Bound parallel verification of transactions

[raychu86]

Motivation

This PR bounds the memory usage during transactions verification by introducing MAX_PARALLEL_DEPLOY_VERIFICATIONS and MAX_PARALLEL_EXECUTE_VERIFICATIONS, where we verify a limited number of transactions at once instead of all at once. Previously the unbounded verification could lead to OOM errors when a node is forced to verify many large/expensive transactions at once.

Profiling memory usage of verification gives us some insights -

#2376 (comment)

Deployment: The maximum RAM to verify a 1M constraint program is 2GB.
Execution: The maximum RAM for a 1 or 31-depth 1M constraint call execution is negligible, but to be safe we could assume 10MB.

For an upper bound of 10GB of memory dedicated to transaction verification, we set the following values to:

MAX_PARALLEL_DEPLOY_VERIFICATIONS: 5
MAX_PARALLEL_EXECUTE_VERIFICATIONS: 1000

This means we verify deployments first (in chunks of 5), then executions after (in chunks of 1000).

[ljedrz]

LGTM 👍

[vicsn]

Works like a charm

[raychu86]

@vicsn Since the pre-speculate verification PR - #2376 was merged, this PR had to be updated with the same change on the VM::speculate side.

[vicsn]

LGTM, just two questions

[vicsn]

I should have noticed this earlier, but be aware: if a malicious validator inserts a deployment into their Batch Proposal with a malformed verifying key, this thread may panic, causing all transmissions to be sent back into the mempool queue for verification.

The only way I see us preventing this is to perform validation on transactions of validator Batch Proposals before signing them.

I will make sure we have a consensus test case for this to reproduce.

[raychu86]

Good point, we should wrap the call with a handle_halting macro, like we do for other functions that have the capability of panicking.

[raychu86]

I added panic catchers in check_transaction and updated the test - fbe604d

[vicsn]

LGTM for real now