Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 135931.

Here is a summary of the changes since the last release:

Release Notes for release-2025-03-20_03-11-base (4833f30d3b5afd84a385dfb146581580285d8a7e)

This release is based on changes since release-2025-03-14_03-10-base (f6f5e0927d14886e4bd67f776ee889f31cec2364).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

• 9d4e0c4c9 Consensus,Execution,Interface(MR): Roll out best-effort calls to all application subnets (#4408)
• 51b1dfde0 Consensus,Interface: Add VetKD to orchestrator public key monitoring (#4388)
• 3a3cf5537 Execution,Interface: Add signal handler duration metric (#4186)
• 05ffe4577 Execution,Interface,Message Routing(MR): Track cycles lost when dropping messages (#4331)
• 2fe8aefaf Interface(node-reward): Add registry sync to node reward canister (#4349)

Bugfixes:

• 41868ddc7 Consensus,Interface: Remove flakiness from the bitcoin adapter integration test (#4375)
• 35cb4bc5a Execution,Interface: Fix same round install code and draining queues (#4346)

Chores:

• a6cbcf713 Consensus,Interface: Remove custom ExhaustiveSet implementation for AlgorithmId (#4392)
• 1e5e864a9 Interface,Node(node): Increase HostOS upgrade download timeout (#4422)
• fa37ed573 Owners(crypto): Bump ic_bls12_381 (#4367)

Refactoring:

• 4ba1e1b7b Consensus,Interface: Wrap derivation_path and VetKD input context fields in Arc<_> (#4361)
• bd2d7d1fa Interface,Message Routing: Downgrade panic to debug_assert in Payload::take_prefix (#4383)
• ec7834c47 Interface,Message Routing: Downgrade panic to debug_assert in Payload::take_prefix, part 2 (#4384)

Tests:

• 54c19b3b6 Interface: Efficiently write LocalStoreImpl to disk (#4363)

Full list of changes (including the ones that are not relevant to GuestOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS disk image, run:

# From https://github.com/dfinity/ic#verifying-releases
sudo apt-get install -y curl && curl --proto '=https' --tlsv1.2 -sSLO https://raw.githubusercontent.com/dfinity/ic/4833f30d3b5afd84a385dfb146581580285d8a7e/ci/tools/repro-check.sh && chmod +x repro-check.sh && ./repro-check.sh -c 4833f30d3b5afd84a385dfb146581580285d8a7e --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

Proposal 135931 - Ipsita | ZenithCode

Summary

1. Vote: Adopt
2. Hash: All the hashes match
3. Reason to Adopt The release notes match the commits and the code changes. Builds successfully.

1359312028×822 208 KB

Proposal #135931 — Zack | CodeGov

for release-2025-03-20_03-11-base.

Vote: Adopted
Reason: The build is reproducible and all three OS hashes match (GUESTOS, HOSTOS and SETUPOS) as well as the listed commits descriptions.

Screenshot 2025-03-21 1922461886×858 52.8 KB

Proposal 135931 - Hamish | CodeGov

Vote: Adopt
Reason: I have successfully run the build script and in my opinion all the commits listed look fine and match their descriptions.

Screenshot 2025-03-22 at 22.37.041996×890 286 KB

Features:

• 9d4e0c4c9 Consensus,Execution,Interface(MR): Roll out best-effort calls to all application subnets (#4408)
  Review: Looks fine + matches description
  Notes: Enables the best_effort_responses feature on all application subnets, rather than only on the 3 subnets used by OpenChat.

• 51b1dfde0 Consensus,Interface: Add VetKD to orchestrator public key monitoring (#4388)
  Review: Looks fine + matches description
  Notes: Modifies get_master_public_keys within orchestrator::upgrade by adding a call to get_vetkey_public_keys so that VetKeys are included in the checks that take place on each new CUP to ensure the previous master keys have not been changed or deleted.

• 3a3cf5537 Execution,Interface: Add signal handler duration metric (#4186)
  Review: Looks fine + matches description
  Notes: Adds the sigsegv_handler_duration metric to track time spent in the SIGSEGV signal handler with the data split by either heap or stable memory.

• 05ffe4577 Execution,Interface,Message Routing(MR): Track cycles lost when dropping messages (#4331)
  Review: Looks fine + matches description
  Notes: Updates CanisterQueues and StreamHandler to return the number of cycles dropped due to bounded-wait requests/responses being dropped, then records these cycles in the subnet metrics.

• 2fe8aefaf Interface(node-reward): Add registry sync to node reward canister (#4349)
  Review: Looks fine + matches description
  Notes: Adds and implements the Registry trait, enabling other canisters to easily call into the Registry canister, then also introduces StableCanisterRegistryClient which orchestrates loading Registry data and storing it in stable memory. Then lastly updates the NodeRewards canister to use this new functionality to load in Registry data at regular intervals using a canister timer.

Bugfixes:

• 41868ddc7 Consensus,Interface: Remove flakiness from the bitcoin adapter integration test (#4375)
  Review: Looks fine + matches description
  Notes: Makes a Bitcoin adapter test more robust by removing some non-determinism that would sometimes cause the test to fail.

• 35cb4bc5a Execution,Interface: Fix same round install code and draining queues (#4346)
  Review: Looks fine + matches description
  Notes: Adds counts_toward_round_limit, does_not_run_on_aborted_canister, and installs_code: bool to Ic00MethodPermissions, then uses these fields within scheduler::can_execute_subnet_msg to determine if the message can be executed based on if the instruction limit has already been reached, there is a long ongoing install-code request, or if the target canister has been aborted.

Chores:

• a6cbcf713 Consensus,Interface: Remove custom ExhaustiveSet implementation for AlgorithmId (#4392)
  Review: Looks fine + matches description
  Notes: Removes the custom implementation of ExhaustiveSet for AlgorithmId which excluded AlgorithmId::VetKD now that the variant exists on all subnets.

• 1e5e864a9 Interface,Node(node): Increase HostOS upgrade download timeout (#4422)
  Review: Looks fine + matches description
  Notes: Simply increases the timeout for HostOS upgrade downloads from 30 seconds to 120.

• fa37ed573 Owners(crypto): Bump ic_bls12_381 (#4367)
  Review: Looks fine + matches description
  Notes: Bumps ic_bls12_381 from 0.10.0 to 0.10.1.

Refactoring:

• 4ba1e1b7b Consensus,Interface: Wrap derivation_path and VetKD input context fields in Arc<_> (#4361)
  Review: Looks fine + matches description
  Notes: Updates VetKdArguments::input and SignWithThresholdContext::derivation_path to be wrapped in Arcs so that cloning them (which happens frequently) is cheap.

• bd2d7d1fa Interface,Message Routing: Downgrade panic to debug_assert in Payload::take_prefix (#4383)
  Review: Looks fine + matches description
  Notes: Modifies Payload::take_prefix to handle the case where an invalid input is received, rather than panicking.

• ec7834c47 Interface,Message Routing: Downgrade panic to debug_assert in Payload::take_prefix, part 2 (#4384)
  Review: Looks fine + matches description
  Notes: Removes another case where Payload::take_prefix would panic if the input was invalid and instead simply returns early with an empty response.

Tests:

• 54c19b3b6 Interface: Efficiently write LocalStoreImpl to disk (#4363)
  Review: Looks fine + matches description
  Notes: Speeds up tests by rewriting get_mainnet_delta_00_6d_c1 to only flush directories to disk once their files are all processed, rather than flushing on each changelog entry.

proposal - 135931 Cyberowl | CodeGov

Screenshot from 2025-03-21 13-10-011254×512 92.1 KB

Vote: ADOPT

Reason:

The build was successful, and all the commit descriptions matched the changes in the code.

Checks

Hash Match: MATCH
2 Urls: MATCH
Feedback: NONE
Proposer Check: MATCH

Overall Summary:

Track cycle loss for dropped messages, and provide a new stable memory-based registry with canister timers.

Proposal: 135931

Summary:

1. Build Hash: Build has from the proposal, local build and CDN matches and is “ 4bc9d31600f46eb39a780e92f632445a91c075000cc3a5e0b9ddbe3a187d7cfa”.
2. Summary: The release notes matches the code changes
3. Vote: I vote to adopt the proposals
   
   

   image2012×956 240 KB

Detailed Review:

Features:

● 9d4e0c4c9 : Consensus,Execution,Interface(MR): Roll out best-effort calls to all application subnets
Review: Matches description + changes are appropriate
Notes: best-effort calls are allowed only within application subnets rather than being restricted to an explicit whitelist of enabled subnets. This commit modified best_effort_responses feature flag in the FeatureFlags struct to change SpecificSubnets to ApplicationSubnetsOnly, thus simplifying it and reducing likelihood of errors.
● 51b1dfde0: Consensus,Interface: Add VetKD to orchestrator public key monitoring
Review: Commit matches description + looks fine
Notes: Commit introduces get_vetkey_public_keys which extracts VETKD keys from CUPs and logs them. This ensures that VetKD keys between upgrades are tracked. Test coverage has also been improved. IDkgTranscript no longer fetches VETKD keys, instead get_vetkey_public_keys fetches them.
● 3a3cf5537 Execution,Interface: Add signal handler duration metric (#4186)
Review: Matches description + changes are appropriate
Notes: Adds a new metric sandboxed_execution_sigsegv_handler_duration_seconds to track execution time spent in the SIGSEGV handler. This provides details about page fault handling performance. Test coverage is also improved.
● 05ffe4577 Execution,Interface,Message Routing(MR): Track cycles lost when dropping messages
Review: Matches description. Changes are appropriate
Notes: Added tracking for cycles lost when messages are dropped. Now, lost cycles from timed-out best-effort messages, deduplicated messages, and misrouted messages are correctly accounted for in subnet metrics.
● 2fe8aefaf Interface(node-reward): Add registry sync to node reward canister (#4349)
Review: Matches description, changes are appropriate
Notes: Several additions which improve system

1. node-rewards-canister can now sync registry data at regular intervals.
2. Introduced a background task using ic_cdk_timers::set_timer_interval to keep the local registry in sync. Created StableCanisterRegistryClient for maintaining and reading a local cache of Registry data.
3. Added rs/node_rewards/canister/tests/regisry_sync_test.rs to verify registry syncing behavior.
4. Renamed ic-rewards-canister to ic-node-rewards-canister

Bug fixes

● 41868ddc7 Consensus,Interface: Remove flakiness from the bitcoin adapter integration test (#4375)
Review: Matches description + changes are appropriate
Notes: commit removes flakiness in the test_bfs_order test by ensuring all blocks are processed within a single tick. By doing so, this prevents timeouts caused by users requesting blocks that they didn’t have. Previously, the test would pass if the block happened to arrive in time and fail otherwise.
● 35cb4bc5a Execution,Interface: Fix same round install code and draining queues (#4346)
Review: Matches description + changes are appropriate
Notes: stricter execution parameters have been introduced in ‘Ic00MethodPermissions’ struct for heavy subnet messages, specifically ‘install_code’ within the scheduler. It introduces execution flags (counts_toward_round_limit, does_not_run_on_aborted_canister, installs_code) in ‘Ic00MethodPermissions’ to capture execution semantics for IC00 methods.

Chores:

● a6cbcf713 Consensus,Interface: Remove custom ExhaustiveSet implementation for AlgorithmId (#4392)
Review: Matches description + changes are appropriate
Notes: VetKd is supported by all subnets, custom ExhaustiveSet is a workaround which became redundant, It also ensures that ‘AlgorithmId’ now derives ‘ExhaustiveSet’ naturally. Thus, this commit simplifies the system and removes redundancy.
● 1e5e864a9 Interface,Node(node): Increase HostOS upgrade download timeout (#4422)
Review: Matches description + changes are appropriate
Notes: Targets Node upgrade behavior by adding a timeout setting to the HTTP client use for downloading HostOS upgrades. Increasing time period to 120 seconds from the original 30 seconds ensures that downloads have a longer time period before failing incase of slow
download speeds. This also reduces unnecessary retries when system download speed is slow.
● fa37ed573 Owners(crypto): Bump ic_bls12_381 (#4367)
Review: Matches description + changes are appropriate
Note: files and dependencies reflect the upgrade, SHA256 checksum value modified to maintain integrity. Commit improves security and performance improvement in ic_bls12_381

Refactoring:

● 4ba1e1b7b Consensus,Interface: Wrap derivation_path and VetKD input context fields in Arc<> (#4361)
Review: Matches description + changes are appropriate
Note: Optimizes derivation_path and VetKD input handling by wrapping them in Arc<>, reducing unnecessary cloning. All references were updated accordingly. Dev also maintained compatibility by using .to_vec() where needed. This commit improves performance without changing behavior.
● bd2d7d1fa Interface,Message Routing: Downgrade panic to debug_assert in Payload::take_prefix (#4383)
• ec7834c47 Interface,Message Routing: Downgrade panic to debug_assert in Payload::take_prefix, part 2 (#4384)
Review: Matches description + changes are appropriate
Note: This commit is a defensive programming improvement. Previously if there was a mismatch between ‘count_bytes()’ and ‘byte_size’ the code could panic, but, with this commit, this has been changed to a debug_assert which causes the system to fall back to a safer point instead of crashing. If there is a mismatch, system reverts back to the last message before mismatch through messages.iter().next_back().unwrap().0.clone()

Tests

● 54c19b3b6 Interface: Efficiently write LocalStoreImpl to disk (#4363)
Review: Matches description + changes are appropriate
Note: Uses batch writing instead of multiple individual calls increasing efficiency, reduces overhead by using write_protobuf_simple() and write_to_file_simple() methods. Redundant dependencies, (tempfile, ic-registry-local-store-artifacts), removed. Changes improve efficiency.

Proposal 135931 – ilbert | CodeGov

Vote: ADOPTED.
Reason: All reviewed commits match their description and hashes match.

build-2025-03-23 at 11.20.151299×382 63.8 KB

Review:
For the Execution and Runtime layers, the main changes introduced in this proposal are:

• Enables best-effort calls in all application subnets

I’ve reviewed all the commits listed in the proposal, for the Execution and Runtime layers:

9d4e0c4c9:
Sets the default value of best_effort_responses field of the FeatureFlags struct to BestEffortResponsesFeature::ApplicationSubnetsOnly.

3a3cf5537:
Adds the sigsegv_handler_duration histogram metric to the SandboxedExecutionMetrics struct. This metric is observed in the observe_instance_stats method of the SandboxedExecutionMetrics struct using the wasm_sigsegv_handler_duration and the stable_sigsegv_handler_duration values. These two values are new fields added to the PageAccessResults struct. They are populated in the page_accesses method of the WasmtimeInstance struct, from the newly introduced metrics field (MemoryTrackerMetrics struct) of the SigsegvMemoryTracker struct. The sigsegv_handler_duration_nanos field of the metrics field is set in the sigsegv_memory_tracker_handler function, where the duration of a timer is calculated at the end of the scope of the function returned.

05ffe4577:
Changes the handle_rejected_messages and induct_message methods of the StreamHandlerImpl struct to return the amount of cycles lost if the message has been silently dropped. The cycles lost for silently dropped messages are calculated in the induct_message_impl method of the StreamHandlerImpl struct, which now returns the InductionResult struct.
The lost cycles are tracked in the consumed_cycles_with_use_case metric of the subnet metrics and observed in the induct_loopback_stream method of the StreamHandlerImpl struct.
The on_message_dropped, on_inbound_message_dropped and on_outbound_message_dropped method of the CanisterQueues struct have been modified to return the amount of cycles attached to the dropped message.
The time_out_messages method of the CanisterQueues struct has been modified to return the lost cycles, calculated as the sum of the cycles attached to all the expired messages.
The shed_largest_message method of the CanisterQueues struct has been modified to return the cycles attached to the largest message, if any. The time_out_messages and shed_largest_message methods of the SystemState struct have been modified accordingly.
The time_out_messages method of the ReplicatedState struct has been modified to return the sum of the cycles lost by all canister and subnet messages.
The enforce_best_effort_message_limit method of the ReplicatedState struct has been modified to return the sum of the cycles attached to the messages shed.
The cycles lost are observed in the execute_round method of the StateMachineImpl struct in the consumed_cycles_with_use_case metric of the subnet metrics.

35cb4bc5a:
Adds the counts_toward_round_limit, does_not_run_on_aborted_canister and installs_code fields to the Ic00MethodPermissions struct. These flags are used in the can_be_executed method of the same struct to calculate the boolean result. This method is called in the can_execute_subnet_msg function, which has been modified to accept the round_limits argument. This argument is used to know if the instruction limit has been reached, passing the flag to the can_be_executed method of the permissions.
The change in the can_execute_subnet_msg function enables to remove the check of the reached instruction limit from loop inside the inner_round function of the SchedulerImpl struct.

Proposal: 135931

Summary:

1. Build Hash: Build has from the proposal, local build and CDN matches and is “ 4bc9d31600f46eb39a780e92f632445a91c075000cc3a5e0b9ddbe3a187d7cfa”.
2. Summary: The release notes matches the code changes
3. Vote: I vote to adopt the proposals
   
   

   image2136×960 242 KB

Detailed Review:

Features:

• 9d4e0c4c9 Consensus,Execution,Interface(MR): Roll out best-effort calls to all application subnets (#4408)
  Notes: This PR changes the configuration from best_effort_responses: BestEffortResponsesFeature::SpecificSubnets(enabled_subnets) to best_effort_responses: BestEffortResponsesFeature::ApplicationSubnetsOnly, routing best-effort calls between all application subnets.
  Review: Code changes look good and match release notes.
• 51b1dfde0 Consensus,Interface: Add VetKD to orchestrator public key monitoring (#4388)
  Notes: Changes to VetKD master public keys between CUPs are detected. Relevant changes to dependencies and test cases are also updated.
  Review: Code changes look good and match release notes.
• 3a3cf5537 Execution,Interface: Add signal handler duration metric (#4186)
  Notes: Adds a new metric, sandboxed_execution_sigsegv_handler_duration_seconds, to measure the execution time of the signal handler, along with existing metrics that track system calls and operations.
  Review: Code changes look good and match release notes.
• 05ffe4577 Execution,Interface,Message Routing(MR): Track cycles lost when dropping messages (#4331)
  Notes: Adds functionality to track cycles that are lost when messages are dropped under conditions, such as timeouts, deduplication, or misrouting.In consumed_cycles_by_use_case, lost cycles are counted in the DroppedMessages metric for subnets.
  Review: Code changes look good and match release notes.
• 2fe8aefaf Interface(node-reward): Add registry sync to node reward canister (#4349)
  Notes: The PR updates the Node Rewards canister to sync data from the Registry at regular intervals with adjustments made to canister configuration and relevant dependencies to support dynamic node provider rewards based on verifiable node metrics.
  Review: Code changes look good and match release notes.

Bugfixes:

• 41868ddc7 Consensus,Interface: Remove flakiness from the bitcoin adapter integration test (#4375)
  Notes: Reduces the number of blocks to 14 by having shared_blocks_count to 2 and branch_length to 6, resulting in 2 shared blocks and 6 blocks for each fork, totaling 14 blocks (2 + 6 + 6 = 14) to eliminate the flakiness in the test so that all blocks are tried within a single round.
  Review: Code changes look good and match release notes.
• 35cb4bc5a Execution,Interface: Fix same round install code and draining queues (#4346)
  Notes: This PR updates the can_execute_subnet_msg condition by adding round_limits as an argument, to ensure heavy messages are executed within round limits and light messages are executed at any time
  Review: Code changes look good and match release notes.

Chores:

• a6cbcf713 Consensus,Interface: Remove custom ExhaustiveSet implementation for AlgorithmId (#4392)
  Notes: Removes the custom ExhaustiveSet implementation for AlgorithmId which used to exclude the AlgorithmId::VetKD variant which is now no longer needed as the AlgorithmId::VetKD variant is supported across all mainnet subnets.
  Review: Code changes look good and match release notes.
• 1e5e864a9 Interface,Node(node): Increase HostOS upgrade download timeout (#4422)
  Notes: Increases the timeout for HostOS upgrade downloads from 30 seconds to 120 seconds using .timeout(std::time::Duration::from_secs(120)) to provide more time for the upgrade to complete without immediate retries.
  Review: Code changes look good and match release notes.
• fa37ed573 Owners(crypto): Bump ic_bls12_381 (#4367)
  Notes: The version of the ic_bls12_381 library is being upgraded from 0.10.0 to 0.10.1 .
  Review: Code changes look good and match release notes.

Refactoring:

• 4ba1e1b7b Consensus,Interface: Wrap derivation_path and VetKD input context fields in Arc<_> (#4361)
  Notes: Replacing vec! with Arc::new(vec!) and the clone() method with to_vec() for the derivation_path and input fields to reduce the cloning cost in replicated state.
  Review: Code changes look good and match release notes.
• bd2d7d1fa Interface,Message Routing: Downgrade panic to debug_assert in Payload::take_prefix (#4383)
  Notes: The code simply replaces the panic! call with debug_assert! in the Payload::take_prefix method to ensure that the process continues by cutting off the Payload just before the last message.
  Review: Code changes look good and match release notes.
• ec7834c47 Interface,Message Routing: Downgrade panic to debug_assert in Payload::take_prefix, part 2 (#4384)
  Notes: This PR change involves using debug_assert! to log an error message when the slice is unexpectedly empty and returns an empty slice (Ok((None, Some(self)))) so that the process continues without blocking or stalling the stream.
  Review: Code changes look good and match release notes.

Tests:

• 54c19b3b6 Interface: Efficiently write LocalStoreImpl to disk (#4363)
  Notes: Removes individual calls to store() for each changelog entry in LocalStoreImpl by writing all files directly and then calls fsync on the directories.
  Review: Code changes look good and match release notes.

Proposal 135931 | Tim - CodeGov

Screenshot 2025-03-24 1015321284×366 18.4 KB

Vote: Adopt

Reason: Build is successful, hashes match, commits match descriptions and the reasoning behind the changes is sound. I’ve reviewed commits for Consensus, Interface and Owners as detailed below.

Review

Features:

[9d4e0c4c9]
Allows best-effort calls to be made to and from all application subnets (but not system subnets) rather than just the 3 subnets for which this was initially made available.

[51b1dfde0]
Adapts get_master_public_keys function in orchestrator to use get_vetkey_public_keys to return public keys + logging if the catch-up package payload.as_idkg() is empty, rather than just returning an empty BTreeMap.

[2fe8aefaf]
Adds NodeRewardsCanister::get_registry_value API method. Sets an interval of 1 hour for the node rewards canister to sync registry data. Other changes consistent with the description.

Bugfixes:

[41868ddc7]
Adapts test to check that blocks are returned in BFS order to prevent erroneous test results, as explained in the commit notes.

Chores:

[a6cbcf713]
Removes impl ExhaustiveSet for AlgorithmId as per description.

[1e5e864a9]
Increases download timeout for create_hostos_upgrade_file to 2 minutes.

[fa37ed573]
Upgrades ic_bls12_381 to version 0.10.1 and itertools to version 0.13.0.

Refactoring:

[4ba1e1b7b]
Changes derivation_path field in SignWithThresholdContext and input field of VetKdArguments to utilise an Arc so as to reduce the need for cloning.

[bd2d7d1fa] [ec7834c47]
Changes panic! to debug_assert! in Xnet payload take_prefix method and removes the last message if this is used. The second commit adapts the method to return an empty slice instead of panicking if self.messages.as_ref() is None.

Tests:

[54c19b3b6]
Adds LocalStoreImpl::from_changelog method to create a LocalStore from a Changelog. Adds write_protobuf_simple and write_to_file_simple functions to serialise protobuf messages and write these to file with improved efficiency.

Proposal 135931– Zane | CodeGov

Vote: ADOPT
Reason: Build completes successfully, both hashes and reviewed commits match their descriptions, so I’ve decided voted to adopt.

1359311906×466 97.6 KB

Features:

9d4e0c4c9 Modified FeatureFlags’ Default trait implementation so that BestEffortResponsesFeature is set to ApplicationSubnetsOnly instead of being enabled on a limited list of specified subnets.

3a3cf5537 Added new metric to SandboxedExecutionMetrics called sigsegv_handler_duration, which is used to keep track of sigsegv_memory_tracker_handler execution’s duration. In order to do this, a metric field of type MemoryTrackerMetrics has been added to SigsegvMemoryTracker struct, currently the only field associated to MemoryTrackerMetrics is sigsegv_handler_duration_nanos, which gets set in sigsegv_memory_tracker_handler by calculating the elapsed time between the start of the method and the lock on the memory tracker being obtained. Then to propagate the data to execution metrics, in page_accesses the duration value is read atomically from both the heap and stable memory tracker, if present, and returned as part of PageAccessResults, immediately after it is added as part of the instance_stats. Both PageAccessResults and InstanceStats have been extended with two new fields to hold execution duration for heap and stable memory trackers. Finally these are exposed by observing the values from InstanceStats whenever a new instance of SandboxedExecutionMetrics is created.

05ffe4577 Modified canister queues implementation so that whenever bounded wait messages are dropped or timed out the associated amount of cycles is returned. On each execution round all these values are accumulated into a lost_cycles variable and observed into the consumed_cycles_by_use_case subnet metric with DroppedMessages use case. Alongside the stream handler has also been updated to track lost cycles for messages which fail to be inducted, either due to being silently dropped or being routed to the wrong subnet, similarly to what happens in the state machine, all the lost cycles are added in a variable and observed.

Bugfixes:

41868ddc7 Reduced flakiness of test_bfs_order test by reducing the number of blocks fetched in the same round.

35cb4bc5a Improved message scheduling fairness by distinguishing between heavy and light subnet messages. Ic00MethodPermissions struct has been extended with new fields: counts_toward_round_limit, does_not_run_on_aborted_canister and installs_code. These are used to specify restrictions on when the method can be run. can_be_executed has been added as a helper method which is used to determine whether the Ic00Method conditions are satisfied, this in turn has made it possible to improve can_execute_subnet_msg’s readability and at the same time skip execution of heavy methods when the round instruction limit has been reached, while still allowing light messages to be executed. Finally in execute_round, if the instruction limit has been reached due to long install process, it is manually set to 0 instead of 1 and the instruction limit check has been removed from inner_rounds iteration loop, since with the new value the check wouldnt pass. This makes it possible to execute “light” messages while preventing “heavy” ones from being popped from the subnet queue due to can_be_executed not being satisfied. Left comment here

Chores:

a6cbcf713 Deleted custom implementation of ExhaustiveSet trait for AlgorithmId. Since AlgorithmId::VetKD is now supported on mainnet it no longer needs to be filtered and the trait can be derived.

1e5e864a9 Manually set download timeout for hostOS upgrade file, previously the default value of 30 secs was used, now it has been increased to 120.

fa37ed573 Bumped ic_bls12_381 crate version to 0.10.1.

Refactoring:

4ba1e1b7b Wrapped derivation_path field of SignWithThresholdContext and input field of VetKdArguments with an Arc to make cloning operations cheaper.

bd2d7d1fa, ec7834c47 Handle gracefully cases where take_prefix would panic and use debug_asserts instead to monitor instances where input is invalid

FYI: