feat: implement FIP-1249 - deprecate FIL+ and universal 10x QAP#1744
Open
magik6k wants to merge 3 commits into
Open
feat: implement FIP-1249 - deprecate FIL+ and universal 10x QAP#1744magik6k wants to merge 3 commits into
magik6k wants to merge 3 commits into
Conversation
Implement the core protocol changes from FIP-1249 to deprecate FIL+ (datacap/verifreg) and give all sectors universal 10x quality-adjusted power. Miner actor: - Add FULL_QA_POWER flag (0x2) to SectorOnChainInfoFlags; qa_power_for_sector() returns qa_power_max(size) when set, giving 10x QAP regardless of deal content - All new sectors (ProveCommit3, ProveCommitNI, ProveReplicaUpdates3) automatically receive the FULL_QA_POWER flag - Remove all verifreg cross-actor calls: batch_claim_allocations, get_claims, and the ext::verifreg module are removed entirely - Strip claim validation from sector extensions; use proportional deal weight reduction for legacy sectors instead - Add new UpgradeSectorQuality method (37) allowing SPs to upgrade existing pre-FIP-1249 sectors from their current QAP to full 10x, requiring additional pledge (modeled on the ProveReplicaUpdates3 pattern) Market actor: - Remove all datacap operations from publish_storage_deals (balance checks, allocation requests, datacap transfers) - Remove pending_deal_allocation_ids tracking from deal activation paths - Remove helper functions: balance_of, transfer_from, alloc_request_for_deal, datacap_transfer_request - Remove datacap and verifreg ext modules - DealProposal.verified_deal field kept for serialization backward compat Verifreg actor: - Disable datacap minting: AddVerifier, AddVerifiedClient return USR_FORBIDDEN - Disable allocation creation: UniversalReceiverHook returns USR_FORBIDDEN - Disable claim operations: ClaimAllocations, ExtendClaimTerms return USR_FORBIDDEN - Keep cleanup methods active: RemoveExpiredAllocations, RemoveExpiredClaims, GetClaims, RemoveVerifier, RemoveVerifiedClientDataCap - Remove dead helper functions (mint, burn, validate_*, can_claim_alloc, etc.) State invariants: - Skip verifreg claim-to-sector weight validation for FULL_QA_POWER sectors - Track full_qa_power flag in DataSummary for cross-actor checks Tests: - Add dedicated policy tests for FULL_QA_POWER flag behavior - Add UpgradeSectorQuality unit tests (validation, error cases, happy path) - Add FIP-1249 integration tests (10x CC sectors, NI sectors, verifreg deprecation, verified deals without datacap ops) - Update all existing tests for new 10x power expectations
Contributor
There was a problem hiding this comment.
Pull request overview
Implements the FIP-1249 “FIL+ deprecation + universal 10x QAP” behavior by removing datacap/verifreg flows from market/miner interactions, introducing a FULL_QA_POWER sector flag that forces 10x QA power, updating state invariants, and adding/adjusting extensive unit + integration test coverage.
Changes:
- Introduce
SectorOnChainInfoFlags::FULL_QA_POWERand update QA power calculation to return max (10x) when set. - Remove market-side datacap allocation/transfer plumbing and associated test harness expectations; update miner/verifreg-related tests accordingly.
- Add new FIP-1249 integration tests and miner unit tests for
UpgradeSectorQuality, plus invariant updates to account for full-QAP sectors.
Reviewed changes
Copilot reviewed 50 out of 50 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| test_vm/tests/suite/mod.rs | Registers new FIP-1249 test suite module. |
| test_vm/tests/suite/fip1249_test.rs | Adds TestVM wrappers invoking integration test functions. |
| state/src/check.rs | Skips claim-to-sector validation for FULL_QA_POWER sectors in invariants. |
| integration_tests/src/util/workflows.rs | Removes verifreg claim validation expectations and market datacap invocation expectations. |
| integration_tests/src/util/mod.rs | Updates type import paths (AllocationID). |
| integration_tests/src/tests/verifreg_remove_datacap_test.rs | Reworks tests around verifreg deprecation (AddVerifier forbidden). |
| integration_tests/src/tests/verifreg_multisig_root_test.rs | Updates multisig-root verifreg tests for AddVerifier deprecation. |
| integration_tests/src/tests/verified_claim_test.rs | Updates verified-claim scenarios to reflect “no allocations/claims + universal 10x QAP”. |
| integration_tests/src/tests/terminate_test.rs | Removes verifreg/datacap setup from termination integration test. |
| integration_tests/src/tests/replica_update3_test.rs | Updates replica-update integration tests to remove verified allocation/claim assumptions (but still contains leftover ClaimAllocations expectations). |
| integration_tests/src/tests/publish_deals_test.rs | Adjusts expectations: verified deals no longer require datacap, so they succeed. |
| integration_tests/src/tests/prove_commit3_test.rs | Removes verifreg claim-allocation expectations; updates daily fee expectations for universal 10x QAP. |
| integration_tests/src/tests/prove_commit_niporep_test.rs | Updates NI PoRep fee/power expectations for FULL_QA_POWER. |
| integration_tests/src/tests/mod.rs | Exposes new fip1249_test module. |
| integration_tests/src/tests/fip1249_test.rs | Adds dedicated FIP-1249 integration tests (10x QAP + verifreg disabled + no datacap ops). |
| integration_tests/src/tests/extend_sectors_test.rs | Updates extension behavior and legacy-weight simulation for post-FIP-1249 semantics. |
| integration_tests/src/tests/datacap_tests.rs | Updates datacap transfer expectations now that verifreg receiver hook is forbidden. |
| integration_tests/src/tests/batch_onboarding_deals_test.rs | Removes allocation-key plumbing from batch onboarding tests. |
| integration_tests/src/expects.rs | Updates ClaimID import path. |
| actors/verifreg/tests/harness/mod.rs | Adds helper to insert verifiers directly for tests now that AddVerifier is disabled. |
| actors/verifreg/src/emit.rs | Removes allocation/claim event emitters (allocations/claims no longer created). |
| actors/miner/tests/util.rs | Refactors harness expectations to remove verifreg calls and assume FULL_QA_POWER behavior. |
| actors/miner/tests/upgrade_sector_quality_test.rs | Adds unit tests for new UpgradeSectorQuality behavior and pledge/fee deltas. |
| actors/miner/tests/terminate_sectors_test.rs | Updates helper signatures and verified weight assumptions under FIP-1249. |
| actors/miner/tests/sector_status_test.rs | Updates termination fee expectations for 10x QA power. |
| actors/miner/tests/prove_replica_test.rs | Removes claim expectations and updates fee invariants under FULL_QA_POWER. |
| actors/miner/tests/prove_replica_failures_test.rs | Updates claim-failure tests (claim validation removed). |
| actors/miner/tests/prove_commit_sector_3_test.rs | Removes claim expectations and updates assertions to treat all data as unverified. |
| actors/miner/tests/prove_commit_sector_3_failures_test.rs | Updates claim-failure tests (claim validation removed). |
| actors/miner/tests/policy_test.rs | Adds policy tests validating FULL_QA_POWER semantics. |
| actors/miner/tests/extend_sector_expiration_test.rs | Removes claim-validation-dependent test paths; updates fee expectations. |
| actors/miner/tests/daily_fees_test.rs | Updates reference fee/expectations for 10x QA power. |
| actors/miner/src/types.rs | Adds FULL_QA_POWER flag; defines AllocationID/ClaimID locally; adds UpgradeSectorQualityParams. |
| actors/miner/src/testing.rs | Extends invariant summaries to track full_qa_power. |
| actors/miner/src/policy.rs | Makes qa_power_for_sector return qa_power_max when FULL_QA_POWER is set. |
| actors/miner/src/ext.rs | Removes miner’s verifreg ext module (no verifreg interactions). |
| actors/market/tests/verify_deals_for_activation_test.rs | Updates activated-deal allocation_id expectations (now NO_ALLOCATION_ID). |
| actors/market/tests/sector_content_changed.rs | Updates publish harness usage (no datacap/allocation params). |
| actors/market/tests/on_miner_sectors_terminate.rs | Updates publish harness usage (no datacap/allocation params). |
| actors/market/tests/market_actor_test.rs | Removes datacap plumbing from publish tests; updates expectations about verified deals. |
| actors/market/tests/harness.rs | Simplifies publish harness: removes datacap balance/transfer/alloc ID expectations. |
| actors/market/tests/deal_api_test.rs | Updates publish harness usage (no datacap/allocation params). |
| actors/market/tests/cron_tick_timedout_deals.rs | Updates publish harness usage (no datacap/allocation params). |
| actors/market/tests/batch_activate_deals.rs | Updates publish harness usage (no datacap/allocation params). |
| actors/market/tests/activate_deal_failures.rs | Updates publish harness usage (no datacap/allocation params). |
| actors/market/src/lib.rs | Removes datacap allocation/balance/transfer flow from PublishStorageDeals and activation bookkeeping. |
| actors/market/src/ext.rs | Removes verifreg/datacap ext plumbing (retains AllocationID alias only). |
Comments suppressed due to low confidence (1)
integration_tests/src/tests/fip1249_test.rs:378
- The deadline index calculation uses
deadline_info.index + 1 % policy.wpost_period_deadlines, but%has higher precedence than+, so this won’t wrap at period boundaries. Use(deadline_info.index + 1) % policy.wpost_period_deadlines.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
136
to
141
| &miner_id, | ||
| deadline_info.index + 1 % policy.wpost_period_deadlines, | ||
| ); | ||
|
|
||
| // Advance past the deal's minimum term (the claim remains valid). | ||
| // Advance past the deal's minimum term | ||
| advance_by_deadline_to_epoch_while_proving( |
Comment on lines
24
to
26
| }; | ||
| use fil_actor_miner::{Method as MinerMethod, VerifiedAllocationKey}; | ||
| use fil_actor_verifreg::{ | ||
| AllocationClaim, AllocationRequest, ClaimAllocationsParams, Method as VerifregMethod, | ||
| SectorAllocationClaims, | ||
| }; | ||
| use fil_actor_verifreg::Method as VerifregMethod; | ||
| use fil_actors_runtime::Array; |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #1744 +/- ##
==========================================
- Coverage 90.56% 87.36% -3.21%
==========================================
Files 140 140
Lines 27814 27194 -620
==========================================
- Hits 25189 23757 -1432
- Misses 2625 3437 +812
🚀 New features to boost your workflow:
|
… code - Fix operator precedence in fip1249_test.rs deadline index calculations: use (index + 1) % N instead of index + 1 % N - Remove dead replica_update_verified_deal_test and replica_update_verified_deal_max_term_violated_test that still referenced deprecated verifreg methods (ClaimAllocations, add_verifier, add_client) - Remove dead create_verified_deals helper and unused VerifregMethod import - Remove dead test_vm/tests/suite/replica_update_test.rs wrapper (not in mod.rs) - rustfmt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements the FIL+ deprecation half of FIP-1249 (Deprecate FIL+ and Fund Services via Block Reward Split). This PR does not implement the block reward split / Service Rewards Actor — only the datacap/verifreg removal and universal 10x QAP changes.
What's Implemented
Universal 10x QAP for all sectors
FULL_QA_POWERflag (0x2) onSectorOnChainInfoFlagsqa_power_for_sector()returnsqa_power_max(size)(10x raw power) when the flag is setProveCommitSectors3/activate_new_sector_infosProveCommitSectorsNIProveReplicaUpdates3/update_existing_sector_infoNew
UpgradeSectorQualitymethod (method 37)Allows SPs to upgrade existing pre-FIP-1249 sectors to full 10x QAP:
BitFieldof sector numbersFULL_QA_POWERflag, recomputes pledge (max(old, new)— pledge only increases), adjusts daily feeupdate_replica_states/partition.replace_sectorspatternMiner actor: verifreg/datacap removal
ext::verifregmodule entirely (no more cross-actor calls to verified registry)activate_sectors_pieces: no longer claims allocations; all piece space treated as unverifiedactivate_sectors_deals: no longer filters verified deals or callsClaimAllocationsbatch_claim_allocationsandget_claimsfunctions removedverified_allocation_keyfield kept onPieceActivationManifestfor API backward compat but ignoredMarket actor: datacap removal
publish_storage_deals: removed datacap balance checks, allocation requests, datacap token transfersbatch_activate_deals/sector_content_changed: removedpending_deal_allocation_idstrackingbalance_of,transfer_from,alloc_request_for_deal,datacap_transfer_requestext::datacapmodule and most ofext::verifregDealProposal.verified_dealfield kept for serialization backward compatVerifreg actor: disabled
AddVerifier,AddVerifiedClient: returnUSR_FORBIDDENUniversalReceiverHook: returnsUSR_FORBIDDEN(no new allocations)ClaimAllocations,ExtendClaimTerms: returnUSR_FORBIDDENRemoveExpiredAllocations,RemoveExpiredClaims,GetClaims,RemoveVerifier,RemoveVerifiedClientDataCapmint,burn,validate_*,can_claim_alloc, etc.)State invariant updates
check_verifreg_against_miners: skips claim-to-sector weight validation forFULL_QA_POWERsectorsDataSummarytracksfull_qa_powerflag for cross-actor checksDecisions That May Need Discussion
Several design choices were made that go somewhat beyond what the FIP text strictly requires, or where the FIP is ambiguous:
1. Existing datacap is fully blocked, not just minting
The FIP says: "no new datacap minted, but the existing datacap can still be used (ie, allocated) until natural expiration."
We disabled
UniversalReceiverHookandClaimAllocationsentirely, meaning existing datacap holders cannot create new allocations or claim them. The rationale: since all sectors get 10x regardless, allocating datacap has zero functional effect — it would be pure overhead. Existing allocations/claims will drain naturally viaRemoveExpiredAllocations/RemoveExpiredClaims.If strict FIP compliance is preferred, we'd re-enable
UniversalReceiverHookandClaimAllocationsso existing datacap can be spent (even though it changes nothing about QAP).2. Claim validation stripped from sector extensions
The FIP doesn't explicitly address what happens when legacy sectors (with existing verifreg claims) are extended. We stripped claim validation entirely — extensions now use proportional deal weight reduction for legacy sectors. SPs can call
UpgradeSectorQualityto get 10x regardless. The alternative would be keeping the verifregGetClaimscall alive for legacy extension paths.3. UpgradeSectorQuality only works on active sectors
We restricted the upgrade method to active sectors (not faulty, not unproven). A faulty sector must be recovered before upgrading. This matches the
ProveReplicaUpdates3(SnapDeal) pattern and avoids complex partition accounting for faulty/unproven power. This restriction could be relaxed in a follow-up.4. One faulty sector aborts the entire UpgradeSectorQuality batch
The
BatchReturnrecords success eagerly during validation, butpartition.replace_sectors()(which rejects inactive sectors) runs inside the state transaction. A single faulty sector in a batch aborts the whole call rather than being skipped. This is consistent with the existingupdate_replica_statespattern but differs from methods likeTerminateSectorswhich handle partial success per-deadline. Could be improved in a follow-up.5. verified_deal_weight stored as zero for new sectors
New sectors set
verified_space = BigInt::zero()regardless of actual deal content. Thedeal_weightfield still tracks unverified deal space. This meansverified_deal_weightis no longer meaningful on new sectors — it's always zero. TheFULL_QA_POWERflag is what drives 10x power.New Tests
FULL_QA_POWERflag gives 10x, ignores deal weights, ignores duration, legacy formula preservedNot Implemented (Out of Scope)
The following FIP-1249 components are not part of this PR: