pre-flight fcu for speed bump

[advaita-saha]

makes fcu call super-fast with minimal downside
Upon testing shows significant performance improvement, and improvement in attestations from CL side ( fewer attestation misses )

[bhartnett]

Is it possible for the queueForkChoice background job to fail in the background? Or after running preflightForkChoice and returning a success to the caller , should the job always succeed?

[advaita-saha]

Theoretically it is not possible to fail.
The only possibility is if the db is corrupt, or somehow the db connection is broken ( or other db level failures )

[bhartnett]

Actually it might be possible for it to fail when processing multiple heads. The removeBlockFromCache function can remove blocks from the hashToBlock table which can cause forkChoice to fail. removeBlockFromCache gets called from two places updateBase and updateFinalized. If those functions get called asynchronously before the forkChoice task runs then you get a silent failure.

[advaita-saha]

Well the queueForkChoice just adds the fCU call to the asyncQueue. So nothing else calls it async. And the queue is processed one by one

[advaita-saha]

removeBlockFromCache gets called from two places updateBase and updateFinalized. If those functions get called asynchronously before the forkChoice task runs then you get a silent failure.

I think not possible in the current design with asyncQueue implementation

[bhartnett]

Hmm, I'm not sure. Maybe its ok because the single queue enforces the ordering as long as there are no await calls which yield to other tasks before the forkChoice task is added to the queue.

[advaita-saha]

@jangko any thoughts on this ?

[bhartnett]

Hmm, I'm not sure. Maybe its ok because the single queue enforces the ordering as long as there are no await calls which yield to other tasks before the forkChoice task is added to the queue.

Since the queueForkChoice is a template and contains an await call (which is good for rate limiting purposes), then the await will yield the event loop meaning something else can run concurrently perhaps before the forkChoice task is added to the queue. Maybe this is fine as long as no other code calls updateBase or updateFinalized outside of the task queue flow.

[advaita-saha]

Yes that is true.
For now by design updateBase & updateFinalized is not called outside the queue

Will add some comments on this

[jangko]

LGTM

[bhartnett]

This check is more strict now than the implementation in forkChoice which would silently ignore if the safeHash doesn't exist in the hashToBlock map. Not sure if this change is desired or not.

[bhartnett]

Looks like there is nothing logging the result of the forkChoice call. Even if we don't expect any failures we should probably log something. Perhaps the queueForkChoice asyncHandler could log the result of forkChoice.

[advaita-saha]

Surely yeah, will add some logs. Will help identify issues

[bhartnett]

Since we end up awaiting here for the block building it might be better to not use the async queue flow at all if attrsOpt.isSome. Block building would be faster in that case.

[advaita-saha]

Yes that PR is also ready on top of this. Just testing and ironing out few issues on that
( little difficult to test as I don't have much validators, so very less proposals to test )

[tersec]

While these are likely to be relatively static, as an ongoing maintenance point, right now the synchronization between the two has been manually checked (and I've been checking it as well, as did you and @bhartnett ). But if the engine API rules change at some point, e.g., Gloas enabling backwards head movement in engine API as had been prohibited but might be allowed, then this being out of sync is a risk.

[tersec]

After:

• engine: Restrict no-reorg to the prefix of known finalized ethereum/execution-apis#786

This is is still somewhat true, but e.g., the checks at:

nimbus-eth1/execution_chain/beacon/api_handler/api_forkchoice.nim

Lines 170 to 182 in 2749417

	# If the head block is already in our canonical chain, the beacon client is
	# probably resyncing. Ignore the update.
	# See point 2 of fCUV1 specification
	# https://github.com/ethereum/execution-apis/blob/v1.0.0-beta.4/src/engine/paris.md#specification-1
	if chain.isCanonicalAncestor(header.number, headHash):
	notice "Ignoring beacon update to old head",
	headHash = headHash.short,
	headNumber = header.number,
	base = chain.baseNumber,
	pendingFCU = chain.pendingFCU.short,
	resolvedFinNum = chain.resolvedFinNumber,
	resolvedFinHash = chain.resolvedFinHash.short
	return validFCU(Opt.none(Bytes8), headHash)

nimbus-eth1/execution_chain/core/chain/forked_chain.nim

Lines 1227 to 1241 in 2749417

	proc isCanonicalAncestor*(c: ForkedChainRef,
	blockNumber: BlockNumber,
	blockHash: Hash32): bool =
	if blockNumber >= c.latest.number:
	return false
	if blockHash == c.latest.hash:
	return false
	if c.base.number < c.latest.number:
	# The current canonical chain in memory is headed by
	# latest.header
	for it in ancestors(c.latest):
	if it.hash == blockHash and it.number == blockNumber:
	return true

aren't valid anymore in Amsterdam. So it's not really that the head becomes not-valid; it was as valid as it ever was, it just might not be the head anymore.

This pre-flight check still looks ok, I don't see how it can result in an ultimately incorrect outcome as a result of this change, but the reasoning for it differs.

[tersec]

Why set this indicator variable rather than directly early-return?

[tersec]

There might be a mismatch here between the preflight and the full fork choice handling. When finalizedHash == zeroHash32, i.e. the change has never finalized, and there's e.g., a reorg so that the condition in

nimbus-eth1/execution_chain/core/chain/forked_chain.nim

Lines 760 to 771 in 2749417

	if headHash == c.latest.hash:
	if finalizedHash == zeroHash32:
	# Do nothing if the new head already our current head
	# and there is no request to new finality.
	return ok()
	let
	# Find the unique branch where `headHash` is a member of.
	head = ?c.findHeadPos(headHash)
	# Finalized block must be parent or on the new canonical chain which is
	# represented by `head`.
	finalized = ?c.findFinalizedPos(finalizedHash, head)

doesn't fire, then it will try to run findFinalizedPos which per

nimbus-eth1/execution_chain/core/chain/forked_chain.nim

Lines 98 to 132 in 2749417

	func findFinalizedPos(
	c: ForkedChainRef;
	hash: Hash32;
	head: BlockRef,
	): Result[BlockRef, string] =
	## Find header for argument `itHash` on argument `head` ancestor chain.
	##
	# OK, new finalized stays on the argument head branch.
	# ::
	# - B3 - B4 - B5 - B6
	# / ^ ^
	# A1 - A2 - A3 | |
	# head CCH
	#
	# A1, A2, B3, B4, B5: valid
	# A3, B6: invalid
	# Find `hash` on the ancestor lineage of `head`
	let fin = c.hashToBlock.getOrDefault(hash)
	if fin.isOk:
	if fin.number > head.number:
	return err("Invalid finalizedHash: block is newer than head block")
	# There is no point traversing the DAG if there is only one branch.
	# Just return the node.
	if c.heads.len == 1:
	return ok(fin)
	for it in ancestors(head):
	if it == fin:
	return ok(fin)
	err("Invalid finalizedHash: block not in argument head ancestor lineage")

won't find the 0x0 finalized block hash and become an error.

At that point, the preflight and backend handling might have a mismatch. It actually seems like preflight here might have the correct handling and the gap might be in the backend handler.