-
Notifications
You must be signed in to change notification settings - Fork 11.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhance/cleanup unconfirmed execution #375
Conversation
@lxfind please take a look to make sure this PR fits in the refactor flow. |
fastpay_core/src/client.rs
Outdated
// Which errors should be unlock on? | ||
// TODO: define which errors we must not unlock from | ||
// https://github.com/MystenLabs/fastnft/issues/346 | ||
if result.is_err() || with_confirmation { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel there are situations where an authority operation fails and we would rather keep the order locked.
How can we for sure determine which errors should unlock orders?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have two questions about this:
- If we keep the order locked, when would we unlock them?
- Could you also write down a concrete scenario where things could go wrong if we always unlock here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Up to the caller. They can re-submit and order. Or can call
try_complete_pending
- Situations where the true state of the order is not defined. Example quorum logic failure, network/comms failure, set_order_lock failure here https://github.com/MystenLabs/fastnft/blob/main/fastpay_core/src/authority/authority_store.rs#L289
These are just guesses of course. I could be wrong.
Thanks for putting up the PR.
Let me what you think. Also, @gdanezis Could you confirm how |
fastpay_core/src/client.rs
Outdated
// Which errors should be unlock on? | ||
// TODO: define which errors we must not unlock from | ||
// https://github.com/MystenLabs/fastnft/issues/346 | ||
if result.is_err() || with_confirmation { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have two questions about this:
- If we keep the order locked, when would we unlock them?
- Could you also write down a concrete scenario where things could go wrong if we always unlock here?
fastpay_core/src/client.rs
Outdated
if !self.can_lock_or_unlock(order)? { | ||
return Err(FastPayError::ConcurrentTransactionError); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Duplicates?
&self.store.pending_orders, | ||
order.input_objects().iter().map(|e| e.object_id()), | ||
) | ||
if !self.can_lock_or_unlock(order)? { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Curious, what happens if we fail to unlock here due to can_lock_or_unlock
returns Err
? Could the objects be locked forever?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May want to add a TODO here. I think we need to handle the failure of can_lock_or_unlock
eventually.
Right. I want to get rid of the unconfirmed path too for the reasons you mentioned, and more. But while we have it, I'm striving to reduce ways it can be misused. |
&self.store.pending_orders, | ||
order.input_objects().iter().map(|e| e.object_id()), | ||
) | ||
if !self.can_lock_or_unlock(order)? { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May want to add a TODO here. I think we need to handle the failure of can_lock_or_unlock
eventually.
.iter() | ||
.map(|vote| { | ||
( | ||
vote.signed_order.as_ref().unwrap().authority, | ||
vote.signed_order.as_ref().unwrap().signature, | ||
) | ||
}) | ||
.collect::<Vec<_>>(); | ||
|
||
let certificate = CertifiedOrder { order, signatures }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Curious why do we have to do this here instead of keeping the old logic (match returns the pairs)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The responses
from the old code will always be empty because it's the output of the catch-up confirmation steps, which tx_order does not do anymore. It's a bit misleading.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving but some of the code will go away in latter PRs from @gdanezis (may want to take a look at his PR to make sure we are porting changes from this PR)
Agreed. Many of the concepts here are based on logic that will go away soon, however I'm not sure of the timelines, so I'm hoping these incremental steps can keep us moving at least. |
9f662f1f6d7711c6545519c8b85996d515d3f104 removed a proptest non-regression file that exercises #375. We reinstate it and un-ignore the test.
9f662f1f6d7711c6545519c8b85996d515d3f104 removed a proptest non-regression file that exercises MystenLabs#375. We reinstate it and un-ignore the test.
This PR converts this to work with the new refactoring.
Removed the ability to execute transactions without confirmation and instead all executions go through the same function
execute_transaction
This allows us consolidate the critical areas where we might have to lock/unlock orders.
Additionally propagated the OrderInfoResponse for executions which was being discarded.
Updated test cases to use pending-orders
Also ported multi-insert and multi-remove over to Mysten infra, so no need to have them here.
How it works:
An order
ord
's objects can be locked or unlocked by the order if all oford
's input objects are already locked byord
or by no other order.There are two phases to completing a transaction:
TX Order without confirmation: this locks the objects owned by
ord
if they are available for locking. However in case of an authority error the objects are unlocked.If the order is successfully executed, the objects remain locked until confirmation.
Confirmation of TX order:
Here the objects are unlocked if tx is successful or if tx fails with errors having no side effects.
If the objects remain locked after this step, there is a critical error.
Next steps:
pending_order
table test & + test & unlock thread-safe