2019-03-26 06:28:23 -05:00
|
|
|
// Copyright 2019 The go-ethereum Authors
|
2019-03-08 07:56:20 -06:00
|
|
|
// This file is part of the go-ethereum library.
|
|
|
|
//
|
|
|
|
// The go-ethereum library is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Lesser General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// The go-ethereum library is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Lesser General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
|
|
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
package rawdb
|
|
|
|
|
|
|
|
import (
|
core/rawdb: freezer index repair (#29792)
This pull request removes the `fsync` of index files in freezer.ModifyAncients function for
performance gain.
Originally, fsync is added after each freezer write operation to ensure
the written data is truly transferred into disk. Unfortunately, it turns
out `fsync` can be relatively slow, especially on
macOS (see https://github.com/ethereum/go-ethereum/issues/28754 for more
information).
In this pull request, fsync for index file is removed as it turns out
index file can be recovered even after a unclean shutdown. But fsync for data file is still kept, as
we have no meaningful way to validate the data correctness after unclean shutdown.
---
**But why do we need the `fsync` in the first place?**
As it's necessary for freezer to survive/recover after the machine crash
(e.g. power failure).
In linux, whenever the file write is performed, the file metadata update
and data update are
not necessarily performed at the same time. Typically, the metadata will
be flushed/journalled
ahead of the file data. Therefore, we make the pessimistic assumption
that the file is first
extended with invalid "garbage" data (normally zero bytes) and that
afterwards the correct
data replaces the garbage.
We have observed that the index file of the freezer often contain
garbage entry with zero value
(filenumber = 0, offset = 0) after a machine power failure. It proves
that the index file is extended
without the data being flushed. And this corruption can destroy the
whole freezer data eventually.
Performing fsync after each write operation can reduce the time window
for data to be transferred
to the disk and ensure the correctness of the data in the disk to the
greatest extent.
---
**How can we maintain this guarantee without relying on fsync?**
Because the items in the index file are strictly in order, we can
leverage this characteristic to
detect the corruption and truncate them when freezer is opened.
Specifically these validation
rules are performed for each index file:
For two consecutive index items:
- If their file numbers are the same, then the offset of the latter one
MUST not be less than that of the former.
- If the file number of the latter one is equal to that of the former
plus one, then the offset of the latter one MUST not be 0.
- If their file numbers are not equal, and the latter's file number is
not equal to the former plus 1, the latter one is valid
And also, for the first non-head item, it must refer to the earliest
data file, or the next file if the
earliest file is not sufficient to place the first item(very special
case, only theoretical possible
in tests)
With these validation rules, we can detect the invalid item in index
file with greatest possibility.
---
But unfortunately, these scenarios are not covered and could still lead
to a freezer corruption if it occurs:
**All items in index file are in zero value**
It's impossible to distinguish if they are truly zero (e.g. all the data
entries maintained in freezer
are zero size) or just the garbage left by OS. In this case, these index
items will be kept by truncating
the entire data file, namely the freezer is corrupted.
However, we can consider that the probability of this situation
occurring is quite low, and even
if it occurs, the freezer can be considered to be close to an empty
state. Rerun the state sync
should be acceptable.
**Index file is integral while relative data file is corrupted**
It might be possible the data file is corrupted whose file size is
extended correctly with garbage
filled (e.g. zero bytes). In this case, it's impossible to detect the
corruption by index validation.
We can either choose to `fsync` the data file, or blindly believe that
if index file is integral then
the data file could be integral with very high chance. In this pull
request, the first option is taken.
2024-10-01 11:16:16 -05:00
|
|
|
"bufio"
|
2021-09-07 05:31:17 -05:00
|
|
|
"bytes"
|
2019-03-08 07:56:20 -06:00
|
|
|
"encoding/binary"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
2019-06-10 04:45:12 -05:00
|
|
|
"io"
|
2019-03-08 07:56:20 -06:00
|
|
|
"os"
|
|
|
|
"path/filepath"
|
|
|
|
"sync"
|
2019-03-26 06:28:23 -05:00
|
|
|
"sync/atomic"
|
core/rawdb: freezer index repair (#29792)
This pull request removes the `fsync` of index files in freezer.ModifyAncients function for
performance gain.
Originally, fsync is added after each freezer write operation to ensure
the written data is truly transferred into disk. Unfortunately, it turns
out `fsync` can be relatively slow, especially on
macOS (see https://github.com/ethereum/go-ethereum/issues/28754 for more
information).
In this pull request, fsync for index file is removed as it turns out
index file can be recovered even after a unclean shutdown. But fsync for data file is still kept, as
we have no meaningful way to validate the data correctness after unclean shutdown.
---
**But why do we need the `fsync` in the first place?**
As it's necessary for freezer to survive/recover after the machine crash
(e.g. power failure).
In linux, whenever the file write is performed, the file metadata update
and data update are
not necessarily performed at the same time. Typically, the metadata will
be flushed/journalled
ahead of the file data. Therefore, we make the pessimistic assumption
that the file is first
extended with invalid "garbage" data (normally zero bytes) and that
afterwards the correct
data replaces the garbage.
We have observed that the index file of the freezer often contain
garbage entry with zero value
(filenumber = 0, offset = 0) after a machine power failure. It proves
that the index file is extended
without the data being flushed. And this corruption can destroy the
whole freezer data eventually.
Performing fsync after each write operation can reduce the time window
for data to be transferred
to the disk and ensure the correctness of the data in the disk to the
greatest extent.
---
**How can we maintain this guarantee without relying on fsync?**
Because the items in the index file are strictly in order, we can
leverage this characteristic to
detect the corruption and truncate them when freezer is opened.
Specifically these validation
rules are performed for each index file:
For two consecutive index items:
- If their file numbers are the same, then the offset of the latter one
MUST not be less than that of the former.
- If the file number of the latter one is equal to that of the former
plus one, then the offset of the latter one MUST not be 0.
- If their file numbers are not equal, and the latter's file number is
not equal to the former plus 1, the latter one is valid
And also, for the first non-head item, it must refer to the earliest
data file, or the next file if the
earliest file is not sufficient to place the first item(very special
case, only theoretical possible
in tests)
With these validation rules, we can detect the invalid item in index
file with greatest possibility.
---
But unfortunately, these scenarios are not covered and could still lead
to a freezer corruption if it occurs:
**All items in index file are in zero value**
It's impossible to distinguish if they are truly zero (e.g. all the data
entries maintained in freezer
are zero size) or just the garbage left by OS. In this case, these index
items will be kept by truncating
the entire data file, namely the freezer is corrupted.
However, we can consider that the probability of this situation
occurring is quite low, and even
if it occurs, the freezer can be considered to be close to an empty
state. Rerun the state sync
should be acceptable.
**Index file is integral while relative data file is corrupted**
It might be possible the data file is corrupted whose file size is
extended correctly with garbage
filled (e.g. zero bytes). In this case, it's impossible to detect the
corruption by index validation.
We can either choose to `fsync` the data file, or blindly believe that
if index file is integral then
the data file could be integral with very high chance. In this pull
request, the first option is taken.
2024-10-01 11:16:16 -05:00
|
|
|
"time"
|
2019-03-08 07:56:20 -06:00
|
|
|
|
|
|
|
"github.com/ethereum/go-ethereum/common"
|
|
|
|
"github.com/ethereum/go-ethereum/log"
|
|
|
|
"github.com/ethereum/go-ethereum/metrics"
|
|
|
|
"github.com/golang/snappy"
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
// errClosed is returned if an operation attempts to read from or write to the
|
|
|
|
// freezer table after it has already been closed.
|
|
|
|
errClosed = errors.New("closed")
|
|
|
|
|
|
|
|
// errOutOfBounds is returned if the item requested is not contained within the
|
|
|
|
// freezer table.
|
|
|
|
errOutOfBounds = errors.New("out of bounds")
|
all: integrate the freezer with fast sync
* all: freezer style syncing
core, eth, les, light: clean up freezer relative APIs
core, eth, les, trie, ethdb, light: clean a bit
core, eth, les, light: add unit tests
core, light: rewrite setHead function
core, eth: fix downloader unit tests
core: add receipt chain insertion test
core: use constant instead of hardcoding table name
core: fix rollback
core: fix setHead
core/rawdb: remove canonical block first and then iterate side chain
core/rawdb, ethdb: add hasAncient interface
eth/downloader: calculate ancient limit via cht first
core, eth, ethdb: lots of fixes
* eth/downloader: print ancient disable log only for fast sync
2019-04-25 09:59:48 -05:00
|
|
|
|
|
|
|
// errNotSupported is returned if the database doesn't support the required operation.
|
|
|
|
errNotSupported = errors.New("this operation is not supported")
|
2019-03-08 07:56:20 -06:00
|
|
|
)
|
|
|
|
|
2022-08-19 01:00:21 -05:00
|
|
|
// indexEntry contains the number/id of the file that the data resides in, as well as the
|
2022-03-10 02:37:23 -06:00
|
|
|
// offset within the file to the end of the data.
|
2019-03-26 06:28:23 -05:00
|
|
|
// In serialized form, the filenum is stored as uint16.
|
|
|
|
type indexEntry struct {
|
2022-03-10 02:37:23 -06:00
|
|
|
filenum uint32 // stored as uint16 ( 2 bytes )
|
|
|
|
offset uint32 // stored as uint32 ( 4 bytes )
|
2019-03-26 06:28:23 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
const indexEntrySize = 6
|
|
|
|
|
2021-09-07 05:31:17 -05:00
|
|
|
// unmarshalBinary deserializes binary b into the rawIndex entry.
|
2022-03-10 02:37:23 -06:00
|
|
|
func (i *indexEntry) unmarshalBinary(b []byte) {
|
2019-03-26 06:28:23 -05:00
|
|
|
i.filenum = uint32(binary.BigEndian.Uint16(b[:2]))
|
|
|
|
i.offset = binary.BigEndian.Uint32(b[2:6])
|
|
|
|
}
|
|
|
|
|
2021-09-07 05:31:17 -05:00
|
|
|
// append adds the encoded entry to the end of b.
|
|
|
|
func (i *indexEntry) append(b []byte) []byte {
|
|
|
|
offset := len(b)
|
|
|
|
out := append(b, make([]byte, indexEntrySize)...)
|
|
|
|
binary.BigEndian.PutUint16(out[offset:], uint16(i.filenum))
|
|
|
|
binary.BigEndian.PutUint32(out[offset+2:], i.offset)
|
|
|
|
return out
|
2019-03-26 06:28:23 -05:00
|
|
|
}
|
|
|
|
|
2021-08-13 03:51:01 -05:00
|
|
|
// bounds returns the start- and end- offsets, and the file number of where to
|
|
|
|
// read there data item marked by the two index entries. The two entries are
|
|
|
|
// assumed to be sequential.
|
2022-03-10 02:37:23 -06:00
|
|
|
func (i *indexEntry) bounds(end *indexEntry) (startOffset, endOffset, fileId uint32) {
|
|
|
|
if i.filenum != end.filenum {
|
2021-08-13 03:51:01 -05:00
|
|
|
// If a piece of data 'crosses' a data-file,
|
|
|
|
// it's actually in one piece on the second data-file.
|
|
|
|
// We return a zero-indexEntry for the second file as start
|
|
|
|
return 0, end.offset, end.filenum
|
|
|
|
}
|
2022-03-10 02:37:23 -06:00
|
|
|
return i.offset, end.offset, end.filenum
|
2021-08-13 03:51:01 -05:00
|
|
|
}
|
|
|
|
|
2019-03-08 07:56:20 -06:00
|
|
|
// freezerTable represents a single chained data table within the freezer (e.g. blocks).
|
2019-03-26 06:28:23 -05:00
|
|
|
// It consists of a data file (snappy encoded arbitrary data blobs) and an indexEntry
|
2019-03-08 07:56:20 -06:00
|
|
|
// file (uncompressed 64 bit indices into the data file).
|
|
|
|
type freezerTable struct {
|
2023-03-21 06:10:23 -05:00
|
|
|
items atomic.Uint64 // Number of items stored in the table (including items removed from tail)
|
|
|
|
itemOffset atomic.Uint64 // Number of items removed from the table
|
2022-03-10 02:37:23 -06:00
|
|
|
|
|
|
|
// itemHidden is the number of items marked as deleted. Tail deletion is
|
|
|
|
// only supported at file level which means the actual deletion will be
|
|
|
|
// delayed until the entire data file is marked as deleted. Before that
|
|
|
|
// these items will be hidden to prevent being visited again. The value
|
|
|
|
// should never be lower than itemOffset.
|
2023-03-21 06:10:23 -05:00
|
|
|
itemHidden atomic.Uint64
|
2019-05-16 17:45:05 -05:00
|
|
|
|
2022-01-18 03:29:38 -06:00
|
|
|
noCompression bool // if true, disables snappy compression. Note: does not work retroactively
|
|
|
|
readonly bool
|
2019-03-26 06:28:23 -05:00
|
|
|
maxFileSize uint32 // Max file size for data-files
|
|
|
|
name string
|
|
|
|
path string
|
2019-03-08 07:56:20 -06:00
|
|
|
|
2019-03-26 06:28:23 -05:00
|
|
|
head *os.File // File descriptor for the data head of the table
|
2022-03-10 02:37:23 -06:00
|
|
|
index *os.File // File descriptor for the indexEntry file of the table
|
|
|
|
meta *os.File // File descriptor for metadata of the table
|
2019-03-26 06:28:23 -05:00
|
|
|
files map[uint32]*os.File // open files
|
|
|
|
headId uint32 // number of the currently active head file
|
2019-04-14 14:25:32 -05:00
|
|
|
tailId uint32 // number of the earliest file
|
|
|
|
|
metrics, cmd/geth: change init-process of metrics (#30814)
This PR modifies how the metrics library handles `Enabled`: previously,
the package `init` decided whether to serve real metrics or just
dummy-types.
This has several drawbacks:
- During pkg init, we need to determine whether metrics are enabled or
not. So we first hacked in a check if certain geth-specific
commandline-flags were enabled. Then we added a similar check for
geth-env-vars. Then we almost added a very elaborate check for
toml-config-file, plus toml parsing.
- Using "real" types and dummy types interchangeably means that
everything is hidden behind interfaces. This has a performance penalty,
and also it just adds a lot of code.
This PR removes the interface stuff, uses concrete types, and allows for
the setting of Enabled to happen later. It is still assumed that
`metrics.Enable()` is invoked early on.
The somewhat 'heavy' operations, such as ticking meters and exp-decay,
now checks the enable-flag to prevent resource leak.
The change may be large, but it's mostly pretty trivial, and from the
last time I gutted the metrics, I ensured that we have fairly good test
coverage.
---------
Co-authored-by: Felix Lange <fjl@twurst.com>
2024-12-10 06:27:29 -06:00
|
|
|
headBytes int64 // Number of bytes written to the head file
|
|
|
|
readMeter *metrics.Meter // Meter for measuring the effective amount of data read
|
|
|
|
writeMeter *metrics.Meter // Meter for measuring the effective amount of data written
|
|
|
|
sizeGauge *metrics.Gauge // Gauge for tracking the combined size of all freezer tables
|
2019-03-08 07:56:20 -06:00
|
|
|
|
2022-04-25 02:28:03 -05:00
|
|
|
logger log.Logger // Logger with database path and table name embedded
|
2019-03-08 07:56:20 -06:00
|
|
|
lock sync.RWMutex // Mutex protecting the data file descriptors
|
|
|
|
}
|
|
|
|
|
2022-08-08 04:08:36 -05:00
|
|
|
// newFreezerTable opens the given path as a freezer table.
|
|
|
|
func newFreezerTable(path, name string, disableSnappy, readonly bool) (*freezerTable, error) {
|
metrics, cmd/geth: change init-process of metrics (#30814)
This PR modifies how the metrics library handles `Enabled`: previously,
the package `init` decided whether to serve real metrics or just
dummy-types.
This has several drawbacks:
- During pkg init, we need to determine whether metrics are enabled or
not. So we first hacked in a check if certain geth-specific
commandline-flags were enabled. Then we added a similar check for
geth-env-vars. Then we almost added a very elaborate check for
toml-config-file, plus toml parsing.
- Using "real" types and dummy types interchangeably means that
everything is hidden behind interfaces. This has a performance penalty,
and also it just adds a lot of code.
This PR removes the interface stuff, uses concrete types, and allows for
the setting of Enabled to happen later. It is still assumed that
`metrics.Enable()` is invoked early on.
The somewhat 'heavy' operations, such as ticking meters and exp-decay,
now checks the enable-flag to prevent resource leak.
The change may be large, but it's mostly pretty trivial, and from the
last time I gutted the metrics, I ensured that we have fairly good test
coverage.
---------
Co-authored-by: Felix Lange <fjl@twurst.com>
2024-12-10 06:27:29 -06:00
|
|
|
return newTable(path, name, metrics.NewInactiveMeter(), metrics.NewInactiveMeter(), metrics.NewGauge(), freezerTableSize, disableSnappy, readonly)
|
2019-03-26 06:28:23 -05:00
|
|
|
}
|
|
|
|
|
2021-09-07 05:31:17 -05:00
|
|
|
// newTable opens a freezer table, creating the data and index files if they are
|
2022-03-10 02:37:23 -06:00
|
|
|
// non-existent. Both files are truncated to the shortest common length to ensure
|
2019-03-08 07:56:20 -06:00
|
|
|
// they don't go out of sync.
|
metrics, cmd/geth: change init-process of metrics (#30814)
This PR modifies how the metrics library handles `Enabled`: previously,
the package `init` decided whether to serve real metrics or just
dummy-types.
This has several drawbacks:
- During pkg init, we need to determine whether metrics are enabled or
not. So we first hacked in a check if certain geth-specific
commandline-flags were enabled. Then we added a similar check for
geth-env-vars. Then we almost added a very elaborate check for
toml-config-file, plus toml parsing.
- Using "real" types and dummy types interchangeably means that
everything is hidden behind interfaces. This has a performance penalty,
and also it just adds a lot of code.
This PR removes the interface stuff, uses concrete types, and allows for
the setting of Enabled to happen later. It is still assumed that
`metrics.Enable()` is invoked early on.
The somewhat 'heavy' operations, such as ticking meters and exp-decay,
now checks the enable-flag to prevent resource leak.
The change may be large, but it's mostly pretty trivial, and from the
last time I gutted the metrics, I ensured that we have fairly good test
coverage.
---------
Co-authored-by: Felix Lange <fjl@twurst.com>
2024-12-10 06:27:29 -06:00
|
|
|
func newTable(path string, name string, readMeter, writeMeter *metrics.Meter, sizeGauge *metrics.Gauge, maxFilesize uint32, noCompression, readonly bool) (*freezerTable, error) {
|
2019-03-26 06:28:23 -05:00
|
|
|
// Ensure the containing directory exists and open the indexEntry file
|
2019-03-08 07:56:20 -06:00
|
|
|
if err := os.MkdirAll(path, 0755); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2019-03-26 06:28:23 -05:00
|
|
|
var idxName string
|
|
|
|
if noCompression {
|
2022-03-10 02:37:23 -06:00
|
|
|
idxName = fmt.Sprintf("%s.ridx", name) // raw index file
|
2019-03-26 06:28:23 -05:00
|
|
|
} else {
|
2022-03-10 02:37:23 -06:00
|
|
|
idxName = fmt.Sprintf("%s.cidx", name) // compressed index file
|
2019-03-08 07:56:20 -06:00
|
|
|
}
|
2022-01-18 03:29:38 -06:00
|
|
|
var (
|
2022-03-10 02:37:23 -06:00
|
|
|
err error
|
|
|
|
index *os.File
|
|
|
|
meta *os.File
|
2022-01-18 03:29:38 -06:00
|
|
|
)
|
|
|
|
if readonly {
|
2022-10-19 14:15:43 -05:00
|
|
|
// Will fail if table index file or meta file is not existent
|
2022-03-10 02:37:23 -06:00
|
|
|
index, err = openFreezerFileForReadOnly(filepath.Join(path, idxName))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-10-19 14:15:43 -05:00
|
|
|
meta, err = openFreezerFileForReadOnly(filepath.Join(path, fmt.Sprintf("%s.meta", name)))
|
2022-03-10 02:37:23 -06:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-01-18 03:29:38 -06:00
|
|
|
} else {
|
2022-03-10 02:37:23 -06:00
|
|
|
index, err = openFreezerFileForAppend(filepath.Join(path, idxName))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
meta, err = openFreezerFileForAppend(filepath.Join(path, fmt.Sprintf("%s.meta", name)))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2019-03-08 07:56:20 -06:00
|
|
|
}
|
|
|
|
// Create the table and repair any past inconsistency
|
|
|
|
tab := &freezerTable{
|
2022-03-10 02:37:23 -06:00
|
|
|
index: index,
|
|
|
|
meta: meta,
|
2019-03-26 06:28:23 -05:00
|
|
|
files: make(map[uint32]*os.File),
|
|
|
|
readMeter: readMeter,
|
|
|
|
writeMeter: writeMeter,
|
2019-09-10 06:39:07 -05:00
|
|
|
sizeGauge: sizeGauge,
|
2019-03-26 06:28:23 -05:00
|
|
|
name: name,
|
|
|
|
path: path,
|
|
|
|
logger: log.New("database", path, "table", name),
|
|
|
|
noCompression: noCompression,
|
2022-01-18 03:29:38 -06:00
|
|
|
readonly: readonly,
|
2019-03-26 06:28:23 -05:00
|
|
|
maxFileSize: maxFilesize,
|
2019-03-08 07:56:20 -06:00
|
|
|
}
|
|
|
|
if err := tab.repair(); err != nil {
|
2019-03-26 06:28:23 -05:00
|
|
|
tab.Close()
|
2019-03-08 07:56:20 -06:00
|
|
|
return nil, err
|
|
|
|
}
|
2019-06-10 06:21:02 -05:00
|
|
|
// Initialize the starting size counter
|
|
|
|
size, err := tab.sizeNolock()
|
|
|
|
if err != nil {
|
|
|
|
tab.Close()
|
|
|
|
return nil, err
|
|
|
|
}
|
2019-09-10 06:39:07 -05:00
|
|
|
tab.sizeGauge.Inc(int64(size))
|
2019-06-10 06:21:02 -05:00
|
|
|
|
2019-03-08 07:56:20 -06:00
|
|
|
return tab, nil
|
|
|
|
}
|
|
|
|
|
2022-03-10 02:37:23 -06:00
|
|
|
// repair cross-checks the head and the index file and truncates them to
|
2019-03-08 07:56:20 -06:00
|
|
|
// be in sync with each other after a potential crash / data loss.
|
|
|
|
func (t *freezerTable) repair() error {
|
2019-03-26 06:28:23 -05:00
|
|
|
// Create a temporary offset buffer to init files with and read indexEntry into
|
|
|
|
buffer := make([]byte, indexEntrySize)
|
2019-03-08 07:56:20 -06:00
|
|
|
|
2019-03-26 06:28:23 -05:00
|
|
|
// If we've just created the files, initialize the index with the 0 indexEntry
|
|
|
|
stat, err := t.index.Stat()
|
2019-03-08 07:56:20 -06:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if stat.Size() == 0 {
|
2019-03-26 06:28:23 -05:00
|
|
|
if _, err := t.index.Write(buffer); err != nil {
|
2019-03-08 07:56:20 -06:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
2019-03-26 06:28:23 -05:00
|
|
|
// Ensure the index is a multiple of indexEntrySize bytes
|
|
|
|
if overflow := stat.Size() % indexEntrySize; overflow != 0 {
|
2023-09-21 03:05:55 -05:00
|
|
|
if t.readonly {
|
|
|
|
return fmt.Errorf("index file(path: %s, name: %s) size is not a multiple of %d", t.path, t.name, indexEntrySize)
|
|
|
|
}
|
2023-11-10 04:56:39 -06:00
|
|
|
if err := truncateFreezerFile(t.index, stat.Size()-overflow); err != nil {
|
|
|
|
return err
|
|
|
|
} // New file can't trigger this path
|
2019-03-08 07:56:20 -06:00
|
|
|
}
|
core/rawdb: freezer index repair (#29792)
This pull request removes the `fsync` of index files in freezer.ModifyAncients function for
performance gain.
Originally, fsync is added after each freezer write operation to ensure
the written data is truly transferred into disk. Unfortunately, it turns
out `fsync` can be relatively slow, especially on
macOS (see https://github.com/ethereum/go-ethereum/issues/28754 for more
information).
In this pull request, fsync for index file is removed as it turns out
index file can be recovered even after a unclean shutdown. But fsync for data file is still kept, as
we have no meaningful way to validate the data correctness after unclean shutdown.
---
**But why do we need the `fsync` in the first place?**
As it's necessary for freezer to survive/recover after the machine crash
(e.g. power failure).
In linux, whenever the file write is performed, the file metadata update
and data update are
not necessarily performed at the same time. Typically, the metadata will
be flushed/journalled
ahead of the file data. Therefore, we make the pessimistic assumption
that the file is first
extended with invalid "garbage" data (normally zero bytes) and that
afterwards the correct
data replaces the garbage.
We have observed that the index file of the freezer often contain
garbage entry with zero value
(filenumber = 0, offset = 0) after a machine power failure. It proves
that the index file is extended
without the data being flushed. And this corruption can destroy the
whole freezer data eventually.
Performing fsync after each write operation can reduce the time window
for data to be transferred
to the disk and ensure the correctness of the data in the disk to the
greatest extent.
---
**How can we maintain this guarantee without relying on fsync?**
Because the items in the index file are strictly in order, we can
leverage this characteristic to
detect the corruption and truncate them when freezer is opened.
Specifically these validation
rules are performed for each index file:
For two consecutive index items:
- If their file numbers are the same, then the offset of the latter one
MUST not be less than that of the former.
- If the file number of the latter one is equal to that of the former
plus one, then the offset of the latter one MUST not be 0.
- If their file numbers are not equal, and the latter's file number is
not equal to the former plus 1, the latter one is valid
And also, for the first non-head item, it must refer to the earliest
data file, or the next file if the
earliest file is not sufficient to place the first item(very special
case, only theoretical possible
in tests)
With these validation rules, we can detect the invalid item in index
file with greatest possibility.
---
But unfortunately, these scenarios are not covered and could still lead
to a freezer corruption if it occurs:
**All items in index file are in zero value**
It's impossible to distinguish if they are truly zero (e.g. all the data
entries maintained in freezer
are zero size) or just the garbage left by OS. In this case, these index
items will be kept by truncating
the entire data file, namely the freezer is corrupted.
However, we can consider that the probability of this situation
occurring is quite low, and even
if it occurs, the freezer can be considered to be close to an empty
state. Rerun the state sync
should be acceptable.
**Index file is integral while relative data file is corrupted**
It might be possible the data file is corrupted whose file size is
extended correctly with garbage
filled (e.g. zero bytes). In this case, it's impossible to detect the
corruption by index validation.
We can either choose to `fsync` the data file, or blindly believe that
if index file is integral then
the data file could be integral with very high chance. In this pull
request, the first option is taken.
2024-10-01 11:16:16 -05:00
|
|
|
// Validate the index file as it might contain some garbage data after the
|
|
|
|
// power failures.
|
|
|
|
if err := t.repairIndex(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
// Retrieve the file sizes and prepare for truncation. Note the file size
|
|
|
|
// might be changed after index validation.
|
2019-03-26 06:28:23 -05:00
|
|
|
if stat, err = t.index.Stat(); err != nil {
|
2019-03-08 07:56:20 -06:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
offsetsSize := stat.Size()
|
|
|
|
|
2019-03-26 06:28:23 -05:00
|
|
|
// Open the head file
|
|
|
|
var (
|
2019-04-14 14:25:32 -05:00
|
|
|
firstIndex indexEntry
|
2019-03-26 06:28:23 -05:00
|
|
|
lastIndex indexEntry
|
|
|
|
contentSize int64
|
|
|
|
contentExp int64
|
2023-01-16 02:57:27 -06:00
|
|
|
verbose bool
|
2019-03-26 06:28:23 -05:00
|
|
|
)
|
2019-04-14 14:25:32 -05:00
|
|
|
// Read index zero, determine what file is the earliest
|
|
|
|
// and what item offset to use
|
|
|
|
t.index.ReadAt(buffer, 0)
|
|
|
|
firstIndex.unmarshalBinary(buffer)
|
|
|
|
|
2022-03-10 02:37:23 -06:00
|
|
|
// Assign the tail fields with the first stored index.
|
|
|
|
// The total removed items is represented with an uint32,
|
|
|
|
// which is not enough in theory but enough in practice.
|
|
|
|
// TODO: use uint64 to represent total removed items.
|
2020-06-17 02:41:07 -05:00
|
|
|
t.tailId = firstIndex.filenum
|
2023-03-21 06:10:23 -05:00
|
|
|
t.itemOffset.Store(uint64(firstIndex.offset))
|
2022-03-10 02:37:23 -06:00
|
|
|
|
|
|
|
// Load metadata from the file
|
2023-03-21 06:10:23 -05:00
|
|
|
meta, err := loadMetadata(t.meta, t.itemOffset.Load())
|
2022-03-10 02:37:23 -06:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-03-21 06:10:23 -05:00
|
|
|
t.itemHidden.Store(meta.VirtualTail)
|
2019-04-14 14:25:32 -05:00
|
|
|
|
2022-03-10 02:37:23 -06:00
|
|
|
// Read the last index, use the default value in case the freezer is empty
|
|
|
|
if offsetsSize == indexEntrySize {
|
|
|
|
lastIndex = indexEntry{filenum: t.tailId, offset: 0}
|
|
|
|
} else {
|
|
|
|
t.index.ReadAt(buffer, offsetsSize-indexEntrySize)
|
|
|
|
lastIndex.unmarshalBinary(buffer)
|
|
|
|
}
|
2023-10-23 08:46:39 -05:00
|
|
|
// Print an error log if the index is corrupted due to an incorrect
|
|
|
|
// last index item. While it is theoretically possible to have a zero offset
|
|
|
|
// by storing all zero-size items, it is highly unlikely to occur in practice.
|
2023-11-10 04:56:39 -06:00
|
|
|
if lastIndex.offset == 0 && offsetsSize/indexEntrySize > 1 {
|
|
|
|
log.Error("Corrupted index file detected", "lastOffset", lastIndex.offset, "indexes", offsetsSize/indexEntrySize)
|
2023-10-23 08:46:39 -05:00
|
|
|
}
|
2022-01-18 03:29:38 -06:00
|
|
|
if t.readonly {
|
|
|
|
t.head, err = t.openFile(lastIndex.filenum, openFreezerFileForReadOnly)
|
|
|
|
} else {
|
|
|
|
t.head, err = t.openFile(lastIndex.filenum, openFreezerFileForAppend)
|
|
|
|
}
|
2019-03-26 06:28:23 -05:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if stat, err = t.head.Stat(); err != nil {
|
2019-03-08 07:56:20 -06:00
|
|
|
return err
|
|
|
|
}
|
2019-03-26 06:28:23 -05:00
|
|
|
contentSize = stat.Size()
|
2019-03-08 07:56:20 -06:00
|
|
|
|
|
|
|
// Keep truncating both files until they come in sync
|
2019-03-26 06:28:23 -05:00
|
|
|
contentExp = int64(lastIndex.offset)
|
2019-03-08 07:56:20 -06:00
|
|
|
for contentExp != contentSize {
|
2023-09-21 03:05:55 -05:00
|
|
|
if t.readonly {
|
|
|
|
return fmt.Errorf("freezer table(path: %s, name: %s, num: %d) is corrupted", t.path, t.name, lastIndex.filenum)
|
|
|
|
}
|
2023-01-16 02:57:27 -06:00
|
|
|
verbose = true
|
2019-03-26 06:28:23 -05:00
|
|
|
// Truncate the head file to the last offset pointer
|
2019-03-08 07:56:20 -06:00
|
|
|
if contentExp < contentSize {
|
2023-01-16 02:57:27 -06:00
|
|
|
t.logger.Warn("Truncating dangling head", "indexed", contentExp, "stored", contentSize)
|
2019-06-10 04:45:12 -05:00
|
|
|
if err := truncateFreezerFile(t.head, contentExp); err != nil {
|
2019-03-08 07:56:20 -06:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
contentSize = contentExp
|
|
|
|
}
|
2019-03-26 06:28:23 -05:00
|
|
|
// Truncate the index to point within the head file
|
2019-03-08 07:56:20 -06:00
|
|
|
if contentExp > contentSize {
|
2023-01-16 02:57:27 -06:00
|
|
|
t.logger.Warn("Truncating dangling indexes", "indexes", offsetsSize/indexEntrySize, "indexed", contentExp, "stored", contentSize)
|
2019-06-10 04:45:12 -05:00
|
|
|
if err := truncateFreezerFile(t.index, offsetsSize-indexEntrySize); err != nil {
|
2019-03-08 07:56:20 -06:00
|
|
|
return err
|
|
|
|
}
|
2019-03-26 06:28:23 -05:00
|
|
|
offsetsSize -= indexEntrySize
|
2022-03-10 02:37:23 -06:00
|
|
|
|
|
|
|
// Read the new head index, use the default value in case
|
|
|
|
// the freezer is already empty.
|
2019-03-26 06:28:23 -05:00
|
|
|
var newLastIndex indexEntry
|
2022-03-10 02:37:23 -06:00
|
|
|
if offsetsSize == indexEntrySize {
|
|
|
|
newLastIndex = indexEntry{filenum: t.tailId, offset: 0}
|
|
|
|
} else {
|
|
|
|
t.index.ReadAt(buffer, offsetsSize-indexEntrySize)
|
|
|
|
newLastIndex.unmarshalBinary(buffer)
|
|
|
|
}
|
2019-03-26 06:28:23 -05:00
|
|
|
// We might have slipped back into an earlier head-file here
|
|
|
|
if newLastIndex.filenum != lastIndex.filenum {
|
2019-06-10 04:45:12 -05:00
|
|
|
// Release earlier opened file
|
2019-03-26 06:28:23 -05:00
|
|
|
t.releaseFile(lastIndex.filenum)
|
2019-07-22 02:51:13 -05:00
|
|
|
if t.head, err = t.openFile(newLastIndex.filenum, openFreezerFileForAppend); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2019-03-26 06:28:23 -05:00
|
|
|
if stat, err = t.head.Stat(); err != nil {
|
|
|
|
// TODO, anything more we can do here?
|
|
|
|
// A data file has gone missing...
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
contentSize = stat.Size()
|
|
|
|
}
|
|
|
|
lastIndex = newLastIndex
|
|
|
|
contentExp = int64(lastIndex.offset)
|
2019-03-08 07:56:20 -06:00
|
|
|
}
|
|
|
|
}
|
2022-01-18 03:29:38 -06:00
|
|
|
// Sync() fails for read-only files on windows.
|
|
|
|
if !t.readonly {
|
|
|
|
// Ensure all reparation changes have been written to disk
|
|
|
|
if err := t.index.Sync(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if err := t.head.Sync(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-03-10 02:37:23 -06:00
|
|
|
if err := t.meta.Sync(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2019-03-08 07:56:20 -06:00
|
|
|
}
|
|
|
|
// Update the item and byte counters and return
|
2023-03-21 06:10:23 -05:00
|
|
|
t.items.Store(t.itemOffset.Load() + uint64(offsetsSize/indexEntrySize-1)) // last indexEntry points to the end of the data file
|
2021-09-07 05:31:17 -05:00
|
|
|
t.headBytes = contentSize
|
2019-03-26 06:28:23 -05:00
|
|
|
t.headId = lastIndex.filenum
|
2019-03-08 07:56:20 -06:00
|
|
|
|
2022-03-10 02:37:23 -06:00
|
|
|
// Delete the leftover files because of head deletion
|
|
|
|
t.releaseFilesAfter(t.headId, true)
|
|
|
|
|
|
|
|
// Delete the leftover files because of tail deletion
|
|
|
|
t.releaseFilesBefore(t.tailId, true)
|
|
|
|
|
2019-03-26 06:28:23 -05:00
|
|
|
// Close opened files and preopen all files
|
|
|
|
if err := t.preopen(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-01-16 02:57:27 -06:00
|
|
|
if verbose {
|
2023-10-23 08:46:39 -05:00
|
|
|
t.logger.Info("Chain freezer table opened", "items", t.items.Load(), "deleted", t.itemOffset.Load(), "hidden", t.itemHidden.Load(), "tailId", t.tailId, "headId", t.headId, "size", t.headBytes)
|
2023-01-16 02:57:27 -06:00
|
|
|
} else {
|
2023-03-21 06:10:23 -05:00
|
|
|
t.logger.Debug("Chain freezer table opened", "items", t.items.Load(), "size", common.StorageSize(t.headBytes))
|
2023-01-16 02:57:27 -06:00
|
|
|
}
|
2019-03-08 07:56:20 -06:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
core/rawdb: freezer index repair (#29792)
This pull request removes the `fsync` of index files in freezer.ModifyAncients function for
performance gain.
Originally, fsync is added after each freezer write operation to ensure
the written data is truly transferred into disk. Unfortunately, it turns
out `fsync` can be relatively slow, especially on
macOS (see https://github.com/ethereum/go-ethereum/issues/28754 for more
information).
In this pull request, fsync for index file is removed as it turns out
index file can be recovered even after a unclean shutdown. But fsync for data file is still kept, as
we have no meaningful way to validate the data correctness after unclean shutdown.
---
**But why do we need the `fsync` in the first place?**
As it's necessary for freezer to survive/recover after the machine crash
(e.g. power failure).
In linux, whenever the file write is performed, the file metadata update
and data update are
not necessarily performed at the same time. Typically, the metadata will
be flushed/journalled
ahead of the file data. Therefore, we make the pessimistic assumption
that the file is first
extended with invalid "garbage" data (normally zero bytes) and that
afterwards the correct
data replaces the garbage.
We have observed that the index file of the freezer often contain
garbage entry with zero value
(filenumber = 0, offset = 0) after a machine power failure. It proves
that the index file is extended
without the data being flushed. And this corruption can destroy the
whole freezer data eventually.
Performing fsync after each write operation can reduce the time window
for data to be transferred
to the disk and ensure the correctness of the data in the disk to the
greatest extent.
---
**How can we maintain this guarantee without relying on fsync?**
Because the items in the index file are strictly in order, we can
leverage this characteristic to
detect the corruption and truncate them when freezer is opened.
Specifically these validation
rules are performed for each index file:
For two consecutive index items:
- If their file numbers are the same, then the offset of the latter one
MUST not be less than that of the former.
- If the file number of the latter one is equal to that of the former
plus one, then the offset of the latter one MUST not be 0.
- If their file numbers are not equal, and the latter's file number is
not equal to the former plus 1, the latter one is valid
And also, for the first non-head item, it must refer to the earliest
data file, or the next file if the
earliest file is not sufficient to place the first item(very special
case, only theoretical possible
in tests)
With these validation rules, we can detect the invalid item in index
file with greatest possibility.
---
But unfortunately, these scenarios are not covered and could still lead
to a freezer corruption if it occurs:
**All items in index file are in zero value**
It's impossible to distinguish if they are truly zero (e.g. all the data
entries maintained in freezer
are zero size) or just the garbage left by OS. In this case, these index
items will be kept by truncating
the entire data file, namely the freezer is corrupted.
However, we can consider that the probability of this situation
occurring is quite low, and even
if it occurs, the freezer can be considered to be close to an empty
state. Rerun the state sync
should be acceptable.
**Index file is integral while relative data file is corrupted**
It might be possible the data file is corrupted whose file size is
extended correctly with garbage
filled (e.g. zero bytes). In this case, it's impossible to detect the
corruption by index validation.
We can either choose to `fsync` the data file, or blindly believe that
if index file is integral then
the data file could be integral with very high chance. In this pull
request, the first option is taken.
2024-10-01 11:16:16 -05:00
|
|
|
// repairIndex validates the integrity of the index file. According to the design,
|
|
|
|
// the initial entry in the file denotes the earliest data file along with the
|
|
|
|
// count of deleted items. Following this, all subsequent entries in the file must
|
|
|
|
// be in order. This function identifies any corrupted entries and truncates items
|
|
|
|
// occurring after the corruption point.
|
|
|
|
//
|
|
|
|
// corruption can occur because of the power failure. In the Linux kernel, the
|
|
|
|
// file metadata update and data update are not necessarily performed at the
|
|
|
|
// same time. Typically, the metadata will be flushed/journalled ahead of the file
|
|
|
|
// data. Therefore, we make the pessimistic assumption that the file is first
|
|
|
|
// extended with invalid "garbage" data (normally zero bytes) and that afterwards
|
|
|
|
// the correct data replaces the garbage. As all the items in index file are
|
|
|
|
// supposed to be in-order, the leftover garbage must be truncated before the
|
|
|
|
// index data is utilized.
|
|
|
|
//
|
|
|
|
// It's important to note an exception that's unfortunately undetectable: when
|
|
|
|
// all index entries in the file are zero. Distinguishing whether they represent
|
|
|
|
// leftover garbage or if all items in the table have zero size is impossible.
|
|
|
|
// In such instances, the file will remain unchanged to prevent potential data
|
|
|
|
// loss or misinterpretation.
|
|
|
|
func (t *freezerTable) repairIndex() error {
|
|
|
|
// Retrieve the file sizes and prepare for validation
|
|
|
|
stat, err := t.index.Stat()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
size := stat.Size()
|
|
|
|
|
|
|
|
// Move the read cursor to the beginning of the file
|
|
|
|
_, err = t.index.Seek(0, io.SeekStart)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
fr := bufio.NewReader(t.index)
|
|
|
|
|
|
|
|
var (
|
|
|
|
start = time.Now()
|
|
|
|
buff = make([]byte, indexEntrySize)
|
|
|
|
prev indexEntry
|
|
|
|
head indexEntry
|
|
|
|
|
|
|
|
read = func() (indexEntry, error) {
|
|
|
|
n, err := io.ReadFull(fr, buff)
|
|
|
|
if err != nil {
|
|
|
|
return indexEntry{}, err
|
|
|
|
}
|
|
|
|
if n != indexEntrySize {
|
|
|
|
return indexEntry{}, fmt.Errorf("failed to read from index, n: %d", n)
|
|
|
|
}
|
|
|
|
var entry indexEntry
|
|
|
|
entry.unmarshalBinary(buff)
|
|
|
|
return entry, nil
|
|
|
|
}
|
|
|
|
truncate = func(offset int64) error {
|
|
|
|
if t.readonly {
|
|
|
|
return fmt.Errorf("index file is corrupted at %d, size: %d", offset, size)
|
|
|
|
}
|
|
|
|
if err := truncateFreezerFile(t.index, offset); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
log.Warn("Truncated index file", "offset", offset, "truncated", size-offset)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
)
|
|
|
|
for offset := int64(0); offset < size; offset += indexEntrySize {
|
|
|
|
entry, err := read()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if offset == 0 {
|
|
|
|
head = entry
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
// Ensure that the first non-head index refers to the earliest file,
|
|
|
|
// or the next file if the earliest file has no space to place the
|
|
|
|
// first item.
|
|
|
|
if offset == indexEntrySize {
|
|
|
|
if entry.filenum != head.filenum && entry.filenum != head.filenum+1 {
|
|
|
|
log.Error("Corrupted index item detected", "earliest", head.filenum, "filenumber", entry.filenum)
|
|
|
|
return truncate(offset)
|
|
|
|
}
|
|
|
|
prev = entry
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
// ensure two consecutive index items are in order
|
|
|
|
if err := t.checkIndexItems(prev, entry); err != nil {
|
|
|
|
log.Error("Corrupted index item detected", "err", err)
|
|
|
|
return truncate(offset)
|
|
|
|
}
|
|
|
|
prev = entry
|
|
|
|
}
|
|
|
|
// Move the read cursor to the end of the file. While theoretically, the
|
|
|
|
// cursor should reach the end by reading all the items in the file, perform
|
|
|
|
// the seek operation anyway as a precaution.
|
|
|
|
_, err = t.index.Seek(0, io.SeekEnd)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
log.Debug("Verified index file", "items", size/indexEntrySize, "elapsed", common.PrettyDuration(time.Since(start)))
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// checkIndexItems validates the correctness of two consecutive index items based
|
|
|
|
// on the following rules:
|
|
|
|
//
|
|
|
|
// - The file number of two consecutive index items must either be the same or
|
|
|
|
// increase monotonically. If the file number decreases or skips in a
|
|
|
|
// non-sequential manner, the index item is considered invalid.
|
|
|
|
//
|
|
|
|
// - For index items with the same file number, the data offset must be in
|
|
|
|
// non-decreasing order. Note: Two index items with the same file number
|
|
|
|
// and the same data offset are permitted if the entry size is zero.
|
|
|
|
//
|
|
|
|
// - The first index item in a new data file must not have a zero data offset.
|
|
|
|
func (t *freezerTable) checkIndexItems(a, b indexEntry) error {
|
|
|
|
if b.filenum != a.filenum && b.filenum != a.filenum+1 {
|
|
|
|
return fmt.Errorf("index items with inconsistent file number, prev: %d, next: %d", a.filenum, b.filenum)
|
|
|
|
}
|
|
|
|
if b.filenum == a.filenum && b.offset < a.offset {
|
|
|
|
return fmt.Errorf("index items with unordered offset, prev: %d, next: %d", a.offset, b.offset)
|
|
|
|
}
|
|
|
|
if b.filenum == a.filenum+1 && b.offset == 0 {
|
|
|
|
return fmt.Errorf("index items with zero offset, file number: %d", b.filenum)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2019-03-26 06:28:23 -05:00
|
|
|
// preopen opens all files that the freezer will need. This method should be called from an init-context,
|
|
|
|
// since it assumes that it doesn't have to bother with locking
|
|
|
|
// The rationale for doing preopen is to not have to do it from within Retrieve, thus not needing to ever
|
|
|
|
// obtain a write-lock within Retrieve.
|
|
|
|
func (t *freezerTable) preopen() (err error) {
|
|
|
|
// The repair might have already opened (some) files
|
|
|
|
t.releaseFilesAfter(0, false)
|
2022-03-10 02:37:23 -06:00
|
|
|
|
2019-03-26 06:28:23 -05:00
|
|
|
// Open all except head in RDONLY
|
2019-05-16 06:30:11 -05:00
|
|
|
for i := t.tailId; i < t.headId; i++ {
|
2019-06-10 04:45:12 -05:00
|
|
|
if _, err = t.openFile(i, openFreezerFileForReadOnly); err != nil {
|
2019-03-26 06:28:23 -05:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
2022-01-18 03:29:38 -06:00
|
|
|
if t.readonly {
|
|
|
|
t.head, err = t.openFile(t.headId, openFreezerFileForReadOnly)
|
|
|
|
} else {
|
|
|
|
// Open head in read/write
|
|
|
|
t.head, err = t.openFile(t.headId, openFreezerFileForAppend)
|
|
|
|
}
|
2019-03-26 06:28:23 -05:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2022-03-10 02:37:23 -06:00
|
|
|
// truncateHead discards any recent data above the provided threshold number.
|
|
|
|
func (t *freezerTable) truncateHead(items uint64) error {
|
2019-03-26 06:28:23 -05:00
|
|
|
t.lock.Lock()
|
|
|
|
defer t.lock.Unlock()
|
2019-04-14 14:25:32 -05:00
|
|
|
|
2022-03-10 02:37:23 -06:00
|
|
|
// Ensure the given truncate target falls in the correct range
|
2023-03-21 06:10:23 -05:00
|
|
|
existing := t.items.Load()
|
2020-08-25 00:45:41 -05:00
|
|
|
if existing <= items {
|
2019-03-08 07:56:20 -06:00
|
|
|
return nil
|
|
|
|
}
|
2023-03-21 06:10:23 -05:00
|
|
|
if items < t.itemHidden.Load() {
|
2022-03-10 02:37:23 -06:00
|
|
|
return errors.New("truncation below tail")
|
|
|
|
}
|
2019-06-10 06:21:02 -05:00
|
|
|
// We need to truncate, save the old size for metrics tracking
|
|
|
|
oldSize, err := t.sizeNolock()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2019-03-08 07:56:20 -06:00
|
|
|
// Something's out of sync, truncate the table's offset index
|
2020-08-25 00:45:41 -05:00
|
|
|
log := t.logger.Debug
|
|
|
|
if existing > items+1 {
|
|
|
|
log = t.logger.Warn // Only loud warn if we delete multiple items
|
|
|
|
}
|
|
|
|
log("Truncating freezer table", "items", existing, "limit", items)
|
2022-03-10 02:37:23 -06:00
|
|
|
|
|
|
|
// Truncate the index file first, the tail position is also considered
|
|
|
|
// when calculating the new freezer table length.
|
2023-03-21 06:10:23 -05:00
|
|
|
length := items - t.itemOffset.Load()
|
2022-03-10 02:37:23 -06:00
|
|
|
if err := truncateFreezerFile(t.index, int64(length+1)*indexEntrySize); err != nil {
|
2019-03-08 07:56:20 -06:00
|
|
|
return err
|
|
|
|
}
|
2023-11-10 04:56:39 -06:00
|
|
|
if err := t.index.Sync(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2019-03-08 07:56:20 -06:00
|
|
|
// Calculate the new expected size of the data file and truncate it
|
2019-03-26 06:28:23 -05:00
|
|
|
var expected indexEntry
|
2022-03-10 02:37:23 -06:00
|
|
|
if length == 0 {
|
|
|
|
expected = indexEntry{filenum: t.tailId, offset: 0}
|
|
|
|
} else {
|
|
|
|
buffer := make([]byte, indexEntrySize)
|
|
|
|
if _, err := t.index.ReadAt(buffer, int64(length*indexEntrySize)); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
expected.unmarshalBinary(buffer)
|
|
|
|
}
|
2019-03-26 06:28:23 -05:00
|
|
|
// We might need to truncate back to older files
|
|
|
|
if expected.filenum != t.headId {
|
|
|
|
// If already open for reading, force-reopen for writing
|
|
|
|
t.releaseFile(expected.filenum)
|
2019-06-10 04:45:12 -05:00
|
|
|
newHead, err := t.openFile(expected.filenum, openFreezerFileForAppend)
|
2019-03-26 06:28:23 -05:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2019-06-10 04:45:12 -05:00
|
|
|
// Release any files _after the current head -- both the previous head
|
2019-03-26 06:28:23 -05:00
|
|
|
// and any files which may have been opened for reading
|
|
|
|
t.releaseFilesAfter(expected.filenum, true)
|
2023-11-10 04:56:39 -06:00
|
|
|
|
2019-06-10 04:45:12 -05:00
|
|
|
// Set back the historic head
|
2019-03-26 06:28:23 -05:00
|
|
|
t.head = newHead
|
2021-09-07 05:31:17 -05:00
|
|
|
t.headId = expected.filenum
|
2019-03-26 06:28:23 -05:00
|
|
|
}
|
2019-06-10 04:45:12 -05:00
|
|
|
if err := truncateFreezerFile(t.head, int64(expected.offset)); err != nil {
|
2019-03-08 07:56:20 -06:00
|
|
|
return err
|
|
|
|
}
|
2023-11-10 04:56:39 -06:00
|
|
|
if err := t.head.Sync(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2019-03-08 07:56:20 -06:00
|
|
|
// All data files truncated, set internal counters and return
|
2021-09-07 05:31:17 -05:00
|
|
|
t.headBytes = int64(expected.offset)
|
2023-03-21 06:10:23 -05:00
|
|
|
t.items.Store(items)
|
2019-06-10 06:21:02 -05:00
|
|
|
|
|
|
|
// Retrieve the new size and update the total size counter
|
|
|
|
newSize, err := t.sizeNolock()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2019-09-10 06:39:07 -05:00
|
|
|
t.sizeGauge.Dec(int64(oldSize - newSize))
|
2022-03-10 02:37:23 -06:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-12-18 13:10:54 -06:00
|
|
|
// sizeHidden returns the total data size of hidden items in the freezer table.
|
|
|
|
// This function assumes the lock is already held.
|
|
|
|
func (t *freezerTable) sizeHidden() (uint64, error) {
|
|
|
|
hidden, offset := t.itemHidden.Load(), t.itemOffset.Load()
|
|
|
|
if hidden <= offset {
|
|
|
|
return 0, nil
|
|
|
|
}
|
|
|
|
indices, err := t.getIndices(hidden-1, 1)
|
|
|
|
if err != nil {
|
|
|
|
return 0, err
|
|
|
|
}
|
|
|
|
return uint64(indices[1].offset), nil
|
|
|
|
}
|
|
|
|
|
2022-03-10 02:37:23 -06:00
|
|
|
// truncateTail discards any recent data before the provided threshold number.
|
|
|
|
func (t *freezerTable) truncateTail(items uint64) error {
|
|
|
|
t.lock.Lock()
|
|
|
|
defer t.lock.Unlock()
|
|
|
|
|
|
|
|
// Ensure the given truncate target falls in the correct range
|
2023-03-21 06:10:23 -05:00
|
|
|
if t.itemHidden.Load() >= items {
|
2022-03-10 02:37:23 -06:00
|
|
|
return nil
|
|
|
|
}
|
2023-03-21 06:10:23 -05:00
|
|
|
if t.items.Load() < items {
|
2022-03-10 02:37:23 -06:00
|
|
|
return errors.New("truncation above head")
|
|
|
|
}
|
|
|
|
// Load the new tail index by the given new tail position
|
|
|
|
var (
|
|
|
|
newTailId uint32
|
|
|
|
buffer = make([]byte, indexEntrySize)
|
|
|
|
)
|
2023-03-21 06:10:23 -05:00
|
|
|
if t.items.Load() == items {
|
2022-03-10 02:37:23 -06:00
|
|
|
newTailId = t.headId
|
|
|
|
} else {
|
2023-03-21 06:10:23 -05:00
|
|
|
offset := items - t.itemOffset.Load()
|
2022-03-10 02:37:23 -06:00
|
|
|
if _, err := t.index.ReadAt(buffer, int64((offset+1)*indexEntrySize)); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
var newTail indexEntry
|
|
|
|
newTail.unmarshalBinary(buffer)
|
|
|
|
newTailId = newTail.filenum
|
|
|
|
}
|
2023-12-18 13:10:54 -06:00
|
|
|
// Save the old size for metrics tracking. This needs to be done
|
|
|
|
// before any updates to either itemHidden or itemOffset.
|
|
|
|
oldSize, err := t.sizeNolock()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-03-10 02:37:23 -06:00
|
|
|
// Update the virtual tail marker and hidden these entries in table.
|
2023-03-21 06:10:23 -05:00
|
|
|
t.itemHidden.Store(items)
|
2022-03-10 02:37:23 -06:00
|
|
|
if err := writeMetadata(t.meta, newMetadata(items)); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
// Hidden items still fall in the current tail file, no data file
|
|
|
|
// can be dropped.
|
|
|
|
if t.tailId == newTailId {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
// Hidden items fall in the incorrect range, returns the error.
|
|
|
|
if t.tailId > newTailId {
|
|
|
|
return fmt.Errorf("invalid index, tail-file %d, item-file %d", t.tailId, newTailId)
|
|
|
|
}
|
|
|
|
// Count how many items can be deleted from the file.
|
|
|
|
var (
|
|
|
|
newDeleted = items
|
2023-03-21 06:10:23 -05:00
|
|
|
deleted = t.itemOffset.Load()
|
2022-03-10 02:37:23 -06:00
|
|
|
)
|
2023-12-18 13:10:54 -06:00
|
|
|
// Hidden items exceed the current tail file, drop the relevant data files.
|
2022-03-10 02:37:23 -06:00
|
|
|
for current := items - 1; current >= deleted; current -= 1 {
|
|
|
|
if _, err := t.index.ReadAt(buffer, int64((current-deleted+1)*indexEntrySize)); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
var pre indexEntry
|
|
|
|
pre.unmarshalBinary(buffer)
|
|
|
|
if pre.filenum != newTailId {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
newDeleted = current
|
|
|
|
}
|
|
|
|
// Commit the changes of metadata file first before manipulating
|
|
|
|
// the indexes file.
|
|
|
|
if err := t.meta.Sync(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-10-23 08:46:39 -05:00
|
|
|
// Close the index file before shorten it.
|
|
|
|
if err := t.index.Close(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-03-10 02:37:23 -06:00
|
|
|
// Truncate the deleted index entries from the index file.
|
|
|
|
err = copyFrom(t.index.Name(), t.index.Name(), indexEntrySize*(newDeleted-deleted+1), func(f *os.File) error {
|
|
|
|
tailIndex := indexEntry{
|
|
|
|
filenum: newTailId,
|
|
|
|
offset: uint32(newDeleted),
|
|
|
|
}
|
|
|
|
_, err := f.Write(tailIndex.append(nil))
|
|
|
|
return err
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
// Reopen the modified index file to load the changes
|
|
|
|
t.index, err = openFreezerFileForAppend(t.index.Name())
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-10-23 08:46:39 -05:00
|
|
|
// Sync the file to ensure changes are flushed to disk
|
|
|
|
if err := t.index.Sync(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-03-10 02:37:23 -06:00
|
|
|
// Release any files before the current tail
|
|
|
|
t.tailId = newTailId
|
2023-03-21 06:10:23 -05:00
|
|
|
t.itemOffset.Store(newDeleted)
|
2022-03-10 02:37:23 -06:00
|
|
|
t.releaseFilesBefore(t.tailId, true)
|
2019-06-10 06:21:02 -05:00
|
|
|
|
2022-03-10 02:37:23 -06:00
|
|
|
// Retrieve the new size and update the total size counter
|
|
|
|
newSize, err := t.sizeNolock()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
t.sizeGauge.Dec(int64(oldSize - newSize))
|
2019-03-08 07:56:20 -06:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2019-03-26 06:28:23 -05:00
|
|
|
// Close closes all opened files.
|
2019-03-08 07:56:20 -06:00
|
|
|
func (t *freezerTable) Close() error {
|
|
|
|
t.lock.Lock()
|
|
|
|
defer t.lock.Unlock()
|
|
|
|
|
|
|
|
var errs []error
|
2023-01-16 02:57:27 -06:00
|
|
|
doClose := func(f *os.File, sync bool, close bool) {
|
|
|
|
if sync && !t.readonly {
|
|
|
|
if err := f.Sync(); err != nil {
|
|
|
|
errs = append(errs, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if close {
|
|
|
|
if err := f.Close(); err != nil {
|
|
|
|
errs = append(errs, err)
|
|
|
|
}
|
|
|
|
}
|
2022-03-10 02:37:23 -06:00
|
|
|
}
|
2023-01-16 02:57:27 -06:00
|
|
|
// Trying to fsync a file opened in rdonly causes "Access denied"
|
|
|
|
// error on Windows.
|
|
|
|
doClose(t.index, true, true)
|
|
|
|
doClose(t.meta, true, true)
|
2023-11-10 04:56:39 -06:00
|
|
|
|
2023-01-16 02:57:27 -06:00
|
|
|
// The preopened non-head data-files are all opened in readonly.
|
|
|
|
// The head is opened in rw-mode, so we sync it here - but since it's also
|
|
|
|
// part of t.files, it will be closed in the loop below.
|
|
|
|
doClose(t.head, true, false) // sync but do not close
|
2023-11-10 04:56:39 -06:00
|
|
|
|
2019-03-26 06:28:23 -05:00
|
|
|
for _, f := range t.files {
|
2023-01-16 02:57:27 -06:00
|
|
|
doClose(f, false, true) // close but do not sync
|
2019-03-08 07:56:20 -06:00
|
|
|
}
|
2023-01-16 02:57:27 -06:00
|
|
|
t.index = nil
|
|
|
|
t.meta = nil
|
2019-03-26 06:28:23 -05:00
|
|
|
t.head = nil
|
2019-03-08 07:56:20 -06:00
|
|
|
|
|
|
|
if errs != nil {
|
|
|
|
return fmt.Errorf("%v", errs)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2019-03-26 06:28:23 -05:00
|
|
|
// openFile assumes that the write-lock is held by the caller
|
2019-06-10 04:45:12 -05:00
|
|
|
func (t *freezerTable) openFile(num uint32, opener func(string) (*os.File, error)) (f *os.File, err error) {
|
2019-03-26 06:28:23 -05:00
|
|
|
var exist bool
|
|
|
|
if f, exist = t.files[num]; !exist {
|
|
|
|
var name string
|
|
|
|
if t.noCompression {
|
2019-04-14 14:25:32 -05:00
|
|
|
name = fmt.Sprintf("%s.%04d.rdat", t.name, num)
|
2019-03-26 06:28:23 -05:00
|
|
|
} else {
|
2019-04-14 14:25:32 -05:00
|
|
|
name = fmt.Sprintf("%s.%04d.cdat", t.name, num)
|
2019-03-26 06:28:23 -05:00
|
|
|
}
|
2019-06-10 04:45:12 -05:00
|
|
|
f, err = opener(filepath.Join(t.path, name))
|
2019-03-26 06:28:23 -05:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
t.files[num] = f
|
|
|
|
}
|
|
|
|
return f, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// releaseFile closes a file, and removes it from the open file cache.
|
|
|
|
// Assumes that the caller holds the write lock
|
|
|
|
func (t *freezerTable) releaseFile(num uint32) {
|
|
|
|
if f, exist := t.files[num]; exist {
|
|
|
|
delete(t.files, num)
|
|
|
|
f.Close()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// releaseFilesAfter closes all open files with a higher number, and optionally also deletes the files
|
|
|
|
func (t *freezerTable) releaseFilesAfter(num uint32, remove bool) {
|
|
|
|
for fnum, f := range t.files {
|
|
|
|
if fnum > num {
|
|
|
|
delete(t.files, fnum)
|
|
|
|
f.Close()
|
|
|
|
if remove {
|
|
|
|
os.Remove(f.Name())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-10 02:37:23 -06:00
|
|
|
// releaseFilesBefore closes all open files with a lower number, and optionally also deletes the files
|
|
|
|
func (t *freezerTable) releaseFilesBefore(num uint32, remove bool) {
|
|
|
|
for fnum, f := range t.files {
|
|
|
|
if fnum < num {
|
|
|
|
delete(t.files, fnum)
|
|
|
|
f.Close()
|
|
|
|
if remove {
|
|
|
|
os.Remove(f.Name())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-08-13 03:51:01 -05:00
|
|
|
// getIndices returns the index entries for the given from-item, covering 'count' items.
|
|
|
|
// N.B: The actual number of returned indices for N items will always be N+1 (unless an
|
|
|
|
// error is returned).
|
|
|
|
// OBS: This method assumes that the caller has already verified (and/or trimmed) the range
|
|
|
|
// so that the items are within bounds. If this method is used to read out of bounds,
|
|
|
|
// it will return error.
|
|
|
|
func (t *freezerTable) getIndices(from, count uint64) ([]*indexEntry, error) {
|
|
|
|
// Apply the table-offset
|
2023-03-21 06:10:23 -05:00
|
|
|
from = from - t.itemOffset.Load()
|
2023-12-18 13:10:54 -06:00
|
|
|
|
2021-08-13 03:51:01 -05:00
|
|
|
// For reading N items, we need N+1 indices.
|
|
|
|
buffer := make([]byte, (count+1)*indexEntrySize)
|
|
|
|
if _, err := t.index.ReadAt(buffer, int64(from*indexEntrySize)); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
var (
|
|
|
|
indices []*indexEntry
|
|
|
|
offset int
|
|
|
|
)
|
|
|
|
for i := from; i <= from+count; i++ {
|
|
|
|
index := new(indexEntry)
|
|
|
|
index.unmarshalBinary(buffer[offset:])
|
|
|
|
offset += indexEntrySize
|
|
|
|
indices = append(indices, index)
|
|
|
|
}
|
|
|
|
if from == 0 {
|
2020-06-17 02:41:07 -05:00
|
|
|
// Special case if we're reading the first item in the freezer. We assume that
|
|
|
|
// the first item always start from zero(regarding the deletion, we
|
|
|
|
// only support deletion by files, so that the assumption is held).
|
|
|
|
// This means we can use the first item metadata to carry information about
|
|
|
|
// the 'global' offset, for the deletion-case
|
2021-08-13 03:51:01 -05:00
|
|
|
indices[0].offset = 0
|
|
|
|
indices[0].filenum = indices[1].filenum
|
2020-06-17 02:41:07 -05:00
|
|
|
}
|
2021-08-13 03:51:01 -05:00
|
|
|
return indices, nil
|
2019-03-26 06:28:23 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// Retrieve looks up the data offset of an item with the given number and retrieves
|
2019-03-08 07:56:20 -06:00
|
|
|
// the raw binary blob from the data file.
|
|
|
|
func (t *freezerTable) Retrieve(item uint64) ([]byte, error) {
|
2021-08-13 03:51:01 -05:00
|
|
|
items, err := t.RetrieveItems(item, 1, 0)
|
core/rawdb: fix datarace in freezer (#22728)
The Append / truncate operations were racy. When a datafile reaches 2Gb, a new file is needed. For this operation, we require a writelock, which is not needed in the 99.99% of all cases where the data does fit in the current head-file.
This transition from readlock to writelock was incorrect, and as the readlock was released, a truncate operation could slip in between, and truncate the data. This would have been fine, however, the Append operation continued writing as if no truncation had occurred, e.g writing item 5 where item 0 should reside.
This PR changes the behaviour, so that if when we run into the situation that a new file is needed, it aborts, and retries, this time with a writelock.
The outcome of the situation described above, running on this PR, would instead be that the Append operation exits with a failure.
2021-04-26 11:19:07 -05:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2021-08-13 03:51:01 -05:00
|
|
|
return items[0], nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// RetrieveItems returns multiple items in sequence, starting from the index 'start'.
|
|
|
|
// It will return at most 'max' items, but will abort earlier to respect the
|
|
|
|
// 'maxBytes' argument. However, if the 'maxBytes' is smaller than the size of one
|
|
|
|
// item, it _will_ return one element and possibly overflow the maxBytes.
|
|
|
|
func (t *freezerTable) RetrieveItems(start, count, maxBytes uint64) ([][]byte, error) {
|
|
|
|
// First we read the 'raw' data, which might be compressed.
|
|
|
|
diskData, sizes, err := t.retrieveItems(start, count, maxBytes)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
var (
|
|
|
|
output = make([][]byte, 0, count)
|
|
|
|
offset int // offset for reading
|
|
|
|
outputSize int // size of uncompressed data
|
|
|
|
)
|
|
|
|
// Now slice up the data and decompress.
|
|
|
|
for i, diskSize := range sizes {
|
|
|
|
item := diskData[offset : offset+diskSize]
|
|
|
|
offset += diskSize
|
|
|
|
decompressedSize := diskSize
|
|
|
|
if !t.noCompression {
|
|
|
|
decompressedSize, _ = snappy.DecodedLen(item)
|
|
|
|
}
|
2023-07-12 02:19:01 -05:00
|
|
|
if i > 0 && maxBytes != 0 && uint64(outputSize+decompressedSize) > maxBytes {
|
2021-08-13 03:51:01 -05:00
|
|
|
break
|
|
|
|
}
|
|
|
|
if !t.noCompression {
|
|
|
|
data, err := snappy.Decode(nil, item)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
output = append(output, data)
|
|
|
|
} else {
|
|
|
|
output = append(output, item)
|
|
|
|
}
|
|
|
|
outputSize += decompressedSize
|
core/rawdb: fix datarace in freezer (#22728)
The Append / truncate operations were racy. When a datafile reaches 2Gb, a new file is needed. For this operation, we require a writelock, which is not needed in the 99.99% of all cases where the data does fit in the current head-file.
This transition from readlock to writelock was incorrect, and as the readlock was released, a truncate operation could slip in between, and truncate the data. This would have been fine, however, the Append operation continued writing as if no truncation had occurred, e.g writing item 5 where item 0 should reside.
This PR changes the behaviour, so that if when we run into the situation that a new file is needed, it aborts, and retries, this time with a writelock.
The outcome of the situation described above, running on this PR, would instead be that the Append operation exits with a failure.
2021-04-26 11:19:07 -05:00
|
|
|
}
|
2021-08-13 03:51:01 -05:00
|
|
|
return output, nil
|
core/rawdb: fix datarace in freezer (#22728)
The Append / truncate operations were racy. When a datafile reaches 2Gb, a new file is needed. For this operation, we require a writelock, which is not needed in the 99.99% of all cases where the data does fit in the current head-file.
This transition from readlock to writelock was incorrect, and as the readlock was released, a truncate operation could slip in between, and truncate the data. This would have been fine, however, the Append operation continued writing as if no truncation had occurred, e.g writing item 5 where item 0 should reside.
This PR changes the behaviour, so that if when we run into the situation that a new file is needed, it aborts, and retries, this time with a writelock.
The outcome of the situation described above, running on this PR, would instead be that the Append operation exits with a failure.
2021-04-26 11:19:07 -05:00
|
|
|
}
|
|
|
|
|
2021-08-13 03:51:01 -05:00
|
|
|
// retrieveItems reads up to 'count' items from the table. It reads at least
|
2023-07-12 02:19:01 -05:00
|
|
|
// one item, but otherwise avoids reading more than maxBytes bytes. Freezer
|
|
|
|
// will ignore the size limitation and continuously allocate memory to store
|
|
|
|
// data if maxBytes is 0. It returns the (potentially compressed) data, and
|
|
|
|
// the sizes.
|
2021-08-13 03:51:01 -05:00
|
|
|
func (t *freezerTable) retrieveItems(start, count, maxBytes uint64) ([]byte, []int, error) {
|
2020-04-14 10:13:47 -05:00
|
|
|
t.lock.RLock()
|
core/rawdb: fix datarace in freezer (#22728)
The Append / truncate operations were racy. When a datafile reaches 2Gb, a new file is needed. For this operation, we require a writelock, which is not needed in the 99.99% of all cases where the data does fit in the current head-file.
This transition from readlock to writelock was incorrect, and as the readlock was released, a truncate operation could slip in between, and truncate the data. This would have been fine, however, the Append operation continued writing as if no truncation had occurred, e.g writing item 5 where item 0 should reside.
This PR changes the behaviour, so that if when we run into the situation that a new file is needed, it aborts, and retries, this time with a writelock.
The outcome of the situation described above, running on this PR, would instead be that the Append operation exits with a failure.
2021-04-26 11:19:07 -05:00
|
|
|
defer t.lock.RUnlock()
|
2021-09-07 05:31:17 -05:00
|
|
|
|
2022-03-10 02:37:23 -06:00
|
|
|
// Ensure the table and the item are accessible
|
2023-01-16 02:57:27 -06:00
|
|
|
if t.index == nil || t.head == nil || t.meta == nil {
|
2021-08-13 03:51:01 -05:00
|
|
|
return nil, nil, errClosed
|
2019-03-08 07:56:20 -06:00
|
|
|
}
|
2022-03-10 02:37:23 -06:00
|
|
|
var (
|
2023-03-21 06:10:23 -05:00
|
|
|
items = t.items.Load() // the total items(head + 1)
|
|
|
|
hidden = t.itemHidden.Load() // the number of hidden items
|
2022-03-10 02:37:23 -06:00
|
|
|
)
|
2021-08-13 03:51:01 -05:00
|
|
|
// Ensure the start is written, not deleted from the tail, and that the
|
|
|
|
// caller actually wants something
|
2022-03-10 02:37:23 -06:00
|
|
|
if items <= start || hidden > start || count == 0 {
|
2021-08-13 03:51:01 -05:00
|
|
|
return nil, nil, errOutOfBounds
|
2019-03-08 07:56:20 -06:00
|
|
|
}
|
2022-03-10 02:37:23 -06:00
|
|
|
if start+count > items {
|
|
|
|
count = items - start
|
2019-04-14 14:25:32 -05:00
|
|
|
}
|
2023-07-12 02:19:01 -05:00
|
|
|
var output []byte // Buffer to read data into
|
|
|
|
if maxBytes != 0 {
|
|
|
|
output = make([]byte, 0, maxBytes)
|
|
|
|
} else {
|
|
|
|
output = make([]byte, 0, 1024) // initial buffer cap
|
|
|
|
}
|
2021-08-13 03:51:01 -05:00
|
|
|
// readData is a helper method to read a single data item from disk.
|
|
|
|
readData := func(fileId, start uint32, length int) error {
|
2023-07-12 02:19:01 -05:00
|
|
|
output = grow(output, length)
|
2021-08-13 03:51:01 -05:00
|
|
|
dataFile, exist := t.files[fileId]
|
|
|
|
if !exist {
|
|
|
|
return fmt.Errorf("missing data file %d", fileId)
|
|
|
|
}
|
2023-07-12 02:19:01 -05:00
|
|
|
if _, err := dataFile.ReadAt(output[len(output)-length:], int64(start)); err != nil {
|
2023-10-23 08:46:39 -05:00
|
|
|
return fmt.Errorf("%w, fileid: %d, start: %d, length: %d", err, fileId, start, length)
|
2021-08-13 03:51:01 -05:00
|
|
|
}
|
|
|
|
return nil
|
2019-03-08 07:56:20 -06:00
|
|
|
}
|
2021-08-13 03:51:01 -05:00
|
|
|
// Read all the indexes in one go
|
|
|
|
indices, err := t.getIndices(start, count)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
2019-03-08 07:56:20 -06:00
|
|
|
}
|
2021-08-13 03:51:01 -05:00
|
|
|
var (
|
|
|
|
sizes []int // The sizes for each element
|
|
|
|
totalSize = 0 // The total size of all data read so far
|
|
|
|
readStart = indices[0].offset // Where, in the file, to start reading
|
|
|
|
unreadSize = 0 // The size of the as-yet-unread data
|
|
|
|
)
|
|
|
|
|
|
|
|
for i, firstIndex := range indices[:len(indices)-1] {
|
|
|
|
secondIndex := indices[i+1]
|
|
|
|
// Determine the size of the item.
|
|
|
|
offset1, offset2, _ := firstIndex.bounds(secondIndex)
|
|
|
|
size := int(offset2 - offset1)
|
|
|
|
// Crossing a file boundary?
|
|
|
|
if secondIndex.filenum != firstIndex.filenum {
|
|
|
|
// If we have unread data in the first file, we need to do that read now.
|
|
|
|
if unreadSize > 0 {
|
|
|
|
if err := readData(firstIndex.filenum, readStart, unreadSize); err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
unreadSize = 0
|
|
|
|
}
|
|
|
|
readStart = 0
|
|
|
|
}
|
2023-07-12 02:19:01 -05:00
|
|
|
if i > 0 && uint64(totalSize+size) > maxBytes && maxBytes != 0 {
|
2021-08-13 03:51:01 -05:00
|
|
|
// About to break out due to byte limit being exceeded. We don't
|
|
|
|
// read this last item, but we need to do the deferred reads now.
|
|
|
|
if unreadSize > 0 {
|
|
|
|
if err := readData(secondIndex.filenum, readStart, unreadSize); err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break
|
|
|
|
}
|
|
|
|
// Defer the read for later
|
|
|
|
unreadSize += size
|
|
|
|
totalSize += size
|
|
|
|
sizes = append(sizes, size)
|
2023-07-12 02:19:01 -05:00
|
|
|
if i == len(indices)-2 || (uint64(totalSize) > maxBytes && maxBytes != 0) {
|
2021-08-13 03:51:01 -05:00
|
|
|
// Last item, need to do the read now
|
|
|
|
if err := readData(secondIndex.filenum, readStart, unreadSize); err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
break
|
|
|
|
}
|
2019-03-08 07:56:20 -06:00
|
|
|
}
|
2023-03-23 02:34:40 -05:00
|
|
|
|
|
|
|
// Update metrics.
|
|
|
|
t.readMeter.Mark(int64(totalSize))
|
2023-07-12 02:19:01 -05:00
|
|
|
return output, sizes, nil
|
2019-03-08 07:56:20 -06:00
|
|
|
}
|
|
|
|
|
2022-03-10 02:37:23 -06:00
|
|
|
// has returns an indicator whether the specified number data is still accessible
|
|
|
|
// in the freezer table.
|
all: integrate the freezer with fast sync
* all: freezer style syncing
core, eth, les, light: clean up freezer relative APIs
core, eth, les, trie, ethdb, light: clean a bit
core, eth, les, light: add unit tests
core, light: rewrite setHead function
core, eth: fix downloader unit tests
core: add receipt chain insertion test
core: use constant instead of hardcoding table name
core: fix rollback
core: fix setHead
core/rawdb: remove canonical block first and then iterate side chain
core/rawdb, ethdb: add hasAncient interface
eth/downloader: calculate ancient limit via cht first
core, eth, ethdb: lots of fixes
* eth/downloader: print ancient disable log only for fast sync
2019-04-25 09:59:48 -05:00
|
|
|
func (t *freezerTable) has(number uint64) bool {
|
2023-03-21 06:10:23 -05:00
|
|
|
return t.items.Load() > number && t.itemHidden.Load() <= number
|
all: integrate the freezer with fast sync
* all: freezer style syncing
core, eth, les, light: clean up freezer relative APIs
core, eth, les, trie, ethdb, light: clean a bit
core, eth, les, light: add unit tests
core, light: rewrite setHead function
core, eth: fix downloader unit tests
core: add receipt chain insertion test
core: use constant instead of hardcoding table name
core: fix rollback
core: fix setHead
core/rawdb: remove canonical block first and then iterate side chain
core/rawdb, ethdb: add hasAncient interface
eth/downloader: calculate ancient limit via cht first
core, eth, ethdb: lots of fixes
* eth/downloader: print ancient disable log only for fast sync
2019-04-25 09:59:48 -05:00
|
|
|
}
|
|
|
|
|
core, cmd, vendor: fixes and database inspection tool (#15)
* core, eth: some fixes for freezer
* vendor, core/rawdb, cmd/geth: add db inspector
* core, cmd/utils: check ancient store path forceily
* cmd/geth, common, core/rawdb: a few fixes
* cmd/geth: support windows file rename and fix rename error
* core: support ancient plugin
* core, cmd: streaming file copy
* cmd, consensus, core, tests: keep genesis in leveldb
* core: write txlookup during ancient init
* core: bump database version
2019-05-14 09:07:44 -05:00
|
|
|
// size returns the total data size in the freezer table.
|
|
|
|
func (t *freezerTable) size() (uint64, error) {
|
|
|
|
t.lock.RLock()
|
|
|
|
defer t.lock.RUnlock()
|
|
|
|
|
2019-06-10 06:21:02 -05:00
|
|
|
return t.sizeNolock()
|
|
|
|
}
|
|
|
|
|
2023-12-18 13:10:54 -06:00
|
|
|
// sizeNolock returns the total data size in the freezer table. This function
|
|
|
|
// assumes the lock is already held.
|
2019-06-10 06:21:02 -05:00
|
|
|
func (t *freezerTable) sizeNolock() (uint64, error) {
|
core, cmd, vendor: fixes and database inspection tool (#15)
* core, eth: some fixes for freezer
* vendor, core/rawdb, cmd/geth: add db inspector
* core, cmd/utils: check ancient store path forceily
* cmd/geth, common, core/rawdb: a few fixes
* cmd/geth: support windows file rename and fix rename error
* core: support ancient plugin
* core, cmd: streaming file copy
* cmd, consensus, core, tests: keep genesis in leveldb
* core: write txlookup during ancient init
* core: bump database version
2019-05-14 09:07:44 -05:00
|
|
|
stat, err := t.index.Stat()
|
|
|
|
if err != nil {
|
|
|
|
return 0, err
|
|
|
|
}
|
2023-12-18 13:10:54 -06:00
|
|
|
hidden, err := t.sizeHidden()
|
|
|
|
if err != nil {
|
|
|
|
return 0, err
|
|
|
|
}
|
|
|
|
total := uint64(t.maxFileSize)*uint64(t.headId-t.tailId) + uint64(t.headBytes) + uint64(stat.Size()) - hidden
|
core, cmd, vendor: fixes and database inspection tool (#15)
* core, eth: some fixes for freezer
* vendor, core/rawdb, cmd/geth: add db inspector
* core, cmd/utils: check ancient store path forceily
* cmd/geth, common, core/rawdb: a few fixes
* cmd/geth: support windows file rename and fix rename error
* core: support ancient plugin
* core, cmd: streaming file copy
* cmd, consensus, core, tests: keep genesis in leveldb
* core: write txlookup during ancient init
* core: bump database version
2019-05-14 09:07:44 -05:00
|
|
|
return total, nil
|
|
|
|
}
|
|
|
|
|
2021-09-07 05:31:17 -05:00
|
|
|
// advanceHead should be called when the current head file would outgrow the file limits,
|
|
|
|
// and a new file must be opened. The caller of this method must hold the write-lock
|
|
|
|
// before calling this method.
|
|
|
|
func (t *freezerTable) advanceHead() error {
|
|
|
|
t.lock.Lock()
|
|
|
|
defer t.lock.Unlock()
|
|
|
|
|
|
|
|
// We open the next file in truncated mode -- if this file already
|
|
|
|
// exists, we need to start over from scratch on it.
|
|
|
|
nextID := t.headId + 1
|
|
|
|
newHead, err := t.openFile(nextID, openFreezerFileTruncated)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-01-13 04:55:50 -06:00
|
|
|
// Commit the contents of the old file to stable storage and
|
|
|
|
// tear it down. It will be re-opened in read-only mode.
|
|
|
|
if err := t.head.Sync(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2021-09-07 05:31:17 -05:00
|
|
|
t.releaseFile(t.headId)
|
|
|
|
t.openFile(t.headId, openFreezerFileForReadOnly)
|
|
|
|
|
|
|
|
// Swap out the current head.
|
|
|
|
t.head = newHead
|
|
|
|
t.headBytes = 0
|
|
|
|
t.headId = nextID
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2019-03-08 07:56:20 -06:00
|
|
|
// Sync pushes any pending data from memory out to disk. This is an expensive
|
|
|
|
// operation, so use it with care.
|
|
|
|
func (t *freezerTable) Sync() error {
|
2022-11-24 03:50:28 -06:00
|
|
|
t.lock.Lock()
|
|
|
|
defer t.lock.Unlock()
|
2023-01-16 02:57:27 -06:00
|
|
|
if t.index == nil || t.head == nil || t.meta == nil {
|
|
|
|
return errClosed
|
|
|
|
}
|
2022-11-24 03:50:28 -06:00
|
|
|
var err error
|
|
|
|
trackError := func(e error) {
|
|
|
|
if e != nil && err == nil {
|
|
|
|
err = e
|
|
|
|
}
|
2022-03-10 02:37:23 -06:00
|
|
|
}
|
2022-11-24 03:50:28 -06:00
|
|
|
|
|
|
|
trackError(t.index.Sync())
|
|
|
|
trackError(t.meta.Sync())
|
|
|
|
trackError(t.head.Sync())
|
|
|
|
return err
|
2019-03-08 07:56:20 -06:00
|
|
|
}
|
2019-04-14 14:25:32 -05:00
|
|
|
|
2022-08-08 04:08:36 -05:00
|
|
|
func (t *freezerTable) dumpIndexStdout(start, stop int64) {
|
2021-09-07 05:31:17 -05:00
|
|
|
t.dumpIndex(os.Stdout, start, stop)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (t *freezerTable) dumpIndexString(start, stop int64) string {
|
|
|
|
var out bytes.Buffer
|
|
|
|
out.WriteString("\n")
|
|
|
|
t.dumpIndex(&out, start, stop)
|
|
|
|
return out.String()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (t *freezerTable) dumpIndex(w io.Writer, start, stop int64) {
|
2022-03-10 02:37:23 -06:00
|
|
|
meta, err := readMetadata(t.meta)
|
|
|
|
if err != nil {
|
|
|
|
fmt.Fprintf(w, "Failed to decode freezer table %v\n", err)
|
|
|
|
return
|
|
|
|
}
|
2023-01-16 02:57:27 -06:00
|
|
|
fmt.Fprintf(w, "Version %d count %d, deleted %d, hidden %d\n", meta.Version,
|
2023-03-21 06:10:23 -05:00
|
|
|
t.items.Load(), t.itemOffset.Load(), t.itemHidden.Load())
|
2022-03-10 02:37:23 -06:00
|
|
|
|
2019-04-14 14:25:32 -05:00
|
|
|
buf := make([]byte, indexEntrySize)
|
|
|
|
|
2021-09-07 05:31:17 -05:00
|
|
|
fmt.Fprintf(w, "| number | fileno | offset |\n")
|
|
|
|
fmt.Fprintf(w, "|--------|--------|--------|\n")
|
2019-04-14 14:25:32 -05:00
|
|
|
|
2021-04-13 08:45:30 -05:00
|
|
|
for i := uint64(start); ; i++ {
|
2022-03-10 02:37:23 -06:00
|
|
|
if _, err := t.index.ReadAt(buf, int64((i+1)*indexEntrySize)); err != nil {
|
2019-04-14 14:25:32 -05:00
|
|
|
break
|
|
|
|
}
|
|
|
|
var entry indexEntry
|
|
|
|
entry.unmarshalBinary(buf)
|
2021-09-07 05:31:17 -05:00
|
|
|
fmt.Fprintf(w, "| %03d | %03d | %03d | \n", i, entry.filenum, entry.offset)
|
2021-04-13 08:45:30 -05:00
|
|
|
if stop > 0 && i >= uint64(stop) {
|
2019-04-14 14:25:32 -05:00
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
2021-09-07 05:31:17 -05:00
|
|
|
fmt.Fprintf(w, "|--------------------------|\n")
|
2019-04-14 14:25:32 -05:00
|
|
|
}
|