Merge main-v0.14.3 into main#14298
Conversation
Signed-off-by: Dori Medini <dori@starkware.co>
…nel and unit suffixes (#14228)
…64 build (#14227) The workspace .cargo/config.toml sets `rustc-wrapper = "sccache"` (PR #12421). With sccache active, the final link of starknet_transaction_prover fails on linux/arm64 with undefined `blst_*` symbols from libckzg.a — same failure mode as mozilla/sccache#2359 (reported on x86_64; open upstream, no fix). Likely cause: sccache 0.13 added compilation support for .S assembly sources via #2545, and that codepath has known follow-up bugs (#2253 cc-rs args mangled, #2556 broken `assembler-with-cpp` arg handling). blst's build.rs compiles `assembly.S` via cc-rs, and the wrapped invocation silently produces objects without the native symbols, so the rlib ends up in the link line without its blst_*/asm symbols and libckzg.a's references go unresolved. amd64 builds in this pipeline currently avoid the bug, so the breakage only surfaces in the multi-arch prover-publish workflow. Override RUSTC_WRAPPER="" in this self-contained image to bypass the wrapper, and drop the now-unused sccache install. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…14232) Goal - Expose the rate at which the L1 message scraper observes unique L1 handler transactions, so operators can see L1 handler TPS / per-minute ingestion on the dashboard. Change summary - Define a new MetricCounter L1_MESSAGE_SCRAPER_L1_HANDLER_TX_COUNT in the L1EventsProvider metric scope and register it alongside the other scraper metrics. - Increment the counter inside TransactionManager::add_tx in the HashOnly arm of the payload match (the only arm that stores a Full payload). This covers brand-new records and HashOnly -> Full upgrades from the state-sync catchup path. The double-scrape warn-and-ignore arm does not increment. - Add a unit test asserting the increment-once-per-unique-tx semantics, including the HashOnly upgrade and double-scrape cases. Decision points - The counter increments per unique tx, not per scraped event, so the derived rate panel reflects ingestion of new work rather than scraper retries / reorg-adjacent re-observations. - Counter name mirrors L1_MESSAGE_SCRAPER_SUCCESS_COUNT for discoverability in the metric namespace. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…gas_price_fri when set (#14230)
…ession (#14238) Adds CendeTestContract, a minimal feature contract carrying verbatim copies of the entry points the cende blob regression test exercises (test_increment, test_storage_read_write, test_storage_write, write_and_revert, test_call_contract, write_1, call_write_rewrite_panic, catch_write_revert_panic), plus the single storage field they touch. Switches cende_blob_regression_test::test_make_data to deploy and exercise this contract instead of the shared test_contract. Why: the test_contract class hash propagates into the cende goldens (deployed-contract addresses end up in invoke calldata, then into tx_hash, fees, balance diffs, and the captured GCS blob), so every change to test_contract for any unrelated test forced regenerating preconfirmed_block.json AND re-uploading a new blob to the apollo-central-systest-blobs bucket. With this dedicated contract, the cende blob depends only on CendeTestContract -- additions to test_contract no longer churn cende. One-time fixture regen: - preconfirmed_block.json rewritten (new contract -> new addresses, tx_hash, and fees). - blob_file_generation 24 -> 25; new blob uploaded to GCS. - chain_info.json unchanged; test_contract untouched. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…3-rc-0 (#14241) Point the v1 variant of privacy-circuit-verify and privacy-prove at the proving-utils v0.14.3-rc-0 release tag (commit ea3b062). Pulls in matching stwo-circuits (9ff7fc8); stwo, stwo-cairo and cairo-air match main-v0.14.3. privacy-circuit-verify-v0 stays on 580135e. The new privacy-circuit-verify-v1 changes the serialized proof format, so proof fixtures must be regenerated: - proof_flow/proof.bin (apollo_integration_tests) via `cargo test -p starknet_os_flow_tests --features starknet_transaction_prover/stwo_proving --release generate_proof_fixtures -- --ignored` - example_proof.bin (apollo_transaction_converter) via `cargo test -p starknet_transaction_prover --features stwo_proving --release -- --ignored regenerate_proof_fixtures` - regression_test/0.14.3/example_proof.bin (starknet_proof_verifier) is a copy of the apollo_transaction_converter fixture, updated to track the new on-chain 0.14.3 proof format. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…3-rc-1 (#14254) Follow-up to #14241 (which moved both to v0.14.3-rc-0). v0.14.3-rc-1 is the proving-utils tag of commit c0b937b (PR starkware-libs/proving-utils#355, "Bump stwo-circuits."), which advances the stwo-circuits revision from 9ff7fc8 to 618db0a. privacy-circuit-verify-v0 stays on 580135e. stwo-circuits changes the on-chain proof bytes, so regenerate the three serialized proof fixtures: - proof_flow/proof.bin (apollo_integration_tests) via `cargo test -p starknet_os_flow_tests --features starknet_transaction_prover/stwo_proving --release generate_proof_fixtures -- --ignored` - example_proof.bin (apollo_transaction_converter) via `cargo test -p starknet_transaction_prover --features stwo_proving --release -- --ignored regenerate_proof_fixtures` - regression_test/0.14.3/example_proof.bin (starknet_proof_verifier) is a copy of the apollo_transaction_converter fixture. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The pin only authenticated the install script's bytes, not the LLVM packages it installs. Those are verified by the apt GPG key that llvm.sh fetches over TLS at runtime (unpinned), so the real trust root is already "TLS-authenticated apt.llvm.org" -- the same trust we place in the apt packages themselves. Pinning the script while leaving that key fetch unpinned is a half-measure: a network/host compromise of apt.llvm.org can swap the key and serve malicious packages regardless of the script hash. Given we trust apt.llvm.org over TLS (consistent with the rest of our apt usage), drop the pin and its change-control comments. This also removes the recurring CI break + hash-bump chore on every benign upstream edit to llvm.sh, and aligns this path with the replay Dockerfile, which already fetches llvm.sh unpinned. The download keeps strict TLS (--proto =https --tlsv1.2 --fail). Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…blob commitment (#14264)
Goal - Surface L1 handler ingestion rate next to the pending-tx gauge so operators can see "rate in vs. backlog" side-by-side on the L1 Events dashboard row. Change summary - Add get_panel_l1_message_scraper_l1_handler_tx_rate which renders increase(L1_MESSAGE_SCRAPER_L1_HANDLER_TX_COUNT[1m]) for a readable per-minute view (matches the typical operator mental model of "TPS"). - Insert the panel into get_l1_events_row between the pending-tx gauge and the scraper success counter. Decision points - Window is 1m (vs. the existing DEFAULT_DURATION = 10m) because L1 handler throughput is low and a 10m window smears short bursts to be unreadable. - Regenerated dev_grafana.json fixture to reflect (a) the new panel and (b) the gauge description change from the parent commit "apollo_l1_events: count scraped-but-uncommitted txs in pending gauge". Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Wrap `EntryPointExecutionError` in a new `AnnotatedEntryPointExecutionError` struct that carries the executing frame's `TrackedResource` and the active `strip_vm_frames_in_sierra_gas` policy, and use it as the type of every field that feeds the stack-trace formatter (`TransactionExecutionError`'s `ExecutionError` / `ValidateTransactionError` fields, `ConstructorEntryPointExecutionError::ExecutionError` field, `TransactionFeeError::ExecuteFeeTransferError`, and both syscall errors' `EntryPointExecutionError` variants). Private fields plus a single constructor (`EntryPointExecutionError::annotated`) mean the type system rejects storing any unannotated error in a stack-trace-feeding position. Also adds the `strip_vm_frames_in_sierra_gas` field to `RawVersionedConstants` and `VersionedConstants`, set to `false` in every JSON. The wrapper site `execute_entry_point_call_wrapper` reads the flag from the context and annotates accordingly. The follow-up commit flips the value at v0.14.3 and teaches the formatter to honor it; this commit alone is a no-op behaviourally. `EntryPointExecutionResult<T>` aliases to the annotated form (above the wrapper); below-wrapper helpers (dispatch, run_entry_point, finalize, etc.) return the inner `Result<_, EntryPointExecutionError>` directly. There is no `From<EntryPointExecutionError>` impl for the annotated form — `?` propagation from inner-error helpers stops at the wrapper boundary, which is the single annotation site. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…aces (#14251) For SierraGas-mode (Cairo 1) contracts the choice of execution backend (cairo-vm CASM vs cairo-native) is meant to be a free implementation detail, but blockifier's stack-trace formatter was committing the backend choice into the rendered revert reason: cairo-vm produces a `VmException` with a PC and a Cairo traceback, cairo-native does not, and `stack_trace.rs` faithfully rendered the former and skipped the latter. Because the revert reason is hashed verbatim into the receipt commitment (and thus the block hash), the same Cairo 1 contract reverting on the same input produced two different receipts depending on which backend was hot in the contract class manager's cache at the moment of execution. This is what bites echonet replays of mainnet: any mainnet block where a Cairo 1 contract reverts can mismatch echonet's receipt commitment iff echonet ran that class via native while mainnet ran it via CASM (or vice versa). This patch flips the `strip_vm_frames_in_sierra_gas` flag (introduced as a no-op in the preceding commit) from false to true at protocol v0.14.3, and teaches the stack-trace formatter to honor it: * The flag is set in `blockifier_versioned_constants_0_14_3.json`. Pre-v0.14.3 versions remain at false, so historical receipts replay byte-identically. * `extract_entry_point_execution_error_into_stack_trace` reads the annotation from the `AnnotatedEntryPointExecutionError` carried by the outer `TransactionExecutionError` field, and inside the `CairoRunError` arm skips the `Error at pc=` / `Cairo traceback` block when the frame is `SierraGas`-tracked AND the strip policy is on. Cairo 0 (`CairoSteps`) frames are unaffected at every version. * Cairo 0 traces are unchanged at every protocol version. Native traces are unchanged. A SierraGas-mode contract at v0.14.3+ now renders identically whether it ran via cairo-vm CASM or cairo-native. Verified by a new parameterized test (`test_revert_text_is_backend_invariant_for_sierra_gas`) that runs the same Cairo 1 deploy-faulty-ctor flow on both backends and asserts byte-identical revert text, plus three unit tests covering the four `(TrackedResource, strip)` cells of the rendering matrix. Real-data confirmation: with `strip_vm_frames_in_sierra_gas: true` forced into the 0.14.1 json locally, `--compare-native` on mainnet block 6481044 reports matched=1 (formerly matched=0 between backends). Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
PR SummaryHigh Risk Overview SNIP-35 dynamic gas pricing moves the USD target off a hardcoded constant into Blockifier / receipts: from 0.14.3 versioned constants, Dependencies & tooling: Deploy / local: hybrid Helm overlays gain shared Reviewed by Cursor Bugbot for commit 651c584. Bugbot is set up for automated code reviews on this repo. Configure here. |
|
Artifacts upload workflows: |
|
This change is |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
nimrod-starkware
left a comment
nimrod-starkware
left a comment
There was a problem hiding this comment.
@nimrod-starkware reviewed 93 files and all commit messages.
Reviewable status: 93 of 95 files reviewed, 3 unresolved discussions.
Resolve conflicts from merging main-v0.14.3 into main: - Cargo.lock: take incoming (circuits 618db0a, hashbrown 0.17.1). - apollo_consensus_orchestrator gas-price test: combine the SNIP-35 const rename (#14220) with the rand 0.10 API change (#14194). - blockifier stack-trace fixture: drop the SierraGas VM-frame pc line, consistent with strip_vm_frames_in_sierra_gas at v0.14.3+ (#14251). - blockifier_versioned_constants_0_14_4.json: add the required strip_vm_frames_in_sierra_gas field. Silent merge skew: the file was added by #14237 before #14251 made the field mandatory. - proof_flow/proof.bin: regenerated under the v0.14.3 verifier (618db0a); verified by proof_flow_fixtures_verify and proof_flow_program_hash_is_allowed. - central_systest_blobs generation: kept at 26; the cende blob must be regenerated+uploaded for the merged content (UPDATE_EXPECT needs GCS creds). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
nimrod-starkware
left a comment
nimrod-starkware
left a comment
There was a problem hiding this comment.
Per-file conflict resolution notes for the fix_conflicts commit (adeb22dd89). Source side: main-v0.14.3. Destination side: main. Inline notes below.
Two resolutions can't be inline-commented, so they're recorded here:
proof_flow/proof.bin (binary) — regenerated, not a pick-a-side.
main(@dorimedini-starkware, #14258 / #14237) changed the proven statement (proof_facts.json: deploy-from-zero + v0.14.4 version).main-v0.14.3(@Yoni-Starkware, #14254) re-proved under the bumped privacy verifier (stwo rev618db0a), facts unchanged.
Neither side's proof is valid post-merge (merged facts = main's, merged verifier = 618db0a). Resolution: regenerated from the merged tree viagenerate_proof_fixtures(nightlystwo_proving).proof_facts.jsonis unchanged (already main's); onlyproof.binwas re-proved. Verified byproof_flow_fixtures_verify+proof_flow_program_hash_is_allowed. cc @dorimedini-starkware @Yoni-Starkware
central_systest_blobs/resources/blob_file_generation — no diff vs main (both at 26), so not inline-commentable.
main(@dorimedini-starkware, #14237) → 26;main-v0.14.3(@Yoni-Starkware, #14238) → 25.
⚠️ Follow-up required: the merged code carries both the CendeTest feature contract (#14238) and the v0.14.4 version (#14237), so the cende blob matches neither generation 25 nor 26.test_make_datamust be regenerated+uploaded from the merged tree withUPDATE_EXPECT=1in a GCS-credentialed environment (couldn't run here — GCS auth). Left at26as a placeholder. cc @Yoni-Starkware
ron-starkware
left a comment
ron-starkware
left a comment
There was a problem hiding this comment.
@ron-starkware reviewed 2 files.
Reviewable status: 91 of 96 files reviewed, 4 unresolved discussions (waiting on dorimedini-starkware, nimrod-starkware, sirandreww-starkware, and Yoni-Starkware).
…14.3-into-main-1780407216 # Conflicts: # crates/central_systest_blobs/resources/preconfirmed_block.json
Synced with
|
dorimedini-starkware
left a comment
dorimedini-starkware
left a comment
There was a problem hiding this comment.
@dorimedini-starkware made 3 comments.
Reviewable status: 87 of 96 files reviewed, 4 unresolved discussions (waiting on AvivYossef-starkware, nimrod-starkware, ron-starkware, sirandreww-starkware, and Yoni-Starkware).
dorimedini-starkware
left a comment
dorimedini-starkware
left a comment
There was a problem hiding this comment.
@dorimedini-starkware made 1 comment and resolved 1 discussion.
Reviewable status: 87 of 96 files reviewed, 3 unresolved discussions (waiting on AvivYossef-starkware, dorimedini-starkware, nimrod-starkware, ron-starkware, and Yoni-Starkware).
dorimedini-starkware
left a comment
dorimedini-starkware
left a comment
There was a problem hiding this comment.
@dorimedini-starkware reviewed 3 files and all commit messages.
Reviewable status: 89 of 96 files reviewed, 4 unresolved discussions (waiting on AvivYossef-starkware, nimrod-starkware, ron-starkware, and Yoni-Starkware).
…14.3-into-main-1780407216
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 651c584. Configure here.
dorimedini-starkware
left a comment
dorimedini-starkware
left a comment
There was a problem hiding this comment.
@dorimedini-starkware reviewed 93 files and all commit messages.
Reviewable status: all files reviewed, 4 unresolved discussions (waiting on AvivYossef-starkware, nimrod-starkware, and Yoni-Starkware).
dorimedini-starkware
left a comment
dorimedini-starkware
left a comment
There was a problem hiding this comment.
@dorimedini-starkware resolved 3 discussions.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on nimrod-starkware).
dorimedini-starkware
left a comment
dorimedini-starkware
left a comment
There was a problem hiding this comment.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on sirandreww-starkware).
dorimedini-starkware
left a comment
dorimedini-starkware
left a comment
There was a problem hiding this comment.
@dorimedini-starkware resolved 1 discussion.
Reviewable status:complete! all files reviewed, all discussions resolved (waiting on nimrod-starkware).
8 participants
No description provided.