Add converting ledger with test #17428
Conversation
src/lib/mina_ledger/ledger.ml
Outdated
| if Unstable_db.num_accounts db2 = 0 then | ||
| Or_error.return @@ Converting_ledger.create_with_migration db1 db2 | ||
| else if not (Db.num_accounts db1 = Unstable_db.num_accounts db2) then ( | ||
| (* TODO: ensure 2 dbs have exact same accounts *) |
There was a problem hiding this comment.
Well, we have test coverage for this so it's not that fatal, though
There was a problem hiding this comment.
To respond to #17379 (comment) here - yes, this is insufficient as a desync check. A converting merkle tree is two databases and we write to them separately, so it should be possible for the daemon to crash between database updates, which would cause a desync. I think you're right, that that is only detectable with a full equality check (up to account conversion) between the databases.
There was a problem hiding this comment.
I think part of the slowness of migration is all the hashing that needs to be done to populate the database, not necessarily the actual account conversion. If the Unstable.of_stable conversion function is expected to be fast, then we might be able to do this integrity check right here. @georgeee do you know how heavy the real conversion function is likely to be?
There was a problem hiding this comment.
I think part of the slowness of migration is all the hashing that needs to be done to populate the database, not necessarily the actual account conversion.
This is my expectation as well
do you know how heavy the real conversion function is likely to be?
We expect conversion to be trivial, i.e. not using any cryptographic operations at all.
src/lib/mina_ledger/ledger.ml
Outdated
| if Unstable_db.num_accounts db2 = 0 then | ||
| Or_error.return @@ Converting_ledger.create_with_migration db1 db2 | ||
| else if not (Db.num_accounts db1 = Unstable_db.num_accounts db2) then ( | ||
| (* TODO: ensure 2 dbs have exact same accounts *) |
There was a problem hiding this comment.
To respond to #17379 (comment) here - yes, this is insufficient as a desync check. A converting merkle tree is two databases and we write to them separately, so it should be possible for the daemon to crash between database updates, which would cause a desync. I think you're right, that that is only detectable with a full equality check (up to account conversion) between the databases.
src/lib/mina_ledger/ledger.ml
Outdated
| (* TODO: ensure 2 dbs have exact same accounts *) | ||
| Db.close db1 ; | ||
| Unstable_db.close db2 ; | ||
| Or_error.error_string |
There was a problem hiding this comment.
I think if a desync is detected then we might want to clean up the secondary database and re-migrate, and just issue a warning/error log message. I'm not sure if that cleanup should happen here or if it should be the responsibility of the caller of this method, though. I'd have to check to see how the existing databases are cleaned up.
(The issue I see is similar to the crash back-off loop with the empty PID file - if the invalid resource isn't cleaned up automatically somehow then the working directory of the daemon will become unusable).
src/lib/mina_ledger/ledger.ml
Outdated
| if Unstable_db.num_accounts db2 = 0 then | ||
| Or_error.return @@ Converting_ledger.create_with_migration db1 db2 | ||
| else if not (Db.num_accounts db1 = Unstable_db.num_accounts db2) then ( | ||
| (* TODO: ensure 2 dbs have exact same accounts *) |
There was a problem hiding this comment.
I think part of the slowness of migration is all the hashing that needs to be done to populate the database, not necessarily the actual account conversion. If the Unstable.of_stable conversion function is expected to be fast, then we might be able to do this integrity check right here. @georgeee do you know how heavy the real conversion function is likely to be?
|
I think my comments are showing up twice because I made them "request changes"? |
src/lib/mina_ledger/ledger.ml
Outdated
| else | ||
| let%bind db1_accounts = Db.accounts db1 in | ||
| let%bind db2_accounts = Unstable_db.accounts db2 in | ||
| (* TODO: check if relying on identifier is enough for equality *) |
There was a problem hiding this comment.
You could do something similar to what's done in the merkle ledger tests for database equality:
mina/src/lib/merkle_ledger_tests/test_converting.ml
Lines 194 to 199 in 76b8999
Synced ledgers should have accounts at identical indices.
There was a problem hiding this comment.
Because of #17428 (comment) I don't think we need to worry about the speed of account conversion. Hopefully.
|
!ci-build-me |
src/lib/merkle_ledger/database.ml
Outdated
| @@ -43,7 +42,17 @@ module Make (Inputs : Intf.Inputs.DATABASE) = struct | |||
|
|
|||
| let depth t = t.depth | |||
|
|
|||
| let create ?directory_name ~depth () = | |||
| let rec remove_dir_recursively path = | |||
There was a problem hiding this comment.
There is Mina_stdlib_unix.File_system.rmrf for this, potentially
|
rebased atop compatible |
glyh
force-pushed
the
lyh/converting-ledger-and-tests
branch
from
95d8adc to
6a0c5de
Compare
src/lib/merkle_ledger/database.ml
Outdated
| @@ -43,7 +44,7 @@ module Make (Inputs : Intf.Inputs.DATABASE) = struct | |||
|
|
|||
| let depth t = t.depth | |||
|
|
|||
| let create ?directory_name ~depth () = | |||
| let create ?directory_name ?fresh ~depth () = | |||
There was a problem hiding this comment.
Sorry, I missed this before - could you declare the fresh with a default to avoid having to deal with the Some later on here?
The new Converting_ledger ledger type in mina_ledger is backed by a converting_merkle_tree - this will keep a secondary ledger database in an unstable format synced with a primary ledger database in a stable format.
glyh
force-pushed
the
lyh/converting-ledger-and-tests
branch
from
119cfac to
e806e3d
Compare
|
!ci-build-me |
|
!ci-bypass-changelog |
Continuation of #17379
Status: waiting for next round of review.