Proposal to elect new release rc--2025-04-03_03-15

Governance NNS proposal discussions
,
1

Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 136066.

Here is a summary of the changes since the last release:

Release Notes for release-2025-04-03_03-15-base (68fc31a141b25f842f078c600168d8211339f422)

This release is based on changes since release-2025-03-27_03-14-base (3ae3649a2366aaca83404b692fc58e4c6e604a25).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

  • 7f009d854 Execution,Interface: Read canister snapshot metadata (#4514)
  • 77dfd0cc3 Execution,Interface: Add canister snapshot metadata fields to types (#4431)
  • 2c64388af Execution,Interface: Introduce low bound for canister’s freezing threshold (#4401)
  • 810dddeb8 Node: Build with hermetic cc toolchains (#3508)

Bugfixes:

  • 8936943a6 Consensus,Interface: increment divergence_responses stat for each divergent response (#4559)
  • 1bb75e45a Execution,Interface: Use default value for SnapshotSource instead of failing. (#4596)
  • c766779a7 Execution,Interface: Improve documentation and error message of wasm chunk store (#4589)

Chores:

  • 4fab827a3 Execution,Interface: log composite and expensive canister http transforms (#4623)
  • 0a0e235f3 Execution,Interface: Safer ellipsize (#4549)
  • 3d73f0af2 Execution,Interface: Remove wasm_native_stable_memory feature flag (#4524)
  • a2f4c702c Execution,Interface: Remove legacy inter-canister query calls (#592)
  • 6f3739270 Interface,Message Routing: Change new canister snapshot fields to be optional (#4632)
  • 9ac3bfbcf Interface,Message Routing: Log if manifest computation is incremental (#4581)
  • b5f63841a Interface,Message Routing: Clarify state sync logs (#4542)
  • 3b9db1908 Node: Remove execmem permissions (Redo) (#4539)
  • 8a97b5580 Node: Update Base Image Refs [2025-03-27-0808] (#4546)

Refactoring:

  • f366b62d0 Consensus,Interface(consensus): Create an IDKG crate (#4526)
  • 9662ae275 Execution,Interface: Move system_api inside embedders crate (#4591)
  • 2de3fbec2 Execution,Interface: Rename embedders/system_api.rs to embedders/linker.rs (#4611)
  • 722fb4ad0 Interface,Message Routing: Use generics and impl trait instead of dyn trait (#4527)

Other changes:

Full list of changes (including the ones that are not relevant to GuestOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS disk image, after installing curl if necessary (sudo apt install curl), run:

# From https://github.com/dfinity/ic#verifying-releases
curl -fsSL https://raw.githubusercontent.com/dfinity/ic/master/ci/tools/repro-check | python3 - -c 68fc31a141b25f842f078c600168d8211339f422 --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

2

Proposal 136066 - Hamish | CodeGov

Vote: Adopt
Reason: I have successfully run the build script and in my opinion all the commits listed look fine and match their descriptions.

Screenshot 2025-04-03 at 22.23.02
Screenshot 2025-04-03 at 22.23.021912×968 222 KB

Features:

  • 7f009d854 Execution,Interface: Read canister snapshot metadata (#4514)
    Review: Looks fine + matches description
    Notes: Implements Ic00Method::ReadCanisterSnapshotMetadata to download canister snapshot metadata and hides it behind the canister_snapshot_download feature flag.

  • 77dfd0cc3 Execution,Interface: Add canister snapshot metadata fields to types (#4431)
    Review: Looks fine + matches description
    Notes: Adds 3 new fields to the CanisterSnapshotBits struct: global_timer_nanos, on_low_wasm_memory_hook_status and source.

  • 2c64388af Execution,Interface: Introduce low bound for canister’s freezing threshold (#4401)
    Review: Looks fine + matches description
    Notes: Introduces the MINIMUM_FREEZING_THRESHOLD constant and sets it to one week, and then implements its usage such that update requests will fail if they attempt to reduce the freezing threshold of a canister to be shorter than this threshold.

  • 810dddeb8 Node: Build with hermetic cc toolchains (#3508)
    Review: Looks fine + matches description
    Notes: This commit is reverted by 6fc00b797 so can be ignored.

Bugfixes:

  • 8936943a6 Consensus,Interface: increment divergence_responses stat for each divergent response (#4559)
    Review: Looks fine + matches description
    Notes: Increments the divergence_responses counter whenever an http outcall results in a divergent response.

  • 1bb75e45a Execution,Interface: Use default value for SnapshotSource instead of failing. (#4596)
    Review: Looks fine + matches description
    Notes: Reverts to using SnapshotSource::TakenFromCanister if a canister snapshot’s source fails to be decoded, rather than returning an error.

  • c766779a7 Execution,Interface: Improve documentation and error message of wasm chunk store (#4589)
    Review: Looks fine + matches description
    Notes: Adds a test covering canister snapshots which contain entries in the wasm chunk store, then also adds comments to some of the chunk store constants, and lastly adds more details to the error message returned if a new chunk fails to fit into the chunk store.

Chores:

  • 4fab827a3 Execution,Interface: log composite and expensive canister http transforms (#4623)
    Review: Looks fine + matches description
    Notes: Writes a log entry whenever an http transform request (QuerySource::Anonymous) executes as composite query or consumes a lot of cycles.

  • 0a0e235f3 Execution,Interface: Safer ellipsize (#4549)
    Review: Looks fine + matches description
    Notes: Updates the ellipsize function to simply return an empty string if the max length provided is less than the length of the ellipses.

  • 3d73f0af2 Execution,Interface: Remove wasm_native_stable_memory feature flag (#4524)
    Review: Looks fine + matches description
    Notes: Removes the wasm_native_stable_memory feature flag since this feature has been enabled on all subnets for a long time now, then also cleans up all the code that is now redundant.

  • a2f4c702c Execution,Interface: Remove legacy inter-canister query calls (#592)
    Review: Looks fine + matches description
    Notes: Removes the final remaining pieces of code relating to the legacy ICQC implementation (supplanted by composite queries) now that this functionality is no longer in use on any subnets.

  • 6f3739270 Interface,Message Routing: Change new canister snapshot fields to be optional (#4632)
    Review: Looks fine + matches description
    Notes: Modifies the global_timer field of canister snapshots to be an optional record containing a global_timer_nanos field (rather than simply being the nanoseconds as an optional uint64), then also updates the on_low_wasm_memory_hook_status field to be optional.

  • 9ac3bfbcf Interface,Message Routing: Log if manifest computation is incremental (#4581)
    Review: Looks fine + matches description
    Notes: Writes a log message at the start of ComputeManifest to state whether the computation is being run from scratch or is incremental.

  • b5f63841a Interface,Message Routing: Clarify state sync logs (#4542)
    Review: Looks fine + matches description
    Notes: Modifies some state sync logs so that they only write log entries in the rare cases rather than in the usual cases.

  • 3b9db1908 Node: Remove execmem permissions (Redo) (#4539)
    Review: Looks fine + matches description
    Notes: This is a second attempt at removing the execmem permissions from the replica and the sandbox processes. These permissions are no longer required now that the in-memory compilation cache has been removed.

  • 8a97b5580 Node: Update Base Image Refs [2025-03-27-0808] (#4546)
    Review: Looks fine + matches description
    Notes: Update the base IC-OS image references.

Refactoring:

  • f366b62d0 Consensus,Interface(consensus): Create an IDKG crate (#4526)
    Review: Looks fine + matches description
    Notes: Separates the idkg module out of ic-consensus and into its own ic-consensus-idkg crate.

  • 9662ae275 Execution,Interface: Move system_api inside embedders crate (#4591)
    Review: Looks fine + matches description
    Notes: Moves the SystemApi implementation from being in its own ic-system-api crate to the new system_api module within the ic-embedders crate.

  • 2de3fbec2 Execution,Interface: Rename embedders/system_api.rs to embedders/linker.rs (#4611)
    Review: Looks fine + matches description
    Notes: Renames the existing embedders/system_api.rs module to embedders/linker.rs ahead of commit 9662ae275 which creates a new system_api module in its place.

  • 722fb4ad0 Interface,Message Routing: Use generics and impl trait instead of dyn trait (#4527)
    Review: Looks fine + matches description
    Notes: Updates a few places to use generic types rather than dynamic types to gain a small performance boost (eg. Arc<dyn CertifiedStreamStore>Arc<impl CertifiedStreamStore + 'static>).

Other changes:

  • 6fc00b797 Node: “feat: Build with hermetic cc toolchains (#3508)” (#4621)
    Review: Looks fine + matches description
    Notes: Reverts 810dddeb8
About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

3

Proposal: 136066 | Yuvika - ZenithCode

Summary:

  1. Vote: Adopt
  2. Hash: Hashes match
  3. Reasons to adopt: Builds fine + hashes match + release notes match the commits.

136066
1360662062×822 129 KB

Commits

Features

  • 7f009d854
    Summary: Read canister snapshot metadata
    Notes: Implements the download of snapshot metadata, this feature is currently behind a feature flag.
    Review: The description matches the code changes.

  • 77dfd0cc3
    Summary: Add canister snapshot metadata fields to types
    Notes: Adds new field to snapshot types needed for snapshot canister endpoints.
    Review: The description matches the code changes.

  • 2c64388af
    Summary: Introduce low bound for canister’s freezing threshold
    Notes: Enforces minimum freezing threshold of 1 week since setting low value is quite dangerous as some random increase in canister usage can make the canister frozen.
    Review: The description matches the code changes.

  • 810dddeb8
    Summary: Build with hermetic cc toolchains
    Notes: To upgrade our build containers and to decouple the bazel build from our build container we now build with hermetic_cc_toolchains.
    Review: The description matches the code changes.

Bugfixes

  • 8936943a6
    Summary: increment divergence_responses stat for each divergent response
    Notes: Increments divergence response stat inspect(|_| stats.divergence_responses += 1);
    Review: The description matches the code changes.

  • 1bb75e45a
    Summary: Use default value for SnapshotSource instead of failing
    Notes: Bugfix for #4431 by using default value for snapshot source instead of failing.
    Review: The description matches the code changes.

  • c766779a7
    Summary: Improve documentation and error message of wasm chunk store
    Notes: Documentation and some wasm error messages are improved.
    Review: The description matches the code changes.

Chores

  • 4fab827a3
    Summary: log composite and expensive canister http transforms
    Notes: Adds some logging messages.
    Review: The description matches the code changes.

  • 0a0e235f3
    Summary: Safer ellipsize
    Notes: Adds code to return an empty string if max length is shorter than the ellipsize.
    Review: The description matches the code changes.

  • 3d73f0af2
    Summary: Remove wasm_native_stable_memory feature flag
    Notes: Removes wasm_native_stable_memory feature flag.
    Review: The description matches the code changes.

  • a2f4c702c
    Summary: Remove legacy inter-canister query calls
    Notes: Removes code for legacy inter-canister query calls which is no longer used.
    Review: The description matches the code changes.

  • 6f3739270
    Summary: Change new canister snapshot fields to be optional
    Notes: Improves #4596 by changing the canister snapshot fields to be optional to adapt for future changes.
    Review: The description matches the code changes.

  • 9ac3bfbcf
    Summary: Log if manifest computation is incremental
    Notes: Adds log message for manifest computation.
    Review: The description matches the code changes.

  • b5f63841a
    Summary: Clarify state sync logs
    Notes: Updates state sync logs for better clarity.
    Review: The description matches the code changes.

  • 3b9db1908
    Summary: Remove execmem permissions (Redo)
    Notes: Remove the execmem selinux permissions since they are no longer needed with the on disk compilation cache.
    Review: The description matches the code changes.

Refactoring

  • f366b62d0
    Summary: Create an IDKG crate
    Notes: Code refactoring by moving idkg crate out into it’s own crate.
    Review: The description matches the code changes.

  • 9662ae275
    Summary: Move system_api inside embedders crate
    Notes: Code refactoring by moving the implementation of system_api inside the embedders crate.
    Review: The description matches the code changes.

  • 2de3fbec2
    Summary: Rename embedders/system_api.rs to embedders/linker.rs
    Notes: Refactoring by moving system_api.rs to linker.rs.
    Review: The description matches the code changes.

  • 722fb4ad0
    Summary: Use generics and impl trait instead of dyn trait
    Notes: Code refactoring by changing dyn trait to generic and impl trait.
    Review: The description matches the code changes.

Other changes

  • 722fb4ad0
    Summary: Build with hermetic cc toolchains
    Notes: reverts commit [810ddde]
    Review: The description matches the code changes.
1 Like
4

Proposal: 136066

Summary:

  1. Build Hash: Build has from the proposal, local build and CDN matches and is “17ee4503bb11378fd62a84753c9e4d3a744a52ea6ae877b14674b9585d13386d”.
  2. Summary: The release notes matches the code changes
  3. Vote: I vote to adopt the proposals

136066
1360662044×954 151 KB

Commit

Detailed Review:

Features:

  • 7f009d854 Execution,Interface: Read canister snapshot metadata (#4514)
    Notes: Implements the read_canister_snapshot_metadata method in ExecutionEnvironment.rs to return the canister snapshot metadata when the canister_snapshot_download feature flag is enabled, or returns an empty vector and None if the flag is disabled.
    Review: Code changes look good and match release notes.
  • 77dfd0cc3 Execution,Interface: Add canister snapshot metadata fields to types (#4431)
    Notes: Adds SnapshotSource enum to identify whether a snapshot was taken from canister or uploaded manually. Adds metadata fields such as global_timer_nanos, on_low_wasm_memory_hook_status, and source in CanisterSnapshotBits for better snapshot context.
    Review: Code changes look good and match release notes.
  • 2c64388af Execution,Interface: Introduce low bound for canister’s freezing threshold (#4401)
    Notes: Introduces a minimum freezing threshold of 1 week with the constant MINIMUM_FREEZING_THRESHOLD set to 604800 seconds to prevent quick freezing and uninstallation of canisters due to low cycle usage.
    Review: Code changes look good and match release notes.
  • 810dddeb8 Node: Build with hermetic cc toolchains (#3508)
    Notes: Sets up hermetic CC toolchains (@hermetic_cc_toolchain//toolchain:ext.bzl) to decouple the Bazel build from the build container to ensure compatibility with older libraries while utilizing modern tools.
    Review: Code changes look good and match release notes.

Bugfixes:

  • 8936943a6 Consensus,Interface: increment divergence_responses stat for each divergent response (#4559)
    Notes: Increments the divergence_responses stat by adding an .inspect() function after filtering responses.
    Review: Code changes look good and match release notes.
  • 1bb75e45a Execution,Interface: Use default value for SnapshotSource instead of failing. (#4596)
    Notes: The new change makes sure that SnapshotSource is set to valid default value by using unwrap_or_default() method, which prevents any errors from failure.
    Review: Code changes look good and match release notes.
  • c766779a7 Execution,Interface: Improve documentation and error message of wasm chunk store (#4589)
    Notes: Improved documentation and the error message of wasm chunk store has been modified to include both the maximum capacity of the wasm chunk store (max_size) and the maximum number of entries (max_size.get() / CHUNK_SIZE).
    Review: Code changes look good and match release notes.

Chores:

  • 4fab827a3 Execution,Interface: log composite and expensive canister http transforms (#4623)
    Notes: Includes logging for composite and expensive canister HTTP transform functions by adding info! logs through ic_logger and it updates the imports to include QuerySource for improving the handling and logging of query sources during transformations.
    Review: Code changes look good and match release notes.
  • 0a0e235f3 Execution,Interface: Safer ellipsize (#4549)
    Notes: The code improves the safety of the ellipsize function by adding a check to return an empty string if the maximum length is smaller than the ellipsis size, updates the documentation and adds test cases to verify edge cases.
    Review: Code changes look good and match release notes.
  • 3d73f0af2 Execution,Interface: Remove wasm_native_stable_memory feature flag (#4524)
    Notes: wasm_native_stable_memory feature flag and associated code has been removed to simplify logic across embedders, execution environment, and system API.
    Review: Code changes look good and match release notes.
  • a2f4c702c Execution,Interface: Remove legacy inter-canister query calls (#592)
    Notes: Removes legacy inter-canister query calls (ICQC) and composite queries are made default by setting the flag composite_queries to FlagStatus::Enabled and renamed with_composite_queries to without_composite_queries to reflect the new default behavior for composite queries.
    Review: Code changes look good and match release notes.
  • 6f3739270 Interface,Message Routing: Change new canister snapshot fields to be optional (#4632)
    Notes: Updates canister snapshot metadata fields global_timer and on_low_wasm_memory_hook_status to be optional in order to make them future-proof.
    Review: Code changes look good and match release notes.
  • 9ac3bfbcf Interface,Message Routing: Log if manifest computation is incremental (#4581)
    Notes: Adds logging to indicate whether manifest computation is incremental using a previous checkpoint via manifest_delta.base_height to diagnose long computation times by logging checkpoint details.
    Review: Code changes look good and match release notes.
  • b5f63841a Interface,Message Routing: Clarify state sync logs (#4542)
    Notes: Improves state sync logging by clearly distinguishing cases where state metadata or in-memory state was already present.
    Review: Code changes look good and match release notes.
  • 3b9db1908 Node: Remove execmem permissions (Redo) (#4539)
    Notes: Removes the execmem SELinux permissions for ic_replica_t and ic_canister_sandbox_t processes, replacing them with a more restricted ic_compiler_sandbox_t to improve security.
    Review: Code changes look good and match release notes.
  • 8a97b5580 Node: Update Base Image Refs [2025-03-27-0808] (#4546)
    Notes: Updates the base container image references to newer versions to have secure container images.
    Review: Code changes look good and match release notes.

Refactoring:

  • f366b62d0 Consensus,Interface(consensus): Create an IDKG crate (#4526)
    Notes: The idkg module has been refactored by extracting it from the consensus crate and placing it in its own crate. To avoid circular dependencies, the relevant test utilities were moved from ic_consensus::idkg::test_utils.rs to ic_test_utilities_consensus::idkg.rs, while keeping necessary code in place.
    Review: Code changes look good and match release notes.
  • 9662ae275 Execution,Interface: Move system_api inside embedders crate (#4591)
    Notes: The system_api implementation was moved to the embedders crate for better centralization, renamed the file from rs/system_api/src/lib.rs to rs/embedders/src/wasmtime_embedder/system_api.rs to simplify API management and required updates to imports and Bazel/Cargo configurations were made.
    Review: Code changes look good and match release notes.
  • 2de3fbec2 Execution,Interface: Rename embedders/system_api.rs to embedders/linker.rs (#4611)
    Notes: Renames system_api.rs to linker.rs, preparing for future refactoring within the embedders crate, while keeping the git history intact.
    Review: Code changes look good and match release notes.
  • 722fb4ad0 Interface,Message Routing: Use generics and impl trait instead of dyn trait (#4527)
    Notes: Replaces dynamic dispatch (dyn) with generics (impl) for type safety of the IngressHistoryWriter and CertifiedStreamStore also Generics are added in BatchProcessorImpl to replace the dynamic trait RegistryClient, improving compile-time optimizations.
    Review: Code changes look good and match release notes.

Other changes:

  • 6fc00b797 Node: “feat: Build with hermetic cc toolchains (#3508)” (#4621)
    Notes: Reverts a previous change that added a new hermetic_cc_toolchain due to build performance issues.
    Review: Code changes look good and match release notes.
1 Like
5

Proposal: 136066 | Ipsita - ZenithCode

Summary

  1. Vote: Adopt
  2. Hash: All the hashes match
  3. Reason to Adopt The release notes match the commits and the code changes. Builds successfully.

136066
1360662072×1088 346 KB

Commit

Features:

  • 7f009d854 Execution,Interface: Read canister snapshot metadata (#4514)
    Review: Matches description + changes are appropriate
    Note: This commit introduces logic, flag gating, and necessary tests to the support querying metadata about stored canister snapshots. It implements a new Endpoint: Ic00Method::ReadCanisterSnapshotMetadata which returns metadata such as snapshot origin, Timestamp taken, WASM module size etcetera from a specific canister snapshot. This feature is protected by ExecutionConfig::canister_snapshot_download: FlagStatus, returning an empty vector if disabled.

  • 77dfd0cc3 Execution,Interface: Add canister snapshot metadata fields to types (#4431)
    Review: Matches description + changes are appropriate
    Note: This commit extends the CanisterSnapshot system with fields needed to support metadata inspection. Metadata now includes snapshot origin, snapshot time, Wasm Memory Hook Status, respective fields have been added in order to retrieve this info. Tests have been updated to reflect these changes. Also, an Unspecified variant in protobuf is reserved to be used for error detection.

  • 2c64388af Execution,Interface: Introduce low bound for canister’s freezing threshold
    (#4401)
    Review: Matches description + changes are appropriate
    Note: This commit makes it mandatory for a canister to always have enough cycles to cover its memory and compute allocation for an entire week, even if it is idle. This prevents user from deleting or uninstalling canister before it has been up for a week. with_freezing_threshold(1) has been replaced by MINIMUM_FREEZING_THRESHOLD which has been set to 604800 (1 week) and a check has been added to to check if canister is older than a week. This ensures that no canisters are accidentally frozen or uninstalled and encourages better canister lifecycle management cycles. Notes from the developers are also pretty relevant here:

  1. Setting the threshold to zero is no longer allowed.
  2. Custom UIs or CLI tools should reflect this constraint.
  3. Enum constants like MINIMUM_FREEZING_THRESHOLD should be used instead of magic numbers in test code going forward.
  • 810dddeb8 Node: Build with hermetic cc toolchains (#3508)
    Review: Matches description, , however, rolled back in (#4621)
    Note: (ROLLED BACK IN #4261, 6fc00b797) This commit adds hermetic C/C++ toolchains via hermetic_cc_toolchain into the Bazel build system in order to decouple builds from the host/container environment and ensure reproducible builds across environments. hermetic_cc also has a flag thats allows opting in/out of hermetic toolchains. Additionally, Zig-based toolchains have been integrated with the platform constraints Moreover, OpenSSL and libFuzzer are built from source under third_party/ to ensure compatibility. These changes ensure that the build system knows which version of Zig to choose for each OS, architecture, and platform combos within Bezel’s constraint system.

Bugfixes:

  • 8936943a6 Consensus,Interface: increment divergence_responses stat for each divergent response (#4559)
    Review: Matches description + changes are appropriate
    Note: This commit fixes the metric stats.divergence_responses not being incremented when a divergent response was processed bug, even though this was being handled, they were not being counted in the stats. The fix adds .inspect(|_| stats.divergence_responses += 1) to the iterator chain in order to count the divergent responses that successfully get converted into rejection.

  • 1bb75e45a Execution,Interface: Use default value for SnapshotSource instead of failing. (#4596)
    Review: Matches description + changes are appropriate
    Note: This commit fixes the appearance of ProxyDecodeError bug when converting a protobuf enum variant of SnapshotSource. The change is quite simple, if retrieval of Snapshot Source fails, then it is set to default instead of failing outright. This ensures stability across versions by preventing panics or failed deserialization when encountering old or unexpected enum vals.

  • c766779a7 Execution,Interface: Improve documentation and error message of wasm chunk store (#4589)
    Review: Matches description + changes are appropriate
    Note: Error message has been improved when one tries to upload more wasm chunks than the limit, the error message now mentions the maximum number of entries along with the maximum capacity. This commit leads to an improvement in documentation and error handling.

Chores:

  • 4fab827a3 Execution,Interface: log composite and expensive canister http transforms (#4623)
    Review: Matches description + changes are appropriate
    Note: This commit adds diagnostic logging for Wasm-based HTTP transform function which are executed within canisters. Logging is triggered in QueryContext::run when incoming requests come from an anonymous user, or if the target wasm method is a composite query, or if execution is expensive and worth flagging, that is, it consume >= 100M instructions. The log entries by themselves, mention when the transform function is running on which canister and once complete, how many instructions it consumed.

  • 0a0e235f3 Execution,Interface: Safer ellipsize (#4549)
    Review: Matches description + changes are appropriate
    Note: This commit makes execution ellipsis safer by introducing a fail safe. Previously, if one tried to pass a string less than the max size, 3 characters to ellipsis, then function would panic, but now, it if length is less than the max size, it returns an empty string. Additional tests have been added to confirm this behavior as well.

  • 3d73f0af2 Execution,Interface: Remove wasm_native_stable_memory feature flag (#4524)
    Review: Matches description + changes are appropriate
    Note: This commit reduces chances of getting an error when a developer uses legacy stable memory system APIs when native stable memory is active. Previously, IC supported 2 implementations of stable memory, Native and Legacy, the removed feature flag enabled toggling between the two. By removing its flags and all related logic, the execution assumes native stable memory is always enabled moving forward. This simplifies code and eliminated redundant code.

  • a2f4c702c Execution,Interface: Remove legacy inter-canister query calls (#592)
    Review: Matches description + changes are appropriate
    Note: This commit removes support for legacy inter-canister query calls from the database since it is no longer used. All related logic and code for this has been removed including flags, constructor parameters, metrics, tests. Additionally, tests have been updated to use composite_query as the default method. System specific toggles for enabling legacy query retry are now removed and composite query are the only supported query call mechanism. This is a food step towards reducing legacy baggage.

  • 6f3739270 Interface,Message Routing: Change new canister snapshot fields to be optional (#4632)
    Review: Matches description + changes are appropriate
    Note: This commit makes the snapshot fields to be optional by nesting them inside an optional message, also making it future-proof. Additionally some updates have been made to the Rust structs ExecutionStateSnapshot and CanisterSnapshotBits allowing them to handle cases where serialization logic is None. Tests have also been updated.

  • 9ac3bfbcf Interface,Message Routing: Log if manifest computation is incremental (#4581)
    Review: Matches description + changes are appropriate
    Note: This commit adds a logging feature inside ComputeManifestRequest in rs/state_manager/src/tip.rs before the computation starts. This lets us know whether the fast incremental path was taken. This is crucial as manifest computations are much expensive than the fast incremental path. Also, it’s good for debugging.

  • b5f63841a Interface,Message Routing: Clarify state sync logs (#4542)
    Review: Matches description + changes are appropriate
    Note: This commit focuses on clarifying log messages during state synchronization making it easier to understand what is happening which is especially important in some rare edge cases when metadata is already present. Now, logs are associated with a syncing state at height, h. The two scenarios covered are Normal Case(metadata absent) and Rare case (metadata present). This helps reduce spam with unnecessary logs and highlights which scenario took place.

  • 3b9db1908 Node: Remove execmem permissions (Redo) (#4539)
    Review: Matches description + changes are appropriate
    Note: This update directly affects the systems security by removing exemem permissions from the replica and canister sandbox domains. This commit removes execmem from ic_replica_t and ic_canister_sandbox_t.

  • 8a97b5580 Node: Update Base Image Refs [2025-03-27-0808] (#4546)
    Review: Matches description + changes are appropriate
    Note: This commit updates the references to the various base container images in the docker context. New images for components like GuestOS, hostOS, SetupOS have been made. This ensures that all components point to the latest approved base versions.

Refactoring:

  • f366b62d0 Consensus,Interface(consensus): Create an IDKG crate (#4526)
    Review: Matches description + changes are appropriate
    Note: This commit extracts the idkg module from the consensus component into its own crate called ic-consensus-idkg. This allows us to modularize the codebase and enhance maintainability. Also, some code from ic_consensus::idkg::test_utils.rs was relocated to ic_test_utilities_consensus::idkg.rs to resolve an issue that rose up in tests with the changes. The new build configuration has been updated in Build.basel and Cargo.toml

  • 9662ae275 Execution,Interface: Move system_api inside embedders crate (#4591)
    Review: Matches description + changes are appropriate
    Note: This commit moves system_api implementation, which was in a separate crate, to embedders crate, this change is good since a lot of system_api’s functionality was already in embedders crate, by moving it there we are consolidating parts of system_api. Build configurations have been adjusted accordingly.

  • 2de3fbec2 Execution,Interface: Rename embedders/system_api.rs to embedders/linker.rs (#4611)
    Review: Matches description + changes are appropriate
    Note: Renames system_api.rs to linkers.rs in order to preserve git history. Also, imports have been updated and changes have been made in respect to the name change.

  • 722fb4ad0 Interface,Message Routing: Use generics and impl trait instead of dyn trait (#4527)
    Review: Matches description + changes are appropriate
    Note: This commit replaces dyn trait usages with generics and impl Trait. Compared to dun traits, impl trait and generics are much more efficient since they are monomorphized, slightly faster, and more static. Test helpers have also been refactored in order to support this change.

Other changes:

  • 6fc00b797 Node: “feat: Build with hermetic cc toolchains (#3508)” (#4621)
    Review: Matches description + changes are appropriate
    Note: This reverts the changes made to integrate building with hermetic cc toolchains such as custom configs, patches etcetera. Restores system to use c/c++ toolchains. #3508 was rolled back due to builds becoming significantly slower. Exact issue is still unknown.
1 Like
6

Proposal 136066 – ilbert | CodeGov

Vote: ADOPTED.
Reason: All reviewed commits match their description and hashes match.

build-2025-04-06 at 12.32.15
build-2025-04-06 at 12.32.151300×342 65.4 KB

Review:
For the Execution and Runtime layers, the main changes introduced in this proposal are:

  • Continues the implementation of canister snapshots download and upload
  • Removes legacy code

I’ve reviewed all the commits listed in the proposal, for the Execution and Runtime layers:

7f009d854:
Adds the read_canister_snapshot_metadata method to the ExecutionEnvironment struct. This method calls the canister manager’s read_snapshot_metadata method, which has also been introduced in this commit. The read_snapshot_metadata method of the CanisterManager struct retrieves the canister snapshot, if any, checks if it belongs to the right canister. It returns the ReadCanisterSnapshotMetadataResponse, which contains metadata about the requested snapshot, like the memory used, creation timestamp, etc.
The execute_subnet_message method of the ExecutionEnvironment struct has been updated to handle the Ic00Method::ReadCanisterSnapshotMetadata management canister’s method. Now, it calls the read_canister_snapshot_metadata method, if the canister_snapshot_download flag of the execution config is set to FlagStatus::Enabled.
It also updates the Ic00Method::ReadCanisterSnapshotData, Ic00Method::UploadCanisterSnapshotMetadata, Ic00Method::UploadCanisterSnapshotData match branches to check for the canister_snapshot_download and canister_snapshot_upload flags of the execution config, preparing the work for the next implementations.

77dfd0cc3:
Adds the global_timer_nanos, on_low_wasm_memory_hook_status and source fields to the CanisterSnapshotBits protobuf message. It also updates the serialization and deserialization of the new fields in the CanisterSnapshotBits struct.
It also adds the global_timer and on_low_wasm_memory_hook_status fields to the ExecutionStateSnapshot struct, and the source field to the CanisterSnapshot struct.

2c64388af:
Enforces the minimum freezing threshold time to 1 week.
Introduces the MINIMUM_FREEZING_THRESHOLD constant. This constant is used in the parser from CanisterSettingsArgs to CanisterSettings struct to check if the input freezing threshold is greater than the constant. Returns an error otherwise.

1bb75e45a:
Sets the TakenFromCanister variant of the SnapshotSource enum as the default in order to use it when deserializing from protobuf.

c766779a7:
Matches description.

4fab827a3:
Changes the run method of the QueryContext struct to calculate the amount of instructions used when the query is executed by the IC to itself, which happens in the HTTP transforms. If the instructions used are greater than 100M, it logs them.
Additionally, it logs if the query executed by the IC is a composite query.

0a0e235f3:
Matches description.

3d73f0af2:
Removes the wasm_native_stable_memory field from the FeatureFlags struct. Removes the code that was checking if the flag was enabled from the embedders, execution_environment, interfaces and system_api modules.

a2f4c702c:
Removes the logic to handle inter-canister query calls in the run method of the QueryContext struct for Distrikt’s subnet.
It removes the query_retry_call field from the QueryHandlerMetrics struct.

9662ae275:
Matches description.

2de3fbec2:
Matches description.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

1 Like
7

Proposal 136066 | Tim - CodeGov

Screenshot 2025-04-06 220220
Screenshot 2025-04-06 2202201246×330 15.5 KB

Vote: Adopt

Reason: Build is successful, hashes match, commits match descriptions and the reasoning behind the changes is sound. I’ve reviewed commits for Consensus and Interface (and some for Node) as detailed below.

Review

Features:

[810dddeb8]
Adapts Bazel files to utilise hermetic_cc_toolchain and adds hermetic_cc_toolchain.patch.

Bugfixes:

[8936943a6]
Increments divergence_responses stat for each divergent response, as per description.

Chores:

[6f3739270]
Changes various fields to be optional within types CanisterSnapshotBits, ExecutionStateSnapshot and ReadCanisterSnapshotMetadataResponse along with additional related code changes.

[9ac3bfbcf]
Adds a log within state manager spawn_tip_thread function to indicate whether a manifest computation is incremental from another checkpoint or is from scratch.

[b5f63841a]
Shifts “Completed StateSync” log from the case “already have a StateMetadata locally” and not the in-memory state to the case in which we do have the in-memory state, and re-words it accordingly.

[8a97b5580]
Updates base container image references.

Refactoring:

[f366b62d0]
Adds a new crate ic-consensus-idkg and shifts the current idkg module into it from ‎rs/consensus/src/idkg/ + test changes as described.

[722fb4ad0]
Replaces several dynamic (dyn) types with generics and impl trait, as per description.

Other changes:

[6fc00b797]
Reverts 810dddeb8 above.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neurons’ Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralisation of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

2 Likes
8

Proposal #136066 — Zack | CodeGov

for release-2025-04-03_03-15-base.

Vote: Adopted
Reason: The build is reproducible and all three OS hashes match (GUESTOS, HOSTOS and SETUPOS) as well as the listed commits descriptions.

image
image1718×799 161 KB

Commits
About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

9

Proposal 136066– Zane | CodeGov

Vote: ADOPT

Reason: Build completes successfully, both hashes and reviewed commits match their descriptions, so I’ve decided voted to adopt.

136066
1360661810×448 101 KB

Features:

7f009d854 IC00 methods to read/upload canister snapshots and snapshots metadata have been slightly modified so that they behave differently based on the feature flag for the respective feature being enabled or not. Implemented ReadCanisterSnapshotMetadata method, when it is called and the canister_snapshot_download flag is set to true, read_snapshot_metadata is called, this method first ensure the caller is a controller of the canister the snapshot is associated to, that a snapshot with the passed id can be found and that it actually belongs to the provided canister. If all checks are satisfied it returns a ReadCanisterSnapshotMetadataResponse instance. If the canister_snapshot_download flag is not enabled then an empty blob is returned, the same happens for the other read/upload IC00 methods, but since at the moment only ReadCanisterSnapshotMetadata has been implemented, they return an an empty blob regardless.
Added 2 methods in ExecutionTestBuilder to enable canister snapshot download/flags when creating a test instance of the execution environment. In management_canister_types the constructors for ReadCanisterSnapshotMetadataArgs and ReadCanisterSnapshotDataArgs have been modified to use SnapshotId struct as type for snapshot_id rather than a raw byte vector. Finally a concrete implementation of Payload trait has been provided for ReadCanisterSnapshotMetadataArgs.

77dfd0cc3 Modified canister snapshot structs to include new metadata fields. Both Rust and proto’s definitions of CanisterSnapshotBits have been extended with 3 new fields: source which is an enum specifying whether the snapshot comes from a canister or a user upload, global_timer another enum detailing the canister time state, i.e inactive or to be activated at a certain time and finally on_low_wasm_memory_hook_status. The same fields have also been added to internal representations, i.e ExecutionStateSnapshot and CanisterSnapshot, with global_timer and on_low_wasm_memory_hook_status added to the former and source to the latter. from_canister method was modified to properly set the new fields when a new CanisterSnapshot instance is created from the canister’s state.

2c64388af Additional validation when converting CanisterSettingsArgs, if a new value is provided for the canister’s freezing threshold and it is lower than MINIMUM_FREEZING_THRESHOLD, i.e 1 week, FreezingThresholdOutOfRange variant of UpdateSettingsError is returned. The aforementioned variant has also been modified to not only return the provided value but also the minimum one, so that the end user can more easily understand why the call failed. Many tests where the freezing threshold is manually set have been updated as they’d previously used values lower than the minimum allowed one and would fail after this change.

Bugfixes:

8936943a6 Increment divergence_responses counter by 1 every time divergence_response_into_reject successfully converts a CanisterHttpResponseDivergence into a ConsensusResponse containing a reject. Matches description.

1bb75e45a Set TakenFromCanister variant as default value for SnapshotSource and use it when conversion between the internal and serialized versions fail rather than returning an error. Matches description.

c766779a7 Added documentation comment for CHUNK_SIZE constant and provide more details on WasmChunkStoreMetadata’s map 100 entries limit. Improved error message in can_insert_chunk by also returning the max number of entries alongside capacity in bytes. Finally added take_snapshot_with_maximal_chunk_store test to ensure upload_chunk works fine as long as the chunk store entry limit is not hit and it returns an error as soon as the limit is reached.

Chores:

4fab827a3 Added logs for composite/expensive canister http transform requests. Matches description.

0a0e235f3 Modified string slice’s implementation of StrEllipsize trait so that if the max_len is smaller than the ellipsis itself, an empty string is returned instead of panicking. A documentation comment has been added to the trait to explain the new intended behaviour and in test_ellipsize new cases have been added to ensure the logic works as expected.

3d73f0af2 Deleted wasm_native_stable_memory feature flag and cleaned up lots of code in embedders/execution
/system api that was previously used to toggle between different code paths depending on the flag’s status.

a2f4c702c Removed bespoke logic which enabled legacy ICQC on the subnet distrikt runs on. Deleted query_retry_call from QueryHandlerMetrics and enabled composite_queries flag by default in the ExecutionTestBuilder.

6f3739270 Modified global_timer and on_low_wasm_memory_hook_status fields introduced with 77dfd0cc3 to be optional. Improve proto representation for the global timer by defining a dedicate message type for it and added a doc comment providing explanation on its semantics.

9ac3bfbcf In the tip thread logs whether the manifest computation is incremental or not. Matches description.

b5f63841a Inverted logs in on_synced_checkpoint so that they are only displayed in the rare cases rather than the commonly expected ones.

8a97b5580 Updated ICOS image refs.

Refactoring:

f366b62d0 Moved idkg module from consensus to the new ic-consensus-idkg crate. Matches description.

9662ae275 Moved system api implementation from ic-system-api to the embedders crate. Matches description.

2de3fbec2 Renamed embedders/system_api.rs module to embedders/linker.rs and updated imports accordingly.

722fb4ad0 Replaced a few types to make use of generic types with trait bounds and statically dispatched traits rather than dynamically dispatched trait objects. Matches description.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

1 Like