feat: [EXC-2018] Charge for snapshot data download (#4787)

This PR introduces charging for instructions executed during canister
snapshot binary data download.

---------

Co-authored-by: Michael Weigelt <michael.weigelt@dfinity.com>

Author: michael-weigelt

rs/config/src/subnet_config.rs

@@ -165,6 +165,11 @@ pub const DEFAULT_UPLOAD_CHUNK_INSTRUCTIONS: NumInstructions = NumInstructions::
 pub const DEFAULT_CANISTERS_SNAPSHOT_BASELINE_INSTRUCTIONS: NumInstructions =
     NumInstructions::new(2_000_000_000);
 
+/// Baseline cost for up/downloading binary snapshot data (5M instructions).
+/// The cost is based on the benchmarks: rs/execution_environment/benches/management_canister/
+pub const DEFAULT_CANISTERS_SNAPSHOT_DATA_BASELINE_INSTRUCTIONS: NumInstructions =
+    NumInstructions::new(5_000_000);
+
 /// The cycle cost overhead of executing canister instructions when running in Wasm64 mode.
 /// This overhead is a multiplier over the cost of executing the same instructions
 /// in Wasm32 mode. The overhead comes from the bound checks performed in Wasm64 mode
@@ -272,6 +277,9 @@ pub struct SchedulerConfig {
 
     /// Number of instructions to count when creating or loading a canister snapshot.
     pub canister_snapshot_baseline_instructions: NumInstructions,
+
+    /// Number of instructions to count when uploading or downloading binary snapshot data.
+    pub canister_snapshot_data_baseline_instructions: NumInstructions,
 }
 
 impl SchedulerConfig {
@@ -301,6 +309,8 @@ impl SchedulerConfig {
             upload_wasm_chunk_instructions: DEFAULT_UPLOAD_CHUNK_INSTRUCTIONS,
             canister_snapshot_baseline_instructions:
                 DEFAULT_CANISTERS_SNAPSHOT_BASELINE_INSTRUCTIONS,
+            canister_snapshot_data_baseline_instructions:
+                DEFAULT_CANISTERS_SNAPSHOT_DATA_BASELINE_INSTRUCTIONS,
         }
     }
 
@@ -344,6 +354,7 @@ impl SchedulerConfig {
             accumulated_priority_reset_interval: ACCUMULATED_PRIORITY_RESET_INTERVAL,
             upload_wasm_chunk_instructions: NumInstructions::from(0),
             canister_snapshot_baseline_instructions: NumInstructions::from(0),
+            canister_snapshot_data_baseline_instructions: NumInstructions::from(0),
         }
     }
 

rs/execution_environment/benches/lib/src/common.rs

@@ -314,6 +314,9 @@ where
         subnet_configs
             .scheduler_config
             .canister_snapshot_baseline_instructions,
+        subnet_configs
+            .scheduler_config
+            .canister_snapshot_data_baseline_instructions,
     );
     for Benchmark(id, wat, expected_ops) in benchmarks {
         run_benchmark(

rs/execution_environment/src/canister_manager.rs

@@ -27,7 +27,9 @@ use ic_management_canister_types_private::{
     StoredChunksReply, UploadChunkReply,
 };
 use ic_registry_provisional_whitelist::ProvisionalWhitelist;
-use ic_replicated_state::canister_state::system_state::wasm_chunk_store::WasmChunkHash;
+use ic_replicated_state::canister_state::system_state::wasm_chunk_store::{
+    WasmChunkHash, CHUNK_SIZE,
+};
 use ic_replicated_state::canister_state::WASM_PAGE_SIZE_IN_BYTES;
 use ic_replicated_state::{
     canister_snapshots::CanisterSnapshot,
@@ -2044,10 +2046,11 @@ impl CanisterManager {
     pub(crate) fn read_snapshot_data(
         &self,
         sender: PrincipalId,
-        canister: &CanisterState,
+        canister: &mut CanisterState,
         snapshot_id: SnapshotId,
         kind: CanisterSnapshotDataKind,
         state: &ReplicatedState,
+        subnet_size: usize,
     ) -> Result<ReadCanisterSnapshotDataResponse, CanisterManagerError> {
         // Check sender is a controller.
         validate_controller(canister, &sender)?;
@@ -2064,6 +2067,29 @@ impl CanisterManager {
                 snapshot_id,
             });
         }
+
+        // Charge upfront for the baseline plus the maximum possible size of the returned slice or fail.
+        let num_response_bytes = match &kind {
+            CanisterSnapshotDataKind::WasmModule { size, .. } => *size,
+            CanisterSnapshotDataKind::MainMemory { size, .. } => *size,
+            CanisterSnapshotDataKind::StableMemory { size, .. } => *size,
+            // In this case, we might overcharge. But the stored chunks are also charged fully even if they are smaller.
+            CanisterSnapshotDataKind::WasmChunk { .. } => CHUNK_SIZE,
+        };
+        let size = NumInstructions::new(num_response_bytes);
+        if let Err(err) = self.cycles_account_manager.consume_cycles_for_instructions(
+            &sender,
+            canister,
+            self.config
+                .canister_snapshot_data_baseline_instructions
+                .saturating_add(&size),
+            subnet_size,
+            // For the `read_snapshot_data` operation, it does not matter if this is a Wasm64 or Wasm32 module.
+            WasmExecutionMode::Wasm32,
+        ) {
+            return Err(CanisterManagerError::CanisterSnapshotNotEnoughCycles(err));
+        };
+
         let res = match kind {
             CanisterSnapshotDataKind::StableMemory { offset, size } => {
                 if size > MAX_SLICE_SIZE_BYTES {

rs/execution_environment/src/canister_manager/tests.rs

@@ -312,6 +312,7 @@ fn canister_manager_config(
         SchedulerConfig::application_subnet().upload_wasm_chunk_instructions,
         ic_config::embedders::Config::default().wasm_max_size,
         SchedulerConfig::application_subnet().canister_snapshot_baseline_instructions,
+        SchedulerConfig::application_subnet().canister_snapshot_data_baseline_instructions,
         DEFAULT_WASM_MEMORY_LIMIT,
         MAX_NUMBER_OF_SNAPSHOTS_PER_CANISTER,
     )

rs/execution_environment/src/canister_manager/types.rs

@@ -90,6 +90,7 @@ pub(crate) struct CanisterMgrConfig {
     pub(crate) upload_wasm_chunk_instructions: NumInstructions,
     pub(crate) wasm_chunk_store_max_size: NumBytes,
     pub(crate) canister_snapshot_baseline_instructions: NumInstructions,
+    pub(crate) canister_snapshot_data_baseline_instructions: NumInstructions,
     pub(crate) default_wasm_memory_limit: NumBytes,
     pub(crate) max_number_of_snapshots_per_canister: usize,
 }
@@ -113,6 +114,7 @@ impl CanisterMgrConfig {
         upload_wasm_chunk_instructions: NumInstructions,
         wasm_chunk_store_max_size: NumBytes,
         canister_snapshot_baseline_instructions: NumInstructions,
+        canister_snapshot_data_baseline_instructions: NumInstructions,
         default_wasm_memory_limit: NumBytes,
         max_number_of_snapshots_per_canister: usize,
     ) -> Self {
@@ -133,6 +135,7 @@ impl CanisterMgrConfig {
             upload_wasm_chunk_instructions,
             wasm_chunk_store_max_size,
             canister_snapshot_baseline_instructions,
+            canister_snapshot_data_baseline_instructions,
             default_wasm_memory_limit,
             max_number_of_snapshots_per_canister,
         }

rs/execution_environment/src/execution_environment.rs

@@ -380,6 +380,7 @@ impl ExecutionEnvironment {
         heap_delta_rate_limit: NumBytes,
         upload_wasm_chunk_instructions: NumInstructions,
         canister_snapshot_baseline_instructions: NumInstructions,
+        canister_snapshot_data_baseline_instructions: NumInstructions,
     ) -> Self {
         // Assert the flag implication: DTS => sandboxing.
         assert!(
@@ -404,6 +405,7 @@ impl ExecutionEnvironment {
             upload_wasm_chunk_instructions,
             config.embedders_config.wasm_max_size,
             canister_snapshot_baseline_instructions,
+            canister_snapshot_data_baseline_instructions,
             config.default_wasm_memory_limit,
             config.max_number_of_snapshots_per_canister,
         );
@@ -1672,15 +1674,20 @@ impl ExecutionEnvironment {
 
             Ok(Ic00Method::ReadCanisterSnapshotData) => {
                 #[allow(clippy::bind_instead_of_map)]
-                let res = ReadCanisterSnapshotDataArgs::decode(payload).and_then(|args| {
-                    match self.config.canister_snapshot_download {
-                        FlagStatus::Disabled => Ok((vec![], None)),
-                        FlagStatus::Enabled => {
-                            let canister_id = args.get_canister_id();
-                            // TODO: [EXC-2018] do we need to account for copying the bytes -> costs and round_limits?
-                            self.read_snapshot_data(*msg.sender(), &state, args)
-                                .map(|res| (res, Some(canister_id)))
-                        }
+                let res = ReadCanisterSnapshotDataArgs::decode(payload).and_then(|args| match self
+                    .config
+                    .canister_snapshot_download
+                {
+                    FlagStatus::Disabled => Ok((vec![], None)),
+                    FlagStatus::Enabled => {
+                        let canister_id = args.get_canister_id();
+                        self.read_snapshot_data(
+                            *msg.sender(),
+                            &mut state,
+                            args,
+                            registry_settings.subnet_size,
+                        )
+                        .map(|res| (res, Some(canister_id)))
                     }
                 });
                 ExecuteSubnetMessageResult::Finished {
@@ -2451,14 +2458,38 @@ impl ExecutionEnvironment {
     fn read_snapshot_data(
         &self,
         sender: PrincipalId,
-        state: &ReplicatedState,
+        state: &mut ReplicatedState,
         args: ReadCanisterSnapshotDataArgs,
+        subnet_size: usize,
     ) -> Result<Vec<u8>, UserError> {
-        let canister = get_canister(args.get_canister_id(), state)?;
-        self.canister_manager
-            .read_snapshot_data(sender, canister, args.get_snapshot_id(), args.kind, state)
+        let canister_id = args.get_canister_id();
+        // Take canister out.
+        let mut canister = match state.take_canister_state(&canister_id) {
+            None => {
+                return Err(UserError::new(
+                    ErrorCode::CanisterNotFound,
+                    format!("Canister {} not found.", &canister_id),
+                ))
+            }
+            Some(canister) => canister,
+        };
+
+        let result = self
+            .canister_manager
+            .read_snapshot_data(
+                sender,
+                &mut canister,
+                args.get_snapshot_id(),
+                args.kind,
+                state,
+                subnet_size,
+            )
             .map(|res| Encode!(&res).unwrap())
-            .map_err(UserError::from)
+            .map_err(UserError::from);
+
+        // Put canister back.
+        state.put_canister_state(canister);
+        result
     }
 
     fn read_canister_snapshot_metadata(

rs/execution_environment/src/lib.rs

@@ -145,6 +145,7 @@ impl ExecutionServices {
             scheduler_config.heap_delta_rate_limit,
             scheduler_config.upload_wasm_chunk_instructions,
             scheduler_config.canister_snapshot_baseline_instructions,
+            scheduler_config.canister_snapshot_data_baseline_instructions,
         ));
         let sync_query_handler = Arc::new(InternalHttpQueryHandler::new(
             logger.clone(),

rs/execution_environment/src/scheduler/test_utilities.rs

@@ -944,6 +944,8 @@ impl SchedulerTestBuilder {
             self.scheduler_config.upload_wasm_chunk_instructions,
             self.scheduler_config
                 .canister_snapshot_baseline_instructions,
+            self.scheduler_config
+                .canister_snapshot_data_baseline_instructions,
         );
         let scheduler = SchedulerImpl::new(
             self.scheduler_config,

rs/test_utilities/execution_environment/src/lib.rs

@@ -1754,6 +1754,7 @@ pub struct ExecutionTestBuilder {
     heap_delta_rate_limit: NumBytes,
     upload_wasm_chunk_instructions: NumInstructions,
     canister_snapshot_baseline_instructions: NumInstructions,
+    canister_snapshot_data_baseline_instructions: NumInstructions,
     replica_version: ReplicaVersion,
     precompiled_universal_canister: bool,
     cycles_account_manager_config: Option<CyclesAccountManagerConfig>,
@@ -1799,6 +1800,8 @@ impl Default for ExecutionTestBuilder {
             upload_wasm_chunk_instructions: scheduler_config.upload_wasm_chunk_instructions,
             canister_snapshot_baseline_instructions: scheduler_config
                 .canister_snapshot_baseline_instructions,
+            canister_snapshot_data_baseline_instructions: scheduler_config
+                .canister_snapshot_data_baseline_instructions,
             replica_version: ReplicaVersion::default(),
             precompiled_universal_canister: true,
             cycles_account_manager_config: None,
@@ -2415,6 +2418,7 @@ impl ExecutionTestBuilder {
             self.heap_delta_rate_limit,
             self.upload_wasm_chunk_instructions,
             self.canister_snapshot_baseline_instructions,
+            self.canister_snapshot_data_baseline_instructions,
         );
         let (query_stats_collector, _) =
             ic_query_stats::init_query_stats(self.log.clone(), &config, &metrics_registry);