-pushed the rianhughes/proof-range-test branch from 0bbda08 to 21f9453 Compare June 12, 2024 08:27
@rianhughes rianhughes marked this pull request as draft June 12, 2024 08:40
@rianhughes rianhughes marked this pull request as ready for review June 12, 2024 09:16
@rianhughes rianhughes requested a review from kirugan June 12, 2024 09:17
core/trie/proof.go Outdated Show resolved Hide resolved
core/trie/proof.go Outdated Show resolved Hide resolved
@rianhughes rianhughes requested a review from pnowosie June 12, 2024 13:01
@rianhughes rianhughes requested a review from asdacap June 14, 2024 11:18
@rianhughes
Copy link
Contributor Author

@asdacap, @pnowosie in geth, the VerifyRangeProof executes the verification logic, but also logic to determine if there are more leaves to the right (see here). Imo it would be neater to separate these out into two different functions, hence why I didn't insert it in this implementation of VerifyRangeProof. What are your thoughts?

@asdacap
Copy link
Contributor

asdacap commented Jun 27, 2024

You can separate them internally if you want. But at high level, I think its easier to combine them, otherwise, need to pass the keys of proof explicitly, which is implementation details IMO.

Due security reasons, we had to stop using the dispatch token and
start using the GitHub App in order to trigger the deployment in
argo.  Because argo is a private repository, we can't trigger from
a public one (juno), so then we start to change the approach to first
push the docker images to jFrog Artifactory, then argo will be notified
that a new image was pushed, then it will trigger the deployment

Extra Tasks:
- Run YAML formatter on build-and-deploy workflow:
Having a well formated file makes it easier to read and for people
to contribute

- Remove unnecessary IMAGE_TAG from build-and-deploy.yml:
Instead of using both env.DOCKER_IMAGE_TAG and output.IMAGE_TAG, only
use one of them.

- Improve readability of stages in build-and-deploy.yml:
Rename stages to make it easier to understand what's going on.
For example from 'deploy_to_dev' to 'validate_dev' in order to
include that some tests will be run on the environment

- Set common env var in the root of the file:
Some of the env vars are being used in multiple stages,
so instead of having to hard-code some small differences
in multiple places, bring it all back to a root level
where it's easier to see what changes for what environment.
Copy link
Contributor

@pnowosie pnowosie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Great

@rianhughes rianhughes merged commit 3d9d038 into main Jun 28, 2024
10 checks passed
@rianhughes rianhughes deleted the rianhughes/proof-range-test branch June 28, 2024 13:35
kirugan added a commit that referenced this pull request Jul 23, 2024
Remove unused imports, added versioned constants for 0.13.1.1 to rust constants

Add concurrency_mode parameter to VM methods

Fix calls in tests, add StateMaps -> StateDiff conversion

debugging issue

Replace dispatch token witn app one in pipelines (#1916)

Remove ForceFetchingTracesForBlocks feature (#1910)

l1: avoid spam calling L1 RPC subscription (#1918)

* Add retry logic for retrieving L1 finalised height

* Sanitize eth_getBlockByNumber unmarshal method

* l1: add EthSubscriber test

Start using Artifactory for CI/CD in favour of Docker Registry (#1917)

Due security reasons, we had to stop using the dispatch token and
start using the GitHub App in order to trigger the deployment in
argo.  Because argo is a private repository, we can't trigger from
a public one (juno), so then we start to change the approach to first
push the docker images to jFrog Artifactory, then argo will be notified
that a new image was pushed, then it will trigger the deployment

Extra Tasks:
- Run YAML formatter on build-and-deploy workflow:
Having a well formated file makes it easier to read and for people
to contribute

- Remove unnecessary IMAGE_TAG from build-and-deploy.yml:
Instead of using both env.DOCKER_IMAGE_TAG and output.IMAGE_TAG, only
use one of them.

- Improve readability of stages in build-and-deploy.yml:
Rename stages to make it easier to understand what's going on.
For example from 'deploy_to_dev' to 'validate_dev' in order to
include that some tests will be run on the environment

- Set common env var in the root of the file:
Some of the env vars are being used in multiple stages,
so instead of having to hard-code some small differences
in multiple places, bring it all back to a root level
where it's easier to see what changes for what environment.

updating verify proof range to handle empty proof keys (#1901)

* implement VerifyRangeProof

* Start using Artifactory for CI/CD in favour of Docker Registry

Due security reasons, we had to stop using the dispatch token and
start using the GitHub App in order to trigger the deployment in
argo.  Because argo is a private repository, we can't trigger from
a public one (juno), so then we start to change the approach to first
push the docker images to jFrog Artifactory, then argo will be notified
that a new image was pushed, then it will trigger the deployment

Extra Tasks:
- Run YAML formatter on build-and-deploy workflow:
Having a well formated file makes it easier to read and for people
to contribute

- Remove unnecessary IMAGE_TAG from build-and-deploy.yml:
Instead of using both env.DOCKER_IMAGE_TAG and output.IMAGE_TAG, only
use one of them.

- Improve readability of stages in build-and-deploy.yml:
Rename stages to make it easier to understand what's going on.
For example from 'deploy_to_dev' to 'validate_dev' in order to
include that some tests will be run on the environment

- Set common env var in the root of the file:
Some of the env vars are being used in multiple stages,
so instead of having to hard-code some small differences
in multiple places, bring it all back to a root level
where it's easier to see what changes for what environment.

---------

Co-authored-by: rian <[email protected]>
Co-authored-by: Mario Apra <[email protected]>

Update CI/CD pipeline naming, image repository, and secrets var (#1919)

Fix pipeline deployment with correct access token (#1921)

Use Nubia user instead of Angkor for artifactory

Add --versioned-constants-file flag (#1920)

Misc Fixes - ignore juno artifacts in .gitignore and add requirement for implicit dependency on `pkg-config` (#1923)

* chore: Ignore Juno artifacts in .gitignore

* chore: Update system dependencies in README.md

Turns out pkg-config is required:

```
$ make juno
...
jemalloc: exec: "pkg-config": executable file not found in $PATH
```

Update db snapshot for mainnet (#1924)

Use ctx in BucketMigrator (#1521)

Fix corrupted db snapshot (#1927)

Fix how to staging promotion (#1928)

Fix how to promote to staging and prod environments

Fix how to get DOCKER_IMAGE_TAG:

  By using GITHUB_ENV, only the steps on the same job will be
able to get the value.  When trying to get it from steps from
different jobs the value is empty.

  This was causing issues to promote to staging because it was
trying to promote EVERYTHING in dev to staging.  Luckly there
was a check to not allow to overwrite the same tag, so things
that were already promoted couldn't be overwritten

  By using GITHUB_OUTPUT instead, it is now possible to get the
variable on any step from any subsequent job

Add deployment version verification for staging and production:

  The CI/CD pipeline has been updated to include a new step for
verifying the deployment version in the staging and production
environments.
  This ensures that the correct version of the
Docker image is deployed to each environment before running the
tests

Add set -ux to deployment verification script:

- -u will treat any unitialized variable as an error
- -x will print the command that is being executed

  This will make sure that cases where the EXPECTED_VERSION
not being passed won't cause any problem.
  One example where the variable was not set and the job succeeded:
https://github.com/NethermindEth/juno/actions/runs/9800486115/job/27062611554#step:3:15

  By using -x, it will be useful to understand exactly what's
the expected version, so no confusion will be made

Add Manual gate to run tests in production

  Since the deployment to production is a manual process, creating
a artificial environment makes it possible for the tests to run
only after a deployment is actually done.
  This avoids the issue where the tests will start to run without
the environment be ready.

Fix indentation in ci-cd-pipeline.yml (#1931)

The test_in_production job had two extra spaces, making
the YAML file invalid, since it couldn't detect that this
was a job but as a step, and steps can't have the same
attributes as jobs

Update p2p implementation according to recent spec (#1858)

Update docs.starknet.io links (#1929)

Some of the links were broken and some of them were redirecting.
There were also cases where I couldn't find where it was refering
to, so I decided to just delete the link

This commit is co-authored.  I got the inspiration from
#1564 and I improved a
little bit

Co-authored-by: Krauspt <[email protected]>

Fix how to promote to staging/prod (#1932)

- Add checkout step to promote_to_staging in ci-cd-pipeline.yml

This is necessary because at the Verify Deployment Version step,
there is a call for a file that is in the repository

- Stop using jf cli to do the promotion

For some reason the jf rt dpr moves/copies only ‘image’ without manifests.
This means that instead of relying on jFrog to do the promotion, even
though it will be sub-optimal, relying on Docker seems to be safer

Safely enable uploading report to Codecov (#1939)

This is done by saving the coverage output as an workflow artifact
then loading it on a separate job and uploading it to codecov.

The reason why this is necessary is because when running the juno-test
workflow from a fork / untrusted dev, the secrets is not available.
This is done in order to secure the secrets to being exposed from
an atacker that might want to create a PR and get them.
More info: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

The second workflow will be trigger once the juno-test is completed
so it only needs to download the artifact and upload to codecov.
Since this workflow source code is only from main, in order for it
to contain malicious code, it would've been required to go through
a PR.

I've also added a small script to comment to the PR, so it's clear
that the codecov will be uploaded shortly.  This can be reverted
later on if it starts to become too spammy.

Fix how to upload coverage to codecov (#1943)

When I copied the Upload coverage to Codecov step from the juno-test
I forgot to remove the condition that it would only do it when running
on ubuntu-latest machine.

Also, the Comment on PR didn't work, so I'm just removing it since
it doesn't provide much benefit

Bump version of github actions (#1937)

Bump version of github actions

- actions/setup-go: Bumping it to v5.
With the v5, cache is done by default, so there is no need to
specify cache: true

- actions/checkout: bumping it to v4
A lot of different improvements, but the one that made me decide
to upgrade was to use node20 instead of node16.
Node16 has en end of life on 11 Sep 2023

- codecov/codecov-action: bumping it to v4 (v4.5.0)
It was hard-coded v4.2.0, meaning that the fixes around detecting
if running from a fork (v4.3, v4.4 and v.4.5) were not backported,
therefore making the job not being able to detect when it was
running from a fork

Remove duplicate libraries linked on MacOS (#1944)

Explanation: -ldl is dynamic linking library and -lm is math library. Both are not needed for Mac OS because the OS use different linking mechanism and math is part of C stdlib anyway.

Bump github.com/rs/cors from 1.10.1 to 1.11.0 (#1930)

Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.10.1 to 1.11.0.
- [Commits](rs/cors@v1.10.1...v1.11.0)

---
updated-dependencies:
- dependency-name: github.com/rs/cors
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump github.com/ethereum/go-ethereum from 1.13.10 to 1.13.15 (#1859)

Bumps [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) from 1.13.10 to 1.13.15.
- [Release notes](https://github.com/ethereum/go-ethereum/releases)
- [Commits](ethereum/go-ethereum@v1.13.10...v1.13.15)

---
updated-dependencies:
- dependency-name: github.com/ethereum/go-ethereum
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Add new linters and fix their errors (#1936)

Update blockifier, fix todos, update fgw response objects

Draft impl of new block hashing scheme

Update blockifier to 0.8.0-rc.0

Persist and load peers from separate database (#1935)

Rename trie/TransactionStorage to Storage (#1788)

Separate tests with coverage and without coverage (#1953)

Running code coverage slows down the run by ~20%.
The commit separates the tests into two different jobs
based on the operating system. The "Tests (Coverage)"
job runs the tests with coverage and is only triggered
on the "ubuntu-latest" OS, while the "Tests (No Coverage)"
job runs the tests without coverage on other OSes.
This change improves the test workflow and ensures that
coverage only runs on the os that does uploads the result
to Codecov.

Daniil/linter-update (#1957)

* golangci-lint updated to v1.59.1
* The configuration option `run.skip-dirs` is deprecated, use `issues.exclude-dirs`
* The configuration option `linters.govet.check-shadowing` is deprecated. Enabled `shadow` instead
* The linter 'gomnd' is deprecated (since v1.58.0) due to: The linter has been renamed. Replaced by mnd.
* directive `//nolint:goconst` is unused for linter "goconst". Deleted comments.

Add enumer tool. Generate using it helper functions for Bucket type (#1958)

Add test race detection to pipeline. Fix race conditions in tests (#1956)

Fix linter issues

Update cargo dependencies

Implement receipt Hash()

Fix receipt commitment

Remove vm

Update vm

Disable make test-race in github workflow (#1960)

Update juno command's Use field

Update TestConfigPrecedence comment

Add db-size subcommand to juno command

Use cmd.OutorStdout() for printing in cmd/juno

Add CalculatePrefixSize()

Add db/pebble.NewWithOptions

Calculate Juno's DB size

Move GenP2PKeyPari to genp2pkeypair.go

Move DBSize to dbsize.go

Include semantic version in agent name (#1906)

* Include client version in p2p agent name

* Construct agent name in p2p package

* Use fmt.Sprintf to construct agent name

Use previously Unused bucket for Peers' storage (#1962)

Fix linter issues
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

VerifyProofRange non-set and inner nodes
4 participants