Synchronize access to block header

[matthew1001]

PR description

As outlined in the comment in #6140 it appears to be the case that access to the block header isn't thread safe when the block being requested is a newly added chain head.

Fixed Issue(s)

Fixes #6140

[github-actions]

• I thought about documentation and added the doc-change-required label to this PR if updates are required.
• I thought about the changelog and included a changelog update if required.
• If my PR includes database changes (e.g. KeyValueSegmentIdentifier) I have thought about compatibility and performed forwards and backwards compatibility tests

[garyschulte]

Should we need to synchronize blockheader access? This isn't something that typically needs concurrency safety, except of course near-head.

Is the transaction spam using block number or blockhash? I can understand chain head not available if the tx spammer is getting ahead of itself by predicting what the blocknumber should be based on block time. But if it is blockhash, where is the block builder getting the blockhash / block number ? which one are we using in this case

Without context, this seems like an issue that should be solved by ensuring we commit and persist the blockchain rocksdb transaction rather than paying a synchronization overhead cost when trying to access block headers.

edit: Has this fixed the issue in your test case? If so, perhaps we should overload with synchonized access, that way we can have synchronization when necessary, and not pay the cost for operations that do not require it

[matthew1001]

Yeah it's exactly the near-head case that the problem occurs. Basically the chain header is updated (inside a synchronized function) and then storage is updated and committed (in the same synchronized function).

But the getter for the chain head can be called at any time, and because it's not synchronized it can retrieve the new value before the storage commit has happened.

So possibly an alternative to synchronizing on getBlockHeader() would be to synchronize on getChainHeadHash() (and other related getChainHead*() methods probably) if getting the chain head is less frequent compared to getBlockHeader(). What do you think?

[matthew1001]

Going to run some tests with a change to synchronizing getChainHead*, not getBlockHeader, and if it fixes the issue I'll update the PR

[matthew1001]

@garyschulte I'm running my tests again using your suggestion of overloading getBlockHeader by adding getBlockHeaderSafe which is synchronized, and the caller can choose to use in the rare event that the block header for the latest block isn't available. I'll update here once I'm happy that the issue isn't showing any more. Let me know what you think of the changes.

[garyschulte]

Seems good to me, but I think we can DRY it up a bit

[garyschulte]

how about we leave this as it is and have this logic directly in getChainBlockHeader()?

[matthew1001]

Yeah that's a good thought. I'll tidy it up and push a new commit.

[matthew1001]

New commits pushed @garyschulte. I'll mark as auto-merge once you're happy with them.

[garyschulte]

how about instead of adding here we add the safe call to the existing getChainHeadBlockHeader(), e.g.:

  private Optional<BlockHeader> getChainHeadBlockHeader() {
    final MutableBlockchain blockchain = protocolContext.getBlockchain();
    return blockchain.getBlockHeader(blockchain.getChainHeadHash())
        .or(() -> blockchain.getBlockHeaderSafe(blockchain.getChainHeadHash()));
  }

[matthew1001]

See latest commits

[fab-10]

I like the approach of the *Safe version of the method, let's monitor this to see if the issue is gone, otherwise as suggested before we can implement a retry policy, in case of a transient error, like chain head not found.

[matthew1001]

The current PR definitely fixes the issue - no failures after >10 hours running a single validator at 50TPS. Question is whether we stick with the refactor I did under 1641b23 or revert to having separate getChainHeadBlockHeader() and getChainHeadBlockHeaderSafe(). I don't have a strong opinion either way. With the latest commit, getChainHeadBlockHeader() will make 2 attempts to get a block header if the block being requested genuinely doesn't exist. But for any block < chain head (and most calls for the chain head block except in very occasional circumstances) this shouldn't affect performance. So I'm happy sticking with the latest refactor, but likewise happy to revert.

@garyschulte any thoughts? It would be nice to get this into 23.10.2 as it causes unpleasant behaviour if you hit it.

[garyschulte]

👍 LGTM, especially if this solves the case you are encountering.