LedgerDB.V1: fix race between chain switch and forker acquisition (#1737)

amesgen · web-flow · commit c3b1ab6453b8 · 2025-10-28T10:36:13.000Z
This fixes a small bug introduced in #1619, which does not affect Praos. ### Explanation Before this PR, it was possible that, when opening a forker, we first would read the `DbChangelog` https://github.com/IntersectMBO/ouroboros-consensus/blob/fd31cf8fd056d5ddee39c79400b3382d93bccb47/ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Storage/LedgerDB/V1.hs#L762 then switch to a different chain in https://github.com/IntersectMBO/ouroboros-consensus/blob/fd31cf8fd056d5ddee39c79400b3382d93bccb47/ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Storage/ChainDB/Impl/ChainSel.hs#L915-L916 and only then read https://github.com/IntersectMBO/ouroboros-consensus/blob/fd31cf8fd056d5ddee39c79400b3382d93bccb47/ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Storage/LedgerDB/V1.hs#L763 With Praos, this doesn't matter, because `getVolatileSuffix` will always return the `k` most recent blocks/states, so there is no observable difference. However, with Peras, it can be the case that the length of the volatile suffix gets longer/shorter than before, leading to a mismatch in the length of the volatile headers and volatile `DbChangelog` states. In practice, the only effect is that a user would erroneously not be able to acquire points in the LocalStateQuery mini-protocol that it should be able to acquire, or vice versa. ### Fix The fix is to simply move these two things into the same `STM` transaction, as is already the case in all other places in LedgerDB.{V1,V2} that involve `ldbGetVolatileSuffix`. A regression test would need to rely on IOSimPOR; therefore, I am deferring this until we have sth like #1494.
diff --git a/ouroboros-consensus/changelog.d/20251028_101139_alexander.esgen_ledgerdb_v1_race.md b/ouroboros-consensus/changelog.d/20251028_101139_alexander.esgen_ledgerdb_v1_race.md
@@ -0,0 +1,3 @@
+### Patch
+
+- Fix a race condition between chain switches and LedgerDB.V1 forker acquisition.
diff --git a/ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Storage/LedgerDB/V1.hs b/ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Storage/LedgerDB/V1.hs
@@ -759,13 +759,14 @@ acquireAtTarget ::
   Either Word64 (Target (Point blk)) ->
   ReadLocked m (Either GetForkerError (DbChangelog l))
 acquireAtTarget ldbEnv target = readLocked $ runExceptT $ do
-  dblog <- lift $ readTVarIO (ldbChangelog ldbEnv)
-  volSuffix <- lift $ atomically $ getVolatileSuffix $ ldbGetVolatileSuffix ldbEnv
-  -- The DbChangelog might contain more than k states if they have not yet
-  -- been garbage-collected.
-  let volStates = volSuffix $ changelogStates dblog
+  (dblog, volStates) <- lift $ atomically $ do
+    dblog <- readTVar (ldbChangelog ldbEnv)
+    -- The DbChangelog might contain more than k states if they have not yet
+    -- been garbage-collected.
+    volSuffix <- getVolatileSuffix $ ldbGetVolatileSuffix ldbEnv
+    pure (dblog, volSuffix $ changelogStates dblog)
 
-      immTip :: Point blk
+  let immTip :: Point blk
       immTip = castPoint $ getTip $ AS.anchor volStates
 
       rollbackMax :: Word64

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+### Patch`
	`2`	`+`
	`3`	`+- Fix a race condition between chain switches and LedgerDB.V1 forker acquisition.`