Skip to content

[Fix] Pause BFT block advancement during sync #4039

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
kaimast wants to merge 17 commits into
base: staging
Choose a base branch
from
Draft

[Fix] Pause BFT block advancement during sync #4039

kaimast wants to merge 17 commits into from

Conversation

@kaimast
Copy link
Contributor

@kaimast kaimast commented Dec 5, 2025
edited
Loading

This PR aims to fix #3911 and #3636.

Recently, we added CheckBlockError as a machine-readable response to failures in block checks. The proposed changes use this new error type to differentiate between invalid blocks, and cases where the ledger has already advanced, and the proposed block is contained in the ledger already.
The snarkVM changes also ensure that calls to the ledger are atomic, but provides no transactional guarantees across multiple invocations of Ledger functions.

BFT has a lock field that aims to protect, block advancement. This lock already existed before this change, but was not accessible from outside the struct. A problem with this setup is that check_block_content and advance_to_next_block are dependent operations. Generally, one assumes that if the former succeeds, the latter will also. However, without additional locking, BFT can call advance_to_block between Sync's calls of check_block_content and advance_to_next_block. In this case, Sync second call will fail.

The implementation implements an approached based on optimistic concurrency control to address this. Sync builds a chain of PendingBlocks without grabbing the BFT lock (otherwise, Sync would hold the lock for long periods of time).
Once a chain of pending blocks has reached the availability threshold, it will grab the lock, check their contents for correctness, and advance the ledger. In this step, check_block_content will verify the height of the block again and, if the height is below the current ledger height, Sync will abort and retry.

The main change for BFT is that update_dag does not grab the lock anymore, but callers are required to grab the lock before calling update_dag. There is a new method BFT::pause_for_block_sync that Sync calls before trying to commit blocks.
I removed the ALLOW_LEDGER_ACCESS parameter from update_dag to remove complexity from this function. This flag was only set to false for some tests, and does not seem to be needed any more even in this case, as the LedgerService abstraction allows to simply ignore writes. I would like to eventually have separate update_dag functions for sync and BFT, but this PR already reduces the complexity of the function noticeably.

@kaimast kaimast changed the base branch from staging to fix/revert-revert-pending-blocks December 5, 2025 18:25
@kaimast kaimast mentioned this pull request Dec 5, 2025
Merged
@kaimast kaimast force-pushed the fix/sync-race-conditions branch from e8a483a to c32278a Compare December 5, 2025 18:49
Base automatically changed from fix/revert-revert-pending-blocks to staging December 5, 2025 22:03
@kaimast kaimast force-pushed the fix/sync-race-conditions branch 6 times, most recently from 648a2f7 to fe03df4 Compare December 8, 2025 16:58
@kaimast kaimast mentioned this pull request Dec 8, 2025
Merged
@kaimast kaimast force-pushed the fix/sync-race-conditions branch from fe03df4 to bd73f5f Compare December 8, 2025 18:40
@kaimast kaimast marked this pull request as ready for review December 8, 2025 18:41
@kaimast kaimast requested review from ljedrz, raychu86 and vicsn December 8, 2025 19:37
@kaimast kaimast force-pushed the fix/sync-race-conditions branch from b6b59ba to 31fbc06 Compare December 8, 2025 19:44
@vicsn vicsn removed request for ljedrz, raychu86 and vicsn December 9, 2025 13:18
@vicsn vicsn marked this pull request as draft December 9, 2025 13:18
@kaimast kaimast force-pushed the fix/sync-race-conditions branch 3 times, most recently from c4f62ba to 1e37a31 Compare December 10, 2025 16:52
@vicsn
Copy link
Collaborator

vicsn commented Dec 19, 2025

Pausing this for now, the latest stress-test run prerelease-v4.4.20 had a halt. First tackling #4047

@vicsn vicsn mentioned this pull request Dec 22, 2025
Closed
@kaimast kaimast force-pushed the fix/sync-race-conditions branch 2 times, most recently from 435cce4 to da65f53 Compare January 5, 2026 22:45
@kaimast
Copy link
Contributor Author

kaimast commented Jan 5, 2026

ProvableHQ/snarkVM#3070 needs to be merged first.

@kaimast kaimast force-pushed the fix/sync-race-conditions branch from da65f53 to 1c6e520 Compare January 11, 2026 19:50
@kaimast kaimast force-pushed the fix/sync-race-conditions branch from 1c6e520 to 40d5a10 Compare January 12, 2026 06:04
@kaimast kaimast mentioned this pull request Jan 12, 2026
Draft
@kaimast kaimast force-pushed the fix/sync-race-conditions branch from 40d5a10 to 39ad9cd Compare January 18, 2026 00:03
@vicsn
Copy link
Collaborator

vicsn commented Jan 21, 2026

Blocked by #4069 CC @ljedrz

@kaimast kaimast mentioned this pull request Feb 4, 2026
Draft
ljedrz and others added 17 commits February 4, 2026 11:12
@ljedrz @kaimast
misc: add chaotic-network-runner script
f4527f0
@kaimast
ci: rename devnet_ci to test_devnet and db_backup_ci to test_db_backup
9bf41c2
@kaimast
ci: add scripts that repeatedly reset a majority/minority of valdiators
89b2e0b
@kaimast
chore: update snarkVM rev
7c3c9c9
@kaimast
refactor(node/bft): do not require mutability for Primary::run
ee40aa3
@kaimast
misc(bft): get rid of bft channels
c40eae6
@kaimast
misc(node/bft): remove ALLOW_LEDGER_ACCESS parameter
5d3a6e1
@kaimast
fix(bft/sync): pause bft block advancement during sync
b6ff590
@kaimast
misc(node/bft): remove unnecessary sync_lock
6917d27
@kaimast
log(node/bft): print path of proposal cache if loading fails
f452bcb
@kaimast
feat: print waiting tasks for locks as well
2bd44fb
@kaimast
fix(node/bft): simplify sync commit path
af9a149
@kaimast
feat(node/bft): handle storage errors better
8e3b305
@kaimast
docs(node/bft): update README
b2b0d3b
@kaimast
docs(node/consensus): update README
434e31e
@kaimast
fix(node/sync): handle outdated round numbers in subDAG
83a2c27
@kaimast
misc(node/bft): use proposal cache path given by NodeDataDir
0ec6c22
@kaimast kaimast force-pushed the fix/sync-race-conditions branch from 39ad9cd to 0ec6c22 Compare February 5, 2026 19:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug] Errors during sync race conditions

3 participants

@kaimast @vicsn @ljedrz