Add a client for BankForks

[garious]

Problems

• Can't really unit-test client-side Rust apps
• Little hope of leveraging RpcClient code in the browser

Summary of Changes

• Add BanksClient, implemented with tarpc
• Open a new validator port for the BanksClient bincode-via-TCP transport
• Port solana-tokens to BanksClient

[codecov]

Codecov Report

Merging #10728 into master will increase coverage by 0.0%.
The diff coverage is 88.0%.

@@           Coverage Diff            @@
##           master   #10728    +/-   ##
========================================
  Coverage    81.9%    82.0%            
========================================
  Files         318      323     +5     
  Lines       74872    75267   +395     
========================================
+ Hits        61371    61732   +361     
- Misses      13501    13535    +34     

[garious]

@jstarry, can you evaluate solana_sdk::bank_forks_client::ThinClient for usage via WebAssembly?

[jstarry]

@garious looks pretty good. It's cool that tarpc let's you bring your own client transport. We would need a wasm / browser friendly transport using fetch or websockets.

The only wasm blocker that I found was tarpc's use of tokio::time which uses std::time::Instant internally. That could easily replaced with something browser friendly. There may be other parts that aren't wasm friendly but nothing big stood out.

[jstarry]

We could use / create something like https://github.com/tomaka/wasm-timer

[jstarry]

Hey @garious I tried out your branch and was able to get it working in the browser using a ws transport 🎉

As I pointed out before, the main big hurdle is the lack of support of SystemTime and Instant APIs in the browser. For those, we need to use the browser api equivalent. To summarize:

1. tarpc uses SystemTime::now() in context::current() which is used for creating requests. I patched tarpc to be able to supply a custom SystemTime which I can create in wasm without using SystemTime::now() (which panics). Pretty simple and I imagine we could upstream this (or a similar) change to tarpc
2. tarpc uses tokio::time for timing out Futures. The Tokio API takes a deadline duration and adds to Instant::now() which panics in wasm. I opted to just elide timeouts entirely for my proof of concept but of course we don't want that. I'm not sure the best way to upstream a fix for this since there's not much movement on wasm support in tokio in general but they do seem open to it.

There were a few other issues:

1. ed25519-dalek uses clear_on_drop which is wasm incompatible. They use the wasm-friendly zeroize in the dev branch so hopefully that gets released soonish. But for now, it's easy enough to patch it for wasm.
2. I think you brought this up already but BanksClient has annoying lifetime constraints. I had to Rc<RefCell<..>> wrap it in order to make the rust compiler happy
3. Adding the WS transport wasn't too bad but the wasm / async WS crate I used for the client is pretty new and needs improvements: https://docs.rs/ws_stream_wasm
4. (minor) Had to reduce enabled features for some dependencies in the SDK and disable some wasm-incompatible modules like genesis_config, hard_forks, and shred_version.

[carllin]

@ryoqun, Right now queries to get specific account state on a cluster confirmed root < current root are unsupported, as they will just default to account state on current root right? I think this may be a bigger overarching issue with trying to query state from before the root.

[CriesofCarrots]

@ryoqun, Right now queries to get specific account state on a cluster confirmed root < current root are unsupported, as they will just default to account state on current root right? I think this may be a bigger overarching issue with trying to query state from before the root.

@carllin yes, see: #11161

[garious]

I'll rebase on #11188. More code review comments?

[jstarry]

Looking good! I'm definitely in favour of tarpc

[jstarry]

Should we send the transaction through the preflight checker first?

[garious]

@jstarry @mvines, so I nearly added this feature today, but am now thinking there's some good reasons not to. Unlike jsonrpc, I'd like for BanksServer to be lightweight enough that every validator could run it, and not be too concerned about a DoS. The only errors that simulate_transaction can detect are InsufficientFundsForTransactionFee and SigVerifyFailed. Both of those can be done client-side. The other thing simulating can do is find program errors without paying for the transaction fee - why should the RPC node eat that cost, when otherwise the user would pay the transaction fee, which pays for signature verification and running the program?

[aeyakovenko]

Public RPC nodes are not voting. The DOS vector and the cost they eat doesn't have impact on security. admins can sandbox them without performance impact on consensus.

[garious]

@aeyakovenko, not talking about DOSing the cluster, just the RPC node. It's a UX issue, not a security issue.

[jstarry]

The web3 SDK uses confirmation counts to confirm transactions now. I think we should have the BanksClient follow that example. The confirmations in TransactionStatus represent the number of cluster confirmations.

[garious]

I'll think on this. Personally, I'd prefer to subscribe to a stream of events.

[jstarry]

Does this mean that only 10 concurrent requests are allowed? Seems like it should be quite a bit higher

[garious]

Yeah, we'll want to tune everything in this function. I think that can be a separate PR though.

[jstarry]

If we replace commitment with confirmations in send_and_confirm_transaction, then I propose we default process_transaction to 0 or 1 confirmation(s).

Then we could have:

1. send_transaction
2. execute_transaction / process_transaction which waits for 0 or 1 confirmation(s)
3. settle_transaction which waits for MAX confirmations
4. [optional] confirm_transaction for user-specified confirmations

cc @aeyakovenko

[aeyakovenko]

• Execute

Transaction has been replicated by turbine across the cluster, or settled.

• Settlement=X
  The block or a child has reached at least X% safety or has been finalized

• Finalized=X
  Rooted by at least X%

Do we need to query specifically for local finality?

Tag @carllin

[CriesofCarrots]

I am in favor as well

[carllin]

@jstarry @aeyakovenko makes sense to me. Seems like on the scale of finality, with local finality one one end and MAX on the other, not sure practically what most clients would feel safe with. >33% seems like a good enough number to make rollback impossible.

For the execution receipts, feel free to add to the issue here: #11116

[garious]

I don't like these APIs where the client attempts to pick one and only one event. We should be exposing the data, not interpreting it. In this case, it's an event stream. Instead of returning a value, we should be passing in a client-side object that gets notified each time a relevant event occurs.

@jstarry From what I can tell, tarpc may not work well for this case. In their pubsub example, the caller needs to provide an address for the server to connect to. That wouldn't allow a client to sit behind a firewall. Also, it lets the server pick the upstream stream transport, which is weird. It's possible tarpc needs some rework to allow for upstream communication via the same transport.

[garious]

@jstarry, @aeyakovenko, @CriesofCarrots, perhaps there should be a CommitmentLevel::Confirmations(u8)?

[garious]

@CriesofCarrots @jstarry, how's this look? I don't know if we've ever stated "commitment level means ...". I found it quite difficult to describe - maybe a red flag that I got it wrong.

[jstarry]

@jstarry From what I can tell, tarpc may not work well for this case. In their pubsub example, the caller needs to provide an address for the server to connect to. That wouldn't allow a client to sit behind a firewall. Also, it lets the server pick the upstream stream transport, which is weird. It's possible tarpc needs some rework to allow for upstream communication via the same transport.

@garious I just took a look as well and I agree. tarpc would need changes to support a proper pubsub interface with Stream responses. Right now, the framework considers a request to be finished when it a response is sent or the request is canceled. Once there are no more pending requests, the connection is closed.

[jstarry]

@garious As for streams of events for something like finality, I also think it would be useful. I think the primary use case would end up being a progress indicator. The progress could indicate number of confirmations or X% of stake that has confirmed. This is functionality that we don't have in the current RPC API so I think it can come later

I don't like these APIs where the client attempts to pick one and only one event

If clients want to get notified for both execution and settlement for a given transaction, they can send two requests.

perhaps there should be a CommitmentLevel::Confirmations(u8)

I'm second guessing exposing confirmations in a confirmTransaction API. It's probably best to have a few sensible defaults in the API (either execute / settle or stick with commitment) to keep things simple for clients. If devs need something custom, they'll tell us and we can learn more about what guarantees they need and go from there

[garious]

@jstarry, fyi, new https://github.com/google/tarpc/blob/master/tarpc/examples/pubsub.rs that shares the client connection

[garious]

What do you all think about merging this one as-is? On its current trajectory, it's an improvement over RpcClient for some Rust CLI tooling and obsoletes BankClient. But also, with 1.3 out the door, we have plenty of time to make it even better before it goes into production.

[mvines]

sgtm! Honestly I've not reviewed but it's gotta be an improvement. How could it not be :)