Dynamic state snapshots

[karalabe]

Note, this PR is semi-experimental work. All code included has been extensively tested on live nodes, but it is very very very sensitive code. As such, the PR hides the included logic behind --snapshot. We've decided to merge it to get the code onto master as it's closing in on the 6 month development mark already.

---

This PR creates a secondary data structure for storing the Ethereum state, called a snapshot. This snapshot is special as it dynamically follows the chain and can also handle small-ish reorgs:

• At the very bottom, the snapshot consists of a disk layer, which is essentially a semi-recent full flat dump of the account and storage contents. This is stored in LevelDB as a <hash> -> <account> mapping for the account trie and <account-hash><slot-hash> -> <slot-value> mapping for the storage tries. The layout permits fast iteration over the accounts and storage, which will be used for a new sync algorithm.
• Above the disk layer there is a tree of in-memory diff layers that each represent one block's worth of state mutations. Every time a new block is processed, it is linked on top of the existing diff tree, and the bottom layers flattened together to keep the maximum tree depth reasonable. At the very bottom, the first diff layer acts as an accumulator which only gets flattened into the disk layer when it outgrows it's memory allowance. This is done mostly to avoid thrashing LevelDB.

The snapshot can be built fully online, during the live operation of a Geth node. This is harder than it seems because rebuilding the snapshot for mainnet takes 9 hours, during which the in-memory garbage collection long deletes the state needed for a single capture.

• The PR achieves this by gradually iterating the state tries and maintaining a marker to the account/storage slot position until which the snapshot was already generated. Every time a new block is executed, state mutations prior to the marker get applied directly (the ones afterwards get discarded) and the snapshot builder switches to iterating the new root hash.
• To handle reorgs, the builder operates on HEAD-128 and is capable of suspending/resuming if a state is missing (a restart will only write out some tries, not all cached in memory).

The benefit of the snapshot is that it acts as an acceleration structure for state accesses:

• Instead of doing O(log N) disk reads (+leveldb overhead) to access an account / storage slot, the snapshot can provide direct, O(1) access time. This should be a small improvement in block processing and a huge improvement in eth_call evaluations.
• The snapshot supports account and storage iteration at O(1) complexity per entry + sequential disk access, which should enable remote nodes to retrieve state data significantly cheaper than before (the sort order is the state trie leaf order, so responses can directly be assembled into tries too).
• The presence of the snapshot can also enable more exotic use cases such as deleting and rebuilding the entire state trie (guerilla pruning) as well as building alternative state trie (e.g. binary vs. hexary), which might be needed in the future.

The downside of the snapshot is that the raw account and storage data is essentially duplicated. In the case of mainnet, this means an extra 15GB of SSD space used.

[holiman]

I'm torn on whether we really should cache nil-items here...

[karalabe]

Hi Sam

…

On Thu, Oct 10, 2019, 18:29 Martin Holst Swende ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In core/state/snapshot/account.go <#20152 (comment)> : > +// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. + +package snapshot + +import ( + "bytes" + "math/big" + + "github.com/ethereum/go-ethereum/common" + "github.com/ethereum/go-ethereum/rlp" +) + +// Account is a slim version of a state.Account, where the root and code hash +// are replaced with a nil byte slice for empty accounts. +type Account struct { + Nonce uint64 Considering that there's only been 500M transactions made, do we really need uint64 here? A uint32 would be 'safe' through 4.2 billion transactions, at least... ? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#20152?email_source=notifications&email_token=AAA7UGPNFZXNCP2IA3G5VYLQN3YX7A5CNFSM4I5ND4EKYY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOCHQKAHQ#pullrequestreview-299933726>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAA7UGKCCASTNWOA66YFF3DQN3YX7ANCNFSM4I5ND4EA> .

[holiman]

Another couple of points,

• Right now, if each block modifies roughly 2000 items (accounts+storage), and we have 128 layers,
• And each layer represents one block, whereas the bottom layer (before disk) represents 200 blocks, that means
• We'll have 128 layers of N size, and 1 layer of 200 * N size.
• Eventually, we'll flush the bottom-most layer, and at that point we have 128 blocks in memory, essentially (going down from e..g 350).

Now, if we have M bytes of memory availalbe, it seems to me that it would make more sense to have a gradual slope of memory usage, instead of N, N, ...200 * N . Instead have N, N, 2N, 2N, 4N...64N (totalling 254N in this example). The consequence would be the folowing:

• Upside: When flushing the lowest layer, we'd not lose the majority of blocks from memory, only a smaller portion. So smaller fluctuations in performance,
• Upside: When accessing an item, we'd not iterate through 128 layers, only ~14
• Downside: When reorg:ing, or accessing a particular block state, we'd have to potentially re-execute some blocks (maybe up to 63 blocks). However, if tuned well, this would not happen on mainnet.

[karalabe]

We might need some smarter locking here. If the parents have side branches, those don't get locked by the child's lock.

[holiman]

It would be 'nicer' if the Info returns the span of blocks that a snapshot represents, and not just the last block

[karalabe]

I'm actually thinking of nuking the whole number tracking. Clique gets messy because roots are not unique across blocks. We could make it root + number, but that would entail statedb needing to add block numbers to every single method, which gets messy fast.

Alternatively, we can just not care about block number and instead just track child -> parent hierarchies. This would mean that we could end up with a lot more state "cached" in memory than 128 if there are ranges of empty clique blocks, but those wouldn't add any new structs, just keep the existing ones around for longer, so should be fine.

[holiman]

Perhaps we should check dl.stale here and error out if set

[holiman]

actually, probably better to do it in journal, since one of the parents might be stale, not just this level

[holiman]

Now that it's standalone and not internal to a difflayer, would be nicer to iterate instead of recurse, imo

[holiman]

Suggested change

	// Everything below was journalled, persist this layer too
	if dl.stale{
	return nil, ErrSnapshotStale
	}
	// Everything below was journalled, persist this layer too

[holiman]

Right now, we obtain the readlock in Journal -- but here we're calling the parent journal directly, bypassing the lock-taking.
We should remove the locking from Journal and do it in this method instead, right after the parent is done writing

[holiman]

This seems to work, but would be more obvious with the following change:

Suggested change

	if dl.genMarker != nil && bytes.Compare(key, dl.genMarker) > 0 {
	if dl.genMarker != nil && bytes.Compare(accountHash[:], dl.genMarker) > 0 {

[holiman]

I don't understand... At the end of this method, we return a new diskLayer. Who remembers these accounts that were left stranded in this layer and not copied to disk?

Answering myself: we the new diskLayer doesn't contain it, so the caller will later have to resolve it from the trie, which is fine... I think?

[holiman]

Could you add percentage too? I think that's a pretty user-friendly thing to have. Basically 100 * binary.BigEndian.Uint32(marker[:4]) / uint32(-1))

[holiman]

I'm not convinced this is correct. There are a couple of things that can happen:

• Old code (before CREATE2): A contract with storage is selfdestructed in tx n. In tx n+1, someone sends a wei to the address, and the account is recreated. The desired end-state should be that the storage has become nil and the account exists.

• New code, withe CREATE2: A contract is killed in tx n. In tx n+1, the contract is recreated, and the initcode sets new storaege slots. So the old storage slots are all cleared, and there are now new storage slots set. We need to handle this (we don't currently)

[gballet]

LGTM, a couple comments here and there, as well as a question about future-proofing the PR.

[gballet]

This isn't a showstopper for merging the PR, merely a question regarding future evolutions of Ethereum: there is an EIP (haven't found it yet) that suggests merging the account and storage tries. This kept recurring in stateless 1.x discussions. It would be a good idea to have a more generic method like GetBlobAtHash(f) inerface{}, taking a function f to deserialize the blob.

[gballet]

if it's an internal helper, then it shouldn't be public

[gballet]

Change name to match comment, or vice-versa.

[fruor]

As it's now released, wouldn't it make sense to update the Command Line Options wiki? The --snapshot switch is completely missing there

[karalabe]

@fruor No, the feature will be on by default soon-ish. We just don't want yet people to use it as it might still change a bit. It's there if someone wants to test it (e.g. our benchmarker runs).