[cherry-pick] Bump to protocol v113 and clean up some execution paths (#25585) (#25588)

Add protocol version 113 with refactored execution check ordering,
expanded node config options, and updated consensus validation. Includes
snapshot regeneration and new test coverage.

CI + some new tests

---

Check each box that your changes affect. If none of the boxes relate to
your changes, release notes aren't required.

For each box you select, include information after the relevant heading
that describes the impact of your changes that a user might notice and
any actions they must take to implement updates.

- [X] Protocol: Add a new protocol version to support some refactoring
in execution.
- [ ] Nodes (Validators and Full nodes):
- [ ] gRPC:
- [ ] JSON-RPC:
- [ ] GraphQL:
- [ ] CLI:
- [ ] Rust SDK:
- [ ] Indexing Framework:

Author: tzakian

crates/sui-config/src/node.rs

@@ -154,6 +154,10 @@ pub struct NodeConfig {
     #[serde(default)]
     pub transaction_deny_config: TransactionDenyConfig,
 
+    /// Whether dev-inspect transaction execution is disabled on this node.
+    #[serde(default)]
+    pub dev_inspect_disabled: bool,
+
     #[serde(default)]
     pub certificate_deny_config: CertificateDenyConfig,
 

crates/sui-core/src/authority.rs

@@ -2422,6 +2422,14 @@ impl AuthorityState {
             .into());
         }
 
+        let dev_inspect = checks.disabled();
+        if dev_inspect && self.config.dev_inspect_disabled {
+            return Err(SuiErrorKind::UnsupportedFeatureError {
+                error: "simulate with checks disabled is not allowed on this node".to_string(),
+            }
+            .into());
+        }
+
         // Cheap validity checks for a transaction, including input size limits.
         transaction.validity_check_no_gas_check(epoch_store.protocol_config())?;
 
@@ -2466,7 +2474,15 @@ impl AuthorityState {
 
         let protocol_config = epoch_store.protocol_config();
 
-        let (gas_status, checked_input_objects) = if checks.enabled() {
+        let (gas_status, checked_input_objects) = if dev_inspect {
+            sui_transaction_checks::check_dev_inspect_input(
+                protocol_config,
+                &transaction,
+                input_objects,
+                receiving_objects,
+                epoch_store.reference_gas_price(),
+            )?
+        } else {
             sui_transaction_checks::check_transaction_input(
                 epoch_store.protocol_config(),
                 epoch_store.reference_gas_price(),
@@ -2476,14 +2492,6 @@ impl AuthorityState {
                 &self.metrics.bytecode_verifier_metrics,
                 &self.config.verifier_signing_config,
             )?
-        } else {
-            sui_transaction_checks::check_dev_inspect_input(
-                protocol_config,
-                &transaction,
-                input_objects,
-                receiving_objects,
-                epoch_store.reference_gas_price(),
-            )?
         };
 
         // TODO see if we can spin up a VM once and reuse it
@@ -2525,7 +2533,7 @@ impl AuthorityState {
             kind,
             signer,
             transaction.digest(),
-            checks.disabled(),
+            dev_inspect,
         );
 
         let loaded_runtime_objects = tracking_store.into_read_objects();
@@ -2610,8 +2618,15 @@ impl AuthorityState {
             .into());
         }
 
-        let show_raw_txn_data_and_effects = show_raw_txn_data_and_effects.unwrap_or(false);
         let skip_checks = skip_checks.unwrap_or(true);
+        if skip_checks && self.config.dev_inspect_disabled {
+            return Err(SuiErrorKind::UnsupportedFeatureError {
+                error: "dev-inspect with skip_checks is not allowed on this node".to_string(),
+            }
+            .into());
+        }
+
+        let show_raw_txn_data_and_effects = show_raw_txn_data_and_effects.unwrap_or(false);
         let reference_gas_price = epoch_store.reference_gas_price();
         let protocol_config = epoch_store.protocol_config();
         let max_tx_gas = protocol_config.max_tx_gas();
@@ -2746,6 +2761,7 @@ impl AuthorityState {
             Some(error) => ExecutionOrEarlyError::Err(error),
             None => ExecutionOrEarlyError::Ok(()),
         };
+
         let (inner_temp_store, _, effects, execution_result) = executor.dev_inspect_transaction(
             self.get_backing_store().as_ref(),
             protocol_config,

crates/sui-core/src/authority/authority_per_epoch_store.rs

@@ -1496,6 +1496,7 @@ impl AuthorityPerEpochStore {
             config: &self.protocol_config,
             epoch: self.epoch(),
             chain_identifier: self.get_chain_identifier(),
+            reference_gas_price: self.reference_gas_price(),
         }
     }
 

crates/sui-core/src/authority/snapshots/sui_core__authority__execution_time_estimator__tests__execution_time_observer_v113.snap

@@ -0,0 +1,157 @@
+---
+source: crates/sui-core/src/authority/execution_time_estimator.rs
+expression: snapshot_data
+---
+protocol_version: 113
+consensus_observations:
+  - - MakeMoveVec
+    - observations:
+        - - 2
+          - secs: 0
+            nanos: 27000000
+        - - 7
+          - secs: 0
+            nanos: 18000000
+        - - 10
+          - secs: 0
+            nanos: 20000000
+        - - 1
+          - secs: 0
+            nanos: 25000000
+      stake_weighted_median:
+        secs: 0
+        nanos: 25000000
+  - - MergeCoins
+    - observations:
+        - - 9
+          - secs: 0
+            nanos: 64000000
+        - - 2
+          - secs: 0
+            nanos: 62000000
+        - - 2
+          - secs: 0
+            nanos: 32000000
+        - - 7
+          - secs: 0
+            nanos: 0
+      stake_weighted_median:
+        secs: 0
+        nanos: 62000000
+  - - SplitCoins
+    - observations:
+        - - 6
+          - secs: 0
+            nanos: 42000000
+        - - 3
+          - secs: 0
+            nanos: 25000000
+        - - 8
+          - secs: 0
+            nanos: 67000000
+        - - 3
+          - secs: 0
+            nanos: 61000000
+      stake_weighted_median:
+        secs: 0
+        nanos: 61000000
+  - - TransferObjects
+    - observations:
+        - - 1
+          - secs: 0
+            nanos: 13000000
+        - - 10
+          - secs: 0
+            nanos: 80000000
+        - - 0
+          - ~
+        - - 9
+          - secs: 0
+            nanos: 39000000
+      stake_weighted_median:
+        secs: 0
+        nanos: 39000000
+  - - Upgrade
+    - observations:
+        - - 0
+          - ~
+        - - 8
+          - secs: 0
+            nanos: 389000000
+        - - 10
+          - secs: 0
+            nanos: 274000000
+        - - 4
+          - secs: 0
+            nanos: 587000000
+      stake_weighted_median:
+        secs: 0
+        nanos: 389000000
+  - - MoveEntryPoint:
+        package: "0x0000000000000000000000000000000000000000000000000000000000000001"
+        module: coin
+        function: transfer
+        type_arguments: []
+    - observations:
+        - - 7
+          - secs: 0
+            nanos: 404000000
+        - - 6
+          - secs: 0
+            nanos: 162000000
+        - - 9
+          - secs: 0
+            nanos: 268000000
+        - - 3
+          - secs: 0
+            nanos: 254000000
+      stake_weighted_median:
+        secs: 0
+        nanos: 268000000
+  - - MoveEntryPoint:
+        package: "0x0000000000000000000000000000000000000000000000000000000000000002"
+        module: nft
+        function: mint
+        type_arguments: []
+    - observations:
+        - - 0
+          - ~
+        - - 0
+          - ~
+        - - 2
+          - secs: 0
+            nanos: 142000000
+        - - 8
+          - secs: 0
+            nanos: 499000000
+      stake_weighted_median:
+        secs: 0
+        nanos: 499000000
+transaction_estimates:
+  - - coin_transfer_call
+    - secs: 0
+      nanos: 268000000
+  - - mixed_move_calls
+    - secs: 0
+      nanos: 767000000
+  - - native_commands_with_observations
+    - secs: 0
+      nanos: 374000000
+  - - transfer_objects_2_items
+    - secs: 0
+      nanos: 117000000
+  - - split_coins_3_amounts
+    - secs: 0
+      nanos: 244000000
+  - - merge_coins_3_sources
+    - secs: 0
+      nanos: 248000000
+  - - make_move_vec_4_elements
+    - secs: 0
+      nanos: 125000000
+  - - mixed_commands
+    - secs: 0
+      nanos: 240000000
+  - - upgrade_package
+    - secs: 0
+      nanos: 389000000

crates/sui-core/src/authority/test_authority_builder.rs

@@ -68,6 +68,7 @@ pub struct TestAuthorityBuilder<'a> {
     authority_overload_config: Option<AuthorityOverloadConfig>,
     cache_config: Option<ExecutionCacheConfig>,
     chain_override: Option<Chain>,
+    dev_inspect_disabled: bool,
 }
 
 impl<'a> TestAuthorityBuilder<'a> {
@@ -95,6 +96,11 @@ impl<'a> TestAuthorityBuilder<'a> {
         self
     }
 
+    pub fn with_dev_inspect_disabled(mut self) -> Self {
+        self.dev_inspect_disabled = true;
+        self
+    }
+
     pub fn with_certificate_deny_config(mut self, config: CertificateDenyConfig) -> Self {
         assert!(self.certificate_deny_config.replace(config).is_none());
         self
@@ -349,6 +355,7 @@ impl<'a> TestAuthorityBuilder<'a> {
         config.certificate_deny_config = certificate_deny_config;
         config.authority_overload_config = authority_overload_config;
         config.authority_store_pruning_config = pruning_config;
+        config.dev_inspect_disabled = self.dev_inspect_disabled;
 
         let chain_identifier = ChainIdentifier::from(*genesis.checkpoint().digest());
         let policy_config = config.policy_config.clone();

crates/sui-core/src/checkpoints/mod.rs

@@ -1855,6 +1855,12 @@ impl CheckpointBuilder {
                 // added as dependencies, so that those transactions can be waited on using
                 // `consensus_messages_processed_notify()`. System transactions (such as
                 // settlements) are exempt from this already.
+                //
+                // However, we DO need to add them to `effects_in_current_checkpoint` so that
+                // `complete_checkpoint_effects` won't pull them in again as dependencies when
+                // processing later pending checkpoints in the same batch.
+                effects_in_current_checkpoint
+                    .extend(settlement_effects.iter().map(|e| *e.transaction_digest()));
                 sorted.extend(settlement_effects);
             }
 

crates/sui-core/src/consensus_validator.rs

@@ -150,6 +150,18 @@ impl SuiTxValidator {
                             .into());
                         }
                     }
+
+                    if let Some(aliases) = tx.aliases() {
+                        let num_sigs = tx.tx().tx_signatures().len();
+                        for (sig_idx, _) in aliases.iter() {
+                            if (*sig_idx as usize) >= num_sigs {
+                                return Err(SuiErrorKind::UnexpectedMessage(format!(
+                                    "UserTransactionV2 alias contains out-of-bounds signature index {sig_idx} (transaction has {num_sigs} signatures)",
+                                )).into());
+                            }
+                        }
+                    }
+
                     // TODO(fastpath): move deterministic verifications of user transactions here.
                 }
 
@@ -1079,4 +1091,57 @@ mod tests {
         // The executed transaction should NOT be rejected.
         assert!(rejected_transactions.is_empty());
     }
+
+    #[tokio::test]
+    async fn test_reject_invalid_alias_signature_index() {
+        let (sender, keypair) = deterministic_random_account_key();
+
+        let gas_object = Object::with_id_owner_for_testing(ObjectID::random(), sender);
+        let owned_object = Object::with_id_owner_for_testing(ObjectID::random(), sender);
+
+        let network_config =
+            sui_swarm_config::network_config_builder::ConfigBuilder::new_with_temp_dir()
+                .committee_size(NonZeroUsize::new(1).unwrap())
+                .with_objects(vec![gas_object.clone(), owned_object.clone()])
+                .build();
+
+        let state = TestAuthorityBuilder::new()
+            .with_network_config(&network_config, 0)
+            .build()
+            .await;
+
+        let transaction = test_user_transaction(
+            &state,
+            sender,
+            &keypair,
+            gas_object.clone(),
+            vec![owned_object.clone()],
+        )
+        .await;
+
+        // Extract the inner transaction and construct a PlainTransactionWithClaims
+        // with a bogus alias where sig_idx = 255 (far exceeding the 1 signature).
+        let inner_tx: Transaction = transaction.into_tx().into();
+        let bogus_aliases = nonempty::nonempty![(255u8, None)];
+        let tx_with_bogus_alias = PlainTransactionWithClaims::from_aliases(inner_tx, bogus_aliases);
+
+        let serialized_tx = bcs::to_bytes(&ConsensusTransaction::new_user_transaction_v2_message(
+            &state.name,
+            tx_with_bogus_alias,
+        ))
+        .unwrap();
+
+        let validator = SuiTxValidator::new(
+            state.clone(),
+            state.epoch_store_for_testing().clone(),
+            Arc::new(CheckpointServiceNoop {}),
+            SuiTxValidatorMetrics::new(&Default::default()),
+        );
+
+        let res = validator.verify_batch(&[&serialized_tx]);
+        assert!(
+            res.is_err(),
+            "Should reject transaction with out-of-bounds alias signature index"
+        );
+    }
 }