zebra_state/service/finalized_state/zebra_db.rs
1//! Provides high-level access to the database using [`zebra_chain`] types.
2//!
3//! This module makes sure that:
4//! - all disk writes happen inside a RocksDB transaction, and
5//! - format-specific invariants are maintained.
6//!
7//! # Correctness
8//!
9//! [`crate::constants::state_database_format_version_in_code()`] must be incremented
10//! each time the database format (column, serialization, etc) changes.
11
12use std::{path::Path, sync::Arc};
13
14use crossbeam_channel::bounded;
15use semver::Version;
16
17use zebra_chain::{block::Height, diagnostic::task::WaitForPanics, parameters::Network};
18
19use crate::{
20 config::database_format_version_on_disk,
21 service::finalized_state::{
22 disk_db::DiskDb,
23 disk_format::{
24 block::MAX_ON_DISK_HEIGHT,
25 transparent::AddressLocation,
26 upgrade::{DbFormatChange, DbFormatChangeThreadHandle},
27 },
28 },
29 write_database_format_version_to_disk, BoxError, Config,
30};
31
32use super::disk_format::upgrade::restorable_db_versions;
33
34pub mod block;
35pub mod chain;
36pub mod metrics;
37pub mod shielded;
38pub mod transparent;
39
40#[cfg(any(test, feature = "proptest-impl"))]
41// TODO: when the database is split out of zebra-state, always expose these methods.
42pub mod arbitrary;
43
44/// Wrapper struct to ensure high-level `zebra-state` database access goes through the correct API.
45///
46/// `rocksdb` allows concurrent writes through a shared reference,
47/// so database instances are cloneable. When the final clone is dropped,
48/// the database is closed.
49#[derive(Clone, Debug)]
50pub struct ZebraDb {
51 // Configuration
52 //
53 // This configuration cannot be modified after the database is initialized,
54 // because some clones would have different values.
55 //
56 /// The configuration for the database.
57 //
58 // TODO: move the config to DiskDb
59 config: Arc<Config>,
60
61 /// Should format upgrades and format checks be skipped for this instance?
62 /// Only used in test code.
63 //
64 // TODO: move this to DiskDb
65 debug_skip_format_upgrades: bool,
66
67 // Owned State
68 //
69 // Everything contained in this state must be shared by all clones, or read-only.
70 //
71 /// A handle to a running format change task, which cancels the task when dropped.
72 ///
73 /// # Concurrency
74 ///
75 /// This field should be dropped before the database field, so the format upgrade task is
76 /// cancelled before the database is dropped. This helps avoid some kinds of deadlocks.
77 //
78 // TODO: move the generic upgrade code and fields to DiskDb
79 format_change_handle: Option<DbFormatChangeThreadHandle>,
80
81 /// The inner low-level database wrapper for the RocksDB database.
82 db: DiskDb,
83}
84
85impl ZebraDb {
86 /// Opens or creates the database at a path based on the kind, major version and network,
87 /// with the supplied column families, preserving any existing column families,
88 /// and returns a shared high-level typed database wrapper.
89 ///
90 /// If `debug_skip_format_upgrades` is true, don't do any format upgrades or format checks.
91 /// This argument is only used when running tests, it is ignored in production code.
92 //
93 // TODO: rename to StateDb and remove the db_kind and column_families_in_code arguments
94 pub fn new(
95 config: &Config,
96 db_kind: impl AsRef<str>,
97 format_version_in_code: &Version,
98 network: &Network,
99 debug_skip_format_upgrades: bool,
100 column_families_in_code: impl IntoIterator<Item = String>,
101 read_only: bool,
102 ) -> ZebraDb {
103 let disk_version = DiskDb::try_reusing_previous_db_after_major_upgrade(
104 &restorable_db_versions(),
105 format_version_in_code,
106 config,
107 &db_kind,
108 network,
109 )
110 .or_else(|| {
111 database_format_version_on_disk(config, &db_kind, format_version_in_code.major, network)
112 .expect("unable to read database format version file")
113 });
114
115 // Log any format changes before opening the database, in case opening fails.
116 let format_change = DbFormatChange::open_database(format_version_in_code, disk_version);
117
118 // Format upgrades try to write to the database, so we always skip them
119 // if `read_only` is `true`.
120 //
121 // We also allow skipping them when we are running tests.
122 let debug_skip_format_upgrades = read_only || (cfg!(test) && debug_skip_format_upgrades);
123
124 // Open the database and do initial checks.
125 let mut db = ZebraDb {
126 config: Arc::new(config.clone()),
127 debug_skip_format_upgrades,
128 format_change_handle: None,
129 // After the database directory is created, a newly created database temporarily
130 // changes to the default database version. Then we set the correct version in the
131 // upgrade thread. We need to do the version change in this order, because the version
132 // file can only be changed while we hold the RocksDB database lock.
133 db: DiskDb::new(
134 config,
135 db_kind,
136 format_version_in_code,
137 network,
138 column_families_in_code,
139 read_only,
140 ),
141 };
142
143 let zero_location_utxos =
144 db.address_utxo_locations(AddressLocation::from_usize(Height(0), 0, 0));
145 if !zero_location_utxos.is_empty() {
146 warn!(
147 "You have been impacted by the Zebra 2.4.0 address indexer corruption bug. \
148 If you rely on the data from the RPC interface, you will need to recover your database. \
149 Follow the instructions in the 2.4.1 release notes: https://github.com/ZcashFoundation/zebra/releases/tag/v2.4.1 \
150 If you just run the node for consensus and don't use data from the RPC interface, you can ignore this warning."
151 )
152 }
153
154 db.spawn_format_change(format_change);
155
156 db
157 }
158
159 /// Launch any required format changes or format checks, and store their thread handle.
160 pub fn spawn_format_change(&mut self, format_change: DbFormatChange) {
161 if self.debug_skip_format_upgrades {
162 return;
163 }
164
165 // We have to get this height before we spawn the upgrade task, because threads can take
166 // a while to start, and new blocks can be committed as soon as we return from this method.
167 let initial_tip_height = self.finalized_tip_height();
168
169 // `upgrade_db` is a special clone of this database, which can't be used to shut down
170 // the upgrade task. (Because the task hasn't been launched yet,
171 // its `db.format_change_handle` is always None.)
172 let upgrade_db = self.clone();
173
174 // TODO:
175 // - should debug_stop_at_height wait for the upgrade task to finish?
176 let format_change_handle =
177 format_change.spawn_format_change(upgrade_db, initial_tip_height);
178
179 self.format_change_handle = Some(format_change_handle);
180 }
181
182 /// Sets `finished_format_upgrades` to true on the inner [`DiskDb`] to indicate that Zebra has
183 /// finished applying any required db format upgrades.
184 pub fn mark_finished_format_upgrades(&self) {
185 self.db.mark_finished_format_upgrades();
186 }
187
188 /// Returns true if the `finished_format_upgrades` flag has been set to true on the inner [`DiskDb`] to
189 /// indicate that Zebra has finished applying any required db format upgrades.
190 pub fn finished_format_upgrades(&self) -> bool {
191 self.db.finished_format_upgrades()
192 }
193
194 /// Returns config for this database.
195 pub fn config(&self) -> &Config {
196 &self.config
197 }
198
199 /// Returns the configured database kind for this database.
200 pub fn db_kind(&self) -> String {
201 self.db.db_kind()
202 }
203
204 /// Returns the format version of the running code that created this `ZebraDb` instance in memory.
205 pub fn format_version_in_code(&self) -> Version {
206 self.db.format_version_in_code()
207 }
208
209 /// Returns the fixed major version for this database.
210 pub fn major_version(&self) -> u64 {
211 self.db.major_version()
212 }
213
214 /// Returns the format version of this database on disk.
215 ///
216 /// See `database_format_version_on_disk()` for details.
217 pub fn format_version_on_disk(&self) -> Result<Option<Version>, BoxError> {
218 database_format_version_on_disk(
219 self.config(),
220 self.db_kind(),
221 self.major_version(),
222 &self.network(),
223 )
224 }
225
226 /// Updates the format of this database on disk to the suppled version.
227 ///
228 /// See `write_database_format_version_to_disk()` for details.
229 pub(crate) fn update_format_version_on_disk(
230 &self,
231 new_version: &Version,
232 ) -> Result<(), BoxError> {
233 write_database_format_version_to_disk(
234 self.config(),
235 self.db_kind(),
236 self.major_version(),
237 new_version,
238 &self.network(),
239 )
240 }
241
242 /// Returns the configured network for this database.
243 pub fn network(&self) -> Network {
244 self.db.network()
245 }
246
247 /// Returns the `Path` where the files used by this database are located.
248 pub fn path(&self) -> &Path {
249 self.db.path()
250 }
251
252 /// Check for panics in code running in spawned threads.
253 /// If a thread exited with a panic, resume that panic.
254 ///
255 /// This method should be called regularly, so that panics are detected as soon as possible.
256 pub fn check_for_panics(&mut self) {
257 if let Some(format_change_handle) = self.format_change_handle.as_mut() {
258 format_change_handle.check_for_panics();
259 }
260 }
261
262 /// When called with a secondary DB instance, tries to catch up with the primary DB instance
263 pub fn try_catch_up_with_primary(&self) -> Result<(), rocksdb::Error> {
264 self.db.try_catch_up_with_primary()
265 }
266
267 /// Spawns a blocking task to try catching up with the primary DB instance.
268 pub async fn spawn_try_catch_up_with_primary(&self) -> Result<(), rocksdb::Error> {
269 let db = self.clone();
270 tokio::task::spawn_blocking(move || {
271 let result = db.try_catch_up_with_primary();
272 if let Err(catch_up_error) = &result {
273 tracing::warn!(?catch_up_error, "failed to catch up to primary");
274 }
275 result
276 })
277 .wait_for_panics()
278 .await
279 }
280
281 /// Shut down the database, cleaning up background tasks and ephemeral data.
282 ///
283 /// If `force` is true, clean up regardless of any shared references.
284 /// `force` can cause errors accessing the database from other shared references.
285 /// It should only be used in debugging or test code, immediately before a manual shutdown.
286 ///
287 /// See [`DiskDb::shutdown`] for details.
288 pub fn shutdown(&mut self, force: bool) {
289 // Are we shutting down the underlying database instance?
290 let is_shutdown = force || self.db.shared_database_owners() <= 1;
291
292 // # Concurrency
293 //
294 // The format upgrade task should be cancelled before the database is flushed or shut down.
295 // This helps avoid some kinds of deadlocks.
296 //
297 // See also the correctness note in `DiskDb::shutdown()`.
298 if !self.debug_skip_format_upgrades && is_shutdown {
299 if let Some(format_change_handle) = self.format_change_handle.as_mut() {
300 format_change_handle.force_cancel();
301 }
302
303 // # Correctness
304 //
305 // Check that the database format is correct before shutting down.
306 // This lets users know to delete and re-sync their database immediately,
307 // rather than surprising them next time Zebra starts up.
308 //
309 // # Testinng
310 //
311 // In Zebra's CI, panicking here stops us writing invalid cached states,
312 // which would then make unrelated PRs fail when Zebra starts up.
313
314 // If the upgrade has completed, or we've done a downgrade, check the state is valid.
315 let disk_version = database_format_version_on_disk(
316 &self.config,
317 self.db_kind(),
318 self.major_version(),
319 &self.network(),
320 )
321 .expect("unexpected invalid or unreadable database version file");
322
323 if let Some(disk_version) = disk_version {
324 // We need to keep the cancel handle until the format check has finished,
325 // because dropping it cancels the format check.
326 let (_never_cancel_handle, never_cancel_receiver) = bounded(1);
327
328 // We block here because the checks are quick and database validity is
329 // consensus-critical.
330 if disk_version >= self.db.format_version_in_code() {
331 DbFormatChange::check_new_blocks(self)
332 .run_format_change_or_check(
333 self,
334 // The initial tip height is not used by the new blocks format check.
335 None,
336 &never_cancel_receiver,
337 )
338 .expect("cancel handle is never used");
339 }
340 }
341 }
342
343 self.check_for_panics();
344
345 self.db.shutdown(force);
346 }
347
348 /// Check that the on-disk height is well below the maximum supported database height.
349 ///
350 /// Zebra only supports on-disk heights up to 3 bytes.
351 ///
352 /// # Logs an Error
353 ///
354 /// If Zebra is storing block heights that are close to [`MAX_ON_DISK_HEIGHT`].
355 pub(crate) fn check_max_on_disk_tip_height(&self) -> Result<(), String> {
356 if let Some((tip_height, tip_hash)) = self.tip() {
357 if tip_height.0 > MAX_ON_DISK_HEIGHT.0 / 2 {
358 let err = Err(format!(
359 "unexpectedly large tip height, database format upgrade required: \
360 tip height: {tip_height:?}, tip hash: {tip_hash:?}, \
361 max height: {MAX_ON_DISK_HEIGHT:?}"
362 ));
363 error!(?err);
364 return err;
365 }
366 }
367
368 Ok(())
369 }
370
371 /// Logs metrics related to the underlying RocksDB instance.
372 ///
373 /// This function prints various metrics and statistics about the RocksDB database,
374 /// such as disk usage, memory usage, and other performance-related metrics.
375 pub fn print_db_metrics(&self) {
376 self.db.print_db_metrics();
377 }
378
379 /// Returns the estimated total disk space usage of the database.
380 pub fn size(&self) -> u64 {
381 self.db.size()
382 }
383}
384
385impl Drop for ZebraDb {
386 fn drop(&mut self) {
387 self.shutdown(false);
388 }
389}