prisma-risk / tsoracle / 26415574492
95%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 66
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 96.411% (-0.06%) from 96.475%
26415574492

push

github

web-flow 
fix(driver-openraft): make snapshot publish monotone to close build/install TOCTOU (#426)

* fix(driver-openraft): make snapshot publish monotone to close build/install TOCTOU

build_snapshot read last_applied under the core lock, released it, ran a
slow store.save, then re-took the lock to publish current_snapshot. Because
openraft drives build_snapshot on a clone concurrently with install_snapshot,
a stale build of an older snapshot (S1) could land both its store write and
its current_snapshot publish after a freshly-installed newer snapshot (S2),
rolling the durable blob and the in-memory snapshot back to S1. On restart
with_store recovers the regressed disk while openraft has already purged its
log past S2, leaving a gap that panics recovery.

Route both build_snapshot and install_snapshot through a single
commit_snapshot: a dedicated persist lock (distinct from core, so the hot
apply path never serializes against snapshot I/O) serializes the
save-then-publish sequence and orders the two store writes, while the
published last_log_id is re-read inside that lock and gated by
supersedes_published (incoming >= published). A stale loser is dropped with a
warn! rather than regressing the durable and in-memory snapshot; build_snapshot
still returns the snapshot it built. A stale install (lower last_log_id than
the published snapshot) becomes an accepted no-op since the state already
dominates it.

Add a regression test (a lower-indexed install must not regress
value/last_applied/current_snapshot or the durable store), a unit test pinning
the monotone rule across the None/Some/equal cases, and a direct commit_snapshot
test covering the build-side clobber that a real scheduling race would
otherwise be needed to reach.

* fix(driver-openraft): downgrade stale-snapshot-discard log to debug!

state_machine.rs carries the #[PerformanceCriticalPath] marker (apply runs
on every committed entry), where rule 2 bans info-or-higher logging. The
stale-publish reject ... (continued)

143 of 155 new or added lines in 1 file covered. (92.26%)

10530 of 10922 relevant lines covered (96.41%)

473188.1 hits per line

Uncovered Changes

Lines Coverage File
12
97.42
 -1.5% crates/tsoracle-driver-openraft/src/state_machine.rs
Jobs
ID Job ID Ran Files Coverage
1 26415574492.1 66
96.41
 GitHub Action Run
Source Files on build 26415574492