mirror of
https://github.com/pezkuwichain/pezkuwi-subxt.git
synced 2026-05-30 10:31:03 +00:00
Rename ExecutionMode to IsolationStrategy (#1932)
* Rename ExecutionMode to IsolationStrategy Execution mode is too generic name and can imply a lot of different aspects of execution. The notion of isolation better describes the meant aspect. And while I am at it, I also renamed mode -> strategy cause it seems a bit more appropriate, although that is way more subjective. * Fix compilation in wasm_executor tests. * Add a comment to IsolationStrategy * Update comments on IsolationStrategy * Update node/core/candidate-validation/src/lib.rs Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com> * Accomodate the point on interruption * Update parachain/src/wasm_executor/mod.rs Co-authored-by: Andronik Ordian <write@reusable.software> * Naming nits Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com> Co-authored-by: Andronik Ordian <write@reusable.software>
This commit is contained in:
Sergei Shulepov
@@ -37,9 +37,40 @@ const MAX_RUNTIME_MEM: usize = 1024 * 1024 * 1024; // 1 GiB
|
||||
const MAX_CODE_MEM: usize = 16 * 1024 * 1024; // 16 MiB
|
||||
const MAX_VALIDATION_RESULT_HEADER_MEM: usize = MAX_CODE_MEM + 1024; // 16.001 MiB
|
||||
|
||||
/// The execution mode for the `ValidationPool`.
|
||||
/// The strategy we employ for isolating execution of wasm parachain validation function (PVF).
|
||||
///
|
||||
/// For a typical validator an external process is the default way to run PVF. The rationale is based
|
||||
/// on the following observations:
|
||||
///
|
||||
/// (a) PVF is completely under control of parachain developers who may or may not be malicious.
|
||||
/// (b) Collators are in charge of providing PoV who also may or may not be malicious.
|
||||
/// (c) PVF is executed by a wasm engine based on optimizing compiler which is a very complex piece
|
||||
/// of machinery.
|
||||
///
|
||||
/// (a) and (b) may lead to a situation where due to a combination of PVF and PoV the validation work
|
||||
/// can stuck in an infinite loop, which can open up resource exhaustion or DoS attack vectors.
|
||||
///
|
||||
/// While some execution engines provide functionality to interrupt execution of wasm module from
|
||||
/// another thread, there are also some caveats to that: there is no clean way to interrupt execution
|
||||
/// if the control flow is in the host side and at the moment we haven't rigoriously vetted that all
|
||||
/// host functions terminate or, at least, return in a short amount of time. Additionally, we want
|
||||
/// some freedom on choosing wasm execution environment.
|
||||
///
|
||||
/// On top of that, execution in a separate process helps to minimize impact of (c) if exploited.
|
||||
/// It's not only the risk of miscompilation, but it also includes risk of JIT-bombs, i.e. cases
|
||||
/// of specially crafted code that take enourmous amounts of time and memory to compile.
|
||||
///
|
||||
/// At the same time, since PVF validates self-contained candidates, validation workers don't require
|
||||
/// extensive communication with polkadot host, therefore there should be no observable performance penalty
|
||||
/// coming from inter process communication.
|
||||
///
|
||||
/// All of the above should give a sense why isolation is crucial for a typical use-case.
|
||||
///
|
||||
/// However, in some cases, e.g. when running PVF validation on android (for whatever reason), we
|
||||
/// cannot afford the luxury of process isolation and thus there is an option to run validation in
|
||||
/// process. Also, running in process is convenient for testing.
|
||||
#[derive(Clone, Debug)]
|
||||
pub enum ExecutionMode {
|
||||
pub enum IsolationStrategy {
|
||||
/// The validation worker is ran in a thread inside the same process.
|
||||
InProcess,
|
||||
/// The validation worker is ran using the process' executable and the subcommand `validation-worker` is passed
|
||||
@@ -60,7 +91,7 @@ pub enum ExecutionMode {
|
||||
},
|
||||
}
|
||||
|
||||
impl Default for ExecutionMode {
|
||||
impl Default for IsolationStrategy {
|
||||
fn default() -> Self {
|
||||
#[cfg(not(any(target_os = "android", target_os = "unknown")))]
|
||||
{
|
||||
@@ -136,19 +167,19 @@ pub enum InternalError {
|
||||
pub fn validate_candidate(
|
||||
validation_code: &[u8],
|
||||
params: ValidationParams,
|
||||
execution_mode: &ExecutionMode,
|
||||
isolation_strategy: &IsolationStrategy,
|
||||
spawner: impl SpawnNamed + 'static,
|
||||
) -> Result<ValidationResult, ValidationError> {
|
||||
match execution_mode {
|
||||
ExecutionMode::InProcess => {
|
||||
match isolation_strategy {
|
||||
IsolationStrategy::InProcess => {
|
||||
validate_candidate_internal(validation_code, ¶ms.encode(), spawner)
|
||||
},
|
||||
#[cfg(not(any(target_os = "android", target_os = "unknown")))]
|
||||
ExecutionMode::ExternalProcessSelfHost(pool) => {
|
||||
IsolationStrategy::ExternalProcessSelfHost(pool) => {
|
||||
pool.validate_candidate(validation_code, params)
|
||||
},
|
||||
#[cfg(not(any(target_os = "android", target_os = "unknown")))]
|
||||
ExecutionMode::ExternalProcessCustomHost { pool, binary, args } => {
|
||||
IsolationStrategy::ExternalProcessCustomHost { pool, binary, args } => {
|
||||
let args: Vec<&str> = args.iter().map(|x| x.as_str()).collect();
|
||||
pool.validate_candidate_custom(validation_code, params, binary, &args)
|
||||
},
|
||||
|
||||
@@ -166,7 +166,7 @@ mod tests {
|
||||
use super::*;
|
||||
|
||||
use futures::executor::block_on;
|
||||
use polkadot_parachain::{primitives::ValidationParams, wasm_executor::ExecutionMode};
|
||||
use polkadot_parachain::{primitives::ValidationParams, wasm_executor::IsolationStrategy};
|
||||
use polkadot_primitives::v1::{ValidationData, PersistedValidationData};
|
||||
use codec::Decode;
|
||||
|
||||
@@ -201,7 +201,7 @@ mod tests {
|
||||
hrmp_mqc_heads: Vec::new(),
|
||||
dmq_mqc_head: Default::default(),
|
||||
},
|
||||
&ExecutionMode::InProcess,
|
||||
&IsolationStrategy::InProcess,
|
||||
sp_core::testing::TaskExecutor::new(),
|
||||
).unwrap();
|
||||
|
||||
|
||||
@@ -25,13 +25,13 @@ use parachain::{
|
||||
HeadData as GenericHeadData,
|
||||
ValidationParams,
|
||||
},
|
||||
wasm_executor::{ValidationPool, ExecutionMode}
|
||||
wasm_executor::{ValidationPool, IsolationStrategy}
|
||||
};
|
||||
use codec::{Decode, Encode};
|
||||
use adder::{HeadData, BlockData, hash_state};
|
||||
|
||||
fn execution_mode() -> ExecutionMode {
|
||||
ExecutionMode::ExternalProcessCustomHost {
|
||||
fn isolation_strategy() -> IsolationStrategy {
|
||||
IsolationStrategy::ExternalProcessCustomHost {
|
||||
pool: ValidationPool::new(),
|
||||
binary: std::env::current_exe().unwrap(),
|
||||
args: WORKER_ARGS_TEST.iter().map(|x| x.to_string()).collect(),
|
||||
@@ -40,17 +40,17 @@ fn execution_mode() -> ExecutionMode {
|
||||
|
||||
#[test]
|
||||
fn execute_good_on_parent_with_inprocess_validation() {
|
||||
let execution_mode = ExecutionMode::InProcess;
|
||||
execute_good_on_parent(execution_mode);
|
||||
let isolation_strategy = IsolationStrategy::InProcess;
|
||||
execute_good_on_parent(isolation_strategy);
|
||||
}
|
||||
|
||||
#[test]
|
||||
pub fn execute_good_on_parent_with_external_process_validation() {
|
||||
let execution_mode = execution_mode();
|
||||
execute_good_on_parent(execution_mode);
|
||||
let isolation_strategy = isolation_strategy();
|
||||
execute_good_on_parent(isolation_strategy);
|
||||
}
|
||||
|
||||
fn execute_good_on_parent(execution_mode: ExecutionMode) {
|
||||
fn execute_good_on_parent(isolation_strategy: IsolationStrategy) {
|
||||
let parent_head = HeadData {
|
||||
number: 0,
|
||||
parent_hash: [0; 32],
|
||||
@@ -71,7 +71,7 @@ fn execute_good_on_parent(execution_mode: ExecutionMode) {
|
||||
hrmp_mqc_heads: Vec::new(),
|
||||
dmq_mqc_head: Default::default(),
|
||||
},
|
||||
&execution_mode,
|
||||
&isolation_strategy,
|
||||
sp_core::testing::TaskExecutor::new(),
|
||||
).unwrap();
|
||||
|
||||
@@ -87,7 +87,7 @@ fn execute_good_chain_on_parent() {
|
||||
let mut number = 0;
|
||||
let mut parent_hash = [0; 32];
|
||||
let mut last_state = 0;
|
||||
let execution_mode = execution_mode();
|
||||
let isolation_strategy = isolation_strategy();
|
||||
|
||||
for add in 0..10 {
|
||||
let parent_head = HeadData {
|
||||
@@ -110,7 +110,7 @@ fn execute_good_chain_on_parent() {
|
||||
hrmp_mqc_heads: Vec::new(),
|
||||
dmq_mqc_head: Default::default(),
|
||||
},
|
||||
&execution_mode,
|
||||
&isolation_strategy,
|
||||
sp_core::testing::TaskExecutor::new(),
|
||||
).unwrap();
|
||||
|
||||
@@ -128,7 +128,7 @@ fn execute_good_chain_on_parent() {
|
||||
|
||||
#[test]
|
||||
fn execute_bad_on_parent() {
|
||||
let execution_mode = execution_mode();
|
||||
let isolation_strategy = isolation_strategy();
|
||||
|
||||
let parent_head = HeadData {
|
||||
number: 0,
|
||||
@@ -150,7 +150,7 @@ fn execute_bad_on_parent() {
|
||||
hrmp_mqc_heads: Vec::new(),
|
||||
dmq_mqc_head: Default::default(),
|
||||
},
|
||||
&execution_mode,
|
||||
&isolation_strategy,
|
||||
sp_core::testing::TaskExecutor::new(),
|
||||
).unwrap_err();
|
||||
}
|
||||
|
||||
@@ -21,11 +21,11 @@ const WORKER_ARGS_TEST: &[&'static str] = &["--nocapture", "validation_worker"];
|
||||
use crate::adder;
|
||||
use parachain::{
|
||||
primitives::{BlockData, ValidationParams},
|
||||
wasm_executor::{ValidationError, InvalidCandidate, EXECUTION_TIMEOUT_SEC, ExecutionMode, ValidationPool},
|
||||
wasm_executor::{ValidationError, InvalidCandidate, EXECUTION_TIMEOUT_SEC, IsolationStrategy, ValidationPool},
|
||||
};
|
||||
|
||||
fn execution_mode() -> ExecutionMode {
|
||||
ExecutionMode::ExternalProcessCustomHost {
|
||||
fn isolation_strategy() -> IsolationStrategy {
|
||||
IsolationStrategy::ExternalProcessCustomHost {
|
||||
pool: ValidationPool::new(),
|
||||
binary: std::env::current_exe().unwrap(),
|
||||
args: WORKER_ARGS_TEST.iter().map(|x| x.to_string()).collect(),
|
||||
@@ -34,7 +34,7 @@ fn execution_mode() -> ExecutionMode {
|
||||
|
||||
#[test]
|
||||
fn terminates_on_timeout() {
|
||||
let execution_mode = execution_mode();
|
||||
let isolation_strategy = isolation_strategy();
|
||||
|
||||
let result = parachain::wasm_executor::validate_candidate(
|
||||
halt::wasm_binary_unwrap(),
|
||||
@@ -45,7 +45,7 @@ fn terminates_on_timeout() {
|
||||
hrmp_mqc_heads: Vec::new(),
|
||||
dmq_mqc_head: Default::default(),
|
||||
},
|
||||
&execution_mode,
|
||||
&isolation_strategy,
|
||||
sp_core::testing::TaskExecutor::new(),
|
||||
);
|
||||
match result {
|
||||
@@ -59,11 +59,10 @@ fn terminates_on_timeout() {
|
||||
|
||||
#[test]
|
||||
fn parallel_execution() {
|
||||
let execution_mode = execution_mode();
|
||||
let isolation_strategy = isolation_strategy();
|
||||
let isolation_strategy_clone = isolation_strategy.clone();
|
||||
|
||||
let start = std::time::Instant::now();
|
||||
|
||||
let execution_mode2 = execution_mode.clone();
|
||||
let thread = std::thread::spawn(move ||
|
||||
parachain::wasm_executor::validate_candidate(
|
||||
halt::wasm_binary_unwrap(),
|
||||
@@ -74,7 +73,7 @@ fn parallel_execution() {
|
||||
hrmp_mqc_heads: Vec::new(),
|
||||
dmq_mqc_head: Default::default(),
|
||||
},
|
||||
&execution_mode,
|
||||
&isolation_strategy,
|
||||
sp_core::testing::TaskExecutor::new(),
|
||||
).ok());
|
||||
let _ = parachain::wasm_executor::validate_candidate(
|
||||
@@ -86,7 +85,7 @@ fn parallel_execution() {
|
||||
hrmp_mqc_heads: Vec::new(),
|
||||
dmq_mqc_head: Default::default(),
|
||||
},
|
||||
&execution_mode2,
|
||||
&isolation_strategy_clone,
|
||||
sp_core::testing::TaskExecutor::new(),
|
||||
);
|
||||
thread.join().unwrap();
|
||||
|
||||
Reference in New Issue
Block a user