prisma-risk / tsoracle / 26343048080
96%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 74
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 94.794% (-0.03%) from 94.82%
26343048080

push

github

web-flow 
fix(driver-paxos): seed barrier_seq above the recovered ledger on restart (#224)

StandaloneHost::current_high_water mints a (self, seq) barrier nonce and
waits for `applied_barrier_seq(self) >= seq` to confirm its own barrier was
folded. But `barrier_seq` is process-local and resets to 0 on every restart,
while the `applied_barriers` ledger is durable — restored from decided-log
replay and snapshot transfer. So after a restart (or snapshot-driven
catch-up) the ledger can already hold a higher seq this node minted in a
prior lifetime (e.g. 7), and a freshly minted seq (1) is satisfied
immediately by that stale entry. The read then returns the current
high_water before its own barrier is applied. If prior-leader Advance
entries are decided but not yet folded, the failover fence loads a stale
high-water and seeds the allocator below the prior leader's true ceiling,
re-issuing timestamps the prior leader already served — violating the
no-duplicate / no-regression invariant. This reopens, across a restart, the
exact hazard the per-node nonce closed in steady state.

Fix: in StandaloneHost::new, fold the recovered decided suffix once via the
existing idempotent drain and resume barrier_seq strictly above this node's
highest durable seq. A freshly minted seq can then only be satisfied by this
lifetime's own barrier. Fresh nodes (no recovered state) are unchanged.

Mirror the same seed in the paxos-piggyback example's PiggybackHost::new so
the pattern stays correct if ported onto durable storage (the example's
MemStorage makes the fold a no-op).

Regression coverage: tests/restart_barrier_seq.rs boots a RocksDB cluster,
durably records seven barriers for a follower plus Advance(100), restarts
the follower (resetting barrier_seq), parks its apply task, decides
Advance(500) it has not yet folded, and reads. Pre-fix the recovered
ledger satisfies the seq=1 read and returns the stale 100; with the fix the
read mints seq=8, waits for its own barrier, and returns ... (continued)

6 of 6 new or added lines in 1 file covered. (100.0%)

3 existing lines in 1 file now uncovered.

10124 of 10680 relevant lines covered (94.79%)

545835.95 hits per line

Coverage Regressions

Lines Coverage File
3
84.37
 -0.81% benchmarks/stress/src/topology/paxos.rs
Jobs
ID Job ID Ran Files Coverage
1 26343048080.1 74
94.79
 GitHub Action Run
Source Files on build 26343048080