Captive core fast startup

[marta-lokhova]

Implementation based on the discussion in #2960

Resolves #2960
Resolves #2993

[MonsieurNicolas]

a few suggestions to make the code flow easier to understand

[MonsieurNicolas]

this looks more or less like rebuildLedgerFromBuckets, should be refactored

[MonsieurNicolas]

(NB: there are bugs in the other one)

[MonsieurNicolas]

why || (isZero(bucket->getHash()) && !isZero(bucketHash))) ?
that doesn't seem to be related to on disk/not on disk (covered by !bucket)

[marta-lokhova]

Did you look at the implementation of getBucketByHash? It creates an empty bucket pointer if it can't find the bucket, so checking !bucket is not enough.

That being said, looking at the last known ledger loading code, we already check for missing buckets there, so I think I don't even need this check.

[MonsieurNicolas]

Did you look at the implementation of getBucketByHash? It creates an empty bucket pointer if it can't find the bucket, so checking !bucket is not enough.

yes I did, when it doesn't find the file, it does return std::shared_ptr<Bucket>(); which is nullptr not an empty bucket.

other places in the code are only checking for nullptr

But yeah maybe we don't care anyways

[marta-lokhova]

my bad, for some reason I was convinced that function uses std::make_shared. Sorry about that. But yeah, I removed this code now.

[MonsieurNicolas]

I think it would be better to not use pass an extra flag to runWithConfig and just reset the app to genesis right here

[MonsieurNicolas]

this code should be in the try block: if we don't find the mini database we should proceed like normal as we're starting up at genesis

[MonsieurNicolas]

do not use default value here

[MonsieurNicolas]

should use inMemoryParser: it was added so that we use the same option across subcommands

[marta-lokhova]

The call new-db --in-memory is confusing and contradicts your other comment about calling the database "an in-memory database". The flag is called "in-memory", however the command sets a persistent state, that the next commands also depend on. I'd like to be as clear to the users as possible.

[graydon]

I suggest reusing the term you're using above: minimal. I.e. stellar-core new-db --minimal-for-in-memory-mode

[graydon]

(I was especially concerned by the word "reset" here because this suggests a non-minimal DB can be changed / reset into a minimal one, and I don't think that's possible?)

[MonsieurNicolas]

you should not touch DISABLE_XDR_FSYNC here

[marta-lokhova]

Picked up the latest master, which already addresses this problem but not forcing DISABLE_XDR_FSYNC, so I believe this is resolved now.

[MonsieurNicolas]

@graydon may have better insight than me

[graydon]

the --replay-in-memory option is itself marked as deprecated; should reference --in-memory here.

[graydon]

I like the term "minimal DB" you're using here -- I would repeat / reuse / surface this term to the user. It is clear and can be extended into the phrase "minimal DB for in-memory mode".

[graydon]

(Maybe also extend the name of this function so any reader immediately knows it's about in-memory mode: setupMinimalDBForInMemoryMode

[graydon]

rename "partial" here to "minimal" for consistency.

[graydon]

and partial.db here to minimal.db

[graydon]

rename variable: minimalForInMemoryMode

[graydon]

rename function for specificity: applyBucketsOfLastClosedLedger

[graydon]

Add a releaseAssertOrThrow here that the ledger tables are all empty (using LedgerTxn::countObjects). We never want this code to run on a nonempty ledger.

[marta-lokhova]

this sounds like a useful check, but the problem is that calling countObjects is not allowed on non-root LedgerTxn, which is what we use in in-memory mode (that is, the never committing LedgerTxn). There doesn't seem to be any other machinery to verify LedgerTxn's state (we could add some, but I don't think we should at this time). I will add a comment about this though.

[MonsieurNicolas]

I agree with Marta, I think it's fine as is for now

[graydon]

This worries me / reminds me a bit of a "schema migration", or just .. an alternative path for creating a DB (albeit a minimal one) that does not necessarily arrive at the same place we'd arrive if we reinitialized. I gather you're trying to preserve the overlay state here (but nothing else); would it be possible to do that explicitly? That is:

1. load all the overlay state you want to preserve into a temporary data structure in memory.
2. reinitialize the database using the normal code path.
3. reinsert just the overlay state you wanted to preserve (data which we're a bit lax about anyways)

[graydon]

rename for specificity: canRestartInMemoryLedgerFromOldBuckets

[graydon]

Add a releaseAssert that we're in in-memory mode.

[graydon]

separate flag here seems redundant -- isn't this just cfg.isInMemoryMode()?

[graydon]

Aside (not critical): we do this pattern in quite a few places, I wonder if it'd be worth adding a VirtualClock::crankUntilWorkDone(BasicWork&) or something.

[graydon]

A comment would be nice here explaining why !MODE_STORES_HISTORY_LEDGERHEADERS relates to the deletion of entries in the bucketlist; or perhaps a helper method like bool Config::isInMemoryModeWithoutMinimalDB() const { return isInMemoryMode() && !MODE_STORES_HISTORY_LEDGERHEADERS; } or something.

[MonsieurNicolas]

+1 on adding a helper function for clarity

[graydon]

Extend this comment to include the fact that this exists in order to support a sub-mode of in-memory mode, where MODE_STORES_HISTORY is false but MODE_STORES_HISTORY_LEDGERHEADERS remains true. That is: that there is no legal configuration where MODE_STORES_HISTORY_LEDGERHEADERS is false but MODE_STORES_HISTORY is true. Or in yet other words, that only 3 of the 4 states of these 2 flags are legal.

(Also option to discuss here: I know we've gone back and forth on orthogonal flags vs. enumerated modes, but maybe this is as good as any to ask whether to reconsider merging MODE_USES_IN_MEMORY_LEDGER, MODE_STORES_HISTORY and MODE_STORES_HISTORY_LEDGERHEADERS back into a single enum. I'm not sure which of the 8 possible combinations is legal off the top of my head, which is not a great sign.)

[MonsieurNicolas]

mmm, I don't know @graydon : we used to have those "uber flags" used in the code base and it was actually very hard to understand which parts of the code had to change when touching things.

What we may want to do in this commit is probably change MODE_STORES_HISTORY to something that doesn't overlap with MODE_STORES_HISTORY_LEDGERHEADERS (right now it's hard to tell how they relate to each other: are they mutually exclusive?!).

So if we rename MODE_STORES_HISTORY to something like MODE_STORES_HISTORY_MISC (and introduce MODE_STORES_HISTORY_LEDGERHEADERS before) we can make it clear that they complement each other.

We can add helper functions to help check if any historical data is enabled (that seems to be the common case), or maybe to enable/disable "persist all historical data" (to flip both at the same time).

[marta-lokhova]

I like the idea to rename MODE_STORES_HISTORY. I ended up implementing modeStoresAllHistory and modeStoresAnyHistory, and that seems to improve clarity quite a bit.

[MonsieurNicolas]

looking good!

[graydon]

Overall looks promising! Fairly subtle changes though -- I've marked places where I think things could maybe be made a little more obvious for our future selves when we revisit these treacherous paths (as we surely will). Mostly just cosmetic though, I think there's only one structural / logic change around the question of how to most-safely "reset" vs. "reinitialize + reinsert" a minimal DB that can't be reused.

[MonsieurNicolas]

mmm, I don't know @graydon : we used to have those "uber flags" used in the code base and it was actually very hard to understand which parts of the code had to change when touching things.

What we may want to do in this commit is probably change MODE_STORES_HISTORY to something that doesn't overlap with MODE_STORES_HISTORY_LEDGERHEADERS (right now it's hard to tell how they relate to each other: are they mutually exclusive?!).

So if we rename MODE_STORES_HISTORY to something like MODE_STORES_HISTORY_MISC (and introduce MODE_STORES_HISTORY_LEDGERHEADERS before) we can make it clear that they complement each other.

We can add helper functions to help check if any historical data is enabled (that seems to be the common case), or maybe to enable/disable "persist all historical data" (to flip both at the same time).

[MonsieurNicolas]

+1 on adding a helper function for clarity

[MonsieurNicolas]

see my other comment: what we're looking for here is to check that if publish is enabled we better store all historical data. So a helper function here would help

[MonsieurNicolas]

this should be an || as maintenance related endpoints should work regardless of which historical data is in there

[marta-lokhova]

@graydon @MonsieurNicolas thanks for the feedback! I believe I addressed your comments in several new commits (I haven't squashed the changes yet, so that it's easy to review).

[MonsieurNicolas]

Looks very close to something we can merge. Good job. I added a couple suggestions/questions related to potentially bad things that we're carrying over from master

[MonsieurNicolas]

Actually this error message is weird (and got carried over from before):
end users to not have control over this, so the error should hint more about something they can fix.

I think the error message should just be something like

"Core is not configured to store history, but some history archives are writable"

[MonsieurNicolas]

I agree with Marta, I think it's fine as is for now

[MonsieurNicolas]

Another "carry over".

Is this has.prepareForPublish(app); really needed?
The current ledger state should never depend on merges in progress (when we close a ledger we have already computed the current ledger) - I think the only thing that this call is going to do is potentially cause a stall when restarting because it will perform merges that it doesn't need to do.

[marta-lokhova]

This is currently needed since ApplyBucketsWork is designed to apply buckets from an untrusted source, so it verifies validity of the HAS. That being said, I think the check could be moved out of ApplyBucketsWork into catchup. I opened #3044 to track this.

[MonsieurNicolas]

this string got chopped-formatted into too many bits. Maybe you need to merge it back into a single line and re-run clang-format?

[marta-lokhova]

Ah yes, you're right, looks much better now.

[MonsieurNicolas]

looking good!

[MonsieurNicolas]

avoid using SELECT * as it's a footgun, just list the column names that you expect

[marta-lokhova]

good call, updated.

[marta-lokhova]

I believe this is ready now @MonsieurNicolas, I've squashed the commits as well.

[MonsieurNicolas]

r+ 7cde809

[MonsieurNicolas]

@latobarita: retry

[MonsieurNicolas]

@latobarita: retry