[Discussion] Should aarch64 throw an exception when db.engine=LEVELDB?

[halibobo1205]

Background

Storage.java:177 currently handles aarch64 by silently falling back to RocksDB:

if (Arch.isArm64()) {
  logger.warn("Arm64 architecture detected, using RocksDB as db engine, ignore config.");
  return ROCKS_DB_ENGINE;
}

config.conf file defaults to db.engine = "LEVELDB" — shared between x86 and aarch64

And the default config for x86 is DEFAULT_DB_ENGINE = "LEVELDB"

Aarch64 does not support LevelDB. As a result, aarch64 nodes running the default config always hit this fallback, rolling back to RocksDB, and print only one warning log.

Problem

checkOrInitEngine provides a helpful error on x86: when the configured engine mismatches the existing data directory, the error message points directly to the cause.

This breaks down on aarch64. Consider a node migrated from x86 (with a LevelDB data directory) to arm64: both the config and the on-disk data are LevelDB, so they appear consistent to checkOrInitEngine. The silent engine switch to RocksDB then causes it to throw:

Cannot open LEVELDB database with ROCKSDB engine

Operators see a database error with no indication that the real cause is an architecture/engine incompatibility. The error chain is broken precisely because the fallback happens before checkOrInitEngine can reason about it correctly.

Two constraints prevent simply changing the defaults:

• config.conf defaults to db.engine = "LEVELDB" — shared between x86 and aarch64, so this cannot be changed
• DEFAULT_DB_ENGINE = "LEVELDB" — changing this would affect x86 users

Therefore, it's not possible to simply throw an exception when using aarch64 + LEVELDB; otherwise, all arm64 users using the default configuration will fail to start.

Open for discussion

• Targeted exception on data directory mismatch — throw a clear "architecture does not support the configured engine" exception only when an existing LevelDB data directory is detected (hooking into or extending checkOrInitEngine logic), while continuing to fall back silently for fresh nodes with no existing data.
• Other approaches — are there alternative ways to surface a clear error to operators without changing the default config or breaking the happy path?
• Status quo — is the current behavior acceptable given the constraints?

[3for]

It would be better to handle the architecture-specific “LevelDB not supported” error in the checkOrInitEngine or database initialization (DB open) path, rather than failing early.
This should also take into account data directories migrated from x86 and provide users with a clear indication of the root cause.
Since ARM64 and x86 currently share the same config.conf, it may be worth considering whether to introduce architecture-specific configurations (e.g., config-x86.conf and config-arm64.conf) in the future.

[halibobo1205]

@3for

1. Enforcing an exception in a future version would be a breaking change for aarch64 users running the default config — this needs careful consideration.
2. Splitting the config into separate files (e.g., config-x86.conf and config-arm64.conf) per architecture would add unnecessary deployment complexity and is not worth the trade-off.
3. What is the real benefit of introducing a breaking change here? If the primary motivation is to provide a clearer error message for users migrating an x86 LevelDB node to arm64, a more targeted fix might be to improve the error handling in checkOrInitEngine directly — without touching the startup behavior at all.

[vividctrlalt]

@halibobo1205 @3for Both of your points make sense. After some analysis, I think the root cause here is: a compile-time decision is being treated as a runtime choice.

On ARM64, the DB engine is already determined at build time — LevelDB JNI native libraries are not available, and plugins/build.gradle explicitly excludes LevelDB for ARM64. RocksDB is the only engine that can actually run. Yet the code still goes through the same runtime if-else logic as x86, offering a "choice" that doesn't really exist on ARM64.

The fundamental issue is that db.engine conflates platform constraints with user preferences — two very different concerns packed into one config field.

Proposed pragmatic approach

1. ARM64 should not offer db.engine as a configurable option — there is no choice on this platform
2. For config compatibility, ARM64 ignores db.engine and always uses RocksDB, with a clear startup log: "ARM64 detected: only RocksDB is supported, 'storage.db.engine' config is ignored"
3. This is a compromise, not the ideal solution — good enough for now
4. The systematic fix for platform + DB engine matching should be tracked separately in this issue ([Discussion] Should aarch64 throw an exception when db.engine=LEVELDB? #6587), not in the test coverage PR (test(framework): add dual DB engine coverage with flaky test fixes #6586)

Would this approach work for everyone?

[halibobo1205]

@vividctrlalt @3for Agreed. The compile-time vs runtime framing is a much cleaner way to describe the root cause — on ARM64, db.engine is effectively a no-op since LevelDB is excluded at build time, so exposing it as a configurable option is misleading.

The pragmatic approach makes sense as a short-term fix. Improving the startup log to explicitly state that storage.db.engine is ignored on ARM64 is low-risk and addresses the confusion without introducing a breaking change.

For migration scenarios where a LevelDB data directory already exists, users can convert it to RocksDB using the db convert command in Toolkit.jar — that path is well-defined.

As for the long-term systematic fix, the right direction would be to elevate platform constraints to compile-time decisions, but that would require a non-trivial refactor of the current codebase and should be evaluated separately in here.

[3for]

@vividctrlalt ‘s idea of “fast fail to eliminate silent fallback behaviors” is, in my opinion, a solid direction. It helps ensure that the system behavior strictly matches the user’s explicit configuration, improving transparency and predictability.

That said, it seems we could further refine the approach to both eliminate silent fallbacks and provide a better user experience.

Currently:

1. The dbEngine is not only sourced from *.conf files, but can also be specified via the CLI parameter --storage-db-engine. The CLI parameter has higher priority and overrides storage.db.engine in the config file.

2. Based on the implementation in PR #6586 (up to commit d57d110), the main impacts are:

• AMD64: The current behavior is generally reasonable.

• ARM64: The current approach trades off:

  • “out-of-the-box startup with default config”
  • “seamless upgrade for existing RocksDB users”
    in exchange for
  • “eliminating silent fallback from LevelDB”

Here is a summary of user experience across different scenarios:

Architecture	User Type	Configured Engine	Existing Data Dir	Current Behavior	Impact
ARM64	New	Default (LEVELDB)	None	Fails early in Args.validateConfig()	Bad: default config is unusable
ARM64	New	ROCKSDB	None	Starts normally, initializes RocksDB	Good
ARM64	New	LEVELDB	None	Fails early	Expected
ARM64	Existing	Default (LEVELDB)	RocksDB	Fails early	Bad: breaks existing RocksDB users
ARM64	Existing	ROCKSDB	RocksDB	Starts normally	Good
ARM64	Existing	Default / Explicit LEVELDB	LevelDB	Fails early with “LevelDB not supported on ARM64”	Clearer than before
ARM64	Existing	ROCKSDB	LevelDB	Passes validation, but fails in checkOrInitEngine() with engine mismatch	Fails, but error is not very user-friendly
AMD64	New	Default (LEVELDB)	None	Starts normally, initializes LevelDB	Good
AMD64	New	ROCKSDB	None	Starts normally, initializes RocksDB	Good
AMD64	Existing	LEVELDB	LevelDB	Starts normally	Good
AMD64	Existing	ROCKSDB	RocksDB	Starts normally	Good
AMD64	Existing	LEVELDB	RocksDB	Fails in checkOrInitEngine() with engine mismatch	Good: clear error
AMD64	Existing	ROCKSDB	LevelDB	Fails in checkOrInitEngine() with engine mismatch	Good: clear error

The current design successfully removes silent fallback behavior, but introduces regressions in usability on ARM64—particularly for:

• default startup experience
• existing RocksDB users upgrading without config changes

It may be worth exploring a refined approach that preserves explicitness (no silent fallback) while also improving backward compatibility and user experience, especially in common upgrade scenarios.

[halibobo1205]

Just adding another perspective here:
ARM64 support is still relatively new, and the existing ARM64 user base is still fairly small. This might actually be the lowest-cost window we have to eliminate silent fallback and move toward explicit configuration — before the user base grows and a breaking change becomes harder to justify.
For the two "Bad" scenarios in the table:

• new nodes failing with the default config,
• and existing RocksDB users failing on upgrade

I wonder if clear release notes and migration guidance could be sufficient to address those concerns, rather than preserving implicit behavior for short-term compatibility.
Happy to be wrong on this, but it feels like the cost of making this change now is relatively low, and it may only get higher the longer we wait. Curious what others think.

[warku123]

I support to cleaning up the silent fallback.

Suggest improving the error message in PR #6586 to include:

1. clear fix instructions
2. mention of Toolkit.jar db convert for migrations
3. WARN log before failure.