chore: run ingress filter on latest certified state #7685
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
This pull request changes code owned by the Governance team. Therefore, make sure that
you have considered the following (for Governance-owned code):
-
Update
unreleased_changelog.md(if there are behavior changes, even if they are
non-breaking). -
Are there BREAKING changes?
-
Is a data migration needed?
-
Security review?
How to Satisfy This Automatic Review
-
Go to the bottom of the pull request page.
-
Look for where it says this bot is requesting changes.
-
Click the three dots to the right.
-
Select "Dismiss review".
-
In the text entry box, respond to each of the numbered items in the previous
section, declare one of the following:
-
Done.
-
$REASON_WHY_NO_NEED. E.g. for
unreleased_changelog.md, "No
canister behavior changes.", or for item 2, "Existing APIs
behave as before.".
Brief Guide to "Externally Visible" Changes
"Externally visible behavior change" is very often due to some NEW canister API.
Changes to EXISTING APIs are more likely to be "breaking".
If these changes are breaking, make sure that clients know how to migrate, how to
maintain their continuity of operations.
If your changes are behind a feature flag, then, do NOT add entrie(s) to
unreleased_changelog.md in this PR! But rather, add entrie(s) later, in the PR
that enables these changes in production.
Reference(s)
For a more comprehensive checklist, see here.
GOVERNANCE_CHECKLIST_REMINDER_DEDUP
github-actions
bot
added
@team-dsm
@governance-team
@product-security
@consensus
labels
mraszyk
dismissed
github-actions[bot]’s stale review
No canister behavior changes.
5 participants
This PR makes the ingress filter run on the latest certified state (instead of the latest - potentially uncertified - state).
Motivation
This change fixes the following inconsistency for non-replicated execution:
In the last two cases, no certificate is provided to execution and thus both certified and uncertified states could be used technically:
Since it is not clear why a more "recent" uncertified state is more appropriate, we switch to using the latest certified state in all cases.
Changes to Tests
StateMachine/PocketIC tests execute an empty round at the very beginning to always have a certified state available. This makes the first checkpoint be produced earlier and changes the randomness delivered to canisters in such tests (its seed is derived from the round number which increases by one). There's no change in round timestamps.