Skip to content
This repository has been archived by the owner on Nov 15, 2023. It is now read-only.

Use a BoundedVec in ValidationResult #6603

Merged
merged 10 commits into from
Feb 16, 2023

Conversation

mrcnski
Copy link
Contributor

@mrcnski mrcnski commented Jan 22, 2023

PULL REQUEST

Overview

Use a BoundedVec for upward_messages and horizontal_messages in order to
limit the number of individual messages/memory allocations right at decoding
time. The reason for this is that the ValidationResult may contain a code
upgrade (including a full PVF binary), so the total size limit can't be set
too low and this limit will still allow several millions of upward messages,
which will (due to the memory allocator overhead) already have a
non-negligible memory footprint in decoded form.

Considerations

Related Issue

Closes https://github.com/paritytech/srlabs_findings/issues/257

cumulus companion: paritytech/cumulus#2161

> Use a `BoundedVec` for `upward_messages` and `horizontal_messages` in order to
> limit the number of individual messages/memory allocations right at decoding
> time. The reason for this is that the `ValidationResult` may contain a code
> upgrade (including a full PVF binary), so the total size limit can't be set
> too low and this limit will still allow several millions of upward messages,
> which will (due to the memory allocator overhead) already have a
> non-negligible memory footprint in decoded form.
@mrcnski mrcnski added A0-please_review Pull request needs code review. B0-silent Changes should not be mentioned in any release notes C1-low PR touches the given topic and has a low impact on builders. D3-trivial 🧸 PR contains trivial changes in a runtime directory that do not require an audit. labels Jan 22, 2023
parachain/src/primitives.rs Outdated Show resolved Hide resolved
mrcnski added a commit to paritytech/parity-scale-codec that referenced this pull request Jan 23, 2023
This is necessary to implement a custom `Decode` for `BoundedVec`. See:

paritytech/polkadot#6603 (comment)

> You want to ensure that you don't even start try decoding/allocating when the length of the vector is more than the
> allowed maximum.

> You first decode length of the vector and then early reject if that is too long.
primitives/src/v2/mod.rs Outdated Show resolved Hide resolved
node/primitives/src/lib.rs Outdated Show resolved Hide resolved
mrcnski added a commit to paritytech/parity-scale-codec that referenced this pull request Jan 26, 2023
* Export `decode_vec_with_len`

This is necessary to implement a custom `Decode` for `BoundedVec`. See:

paritytech/polkadot#6603 (comment)

> You want to ensure that you don't even start try decoding/allocating when the length of the vector is more than the
> allowed maximum.

> You first decode length of the vector and then early reject if that is too long.

* Actually export `decode_vec_with_len`

* Bump version
primitives/src/v2/mod.rs Outdated Show resolved Hide resolved
@mrcnski

This comment was marked as outdated.

@mrcnski
Copy link
Contributor Author

mrcnski commented Feb 2, 2023

bot merge

@paritytech-processbot
Copy link

Error: Statuses failed for adbe1e4

@mrcnski mrcnski added the E5-needs_cumulus_pr This is an issue that needs to be implemented upstream in Cumulus. label Feb 3, 2023
@mrcnski
Copy link
Contributor Author

mrcnski commented Feb 3, 2023

Can someone please advise me on the cumulus companion? I need to convert the Vec here to BoundedVec:

https://github.com/paritytech/cumulus/blob/445f9277a/pallets/parachain-system/src/validate_block/implementation.rs#L190

What should happen on error? Is it OK to panic here? Or maybe better to handle it before storing it?

@@ -535,8 +535,8 @@ impl<T: paras_inherent::Config> BenchBuilder<T> {
validation_code_hash,
},
commitments: CandidateCommitments::<u32> {
upward_messages: Vec::new(),
horizontal_messages: Vec::new(),
upward_messages: vec![].try_into().unwrap(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any particular reason why you're using try_into().unwrap() here instead of just Default::default() (which would eliminate the unwrap)?

@mrcnski
Copy link
Contributor Author

mrcnski commented Feb 16, 2023

bot merge

@paritytech-processbot
Copy link

Error: "Check reviews" status is not passing for paritytech/cumulus#2161

@mrcnski
Copy link
Contributor Author

mrcnski commented Feb 16, 2023

bot merge

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
A0-please_review Pull request needs code review. B0-silent Changes should not be mentioned in any release notes C1-low PR touches the given topic and has a low impact on builders. D3-trivial 🧸 PR contains trivial changes in a runtime directory that do not require an audit.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants