feat: add reth block replay example#49
Conversation
There was a problem hiding this comment.
We don't need to vendor the whole revm -- there is a fork that we can use, and it's already used in another example in the repository that has a required fix. We just need to depend on it.
There was a problem hiding this comment.
Switched the guest off the vendored revm-interpreter copy and onto the shared Jrigada/revm fork already used by examples/revm-basic. The guest now patches the revm crates from that fork, the vendored directory is removed, and I verified the change with cargo check --manifest-path examples/reth-block-replay/guest/Cargo.toml plus cargo airbender build --project examples/reth-block-replay/guest.
| fn parse_args() -> Result<bool> { | ||
| let mut prove = false; | ||
|
|
||
| for arg in std::env::args().skip(1) { | ||
| match arg.as_str() { | ||
| "--prove" => prove = true, | ||
| "-h" | "--help" => { | ||
| println!( | ||
| "Usage: airbender-reth-block-replay-host [--prove]\n\nEnvironment:\n RPC_URL JSON-RPC endpoint to replay from (default: http://localhost:8545)\n BLOCK_NUM Block number to replay (default: 1)" | ||
| ); | ||
| std::process::exit(0); | ||
| } | ||
| _ => { | ||
| return Err(eyre::eyre!( | ||
| "unknown argument {arg}; pass --prove to generate a proof" | ||
| )); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| Ok(prove) | ||
| } |
There was a problem hiding this comment.
This is a bigger example, so we can add clap to deps and do it properly.
There was a problem hiding this comment.
Switched the host to clap::Parser. The example now exposes --rpc-url, --block-num, and --prove as documented CLI flags with generated --help output.
| let rpc_url = std::env::var("RPC_URL").unwrap_or_else(|_| "http://localhost:8545".into()); | ||
| let block_num: u64 = std::env::var("BLOCK_NUM") | ||
| .unwrap_or_else(|_| "1".into()) | ||
| .parse()?; |
There was a problem hiding this comment.
These can be CLI arguments for clarity & documentation
There was a problem hiding this comment.
Moved RPC_URL/BLOCK_NUM out of the ad-hoc env parsing path. CI and the README now pass --block-num explicitly, and --rpc-url keeps the localhost default.
| match provider | ||
| .raw_request( | ||
| "debug_executionWitness".into(), | ||
| vec![serde_json::Value::String(block_hex.to_owned())], | ||
| ) | ||
| .await | ||
| { | ||
| Ok(witness) => Ok(witness), | ||
| Err(primary_err) => provider | ||
| .raw_request( | ||
| "debug_getExecutionWitness".into(), | ||
| vec![serde_json::Value::String(block_hex.to_owned())], | ||
| ) | ||
| .await | ||
| .map_err(|fallback_err| { |
There was a problem hiding this comment.
Doesn't alloy provide methods for all these RPC methods under corresponding feature? Not sure if we need to use raw implementation.
Also, for the method name, I think we may just use one that matches the docker image we use / one that is currently mentioned in their documentation, no need to be overly compatible.
| fn recover_signers(txs: &[TransactionSigned]) -> Result<Vec<UncompressedPublicKey>> { | ||
| txs.iter() | ||
| .enumerate() | ||
| .map(|(i, tx)| { | ||
| tx.signature() | ||
| .recover_from_prehash(&tx.signature_hash()) | ||
| .map(|keys| { | ||
| UncompressedPublicKey( | ||
| keys.to_encoded_point(false).as_bytes().try_into().unwrap(), | ||
| ) | ||
| }) | ||
| .map_err(|e| eyre::eyre!("failed to recover signature for tx #{i}: {e}")) | ||
| }) | ||
| .collect() | ||
| } |
There was a problem hiding this comment.
I think we can create an utils module for things like this.
There was a problem hiding this comment.
It looks like this comment was missed.
There was a problem hiding this comment.
Moved the host-side helper logic into host/src/utils.rs and kept main.rs focused on the replay flow. The shared commitment/output logic also moved out into the new shared crate so the host and guest use the same definition.
| fn b256_to_u32x8(hash: B256) -> [u32; 8] { | ||
| let bytes = hash.as_slice(); | ||
| let mut out = [0u32; 8]; | ||
| for i in 0..8 { | ||
| out[i] = u32::from_le_bytes([ | ||
| bytes[i * 4], | ||
| bytes[i * 4 + 1], | ||
| bytes[i * 4 + 2], | ||
| bytes[i * 4 + 3], | ||
| ]); | ||
| } | ||
| out | ||
| } |
There was a problem hiding this comment.
We can create a shared crate in which we will define a type e.g. CommittableB256(pub B256) for which we will implement Commit trait.
There was a problem hiding this comment.
It looks like this comment was missed.
There was a problem hiding this comment.
Added the shared crate for this. examples/reth-block-replay/shared now defines CommittableB256 plus the new ReplayCommitment output type, and the guest returns that type directly instead of hand-rolling [u32; 8] conversion in main.rs.
| // Gas, receipts, and bloom were validated before the state root check. | ||
| // For v1 receipts-only verification, state root mismatch is accepted. | ||
| b256_to_u32x8(expected_block_hash) |
There was a problem hiding this comment.
Why? No, we shouldn't allow that. Everything should match. If something doesn't match -- respond to this comment and explain why it fails before you fix, I'll request a fix explicitly.
There was a problem hiding this comment.
It looks like this comment was missed. To reiterate -- we need to support a real check for correctness. If your concern is public outputs, we can calculate, for example, a blake2 or keccak hash of all the checked outputs.
There was a problem hiding this comment.
Addressed. The guest no longer treats PostStateRootMismatch as acceptable: any stateless_validation error now aborts the run. I also moved the public output into a shared ReplayCommitment type that hashes the checked correctness summary (block hash, state root, receipts root, bloom, gas used, and requests hash when present) before committing it.
| return Ok(()); | ||
| } | ||
|
|
||
| let prover = program.cpu_prover().build()?; |
There was a problem hiding this comment.
Updated this to use the Alloy DebugApi extension for debug_get_raw_block and debug_execution_witness, and dropped the compatibility fallback. debug_chainConfig still stays on raw_request because Alloy does not expose a typed helper for that RPC.
| All other precompiles (sha256, ripemd160, modexp, blake2f, ecPairing for secp256r1, KZG, | ||
| BLS12-381) use revm's default software implementations. |
There was a problem hiding this comment.
Am I missing something, or at least some of these precompiles can be optimized using corresponding delegations? If so, we must introduce integrations for all the implementations.
There was a problem hiding this comment.
Narrowed the README here. It now documents the example-scoped Crypto hooks we install without framing this as complete delegated precompile coverage.
|
@popzxc latest feedback is addressed in Summary:
Validation:
|
| @@ -0,0 +1,110 @@ | |||
| #!/usr/bin/env bash | |||
There was a problem hiding this comment.
I think this script will be more readable if it would be written in python3. Let's avoid any dependencies though, and try to make it compatible by default (e.g. no fancy features).
There was a problem hiding this comment.
Replaced the shell script with a dependency-free python3 version at docker/generate-blocks.py and switched both the README and CI job over to it. I kept the same end-to-end behavior and verified it locally with the generated block flow.
| // Gas, receipts, and bloom were validated before the state root check. | ||
| // For v1 receipts-only verification, state root mismatch is accepted. | ||
| b256_to_u32x8(expected_block_hash) |
There was a problem hiding this comment.
It looks like this comment was missed. To reiterate -- we need to support a real check for correctness. If your concern is public outputs, we can calculate, for example, a blake2 or keccak hash of all the checked outputs.
| fn b256_to_u32x8(hash: B256) -> [u32; 8] { | ||
| let bytes = hash.as_slice(); | ||
| let mut out = [0u32; 8]; | ||
| for i in 0..8 { | ||
| out[i] = u32::from_le_bytes([ | ||
| bytes[i * 4], | ||
| bytes[i * 4 + 1], | ||
| bytes[i * 4 + 2], | ||
| bytes[i * 4 + 3], | ||
| ]); | ||
| } | ||
| out | ||
| } |
There was a problem hiding this comment.
It looks like this comment was missed.
| fn recover_signers(txs: &[TransactionSigned]) -> Result<Vec<UncompressedPublicKey>> { | ||
| txs.iter() | ||
| .enumerate() | ||
| .map(|(i, tx)| { | ||
| tx.signature() | ||
| .recover_from_prehash(&tx.signature_hash()) | ||
| .map(|keys| { | ||
| UncompressedPublicKey( | ||
| keys.to_encoded_point(false).as_bytes().try_into().unwrap(), | ||
| ) | ||
| }) | ||
| .map_err(|e| eyre::eyre!("failed to recover signature for tx #{i}: {e}")) | ||
| }) | ||
| .collect() | ||
| } |
There was a problem hiding this comment.
It looks like this comment was missed.
| This example backend implements `secp256k1_ecrecover`, `bn254_g1_add`, `bn254_g1_mul`, and | ||
| `bn254_pairing_check`. Other revm precompiles continue using their default implementations. |
There was a problem hiding this comment.
Can we add native support for more precompiles? If so, we should. This example is meant to demonstrate the full-fledged integration of airbender, so we should utilize airbender delegations in all the places where it makes sense.
There was a problem hiding this comment.
Expanded the custom backend coverage in this pass. In addition to the existing secp256k1/BN254 hooks, AirbenderCrypto now overrides sha256, ripemd160, and secp256r1_verify_signature, and the example contract/script now exercise the SHA-256 and RIPEMD-160 precompiles as part of the generated replay block. I left modexp and blake2f on revm defaults because I could not map them to matching Airbender primitives in this repository today.
ia-agentic
left a comment
ia-agentic
left a comment
There was a problem hiding this comment.
@popzxc requested me to review this PR.
I didn't find a code-level correctness bug in the Airbender replay flow itself. Manual QA on the prepared commit succeeded for the documented dev block: python3 examples/reth-block-replay/docker/generate-blocks.py produced BLOCK_NUM=2, and cargo run --release --manifest-path examples/reth-block-replay/host/Cargo.toml -- --block-num 2 completed with Guest execution: cycles=10555727.
I also tried to get the same-block number from the current matter-labs/ethereum-prover stack. I could not produce a comparable ZKsync OS cycle count on this reth --dev block: ethereum_prover --config ... block 2 fails during forward run with withdrawal requests must be processed: EIP-7002 withdrawal contract is not deployed, so the comparison is currently blocked by the dev-chain setup rather than this PR's host/guest logic. If we want this example to double as a cross-stack benchmark, we probably need a source block/profile that both Airbender and the current ZKsync OS pipeline can execute.
|
@popzxc new bot updates are ready on commit |
2 participants
Summary
examples/reth-block-replaydebug_getRawBlockplusdebug_executionWitness(withdebug_getExecutionWitnessfallback), replays the block withstateless, and commits the verified block hashImportant context
reth --devcurrently returns only a partialdebug_chainConfig, so the host resolves that case with the built-in dev chain config usingeth_chainIdrevm-interpreterso the example stays self-contained and avoids RV32mulhcodegen inmemory_gas--prove, but CI only runs the simulation path because proving is substantially heavierVerified
cargo airbender build --project examples/reth-block-replay/guest -- --lockedbash examples/reth-block-replay/docker/generate-blocks.shBLOCK_NUM=2 cargo run --release --manifest-path examples/reth-block-replay/host/Cargo.toml --lockedcargo run --release --manifest-path examples/reth-block-replay/host/Cargo.toml --locked -- --help