-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
spec: Consensus Write-Ahead Log (WAL) #469
Comments
We need to persist all events, received from external components, that may lead to state-transition in the consensus logic. More specifically:
|
All the received events can be persisted to the WAL asynchronously, in a best effort manner. But once a set of input events lead to a state transition, with the potential production of an output, the WAL must be persisted in a synchronous way. We define the following list of actions before which the WAL should be flushed (synchronously persisted):
The above listed actions are the result of receiving a number of events (inputs), which can be asynchronously written to the WAL. But once the resulting action is produced, we must be sure that all events that have lead to the action are persisted. In this way, when recovering from a crash, the node is able to produce, based on the same inputs, the exactly same actions. |
When a height of consensus is (re)started, the consensus state machine should:
A relevant observation is that a height of consensus must be re-started after all the committed blocks are applied (see #580) and after the storage for produced or received full values is open and restored (see #579). |
The WAL should ensure that a recovered process has the following behavior:
The only different to a correct process is that
|
Observe that this is based on the fact that once a process locally has persisted a blockstore entry (block and commit) of height h, the process may ignore all messages from heights less than or equal to h from this point on. So persiting a point is a big synchronization event, while flushing on sending later are smaller synchronization events. |
A more precise definition of "shortly before" can be derived from item 2. Namely, if an action was produced before crashing, consider the latest action produced. The state of the process after recovering must be the same as when it produced the latest action, or a later (successive) state. The internal state transitions that do not produce actions might be lost, namely the events that triggered them might not be synchronously persisted, therefore are lost. This is not a problem as long the "lost" events did not produce any external observable action. |
For the WAL we need to make sure that the driver is deterministic. So we need to review everything. In particular folds in Qunit. Also |
By vote sync we mean the protocol drafted in #576. |
Besides of better documenting the solution, can we consider it solved? |
In order to support the crash-recovery failure model (#578), the consensus implementation should persist all relevant events that have lead it to its current state. When recovering from a crash, the implementation is initialized from its initial state of the latest active height
H
, then has to replay all the information persisted before it has crashed.The valid events processed by the consensus implementation are therefore typically persisted in a Write-Ahead Log (WAL), an append-only log that was originally conceived to ensure atomicity of transactions in databases.
Definition of Done
The text was updated successfully, but these errors were encountered: