feat(alloy-op-evm): post-exec block executor and SDM warming inspector#20213
Open
feat(alloy-op-evm): post-exec block executor and SDM warming inspector#20213
Conversation
nonsense
force-pushed
the
nonsense/sdm/post-exec-block-executor
branch
from
d88b6a5 to
4fafc44
Compare
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #20213 +/- ##
===========================================
- Coverage 75.1% 0.5% -74.7%
===========================================
Files 183 489 +306
Lines 11304 63445 +52141
===========================================
- Hits 8494 326 -8168
- Misses 2666 63119 +60453
+ Partials 144 0 -144
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
Add the canonical post-exec block executor, along with the first feature riding on it — SDM (Sequencer-Defined Metering) block-level warming refunds, delivered by the SDMWarmingInspector. - OpBlockExecutor gains three PostExecModes (Disabled / Produce / Verify(payload) / Invalid). Produce accumulates per-tx refund entries for the payload builder to append as a synthetic 0x7D tx; Verify validates an embedded payload against local replay; Disabled is the legacy path (byte-identical to pre-SDM). - SDMWarmingInspector tracks first-warmer provenance for accounts and storage slots, emits exact refund attribution events for every re-touch past the EIP-2929 warm threshold, and suppresses claims from Deposit and synthetic PostExec tx kinds. - Verify-mode validations reject duplicate payload indexes, payload entries targeting deposits or the 0x7D tx itself, and refunds that exceed the tx's raw gas. `apply_pre_execution_changes` debug_asserts the Produce hooks are wired so a downstream fork can't silently drop refunds. - Canonical gas settlement credits the sender, debits the beneficiary and base-fee recipient by the refunded-gas component of their share, and commits the deltas when canonical gas falls below raw gas. - beneficiary_gas_price can legitimately saturate at zero when a legacy tx's gas price equals basefee; inline comment documents the consensus-valid zero case.
Extend op-reth's EvmConfig with the post-exec hooks the new OpBlockExecutor expects. Downstream uses: - The payload builder asks the executor to Produce + drains refund entries via post_exec_executor_for_block + take_post_exec_entries. - The replay RPC asks for the same Produce mode but on a stripped block (0x7D removed) to compare synthesized refunds against the embedded payload. OpEvm auto-wires the SDMWarmingInspector begin/take hooks so callers don't have to plumb them manually; the alloy-op-evm debug_assert guards the failure mode if a downstream fork bypasses OpEvm.
Append a type-0x7D post-exec transaction at the tail of the block when the sequencer builds under --rollup.sdm-enabled. The tx carries the executor's accumulated refund entries as its RLP payload and canonicalizes this node's gas accounting with what a verifier will later independently replay. - OpBuilderConfig/CLI flag (`--rollup.sdm-enabled`) — off by default. When off, the payload path is byte-identical to the pre-feature code. - try_include_post_exec_tx wraps the executor's refund entries in a TxPostExec, executes it, and aborts the payload build with PayloadBuilderError::EvmExecutionError on any synthetic-tx execution failure. Silently dropping it would yield a payload that no honest verifier can reproduce. - Unit tests pin the abort path (should-not-be-Ok-on-failure), the no-entries skip, and the happy-path wrapping of entries. - custom-node example switches to NoopPayloadServiceBuilder; the upstream OpPayloadBuilder is now specialized for OpTransactionSigned to carry the post-exec tx and no longer composes with the example's custom tx type. Doc comment explains what downstream forks need.
nonsense
force-pushed
the
nonsense/sdm/post-exec-block-executor
branch
from
4fafc44 to
8f80648
Compare
…tants - Reject 0x7D txs in Disabled/Invalid modes. Previously `execute_transaction_without_commit` short-circuited any post-exec tx regardless of mode, so a follower with SDM off would silently accept a payload it never validates — state would diverge without a loud failure. - Reject Produce-mode refunds that exceed raw gas used. An inspector over-attribution would otherwise saturate canonical gas to zero and emit an SDMGasEntry that a verifier rejects at pre-execution; failing the payload build here is strictly better than shipping a block the sequencer can't self-verify. - Replace the 2500/2000/2100 magic numbers in SDMWarmingInspector with ACCOUNT_REWARM_REFUND / SLOAD_REWARM_REFUND / SSTORE_REWARM_REFUND and cite the EIP-2929 derivation. - Restore `OpBuilderConfig::new(da_config, gas_limit_config)` to its pre-branch 2-arg signature; add `new_with_sdm` for the SDM-aware constructor so external callers don't break. Tests pin: - Disabled/Invalid modes hard-fail at `execute_transaction` time. - Produce mode rejects a fake over-refund take-hook. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
nonsense
force-pushed
the
nonsense/sdm/post-exec-block-executor
branch
from
37f0705 to
052c1d6
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes: #20178
Fixes: #20179
This PR add post-execution refund mechanism where the sequencer detects intra-block warming and carries the resulting gas refunds in a 0x7D transaction appended at the end of the block.
Verifiers re-run the block and reject it unless the embedded payload matches what they independently computed - this is probably something we want to remove, but is a good sanity check right now.
SDM is still disabled by default at every layer.
--rollup.sdm-enableddefaults tofalse. The payload builder'swith_sdm_enabled(false)is whatOpNodepasses in. Without this flag, the sequencer's payload path is identical to pre-feature (no 0x7D injection, notry_include_post_exec_txcall).PostExecMode::Disabledis #[derive(Default)]. UnderDisabled,post_exec_refund = 0for every tx, settlement deltas are all zero, and the canonical gas path collapses to the pre-feature behavior.Verifymode. You'd have to opt in via the newcontext_for_block_with_post_exec_modehelper, which isn't wired into any existing pipeline in this branch.End-to-end tests are added in a follow-up PR.
Related: #20216