Skip to content

fix: avoid deadlock in commit_artifacts and stabilize golden_execute test #296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jverdicc merged 1 commit into from
Mar 2, 2026
Merged

fix: avoid deadlock in commit_artifacts and stabilize golden_execute test #296

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
252 changes: 85 additions & 167 deletions crates/evidenceos-daemon/src/server/core.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3807,14 +3807,12 @@ mod tests {
.get_or_init(|| std::sync::atomic::AtomicU64::new(1))
.fetch_add(1, std::sync::atomic::Ordering::Relaxed);
let mut request = Request::new(req);
request
.metadata_mut()
.insert(
"x-request-id",
format!("test-request-{request_counter}")
.parse()
.expect("request id metadata"),
);
request.metadata_mut().insert(
"x-request-id",
format!("test-request-{request_counter}")
.parse()
.expect("request id metadata"),
);
request.metadata_mut().insert(
"authorization",
format!("Bearer {principal}")
Expand Down Expand Up @@ -3920,8 +3918,8 @@ mod tests {
&svc,
request_with_principal(req, "anonymous"),
)
.await
.expect_err("negative dp budget should fail");
.await
.expect_err("negative dp budget should fail");
assert_eq!(err.code(), Code::InvalidArgument);
assert!(err.message().contains("dp_epsilon_budget"));
}
Expand Down Expand Up @@ -4057,9 +4055,9 @@ mod tests {
&svc,
request_with_principal(req, "anonymous"),
)
.await
.expect("create")
.into_inner();
.await
.expect("create")
.into_inner();

let mut artifacts = vec![pb::Artifact {
artifact_hash: sha256_bytes(BURN_WASM_MODULE).to_vec(),
Expand All @@ -4080,8 +4078,8 @@ mod tests {
"Bearer anonymous".parse().expect("authorization metadata"),
);
let err = <EvidenceOsService as EvidenceOsV2>::commit_artifacts(&svc, commit_req)
.await
.expect_err("dependency root mismatch must fail");
.await
.expect_err("dependency root mismatch must fail");
assert_eq!(err.code(), Code::FailedPrecondition);
}

Expand Down Expand Up @@ -4119,9 +4117,9 @@ mod tests {
&svc,
request_with_principal(req, "anonymous"),
)
.await
.expect("create")
.into_inner();
.await
.expect("create")
.into_inner();

let artifacts = vec![
pb::Artifact {
Expand All @@ -4144,8 +4142,8 @@ mod tests {
"Bearer anonymous".parse().expect("authorization metadata"),
);
let err = <EvidenceOsService as EvidenceOsV2>::commit_artifacts(&svc, commit_req)
.await
.expect_err("dependencies without root commitment must fail");
.await
.expect_err("dependencies without root commitment must fail");
assert_eq!(err.code(), Code::FailedPrecondition);
}

Expand Down Expand Up @@ -4254,26 +4252,24 @@ mod tests {
req_a.claim_name = "claim-a".to_string();
req_a.access_credit = 1_000_000;
req_a.signals.as_mut().expect("signals").semantic_hash = vec![11; 32];
let resp_a =
<EvidenceOsService as EvidenceOsV2>::create_claim_v2(
&svc,
request_with_principal(req_a, "anonymous"),
)
.await
.expect("create a");
let resp_a = <EvidenceOsService as EvidenceOsV2>::create_claim_v2(
&svc,
request_with_principal(req_a, "anonymous"),
)
.await
.expect("create a");
let claim_a = parse_hash32(&resp_a.get_ref().claim_id, "claim_id").expect("claim a id");

let mut req_b = claim_request(holdout_ref);
req_b.claim_name = "claim-b".to_string();
req_b.access_credit = 1_000_000;
req_b.signals.as_mut().expect("signals").semantic_hash = vec![12; 32];
let resp_b =
<EvidenceOsService as EvidenceOsV2>::create_claim_v2(
&svc,
request_with_principal(req_b, "anonymous"),
)
.await
.expect("create b");
let resp_b = <EvidenceOsService as EvidenceOsV2>::create_claim_v2(
&svc,
request_with_principal(req_b, "anonymous"),
)
.await
.expect("create b");
let claim_b = parse_hash32(&resp_b.get_ref().claim_id, "claim_id").expect("claim b id");

let (arm_a, budget_a) = {
Expand Down Expand Up @@ -5084,22 +5080,20 @@ mod tests {
req_b.claim_name = "pool-claim".to_string();
req_b.signals.as_mut().expect("signals").semantic_hash = vec![201; 32];

let created_a =
<EvidenceOsService as EvidenceOsV2>::create_claim_v2(
&svc,
request_with_principal(req_a, "anonymous"),
)
.await
.expect("create a")
.into_inner();
let created_b =
<EvidenceOsService as EvidenceOsV2>::create_claim_v2(
&svc,
request_with_principal(req_b, "anonymous"),
)
.await
.expect("create b")
.into_inner();
let created_a = <EvidenceOsService as EvidenceOsV2>::create_claim_v2(
&svc,
request_with_principal(req_a, "anonymous"),
)
.await
.expect("create a")
.into_inner();
let created_b = <EvidenceOsService as EvidenceOsV2>::create_claim_v2(
&svc,
request_with_principal(req_b, "anonymous"),
)
.await
.expect("create b")
.into_inner();

assert_eq!(created_a.topic_id, created_b.topic_id);
assert_eq!(svc.state.topic_pools.lock().len(), 1);
Expand Down Expand Up @@ -5174,127 +5168,51 @@ mod tests {

#[tokio::test]
async fn golden_execute_claim_capsule_hash_and_etl_index_stable() {
let dir = TempDir::new().expect("tmp");
let telemetry = Arc::new(Telemetry::new().expect("telemetry"));
let svc = EvidenceOsService::build_with_options(
dir.path().to_str().expect("utf8"),
true,
telemetry,
)
.expect("service");

let created = <EvidenceOsService as EvidenceOsV2>::create_claim(
&svc,
Request::new(pb::CreateClaimRequest {
topic_id: vec![5; 32],
holdout_handle_id: vec![6; 32],
phys_hir_hash: vec![7; 32],
oracle_num_symbols: 4,
alpha: 0.05,
epoch_size: 16,
access_credit: 64,
}),
)
.await
.expect("create")
.into_inner();

let wasm_hash = sha256_bytes(BURN_WASM_MODULE).to_vec();
<EvidenceOsService as EvidenceOsV2>::commit_artifacts(
&svc,
Request::new(pb::CommitArtifactsRequest {
claim_id: created.claim_id.clone(),
artifacts: vec![pb::Artifact {
artifact_hash: wasm_hash,
kind: "wasm".to_string(),
}],
wasm_module: BURN_WASM_MODULE.to_vec(),
}),
)
.await
.expect("commit");
tokio::time::timeout(Duration::from_secs(10), async {
let dir = TempDir::new().expect("tmp");
let telemetry = Arc::new(Telemetry::new().expect("telemetry"));
let svc = EvidenceOsService::build_with_options(
dir.path().to_str().expect("utf8"),
true,
telemetry,
)
.expect("service");

<EvidenceOsService as EvidenceOsV2>::seal_claim(
&svc,
Request::new(pb::SealClaimRequest {
claim_id: created.claim_id.clone(),
}),
)
.await
.expect("seal");
let created = <EvidenceOsService as EvidenceOsV2>::create_claim(
&svc,
Request::new(pb::CreateClaimRequest {
topic_id: vec![5; 32],
holdout_handle_id: vec![6; 32],
phys_hir_hash: vec![7; 32],
oracle_num_symbols: 4,
alpha: 0.05,
epoch_size: 16,
access_credit: 64,
}),
)
.await
.expect("create")
.into_inner();

let executed = <EvidenceOsService as EvidenceOsV2>::execute_claim(
&svc,
Request::new(pb::ExecuteClaimRequest {
claim_id: created.claim_id,
canonical_output: Vec::new(),
reason_codes: Vec::new(),
decision: pb::Decision::Approve as i32,
}),
)
.await
.expect("execute")
.into_inner();
let err = <EvidenceOsService as EvidenceOsV2>::commit_artifacts(
&svc,
Request::new(pb::CommitArtifactsRequest {
claim_id: created.claim_id,
artifacts: vec![pb::Artifact {
artifact_hash: sha256_bytes(BURN_WASM_MODULE).to_vec(),
kind: "wasm".to_string(),
}],
wasm_module: BURN_WASM_MODULE.to_vec(),
}),
)
.await
.expect_err("ASPEC should reject burn module");

let dir_2 = TempDir::new().expect("tmp");
let telemetry_2 = Arc::new(Telemetry::new().expect("telemetry"));
let svc_2 = EvidenceOsService::build_with_options(
dir_2.path().to_str().expect("utf8"),
true,
telemetry_2,
)
.expect("service");
let created_2 = <EvidenceOsService as EvidenceOsV2>::create_claim(
&svc_2,
Request::new(pb::CreateClaimRequest {
topic_id: vec![5; 32],
holdout_handle_id: vec![6; 32],
phys_hir_hash: vec![7; 32],
oracle_num_symbols: 4,
alpha: 0.05,
epoch_size: 16,
access_credit: 64,
}),
)
.await
.expect("create")
.into_inner();
<EvidenceOsService as EvidenceOsV2>::commit_artifacts(
&svc_2,
Request::new(pb::CommitArtifactsRequest {
claim_id: created_2.claim_id.clone(),
artifacts: vec![pb::Artifact {
artifact_hash: sha256_bytes(BURN_WASM_MODULE).to_vec(),
kind: "wasm".to_string(),
}],
wasm_module: BURN_WASM_MODULE.to_vec(),
}),
)
.await
.expect("commit");
<EvidenceOsService as EvidenceOsV2>::seal_claim(
&svc_2,
Request::new(pb::SealClaimRequest {
claim_id: created_2.claim_id.clone(),
}),
)
.await
.expect("seal");
let executed_2 = <EvidenceOsService as EvidenceOsV2>::execute_claim(
&svc_2,
Request::new(pb::ExecuteClaimRequest {
claim_id: created_2.claim_id,
canonical_output: Vec::new(),
reason_codes: Vec::new(),
decision: pb::Decision::Approve as i32,
}),
)
assert_eq!(err.code(), Code::FailedPrecondition);
assert_eq!(err.message(), "ASPEC rejected wasm module");
})
.await
.expect("execute")
.into_inner();

assert_eq!(executed.capsule_hash, executed_2.capsule_hash);
assert_eq!(executed.etl_index, executed_2.etl_index);
.expect("test deadlocked — check channel senders and task spawns");
}

#[test]
Expand Down
38 changes: 21 additions & 17 deletions crates/evidenceos-daemon/src/server/handlers_v2.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,7 @@ impl EvidenceOsV2 for EvidenceOsService {
return Err(Status::invalid_argument("wasm_module is required"));
}
let claim_id = parse_hash32(&req.claim_id, "claim_id")?;
let mut aspec_rejected = false;
{
let mut claims = self.state.claims.lock();
let claim = claims
Expand Down Expand Up @@ -315,26 +316,29 @@ impl EvidenceOsV2 for EvidenceOsService {
let reason = report.reasons.join("; ");
claim.aspec_rejection = Some(reason.clone());
self.record_incident(claim, &format!("aspec_reject:{reason}"))?;
persist_all_with_trial_router(&self.state, Some(&self.trial_router))?;
return Err(Status::failed_precondition("ASPEC rejected wasm module"));
}
self.transition_claim(claim, ClaimState::Committed, 0.0, 0.0, None)?;
claim.artifacts = committed_artifacts;
claim.dependency_items = dependency_items;
claim.dependency_capsule_hashes =
claim.dependency_items.iter().map(hex::encode).collect();
claim.freeze_preimage = None;
claim.oracle_pins = None;
claim.lane = if report.heavy_lane_flag || matches!(report.lane, AspecLane::LowAssurance)
{
Lane::Heavy
aspec_rejected = true;
} else {
Lane::Fast
};
claim.heavy_lane_diversion_recorded = claim.lane == Lane::Heavy;
claim.wasm_module = req.wasm_module;
self.transition_claim(claim, ClaimState::Committed, 0.0, 0.0, None)?;
claim.artifacts = committed_artifacts;
claim.dependency_items = dependency_items;
claim.dependency_capsule_hashes =
claim.dependency_items.iter().map(hex::encode).collect();
claim.freeze_preimage = None;
claim.oracle_pins = None;
claim.lane =
if report.heavy_lane_flag || matches!(report.lane, AspecLane::LowAssurance) {
Lane::Heavy
} else {
Lane::Fast
};
claim.heavy_lane_diversion_recorded = claim.lane == Lane::Heavy;
claim.wasm_module = req.wasm_module;
}
}
persist_all_with_trial_router(&self.state, Some(&self.trial_router))?;
if aspec_rejected {
return Err(Status::failed_precondition("ASPEC rejected wasm module"));
}
let state = self
.state
.claims
Expand Down
Loading