Resolve TODOs and Improve EIP-7805 (FOCIL) Spec

[jihoonsong]

This PR resolves TODOs and improves the honest validator section of EIP-7805 spec. It contains minimal test changes and rest of tests will be added by the subsequent PR.

[GrapeBaBa]

There is a constant that is inconsistent in the SEPC and EIP documents.
In the EIP it used MAX_TRANSACTIONS_PER_INCLUSION_LIST, how in the spec it used MAX_TRANSACTIONS_PER_PAYLOAD.

[jihoonsong]

As of now, the latest discussion on this PR can be found here: https://hackmd.io/@jihoonsong/S1c2dhMrle

Please review it and provide some feedback. Thank you.

[jihoonsong]

This PR has been followed by lots of discussions and changes. To preserve history, those changes are contained in the second commit. For easier review, here is the change log:

• Add InclusionListStore to specify IL equivocation handling logic and IL transactions retrieval while abstracting it from the perspective of the Store.
  • This comes with get_inclusion_list_store, on_inclusion_list, store_inclusion_list and get_inclusion_list_transactions.
  • Compared to the first version of EIP-7805 spec, on_inclusion_list is modified to not repeat the p2p networking validation rule, consistent with other fork choice handlers.
• Add validate_inclusion_lists to the fork choice module for IL validation in on_block. validate_inclusion_lists validates the IL constraints using the ExecutionEngine interface.
• Add notify_inclusion_lists to ExecutionEngine, which is used for IL validation.
  • The name notify_inclusion_lists aligns with existing similar functions, which are notify_new_payload and notify_forkchoice_updated.
• Revert changes to state_transition and use validate_inclusion_lists, an abstract ExecutionEngine call, for IL validation.
  • The HackMD article provides detailed rationale.
• Add get_inclusion_list to ExecutionEngine.
  • An inclusion list committee member uses this ExecutionEngine interface to perform their inclusion list committee duty.
• Modify notify_forkchoice_updated to add inclusion_list_transactions to PayloadAttributes.
  • The proposer uses this ExecutionEngine interface to produce an execution payload that satisfies the IL constraints.
• Specify that the block for slot N satisfies the ILs for slot N-1.
  • The block for slot N is built during slot N-1 (without timing games) and satisfies the ILs for the same slot.
• Reformat Honest Validator to match the existing spec writing convention.
  • It now uses the ExecutionEngine interface instead of the actual Engine APIs.
  • Some sections were reformatted to match those of previous forks.
• Modify get_inclusion_list_committee's return type to support hash_tree_root calculation.

[jtraglia]

@jihoonsong this looks great, nice work! Just a couple nits + notes for later.

[jtraglia]

The setdefault stuff here is ugly 😅 I'll look into fixing that in a follow up PR.

[mkalinin]

I believe we should just remove setdefault stuff. This is because the store must already be initialized outside of this function call, thus setdefault becomes redundant

[jihoonsong]

It's not about store. It's just about Python's Dictionary.

I also don't like this part and that's why I asked @jtraglia if we can use DefaultDict. Let me think about how to improve this.

[jtraglia]

This is implicitly deduping the list of transactions, right? I think we should make this a little more explicit, because I almost missed this myself. Maybe something like this:

Suggested change

	inclusion_list_transactions = {
	transaction
	for inclusion_list in inclusion_lists
	if inclusion_list.validator_index not in equivocators
	for transaction in inclusion_list.transactions
	}
	return list(inclusion_list_transactions)
	inclusion_list_transactions = [
	transaction
	for inclusion_list in inclusion_lists
	if inclusion_list.validator_index not in equivocators
	for transaction in inclusion_list.transactions
	]
	# Deduplicate, order does not need to be preserved
	return list(set(inclusion_list_transactions))

[jihoonsong]

Well, the deduplication comes from the fact that inclusion_lists field of InclusionListStore has the value of set. Would adding a comment regarding this inside get_inclusion_list_transactions enhance readability?

[jtraglia]

We don't usually include the () to indicate a function in the specs. Personally, I do the same though 😢

Suggested change

	`get_inclusion_list_store()` and `get_inclusion_list_transactions()` to set the
	`get_inclusion_list_store` and `get_inclusion_list_transactions` to set the

[jtraglia]

I think there might need to be a config variable for this too. Let's deal with this later though.

[jihoonsong]

I think I added it at L54. Do you mean preset?

[mkalinin]

Left a few comments, a general question: what if we introduce inclusion_list.md and move InclusionListStore and on_inclusion_list to that new document? This will make FC spec cleaner. cc @jtraglia

[mkalinin]

A slight preference on the naming: is_inclusion_list_satisfied or something like that. Similarly to is_block_hash_valid and is_valid_versioned_hashes

[mkalinin]

I believe we should just remove setdefault stuff. This is because the store must already be initialized outside of this function call, thus setdefault becomes redundant

[mkalinin]

We should stop processing equivocations at some point in time. Potentially, at the beginning of the next slot. I believe this check can be introduced in a separate PR

[jihoonsong]

Yes I still remember this discussion on Discord. As it would change both the EIP and the CL spec, I think we need more eyes on this. I guess we can revisit this after we're in right momentum, i.e., SFIing EIP-7805. For now, I think we could focus on improvements and tests. But I'll keep this in mind.

[mkalinin]

This function processes the list, but not necessarily stores it. Slight preference in favour of process_inclusion_list name

[mkalinin]

A better way to spec this out would be stating which block_root should passed to the get_sync_committee_message call without modification of the function

[jihoonsong]

Sounds great!

[mkalinin]

It doesn’t sound right, a proposer may call prepare_execution_payload at 11.5s into a slot or even later in the case of re-org. I think the spec should say that proposer must not start the build process before the PROPOSER_INCLUSION_LIST_CUT_OFF and that a proposer must use a snapshot of ILs made at PROPOSER_INCLUSION_LIST_CUT_OFF in the prepare_execution_payload call

[jihoonsong]

I think it's up to proposers. They still have the freedom to start payload building process before PROPOSER_INCLUSION_LIST_CUT_OFF and we don't want to take it away. But you're right, this is misleading. A proposer can choose either start payload building earlier and update it with ILs after the deadline, or start payload building after the deadline. Let me change it.

[mkalinin]

Is this safe for a proposer to start building earlier? It can lead to the situation where proposer’s ILs are more relaxed because they started to build earlier and haven’t received some ILs yet. I think proposer "should not” start the build process before the cut off — this would probably be the right wording

[jihoonsong]

Isn't it safe as long as a proposer update the building process after the deadline? What I meant is a proposer can start payload building earlier AND update it with ILs after the deadline.

[mkalinin]

Oh, I see what you mean but in this case proposer will have to ensure that no new IL arrived after it has started to build earlier. Otherwise, that early built payload can’t be safely used. I agree, this should be up to proposer’s implementation. So, the ultimate requirement is: built payload should satisfy IL constraints observed by a proposer at the cut off