-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
invariants gap: committing a stale snapshot #157
Comments
Hi @pav-kv , I investigated the question you posted and found some interesting information. Can this situation happen? Yes. To clarify, I come up with two questions:
Example:
Just as AE1 is flying on the internet, A is triggered to create a new snapshot at index 2. Let's call it
Then Leader A sends the next round of logs to C, and the situation becomes like this:
Now AE1 has arrived to C: And the C is still in Term1, and it's
A smaller log has been appended to the unstable entries. Please kindly let me know if I have missed something or made a mistake. Will it cause chaos? TODO
|
The gap is yet to be confirmed, it's unclear if it can happen. Discovered while cleaning up the
raftLog/unstable
structures.The
unstable
structure tracks log entries and a snapshot in flight to storage.The undocumented invariant seems to be: if there is a
snapshot
, then theoffset == snapshot.Metadata.Index + 1
. The underlying sense of this invariant is that the snapshot is a "wide entry" at indexoffset - 1
that immediately precedes all theentries
. Correspondingly, there is a requirement to write thissnapshot
to storage earlier than the entries.We maintain this invariant during the lifecycle of
unstable
, and rely on it when extracting the log size, and terms of entries at specific indices.However, there is one place where the invariant can be violated:
raft/log_unstable.go
Lines 202 to 208 in 073f90d
When
fromIndex < u.offset
(strictly less), we don't eraseu.snapshot
, and as a result it's possible thatu.offset < u.snapshot.Metadata.Index + 1
. It's also possible that the snapshot index exceedslastIndex()
.It's unclear if the above situation can happen, and what is the consequence. Best case: it can't happen because the layers above won't submit an append at index below the
unstable.snapshot
. Worst case: it can happen, and things can be written or committed out of order.In any case, we need to straighten invariants here, and fix this code to be safer.
To be investigated.
The text was updated successfully, but these errors were encountered: