2021-11-18 17:55:38 -08:00
|
|
|
//! The syncer downloads and verifies large numbers of blocks from peers to Zebra.
|
|
|
|
|
//!
|
|
|
|
|
//! It is used when Zebra is a long way behind the current chain tip.
|
|
|
|
|
|
2021-12-21 12:13:26 -08:00
|
|
|
use std::{collections::HashSet, pin::Pin, sync::Arc, task::Poll, time::Duration};
|
2020-07-08 13:33:39 -07:00
|
|
|
|
2020-09-09 15:33:25 -07:00
|
|
|
use color_eyre::eyre::{eyre, Report};
|
2021-10-20 17:34:12 -07:00
|
|
|
use futures::stream::{FuturesUnordered, StreamExt};
|
2022-01-11 09:11:35 -08:00
|
|
|
use indexmap::IndexSet;
|
2021-08-29 17:01:33 -07:00
|
|
|
use tokio::time::sleep;
|
2020-09-22 10:46:50 -07:00
|
|
|
use tower::{
|
2020-10-23 18:56:54 -07:00
|
|
|
builder::ServiceBuilder, hedge::Hedge, limit::ConcurrencyLimit, retry::Retry, timeout::Timeout,
|
|
|
|
|
Service, ServiceExt,
|
2020-09-22 10:46:50 -07:00
|
|
|
};
|
2020-07-08 13:33:39 -07:00
|
|
|
|
2020-06-30 09:42:09 -07:00
|
|
|
use zebra_chain::{
|
2020-08-16 11:42:02 -07:00
|
|
|
block::{self, Block},
|
2022-01-11 09:11:35 -08:00
|
|
|
chain_tip::ChainTip,
|
2020-10-23 18:56:54 -07:00
|
|
|
parameters::genesis_hash,
|
2020-06-30 09:42:09 -07:00
|
|
|
};
|
2021-10-19 18:07:19 -07:00
|
|
|
use zebra_consensus::{
|
|
|
|
|
chain::VerifyChainError, BlockError, VerifyBlockError, VerifyCheckpointError,
|
|
|
|
|
};
|
2020-09-09 12:17:17 -07:00
|
|
|
use zebra_network as zn;
|
2020-07-21 19:22:43 -07:00
|
|
|
use zebra_state as zs;
|
2020-06-22 22:31:26 -07:00
|
|
|
|
2021-10-19 18:07:19 -07:00
|
|
|
use crate::{
|
2021-12-21 12:13:26 -08:00
|
|
|
components::sync::downloads::BlockDownloadVerifyError, config::ZebradConfig, BoxError,
|
2021-10-19 18:07:19 -07:00
|
|
|
};
|
2020-10-23 18:56:54 -07:00
|
|
|
|
2020-09-09 14:45:05 -07:00
|
|
|
mod downloads;
|
2021-10-07 03:46:37 -07:00
|
|
|
mod gossip;
|
2021-08-19 16:16:16 -07:00
|
|
|
mod recent_sync_lengths;
|
2021-08-29 17:01:33 -07:00
|
|
|
mod status;
|
2021-08-19 16:16:16 -07:00
|
|
|
|
2021-06-09 16:39:51 -07:00
|
|
|
#[cfg(test)]
|
|
|
|
|
mod tests;
|
|
|
|
|
|
2020-09-22 10:46:50 -07:00
|
|
|
use downloads::{AlwaysHedge, Downloads};
|
2021-10-07 03:46:37 -07:00
|
|
|
|
|
|
|
|
pub use gossip::{gossip_best_tip_block_hashes, BlockGossipError};
|
2021-09-28 16:06:40 -07:00
|
|
|
pub use recent_sync_lengths::RecentSyncLengths;
|
2021-08-29 17:01:33 -07:00
|
|
|
pub use status::SyncStatus;
|
2020-09-09 14:45:05 -07:00
|
|
|
|
2020-09-01 18:20:32 -07:00
|
|
|
/// Controls the number of peers used for each ObtainTips and ExtendTips request.
|
2021-11-30 13:04:32 -08:00
|
|
|
const FANOUT: usize = 3;
|
2020-10-16 16:44:30 -07:00
|
|
|
|
2020-09-01 18:20:32 -07:00
|
|
|
/// Controls how many times we will retry each block download.
|
|
|
|
|
///
|
2020-09-22 10:46:50 -07:00
|
|
|
/// Failing block downloads is important because it defends against peers who
|
|
|
|
|
/// feed us bad hashes. But spurious failures of valid blocks cause the syncer to
|
|
|
|
|
/// restart from the previous checkpoint, potentially re-downloading blocks.
|
2020-09-01 18:20:32 -07:00
|
|
|
///
|
2021-01-13 01:14:11 -08:00
|
|
|
/// We also hedge requests, so we may retry up to twice this many times. Hedged
|
|
|
|
|
/// retries may be concurrent, inner retries are sequential.
|
2020-09-22 10:46:50 -07:00
|
|
|
const BLOCK_DOWNLOAD_RETRY_LIMIT: usize = 2;
|
2020-09-01 18:20:32 -07:00
|
|
|
|
2021-01-22 02:44:24 -08:00
|
|
|
/// A lower bound on the user-specified lookahead limit.
|
|
|
|
|
///
|
|
|
|
|
/// Set to two checkpoint intervals, so that we're sure that the lookahead
|
|
|
|
|
/// limit always contains at least one complete checkpoint.
|
2021-03-10 17:29:21 -08:00
|
|
|
///
|
|
|
|
|
/// ## Security
|
|
|
|
|
///
|
|
|
|
|
/// If a malicious node is chosen for an ObtainTips or ExtendTips request, it can
|
|
|
|
|
/// provide up to 500 malicious block hashes. These block hashes will be
|
|
|
|
|
/// distributed across all available peers. Assuming there are around 50 connected
|
|
|
|
|
/// peers, the malicious node will receive approximately 10 of those block requests.
|
|
|
|
|
///
|
|
|
|
|
/// Malicious deserialized blocks can take up a large amount of RAM, see
|
|
|
|
|
/// [`super::inbound::downloads::MAX_INBOUND_CONCURRENCY`] and #1880 for details.
|
|
|
|
|
/// So we want to keep the lookahead limit reasonably small.
|
|
|
|
|
///
|
|
|
|
|
/// Once these malicious blocks start failing validation, the syncer will cancel all
|
|
|
|
|
/// the pending download and verify tasks, drop all the blocks, and start a new
|
|
|
|
|
/// ObtainTips with a new set of peers.
|
2021-11-18 17:55:38 -08:00
|
|
|
pub const MIN_LOOKAHEAD_LIMIT: usize = zebra_consensus::MAX_CHECKPOINT_HEIGHT_GAP * 2;
|
|
|
|
|
|
|
|
|
|
/// The default for the user-specified lookahead limit.
|
|
|
|
|
///
|
|
|
|
|
/// See [`MIN_LOOKAHEAD_LIMIT`] for details.
|
|
|
|
|
pub const DEFAULT_LOOKAHEAD_LIMIT: usize = zebra_consensus::MAX_CHECKPOINT_HEIGHT_GAP * 5;
|
2020-09-01 18:20:32 -07:00
|
|
|
|
2021-12-17 08:31:51 -08:00
|
|
|
/// The expected maximum number of hashes in an ObtainTips or ExtendTips response.
|
|
|
|
|
///
|
|
|
|
|
/// This is used to allow block heights that are slightly beyond the lookahead limit,
|
|
|
|
|
/// but still limit the number of blocks in the pipeline between the downloader and
|
|
|
|
|
/// the state.
|
|
|
|
|
///
|
|
|
|
|
/// See [`MIN_LOOKAHEAD_LIMIT`] for details.
|
|
|
|
|
pub const MAX_TIPS_RESPONSE_HASH_COUNT: usize = 500;
|
|
|
|
|
|
2020-09-01 18:20:32 -07:00
|
|
|
/// Controls how long we wait for a tips response to return.
|
2021-01-13 01:14:11 -08:00
|
|
|
///
|
|
|
|
|
/// ## Correctness
|
|
|
|
|
///
|
|
|
|
|
/// If this timeout is removed (or set too high), the syncer will sometimes hang.
|
|
|
|
|
///
|
|
|
|
|
/// If this timeout is set too low, the syncer will sometimes get stuck in a
|
|
|
|
|
/// failure loop.
|
2021-10-08 04:59:46 -07:00
|
|
|
pub const TIPS_RESPONSE_TIMEOUT: Duration = Duration::from_secs(6);
|
2020-09-22 10:46:50 -07:00
|
|
|
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
/// Controls how long we wait for a block download request to complete.
|
2021-01-13 01:08:02 -08:00
|
|
|
///
|
|
|
|
|
/// This timeout makes sure that the syncer doesn't hang when:
|
|
|
|
|
/// - the lookahead queue is full, and
|
|
|
|
|
/// - we are waiting for a request that is stuck.
|
|
|
|
|
/// See [`BLOCK_VERIFY_TIMEOUT`] for details.
|
|
|
|
|
///
|
|
|
|
|
/// ## Correctness
|
|
|
|
|
///
|
|
|
|
|
/// If this timeout is removed (or set too high), the syncer will sometimes hang.
|
|
|
|
|
///
|
|
|
|
|
/// If this timeout is set too low, the syncer will sometimes get stuck in a
|
|
|
|
|
/// failure loop.
|
2021-01-13 01:39:33 -08:00
|
|
|
pub(super) const BLOCK_DOWNLOAD_TIMEOUT: Duration = Duration::from_secs(15);
|
2021-01-13 01:08:02 -08:00
|
|
|
|
|
|
|
|
/// Controls how long we wait for a block verify request to complete.
|
|
|
|
|
///
|
|
|
|
|
/// This timeout makes sure that the syncer doesn't hang when:
|
|
|
|
|
/// - the lookahead queue is full, and
|
|
|
|
|
/// - all pending verifications:
|
|
|
|
|
/// - are waiting on a missing download request,
|
|
|
|
|
/// - are waiting on a download or verify request that has failed, but we have
|
|
|
|
|
/// deliberately ignored the error,
|
|
|
|
|
/// - are for blocks a long way ahead of the current tip, or
|
|
|
|
|
/// - are for invalid blocks which will never verify, because they depend on
|
|
|
|
|
/// missing blocks or transactions.
|
|
|
|
|
/// These conditions can happen during normal operation - they are not bugs.
|
|
|
|
|
///
|
|
|
|
|
/// This timeout also mitigates or hides the following kinds of bugs:
|
|
|
|
|
/// - all pending verifications:
|
|
|
|
|
/// - are waiting on a download or verify request that has failed, but we have
|
|
|
|
|
/// accidentally dropped the error,
|
|
|
|
|
/// - are waiting on a download request that has hung inside Zebra,
|
|
|
|
|
/// - are on tokio threads that are waiting for blocked operations.
|
|
|
|
|
///
|
|
|
|
|
/// ## Correctness
|
|
|
|
|
///
|
|
|
|
|
/// If this timeout is removed (or set too high), the syncer will sometimes hang.
|
|
|
|
|
///
|
|
|
|
|
/// If this timeout is set too low, the syncer will sometimes get stuck in a
|
|
|
|
|
/// failure loop.
|
2021-01-13 01:39:33 -08:00
|
|
|
pub(super) const BLOCK_VERIFY_TIMEOUT: Duration = Duration::from_secs(180);
|
2020-09-01 18:20:32 -07:00
|
|
|
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
/// Controls how long we wait to restart syncing after finishing a sync run.
|
2020-09-01 18:20:32 -07:00
|
|
|
///
|
2021-01-13 01:10:48 -08:00
|
|
|
/// This delay should be long enough to:
|
2020-09-01 18:20:32 -07:00
|
|
|
/// - allow zcashd peers to process pending requests. If the node only has a
|
|
|
|
|
/// few peers, we want to clear as much peer state as possible. In
|
|
|
|
|
/// particular, zcashd sends "next block range" hints, based on zcashd's
|
|
|
|
|
/// internal model of our sync progress. But we want to discard these hints,
|
2021-01-13 01:14:11 -08:00
|
|
|
/// so they don't get confused with ObtainTips and ExtendTips responses, and
|
|
|
|
|
/// - allow in-progress downloads to time out.
|
2020-09-01 18:20:32 -07:00
|
|
|
///
|
2021-01-13 01:10:48 -08:00
|
|
|
/// This delay is particularly important on instances with slow or unreliable
|
2020-09-08 03:04:01 -07:00
|
|
|
/// networks, and on testnet, which has a small number of slow peers.
|
2021-01-13 01:10:48 -08:00
|
|
|
///
|
2021-12-19 15:02:31 -08:00
|
|
|
/// Using a prime number makes sure that syncer fanouts don't synchronise with other crawls.
|
|
|
|
|
///
|
2021-01-13 01:10:48 -08:00
|
|
|
/// ## Correctness
|
|
|
|
|
///
|
|
|
|
|
/// If this delay is removed (or set too low), the syncer will
|
|
|
|
|
/// sometimes get stuck in a failure loop, due to leftover downloads from
|
|
|
|
|
/// previous sync runs.
|
2021-12-19 15:02:31 -08:00
|
|
|
const SYNC_RESTART_DELAY: Duration = Duration::from_secs(67);
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
|
2021-06-09 16:39:51 -07:00
|
|
|
/// Controls how long we wait to retry a failed attempt to download
|
|
|
|
|
/// and verify the genesis block.
|
|
|
|
|
///
|
|
|
|
|
/// This timeout gives the crawler time to find better peers.
|
|
|
|
|
///
|
|
|
|
|
/// ## Security
|
|
|
|
|
///
|
|
|
|
|
/// If this timeout is removed (or set too low), Zebra will immediately retry
|
|
|
|
|
/// to download and verify the genesis block from its peers. This can cause
|
|
|
|
|
/// a denial of service on those peers.
|
|
|
|
|
const GENESIS_TIMEOUT_RETRY: Duration = Duration::from_secs(5);
|
|
|
|
|
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
/// Helps work around defects in the bitcoin protocol by checking whether
|
|
|
|
|
/// the returned hashes actually extend a chain tip.
|
2020-09-01 18:20:32 -07:00
|
|
|
#[derive(Copy, Clone, Debug, Hash, PartialEq, Eq)]
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
struct CheckedTip {
|
2020-08-15 23:20:01 -07:00
|
|
|
tip: block::Hash,
|
|
|
|
|
expected_next: block::Hash,
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
}
|
2020-06-22 19:24:53 -07:00
|
|
|
|
2022-01-11 09:11:35 -08:00
|
|
|
pub struct ChainSync<ZN, ZS, ZV, ZSTip>
|
2020-07-01 13:35:01 -07:00
|
|
|
where
|
2022-01-11 09:11:35 -08:00
|
|
|
ZN: Service<zn::Request, Response = zn::Response, Error = BoxError>
|
|
|
|
|
+ Send
|
|
|
|
|
+ Sync
|
|
|
|
|
+ Clone
|
|
|
|
|
+ 'static,
|
2020-07-21 13:50:38 -07:00
|
|
|
ZN::Future: Send,
|
2022-01-11 09:11:35 -08:00
|
|
|
ZS: Service<zs::Request, Response = zs::Response, Error = BoxError>
|
|
|
|
|
+ Send
|
|
|
|
|
+ Sync
|
|
|
|
|
+ Clone
|
|
|
|
|
+ 'static,
|
2020-07-21 13:50:38 -07:00
|
|
|
ZS::Future: Send,
|
2022-01-11 09:11:35 -08:00
|
|
|
ZV: Service<Arc<Block>, Response = block::Hash, Error = BoxError>
|
|
|
|
|
+ Send
|
|
|
|
|
+ Sync
|
|
|
|
|
+ Clone
|
|
|
|
|
+ 'static,
|
2020-07-21 13:50:38 -07:00
|
|
|
ZV::Future: Send,
|
2022-01-11 09:11:35 -08:00
|
|
|
ZSTip: ChainTip + Clone + Send + 'static,
|
2020-07-01 13:35:01 -07:00
|
|
|
{
|
2021-01-13 01:14:11 -08:00
|
|
|
// Configuration
|
|
|
|
|
/// The genesis hash for the configured network
|
2020-08-15 23:20:01 -07:00
|
|
|
genesis_hash: block::Hash,
|
2021-01-13 01:14:11 -08:00
|
|
|
|
|
|
|
|
/// The configured lookahead limit, after applying the minimum limit.
|
2020-10-30 15:50:15 -07:00
|
|
|
lookahead_limit: usize,
|
2021-01-13 01:14:11 -08:00
|
|
|
|
|
|
|
|
// Services
|
|
|
|
|
/// A network service which is used to perform ObtainTips and ExtendTips
|
|
|
|
|
/// requests.
|
|
|
|
|
///
|
|
|
|
|
/// Has no retry logic, because failover is handled using fanout.
|
|
|
|
|
tip_network: Timeout<ZN>,
|
|
|
|
|
|
|
|
|
|
/// A service which downloads and verifies blocks, using the provided
|
|
|
|
|
/// network and verifier services.
|
2020-10-23 18:56:54 -07:00
|
|
|
downloads: Pin<
|
|
|
|
|
Box<
|
2021-01-13 01:08:02 -08:00
|
|
|
Downloads<
|
|
|
|
|
Hedge<ConcurrencyLimit<Retry<zn::RetryLimit, Timeout<ZN>>>, AlwaysHedge>,
|
|
|
|
|
Timeout<ZV>,
|
2022-01-11 09:11:35 -08:00
|
|
|
ZSTip,
|
2021-01-13 01:08:02 -08:00
|
|
|
>,
|
2020-10-23 18:56:54 -07:00
|
|
|
>,
|
|
|
|
|
>,
|
2021-01-13 01:14:11 -08:00
|
|
|
|
|
|
|
|
/// The cached block chain state.
|
|
|
|
|
state: ZS,
|
|
|
|
|
|
2022-01-28 14:12:19 -08:00
|
|
|
/// Allows efficient access to the best tip of the blockchain.
|
|
|
|
|
latest_chain_tip: ZSTip,
|
|
|
|
|
|
2021-01-13 01:14:11 -08:00
|
|
|
// Internal sync state
|
|
|
|
|
/// The tips that the syncer is currently following.
|
|
|
|
|
prospective_tips: HashSet<CheckedTip>,
|
2021-08-19 16:16:16 -07:00
|
|
|
|
|
|
|
|
/// The lengths of recent sync responses.
|
|
|
|
|
recent_syncs: RecentSyncLengths,
|
2020-07-01 13:35:01 -07:00
|
|
|
}
|
|
|
|
|
|
2020-09-18 16:13:57 -07:00
|
|
|
/// Polls the network to determine whether further blocks are available and
|
|
|
|
|
/// downloads them.
|
|
|
|
|
///
|
|
|
|
|
/// This component is used for initial block sync, but the `Inbound` service is
|
|
|
|
|
/// responsible for participating in the gossip protocols used for block
|
|
|
|
|
/// diffusion.
|
2022-01-11 09:11:35 -08:00
|
|
|
impl<ZN, ZS, ZV, ZSTip> ChainSync<ZN, ZS, ZV, ZSTip>
|
2020-06-22 19:24:53 -07:00
|
|
|
where
|
2022-01-11 09:11:35 -08:00
|
|
|
ZN: Service<zn::Request, Response = zn::Response, Error = BoxError>
|
|
|
|
|
+ Send
|
|
|
|
|
+ Sync
|
|
|
|
|
+ Clone
|
|
|
|
|
+ 'static,
|
2020-06-22 19:24:53 -07:00
|
|
|
ZN::Future: Send,
|
2022-01-11 09:11:35 -08:00
|
|
|
ZS: Service<zs::Request, Response = zs::Response, Error = BoxError>
|
|
|
|
|
+ Send
|
|
|
|
|
+ Sync
|
|
|
|
|
+ Clone
|
|
|
|
|
+ 'static,
|
2020-06-22 19:24:53 -07:00
|
|
|
ZS::Future: Send,
|
2022-01-11 09:11:35 -08:00
|
|
|
ZV: Service<Arc<Block>, Response = block::Hash, Error = BoxError>
|
|
|
|
|
+ Send
|
|
|
|
|
+ Sync
|
|
|
|
|
+ Clone
|
|
|
|
|
+ 'static,
|
2020-06-30 09:42:09 -07:00
|
|
|
ZV::Future: Send,
|
2022-01-11 09:11:35 -08:00
|
|
|
ZSTip: ChainTip + Clone + Send + 'static,
|
2020-06-22 19:24:53 -07:00
|
|
|
{
|
2020-07-21 19:22:43 -07:00
|
|
|
/// Returns a new syncer instance, using:
|
|
|
|
|
/// - chain: the zebra-chain `Network` to download (Mainnet or Testnet)
|
|
|
|
|
/// - peers: the zebra-network peers to contact for downloads
|
|
|
|
|
/// - verifier: the zebra-consensus verifier that checks the chain
|
2021-12-17 08:31:51 -08:00
|
|
|
/// - state: the zebra-state that stores the chain
|
|
|
|
|
/// - latest_chain_tip: the latest chain tip from `state`
|
2021-08-19 16:16:16 -07:00
|
|
|
///
|
2021-08-29 17:01:33 -07:00
|
|
|
/// Also returns a [`SyncStatus`] to check if the syncer has likely reached the chain tip.
|
2021-12-17 08:31:51 -08:00
|
|
|
pub fn new(
|
|
|
|
|
config: &ZebradConfig,
|
|
|
|
|
peers: ZN,
|
|
|
|
|
verifier: ZV,
|
|
|
|
|
state: ZS,
|
2022-01-11 09:11:35 -08:00
|
|
|
latest_chain_tip: ZSTip,
|
2021-12-17 08:31:51 -08:00
|
|
|
) -> (Self, SyncStatus) {
|
2020-09-01 18:20:32 -07:00
|
|
|
let tip_network = Timeout::new(peers.clone(), TIPS_RESPONSE_TIMEOUT);
|
2020-09-22 10:46:50 -07:00
|
|
|
// The Hedge middleware is the outermost layer, hedging requests
|
|
|
|
|
// between two retry-wrapped networks. The innermost timeout
|
|
|
|
|
// layer is relatively unimportant, because slow requests will
|
|
|
|
|
// probably be pre-emptively hedged.
|
|
|
|
|
//
|
2020-10-24 17:15:42 -07:00
|
|
|
// The Hedge goes outside the Retry, because the Retry layer
|
|
|
|
|
// abstracts away spurious failures from individual peers
|
|
|
|
|
// making a less-fallible network service, and the Hedge layer
|
|
|
|
|
// tries to reduce latency of that less-fallible service.
|
|
|
|
|
//
|
2020-09-22 10:46:50 -07:00
|
|
|
// XXX add ServiceBuilder::hedge() so this becomes
|
|
|
|
|
// ServiceBuilder::new().hedge(...).retry(...)...
|
|
|
|
|
let block_network = Hedge::new(
|
2020-09-09 15:33:25 -07:00
|
|
|
ServiceBuilder::new()
|
2020-10-23 18:56:54 -07:00
|
|
|
.concurrency_limit(config.sync.max_concurrent_block_requests)
|
2020-09-09 15:33:25 -07:00
|
|
|
.retry(zn::RetryLimit::new(BLOCK_DOWNLOAD_RETRY_LIMIT))
|
|
|
|
|
.timeout(BLOCK_DOWNLOAD_TIMEOUT)
|
|
|
|
|
.service(peers),
|
2020-09-22 10:46:50 -07:00
|
|
|
AlwaysHedge,
|
2020-11-12 11:44:14 -08:00
|
|
|
20,
|
2020-09-22 10:46:50 -07:00
|
|
|
0.95,
|
2021-01-13 01:10:48 -08:00
|
|
|
2 * SYNC_RESTART_DELAY,
|
2020-09-09 15:33:25 -07:00
|
|
|
);
|
2021-08-19 16:16:16 -07:00
|
|
|
|
2021-01-13 01:08:02 -08:00
|
|
|
// We apply a timeout to the verifier to avoid hangs due to missing earlier blocks.
|
|
|
|
|
let verifier = Timeout::new(verifier, BLOCK_VERIFY_TIMEOUT);
|
2021-08-19 16:16:16 -07:00
|
|
|
|
2021-01-13 20:06:30 -08:00
|
|
|
assert!(
|
|
|
|
|
config.sync.lookahead_limit >= MIN_LOOKAHEAD_LIMIT,
|
|
|
|
|
"configured lookahead limit {} too low, must be at least {}",
|
|
|
|
|
config.sync.lookahead_limit,
|
2021-01-13 01:13:47 -08:00
|
|
|
MIN_LOOKAHEAD_LIMIT
|
2021-01-13 20:06:30 -08:00
|
|
|
);
|
2021-08-19 16:16:16 -07:00
|
|
|
|
2021-08-29 17:01:33 -07:00
|
|
|
let (sync_status, recent_syncs) = SyncStatus::new();
|
2021-08-19 16:16:16 -07:00
|
|
|
|
|
|
|
|
let new_syncer = Self {
|
2021-01-13 01:14:11 -08:00
|
|
|
genesis_hash: genesis_hash(config.network.network),
|
2021-01-13 20:06:30 -08:00
|
|
|
lookahead_limit: config.sync.lookahead_limit,
|
2020-09-01 18:20:32 -07:00
|
|
|
tip_network,
|
2021-12-17 08:31:51 -08:00
|
|
|
downloads: Box::pin(Downloads::new(
|
|
|
|
|
block_network,
|
|
|
|
|
verifier,
|
2022-01-28 14:12:19 -08:00
|
|
|
latest_chain_tip.clone(),
|
2021-12-17 08:31:51 -08:00
|
|
|
config.sync.lookahead_limit,
|
|
|
|
|
)),
|
2021-01-13 01:14:11 -08:00
|
|
|
state,
|
2022-01-28 14:12:19 -08:00
|
|
|
latest_chain_tip,
|
2020-07-21 13:50:38 -07:00
|
|
|
prospective_tips: HashSet::new(),
|
2021-08-19 16:16:16 -07:00
|
|
|
recent_syncs,
|
|
|
|
|
};
|
|
|
|
|
|
2021-08-29 17:01:33 -07:00
|
|
|
(new_syncer, sync_status)
|
2020-07-21 13:50:38 -07:00
|
|
|
}
|
|
|
|
|
|
2020-07-08 13:33:39 -07:00
|
|
|
#[instrument(skip(self))]
|
2020-11-12 20:01:16 -08:00
|
|
|
pub async fn sync(mut self) -> Result<(), Report> {
|
2020-07-23 10:56:52 -07:00
|
|
|
// We can't download the genesis block using our normal algorithm,
|
|
|
|
|
// due to protocol limitations
|
|
|
|
|
self.request_genesis().await?;
|
|
|
|
|
|
2020-11-19 11:54:20 -08:00
|
|
|
// Distinguishes a restart from a start, so we don't sleep when starting
|
2020-10-21 19:30:22 -07:00
|
|
|
// the sync process, but we can keep restart logic in one place.
|
|
|
|
|
let mut started_once = false;
|
|
|
|
|
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
'sync: loop {
|
2020-10-21 19:30:22 -07:00
|
|
|
if started_once {
|
2022-01-28 14:12:19 -08:00
|
|
|
info!(
|
|
|
|
|
timeout = ?SYNC_RESTART_DELAY,
|
|
|
|
|
state_tip = ?self.latest_chain_tip.best_tip_height(),
|
|
|
|
|
"waiting to restart sync"
|
|
|
|
|
);
|
2020-10-21 19:30:22 -07:00
|
|
|
self.prospective_tips = HashSet::new();
|
|
|
|
|
self.downloads.cancel_all();
|
|
|
|
|
self.update_metrics();
|
2021-01-13 01:10:48 -08:00
|
|
|
sleep(SYNC_RESTART_DELAY).await;
|
2020-10-21 19:30:22 -07:00
|
|
|
} else {
|
|
|
|
|
started_once = true;
|
|
|
|
|
}
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
|
2022-01-28 14:12:19 -08:00
|
|
|
info!(
|
|
|
|
|
state_tip = ?self.latest_chain_tip.best_tip_height(),
|
|
|
|
|
"starting sync, obtaining new tips"
|
|
|
|
|
);
|
2020-10-21 19:30:22 -07:00
|
|
|
if let Err(e) = self.obtain_tips().await {
|
2022-01-28 09:24:53 -08:00
|
|
|
warn!(?e, "error obtaining tips");
|
2020-09-08 17:06:12 -07:00
|
|
|
continue 'sync;
|
2020-10-21 19:30:22 -07:00
|
|
|
}
|
2020-09-09 15:33:25 -07:00
|
|
|
self.update_metrics();
|
2020-06-22 19:24:53 -07:00
|
|
|
|
|
|
|
|
while !self.prospective_tips.is_empty() {
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
// Check whether any block tasks are currently ready:
|
2021-12-21 12:13:26 -08:00
|
|
|
while let Poll::Ready(Some(rsp)) = futures::poll!(self.downloads.next()) {
|
2020-09-09 15:33:25 -07:00
|
|
|
match rsp {
|
2020-09-03 15:13:00 -07:00
|
|
|
Ok(hash) => {
|
2022-01-28 09:24:53 -08:00
|
|
|
trace!(?hash, "verified and committed block to state");
|
2020-09-03 15:13:00 -07:00
|
|
|
}
|
2020-09-09 15:33:25 -07:00
|
|
|
Err(e) => {
|
2021-10-19 18:07:19 -07:00
|
|
|
if Self::should_restart_sync(e) {
|
2020-11-17 16:23:26 -08:00
|
|
|
continue 'sync;
|
|
|
|
|
}
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-09-01 18:20:32 -07:00
|
|
|
self.update_metrics();
|
2020-07-21 13:50:38 -07:00
|
|
|
|
2020-09-01 18:20:32 -07:00
|
|
|
// If we have too many pending tasks, wait for some to finish.
|
|
|
|
|
//
|
|
|
|
|
// Starting to wait is interesting, but logging each wait can be
|
|
|
|
|
// very verbose.
|
2020-10-30 15:50:15 -07:00
|
|
|
if self.downloads.in_flight() > self.lookahead_limit {
|
2020-09-08 02:25:16 -07:00
|
|
|
tracing::info!(
|
|
|
|
|
tips.len = self.prospective_tips.len(),
|
2020-09-09 15:33:25 -07:00
|
|
|
in_flight = self.downloads.in_flight(),
|
2020-10-30 15:50:15 -07:00
|
|
|
lookahead_limit = self.lookahead_limit,
|
2020-09-08 02:25:16 -07:00
|
|
|
"waiting for pending blocks",
|
|
|
|
|
);
|
|
|
|
|
}
|
2020-10-30 15:50:15 -07:00
|
|
|
while self.downloads.in_flight() > self.lookahead_limit {
|
2022-01-28 09:24:53 -08:00
|
|
|
trace!(
|
2020-09-08 02:25:16 -07:00
|
|
|
tips.len = self.prospective_tips.len(),
|
2020-09-09 15:33:25 -07:00
|
|
|
in_flight = self.downloads.in_flight(),
|
2020-10-30 15:50:15 -07:00
|
|
|
lookahead_limit = self.lookahead_limit,
|
2022-01-28 14:12:19 -08:00
|
|
|
state_tip = ?self.latest_chain_tip.best_tip_height(),
|
2020-09-09 15:33:25 -07:00
|
|
|
"waiting for pending blocks",
|
2020-09-08 02:25:16 -07:00
|
|
|
);
|
2020-09-09 15:33:25 -07:00
|
|
|
|
|
|
|
|
match self.downloads.next().await.expect("downloads is nonempty") {
|
2020-09-03 15:13:00 -07:00
|
|
|
Ok(hash) => {
|
2022-01-28 09:24:53 -08:00
|
|
|
trace!(?hash, "verified and committed block to state");
|
2020-09-03 15:13:00 -07:00
|
|
|
}
|
2020-11-12 20:35:27 -08:00
|
|
|
|
2020-09-09 15:33:25 -07:00
|
|
|
Err(e) => {
|
2021-10-19 18:07:19 -07:00
|
|
|
if Self::should_restart_sync(e) {
|
2020-11-12 20:35:27 -08:00
|
|
|
continue 'sync;
|
|
|
|
|
}
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
}
|
|
|
|
|
}
|
2020-09-01 18:20:32 -07:00
|
|
|
self.update_metrics();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Once we're below the lookahead limit, we can keep extending the tips.
|
2022-01-28 09:24:53 -08:00
|
|
|
info!(
|
2020-09-01 18:20:32 -07:00
|
|
|
tips.len = self.prospective_tips.len(),
|
2020-09-09 15:33:25 -07:00
|
|
|
in_flight = self.downloads.in_flight(),
|
2020-10-30 15:50:15 -07:00
|
|
|
lookahead_limit = self.lookahead_limit,
|
2022-01-28 14:12:19 -08:00
|
|
|
state_tip = ?self.latest_chain_tip.best_tip_height(),
|
2020-09-01 18:20:32 -07:00
|
|
|
"extending tips",
|
|
|
|
|
);
|
|
|
|
|
|
2020-10-21 19:30:22 -07:00
|
|
|
if let Err(e) = self.extend_tips().await {
|
2022-01-28 09:24:53 -08:00
|
|
|
warn!(?e, "error extending tips");
|
2020-10-21 19:30:22 -07:00
|
|
|
continue 'sync;
|
|
|
|
|
}
|
2020-08-07 01:04:33 -07:00
|
|
|
self.update_metrics();
|
2020-06-22 19:24:53 -07:00
|
|
|
}
|
|
|
|
|
|
2022-01-28 09:24:53 -08:00
|
|
|
info!("exhausted prospective tip set");
|
2020-06-22 19:24:53 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Given a block_locator list fan out request for subsequent hashes to
|
|
|
|
|
/// multiple peers
|
2020-07-08 13:33:39 -07:00
|
|
|
#[instrument(skip(self))]
|
2020-06-22 19:24:53 -07:00
|
|
|
async fn obtain_tips(&mut self) -> Result<(), Report> {
|
2020-07-22 18:01:31 -07:00
|
|
|
let block_locator = self
|
|
|
|
|
.state
|
2021-11-02 11:46:57 -07:00
|
|
|
.ready()
|
2020-07-22 18:01:31 -07:00
|
|
|
.await
|
|
|
|
|
.map_err(|e| eyre!(e))?
|
2020-09-09 21:19:15 -07:00
|
|
|
.call(zebra_state::Request::BlockLocator)
|
2020-07-22 18:01:31 -07:00
|
|
|
.await
|
|
|
|
|
.map(|response| match response {
|
2020-09-09 21:19:15 -07:00
|
|
|
zebra_state::Response::BlockLocator(block_locator) => block_locator,
|
2020-07-22 18:01:31 -07:00
|
|
|
_ => unreachable!(
|
|
|
|
|
"GetBlockLocator request can only result in Response::BlockLocator"
|
|
|
|
|
),
|
|
|
|
|
})
|
|
|
|
|
.map_err(|e| eyre!(e))?;
|
|
|
|
|
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(
|
|
|
|
|
tip = ?block_locator.first().expect("we have at least one block locator object"),
|
|
|
|
|
?block_locator,
|
|
|
|
|
"got block locator and trying to obtain new chain tips"
|
|
|
|
|
);
|
2020-06-22 19:24:53 -07:00
|
|
|
|
2020-07-21 13:50:38 -07:00
|
|
|
let mut requests = FuturesUnordered::new();
|
2021-12-19 15:02:31 -08:00
|
|
|
for attempt in 0..FANOUT {
|
|
|
|
|
if attempt > 0 {
|
|
|
|
|
// Let other tasks run, so we're more likely to choose a different peer.
|
|
|
|
|
//
|
|
|
|
|
// TODO: move fanouts into the PeerSet, so we always choose different peers (#2214)
|
|
|
|
|
tokio::task::yield_now().await;
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-11 09:11:35 -08:00
|
|
|
let ready_tip_network = self.tip_network.ready().await;
|
|
|
|
|
requests.push(tokio::spawn(ready_tip_network.map_err(|e| eyre!(e))?.call(
|
2021-11-02 11:46:57 -07:00
|
|
|
zn::Request::FindBlocks {
|
|
|
|
|
known_blocks: block_locator.clone(),
|
|
|
|
|
stop: None,
|
|
|
|
|
},
|
2022-01-11 09:11:35 -08:00
|
|
|
)));
|
2020-06-22 19:24:53 -07:00
|
|
|
}
|
|
|
|
|
|
2022-01-11 09:11:35 -08:00
|
|
|
let mut download_set = IndexSet::new();
|
2020-07-21 13:50:38 -07:00
|
|
|
while let Some(res) = requests.next().await {
|
2022-01-11 09:11:35 -08:00
|
|
|
match res
|
|
|
|
|
.expect("panic in spawned obtain tips request")
|
|
|
|
|
.map_err::<Report, _>(|e| eyre!(e))
|
|
|
|
|
{
|
2020-08-15 23:20:01 -07:00
|
|
|
Ok(zn::Response::BlockHashes(hashes)) => {
|
2022-01-28 09:24:53 -08:00
|
|
|
trace!(?hashes);
|
2020-09-03 15:09:34 -07:00
|
|
|
|
|
|
|
|
// zcashd sometimes appends an unrelated hash at the start
|
|
|
|
|
// or end of its response.
|
|
|
|
|
//
|
|
|
|
|
// We can't discard the first hash, because it might be a
|
|
|
|
|
// block we want to download. So we just accept any
|
|
|
|
|
// out-of-order first hashes.
|
|
|
|
|
|
|
|
|
|
// We use the last hash for the tip, and we want to avoid bad
|
|
|
|
|
// tips. So we discard the last hash. (We don't need to worry
|
|
|
|
|
// about missed downloads, because we will pick them up again
|
|
|
|
|
// in ExtendTips.)
|
|
|
|
|
let hashes = match hashes.as_slice() {
|
|
|
|
|
[] => continue,
|
|
|
|
|
[rest @ .., _last] => rest,
|
|
|
|
|
};
|
|
|
|
|
|
2020-08-10 16:17:50 -07:00
|
|
|
let mut first_unknown = None;
|
2020-06-22 22:31:26 -07:00
|
|
|
for (i, &hash) in hashes.iter().enumerate() {
|
2020-08-10 16:17:50 -07:00
|
|
|
if !self.state_contains(hash).await? {
|
|
|
|
|
first_unknown = Some(i);
|
2020-06-22 19:24:53 -07:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-08-10 16:17:50 -07:00
|
|
|
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(hashes.len = ?hashes.len(), ?first_unknown);
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
|
|
|
|
|
let unknown_hashes = if let Some(index) = first_unknown {
|
|
|
|
|
&hashes[index..]
|
|
|
|
|
} else {
|
2020-08-10 16:17:50 -07:00
|
|
|
continue;
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
};
|
2020-06-22 19:24:53 -07:00
|
|
|
|
2022-01-28 09:24:53 -08:00
|
|
|
trace!(?unknown_hashes);
|
2020-07-08 13:33:39 -07:00
|
|
|
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
let new_tip = if let Some(end) = unknown_hashes.rchunks_exact(2).next() {
|
|
|
|
|
CheckedTip {
|
|
|
|
|
tip: end[0],
|
|
|
|
|
expected_next: end[1],
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!("discarding response that extends only one block");
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
continue;
|
|
|
|
|
};
|
|
|
|
|
|
2020-08-24 05:09:41 -07:00
|
|
|
// Make sure we get the same tips, regardless of the
|
|
|
|
|
// order of peer responses
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
if !download_set.contains(&new_tip.expected_next) {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(?new_tip,
|
2020-08-24 05:09:41 -07:00
|
|
|
"adding new prospective tip, and removing existing tips in the new block hash list");
|
|
|
|
|
self.prospective_tips
|
|
|
|
|
.retain(|t| !unknown_hashes.contains(&t.expected_next));
|
2020-07-08 13:33:39 -07:00
|
|
|
self.prospective_tips.insert(new_tip);
|
|
|
|
|
} else {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(
|
2020-09-03 15:09:34 -07:00
|
|
|
?new_tip,
|
|
|
|
|
"discarding prospective tip: already in download set"
|
|
|
|
|
);
|
2020-07-08 13:33:39 -07:00
|
|
|
}
|
|
|
|
|
|
2022-01-11 09:11:35 -08:00
|
|
|
// security: the first response determines our download order
|
|
|
|
|
//
|
|
|
|
|
// TODO: can we make the download order independent of response order?
|
2020-07-08 13:33:39 -07:00
|
|
|
let prev_download_len = download_set.len();
|
|
|
|
|
download_set.extend(unknown_hashes);
|
|
|
|
|
let new_download_len = download_set.len();
|
2021-08-19 16:16:16 -07:00
|
|
|
let new_hashes = new_download_len - prev_download_len;
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(new_hashes, "added hashes to download set");
|
2021-11-02 11:46:57 -07:00
|
|
|
metrics::histogram!("sync.obtain.response.hash.count", new_hashes as f64);
|
2020-06-22 19:24:53 -07:00
|
|
|
}
|
2020-07-21 13:50:38 -07:00
|
|
|
Ok(_) => unreachable!("network returned wrong response"),
|
|
|
|
|
// We ignore this error because we made multiple fanout requests.
|
2022-01-28 09:24:53 -08:00
|
|
|
Err(e) => debug!(?e),
|
2020-06-22 19:24:53 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(?self.prospective_tips);
|
2020-08-07 01:04:33 -07:00
|
|
|
|
2020-10-22 10:58:49 -07:00
|
|
|
// Check that the new tips we got are actually unknown.
|
|
|
|
|
for hash in &download_set {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(?hash, "checking if state contains hash");
|
2020-10-22 10:58:49 -07:00
|
|
|
if self.state_contains(*hash).await? {
|
|
|
|
|
return Err(eyre!("queued download of hash behind our chain tip"));
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-08-19 16:16:16 -07:00
|
|
|
|
|
|
|
|
let new_downloads = download_set.len();
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(new_downloads, "queueing new downloads");
|
2021-08-19 16:16:16 -07:00
|
|
|
metrics::gauge!("sync.obtain.queued.hash.count", new_downloads as f64);
|
|
|
|
|
|
|
|
|
|
// security: use the actual number of new downloads from all peers,
|
2022-01-11 09:11:35 -08:00
|
|
|
// so the last peer to respond can't toggle our mempool
|
2021-08-19 16:16:16 -07:00
|
|
|
self.recent_syncs.push_obtain_tips_length(new_downloads);
|
|
|
|
|
|
2020-10-22 10:58:49 -07:00
|
|
|
self.request_blocks(download_set).await?;
|
2020-06-22 19:24:53 -07:00
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-08 13:33:39 -07:00
|
|
|
#[instrument(skip(self))]
|
2020-06-22 19:24:53 -07:00
|
|
|
async fn extend_tips(&mut self) -> Result<(), Report> {
|
|
|
|
|
let tips = std::mem::take(&mut self.prospective_tips);
|
|
|
|
|
|
2022-01-11 09:11:35 -08:00
|
|
|
let mut download_set = IndexSet::new();
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(tips = ?tips.len(), "trying to extend chain tips");
|
2020-06-22 19:24:53 -07:00
|
|
|
for tip in tips {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(?tip, "asking peers to extend chain tip");
|
2020-07-21 13:50:38 -07:00
|
|
|
let mut responses = FuturesUnordered::new();
|
2021-12-19 15:02:31 -08:00
|
|
|
for attempt in 0..FANOUT {
|
|
|
|
|
if attempt > 0 {
|
|
|
|
|
// Let other tasks run, so we're more likely to choose a different peer.
|
|
|
|
|
//
|
|
|
|
|
// TODO: move fanouts into the PeerSet, so we always choose different peers (#2214)
|
|
|
|
|
tokio::task::yield_now().await;
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-11 09:11:35 -08:00
|
|
|
let ready_tip_network = self.tip_network.ready().await;
|
|
|
|
|
responses.push(tokio::spawn(ready_tip_network.map_err(|e| eyre!(e))?.call(
|
2021-11-02 11:46:57 -07:00
|
|
|
zn::Request::FindBlocks {
|
|
|
|
|
known_blocks: vec![tip.tip],
|
|
|
|
|
stop: None,
|
|
|
|
|
},
|
2022-01-11 09:11:35 -08:00
|
|
|
)));
|
2020-07-08 13:33:39 -07:00
|
|
|
}
|
2020-07-21 13:50:38 -07:00
|
|
|
while let Some(res) = responses.next().await {
|
2022-01-11 09:11:35 -08:00
|
|
|
match res
|
|
|
|
|
.expect("panic in spawned extend tips request")
|
|
|
|
|
.map_err::<Report, _>(|e| eyre!(e))
|
|
|
|
|
{
|
2020-08-15 23:20:01 -07:00
|
|
|
Ok(zn::Response::BlockHashes(hashes)) => {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(first = ?hashes.first(), len = ?hashes.len());
|
|
|
|
|
trace!(?hashes);
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
|
2020-09-03 15:08:19 -07:00
|
|
|
// zcashd sometimes appends an unrelated hash at the
|
|
|
|
|
// start or end of its response. Check the first hash
|
|
|
|
|
// against the previous response, and discard mismatches.
|
|
|
|
|
let unknown_hashes = match hashes.as_slice() {
|
|
|
|
|
[expected_hash, rest @ ..] if expected_hash == &tip.expected_next => {
|
|
|
|
|
rest
|
|
|
|
|
}
|
|
|
|
|
// If the first hash doesn't match, retry with the second.
|
|
|
|
|
[first_hash, expected_hash, rest @ ..]
|
|
|
|
|
if expected_hash == &tip.expected_next =>
|
|
|
|
|
{
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(?first_hash,
|
2020-09-03 15:08:19 -07:00
|
|
|
?tip.expected_next,
|
|
|
|
|
?tip.tip,
|
|
|
|
|
"unexpected first hash, but the second matches: using the hashes after the match");
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
rest
|
2020-07-22 17:39:33 -07:00
|
|
|
}
|
2020-09-03 15:08:19 -07:00
|
|
|
// We ignore these responses
|
|
|
|
|
[] => continue,
|
|
|
|
|
[single_hash] => {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(?single_hash,
|
2020-09-03 15:08:19 -07:00
|
|
|
?tip.expected_next,
|
|
|
|
|
?tip.tip,
|
|
|
|
|
"discarding response containing a single unexpected hash");
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
[first_hash, second_hash, rest @ ..] => {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(?first_hash,
|
2020-09-03 15:08:19 -07:00
|
|
|
?second_hash,
|
|
|
|
|
rest_len = ?rest.len(),
|
|
|
|
|
?tip.expected_next,
|
|
|
|
|
?tip.tip,
|
|
|
|
|
"discarding response that starts with two unexpected hashes");
|
2020-06-30 09:42:09 -07:00
|
|
|
continue;
|
|
|
|
|
}
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
};
|
2020-06-22 19:24:53 -07:00
|
|
|
|
2020-09-03 15:09:34 -07:00
|
|
|
// We use the last hash for the tip, and we want to avoid
|
|
|
|
|
// bad tips. So we discard the last hash. (We don't need
|
|
|
|
|
// to worry about missed downloads, because we will pick
|
|
|
|
|
// them up again in the next ExtendTips.)
|
|
|
|
|
let unknown_hashes = match unknown_hashes {
|
|
|
|
|
[] => continue,
|
|
|
|
|
[rest @ .., _last] => rest,
|
|
|
|
|
};
|
2020-06-30 09:42:09 -07:00
|
|
|
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
let new_tip = if let Some(end) = unknown_hashes.rchunks_exact(2).next() {
|
|
|
|
|
CheckedTip {
|
|
|
|
|
tip: end[0],
|
|
|
|
|
expected_next: end[1],
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!("discarding response that extends only one block");
|
2020-08-10 16:17:50 -07:00
|
|
|
continue;
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
};
|
2020-08-10 16:17:50 -07:00
|
|
|
|
2022-01-28 09:24:53 -08:00
|
|
|
trace!(?unknown_hashes);
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
|
2020-08-24 05:09:41 -07:00
|
|
|
// Make sure we get the same tips, regardless of the
|
|
|
|
|
// order of peer responses
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
if !download_set.contains(&new_tip.expected_next) {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(?new_tip,
|
2020-08-24 05:09:41 -07:00
|
|
|
"adding new prospective tip, and removing any existing tips in the new block hash list");
|
|
|
|
|
self.prospective_tips
|
|
|
|
|
.retain(|t| !unknown_hashes.contains(&t.expected_next));
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
self.prospective_tips.insert(new_tip);
|
|
|
|
|
} else {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(
|
2020-09-03 15:09:34 -07:00
|
|
|
?new_tip,
|
|
|
|
|
"discarding prospective tip: already in download set"
|
|
|
|
|
);
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
}
|
2020-06-22 19:24:53 -07:00
|
|
|
|
2022-01-11 09:11:35 -08:00
|
|
|
// security: the first response determines our download order
|
|
|
|
|
//
|
|
|
|
|
// TODO: can we make the download order independent of response order?
|
2020-08-07 01:04:33 -07:00
|
|
|
let prev_download_len = download_set.len();
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
download_set.extend(unknown_hashes);
|
2020-08-07 01:04:33 -07:00
|
|
|
let new_download_len = download_set.len();
|
2021-08-19 16:16:16 -07:00
|
|
|
let new_hashes = new_download_len - prev_download_len;
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(new_hashes, "added hashes to download set");
|
2021-11-02 11:46:57 -07:00
|
|
|
metrics::histogram!("sync.extend.response.hash.count", new_hashes as f64);
|
2020-06-22 19:24:53 -07:00
|
|
|
}
|
2020-07-21 13:50:38 -07:00
|
|
|
Ok(_) => unreachable!("network returned wrong response"),
|
|
|
|
|
// We ignore this error because we made multiple fanout requests.
|
2022-01-28 09:24:53 -08:00
|
|
|
Err(e) => debug!(?e),
|
2020-06-22 19:24:53 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-19 16:16:16 -07:00
|
|
|
let new_downloads = download_set.len();
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(new_downloads, "queueing new downloads");
|
2021-08-19 16:16:16 -07:00
|
|
|
metrics::gauge!("sync.extend.queued.hash.count", new_downloads as f64);
|
|
|
|
|
|
|
|
|
|
// security: use the actual number of new downloads from all peers,
|
2022-01-11 09:11:35 -08:00
|
|
|
// so the last peer to respond can't toggle our mempool
|
2021-08-19 16:16:16 -07:00
|
|
|
self.recent_syncs.push_extend_tips_length(new_downloads);
|
|
|
|
|
|
2020-10-22 10:58:49 -07:00
|
|
|
self.request_blocks(download_set).await?;
|
2020-06-22 19:24:53 -07:00
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-03 15:09:34 -07:00
|
|
|
/// Download and verify the genesis block, if it isn't currently known to
|
2020-07-23 10:56:52 -07:00
|
|
|
/// our node.
|
|
|
|
|
async fn request_genesis(&mut self) -> Result<(), Report> {
|
|
|
|
|
// Due to Bitcoin protocol limitations, we can't request the genesis
|
|
|
|
|
// block using our standard tip-following algorithm:
|
|
|
|
|
// - getblocks requires at least one hash
|
|
|
|
|
// - responses start with the block *after* the requested block, and
|
|
|
|
|
// - the genesis hash is used as a placeholder for "no matches".
|
|
|
|
|
//
|
2020-09-03 15:09:34 -07:00
|
|
|
// So we just download and verify the genesis block here.
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
while !self.state_contains(self.genesis_hash).await? {
|
2022-01-28 09:24:53 -08:00
|
|
|
info!("starting genesis block download and verify");
|
2020-09-09 15:33:25 -07:00
|
|
|
self.downloads
|
2020-10-21 20:37:01 -07:00
|
|
|
.download_and_verify(self.genesis_hash)
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
.await
|
2020-09-09 15:33:25 -07:00
|
|
|
.map_err(|e| eyre!(e))?;
|
|
|
|
|
match self.downloads.next().await.expect("downloads is nonempty") {
|
2022-01-28 09:24:53 -08:00
|
|
|
Ok(hash) => trace!(?hash, "verified and committed block to state"),
|
2020-09-09 15:33:25 -07:00
|
|
|
Err(e) => {
|
2022-01-28 09:24:53 -08:00
|
|
|
warn!(?e, "could not download or verify genesis block, retrying");
|
2021-06-09 16:39:51 -07:00
|
|
|
tokio::time::sleep(GENESIS_TIMEOUT_RETRY).await;
|
2020-09-03 15:13:00 -07:00
|
|
|
}
|
Fix sync algorithm. (#887)
* checkpoint: reject older of duplicate verification requests.
If we get a duplicate block verification request, we should drop the older one
in favor of the newer one, because the older request is likely to have been
canceled. Previously, this code would accept up to four duplicate verification
requests, then fail all subsequent ones.
* sync: add a timeout layer to block requests.
Note that if this timeout is too short, we'll bring down the peer set in a
retry storm.
* sync: restart syncing on error
Restart the syncing process when an error occurs, rather than ignoring it.
Restarting means we discard all tips and start over with a new block locator,
so we can have another chance to "unstuck" ourselves.
* sync: additional debug info
* sync: handle lookahead limit correctly.
Instead of extracting all the completed task results, the previous code pulled
results out until there were fewer tasks than the lookahead limit, then
stopped. This meant that completed tasks could be left until the limit was
exceeded again. Instead, extract all completed results, and use the number of
pending tasks to decide whether to extend the tip or wait for blocks to finish.
* network: add debug instrumentation to retry policy
* sync: instrument the spawned task
* sync: streamline ObtainTips/ExtendTips logic & tracing
This change does three things:
1. It aligns the implementation of ObtainTips and ExtendTips so that they use
the same deduplication method. This means that when debugging we only have one
deduplication algorithm to focus on.
2. It streamlines the tracing output to not include information already
included in spans. Both obtain_tips and extend_tips have their own spans
attached to the events, so it's not necessary to add Scope: prefixes in
messages.
3. It changes the messages to be focused on reporting the actual
events rather than the interpretation of the events (e.g., "got genesis hash in
response" rather than "peer could not extend tip"). The motivation for this
change is that when debugging, the interpretation of events is already known to
be incorrect, in the sense that the mental model of the code (no bug) does not
match its behavior (has bug), so presenting minimally-interpreted events forces
interpretation relative to the actual code.
* sync: hack to work around zcashd behavior
* sync: localize debug statement in extend_tips
* sync: change algorithm to define tips as pairs of hashes.
This is different enough from the existing description that its comments no
longer apply, so I removed them. A further chunk of work is to change the sync
RFC to document this algorithm.
* sync: reduce block timeout
* state: add resource limits for sled
Closes #888
* sync: add a restart timeout constant
* sync: de-pub constants
2020-08-12 16:48:01 -07:00
|
|
|
}
|
2020-07-23 10:56:52 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-03 15:09:34 -07:00
|
|
|
/// Queue download and verify tasks for each block that isn't currently known to our node
|
2022-01-11 09:11:35 -08:00
|
|
|
async fn request_blocks(&mut self, hashes: IndexSet<block::Hash>) -> Result<(), Report> {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(hashes.len = hashes.len(), "requesting blocks");
|
2020-07-21 13:50:38 -07:00
|
|
|
for hash in hashes.into_iter() {
|
2020-10-24 17:31:41 -07:00
|
|
|
self.downloads.download_and_verify(hash).await?;
|
2020-06-30 09:42:09 -07:00
|
|
|
}
|
2020-06-22 19:24:53 -07:00
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
2020-08-07 01:04:33 -07:00
|
|
|
|
2020-09-03 15:09:34 -07:00
|
|
|
/// Returns `true` if the hash is present in the state, and `false`
|
2020-08-10 16:17:50 -07:00
|
|
|
/// if the hash is not present in the state.
|
|
|
|
|
///
|
2021-02-09 15:05:14 -08:00
|
|
|
/// BUG: check if the hash is in any chain (#862)
|
|
|
|
|
/// Depth only checks the main chain.
|
2020-08-15 23:20:01 -07:00
|
|
|
async fn state_contains(&mut self, hash: block::Hash) -> Result<bool, Report> {
|
2020-08-10 16:17:50 -07:00
|
|
|
match self
|
|
|
|
|
.state
|
2021-11-02 11:46:57 -07:00
|
|
|
.ready()
|
2020-08-10 16:17:50 -07:00
|
|
|
.await
|
|
|
|
|
.map_err(|e| eyre!(e))?
|
2020-09-09 21:19:15 -07:00
|
|
|
.call(zebra_state::Request::Depth(hash))
|
2020-08-10 16:17:50 -07:00
|
|
|
.await
|
|
|
|
|
.map_err(|e| eyre!(e))?
|
|
|
|
|
{
|
|
|
|
|
zs::Response::Depth(Some(_)) => Ok(true),
|
|
|
|
|
zs::Response::Depth(None) => Ok(false),
|
|
|
|
|
_ => unreachable!("wrong response to depth request"),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-11 09:11:35 -08:00
|
|
|
fn update_metrics(&mut self) {
|
2020-08-07 01:04:33 -07:00
|
|
|
metrics::gauge!(
|
|
|
|
|
"sync.prospective_tips.len",
|
2020-11-19 12:54:31 -08:00
|
|
|
self.prospective_tips.len() as f64
|
2020-08-07 01:04:33 -07:00
|
|
|
);
|
2020-09-09 15:33:25 -07:00
|
|
|
metrics::gauge!(
|
|
|
|
|
"sync.downloads.in_flight",
|
2020-11-19 12:54:31 -08:00
|
|
|
self.downloads.in_flight() as f64
|
2020-09-09 15:33:25 -07:00
|
|
|
);
|
2020-08-07 01:04:33 -07:00
|
|
|
}
|
2021-10-19 18:07:19 -07:00
|
|
|
|
|
|
|
|
/// Return if the sync should be restarted based on the given error
|
|
|
|
|
/// from the block downloader and verifier stream.
|
|
|
|
|
fn should_restart_sync(e: BlockDownloadVerifyError) -> bool {
|
|
|
|
|
match e {
|
2021-12-02 06:28:20 -08:00
|
|
|
// Structural matches
|
2021-10-19 18:07:19 -07:00
|
|
|
BlockDownloadVerifyError::Invalid(VerifyChainError::Checkpoint(
|
|
|
|
|
VerifyCheckpointError::AlreadyVerified { .. },
|
|
|
|
|
)) => {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(error = ?e, "block was already verified, possibly from a previous sync run, continuing");
|
2021-10-19 18:07:19 -07:00
|
|
|
false
|
|
|
|
|
}
|
|
|
|
|
BlockDownloadVerifyError::Invalid(VerifyChainError::Block(
|
|
|
|
|
VerifyBlockError::Block {
|
|
|
|
|
source: BlockError::AlreadyInChain(_, _),
|
|
|
|
|
},
|
|
|
|
|
)) => {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(error = ?e, "block is already in chain, possibly from a previous sync run, continuing");
|
2021-10-19 18:07:19 -07:00
|
|
|
false
|
|
|
|
|
}
|
2021-12-02 06:28:20 -08:00
|
|
|
BlockDownloadVerifyError::CancelledDuringDownload
|
|
|
|
|
| BlockDownloadVerifyError::CancelledDuringVerification => {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(error = ?e, "block verification was cancelled, continuing");
|
2021-12-02 06:28:20 -08:00
|
|
|
false
|
|
|
|
|
}
|
2022-01-11 09:11:35 -08:00
|
|
|
BlockDownloadVerifyError::BehindTipHeightLimit => {
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(
|
2022-01-11 09:11:35 -08:00
|
|
|
error = ?e,
|
|
|
|
|
"block height is behind the current state tip, \
|
|
|
|
|
assuming the syncer will eventually catch up to the state, continuing"
|
|
|
|
|
);
|
|
|
|
|
false
|
|
|
|
|
}
|
2021-12-02 06:28:20 -08:00
|
|
|
|
|
|
|
|
// String matches
|
2021-10-19 18:07:19 -07:00
|
|
|
BlockDownloadVerifyError::Invalid(VerifyChainError::Block(
|
|
|
|
|
VerifyBlockError::Commit(ref source),
|
|
|
|
|
)) if format!("{:?}", source).contains("block is already committed to the state") => {
|
2021-12-02 06:28:20 -08:00
|
|
|
// TODO: improve this by checking the type (#2908)
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(error = ?e, "block is already committed, possibly from a previous sync run, continuing");
|
2021-10-19 18:07:19 -07:00
|
|
|
false
|
|
|
|
|
}
|
2021-12-02 06:28:20 -08:00
|
|
|
BlockDownloadVerifyError::DownloadFailed(ref source)
|
|
|
|
|
if format!("{:?}", source).contains("NotFound") =>
|
|
|
|
|
{
|
|
|
|
|
// TODO: improve this by checking the type (#2908)
|
|
|
|
|
// restart after a certain number of NotFound errors?
|
2022-01-28 09:24:53 -08:00
|
|
|
debug!(error = ?e, "block was not found, possibly from a peer that doesn't have the block yet, continuing");
|
2021-10-19 18:07:19 -07:00
|
|
|
false
|
|
|
|
|
}
|
2021-12-02 06:28:20 -08:00
|
|
|
|
2021-10-19 18:07:19 -07:00
|
|
|
_ => {
|
|
|
|
|
// download_and_verify downcasts errors from the block verifier
|
|
|
|
|
// into VerifyChainError, and puts the result inside one of the
|
|
|
|
|
// BlockDownloadVerifyError enumerations. This downcast could
|
|
|
|
|
// become incorrect e.g. after some refactoring, and it is difficult
|
|
|
|
|
// to write a test to check it. The test below is a best-effort
|
|
|
|
|
// attempt to catch if that happens and log it.
|
|
|
|
|
// TODO: add a proper test and remove this
|
|
|
|
|
// https://github.com/ZcashFoundation/zebra/issues/2909
|
|
|
|
|
let err_str = format!("{:?}", e);
|
|
|
|
|
if err_str.contains("AlreadyVerified")
|
|
|
|
|
|| err_str.contains("AlreadyInChain")
|
2021-12-02 06:28:20 -08:00
|
|
|
|| err_str.contains("Cancelled")
|
2022-01-11 09:11:35 -08:00
|
|
|
|| err_str.contains("BehindTipHeight")
|
2021-10-19 18:07:19 -07:00
|
|
|
|| err_str.contains("block is already committed to the state")
|
2021-12-02 06:28:20 -08:00
|
|
|
|| err_str.contains("NotFound")
|
2021-10-19 18:07:19 -07:00
|
|
|
{
|
2022-01-28 09:24:53 -08:00
|
|
|
error!(?e,
|
2021-10-19 18:07:19 -07:00
|
|
|
"a BlockDownloadVerifyError that should have been filtered out was detected, \
|
|
|
|
|
which possibly indicates a programming error in the downcast inside \
|
|
|
|
|
zebrad::components::sync::downloads::Downloads::download_and_verify"
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-28 09:24:53 -08:00
|
|
|
warn!(?e, "error downloading and verifying block");
|
2021-10-19 18:07:19 -07:00
|
|
|
true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-06-22 19:24:53 -07:00
|
|
|
}
|
