Do not call initialize_block before any runtime api

[bkchr]

Before this change we always called initialize_block before calling
into the runtime. There was already support with skip_initialize to skip
the initialization. Almost no runtime_api requires that
initialize_block is called before. Actually this only leads to higher
execution times most of the time, because all runtime modules are
initialized and this is especially expensive when the block contained a
runtime upgrade.

TLDR: Do not call initialize_block before calling a runtime api.

Fixes: paritytech/polkadot#3053

polkadot companion: paritytech/polkadot#3140

[tomusdrw]

Looks good, but I'm surprised there is no docs being updated. I think it's worth to document the behavior now.

[tomusdrw]

The method name doesn't make sense now?

[tomusdrw]

Doesn't this break compatibility between proof formats? Are there no consequences?

[bkchr]

@pepyakin @tomusdrw burn in etc was all successful. So, now it is time to do a proper review.

[tomusdrw]

Awesome work!

[tomusdrw]

Shall we add info about the need to manually initialize the frame_system pallet?

[bkchr]

For frame this is done automatically through Executive::validate_transaction. While this is also just required when you have a signed extension that checks for block hashes.

[tomusdrw]

🙏

[pepyakin]

Prior this patch, when an runtime API is called we would call initialize_block. In turn, it would call on_initialize of all modules. pallet_session is of special interest, since it would invoke SessionHandler::on_new_session as part of its on_initialize. With this patch, these routines would not be executed.

Specifically, a difference in behavior will be observed if an runtime API accesses some state that can be changed either in on_initialize or on_new_session.

I went through all the runtime API impls and have marked some that do that. Getting into the list doesn't mean that they are wrong, but I think it would be a good idea to check for somebody deeply familiar with the respective code, or at least acknowledge that they are aware of this change.

Here is the list:

• BabeApi @andresilva . Runtime APIs access state which is tainted by do_initialize and enact_epoch_change.
  This won't be a big concern, as far as I can tell. Runtime APIs are called with no digests and thus do_initialize does nothing (except randomness collection), should_epoch_change returns false and thus no enact_epoch_change.
• Equivocation proof generation and verification @andresilva . AFAICT, this should be fine since we always generate a proper proof. That enables it to be verified in any case.
• Beefy @tomusdrw @adoerr . This one seems can change authorities on new session and thus the validator_set API will return a different set at the last block. As I mentioned for BABE it may be fine since it appropriates ShouldEndSession.
• AuthorityDiscoveryApi @ordian . On new session this module rotates the keys.

[pepyakin]

Regarding the patch itself, LGTM!

[tomusdrw]

Thanks @pepyakin!
I'm crossing-out BEEFY from that list. We are planning to rely on the digest item anyway, currently afair we indeed do the state call and it might be an issue if we have BEEFY validators running two different versions (the ones running older version will think we already transitioned to a new set), but given it's currently deployed only on Rococo it should be easy to coordinate the upgrade, so I don't think any preventive measures are needed.

[bkchr]

I checked again Babe and AuthorityDiscovery and couldn't find anything problematic.

[bkchr]

bot merge

[ghost]

Trying merge.

[andresilva]

Both BABE and GRANDPA should be unaffected, I wasn't sure about the equivocation report submission but I tested it now.

[JoshOrndorff]

What is the recommended way to port runtime APIs that actually did depend on the initialization? Should each one manually initialize only what it needs to?

cc @tgmichel I believe this is the change that broke our EVM tracing.

[shawntabrizi]

@JoshOrndorff not super familiar with how one might initialize the block, but it may be that rather than trying to turn this back on, you actually want to see if you can adjust your code or tracing to work without needing this initialize.

I think in general, it is risky to your chain's performance if you have any of the runtime apis call initialize_block because some blocks can be very heavy, and it seems your chain may be attackable on those blocks

(afaik, not an expert on this)

[bkchr]

Yeah, I would not advise to do this.

If possible, I would prevent this. Or if you only need to initialize some stuff like System, you can only initialize this.

[crystalin]

@shawntabrizi Thanks for the feedback.
Just a bit of context, we understand those are a concern for resources (just the fact of fully tracing blocks is very expensive), and that is why we don't expose those features by default. Those are meant for projects to use internally to query the trace logs.

[JoshOrndorff]

Before this PR was merged, was each pallet's on_initialize hook called for each runtime API?

[bkchr]

Yes