From be254c57ae2cd8ede292f2a35f91c453307c6a93 Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Fri, 26 Apr 2019 11:49:28 -0700 Subject: [PATCH] moves mug chaining enforcement entirely into the worker --- pkg/urbit/vere/pier.c | 14 ------------ pkg/urbit/worker/main.c | 48 +++++++++++++++++++++++------------------ 2 files changed, 27 insertions(+), 35 deletions(-) diff --git a/pkg/urbit/vere/pier.c b/pkg/urbit/vere/pier.c index 84549a4b9c..ddf2bfeb28 100644 --- a/pkg/urbit/vere/pier.c +++ b/pkg/urbit/vere/pier.c @@ -652,20 +652,6 @@ _pier_work_complete(u3_writ* wit_u, fprintf(stderr, "pier: (%" PRIu64 "): compute: complete\r\n", wit_u->evt_d); #endif - if ( u3_psat_pace == pir_u->sat_e && - wit_u->nex_u && - mug_l != wit_u->nex_u->mug_l ) { - // While we are replaying the event log, we also perform checks that the - // resulting mug_l for this urbit's state is equivalent to the expected - // input state of the next event. If it isn't, we have either corruption or - // non-determinism during replay and either should cause a bail. - u3l_log("Invalid recomputed state. For event %" PRIu64 ", the computed mug " - "was %x but event %" PRIu64 " expected %x.\r\n", - wit_u->evt_d, mug_l, wit_u->nex_u->evt_d, wit_u->nex_u->mug_l); - - u3_pier_bail(); - } - god_u->dun_d += 1; c3_assert(god_u->dun_d == wit_u->evt_d); diff --git a/pkg/urbit/worker/main.c b/pkg/urbit/worker/main.c index 78f35ece4b..0b5919d7ba 100644 --- a/pkg/urbit/worker/main.c +++ b/pkg/urbit/worker/main.c @@ -60,7 +60,7 @@ :: $: %done :: p: event number - :: q: mug of state (or 0) + :: q: mug of kernel :: r: effects :: [p=@ q=@ r=(list ovum)] @@ -69,7 +69,7 @@ :: $: %work :: p: event number - :: q: mug of state (or 0) + :: q: mug of kernel :: r: replacement event (at date) :: [p=@ q=@ r=(pair date ovum)] @@ -502,25 +502,18 @@ _worker_sure(u3_noun ovo, u3_noun vir, u3_noun cor) /* _worker_work_live(): apply event. */ static void -_worker_work_live(c3_d evt_d, // event number - c3_l mug_l, // mug of state - u3_noun job) // event date +_worker_work_live(c3_d evt_d, u3_noun job) { u3_noun now, ovo, gon; c3_assert(evt_d == u3V.dun_d + 1ULL); - - if ( 0 != mug_l ) { - c3_assert(u3V.mug_l == mug_l); - } + u3V.sen_d = evt_d; u3x_cell(job, &now, &ovo); u3z(u3A->now); u3A->now = u3k(now); - u3V.sen_d = evt_d; - #ifdef U3_EVENT_TIME_DEBUG { struct timeval b4, f2, d0; @@ -611,19 +604,12 @@ _worker_boot_fire(u3_noun eve) /* _worker_work_boot(): apply initial-stage event. */ static void -_worker_work_boot(c3_d evt_d, - c3_l mug_l, - u3_noun job) +_worker_work_boot(c3_d evt_d, u3_noun job) { // here we asset on u3V.sen_d, because u3V.dun_d isn't set until // after u3V.sen_d == u3V.len_w (ie, after the lifecycle evaluation) // c3_assert(evt_d == u3V.sen_d + 1ULL); - - if ( 0 != mug_l ) { - c3_assert(u3V.mug_l == mug_l); - } - u3V.sen_d = evt_d; u3A->roe = u3nc(job, u3A->roe); @@ -655,6 +641,9 @@ _worker_work_boot(c3_d evt_d, u3z(pru); } else { + // prior to the evaluation of the entire lifecycle sequence, + // we simply use the mug of the formula as the kernel mug + // u3V.mug_l = u3r_mug(job); } @@ -681,12 +670,29 @@ _worker_poke_work(c3_d evt_d, // event number } } + // Require mugs to match + // + // We use mugs to enforce that %work is always performed against + // the exact kernel we expect it to be. If it isn't, we have either + // event-log corruption or non-determism on replay, or programmer error + // in normal operation. In either case, we immediately exit. + // + if ( u3V.mug_l != mug_l ) { + u3l_log("work: invalid %%work for event %" PRIu64 ".\r\n", evt_d); + u3l_log("work: computed mug is %x but event %" PRIu64 " expected %x.\r\n", + u3V.mug_l, + evt_d, + mug_l); + _worker_fail(0, "bad jar"); + return; + } + if ( evt_d <= u3V.len_w ) { c3_c lab_c[8]; snprintf(lab_c, 8, "boot: %" PRIu64 "", evt_d); u3t_event_trace(lab_c, 'B'); - _worker_work_boot(evt_d, mug_l, job); + _worker_work_boot(evt_d, job); u3t_event_trace(lab_c, 'E'); } else { @@ -698,7 +704,7 @@ _worker_poke_work(c3_d evt_d, // event number u3m_pretty_path(wir), u3m_pretty(cad)); u3t_event_trace(lab_c, 'B'); - _worker_work_live(evt_d, mug_l, job); + _worker_work_live(evt_d, job); u3t_event_trace(lab_c, 'E'); } }