FIP-0031: Atomic switch to non-programmable FVM #294
Conversation
raulk
requested review from
anorth,
arajasek,
jennijuju,
kaitlin-beegle and
momack2
as code owners
FIPS/fip-atomic_fvm_switch.md
Outdated
| @@ -0,0 +1,265 @@ | |||
| --- | |||
| fip: <to be assigned> | |||
FIPS/fip-atomic_fvm_switch.md
Outdated
| ## Change Motivation | ||
|
|
||
| Swapping out core components in the execution layer of a blockchain is a complex | ||
| operation. It's analogous to replacing the engine of an airplane while airborne. |
There was a problem hiding this comment.
The overly dramatic analogy is not helpful here.
FIPS/fip-atomic_fvm_switch.md
Outdated
| For this reason, its advisable to manage risk carefully. Monolithic, big-bang | ||
| deployments are risky. It's appropriate to break up changes in smaller units | ||
| that can be deployed in an orderly, incremental fashion, eventually leading up | ||
| to the final goal: on-chain user-programmability. |
There was a problem hiding this comment.
Style nit: prefer first-person. "We advise...."
FIPS/fip-atomic_fvm_switch.md
Outdated
| | `fil/7/verifiedregistry` | TBD | | ||
|
|
||
| > Notes: | ||
| > What would a premigration look like here? |
There was a problem hiding this comment.
It's not that big, probably unnecessary.
FIPS/fip-atomic_fvm_switch.md
Outdated
| WIP. | ||
|
|
||
| ## Backwards Compatibility | ||
|
|
There was a problem hiding this comment.
Note whether or not a node running the intrinsic actors is expected to be able to maintain sync after this epoch, after simple changes like changing the code CIDs.
|
A couple of questions to answer:
|
We're not sure yet. Unptimized, I'm seeing my lotus/FVM node go from 1.5-3s block validation times, to 3-6s. Luckily:
I'm planning on running a mock upgrade on a test network to force us to get everything in-place. We have 3 upgrade points:
I'd like to test 1 and 3 (an upgrade that swaps out both the actors and the FVM itself) in a test network before calling the upgrade "ready".
Our current best source of test coverage is our test vectors. Once we get some test coverage information (see filecoin-project/ref-fvm#314) we can determine how dire the situation really is. I'd also like to "foreward-port" our test vectors to newer network versions by re-running them while ignoring anything related to gas. But I'm actually less concerned about test coverage than I am about test frameworks. We need to be able to write tests quickly if we want to be able to fix bugs quickly. |
|
Thanks @Stebalien. By asking the question I really meant that the FIP text should answer it. I get that the validation cost question may be "we don't know" at present, but, if you want to rush the FIP, we could still outline the policy options. |
anorth
changed the title
|
Hi @fips-editors - from a FIP DRAFT completion perspective, i think its good to merge? authors may address the comments in follow up PRs and work towards last call? |
|
Fine to merge as a draft. I don't think it can move to last call with the |
Co-authored-by: Jiaying Wang <[email protected]>
A few days ago, we submitted FIP-0030 (Introducing the Filecoin Virtual Machine). That FIP served as a baseline specification for the FVM, and did not propose concrete network actions.
This FIP that proposes the activation of a non-programmable version of the FVM in the Filecoin network.
In terms of deployment, this FIP should be coupled with an upcoming FIP that proposes a rearchitecture of the gas model to prepare for arbitrary code.