feat(node): adding gas actor

[cryptoAtwill]

As part of the #925, this PR only adds block gas limit.

The following changes are added:

• Implemented IPCGasActor that tracks the gas related parameters in a separate actor.
• Introduced a GasLayer trait that summaries the key gas functionalities.
• Introduced a default gas implementation that reads the current block limit and deduct gas limit with new incoming txns.
• Initialise the block gas limit in genesis. This needs the depending genesis PRs to be merged.
• Adding block gas constraint in prepare and process.

[raulk]

Would call this gas_market since gas is too generic and it could refer to, e.g. the gas limit in a message.

[raulk]

Can we not use the dispatch macros? They weren't practical for our EAM because we needed to override/intercept, but they should be usable here.

[raulk]

Why this number? I think it would be safer to start backwards from f099.

[raulk]

Suggested change

	p: PhantomData<DB>,
	_p: PhantomData<DB>,

[cryptoAtwill]

updated!

[raulk]

There should be a utility function in the Runtime: validate_immediate_caller or something like that.

[raulk]

Nice, this will come in handy!

[raulk]

This shouldn't be accessing the state tree directly, but instead invoking a getter method on the actor for better encapsulation.

[raulk]

• Let's call this GasMarket.
• Let's document that during normal operation, it's supposed to be backed by an actor.
• A more future-proof, pure interface for this:

pub trait GasMarket<State, Input> {
    /// Fetches the current state of the gas market.
    fn current() -> State;
    /// Updates the state of the gas market from the aggregated gas utilization stats for the block.
    fn update(Input) -> State;
}

struct State {
    block_gas_limit: Gas,
    /// This is the base_fee, but termed in a more abstract way so our terminology is not overfitted to EIP-1559.
    burn_fee_per_gas: TokenAmount,
}

[cryptoAtwill]

Sounds good, then the actor is really simple, just writing the state and reading the state.

[raulk]

Why do we need a reset? We should be loading the current gas market state from the actor before we begin execution?

[cryptoAtwill]

Yep, ideally it's like this. I tried doing this as well, but the current ABCI trait is blocking me from doing this because it's begin(&self, ...). If we reset everytime, then we have to do:

self.gas = GasMarket::try_from(&mut state)?;

which requires begin(&mut self).

I tried not to update so many changes and keep the core trait untouched.

[raulk]

I'd call this EIP1559GasMarketActor if we're putting the EIP-1559 logic on chain.
We should define a common interface for gas market actors so that users can implement alternative gas markets and plug them in in their genesis.

[cryptoAtwill]

@raulk I have updated for most of the review feedbacks. Some key changes:

• The gas_market still uses reset_* because of trait constraint, see comment: feat(node): adding gas actor #1098 (comment). It's the same idea, but just to make the compilation pass without too many changes.
• I removed the GasLayer/GasMarket trait for now as I'm not sure how this trait will look like with more functions added. I will add it back once all functions are clearer.
• I adopted the approach below, but used it in the actor. Since we are reading state in one shot, I just directly fetched from chain state, referencing chainmetadata actor.

pub trait GasMarket<State, Input> {
    /// Updates the state of the gas market from the aggregated gas utilization stats for the block.
    fn update(Input) -> State;
}

[raulk]

The actual gas strategy (EIP1559) should be fully encapsulated in the actor, so this is just an ActorGasMarket (a gas market driven by an on-chain actor), i.e. a gas market that resorts to an on-chain actor to keep its state and oscillate the gas parameters.

[raulk]

This should just be load.

[cryptoAtwill]

I moved load out of the trait. This method is only needed because of the &self trait bound, ideally the gas market should be recreated in begin. GasMarket does not really need to be aware of self loading from state. I shifted to the implementation of ActorGasMarket.

[raulk]

We need a query method in the GasMarket actor to fetch the current gas parameters (I called this current() in my proposal above), we should not dive into state directly as that is leaky.

[cryptoAtwill]

I added the method to the gas actor and query using the getter method.

But in fendermint I think we dont really have to add the method to GasMarket because it limits the trait to have a State parameter, which GasMarket does not really need to be on chain. I think it's nicer to just keep this as an implementation detail.

[raulk]

Why do we need this dance between consume_gas and update_block_gas_used?

[cryptoAtwill]

good point, I was trying to be "correct" when using Atomic, but actually there is no need, a direct store will do. Updated.

[raulk]

Is AtomicGas needed purely due to the ownership issues you pointed out on in our last sync? If so, please add a note here + a TODO, since this component is single-threaded and we should attempt to remove this overhead.

[cryptoAtwill]

Purely because of the trait bound, I will add the note and todo

[raulk]

So the more I think about it, I think this trait should be state-type agnostic. The GasMarket should just have its own standard data model with its own struct, and the GasMarket implementation should adapt the concrete gas policy's details to that standard data model / interface.

[raulk]

Is it possible for the trait implementor to keep a reference to FvmExecState instead of having to pass it in? I think you can have a new(&FvmExecState) trait method, with the lifetime of the GasMarket conditioned to that of the exec state?

[raulk]

Or maybe it's not possible without an Rc, not sure.

[cryptoAtwill]

I have removed the State in GasMarket, it should be state type agnostic, technically no need to know about state and unnecessary.

I tried holding the &mut FvmExecState does not seem doable, because FvmExecState<DB> is destructed after each deliver_tx, then the GasMarket needs to be persisted every txn, which seems unnecessary.

Technically there is no need to be aware of the ChainState for gas, but I also think this is part of a ExecutionContext or something like that to help determine the gas, implementation could just ignore.

[raulk]

I tried holding the &mut FvmExecState does not seem doable, because FvmExecState<DB> is destructed after each deliver_tx, then the GasMarket needs to be persisted every txn, which seems unnecessary.

Are you sure? FvmExecState seems to be maintained throughout deliver_tx, unless there's some nuance I'm unaware of? Did you try to make gas_market a member of FvmExecState instead of FvmMessageInterpreter?

[raulk]

This is on the right path, but needs a bit more work before we can land it. A few things missing in this PR. Some are covered by your TODOs in the PR description.

• Block validation logic (ProcessProposal): validate that the sum of transaction gas limits does not exceed the current block gas limit.
• Message validation logic (CheckTx): check that the gas limit does not exceed the block gas limit.
• Genesis: set up the GasMarketActor on genesis and inform CometBFT of the block gas limit during genesis.
• Block Gas Limit updates: inform CometBFT of block gas limit changes in end_block, so that it binpacks transactions to fit within the block gas limit.
• Tests: what do you have in mind here?
• Docs: explain how to configure the default (EIP1559) gas market on genesis, how to update it, and how to replace it with a custom gas market.

[raulk]

Ideally we'd load these parameters from the environment, so we can adjust them without having to deploy new actor code. Alternatively, we could make them state variables, set in the constructor, and updatable through an admin method.

Let's open an issue and track this customisation separately, not worth doing now.

[raulk]

We should call this MINIMUM_BASE_FEE, and start with that base fee on upgraded networks.

[raulk]

• Let's broaden this name up to UpdateUtilization.
• Let's make it take a struct for better extensibility. In the future, we may want to oscillate gas based on other stats, e.g. number of unique senders, gas density of transactions, gas usage distribution, etc. And it's very impractical to have single methods for each element.

[raulk]

Same as below, let's make widen the name to SetConstants. Today we have the block gas limit only, but we may want to pass in other constants like the consts above, so let's make it take a struct.

Note that these methods will be generic for all gas markets, so we shouldn't overfit this interface to EIP-1559 semantics.

[raulk]

GetState is inaccurate and leaky: it conveys that the values returned are read strictly from the state. It might not be the case, e.g. other gas markets may perform computation that doesn't depend on the actor state, e.g. epoch numbers, randomness, calling other actors, etc.

Suggestion:

• Name the method ReadCurrent.
• And the struct GasMarketReading.

So we model "readings" of the gas market.

[raulk]

Where did you take this logic from? Please link to the original source.

[raulk]

All of this code block can be made less pedantic / more idiomatic, but let's get these changes in before we do a cleanup.

[raulk]

This isn't the right place to check this; it can serve as a sanity check here (panic level), but not as the primary site where we check this.

[cryptoAtwill]

I captured this error outside and log it as warning.

[raulk]

This is better modelled as a pre_exec and a post_exec hook. If the gas limit exceeds the available gas, we should abort, not cap the execution gas. It is the block proposer's mistake, not the user's mistake (if you do this, you'd likely provoke an out of gas despite them having set the gas limit correctly).

[raulk]

This is incorrect here. Instead, we should validate that the sum of all transaction gas limits doesn't exceed the block limit, at block validation time prepare_proposal. That guarantees we have enough gas to process all transactions even if they squeeze their gas limits to the max. Then this situation cannot occur.

[raulk]

Suggested change

	self.gas.consume_gas(apply_ret.msg_receipt.gas_used)?;
	self.gas.record_gas_used(apply_ret.msg_receipt.gas_used)?;

[raulk]

Suggested change

	self.gas.load(&mut state)?;
	self.gas_market.load(&mut state)?;

[raulk]

Suggested change

	pub struct SetConstants {
	pub struct Constants {

[raulk]

This should take a ConstructorParams object, otherwise you're leaking the state object externally, which is highly undesirable as it breaks abstraction.

struct ConstructorParams {
    constants: Constants,
    initial_base_fee: TokenAmunt,
}

[raulk]

We should also have a get_constants that returns the constants, invokable by any.

[raulk]

I know this has been open for a while, but it needs a rebase!