Introduce hotswapping prod committee for dev committee#4235
Draft
Introduce hotswapping prod committee for dev committee#4235
Conversation
ljedrz
reviewed
Apr 28, 2026
| #[cfg(feature = "test_network")] | ||
| dev_start_round: Option<u64>, | ||
| #[cfg(feature = "test_network")] | ||
| dev_num_validators: Option<String>, |
Collaborator
There was a problem hiding this comment.
why not immediately expect a u16?
ljedrz
reviewed
Apr 28, 2026
|
|
||
| /// Returns the deterministic dev committee for rounds at or after the hotswap start. | ||
| #[cfg(feature = "test_network")] | ||
| fn dev_committee_for_round(&self, round: u64) -> Result<Option<Committee<N>>> { |
Collaborator
There was a problem hiding this comment.
shouldn't this be created just once? current_committee is called routinely
ljedrz
reviewed
Apr 28, 2026
| fn get_committee_lookback_for_round(&self, round: u64) -> Result<Committee<N>> { | ||
| #[cfg(feature = "test_network")] | ||
| { | ||
| if let Some(dev_committee) = self.dev_committee_for_round(round)? { |
Collaborator
There was a problem hiding this comment.
shouldn't this only be triggered if round >= dev_start_round?
ljedrz
reviewed
Apr 28, 2026
Collaborator
ljedrz
left a comment
ljedrz
left a comment
There was a problem hiding this comment.
Left some initial comments.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
E2E test would be more robust if we manage to fully replicate our production state and environment.
One blocker to this end is that snarkOS currently tightly couples ledger state and consensus. More concretely: a dev committee is not authorized to produce new blocks on top of production ledger state. This PR changes this by supporting hotswapping of a ledger without too many code changes through the use of a
DEV_COMMITTEE_NUM_VALIDATORSenvironment variable and a--dev-on-prodflag. The relevant codepaths are compile-guarded by thetest_networkfeature. I didn't introduce a new compilation feature to keep our testing environment simple.The new settings enable the use of a production genesis block and disable checks on certificates. In order to avoid mutilating snarkVM, the entire call to
check_next_blockis skipped.Open work
trusted_ledger_certificatebool safe? Note that contrary to its name,sync_storage_with_ledger_at_bootupalso runs after finishing fast-sync.DEV_COMMITTEE_NUM_VALIDATORSin favour of just having a flag? Properly compile-time guarding so many function signatures will be a pain.Test Plan