Proposal to elect new release rc--2025-04-11_13-20

Hello there!

We are happy to announce that voting is now open for a new IC release.
The NNS proposal is here: IC NNS Proposal 136223.

Here is a summary of the changes since the last release:

Release Notes for release-2025-04-11_13-20-base (579b8ba3a31341f354f4ddb3d60ac44548a91bc2)

This release is based on changes since release-2025-04-03_03-15-base (68fc31a141b25f842f078c600168d8211339f422).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

  • 2439d8896 Consensus,Execution,Interface(MR): Enable best-effort calls everywhere (#4742)
  • 91398734c Consensus,Interface: Remove the timeout of computing the state hash in ic-replay (#4572)
  • d5d8d47cd Execution,Interface: Disable canister backtrace when name section is missing (#4690)
  • 42466a65b Execution,Interface: Read canister snapshot data (#4505)
  • 5d40b0f42 Execution,Interface: Prefetch pages backward (#4552)
  • 32082e416 Interface(ICRC_Ledger): Always return compliant certificate from ICRC ledger (#4504)
  • 412c839a0 Interface(node_reward): Add the basic calculation to the Node Reward Canister (#4628)

Bugfixes:

  • bb17ec5b9 Consensus,Interface: rename the orchestrator binary crate from ic_state_tool to orchestrator (#4659)
  • ce2680374 Execution,Interface: Speed up wasm64 check (#4640)
  • 7a3acf623 Node: make danted restart when systemd-networkd is restarted (#4658)

Chores:

  • 6845d8a7b Consensus,Interface(orchestrator): add registry replicator task to the TaskTracker (#4710)
  • 28445da96 Consensus,Interface(orchestrator): Introduce a metric which keeps count of how many times an orchestrator task has panicked (#4656)
  • 139f7fa88 Consensus,Interface: log requests with invalid ingress expiry (#4518)
  • 2e4ded9e6 Crypto,Interface(crypto): Use ic-vetkd-utils for VetKD key derivation (#4692)
  • aa3de32d8 Execution,Interface: Revert “feat: Introduce low bound for canister’s freezing threshold (#4401)” (#4783)
  • 3c5f07170 Execution,Interface: Fix a typo in call_or_task.rs (#4738)
  • eecacca6c Execution,Interface: Add metrics for reading wasm files in execution (#4627)
  • f58a8dbc8 Execution,Interface: Fix typos in the scheduler (#4675)
  • 6903a663a Execution,Interface: Remove in-memory compilation cache (#4522)
  • 9a69f7ef9 Execution,Interface,Message Routing: Track outgoing responses in streams (#4561)
  • c3be0cb3f Interface: Fix some typos in the comments on HypervisorError (#4631)
  • 47c52251c Interface(crypto): Add VetKD to the state machine tests (#4625)
  • 76a8f390b Interface,Node(node): fix config_types vm_nr_of_vcpus default (#4730)
  • 1eb5c2361 Interface,Node: support configuring number of vCPUs for GuestOS VM (#4622)
  • 2fbdb88dc Owners: bump crossbeam-channel to 0.5.15 (#4767)
  • 47dce406c Node: Update Base Image Refs [2025-04-10-0807] (#4756)
  • 0b43b5f69 Node: Update Base Image Refs [2025-04-09-0150] (#4735)
  • 6f712d318 Node: Update Base Image Refs [2025-04-08-0151] (#4702)
  • bbc5097fc Node: Update Base Image Refs [2025-04-04-0149] (#4648)
  • 0624a206e Node: Update Base Image Refs [2025-04-03-0807] (#4637)

Tests:

  • 29485b69f Execution,Interface: Resurrect system_api tests (#4762)
  • bd366ae95 Interface: ic-prep Add the data center records to the registry (#4694)

Full list of changes (including the ones that are not relevant to GuestOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS disk image, after installing curl if necessary (sudo apt install curl), run:

# From https://github.com/dfinity/ic#verifying-releases
curl -fsSL https://raw.githubusercontent.com/dfinity/ic/master/ci/tools/repro-check | python3 - -c 579b8ba3a31341f354f4ddb3d60ac44548a91bc2 --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

1 Like

Proposal 136223 - Hamish | CodeGov

Vote: Adopt
Reason: I have successfully run the build script and in my opinion all the commits listed look fine and match their descriptions.

Features:

  • 2439d8896 Consensus,Execution,Interface(MR): Enable best-effort calls everywhere (#4742)
    Review: Looks fine + matches description
    Notes: Sets the best_effort_responses feature flag to enabled on all subnets, rather than only on application subnets.

  • 91398734c Consensus,Interface: Remove the timeout of computing the state hash in ic-replay (#4572)
    Review: Looks fine + matches description
    Notes: Updates the get_state_hash function to keep looping indefinitely while waiting for the state hash computation to complete, whereas before it would only loop 120 times with a 500ms pause between each iteration.

  • d5d8d47cd Execution,Interface: Disable canister backtrace when name section is missing (#4690)
    Review: Looks fine + matches description
    Notes: Avoids returning canister backtraces if any function names can’t be found when creating the backtrace.

  • 42466a65b Execution,Interface: Read canister snapshot data (#4505)
    Review: Looks fine + matches description
    Notes: Implements the ability to read chunks of data from a canister snapshot, this can be used to recreate the full snapshot locally.

  • 5d40b0f42 Execution,Interface: Prefetch pages backward (#4552)
    Review: Looks fine + matches description
    Notes: Optimises how the sigsegv_fault_handler_new function prefetches pages whenever there is a page fault, and includes the new benchmarks which show the significant improvements.

  • 32082e416 Interface(ICRC_Ledger): Always return compliant certificate from ICRC ledger (#4504)
    Review: Looks fine + matches description
    Notes: Updates the ICRC ledger to always return a certificate which is compatible with the ICRC3 standard, as opposed to only when the icrc3-compatible-data-certificate feature flag is enabled.

  • 412c839a0 Interface(node_reward): Add the basic calculation to the Node Reward Canister (#4628)
    Review: Looks fine + matches description
    Notes: Adds the get_node_providers_monthly_xdr_rewards query endpoint to the Node Rewards Canister. This same calculation already exists in the Registry, but going forward the node rewards will be migrated out of the Registry and into the Node Rewards Canister.

Bugfixes:

  • bb17ec5b9 Consensus,Interface: rename the orchestrator binary crate from ic_state_tool to orchestrator (#4659)
    Review: Looks fine + matches description
    Notes: Simply renames the orchestrator’s binary crate from ic_state_tool to orchestrator.

  • ce2680374 Execution,Interface: Speed up wasm64 check (#4640)
    Review: Looks fine + matches description
    Notes: Speeds up the check_if_wasm64_module function by making it only parse the memory section of the wasm module rather than the full module.

  • 7a3acf623 Node: make danted restart when systemd-networkd is restarted (#4658)
    Review: Looks fine + matches description
    Notes: Updates the danted service to make it always restart whenever the systemd-networkd service is restarted.

Chores:

  • 6845d8a7b Consensus,Interface(orchestrator): add registry replicator task to the TaskTracker (#4710)
    Review: Looks fine + matches description
    Notes: Modifies start_polling of the registry replicator to return a Future rather than spawning the future on a new thread and then return that thread’s JoinHandle. Then updates the orchestrator to spawn that Future using the TaskTracker so that failures will be tracked in the metrics.

  • 28445da96 Consensus,Interface(orchestrator): Introduce a metric which keeps count of how many times an orchestrator task has panicked (#4656)
    Review: Looks fine + matches description
    Notes: Adds the critical_error_task_panicked orchestrator metric and implements the TaskTracker whose job is to spawn orchestrator tasks and increment the metric counter if any result in a panic.

  • 139f7fa88 Consensus,Interface: log requests with invalid ingress expiry (#4518)
    Review: Looks fine + matches description
    Notes: Includes more details in the log messages whenever RequestValidationError::InvalidRequestExpiry errors occur.

  • 2e4ded9e6 Crypto,Interface(crypto): Use ic-vetkd-utils for VetKD key derivation (#4692)
    Review: Looks fine + matches description
    Notes: Removes the derive_vetkd_public_key function from the ic-crypto-utils-canister-threshold-sig package and migrates its usages over to ic_vetkd_utils which exposes the same functionality.

  • aa3de32d8 Execution,Interface: Revert “feat: Introduce low bound for canister’s freezing threshold (#4401)” (#4783)
    Review: Looks fine + matches description
    Notes: Removes the MINIMUM_FREEZING_THRESHOLD limitation which was added in last week’s release in favour of instead updating DFX to warn the developer against setting low freezing thresholds.

  • 3c5f07170 Execution,Interface: Fix a typo in call_or_task.rs (#4738)
    Review: Looks fine + matches description
    Notes: This is literally just a one character change which fixes the typo “it” → “its”.

  • eecacca6c Execution,Interface: Add metrics for reading wasm files in execution (#4627)
    Review: Looks fine + matches description
    Notes: Adds the new cache_miss_fallback_file label to the cache metrics within execution. This counter keeps track of how frequently execution has to read the wasm from disk.

  • f58a8dbc8 Execution,Interface: Fix typos in the scheduler (#4675)
    Review: Looks fine + matches description
    Notes: Updates 2 comments within the scheduler.

  • 6903a663a Execution,Interface: Remove in-memory compilation cache (#4522)
    Review: Looks fine + matches description
    Notes: Removes all the code relating to the in-memory compilation cache now that the on-disk version has been stable for a while now.

  • 9a69f7ef9 Execution,Interface,Message Routing: Track outgoing responses in streams (#4561)
    Review: Looks fine + matches description
    Notes: Introduces the guaranteed_response_counts map to the replicated state metadata for each canister, which tracks the number of outstanding guaranteed responses per recipient canister. Then also adds the ready_for_migration function which makes use of this new map to detect if a canister can be migrated to a new subnet.

  • c3be0cb3f Interface: Fix some typos in the comments on HypervisorError (#4631)
    Review: Looks fine + matches description
    Notes: Just fixes a few typos in comments.

  • 47c52251c Interface(crypto): Add VetKD to the state machine tests (#4625)
    Review: Looks fine + matches description
    Notes: Introduces the ic-crypto-test-utils-vetkd package which exposes the ability to create VetKD signatures for testing by generating a secret key from a provided seed.

  • 76a8f390b Interface,Node(node): fix config_types vm_nr_of_vcpus default (#4730)
    Review: Looks fine + matches description
    Notes: Fixes deserializing HostOSSettings from the previous version by adding a #[serde(default = "..")] attribute to the newly added vm_nr_of_vcpus field, which sets the value to 64 if it was not included in the serialized bytes.

  • 1eb5c2361 Interface,Node: support configuring number of vCPUs for GuestOS VM (#4622)
    Review: Looks fine + matches description
    Notes: Updates the scripts to set up GuestOS to take nr_of_vcpus as an input parameter. Then updates the test driver so that HostOS is configured with 32 vCPUs and GuestOS with 16vCPUs in an attempt to fix flakiness in some tests.

  • 2fbdb88dc Owners: bump crossbeam-channel to 0.5.15 (#4767)
    Review: Looks fine + matches description
    Notes: Bumps crossbeam-channel from 0.5.13 to 0.5.15.

  • 47dce406c Node: Update Base Image Refs [2025-04-10-0807] (#4756)
    Review: Looks fine + matches description
    Notes: Updates base IC-OS image references.

  • 0b43b5f69 Node: Update Base Image Refs [2025-04-09-0150] (#4735)
    Review: Looks fine + matches description
    Notes: Updates base IC-OS image references.

  • 6f712d318 Node: Update Base Image Refs [2025-04-08-0151] (#4702)
    Review: Looks fine + matches description
    Notes: Updates base IC-OS image references.

  • bbc5097fc Node: Update Base Image Refs [2025-04-04-0149] (#4648)
    Review: Looks fine + matches description
    Notes: Updates base IC-OS image references.

  • 0624a206e Node: Update Base Image Refs [2025-04-03-0807] (#4637)
    Review: Looks fine + matches description
    Notes: Updates base IC-OS image references.

Tests:

  • 29485b69f Execution,Interface: Resurrect system_api tests (#4762)
    Review: Looks fine + matches description
    Notes: Re-enable system_api tests which were accidentally disabled when the /rs/system_api/tests module was moved to /rs/embedders.

  • bd366ae95 Interface: ic-prep Add the data center records to the registry (#4694)
    Review: Looks fine + matches description
    Notes: Updates ic-prep (which is used to initialize UTOPIA test setups) to read additional datacenter details from the meta.json input, so that the Registry is initialized with these full details.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

2 Likes

proposal - 136223 Cyberowl | CodeGov

Vote: ADOPT

Reason:

The build was successful, and all the commit descriptions matched the changes in the code.

Checks

Hash Match: MATCH
2 Urls: MATCH
Feedback: NONE
Proposer Check: MATCH

Overall Summary:

Adds the read_canister_snapshot_data method, allowing canister controllers to retrieve specific binary slices—such as WASM modules, memory, or uploaded chunks—from a canister snapshot with a 2MB size limit. The Node Rewards Canister now supports a new query endpoint, get_node_providers_monthly_xdr_rewards, which allows retrieval of node provider rewards based on a specified or latest registry version.

Commits Summary

Features:
2439d8896
Turn on feature flag for best_effort_responses.

91398734c
Improves the reliability of get_state_hash by replacing a fixed retry loop with an infinite loop and a 1-second backoff, along with better logging for errors.

d5d8d47cd
Suppresses backtraces when a canister lacks a name section, as these backtraces are uninformative without function names. This is implemented by modifying convert_backtrace to return None when no names are available.

42466a65b
Adds the read_canister_snapshot_data method, allowing canister controllers to retrieve specific binary slices—such as WASM modules, memory, or uploaded chunks—from a canister snapshot with a 2MB size limit. This capability is gated by a feature flag.

5d40b0f42
Measures the performance of forward and backward read/write operations on a 1GB heap in both wasm32 and wasm64 environments.

32082e416
The ICRC-1 ledger’s data certificate format has been updated to fully comply with the ICRC-3 standard by using LEB128 encoding for last_block_index and renaming the tip_hash label to last_block_hash. This change removes the need for a feature flag and separate WASM variant.

412c839a0
The Node Rewards Canister now supports a new query endpoint, get_node_providers_monthly_xdr_rewards, which allows retrieval of node provider rewards based on a specified or latest registry version.

Bugfixes:
bb17ec5b9
Matches description, rename the orchestrator binary crate from ic_state_tool to orchestrator.

ce2680374
Replaces the ic-wasm-transform dependency with wasmparser in the CanisterManager::is_memory_64_bit method to detect 64-bit memory usage in WASM modules more efficiently. Parses only the memory section instead of the full module, reducing resource usage.

7a3acf623
Matches commit description make danted restart when systemd-networkd is restarted.

Chores:
6845d8a7b
Updates RegistryReplicator::start_polling to return a Future instead of a JoinHandle, giving callers more flexibility to manage how the registry polling task runs. Integration with async workflows in components such as the orchestrator and backup manager, which now handle task execution and monitoring more idiomatically using tokio::spawn and TaskTracker.

28445da96
The orchestrator has been improved with the introduction of the TaskTracker struct, which replaces manual JoinHandle management to provide centralized task spawning, monitoring, and shutdown. Tasks are now managed via TaskTracker::spawn and awaited collectively with join_all, enabling consistent panic detection and logging.

139f7fa88
Improves logging by truncating large request payloads and extending detailed logging to include InvalidRequestExpiry errors.

2e4ded9e6
The refactor VetKD functionality into the new ic-vetkd-utils package, removing it from ic-crypto-utils-canister-threshold-sig to improve modularity and reduce dependencies.

aa3de32d8
Removes the minimum canister freezing threshold, allowing values as low as 0 seconds instead of the previous 1-week minimum.

3c5f07170
Fix typo.

eecacca6c
Matches description Add metrics for reading wasm files in execution.

f58a8dbc8
Fix typos.

6903a663a
Removes support for in-memory compiled WASM module storage and unifies all WASM execution to use on-disk file-based caching via OnDiskSerializedModule. Eliminates the StoredCompilation::Memory variant.

9a69f7ef9
Adds a guaranteed_response_counts field to the Stream struct, enabling the IC to track how many non-best-effort responses are still pending per canister. It introduces a ready_for_migration method in ReplicatedState that ensures a canister is stopped, has no output messages, and has no pending guaranteed responses before it can migrate.

c3be0cb3f
Fix typos.

47c52251c
New utility crate (ic-crypto-test-utils-vetkd) for generating test keys, integrates VETKD request handling into threshold signature infrastructure, and expands existing tests to include VETKD scenarios such as fee handling and error cases.

76a8f390b
New vm_nr_of_vcpus field to the HostOSSettings struct, allowing operators to explicitly specify the number of virtual CPUs allocated to the host OS VM. The field defaults to 64 for backward compatibility.

1eb5c2361
Adds dynamic CPU configuration for GuestOS VMs, allowing vCPU counts to be specified via deployment config (nr_of_vcpus, defaulting to 64). It replaces static XML CPU files with inline, auto-generated specs tailored to the specified CPU mode (kvm or qemu).

2fbdb88dc
Matches description bump crossbeam-channel to 0.5.15.

47dce406c
Update Base Image Refs

0b43b5f69
Update Base Image Refs

6f712d318
Update Base Image Refs

bbc5097fc
Update Base Image Refs

0624a206e
Update Base Image Refs

Tests:
29485b69f
Move existing test files out of wasmtime_embedder/system_api/tests/ into a shared embedders/tests/ directory.
Introduce dedicated test targets for specific files (system_api.rs, sandbox_safe_system_state.rs) instead of bundling them all in one big test suite.

bd366ae95
Adds support for storing data center metadata (region, owner, GPS) in the IC’s registry by extending IcConfig and parsing new fields from meta.json. Each node operator is now linked to a data center via dc_id, and corresponding DataCenterRecord entries are written into the registry.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

1 Like

Proposal 136223 – ilbert | CodeGov

Vote: ADOPTED.
Reason: All reviewed commits match their description and hashes match.

Review:
For the Execution and Runtime layers, the main changes introduced in this proposal are:

  • Continues the work on the canister snapshot download and migration

I’ve reviewed all the commits listed in the proposal, for the Execution and Runtime layers:

d5d8d47cd:
Changes the convert_backtrace function to return None if all the function names of the input backtrace are empty. Otherwise, returns the backtrace as before. Adapts the functions where the convert_backtrace function is called.

42466a65b:
Adds the read_snapshot_data method to the CanisterManager struct. This method first checks if the caller is a controller of the canister, if the requested snapshot id exists and if the snapshot belongs to the canister. Then, for each kind (of type CanisterSnapshotDataKind), it gets the corresponding snapshot type (stable memory, heap memory, wasm binary). If the requested kind has a size bigger than the newly introduced MAX_SLICE_SIZE_BYTES constant (2 MB), the method returns an error.
Adds the get_wasm_module_chunk and get_memory_chunk functions to the CanisterSnapshot struct. The former returns the requested chunk from the wasm_binary field of the ExecutionStateSnapshot, the latter returns the requested slice of memory from the given PageMemory.
Adds the InvalidSubslice variant to the CanisterSnapshotError enum, which is used to indicate that the requested stable memory/heap memory/wasm binary chunk is out of range.
Adds the get_chunk_complete method to the WasmChunkStore struct, which retrieves the Wasm chunk at the given hash as a bytes vector.
Adds the get_snapshot_id method to the ReadCanisterSnapshotDataArgs struct, which parses the snapshot_id field into a SnapshotId.
Implements the Ic00Method::ReadCanisterSnapshotData handler in the execute_subnet_message method of the ExecutionEnvironment by calling the newly introduced read_snapshot_data method if the canister_snapshot_download config flag is enabled. This method calls the canister manager’s read_snapshot_data method.
Added a comment on GitHub.

5d40b0f42:
Changes the restrict_range_to_unmarked, restrict_range_to_marked and restrict_range_to_predicted methods of the PageBitmap struct to accept a faulting_page PageIndex argument. This way, the functions can calculate the start of the PageIndex range from the faulting_page index instead of the start of the input range.

ce2680374:
Changes the check_if_wasm64_module method of the CanisterManager struct to iterate through the parsed Wasm sections and return immediately if the found MemorySection is of 64-bit type.

aa3de32d8:
Matches description.

3c5f07170:
Matches description.

eecacca6c:
Matches description.

f58a8dbc8:
Matches description.

6903a663a:
Changes the CompilationCache enum to become a struct with the fields of the Dir variant of the old enum. Adapts all the implemented method to just execute what was executed for the Dir variant before.
Removes the StoredCompilation enum. Replaces this enum with the Arc<OnDiskSerializedModule>, which was the Disk variant content of the enum, where the enum was used.

9a69f7ef9:
Adds the guaranteed_response_counts field to the Stream struct.
Adds the calculate_guaranteed_response_counts method to the Stream struct, which iterates through the input outgoing messages queue and counts the amount of guaranteed responses for each respondent (canister). The count is stored in the guaranteed_response_counts BTreeMap. This method is also called in the struct’s default, try_from, new and with_signals constructor methods.
Changes the discard_messages_before method of the Stream struct to decrease or remove the message’s respondent count from the guaranteed_response_counts.
Adds the ready_for_migration method to the ReplicatedState struct, which returns true if the canister has been stopped, its guaranteed response count is empty and has no output messages.

29485b69f:
Matches description.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

1 Like

Proposal 136223 - Ipsita | ZenithCode

Summary

  1. Vote: Adopt
  2. Hash: All the hashes match
  3. Reason to Adopt The release notes match the commits and the code changes. Builds successfully.

Commits

Features:

  • 2439d8896 Consensus,Execution,Interface(MR): Enable best-effort calls everywhere (#4742)
    Notes: Updates best_effort_responses from ApplicationSubnetsOnly to Enabled, which now allows best-effort inter-canister call responses across all subnet types not just application subnets, but also system and NNS subnets.
    Review: Code changes look good and match release notes.
  • 91398734c Consensus,Interface: Remove the timeout of computing the state hash in ic-replay (#4572)
    Notes: Replaces a fixed retry loop (for _ in 0..120) with an indefinite loop using STATE_HASH_BACKOFF_DURATION (1 second) between retries, allowing ic-replay to wait as long as needed for the state hash, improves logging with warn! and adds unit tests using a MockStateManager to validate retry and error-handling behavior.
    Review: Code changes look good and match release notes.
  • d5d8d47cd Execution,Interface: Disable canister backtrace when name section is missing (#4690)
    Notes: Ensures that convert_backtrace returns None when the name section is missing in the Wasm module to prevent meaningless backtraces from being included in errors, updates error handling, logging and adds backtrace-canister-without-names test module for validation.
    Review: Code changes look good and match release notes.
  • 42466a65b Execution,Interface: Read canister snapshot data (#4505)
    Notes: Adds functionality to read specific binary data, such as stable memory, main memory, Wasm module, and Wasm chunks, from a canister snapshot through a feature-flagged API and returns the data in a ReadCanisterSnapshotDataResponse.
    Review: Code changes look good and match release notes.
  • 5d40b0f42 Execution,Interface: Prefetch pages backward (#4552)
    Notes:Backward page prefetching has been implemented to significantly improve performance, with backward reads increasing by 65-93%, backward writes by 45-71%, and overall heap benchmark times reduced by about 45%.
    Review: Code changes look good and match release notes.
  • 32082e416 Interface(ICRC_Ledger): Always return compliant certificate from ICRC ledger (#4504)
    Notes: The icrc3-compatible-data-certificate feature flag has been removed, and now the icrc3_get_tip_certificate function always returns an ICRC-3 compliant certificate by default, without depending on any compile-time flags.
    Review: Code changes look good and match release notes.
  • 412c839a0 Interface(node_reward): Add the basic calculation to the Node Reward Canister (#4628)
    Notes: NodeRewardsCanister now includes a method to calculate monthly XDR rewards for each node provider using registry data, with support for historical reward audits by optionally specifying a registry version.
    Review: Code changes look good and match release notes.

Bugfixes:

  • bb17ec5b9 Consensus,Interface: rename the orchestrator binary crate from ic_state_tool to orchestrator (#4659)
    Notes: crate_name = “ic_state_tool”, has been removed to correct the crate name for the binary, ensuring that the logs now properly reflect the “orchestrator” crate.
    Review: Code changes look good and match release notes.
  • ce2680374 Execution,Interface: Speed up wasm64 check (#4640)
    Notes: Refactors the Wasm module parsing logic by replacing Module::parse with wasmparser::Parser, which improves performance by 5x by parsing only the memory section for the wasm64 check.
    Review: Code changes look good and match release notes.
  • 7a3acf623 Node: make danted restart when systemd-networkd is restarted (#4658)
    Notes: Adds PartOf=systemd-networkd.service and After=systemd-networkd.service to the danted.service file to ensure that danted is restarted whenever systemd-networkd restarts.
    Review: Code changes look good and match release notes.

Chores:

  • 6845d8a7b Consensus,Interface(orchestrator): add registry replicator task to the TaskTracker (#4710)
    Notes: Refactors the RegistryReplicator::start_polling method to return a Future instead of spawning the task internally, letting the orchestrator manage it using TaskTracker and replacing the critical_error_task_panicked metric with critical_error_task_failed metric.
    Review: Code changes look good and match release notes.
  • 28445da96 Consensus,Interface(orchestrator): Introduce a metric which keeps count of how many times an orchestrator task has panicked (#4656)
    Notes: Introduced TaskTracker in the orchestrator and when a task panics, the critical_error_task_panicked metric is updated for each task, setting the stage for potential task restarts in the future.
    Review: Code changes look good and match release notes.
  • 139f7fa88 Consensus,Interface: log requests with invalid ingress expiry (#4518)
    Notes: Adds logging for requests with an invalid ingress expiry, extend the RequestValidationError handling in validation_error_to_http_error to log both InvalidRequestExpiry and InvalidSignature errors.
    Review: Code changes look good and match release notes.
  • 2e4ded9e6 Crypto,Interface(crypto): Use ic-vetkd-utils for VetKD key derivation (#4692)
    Notes: Use ic-vetkd-utils for VetKD key derivation and refactor the code to utilize the new ic-vetkd-utils package’s methods for public key derivation and validation.
    Review: Code changes look good and match release notes.
  • aa3de32d8 Execution,Interface: Revert “feat: Introduce low bound for canister’s freezing threshold (#4401)” (#4783)
    Notes: Reverts an earlier change where a low freezing threshold for canisters was introduced, causing issues for users and adds warnings when users attempt to set excessively low thresholds instead of enforcing a minimum value.
    Review: Code changes look good and match release notes.
  • 3c5f07170 Execution,Interface: Fix a typo in call_or_task.rs (#4738)
    Notes: Corrected typos in the comment of call_or_task.rs .
    Review: Code changes look good and match release notes.
  • eecacca6c Execution,Interface: Add metrics for reading wasm files in execution (#4627)
    Notes: Introduces CACHE_MISS_FALLBACK_FILE metric to track the number of times execution reads a WASM file from disk due to cache misses.
    Review: Code changes look good and match release notes.
  • f58a8dbc8 Execution,Interface: Fix typos in the scheduler (#4675)
    Notes: Corrected typos in the comments of Scheduler.
    Review: Code changes look good and match release notes.
  • 6903a663a Execution,Interface: Remove in-memory compilation cache (#4522)
    Notes: Removes the deprecated in-memory compilation cache as the on-disk compilation cache has been successfully implemented and is working properly.
    Review: Code changes look good and match release notes.
  • 9a69f7ef9 Execution,Interface,Message Routing: Track outgoing responses in streams (#4561)
    Notes: Improves the Stream struct by adding a guaranteed_response_counts field to track guaranteed responses from canisters.
    Review: Code changes look good and match release notes.
  • c3be0cb3f Interface: Fix some typos in the comments on HypervisorError (#4631)
    Notes: Corrected typos in the comments of HypervisorError.
    Review: Code changes look good and match release notes.
  • 47c52251c Interface(crypto): Add VetKD to the state machine tests (#4625)
    Notes: Add VetKD calls in state machine tests, expanding the test framework to validate these calls within execution and adds specific tests for VetKD functionality to improve coverage.
    Review: Code changes look good and match release notes.
  • 76a8f390b Interface,Node(node): fix config_types vm_nr_of_vcpus default (#4730)
    Notes: Adds a default value of 64 for the vm_nr_of_vcpus field in the HostOSSettings struct to ensure backward compatibility in serialization and test function test_vm_nr_of_vcpus_deserialization to verify the correct deserialization of the vm_nr_of_vcpus field.
    Review: Code changes look good and match release notes.
  • 1eb5c2361 Interface,Node: support configuring number of vCPUs for GuestOS VM (#4622)
    Notes: Reduces the default vCPUs from 64 to 32 for host VMs and from 64 to 16 for guest VMs to optimize resource usage. It also adds dynamic vCPU configuration by parsing nr_of_vcpus.
    Review: Code changes look good and match release notes.
  • 2fbdb88dc Owners: bump crossbeam-channel to 0.5.15 (#4767)
    Notes: Upgrades the crossbeam-channel dependency from version 0.5.13 to 0.5.15 .
    Review: Code changes look good and match release notes.
  • 47dce406c Node: Update Base Image Refs [2025-04-10-0807] (#4756)
    Notes: Updates the base container image references to newer versions to have secure container images.
    Review: Code changes look good and match release notes.
  • 0b43b5f69 Node: Update Base Image Refs [2025-04-09-0150] (#4735)
    Notes: Updates the base container image references to newer versions to have secure container images.
    Review: Code changes look good and match release notes.
  • 6f712d318 Node: Update Base Image Refs [2025-04-08-0151] (#4702)
    Notes: Updates the base container image references to newer versions to have secure container images.
    Review: Code changes look good and match release notes.
  • bbc5097fc Node: Update Base Image Refs [2025-04-04-0149] (#4648)
    Notes: Updates the base container image references to newer versions to have secure container images.
    Review: Code changes look good and match release notes.
  • 0624a206e Node: Update Base Image Refs [2025-04-03-0807] (#4637)
    Notes: Updates the base container image references to newer versions to have secure container images.
    Review: Code changes look good and match release notes.

Tests:

  • 29485b69f Execution,Interface: Resurrect system_api tests (#4762)
    Notes: Restores system_api-related tests by moving them to a centralized tests directory and switches imports from ic_system_api to ic_embedders::wasmtime_embedder::system_api.
    Review: Code changes look good and match release notes.
  • bd366ae95 Interface: ic-prep Add the data center records to the registry (#4694)
    Notes: Introduces DataCenterRecord support in ic-prep, parsing new fields like region, owner, and gps from meta.json into the registry and assigns dc_id to node operators and persists DC records using write_registry_entry.
    Review: Code changes look good and match release notes.
1 Like

Proposal: 136223 Manvick | ZenithCode

Summary:

  1. Build Hash: Build hash from the proposal, local build and CDN matches.
  2. Summary: The release notes matches the code changes
  3. Vote: I vote to adopt the proposal

Commits ## Features:
  • 2439d8896 Consensus,Execution,Interface(MR): Enable best-effort calls everywhere (#4742)
    Review: Matches description + changes are appropriate
    Note: This commit updates the feature flag best_effort_responses to enabled instead of just enabling it for ApplicationSubnetsOnly, this enables best-effort-inter-cannister calls everywhere. This is a safe and validated rollout that expands useful functionality.

  • 91398734c Consensus,Interface: Remove the timeout of computing the state hash in ic-replay (#4572)
    Review: Matches description + changes are appropriate
    Note: This commit removes the 1 minute timeout while computing a state hash, instead of giving up after a minute, the system waits indefinitely checking repeatedly whether certain conditions have been met, in this case, it checks if the computed hash is available. Personally, I believe there should be some limit in order to limit the time spent on computing hashes and to avoid user waiting for a long period of time for a bugged hashed to be computed.

  • d5d8d47cd Execution,Interface: Disable canister backtrace when name section is missing (#4690)
    Review: Matches description + changes are appropriate
    Note: Ths commit suppresses backtraces when a wasm module lacks debug information. This happens when a canister crashes. It also avoids cluttering logs if there are by functions by returning None instead of a backtrack.

  • 42466a65b Execution,Interface: Read canister snapshot data (#4505)
    Review: Matches description + changes are appropriate
    Note: This commit adds an IC canister method that allows external tools to download parts of a canister’s snapshot state which include wasmModule, MainMemory etcetera. Commit adds tests as well.

  • 5d40b0f42 Execution,Interface: Prefetch pages backward (#4552)
    Review: Matches description + changes are appropriate
    Note: This commit adds a backward page prefetching before the faulting page, this allows the system to have better performance when memory is being read or written. The benchmark showed a massive increase in performance.

  • 32082e416 Interface(ICRC_Ledger): Always return compliant certificate from ICRC ledger (#4504)
    Review: Matches description + changes are appropriate
    Note: This commit modifies the ICRC_ledger so that it always returns a certificate compliant with the ICRC-3 Standard. It also removes the icrc3-compatible-data-certificate feature flag and related build/test support. Overall, it makes the code more consistent across files.

  • 412c839a0 Interface(node_reward): Add the basic calculation to the Node Reward Canister (#4628)
    Review: Matches description + changes are appropriate
    Note: This commit adds a functionality for calculating and querying node rewards in the node reward canisters which is being decoupled from the registry canister. Logic used to calculate monthly XDR rewards for node providers is now being implemented inside node reward canisters.

Bugfixes:

  • bb17ec5b9 Consensus,Interface: rename the orchestrator binary crate from ic_state_tool to orchestrator (#4659)
    Review: Matches description + changes are appropriate
    Note: Just a file rename, also prevents confusion in log attribution when tracking errors.

  • ce2680374 Execution,Interface: Speed up wasm64 check (#4640)
    Review: Matches description + changes are appropriate
    Note: This patch optimizes performance by making changes in checking the wasm64 memory checks. It does so by replacing a dependency-heavy full parse with a lightweight direct check through wasmparser.

  • 7a3acf623 Node: make danted restart when systemd-networkd is restarted (#4658)
    Review: Matches description + changes are appropriate
    Note: This commit ensures that danted restarts when systemd-networkd restarts. Previously, when systemd-networkd restarted, danted binded to the network interface before IPv4 was configured by systemd-netwrkd. Now, it is run after IPv4 is configured. Overall, a good solution to the bug.

Chores:

  • 6845d8a7b Consensus,Interface(orchestrator): add registry replicator task to the TaskTracker (#4710)
    Review: Matches description + changes are appropriate
    Note: This commit improves testability and observability by refactoring start_polling method to return a Future instead of spawning internally, enhancing metrics, using new async polling methods on backup manager and boundary nodes as well as adding the registry replicator.

  • 28445da96 Consensus,Interface(orchestrator): Introduce a metric which keeps count of how many times an orchestrator task has panicked (#4656)
    Review: Matches description + changes are appropriate
    Note: This commit adds a metric, TaskTracker to monitor orchestrator tasks and track panics through a Prometheus metric, simplifying task management and allowing graceful shutdown.

  • 139f7fa88 Consensus,Interface: log requests with invalid ingress expiry (#4518)
    Review: Matches description + changes are appropriate
    Note: This commit improves logging for HTTP requests with invalid ingress expiry times. It uses string ellipsizing to limit log verbosity.

  • 2e4ded9e6 Crypto,Interface(crypto): Use ic-vetkd-utils for VetKD key derivation (#4692)
    Review: Matches description + changes are appropriate
    Note: This commit replaces the internal threshold-sig logic with the public ic-vetkd-utils for vetKD Key derivation which simplifies and consolidates the implementation. This commit also removes redundant code.

  • aa3de32d8 Execution,Interface: Revert “feat: Introduce low bound for canister’s freezing threshold (#4401)” (#4783)
    Review: Matches description + changes are appropriate
    Note: Reverts enforcement of minimum freezing threshold for canisters after user feedback. #44401 received negative user feedback thus is getting reverted.

  • 3c5f07170 Execution,Interface: Fix a typo in call_or_task.rs (#4738)
    Review: Matches description + changes are appropriate
    Note: Typo fix, clarifies code.

  • eecacca6c Execution,Interface: Add metrics for reading wasm files in execution (#4627)
    Review: Matches description + changes are appropriate
    Note: Adds a metric called cache_miss_fallback_file to track how often wasm files are read from disk due to cache misses. This metric is planned to be removed after lazy loading is implemented

  • f58a8dbc8 Execution,Interface: Fix typos in the scheduler (#4675)
    Review: Matches description + changes are appropriate
    Note: Fixes typos in documentation

  • 6903a663a Execution,Interface: Remove in-memory compilation cache (#4522)
    Review: Matches description + changes are appropriate
    Note: This commit removes a deprecated in-memory compilation cache fully transitioning to a disk-based system.

  • 9a69f7ef9 Execution,Interface,Message Routing: Track outgoing responses in streams (#4561)
    Review: Matches description + changes are appropriate
    Note: This commit allows tracking of guaranteed responses per canister in stream metadata. It introduces logic to update and validate these counts on message insertion and discard.

  • c3be0cb3f Interface: Fix some typos in the comments on HypervisorError (#4631)
    Review: Matches description + changes are appropriate
    Note: fixes typos, not much to say.

  • 47c52251c Interface(crypto): Add VetKD to the state machine tests (#4625)
    Review: Matches description + changes are appropriate
    Note: This commit introduces VetKD support in state machine test which enables it to test end to end scenarios for VetKD APIs such as VetKdPublickKey and VetKdDeriveKey, allowing them to simulate cryptographic operations and validate encrypted key response.

  • 76a8f390b Interface,Node(node): fix config_types vm_nr_of_vcpus default (#4730)
    Review: Matches description + changes are appropriate
    Note: This commit provides a default value for the vm_nr_of_vcpus field to make sure the code works with older configs which did not specify this field.

  • 1eb5c2361 Interface,Node: support configuring number of vCPUs for GuestOS VM (#4622)
    Review: Matches description + changes are appropriate
    Note: This commit allows configuring number of vCPUs for GuestOS Vm, default is 64 and hostVM is provisioned with 32vCPUs while nested GuestOS VM is provisioned with 16.

  • 2fbdb88dc Owners: bump crossbeam-channel to 0.5.15 (#4767)
    Review: Matches description + changes are appropriate
    Note: Bumps version and updates all relevant Cargo.lock, Bazel, and Cargo.toml files.

  • 47dce406c Node: Update Base Image Refs [2025-04-10-0807] (#4756)
    Review: Matches description + changes are appropriate
    Note: Automated update, updates docker base image references to new digests for all IC OS components.

  • 0b43b5f69 Node: Update Base Image Refs [2025-04-09-0150] (#4735)
    Review: Matches description + changes are appropriate
    Note: Automated update. Updates docker base image references to new digests for all IC OS components.

  • 6f712d318 Node: Update Base Image Refs [2025-04-08-0151] (#4702)
    Review: Matches description + changes are appropriate
    Note: Automated update. Updates docker base image references to new digests for all IC OS components.

  • bbc5097fc Node: Update Base Image Refs [2025-04-04-0149] (#4648)
    Review: Matches description + changes are appropriate
    Note: Automated update, updates docker base image references to new digests for all IC OS components.

  • 0624a206e Node: Update Base Image Refs [2025-04-03-0807] (#4637)
    Review: Matches description + changes are appropriate
    Note: Automated update, updates docker base image references to new digests for all IC OS components.

Tests:

  • 29485b69f Execution,Interface: Resurrect system_api tests (#4762)
    Review: Matches description + changes are appropriate
    Note: This commit properly relocates tests for the system-api component in the database. In a previous commit, system_api was moved but its integration test were left in the old directory, this commit fixes that.

  • bd366ae95 Interface: ic-prep Add the data center records to the registry (#4694)
    Review: Matches description + changes are appropriate
    Note: This commit improves ic=prep utility by allowing it to populate the registry with initial data center records, which addresses a gap where Node Operator entries had empty or missing data center information.

1 Like

Proposal 136223 | Yuvika - Zentih CodeSummary

  1. Vote: Adopt
  2. Hash: Hashes match
  3. Reasons to adopt: Builds fine + hashes match + release notes match the commits.

Commits

Features:

  • 2439d8896
    Summary: Enable best-effort calls everywhere.
    Notes: Enable the best_effort_responses feature globally, expanding its functionality beyond ApplicationSubnetsOnly to all inter-canister calls, following a safe and validated rollout
    Review: The description matches the code changes.

  • 91398734c
    Summary: Remove the timeout of computing the state hash in ic-replay.
    Notes: Remove the 1-minute timeout for state hash computation, replacing it with indefinite waiting and repeated checks for hash availability, though potential risks of indefinite delays and bugged hash computations are noted.
    Review: The description matches the code changes.

  • d5d8d47cd
    Summary: Disable canister backtrace when name section is missing.
    Notes: Prevent the display of unhelpful backtraces in canister crashes due to missing WASM debug information, and clear log clutter by returning None instead of backtraces for these cases.
    Review: The description matches the code changes.

  • 42466a65b
    Summary: Read canister snapshot data.
    Notes: introduces a new IC canister method enabling external tools to download specific parts of a canister’s snapshot state, like wasmModule and MainMemory, and includes accompanying tests.
    Review: The description matches the code changes.

  • 5d40b0f42
    Summary: Prefetch pages backward.
    Notes: Improve system performance by adding a backward page prefetching.
    Review: The description matches the code changes.

  • 32082e416
    Summary: Always return compliant certificate from ICRC ledger.
    Notes: Remove icrc3-compatible-data-certificate feature flag and refactor the ICRC_ledger` to return a ICRC-3 Standard compliant certificate.
    Review: The description matches the code changes.

  • 412c839a0
    Summary: Add the basic calculation to the Node Reward Canister.
    Notes: Refactor the registry canister code for calculating and querying node rewards and move it to node reward canisters.
    Review: The description matches the code changes.

Bugfixes:

  • bb17ec5b9
    Summary: rename the orchestrator binary crate from ic_state_tool to orchestrator.
    Notes: Rename file from ic_state_tool to orchestrator .
    Review: The description matches the code changes.

  • ce2680374
    Summary: Speed up wasm64 check.
    Notes: Improve performance by verifying wasm64 memory checks using a lightweight check using wasmparser.
    Review: The description matches the code changes.

  • 7a3acf623
    Summary: make danted restart when systemd-networkd is restarted.
    Notes: Ensure danted service restarts when systemd-networkd is restarted.
    Review: The description matches the code changes.

Chores:

  • 6845d8a7b
    Summary: add registry replicator task to the TaskTracker.
    Notes: Refactor start_polling to return a Future and the failures will be tracked in the metrics.
    Review: The description matches the code changes.

  • 28445da96
    Summary: Introduce a metric which keeps count of how many times an orchestrator task has panicked.
    Notes: Add new metric TaskTracker for tracking and management of orchestrator tasks.
    Review: The description matches the code changes.

  • 139f7fa88
    Summary: log requests with invalid ingress expiry.
    Notes: Improve HTTP logging by adding further details in error log messages for RequestValidationError::InvalidRequestExpiry.
    Review: The description matches the code changes.

  • 2e4ded9e6
    Summary: Use ic-vetkd-utils for VetKD key derivation.
    Notes: Refactor ic-crypto-utils-canister-threshold-sig by removing function derive_vetkd_public_key and transfer it to ic_vetkd_utils.
    Review: The description matches the code changes.

  • aa3de32d8
    Summary: Revert "feat: Introduce low bound for canister’s freezing threshold.
    Notes: Revert commit 2c64388 due to negative user feedback.
    Review: The description matches the code changes.

  • 3c5f07170
    Summary: Fix a typo in call_or_task.rs.
    Notes: Fix a typo and refactor the code.
    Review: The description matches the code changes.

  • eecacca6c
    Summary: Add metrics for reading wasm files in execution.
    Notes: Add a new metric cache_miss_fallback_file, which will be removed after some updates are made. This tracks the frequency of cache misses for the times when wasm files are read from the disk.
    Review: The description matches the code changes.

  • f58a8dbc8
    Summary: Fix typos in the scheduler.
    Notes: Typos in documentation are updated.
    Review: The description matches the code changes.

  • 6903a663a
    Summary: Remove in-memory compilation cache.
    Notes: Refactor and use a disk-based system instead of using the deprecated in-memory compilation cache.
    Review: The description matches the code changes.

  • 9a69f7ef9
    Summary: Track outgoing responses in streams.
    Notes: Add a new feature for stream metadata to track definite responses per canister by updating the counts while insertion and deletion.
    Review: The description matches the code changes.

  • c3be0cb3f
    Summary: Fix some typos in the comments on HypervisorError.
    Notes: Update typos in comments.
    Review: The description matches the code changes.

  • 47c52251c
    Summary: Add VetKD to the state machine tests.
    Notes: Add a new package ic-crypto-test-utils-vetkd which creates VetKD signatures through secret keys that can be generated from a seed.
    Review: The description matches the code changes.

  • 76a8f390b
    Summary: fix config_types vm_nr_of_vcpus default.
    Notes: Add a default value for vm_nr_of_vcpus.
    Review: The description matches the code changes.

  • 1eb5c2361
    Summary: support configuring number of vCPUs for GuestOS VM.
    Notes: Add a new feature to configure the number of vCPUs for GuestOS VM.
    Review: The description matches the code changes.

  • 2fbdb88dc
    Summary: bump crossbeam-channel to 0.5.15.
    Notes: Upgrade version of several packages such as Bazel, Cargo etc.
    Review: The description matches the code changes.

  • 47dce406c
    Summary: Update Base Image Refs [2025-04-10-0807].
    Notes: Update the base image references used for IC OS.
    Review: The description matches the code changes.

  • 0b43b5f69
    Summary: Update Base Image Refs [2025-04-09-0150].
    Notes: Update the base image references used for IC OS.
    Review: The description matches the code changes.

  • 6f712d318
    Summary: Update Base Image Refs [2025-04-08-0151].
    Notes: Update the base image references used for IC OS.
    Review: The description matches the code changes.

  • bbc5097fc
    Summary: Update Base Image Refs [2025-04-04-0149].
    Notes: Update the base image references used for IC OS.
    Review: The description matches the code changes.

  • 0624a206e
    Summary: Update Base Image Refs [2025-04-03-0807].
    Notes: Update the base image references used for IC OS.
    Review: The description matches the code changes.

Tests:

  • 29485b69f
    Summary: Resurrect system_api tests.
    Notes: Bring back system_api tests that were disabled due to some refactoring.
    Review: The description matches the code changes.

  • bd366ae95
    Summary: ic-prep Add the data center records to the registry.
    Notes: Add feature to ic-prep, to be able to populate initial data records in the registry and fix entries with empty/missing information.
    Review: The description matches the code changes.

1 Like

Proposal 136223 | Tim - CodeGov

Vote: Adopt

Reason: Commits match descriptions and the reasoning behind the changes is sound. The build failed with the error shown above. Exit code 137 usually indicates an out-of-memory issue so it may be that 16GB of RAM is not sufficient for the task, contrary to the advice that appears in the output. @DRE-Team @sat Does this seem accurate? Does anything need to be changed in the verification code?

Six reviewers have already verified that the hashes match between the payload and the build, so on this basis I’ve voted to adopt the proposal. I’ve reviewed commits for Consensus, Crypto, Interface and Owners as detailed below.

Review

Features:

[2439d8896]
Allows best-effort calls to be made to and from all subnets rather than just application subnets as per the previous similar change.

[91398734c]
Removes the 1-minute timeout for computing the state hash by changing for _ in 0..120 (using std::thread::sleep(WAIT_DURATION) for 500ms delay) to loop in fn get_state_hash.

[32082e416]
Adapts construct_hash_tree function in icrc1/ledger/src/lib.rs such that an ICRC-3 compliant certificate is always returned, by removing the condition #[cfg(feature = "icrc3-compatible-data-certificate")].

[412c839a0]
Adds node provider rewards calculations to the Node Reward Canister in preparation for the calculation being switched over to this canister. Specifically, it adds a method get_node_providers_monthly_xdr_rewards to rs/node_rewards/canister/src/canister.rs, which is then exposed as a query function, along with related new types.

Bugfixes:

[bb17ec5b9]
Renames the orchestrator binary crate from ic_state_tool to orchestrator within rs/orchestrator/BUILD.bazel.

Chores:

[6845d8a7b]
Adds the registry replicator task to the task tracker (introduced in 28445da below). More specifically, task_tracker.spawn("registry_replicator", future) is called within the Orchestrator::new method in rs/orchestrator/src/orchestrator.rs.

[28445da96]
Adds field critical_error_task_panicked to OrchestratorMetrics, which tracks the number of times a task panicked, grouped by the task name. Adds a new type TaskTracker and a new field task_tracker of type TaskTracker to Orchestrator, which is then utilised in several other sections.

[139f7fa88]
Adds InvalidRequestExpiry to InvalidSignature as a condition for logging an error for an http request, and limits the size of the logged request to 1024 characters.

[2e4ded9e6]
Modifies fn get_vetkd_public_key within execution_environment.rs so that it calls ic_vetkd_utils::DerivedPublicKey::deserialize for key derivation instead of ic_crypto_utils_canister_threshold_sig::derive_vetkd_public_key (which is removed in this commit), along with corresponding test changes.

[c3be0cb3f]
Corrects comment typos within pub enum HypervisorError.

[47c52251c]
Adds ic-crypto-test-utils-vetkd crate, containing type PrivateKey, associated methods and one related test (so far), along with other test changes. rs/state_machine_tests/src/lib.rs now uses the new crate and other new VetKD-related elements introduced in this commit.

[76a8f390b]
Adds default_vm_nr_of_vcpus() within ic_os/config_types/, returning a constant value of 64, and an associated test.

[1eb5c2361]
Sets the number of vCPUs for the host VM to 32 and for the guest VM to 16 within nested system tests, as per description.

[2fbdb88dc]
Updates crossbeam-channel to version 0.5.15.

[47dce406c] [0b43b5f69] [6f712d318] [bbc5097fc] [0624a206e]
These commits successively update base container image references for GuestOS, HostOS, SetupOS and Boundary Node GuestOS.

Tests:

[bd366ae95]
Within ic-prep, adds field initial_dc_records to type IcConfig, along with additional logic in order to add data centre records to the registry.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neurons’ Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralisation of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

1 Like

Proposal #135223 — Zack | CodeGov

for release-2025-04-11_13-20-base.

Vote: Adopted
Reason: The build is reproducible and all three OS hashes match (GUESTOS, HOSTOS and SETUPOS) as well as the listed commits descriptions.

Commits
About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

@timk11 yes your comment is very likely correct.

An “exit status 137” in the context of Linux (and container environments like Docker and Kubernetes) typically means that a process was killed by a SIGKILL signal, usually due to an out-of-memory (OOM) condition. This signal forcefully terminates a process, preventing it from consuming excessive resources and potentially destabilizing the system.

If this was a freshly started VM (there was no major memory leak), I’d try re-running the build. If that doesn’t help, you may need more RAM. Maybe the requirements went up in the new version. Or it could be the new verification script, that tries to download images while building. It keeps downloading and saving data in small chunks, but there is still some memory usage due to this running in the background. If that is indeed the problem, we could introduce a flag that prevents background downloads, and instead starts downloads only after the build is finished, as was the case earlier.

2 Likes

Proposal 136223– Zane | CodeGov

Vote: ADOPT
Reason: Build completes successfully, both hashes and reviewed commits match their descriptions, so I’ve decided voted to adopt.

Features:

2439d8896 Modified best_effort_responses feature flag so they are enabled by default on all subnets.

d5d8d47cd In wasmtime_embedder.rs changed return type of convert_backtrace method’s to be optional and updated its logic so that the backtrace is returned only if the function name is present for all frames. Modified env_with_backtrace_canister_and_visibility so that the binary name for the wasm file that has to be loaded or compiled with cargo (based on the current environment) can be passed, rather than being hardcoded. This was done in order to reuse the method’s logic for a new unit test which checks that errors on a canister without name sections don’t contain useless backtraces.

42466a65b Implemented logic for ReadCanisterSnapshotData IC00 method. When called, provided the canister_snapshot_download flag is enabled, it invokes the new read_snapshot_data method, which validates the caller is a controller of the target canister and that the requested snapshot id exists and actually belongs to the canister and returns an CanisterManagerError if any of the checks fail. The user can request 4 types of snapshot data: heap/stable memory, entire canister’s wasm module and individual wasm chunks. For the first 3 a limit of MAX_SLICE_SIZE_BYTES, i.e ~1.9MiB, is imposed in order to stay under the message size limit, WasmChunk requests dont have this check as they are already guaranteed to be limited in size. In order to read memory or the wasm module from the snapshot, the caller must provide an offset as starting position for the read and a bytes size, if the size is greater then the MAX_SLICE_SIZE_BYTES or the out of bounds memory access checks fail, an InvalidSubslice error is returned. WasmChunk don’t require this as only the chunk’s hash has to be passed, so as long as it is valid and a chunk with provided hash exists the operation complete successfully. get_wasm_module_chunk, get_memory_chunk and get_chunk_complete helper methods have been added for the memory reads from the snapshot and InvalidSubslice variant has been added to CanisterSnapshotError alongside conversion logic to UserError. Finally test_slice unit test was created to ensure a MAX_SLICE_SIZE_BYTES sized slice stays under the message limit when candid encoded.

5d40b0f42 Optimized restrict_range operations used by sigsegv_fault_handler_new by calculating the range of marked/unmarked pages starting from the faulting page.

412c839a0 Exposed get_node_providers_monthly_xdr_rewards query endpoint in the node reward canister, the logic used is similar to the one existing in the registry with the exception that node provider and data center record are fetched from the registry first and are then decoded from protobuf.

Bugfixes:

bb17ec5b9 Removed crate name attribute from orchestrator’s rust_binary rule so it will default to the target’s name. Matches description.

ce2680374 Optimized check_if_wasm64_module by only parsing the memory section instead of the entire module to determine if its a wasm64 module. Matches description.

Chores:

aa3de32d8 Reverts 2c64388 from last week’s ICOS release. Matches description.

3c5f07170 Fixed typo in comment. Matches description.

eecacca6c Added label for sandboxed_execution_replica_cache_lookups to track number of times a cache miss occurs for canister modules that are backed by a file.

f58a8dbc8 Fixed typo in comment. Matches description.

6903a663a Cleaned up code which was used to toggle between on disk and in memory compilation cache since the latter is no longer used.

9a69f7ef9 Keep track of each canisters’ guaranteed response count in streams. The value is calculated when a stream is deserialized or a new stream is initialized by iterating over all messages and increasing the counter for each unbounded response, then it is kept up to date whenever new unbounded response are appended to the stream and once a reject signal is received for them.

c3be0cb3f Fixed typos in comment. Matches description.

2fbdb88dc Bumped crossbeam-channel from 0.5.13 to 0.5.15.

47dce406c, 0b43b5f69, 6f712d318, bbc5097fc, 0624a206e Updated ICOS image refs.

Tests:

29485b69f Re enabled system api integration tests, which accidentally became inactive, by moving them under tests folder and creating bazel targets for them in the embedders build file.

bd366ae95 Added initial_dc_records vector field to IcConfig in ic-prep. Modified load_registry_node_operator_records_from_dir so that data center information can be read from the meta.json file, if present, and added to initial_dc_records, this data will then be written to the registry when initialize method is called.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.